def save_handler(self, req, req_body, res, res_body):
#check res.status
if re.match(config.filter_code, str(res.status)): return
#check host
if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return
if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return
#check fileext
if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return
#check query, get must have query string or url-rewrited
#GET method, have ext and do not have query string
if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return
#prepare request
req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers)
if req.command == 'GET':
request = req_header_text + '\n'
keystr = req.path
else:
request = req_header_text + '\n' + req_body
a = req_body
b = a.split('&')
c = []
for i in b:
if i.find('=') > 0:
arr = i.split('=')
c.append(arr[0])
keystr = "%s%s"%(req.path,''.join(sorted(c)))
else:
request = req_header_text + '\n'
keystr = req.path
#post请求时把postdata放入检测
#print req_body
#avoid same params multi test
sig = self.make_sig(req.path)
if self.check_history(sig):
return
self.query_log[sig] = True
fname = str(uuid.uuid4())
f = open(config.save_path + '/' + fname, 'w')
f.write(request)
f.close()
#print req.headers.get('Cookie')
if req_body:
payload = {'url':req.path,'data':req_body,'cookie':req.headers.get('Cookie')}
else:
payload = {'url':req.path,'cookie':req.headers.get('Cookie')}
#通过类传参,把payload传入检测队列
i = SqlmapAPIWrapper(fname,payload)
if i.scan_start():
self.q.put((fname,i.taskid,payload,time.time()))
def save_handler(self, req, req_body, res, res_body):
#check res.status
if re.match(config.filter_code, str(res.status)): return
#check host
if not len([
h for h in config.included_host
if req.headers.get('Host', '').endswith(h)
]):
return
if len([
h for h in config.excluded_host
if req.headers.get('Host', '').endswith(h)
]):
return
#check fileext
if len([
h for h in config.filter_file
if urlparse.urlparse(req.path).path.endswith(h)
]):
return
#check query, get must have query string or url-rewrited
#GET method, have ext and do not have query string
if os.path.splitext(
req.path
)[1] and req.command == 'GET' and not urlparse.urlparse(
req.path).query:
return
#prepare request
req_header_text = "%s %s %s\n%s" % (req.command, req.path,
req.request_version, req.headers)
if req.command == 'GET':
request = req_header_text + '\n'
else:
request = req_header_text + '\n' + req_body
#avoid same params multi test
sig = self.make_sig(req.path)
if self.check_history(sig):
return
self.query_log[sig] = True
fname = str(uuid.uuid4())
f = open(config.save_path + '/' + fname, 'w')
f.write(request)
f.close()
i = SqlmapAPIWrapper(fname)
if i.scan_start():
config.queue.put((fname, i.taskid, req.path, time.time()))
def save_handler(self, req, req_body, res, res_body):
#check res.status
if re.match(config.filter_code, str(res.status)): return
#check host
if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return
if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return
#check fileext
if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return
#check query, get must have query string or url-rewrited
#GET method, have ext and do not have query string
if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return
#prepare request
req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers)
if req.command == 'GET':
request = req_header_text + '\n'
else:
request = req_header_text + '\n' + req_body
#avoid same params multi test
sig = self.make_sig(req.path)
if self.check_history(sig):
return
self.query_log[sig] = True
fname = str(uuid.uuid4())
f = open(config.save_path + '/' + fname, 'w')
f.write(request)
f.close()
i = SqlmapAPIWrapper(fname)
if i.scan_start():
config.queue.put((fname,i.taskid,req.path,time.time()))
def run(self):
while True:
try:
(fname, taskid, url, start_time) = config.queue.get(timeout=1)
injector = SqlmapAPIWrapper(fname)
injector.settaskid(taskid)
if not injector.terminal():
if time.time() - start_time > config.sqlmap_tasktimeout:
injector.clear()
continue
config.queue.put((fname, taskid, url, start_time))
time.sleep(3)
continue
if injector.vulnerable():
print with_color(
32,
"#%s [VulUrl] %s" % (time.strftime("%H:%M:%S"), url))
print with_color(
32, "#%s [Exploit] sqlmap -r %s" %
(time.strftime("%H:%M:%S"),
config.save_path + '/' + fname))
sys.stdout.flush()
injector.delete()
else:
injector.clear()
except Empty:
time.sleep(3)
except KeyboardInterrupt:
return
def run(self):
while True:
try:
(fname,taskid,url,start_time) = config.queue.get(timeout=1)
injector = SqlmapAPIWrapper(fname)
injector.settaskid(taskid)
if not injector.terminal():
if time.time()-start_time>config.sqlmap_tasktimeout:
injector.clear()
continue
config.queue.put((fname,taskid,url,start_time))
time.sleep(3)
continue
if injector.vulnerable():
print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),url))
print with_color(32, "#%s [Exploit] sqlmap -r %s"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname))
sys.stdout.flush()
injector.delete()
else:
injector.clear()
except Empty:
time.sleep(3)
except KeyboardInterrupt:
return
def run(self):
while True:
try:
(fname, taskid, payload, start_time,
hostname) = config.queue.get(timeout=1)
#print (fname,taskid,payload,start_time)
injector = SqlmapAPIWrapper(fname, payload)
injector.settaskid(taskid)
#当sqlmapapi检测结束后...
if not injector.terminal():
if time.time() - start_time > config.sqlmap_tasktimeout:
injector.clear()
continue
config.queue.put(
(fname, taskid, payload, start_time, hostname))
time.sleep(5)
continue
if injector.vulnerable():
print with_color(
32, "#%s [VulUrl] %s" %
(time.strftime("%H:%M:%S"), payload['url']))
print with_color(
32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3" %
(time.strftime("%H:%M:%S"),
config.save_path + '/' + fname))
vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3" % (
time.strftime("%H:%M:%S"), payload['url'],
time.strftime("%H:%M:%S"),
config.save_path + '/' + fname)
writelog(vlu_str,
"%s_%s" % (hostname, time.strftime("%Y-%m-%d")))
sys.stdout.flush()
injector.delete()
else:
injector.clear()
except Empty:
time.sleep(3)
pass
except KeyboardInterrupt:
return
def run(self):
while True:
try:
(fname,taskid,payload,start_time) = config.queue.get(timeout=1)
#print (fname,taskid,payload,start_time)
injector = SqlmapAPIWrapper(fname,payload)
injector.settaskid(taskid)
#当sqlmapapi检测结束后...
if not injector.terminal():
if time.time()-start_time>config.sqlmap_tasktimeout:
injector.clear()
continue
config.queue.put((fname,taskid,payload,start_time))
time.sleep(5)
continue
if injector.vulnerable():
print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),payload['url']))
print with_color(32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname))
vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"),payload['url'],time.strftime("%H:%M:%S"), config.save_path + '/' + fname)
writelog(vlu_str,time.strftime("%Y-%m-%d"))
sys.stdout.flush()
injector.delete()
else:
injector.clear()
except Empty:
time.sleep(3)
pass
except KeyboardInterrupt:
return
def save_handler(self, req, req_body, res, res_body):
#check res.status
if re.match(config.filter_code, str(res.status)): return
#check host
if not len([
h for h in config.included_host
if req.headers.get('Host', '').endswith(h)
]):
return
if len([
h for h in config.excluded_host
if req.headers.get('Host', '').endswith(h)
]):
return
#check fileext
if len([
h for h in config.filter_file
if urlparse.urlparse(req.path).path.endswith(h)
]):
return
#check query, get must have query string or url-rewrited
#GET method, have ext and do not have query string
if os.path.splitext(
req.path
)[1] and req.command == 'GET' and not urlparse.urlparse(
req.path).query:
return
#prepare request
req_header_text = "%s %s %s\n%s" % (req.command, req.path,
req.request_version, req.headers)
if req.command == 'GET':
request = req_header_text + '\n'
keystr = req.path
else:
#POST
if req_body:
request = req_header_text + '\n' + str(req_body)
a = str(req_body)
#分割post data参数
b = a.split('&')
c = []
for i in b:
if i.find('=') > 0:
arr = i.split('=')
c.append(arr[0])
keystr = "%s/%s" % (req.path, ''.join(sorted(c)))
#修改某些Post请求为空时出错
#else:
request = req_header_text + '\n' + str(req_body)
keystr = req.path
#post请求时把postdata放入检测
#print req_body
#avoid same params multi test
sig = self.make_sig(keystr)
if self.check_history(sig):
return
self.query_log[sig] = True
fname = str(uuid.uuid4())
f = open(config.save_path + '/' + fname, 'w')
f.write(request)
f.close()
#print req.headers.get('Cookie')
if req_body:
payload = {
'url': req.path,
'data': req_body,
'cookie': req.headers.get('Cookie'),
'agent': req.headers.get('User-Agent'),
'level': 3
}
else:
payload = {
'url': req.path,
'cookie': req.headers.get('Cookie'),
'agent': req.headers.get('User-Agent'),
'level': 3
}
#通过类传参,把payload传入检测队列
i = SqlmapAPIWrapper(fname, payload)
if i.scan_start():
self.q.put((fname, i.taskid, payload, time.time()))
