# Note: written with Swagger Editor (https://editor.swagger.io/)
swagger: "2.0"
info:
description: ""
version: "1.2"
title: "sqlmap API"
contact:
email: "dev@sqlmap.org"
license:
name: "GPL 2.0"
url: "https://www.gnu.org/licenses/old-licenses/gpl-2.0.html"
host: "0.0.0.0:8775"
basePath: "/"
tags:
- name: "task"
description: "Task management functions"
- name: "admin"
description: "Task administration functions"
- name: "option"
description: "Task option handling functions"
schemes:
- "http"
paths:
/task/new:
get:
tags:
- "task"
summary: "Create a new task"
description: ""
operationId: "taskNew"
produces:
- "application/json"
parameters: []
responses:
200:
description: "Task successfully created"
schema:
type: object
properties:
success:
type: boolean
taskid:
type: string
example: "7e605b5d5a892b74"
/task/{taskid}/delete:
get:
tags:
- "task"
summary: "Delete an existing task"
description: ""
operationId: "taskDelete"
produces:
- "application/json"
parameters:
- name: "taskid"
in: "path"
description: "ID of an existing task to delete"
required: true
type: "string"
responses:
200:
description: "Task successfully deleted"
schema:
type: object
properties:
success:
type: boolean
enum: [true]
404:
description: "Task ID not found"
schema:
type: object
properties:
success:
type: boolean
enum: [false]
message:
type: string
enum: ["Non-existing task ID"]
/admin/list:
get:
tags:
- "admin"
summary: "Pull task list (locally)"
description: "Note: Use in cases when connecting to server from same IP (e.g. `localhost`)"
operationId: "adminList"
produces:
- "application/json"
responses:
200:
description: "Task list successfully pulled"
schema:
type: object
properties:
success:
type: boolean
enum: [true]
tasks:
type: object
additionalProperties:
type: string
example:
16a7a898e8eaaf45: running
644fc063408e4f12: not running
8e2eb10770d913cd: not running
d59d1c69bdc06933: not running
tasks_num:
type: integer
example: 4
/admin/{token}/list:
get:
tags:
- "admin"
summary: "Pull task list (remotely)"
description: "Note: Use in cases when connecting to server from different IP"
operationId: "adminListToken"
produces:
- "application/json"
parameters:
- name: "token"
in: "path"
description: "Secret token (Note: written to console during a server run - e.g. `2756d5b6e7d093ba49b5fd06a93aca7a`)"
required: true
type: "string"
responses:
200:
description: "Task list successfully pulled"
schema:
type: object
properties:
success:
type: boolean
enum: [true]
tasks:
type: object
additionalProperties:
type: string
example:
5c911efa476b55f4: not running
5ee038e153ffc534: not running
e58c7a4de6bf7f51: not running
tasks_num:
type: integer
example: 4
/admin/flush:
get:
tags:
- "admin"
summary: "Flush task pool (locally)"
description: "Note: Use in cases when connecting to server from same IP (e.g. `localhost`)"
operationId: "adminFlush"
produces:
- "application/json"
responses:
200:
description: "Task pool successfully flushed"
schema:
type: object
properties:
success:
type: boolean
enum: [true]
/admin/{token}/flush:
get:
tags:
- "admin"
summary: "Flush task pool (remotely)"
description: "Note: Use in cases when connecting to server from different IP"
operationId: "adminFlushToken"
produces:
- "application/json"
parameters:
- name: "token"
in: "path"
description: "Secret token (Note: written to console during a server run - e.g. `2756d5b6e7d093ba49b5fd06a93aca7a`)"
required: true
type: "string"
responses:
200:
description: "Task pool successfully flushed"
schema:
type: object
properties:
success:
type: boolean
enum: [true]
/option/{taskid}/list:
get:
tags:
- "option"
summary: "List task options"
description: ""
operationId: "optionList"
produces:
- "application/json"
parameters:
- name: "taskid"
in: "path"
description: "ID of an existing task to list it's options"
required: true
type: "string"
responses:
200:
description: "Task options successfully listed"
schema:
type: object
properties:
success:
type: boolean
enum: [true]
options:
type: object
additionalProperties:
type: string
example:
crawlDepth: null
osShell: false
getUsers: false
getPasswordHashes: false
excludeSysDbs: false
ignoreTimeouts: false
regData: null
fileDest: null
prefix: null
code: null
googlePage: 1
skip: null
query: null
randomAgent: false
osPwn: false
authType: null
safeUrl: null
requestFile: null
predictOutput: false
wizard: false
stopFail: false
forms: false
uChar: null
secondReq: null
taskid: d977b0e5f091370e
pivotColumn: null
dropSetCookie: false
smart: false
paramExclude: null
risk: 1
sqlFile: null
rParam: null
getCurrentUser: false
notString: null
getRoles: false
getPrivileges: false
testParameter: null
tbl: null
charset: null
trafficFile: null
osSmb: false
level: 1
dnsDomain: null
outputDir: null
encoding: null
skipWaf: false
timeout: 30
firstChar: null
torPort: null
getComments: false
binaryFields: null
checkTor: false
commonTables: false
direct: null
tmpPath: null
titles: false
getSchema: false
identifyWaf: false
paramDel: null
safeReqFile: null
regKey: null
murphyRate: null
limitStart: null
crawlExclude: null
flushSession: false
loadCookies: null
csvDel:
offline: false
method: null
tmpDir: null
fileWrite: null
disablePrecon: false
osBof: false
testSkip: null
invalidLogical: false
getCurrentDb: false
hexConvert: false
proxyFile: null
answers: null
host: null
dependencies: false
cookie: null
proxy: null
regType: null
optimize: false
limitStop: null
search: false
uFrom: null
noCast: false
testFilter: null
ignoreCode: null
eta: false
csrfToken: null
threads: 1
logFile: null
os: null
col: null
skipStatic: false
proxyCred: null
verbose: 1
isDba: false
updateAll: false
privEsc: false
forceDns: false
getAll: false
api: true
url: http://www.test.com/index.php?id=1
invalidBignum: false
regexp: null
getDbs: false
freshQueries: false
uCols: null
smokeTest: false
udfInject: false
invalidString: false
tor: false
forceSSL: false
beep: false
noEscape: false
configFile: null
scope: null
authFile: null
torType: SOCKS5
regVal: null
dummy: false
checkInternet: false
safePost: null
safeFreq: null
skipUrlEncode: false
referer: null
liveTest: false
retries: 3
extensiveFp: false
dumpTable: false
getColumns: false
batch: true
purge: false
headers: null
authCred: null
osCmd: null
suffix: null
dbmsCred: null
regDel: false
shLib: null
sitemapUrl: null
timeSec: 5
msfPath: null
dumpAll: false
fileRead: null
getHostname: false
sessionFile: null
disableColoring: true
getTables: false
listTampers: false
agent: null
webRoot: null
exclude: null
lastChar: null
string: null
dbms: null
dumpWhere: null
tamper: null
ignoreRedirects: false
hpp: false
runCase: null
delay: 0
evalCode: null
cleanup: false
csrfUrl: null
secondUrl: null
getBanner: true
profile: false
regRead: false
bulkFile: null
db: null
dumpFormat: CSV
alert: null
harFile: null
nullConnection: false
user: null
parseErrors: false
getCount: false
data: null
regAdd: false
ignoreProxy: false
database: /tmp/sqlmapipc-jGw6ZY
mobile: false
googleDork: null
saveConfig: null
sqlShell: false
tech: BEUSTQ
textOnly: false
cookieDel: null
commonColumns: false
keepAlive: false
/option/{taskid}/get:
post:
tags:
- "option"
summary: "Get task option value(s)"
description: ""
operationId: "optionGet"
consumes:
- "application/json"
produces:
- "application/json"
parameters:
- name: "taskid"
in: "path"
description: "ID of an existing task"
required: true
type: "string"
- in: body
name: options
description: ""
schema:
type: array
items:
type: string
example: ["url", "timeout"]
responses:
200:
description: "Task option value successfully retrieved"
schema:
type: object
properties:
success:
type: boolean
options:
type: array
items:
type: object
properties:
name:
type: string
value:
type: string
example:
- success: true
options:
url: http://www.test.com/index.php?id=1
timeout: 30
externalDocs:
description: "Find out more about sqlmap API (REST-JSON)"
url: "https://github.com/sqlmapproject/sqlmap/wiki/Usage#api-rest-json"