Remove demo.py, add POST data support with --method POST, update examples with OWASP Juice Shop endpoints

Co-authored-by: GilbertKrantz <90319182+GilbertKrantz@users.noreply.github.com>
2026-01-12 19:46:18 +03:00 · 2026-01-05 18:33:35 +00:00 · 2026-01-05 18:33:35 +00:00 · cae2ca7da9
commit cae2ca7da9
parent 19e8e6453d
4 changed files with 65 additions and 169 deletions
--- a/EXAMPLES.md
+++ b/EXAMPLES.md
@ -13,14 +13,14 @@ pip install -r requirements.txt
 Test a single URL with minimal risk:
 ```bash
-python sqlmapcli.py -u "http://example.com/page?id=1"
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
 ```
 ### 2. Comprehensive Scan
 Test all combinations of risk (1-3) and levels (1-5) automatically:
 ```bash
-python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
 ```
 This runs **15 tests total** (5 levels × 3 risks) and provides a complete vulnerability assessment.
@ -30,10 +30,10 @@ Run a specific test configuration:
 ```bash
 # Medium level, medium risk
-python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2
 # High level, high risk
-python sqlmapcli.py -u "http://example.com/page?id=1" --level 5 --risk 3
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 5 --risk 3
 ```
 ### 4. Interactive Mode
@ -53,9 +53,26 @@ Limit the comprehensive scan to specific max values:
 ```bash
 # Test only up to level 3 and risk 2
-python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive --max-level 3 --max-risk 2
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive --max-level 3 --max-risk 2
 ```
 ## Real-World Testing Example
 **Using OWASP Juice Shop Demo** (a legitimate vulnerable application for security testing):
 ```bash
 # Quick scan on OWASP Juice Shop REST API with GET parameter
 python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 2 --risk 2
 # Test login endpoint with POST data (JSON)
 python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"password123"}' --level 2 --risk 2
 # Comprehensive scan on login endpoint
 python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"password123"}' --comprehensive
 ```
 This is a real, legitimate target designed for security testing and learning.
 ## Understanding Levels and Risks
 ### Levels (1-5)
@ -128,12 +145,16 @@ python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive --max-leve
 3. **Adjust timeout if needed**: Some tests may take longer on slow networks
 4. **Legal use only**: Only test targets you have explicit permission to test
-## Demo
+## Testing Resources
-To see a demonstration of the UI without running actual tests:
+**⚠️ IMPORTANT**: Only test websites you own or have explicit written permission to test.
-```bash
+For learning and practice, you can use legitimate SQL injection testing websites designed for security education:
 python demo.py
 ```
-This shows example output with simulated results.
+- **DVWA** (Damn Vulnerable Web Application) - Set up locally
 - **WebGoat** - OWASP's deliberately insecure application
 - **bWAPP** - Buggy Web Application for practicing
 - **OWASP Juice Shop** - Modern vulnerable web application
 - **Local test environments** - Set up your own vulnerable applications
 Always ensure you have permission before testing any website. Unauthorized testing is illegal.
--- a/README.md
+++ b/README.md
@ -40,17 +40,17 @@ pip install -r requirements.txt
 **Quick scan** (default settings):
 ```bash
-python sqlmapcli.py -u "http://example.com/page?id=1"
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
 ```
 **Comprehensive scan** (tests all risk and level combinations):
 ```bash
-python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
 ```
 **Custom level and risk**:
 ```bash
-python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2
+python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --level 3 --risk 2
 ```
 **Interactive mode**:
--- a/demo.py
+++ b/demo.py
@ -1,142 +0,0 @@
 #!/usr/bin/env python3
 """
 Demo script to showcase the SQLMapCLI interface
 """
 from rich.console import Console
 from rich.panel import Panel
 from rich.table import Table
 from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn, TimeElapsedColumn
 from rich import box
 import time
 console = Console()
 def demo_banner():
    """Display the banner"""
    banner = """
 ╔═══════════════════════════════════════════════════════════════╗
 ║                                                               ║
 ║   ███████╗ ██████╗ ██╗     ███╗   ███╗ █████╗ ██████╗       ║
 ║   ██╔════╝██╔═══██╗██║     ████╗ ████║██╔══██╗██╔══██╗      ║
 ║   ███████╗██║   ██║██║     ██╔████╔██║███████║██████╔╝      ║
 ║   ╚════██║██║▄▄ ██║██║     ██║╚██╔╝██║██╔══██║██╔═══╝       ║
 ║   ███████║╚██████╔╝███████╗██║ ╚═╝ ██║██║  ██║██║           ║
 ║   ╚══════╝ ╚══▀▀═╝ ╚══════╝╚═╝     ╚═╝╚═╝  ╚═╝╚═╝           ║
 ║                                                               ║
 ║              CLI - Automated SQL Injection Testing           ║
 ║                                                               ║
 ╚═══════════════════════════════════════════════════════════════╝
    """
    console.print(banner, style="bold cyan")
    console.print(
        Panel(
            "[yellow]⚠️  Legal Disclaimer: Only use on targets you have permission to test[/yellow]",
            border_style="yellow",
            box=box.ROUNDED
        )
    )
    console.print()
 def demo_comprehensive_scan():
    """Demo comprehensive scan with results"""
    console.print(
        Panel(
            "[cyan]Running comprehensive scan on:[/cyan]\n[yellow]http://testphp.vulnweb.com/artists.php?artist=1[/yellow]",
            border_style="cyan",
            box=box.ROUNDED
        )
    )
    console.print()
    # Simulate scanning
    results_table = Table(title="Scan Results", box=box.ROUNDED)
    results_table.add_column("Level", style="cyan", justify="center")
    results_table.add_column("Risk", style="yellow", justify="center")
    results_table.add_column("Status", justify="center")
    results_table.add_column("Findings", style="magenta")
    with Progress(
        SpinnerColumn(),
        TextColumn("[progress.description]{task.description}"),
        BarColumn(),
        TextColumn("[progress.percentage]{task.percentage:>3.0f}%"),
        TimeElapsedColumn(),
        console=console
    ) as progress:
        task = progress.add_task("[cyan]Scanning...", total=6)
        for level in range(1, 3):
            for risk in range(1, 4):
                progress.update(
                    task, 
                    description=f"[cyan]Testing Level {level}, Risk {risk}..."
                )
                time.sleep(0.5)  # Simulate work
                findings = "No vulnerabilities" if (level == 1 and risk == 1) else "2 found!" if level == 2 and risk == 3 else "No vulnerabilities"
                findings_style = "green" if findings == "No vulnerabilities" else "bold red"
                results_table.add_row(
                    str(level),
                    str(risk),
                    "[green]✓[/green]",
                    f"[{findings_style}]{findings}[/{findings_style}]"
                )
                progress.update(task, advance=1)
    console.print()
    console.print(results_table)
    console.print()
 def demo_summary():
    """Demo result summary"""
    summary_text = """
 [cyan]Target:[/cyan] http://testphp.vulnweb.com/artists.php?artist=1
 [cyan]Total Tests:[/cyan] 6
 [cyan]Duration:[/cyan] 45.32 seconds
 [cyan]Vulnerabilities Found:[/cyan] 2
    """
    console.print(
        Panel(
            summary_text.strip(),
            title="[bold]Scan Summary[/bold]",
            border_style="red",
            box=box.DOUBLE
        )
    )
    console.print()
    # Display vulnerabilities
    vuln_table = Table(title="⚠️  Vulnerabilities Detected", box=box.HEAVY)
    vuln_table.add_column("Parameter", style="cyan")
    vuln_table.add_column("Type", style="yellow")
    vuln_table.add_column("Title", style="red")
    vuln_table.add_row(
        "artist",
        "boolean-based blind",
        "AND boolean-based blind - WHERE or HAVING clause"
    )
    vuln_table.add_row(
        "artist",
        "time-based blind",
        "MySQL >= 5.0.12 AND time-based blind (query SLEEP)"
    )
    console.print(vuln_table)
    console.print()
    console.print(
        "[bold red]⚠️  SQL injection vulnerabilities detected! Take immediate action.[/bold red]"
    )
    console.print()
 if __name__ == "__main__":
    demo_banner()
    time.sleep(1)
    demo_comprehensive_scan()
    time.sleep(1)
    demo_summary()
--- a/sqlmapcli.py
+++ b/sqlmapcli.py
@ -80,7 +80,7 @@ class SQLMapCLI:
        self.console.print()
    def run_sqlmap_test(self, url: str, level: int, risk: int, technique: str = "BEUSTQ", 
-                        batch: bool = True, extra_args: List[str] = None) -> Tuple[bool, str]:
+                        batch: bool = True, data: str = None, extra_args: List[str] = None) -> Tuple[bool, str]:
        """Run sqlmap with specified parameters"""
        cmd = [
            sys.executable,
@ -95,6 +95,9 @@ class SQLMapCLI:
        if batch:
            cmd.append("--batch")
        if data:
            cmd.extend(["--data", data, "--method", "POST"])
        if extra_args:
            cmd.extend(extra_args)
@ -150,7 +153,7 @@ class SQLMapCLI:
        }
    def comprehensive_scan(self, url: str, max_level: int = 5, max_risk: int = 3, 
-                          techniques: str = "BEUSTQ"):
+                          techniques: str = "BEUSTQ", data: str = None):
        """Run comprehensive scan with all levels and risks"""
        self.results['target'] = url
        self.results['start_time'] = datetime.now()
@ -188,7 +191,7 @@ class SQLMapCLI:
                        description=f"[cyan]Testing Level {level}, Risk {risk}..."
                    )
-                    success, output = self.run_sqlmap_test(url, level, risk, techniques)
+                    success, output = self.run_sqlmap_test(url, level, risk, techniques, data=data)
                    parsed = self.parse_results(output)
                    status = "✓" if success else "✗"
@ -217,14 +220,18 @@ class SQLMapCLI:
        self.console.print(results_table)
        self.display_summary()
-    def quick_scan(self, url: str, level: int = 1, risk: int = 1):
+    def quick_scan(self, url: str, level: int = 1, risk: int = 1, data: str = None):
        """Run a quick scan with default settings"""
        self.results['target'] = url
        self.results['start_time'] = datetime.now()
        scan_info = f"[cyan]Running quick scan on:[/cyan]\n[yellow]{url}[/yellow]\n[dim]Level: {level}, Risk: {risk}[/dim]"
        if data:
            scan_info += f"\n[dim]POST Data: {data}[/dim]"
        self.console.print(
            Panel(
-                f"[cyan]Running quick scan on:[/cyan]\n[yellow]{url}[/yellow]\n[dim]Level: {level}, Risk: {risk}[/dim]",
+                scan_info,
                border_style="cyan",
                box=box.ROUNDED
            )
@ -238,7 +245,7 @@ class SQLMapCLI:
        ) as progress:
            task = progress.add_task("[cyan]Scanning for vulnerabilities...", total=None)
-            success, output = self.run_sqlmap_test(url, level, risk)
+            success, output = self.run_sqlmap_test(url, level, risk, data=data)
            progress.update(task, completed=True)
        parsed = self.parse_results(output)
@ -334,14 +341,17 @@ def main():
        formatter_class=argparse.RawDescriptionHelpFormatter,
        epilog="""
 Examples:
-  # Quick scan with default settings
+  # Quick scan with default settings (GET parameter)
-  python sqlmapcli.py -u "http://example.com/page?id=1"
+  python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test"
  # Test with POST data (JSON)
  python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"pass123"}'
  # Comprehensive scan (all risk and level combinations)
-  python sqlmapcli.py -u "http://example.com/page?id=1" --comprehensive
+  python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/products/search?q=test" --comprehensive
-  # Custom level and risk
+  # Custom level and risk with POST data
-  python sqlmapcli.py -u "http://example.com/page?id=1" --level 3 --risk 2
+  python sqlmapcli.py -u "https://demo.owasp-juice.shop/rest/user/login" --data='{"email":"test@example.com","password":"pass123"}' --level 3 --risk 2
  # Interactive mode
  python sqlmapcli.py --interactive
@ -398,6 +408,12 @@ Examples:
        help='SQL injection techniques to use (default: BEUSTQ)'
    )
    parser.add_argument(
        '--data',
        type=str,
        help='Data string to be sent through POST (e.g., "username=test&password=test")'
    )
    parser.add_argument(
        '-i', '--interactive',
        action='store_true',
@ -435,10 +451,11 @@ Examples:
            args.url, 
            max_level=args.max_level,
            max_risk=args.max_risk,
-            techniques=args.technique
+            techniques=args.technique,
            data=args.data
        )
    else:
-        cli.quick_scan(args.url, level=args.level, risk=args.risk)
+        cli.quick_scan(args.url, level=args.level, risk=args.risk, data=args.data)
 if __name__ == "__main__":