# Note: written with Swagger Editor (https://editor.swagger.io/) swagger: "2.0" info: description: "" version: "1.2" title: "sqlmap API" contact: email: "dev@sqlmap.org" license: name: "GPL 2.0" url: "https://www.gnu.org/licenses/old-licenses/gpl-2.0.html" host: "0.0.0.0:8775" basePath: "/" tags: - name: "task" description: "Task management functions" - name: "admin" description: "Task administration functions" - name: "option" description: "Task option handling functions" schemes: - "http" paths: /task/new: get: tags: - "task" summary: "Create a new task" description: "" operationId: "taskNew" produces: - "application/json" parameters: [] responses: 200: description: "Task successfully created" schema: type: object properties: success: type: boolean taskid: type: string example: "7e605b5d5a892b74" /task/{taskid}/delete: get: tags: - "task" summary: "Delete an existing task" description: "" operationId: "taskDelete" produces: - "application/json" parameters: - name: "taskid" in: "path" description: "ID of an existing task to delete" required: true type: "string" responses: 200: description: "Task successfully deleted" schema: type: object properties: success: type: boolean enum: [true] 404: description: "Task ID not found" schema: type: object properties: success: type: boolean enum: [false] message: type: string enum: ["Non-existing task ID"] /admin/list: get: tags: - "admin" summary: "Pull task list (locally)" description: "Note: Use in cases when connecting to server from same IP (e.g. `localhost`)" operationId: "adminList" produces: - "application/json" responses: 200: description: "Task list successfully pulled" schema: type: object properties: success: type: boolean enum: [true] tasks: type: object additionalProperties: type: string example: 16a7a898e8eaaf45: running 644fc063408e4f12: not running 8e2eb10770d913cd: not running d59d1c69bdc06933: not running tasks_num: type: integer example: 4 /admin/{token}/list: get: tags: - "admin" summary: "Pull task list (remotely)" description: "Note: Use in cases when connecting to server from different IP" operationId: "adminListToken" produces: - "application/json" parameters: - name: "token" in: "path" description: "Secret token (Note: written to console during a server run - e.g. `2756d5b6e7d093ba49b5fd06a93aca7a`)" required: true type: "string" responses: 200: description: "Task list successfully pulled" schema: type: object properties: success: type: boolean enum: [true] tasks: type: object additionalProperties: type: string example: 5c911efa476b55f4: not running 5ee038e153ffc534: not running e58c7a4de6bf7f51: not running tasks_num: type: integer example: 4 /admin/flush: get: tags: - "admin" summary: "Flush task pool (locally)" description: "Note: Use in cases when connecting to server from same IP (e.g. `localhost`)" operationId: "adminFlush" produces: - "application/json" responses: 200: description: "Task pool successfully flushed" schema: type: object properties: success: type: boolean enum: [true] /admin/{token}/flush: get: tags: - "admin" summary: "Flush task pool (remotely)" description: "Note: Use in cases when connecting to server from different IP" operationId: "adminFlushToken" produces: - "application/json" parameters: - name: "token" in: "path" description: "Secret token (Note: written to console during a server run - e.g. `2756d5b6e7d093ba49b5fd06a93aca7a`)" required: true type: "string" responses: 200: description: "Task pool successfully flushed" schema: type: object properties: success: type: boolean enum: [true] /option/{taskid}/list: get: tags: - "option" summary: "List task options" description: "" operationId: "optionList" produces: - "application/json" parameters: - name: "taskid" in: "path" description: "ID of an existing task to list it's options" required: true type: "string" responses: 200: description: "Task options successfully listed" schema: type: object properties: success: type: boolean enum: [true] options: type: object additionalProperties: type: string example: crawlDepth: null osShell: false getUsers: false getPasswordHashes: false excludeSysDbs: false ignoreTimeouts: false regData: null fileDest: null prefix: null code: null googlePage: 1 skip: null query: null randomAgent: false osPwn: false authType: null safeUrl: null requestFile: null predictOutput: false wizard: false stopFail: false forms: false uChar: null secondReq: null taskid: d977b0e5f091370e pivotColumn: null dropSetCookie: false smart: false paramExclude: null risk: 1 sqlFile: null rParam: null getCurrentUser: false notString: null getRoles: false getPrivileges: false testParameter: null tbl: null charset: null trafficFile: null osSmb: false level: 1 dnsDomain: null outputDir: null encoding: null skipWaf: false timeout: 30 firstChar: null torPort: null getComments: false binaryFields: null checkTor: false commonTables: false direct: null tmpPath: null titles: false getSchema: false paramDel: null safeReqFile: null regKey: null murphyRate: null limitStart: null crawlExclude: null flushSession: false loadCookies: null csvDel: offline: false method: null tmpDir: null fileWrite: null disablePrecon: false osBof: false testSkip: null invalidLogical: false getCurrentDb: false hexConvert: false proxyFile: null answers: null host: null dependencies: false cookie: null proxy: null regType: null optimize: false limitStop: null search: false uFrom: null noCast: false testFilter: null ignoreCode: null eta: false csrfToken: null threads: 1 logFile: null os: null col: null skipStatic: false proxyCred: null verbose: 1 isDba: false updateAll: false privEsc: false forceDns: false getAll: false api: true url: http://www.test.com/index.php?id=1 invalidBignum: false regexp: null getDbs: false freshQueries: false uCols: null smokeTest: false udfInject: false invalidString: false tor: false forceSSL: false beep: false noEscape: false configFile: null scope: null authFile: null torType: SOCKS5 regVal: null dummy: false checkInternet: false safePost: null safeFreq: null skipUrlEncode: false referer: null liveTest: false retries: 3 extensiveFp: false dumpTable: false getColumns: false batch: true purge: false headers: null authCred: null osCmd: null suffix: null dbmsCred: null regDel: false shLib: null sitemapUrl: null timeSec: 5 msfPath: null dumpAll: false fileRead: null getHostname: false sessionFile: null disableColoring: true getTables: false listTampers: false agent: null webRoot: null exclude: null lastChar: null string: null dbms: null dumpWhere: null tamper: null ignoreRedirects: false hpp: false runCase: null delay: 0 evalCode: null cleanup: false csrfUrl: null secondUrl: null getBanner: true profile: false regRead: false bulkFile: null db: null dumpFormat: CSV alert: null harFile: null nullConnection: false user: null parseErrors: false getCount: false data: null regAdd: false ignoreProxy: false database: /tmp/sqlmapipc-jGw6ZY mobile: false googleDork: null saveConfig: null sqlShell: false technique: BEUSTQ textOnly: false cookieDel: null commonColumns: false keepAlive: false /option/{taskid}/get: post: tags: - "option" summary: "Get task option value(s)" description: "" operationId: "optionGet" consumes: - "application/json" produces: - "application/json" parameters: - name: "taskid" in: "path" description: "ID of an existing task" required: true type: "string" - in: body name: options description: "" schema: type: array items: type: string example: ["url", "timeout"] responses: 200: description: "Task option value successfully retrieved" schema: type: object properties: success: type: boolean options: type: array items: type: object properties: name: type: string value: type: string example: - success: true options: url: http://www.test.com/index.php?id=1 timeout: 30 externalDocs: description: "Find out more about sqlmap API (REST-JSON)" url: "https://github.com/sqlmapproject/sqlmap/wiki/Usage#api-rest-json"