def sqlmap_url(url, options): """ return sqlmap results for a specific url and specified options """ """ if there was an error, return None """ # check if sqlmapapi is available sqlmapapi_check() # create the new api interface sqlmap = SqlmapHook(url) # init a new scan ( create it, but don't launch it ) sqlmap.init_new_scan() scan_id = sqlmap.get_scan_id() log.debug("Launching a sqlmap scan for {} (id: {})".format(url, scan_id)) log.debug("Options for {}: {}".format(url, options)) sqlmap.start_scan(scan_id, options) while True: time.sleep(1) logs, running = sqlmap.show_sqlmap_log(scan_id) if not running: return logs time.sleep(4)
def getdorks(args): if args.dorkfile is not None and args.dork is not None: log.critical("-f (--dork-file) and -d (--dork) are incompatible") exit(1) elif args.dorkfile is not None: if os.path.isfile(args.dorkfile): lines = [] try: with open(args.dorkfile) as dork_file: for line in dork_file: lines.append(line) except IOError as e: log.critical('Got an error when reading the supplied dork file\ (-f/--dork-file): {}'.format(e)) else: log.critical( "The dork file supplied (-f/--dork-file) does not exists") pass # TODO: accept a dorkfile elif args.dorkfile is None and args.dork is None: log.debug("interactively querying dork") log.info("Enter a dork:") dorks = [input("dork: ")] else: dorks = [args.dork] return dorks
def show_sqlmap_log(self, api_id): """show the sqlmap log return a tuple like this: (logs, is_running) """ running_status_url = "{}{}".format( self.connection, self.commands["status"].format(api_id)) running_log_url = "{}{}".format(self.connection, self.commands["log"].format(api_id)) status_req = requests.get(running_status_url) status_json = json.loads(status_req.content) current_status = status_json["status"] is_running = True logs = '' if current_status != "running": log.debug("[scan: {}] scan isn't running: {}".format( api_id, current_status)) is_running = False current_status = json.loads( requests.get(running_status_url).content)["status"] log_req = requests.get(running_log_url) log_json = json.loads(log_req.content) for i in range(0, len(log_json["log"])): logs += log_json["log"][i]["message"] return (logs, is_running)
def execute(command, cwd=None, timeout=None, yes=None, background=False): """ must be an array returns the stdout of command command is an array of args cwd is the current directory in which the command shall be executed Timeout is the timeout of the command yes = True: constantly feed stdin with a "y" yes = False: constantly feed stdin with a "n" """ pre_command = [] if yes is not None: pre_command.append("yes |" if yes else "yes n |") for arg in command: pre_command.append(arg) assembled_pre_command = "" for arg in pre_command: assembled_pre_command += " " + arg final_command = [ "bash -c {}".format(satanize_for_bash(assembled_pre_command)) ] # shellmode = True if yes is not None else None shellmode = True log.debug("command: {}; cwd: {}; timeout: {}; shellmode: {}".format( final_command, cwd, timeout, shellmode)) result = subprocess.run(final_command, stdout=subprocess.PIPE, cwd=cwd, timeout=timeout, shell=shellmode) return result.stdout.decode('utf-8')
def whatwaf_url(url): """ return WhatWaf's results for a specified url """ log.debug("Launching WhatWaf on {}".format(url)) return execute([ "python2.7", paths.WHATWAF_NAME, "-u", remove_thing_url(url), "--ra", "--hide", "--json", "--verify-num", str(WHATWAF_VERIFY_NUM) ], paths.WHATWAF_PATH, None, True)
def wafdetect_stage(args): """ add details of the targets of the save """ while True: target = save.getUnwaffedTarget() if target is not None: log.debug("Waffing {}".format(target.url)) target = whatwaf_target(target) save.updateTarget(target) else: log.debug("All targets got waffed !") break
def parse_report(report, target): """ add sqlmap report details to a given target """ log.debug("report: {}".format(report)) if 'CRITICAL' in report: if 'all tested parameters do not appear to be injectable.' in report: # The detection process was error-free but didn't found a SQLi target.set_vulnerability_status(False) else: # There was an error that we are too lazy to handle target.set_vulnerability_status(False) target.set_sqlmap_error(True) else: log.critical("not finished yetttt :(") print('report:\n\n{}'.format(report)) exit(69) target.set_sqlmap_logs(report) return target
def nextStage(args): """ execute the current stage of the save increase the stage number after its execution return True if it should be called another time return False if it shouldn't be called another time """ current_stage = save.getStage() if args.reportOnly: launchReportStage(args) return_value = False elif args.dorkOnly: launchDorkStage(args) return_value = False # since we got target data, we can increment the stage for future use if save.getStage() == DORK_STAGE: save.incrementStage() else: if current_stage == DORK_STAGE: # if in dork stage launchDorkStage(args) return_value = True elif current_stage == WAF_DETECT_STAGE: launchWafStage(args) return_value = True elif current_stage == SQLMAP_STAGE: launchSqlmapStage(args) return_value = True elif current_stage == REPORT_STAGE: launchReportStage(args) return_value = False else: launchReportStage(args) return_value = False save.incrementStage() log.debug("New stage number: " + str(save.getStage())) return return_value
def launchReportStage(args): """ execute the report stage ( REPORT_STAGE ) """ log.debug("Launching the report stage") report_stage(args)
def launchSqlmapStage(args): log.debug("Launching the sqlmap stage") sqlmap_stage(args)
def launchWafStage(args): log.debug("Launching the waf stage") wafdetect_stage(args)
def launchDorkStage(args): log.debug("Launching the dork stage") dork_stage(args)
def main(): args = argument_parse() if args.debug: log.debug("Ok boss, launching in debug mode") import pudb pudb.set_trace() # XXX BREAKPOINT log.info("Welcome into AutoSQLi!") log.debug("Checking for saves...") save.saveStartup(args) log.debug("Loading save...") save.importSave() log.debug("current_save.stage in main(): " + str(save.getStage())) while True: # do the current stage and increment log.debug("Getting into the next stage") need_to_continue = stages.nextStage(args) # backup the current state (into autosqli.save) save.writeSave() # TODO: add a time based saver log.debug("Save exported") if save.getStage() == stages.REPORT_STAGE or need_to_continue is False: break log.info("Goodbye!")