def sqlmap_url(url, options):
""" return sqlmap results for a specific url and specified options """
""" if there was an error, return None """
# check if sqlmapapi is available
sqlmapapi_check()
# create the new api interface
sqlmap = SqlmapHook(url)
# init a new scan ( create it, but don't launch it )
sqlmap.init_new_scan()
scan_id = sqlmap.get_scan_id()
log.debug("Launching a sqlmap scan for {} (id: {})".format(url, scan_id))
log.debug("Options for {}: {}".format(url, options))
sqlmap.start_scan(scan_id, options)
while True:
time.sleep(1)
logs, running = sqlmap.show_sqlmap_log(scan_id)
if not running:
return logs
time.sleep(4)
def getdorks(args):
if args.dorkfile is not None and args.dork is not None:
log.critical("-f (--dork-file) and -d (--dork) are incompatible")
exit(1)
elif args.dorkfile is not None:
if os.path.isfile(args.dorkfile):
lines = []
try:
with open(args.dorkfile) as dork_file:
for line in dork_file:
lines.append(line)
except IOError as e:
log.critical('Got an error when reading the supplied dork file\
(-f/--dork-file): {}'.format(e))
else:
log.critical(
"The dork file supplied (-f/--dork-file) does not exists")
pass # TODO: accept a dorkfile
elif args.dorkfile is None and args.dork is None:
log.debug("interactively querying dork")
log.info("Enter a dork:")
dorks = [input("dork: ")]
else:
dorks = [args.dork]
return dorks
def show_sqlmap_log(self, api_id):
"""show the sqlmap log
return a tuple like this: (logs, is_running)
"""
running_status_url = "{}{}".format(
self.connection, self.commands["status"].format(api_id))
running_log_url = "{}{}".format(self.connection,
self.commands["log"].format(api_id))
status_req = requests.get(running_status_url)
status_json = json.loads(status_req.content)
current_status = status_json["status"]
is_running = True
logs = ''
if current_status != "running":
log.debug("[scan: {}] scan isn't running: {}".format(
api_id, current_status))
is_running = False
current_status = json.loads(
requests.get(running_status_url).content)["status"]
log_req = requests.get(running_log_url)
log_json = json.loads(log_req.content)
for i in range(0, len(log_json["log"])):
logs += log_json["log"][i]["message"]
return (logs, is_running)
def execute(command, cwd=None, timeout=None, yes=None, background=False):
""" must be an array
returns the stdout of command
command is an array of args
cwd is the current directory in which the command shall be executed
Timeout is the timeout of the command
yes = True: constantly feed stdin with a "y"
yes = False: constantly feed stdin with a "n"
"""
pre_command = []
if yes is not None:
pre_command.append("yes |" if yes else "yes n |")
for arg in command:
pre_command.append(arg)
assembled_pre_command = ""
for arg in pre_command:
assembled_pre_command += " " + arg
final_command = [
"bash -c {}".format(satanize_for_bash(assembled_pre_command))
]
# shellmode = True if yes is not None else None
shellmode = True
log.debug("command: {}; cwd: {}; timeout: {}; shellmode: {}".format(
final_command, cwd, timeout, shellmode))
result = subprocess.run(final_command,
stdout=subprocess.PIPE,
cwd=cwd,
timeout=timeout,
shell=shellmode)
return result.stdout.decode('utf-8')
def whatwaf_url(url):
""" return WhatWaf's results for a specified url """
log.debug("Launching WhatWaf on {}".format(url))
return execute([
"python2.7", paths.WHATWAF_NAME, "-u",
remove_thing_url(url), "--ra", "--hide", "--json", "--verify-num",
str(WHATWAF_VERIFY_NUM)
], paths.WHATWAF_PATH, None, True)
def wafdetect_stage(args):
""" add details of the targets of the save """
while True:
target = save.getUnwaffedTarget()
if target is not None:
log.debug("Waffing {}".format(target.url))
target = whatwaf_target(target)
save.updateTarget(target)
else:
log.debug("All targets got waffed !")
break
def parse_report(report, target):
""" add sqlmap report details to a given target """
log.debug("report: {}".format(report))
if 'CRITICAL' in report:
if 'all tested parameters do not appear to be injectable.' in report:
# The detection process was error-free but didn't found a SQLi
target.set_vulnerability_status(False)
else:
# There was an error that we are too lazy to handle
target.set_vulnerability_status(False)
target.set_sqlmap_error(True)
else:
log.critical("not finished yetttt :(")
print('report:\n\n{}'.format(report))
exit(69)
target.set_sqlmap_logs(report)
return target
def nextStage(args):
""" execute the current stage of the save
increase the stage number after its execution
return True if it should be called another time
return False if it shouldn't be called another time
"""
current_stage = save.getStage()
if args.reportOnly:
launchReportStage(args)
return_value = False
elif args.dorkOnly:
launchDorkStage(args)
return_value = False
# since we got target data, we can increment the stage for future use
if save.getStage() == DORK_STAGE:
save.incrementStage()
else:
if current_stage == DORK_STAGE: # if in dork stage
launchDorkStage(args)
return_value = True
elif current_stage == WAF_DETECT_STAGE:
launchWafStage(args)
return_value = True
elif current_stage == SQLMAP_STAGE:
launchSqlmapStage(args)
return_value = True
elif current_stage == REPORT_STAGE:
launchReportStage(args)
return_value = False
else:
launchReportStage(args)
return_value = False
save.incrementStage()
log.debug("New stage number: " + str(save.getStage()))
return return_value
def launchReportStage(args):
""" execute the report stage ( REPORT_STAGE ) """
log.debug("Launching the report stage")
report_stage(args)
def launchSqlmapStage(args):
log.debug("Launching the sqlmap stage")
sqlmap_stage(args)
def launchWafStage(args):
log.debug("Launching the waf stage")
wafdetect_stage(args)
def launchDorkStage(args):
log.debug("Launching the dork stage")
dork_stage(args)
def main():
args = argument_parse()
if args.debug:
log.debug("Ok boss, launching in debug mode")
import pudb
pudb.set_trace() # XXX BREAKPOINT
log.info("Welcome into AutoSQLi!")
log.debug("Checking for saves...")
save.saveStartup(args)
log.debug("Loading save...")
save.importSave()
log.debug("current_save.stage in main(): " + str(save.getStage()))
while True:
# do the current stage and increment
log.debug("Getting into the next stage")
need_to_continue = stages.nextStage(args)
# backup the current state (into autosqli.save)
save.writeSave() # TODO: add a time based saver
log.debug("Save exported")
if save.getStage() == stages.REPORT_STAGE or need_to_continue is False:
break
log.info("Goodbye!")
