Exemple #1
0
	def run(self):
		while True:
			try:
				(fname,taskid,url,start_time) = config.queue.get(timeout=1)
				injector = SqlmapAPIWrapper(fname)
				injector.settaskid(taskid)

				if not injector.terminal():
					if time.time()-start_time>config.sqlmap_tasktimeout:
						injector.clear()
						continue
					config.queue.put((fname,taskid,url,start_time))
					time.sleep(3)
					continue

				if injector.vulnerable():
					print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),url))
					print with_color(32, "#%s [Exploit] sqlmap -r %s"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname))
					sys.stdout.flush()
					injector.delete()
				else:
					injector.clear()
			except Empty:
				time.sleep(3)
			except KeyboardInterrupt:
				return
Exemple #2
0
    def run(self):
        while True:
            try:
                (fname, taskid, url, start_time) = config.queue.get(timeout=1)
                injector = SqlmapAPIWrapper(fname)
                injector.settaskid(taskid)

                if not injector.terminal():
                    if time.time() - start_time > config.sqlmap_tasktimeout:
                        injector.clear()
                        continue
                    config.queue.put((fname, taskid, url, start_time))
                    time.sleep(3)
                    continue

                if injector.vulnerable():
                    print with_color(
                        32,
                        "#%s [VulUrl] %s" % (time.strftime("%H:%M:%S"), url))
                    print with_color(
                        32, "#%s [Exploit] sqlmap -r %s" %
                        (time.strftime("%H:%M:%S"),
                         config.save_path + '/' + fname))
                    sys.stdout.flush()
                    injector.delete()
                else:
                    injector.clear()
            except Empty:
                time.sleep(3)
            except KeyboardInterrupt:
                return
Exemple #3
0
	def run(self):
		while True:
			try:
				(fname,taskid,payload,start_time) = config.queue.get(timeout=1)
				#print (fname,taskid,payload,start_time)
				
				injector = SqlmapAPIWrapper(fname,payload)
				injector.settaskid(taskid)
	
				#当sqlmapapi检测结束后...
				if not injector.terminal():
					if time.time()-start_time>config.sqlmap_tasktimeout:
						injector.clear()
						continue
					config.queue.put((fname,taskid,payload,start_time))
					time.sleep(5)
					continue

				if injector.vulnerable():
					print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),payload['url']))
					print with_color(32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname))
					vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"),payload['url'],time.strftime("%H:%M:%S"), config.save_path + '/' + fname)
					writelog(vlu_str,time.strftime("%Y-%m-%d"))
					sys.stdout.flush()
					injector.delete()
				else:
					injector.clear()
					
			except Empty:
				time.sleep(3)
				pass
			except KeyboardInterrupt:
				return