def scan_data(taskid): """ Retrieve the data of a scan """ json_data_message = list() json_errors_message = list() if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_data()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) # Read all data from the IPC database for the taskid for status, content_type, value in DataStore.current_db.execute( "SELECT status, content_type, value FROM data WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_data_message.append( {"status": status, "type": content_type, "value": dejsonize(value)}) # Read all error messages from the IPC database for error in DataStore.current_db.execute( "SELECT error FROM errors WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_errors_message.append(error) logger.debug("[%s] Retrieved scan data and error messages" % taskid) return jsonize({"success": True, "data": json_data_message, "error": json_errors_message})
def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): if self.messagetype == "stdout": if content_type is None: content_type = 99 output = conf.database_cursor.execute("SELECT id, value FROM data WHERE taskid = ? AND status = ? AND content_type = ? LIMIT 0,1", (self.taskid, status, content_type)) if status == CONTENT_STATUS.IN_PROGRESS: # Ignore all non-relevant messages if kb.partRun is None: return if len(output) == 0: conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: new_value = "%s%s" % (dejsonize(output[0][1]), value) conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) else: if len(output) > 0: conf.database_cursor.execute("DELETE FROM data WHERE taskid = ? AND status = %s AND content_type = ?" % CONTENT_STATUS.IN_PROGRESS, (self.taskid, content_type)) conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else ""))
def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): if self.messagetype == "stdout": if content_type is None: if kb.partRun is not None: content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) else: # Ignore all non-relevant messages return output = conf.database_cursor.execute("SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", (self.taskid, content_type)) #print >>sys.__stdout__, "output: %s\nvalue: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (output, value, status, content_type, kb.partRun) # Delete partial output from IPC database if we have got a complete output if status == CONTENT_STATUS.COMPLETE: if len(output) > 0: for index in xrange(0, len(output)): conf.database_cursor.execute("DELETE FROM data WHERE id = ?", (output[index][0],)) conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) if kb.partRun: kb.partRun = None elif status == CONTENT_STATUS.IN_PROGRESS: if len(output) == 0: conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: new_value = "%s%s" % (dejsonize(output[0][2]), value) conf.database_cursor.execute("UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) else: conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else ""))
def scan_log_limited(taskid, start, end): """ Retrieve a subset of log messages """ json_log_messages = list() if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_log_limited()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) if not start.isdigit() or not end.isdigit() or end < start: logger.warning("[%s] Invalid start or end value provided to scan_log_limited()" % taskid) return jsonize({"success": False, "message": "Invalid start or end value, must be digits"}) start = max(1, int(start)) end = max(1, int(end)) # Read a subset of log messages from the IPC database for time_, level, message in DataStore.current_db.execute( ("SELECT time, level, message FROM logs WHERE " "taskid = ? AND id >= ? AND id <= ? ORDER BY id ASC"), (taskid, start, end)): json_log_messages.append({"time": time_, "level": level, "message": message}) logger.debug("[%s] Retrieved scan log messages subset" % taskid) return jsonize({"success": True, "log": json_log_messages})
def option_list(taskid): """ List options for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_list()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) logger.debug("[%s] Listed task options" % taskid) return jsonize({"success": True, "options": DataStore.tasks[taskid].get_options()})
def task_list(taskid): """ List task pull """ if is_admin(taskid): logger.debug("[%s] Listed task pool" % taskid) tasks = list(DataStore.tasks) return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)}) else: logger.warning("[%s] Unauthorized call to task_list()" % taskid) return jsonize({"success": False, "message": "Unauthorized"})
def task_flush(taskid): """ Flush task spool (delete all tasks) """ if is_admin(taskid): DataStore.tasks = dict() logger.debug("[%s] Flushed task pool" % taskid) return jsonize({"success": True}) else: logger.warning("[%s] Unauthorized call to task_flush()" % taskid) return jsonize({"success": False, "message": "Unauthorized"})
def task_delete(taskid): """ Delete own task ID """ if taskid in DataStore.tasks: DataStore.tasks.pop(taskid) logger.debug("[%s] Deleted task" % taskid) return jsonize({"success": True}) else: logger.warning("[%s] Invalid task ID provided to task_delete()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"})
def scan_kill(taskid): """ Kill a scan """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_kill()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) DataStore.tasks[taskid].engine_kill() logger.debug("[%s] Killed scan" % taskid) return jsonize({"success": True})
def option_set(taskid): """ Set an option (command line switch) for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_set()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) for option, value in request.json.items(): DataStore.tasks[taskid].set_option(option, value) logger.debug("[%s] Requested to set options" % taskid) return jsonize({"success": True})
def option_get(taskid): """ Get the value of an option (command line switch) for a certain task ID """ if taskid not in tasks: abort(500, "Invalid task ID") option = request.json.get("option", "") if option in tasks[taskid]: return jsonize({option: tasks[taskid].get_option(option)}) else: return jsonize({option: None})
def task_delete(taskid): """ Delete an existing task """ if taskid in DataStore.tasks: DataStore.tasks.pop(taskid) logger.debug("(%s) Deleted task" % taskid) return jsonize({"success": True}) else: response.status = 404 logger.warning("[%s] Non-existing task ID provided to task_delete()" % taskid) return jsonize({"success": False, "message": "Non-existing task ID"})
def scan_kill(taskid): """ Kill a scan """ if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()): logger.warning("[%s] Invalid task ID provided to scan_kill()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) DataStore.tasks[taskid].engine_kill() logger.debug("(%s) Killed scan" % taskid) return jsonize({"success": True})
def scan_status(taskid): """ Returns status of a scan """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_status()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) if DataStore.tasks[taskid].engine_process() is None: status = "not running" else: status = "terminated" if DataStore.tasks[taskid].engine_has_terminated() is True else "running" logger.debug("[%s] Retrieved scan status" % taskid) return jsonize({"success": True, "status": status, "returncode": DataStore.tasks[taskid].engine_get_returncode()})
def option_get(taskid): """ Get the value of an option (command line switch) for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_get()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) option = request.json.get("option", "") if option in DataStore.tasks[taskid].options: logger.debug("[%s] Retrieved value for option %s" % (taskid, option)) return jsonize({"success": True, option: DataStore.tasks[taskid].get_option(option)}) else: logger.debug("[%s] Requested value for unknown option %s" % (taskid, option)) return jsonize({"success": False, "message": "Unknown option", option: "not set"})
def scan_log(taskid): """ Retrieve the log messages """ json_log_messages = list() if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_log()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) # Read all log messages from the IPC database for time_, level, message in DataStore.current_db.execute("SELECT time, level, message FROM logs WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_log_messages.append({"time": time_, "level": level, "message": message}) logger.debug("[%s] Retrieved scan log messages" % taskid) return jsonize({"success": True, "log": json_log_messages})
def scan_log_limited(taskid, start, end): """ Retrieve a subset of log messages """ global procs json_log_messages = {} if taskid not in tasks: abort(500, "Invalid task ID") # Temporary "protection" against SQL injection FTW ;) if not start.isdigit() or not end.isdigit() or end <= start: abort(500, "Invalid start or end value, must be digits") start = max(1, int(start)) end = max(1, int(end)) # Read a subset of log messages from the temporary I/O database procs[taskid].ipc_database_cursor.execute("SELECT id, time, level, message FROM logs WHERE id >= %d AND id <= %d" % (start, end)) db_log_messages = procs[taskid].ipc_database_cursor.fetchall() for (id_, time_, level, message) in db_log_messages: json_log_messages[id_] = {"time": time_, "level": level, "message": message} return jsonize({"log": json_log_messages})
def scan_output(taskid): """ Read the standard output of sqlmap core execution """ global procs global tasks json_stdout_message = [] json_stderr_message = [] if taskid not in tasks: abort(500, "Invalid task ID") # Read all stdout messages from the temporary I/O database procs[taskid].ipc_database_cursor.execute("SELECT message FROM stdout") db_stdout_messages = procs[taskid].ipc_database_cursor.fetchall() for message in db_stdout_messages: json_stdout_message.append(message) # Read all stderr messages from the temporary I/O database procs[taskid].ipc_database_cursor.execute("SELECT message FROM stderr") db_stderr_messages = procs[taskid].ipc_database_cursor.fetchall() for message in db_stderr_messages: json_stderr_message.append(message) return jsonize({"stdout": json_stdout_message, "stderr": json_stderr_message})
def task_new(): """ Create new task ID """ global procs global tasks taskid = hexencode(os.urandom(16)) tasks[taskid] = init_options() procs[taskid] = AttribDict() _, ipc_database_filepath = tempfile.mkstemp(prefix="sqlmapipc-", text=False) # Initiate the temporary database for asynchronous I/O with the # sqlmap engine procs[taskid].ipc_database_connection = sqlite3.connect(ipc_database_filepath, timeout=1, isolation_level=None) procs[taskid].ipc_database_cursor = procs[taskid].ipc_database_connection.cursor() procs[taskid].ipc_database_cursor.execute("CREATE TABLE logs(id INTEGER PRIMARY KEY AUTOINCREMENT, time TEXT, level TEXT, message TEXT)") procs[taskid].ipc_database_cursor.execute("CREATE TABLE stdout(id INTEGER PRIMARY KEY AUTOINCREMENT, time TEXT, message TEXT)") procs[taskid].ipc_database_cursor.execute("CREATE TABLE stderr(id INTEGER PRIMARY KEY AUTOINCREMENT, time TEXT, message TEXT)") # Set the temporary database to use for asynchronous I/O communication tasks[taskid].ipc_database = ipc_database_filepath return jsonize({"taskid": taskid})
def scan_start(taskid): """ Launch a scan """ global tasks global procs global pipes if taskid not in tasks: abort(500, "Invalid task ID") # Initialize sqlmap engine's options with user's provided options # within the JSON request for key, value in request.json.items(): tasks[taskid][key] = value # Overwrite output directory (oDir) value to a temporary directory tasks[taskid].oDir = tempfile.mkdtemp(prefix="sqlmap-") # Launch sqlmap engine in a separate thread logger.debug("starting a scan for task ID %s" % taskid) pipes[taskid] = os.pipe() # Provide sqlmap engine with the writable pipe for logging tasks[taskid]["fdLog"] = pipes[taskid][1] # Launch sqlmap engine procs[taskid] = execute("python sqlmap.py --pickled-options %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=False) return jsonize({"success": True})
def option_list(taskid): """ List options for a certain task ID """ if taskid not in tasks: abort(500, "Invalid task ID") return jsonize({"options": tasks[taskid].get_options()})
def scan_log(taskid): """ Retrieve the log messages """ json_log_messages = list() if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_log()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) # Read all log messages from the IPC database for time_, level, message in DataStore.current_db.execute("SELECT time, level, message FROM logs WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_log_messages.append({"time": time_, "level": level, "message": message}) logger.debug("(%s) Retrieved scan log messages" % taskid) return jsonize({"success": True, "log": json_log_messages})
def scan_start(taskid): """ Launch a scan """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_start()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) # Initialize sqlmap engine's options with user's provided options, if any for option, value in request.json.items(): DataStore.tasks[taskid].set_option(option, value) # Launch sqlmap engine in a separate process DataStore.tasks[taskid].engine_start() logger.debug("[%s] Started scan" % taskid) return jsonize({"success": True, "engineid": DataStore.tasks[taskid].engine_get_id()})
def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): if self.messagetype == "stdout": if content_type is None: if kb.partRun is not None: content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) else: # Ignore all non-relevant messages return output = conf.database_cursor.execute( "SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", (self.taskid, content_type)) #print >>sys.__stdout__, "output: %s\nvalue: %s\nstatus: %d\ncontent_type: %d\nkb.partRun: %s\n--------------" % (output, value, status, content_type, kb.partRun) # Delete partial output from IPC database if we have got a complete output if status == CONTENT_STATUS.COMPLETE: if len(output) > 0: for index in xrange(0, len(output)): conf.database_cursor.execute( "DELETE FROM data WHERE id = ?", (output[index][0], )) conf.database_cursor.execute( "INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) if kb.partRun: kb.partRun = None elif status == CONTENT_STATUS.IN_PROGRESS: if len(output) == 0: conf.database_cursor.execute( "INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: new_value = "%s%s" % (dejsonize(output[0][2]), value) conf.database_cursor.execute( "UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) else: conf.database_cursor.execute( "INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else ""))
def task_list(taskid): """ List all active tasks """ if is_admin(taskid): return jsonize({"tasks": tasks}) else: abort(401)
def option_list(taskid): """ List options for a certain task ID """ if taskid not in tasks: abort(500, "Invalid task ID") return jsonize(tasks[taskid].get_options())
def version(token=None): """ Fetch server version """ logger.debug("Fetched version (%s)" % ("admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True, "version": VERSION_STRING.split('/')[-1]})
def task_list(taskid): """ List task pull """ if is_admin(taskid): logger.debug("Listed task pull") return jsonize({"tasks": tasks, "tasks_num": len(tasks)}) else: abort(401)
def task_destroy(taskid): """ Destroy own task ID """ if taskid in tasks and not is_admin(taskid): tasks.pop(taskid) return jsonize({"success": True}) else: abort(500, "Invalid task ID")
def option_set(taskid): """ Set value of option(s) for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_set()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) if request.json is None: logger.warning("[%s] Invalid JSON options provided to option_set()" % taskid) return jsonize({"success": False, "message": "Invalid JSON options"}) for option, value in request.json.items(): DataStore.tasks[taskid].set_option(option, value) logger.debug("(%s) Requested to set options" % taskid) return jsonize({"success": True})
def task_new(): """ Create new task ID """ taskid = hexencode(os.urandom(8)) DataStore.tasks[taskid] = Task(taskid) logger.debug("Created new task: '%s'" % taskid) return jsonize({"success": True, "taskid": taskid})
def write(self, value, status=None, content_type=None): if self.messagetype == "stdout": #conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", # (self.taskid, status, content_type, base64pickle(value))) conf.database_cursor.execute("INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: conf.database_cursor.execute("INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else ""))
def write(self, value, status=CONTENT_STATUS.IN_PROGRESS, content_type=None): if self.messagetype == "stdout": if content_type is None: if kb.partRun is not None: content_type = PART_RUN_CONTENT_TYPES.get(kb.partRun) else: # 忽略所有不相关的消息 return output = conf.databaseCursor.execute( "SELECT id, status, value FROM data WHERE taskid = ? AND content_type = ?", (self.taskid, content_type)) # 如果得到完整的输出,则从IPC数据库中删除部分输出 if status == CONTENT_STATUS.COMPLETE: if len(output) > 0: for index in xrange(len(output)): conf.databaseCursor.execute( "DELETE FROM data WHERE id = ?", (output[index][0], )) conf.databaseCursor.execute( "INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) if kb.partRun: kb.partRun = None elif status == CONTENT_STATUS.IN_PROGRESS: if len(output) == 0: conf.databaseCursor.execute( "INSERT INTO data VALUES(NULL, ?, ?, ?, ?)", (self.taskid, status, content_type, jsonize(value))) else: new_value = "%s%s" % (dejsonize(output[0][2]), value) conf.databaseCursor.execute( "UPDATE data SET value = ? WHERE id = ?", (jsonize(new_value), output[0][0])) else: conf.databaseCursor.execute( "INSERT INTO errors VALUES(NULL, ?, ?)", (self.taskid, str(value) if value else ""))
def status(taskid): """ Verify the status of the API as well as the core """ if is_admin(taskid): tasks_num = len(tasks) return jsonize({"tasks": tasks_num}) else: abort(401)
def scan_kill(taskid): """ Kill a scan """ global tasks if taskid not in tasks: abort(500, "Invalid task ID") return jsonize({"success": tasks[taskid].engine_kill()})
def task_new(): """ Create new task ID """ global tasks taskid = hexencode(os.urandom(16)) tasks[taskid] = init_options() return jsonize({"taskid": taskid})
def scan_status(taskid): """ Returns status of a scan """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_status()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) if DataStore.tasks[taskid].engine_process() is None: status = "not running" else: status = "terminated" if DataStore.tasks[taskid].engine_has_terminated() is True else "running" logger.debug("[%s] Retrieved scan status" % taskid) return jsonize({ "success": True, "status": status, "returncode": DataStore.tasks[taskid].engine_get_returncode() })
def task_new(): """ Create a new task """ taskid = hexencode(os.urandom(8)) remote_addr = request.remote_addr DataStore.tasks[taskid] = Task(taskid, remote_addr) logger.debug("Created new task: '%s'" % taskid) return jsonize({"success": True, "taskid": taskid})
def scan_start(taskid): """ 启动扫描 """ if taskid not in DataStore.tasks: logger.warning(u"[%s] 提供给scan_start()的任务ID无效" % taskid) return jsonize({"success": False, "message": u"任务ID无效"}) # 使用用户提供的选项(如果有)初始化sqlmap引擎选项 for option, value in request.json.items(): DataStore.tasks[taskid].set_option(option, value) # 在单独的进程中启动sqlmap引擎 DataStore.tasks[taskid].engine_start() logger.debug(u"[%s] 开始扫描" % taskid) return jsonize({ "success": True, "engineid": DataStore.tasks[taskid].engine_get_id() })
def task_new(): """ Create new task ID """ global tasks taskid = hexencode(os.urandom(8)) tasks[taskid] = Task(taskid) logger.debug("Created new task ID: %s" % taskid) return jsonize({"taskid": taskid})
def task_delete(taskid): """ Delete own task ID """ if taskid in tasks: tasks[taskid].clean_filesystem() tasks.pop(taskid) logger.debug("Deleted task ID: %s" % taskid) return jsonize({"success": True}) else: abort(500, "Invalid task ID")
def option_get(taskid): """ Get value of option(s) for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_get()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) options = request.json or [] results = {} for option in options: if option in DataStore.tasks[taskid].options: results[option] = DataStore.tasks[taskid].options[option] else: logger.debug("(%s) Requested value for unknown option '%s'" % (taskid, option)) return jsonize({"success": False, "message": "Unknown option '%s'" % option}) logger.debug("(%s) Retrieved values for option(s) '%s'" % (taskid, ",".join(options))) return jsonize({"success": True, "options": results})
def task_list(token=None): """ Pull task list """ tasks = {} for key in DataStore.tasks: if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: tasks[key] = dejsonize(scan_status(key))["status"] logger.debug("(%s) Listed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)})
def task_flush(token=None): """ Flush task spool (delete all tasks) """ for key in list(DataStore.tasks): if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: DataStore.tasks[key].engine_kill() del DataStore.tasks[key] logger.debug("(%s) Flushed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True})
def scan_data(taskid): """ Retrieve the data of a scan """ json_data_message = list() json_errors_message = list() if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to scan_data()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) # Read all data from the IPC database for the taskid for status, content_type, value in DataStore.current_db.execute("SELECT status, content_type, value FROM data WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_data_message.append({"status": status, "type": content_type, "value": dejsonize(value)}) # Read all error messages from the IPC database for error in DataStore.current_db.execute("SELECT error FROM errors WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_errors_message.append(error) logger.debug("(%s) Retrieved scan data and error messages" % taskid) return jsonize({"success": True, "data": json_data_message, "error": json_errors_message})
def scan_delete(taskid): """ Delete a scan and corresponding temporary output directory """ global tasks if taskid not in tasks: abort(500, "Invalid task ID") if "oDir" in tasks[taskid] and tasks[taskid].oDir is not None: shutil.rmtree(tasks[taskid].oDir) return jsonize({"success": True})
def scan_log(taskid): """ 检索日志消息 """ json_log_messages = list() if taskid not in DataStore.tasks: logger.warning(u"提供给scan_log()的任务ID[%s]无效" % taskid) return jsonize({"success": False, "message": "任务ID无效"}) # Read all log messages from the IPC database for time_, level, message in DataStore.current_db.execute( "SELECT time, level, message FROM logs WHERE taskid = ? ORDER BY id ASC", (taskid, )): json_log_messages.append({ "time": time_, "level": level, "message": message }) logger.debug(u" 检索扫描[%s]的日志消息" % taskid) return jsonize({"success": True, "log": json_log_messages})
def download(taskid, target, filename): """ Download a certain file from the file system """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to download()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) path = os.path.abspath(os.path.join(paths.SQLMAP_OUTPUT_PATH, target, filename)) # Prevent file path traversal if not path.startswith(paths.SQLMAP_OUTPUT_PATH): logger.warning("[%s] Forbidden path (%s)" % (taskid, target)) return jsonize({"success": False, "message": "Forbidden path"}) if os.path.isfile(path): logger.debug("[%s] Retrieved content of file %s" % (taskid, target)) with open(path, 'rb') as inf: file_content = inf.read() return jsonize({"success": True, "file": file_content.encode("base64")}) else: logger.warning("[%s] File does not exist %s" % (taskid, target)) return jsonize({"success": False, "message": "File does not exist"})
def option_set(taskid): """ Set an option (command line switch) for a certain task ID """ global tasks if taskid not in tasks: abort(500, "Invalid task ID") for option, value in request.json.items(): tasks[taskid].set_option(option, value) return jsonize({"success": True})
def scan_kill(taskid): """ Kill a scan """ global tasks if taskid not in tasks: abort(500, "Invalid task ID") tasks[taskid].engine_kill() logger.debug("Killed scan for task ID %s" % taskid) return jsonize({"success": True})
def _client(url, options=None): logger.debug("Calling %s" % url) try: data = None if options is not None: data = jsonize(options) req = urllib2.Request(url, data, {"Content-Type": "application/json"}) response = urllib2.urlopen(req) text = response.read() except: if options: logger.error("Failed to load and parse %s" % url) raise return text
def option_get(taskid): """ 获取某个任务ID的选项(命令行开关)的值 """ if taskid not in DataStore.tasks: logger.warning(u"[%s] 提供给option_get()的任务ID无效" % taskid) return jsonize({"success": False, "message": u"任务ID无效"}) option = request.json.get("option", "") if option in DataStore.tasks[taskid].options: logger.debug(u"[%s] 检索选项%s的值" % (taskid, option)) return jsonize({ "success": True, option: DataStore.tasks[taskid].get_option(option) }) else: logger.debug(u"[%s] 未知选项%s的请求值" % (taskid, option)) return jsonize({ "success": False, "message": "Unknown option", option: "not set" })
def scan_status(taskid): """ 返回扫描的状态 """ if taskid not in DataStore.tasks: logger.warning(u"[%s] 提供给scan_status()的任务ID无效" % taskid) return jsonize({"success": False, "message": u"任务ID无效"}) if DataStore.tasks[taskid].engine_process() is None: status = "not running" else: status = "terminated" if DataStore.tasks[taskid].engine_has_terminated( ) is True else "running" logger.debug(u"[%s] 检索扫描状态" % taskid) return jsonize({ "success": True, "status": status, "returncode": DataStore.tasks[taskid].engine_get_returncode() })