class SqliManage(object):
def __init__(self, sqlmapapiurl, adminid):
self.sqlmapapiurl = sqlmapapiurl #SQLMAP API服务地址
self.adminid = adminid #SQLMAP API adminid
self.mysql = Mysql(conf.db_host, conf.db_port, conf.db_user,
conf.db_pass, conf.db_name)
#获取当前任务列表
def _get_task_list(self):
checkurl = self.sqlmapapiurl + '/admin/' + self.adminid + '/list'
resp = json.loads(do_get(checkurl))
return resp['tasks']
#漏洞结果入库
def _item2db(self, taskid):
dataurl = self.sqlmapapiurl + '/scan/' + taskid + '/data'
resp = json.loads(do_get(dataurl))
data = resp['data']
if data != []:
dset = "data='%s', sqli=1" % base64.b64encode(str(data[0]))
else:
logurl = self.sqlmapapiurl + '/scan/' + taskid + '/log'
resp = json.loads(do_get(logurl))
log = resp['log']
dset = "data='%s', sqli=0" % base64.b64encode(str(log))
where = "taskid='%s'" % taskid
self.mysql.update('sub_sqli', dset, where)
return
#删除任务
def _delete_task(self, taskid):
deleteurl = self.sqlmapapiurl + '/task/' + taskid + '/delete'
do_get(deleteurl)
return
#处理任务结果
def handle_result(self):
tasklist = self._get_task_list()
for taskid, state in tasklist.items():
if state == 'terminated':
self._item2db(taskid)
return
#sqli任务初入库
def _task2db(self, taskid, url, body, psw):
self.mysql.insert('sub_sqli', ('taskid', 'url', 'body', 'hash'),
(taskid, url, body, psw))
return
#创建SQLI任务
def send2sqlmap(self, url, user_agent='', cookie='', body=''):
flag, psw = self._is_need_sqli_test(url, body)
if not flag:
return False
newurl = self.sqlmapapiurl + '/task/new'
resp = json.loads(do_get(newurl))
taskid = resp['taskid']
log('send2sqlmap', 'task is created. id : %s' % taskid)
data = {}
data['url'] = url
if cookie != '' and cookie != []:
data['cookie'] = cookie[0]
data['headers'] = 'User-Agent: ' + user_agent[0]
if body != '':
data['data'] = body
if url[0:5] == 'https':
forcesslurl = self.sqlmapapiurl + '/option/' + taskid + '/set'
do_post(url=forcesslurl, data='{"forceSSL" : true}')
starturl = self.sqlmapapiurl + '/scan/' + taskid + '/start'
do_post(url=starturl, data=json.dumps(data))
log('send2sqlmap', 'task is started. id : %s' % taskid)
self._task2db(taskid, url, body, psw)
return True
#检测该请求是否需要进行SQLI测试
def _is_need_sqli_test(self, url, body):
parsedurl = urlparse(url)
if parsedurl.query == '' and body == '':
return False, ''
paramlist = parsedurl.query.split('&')
paramstring = ''
for param in paramlist:
paramstring += str(param.split('=')[0])
test = parsedurl.netloc + parsedurl.path + parsedurl.params + paramstring + body
m = hashlib.md5()
m.update(test)
psw = m.hexdigest()
for one in self.mysql.select(('hash'), 'sub_sqli'):
if psw == one[0]:
return False, ''
f = open('plugins/mysub/config/targetdomain', 'r')
domains = f.readlines()
f.close()
for one in domains:
if one[:-1] in parsedurl.netloc:
return True, psw
return False, ''
#获取漏洞结果
def get_sqli_result(self):
return self.mysql.select(('url', 'body', 'data'), 'sub_sqli', 'sqli=1')
#获取无漏洞结果
def get_no_sqli_result(self):
return self.mysql.select(('url', 'body', 'data'), 'sub_sqli', 'sqli=0')
#获取正在进行的任务列表
def get_scaning_list(self):
return self.mysql.select(('url', 'body'), 'sub_sqli', 'sqli is NULL')
#强行善后
def tasks_clean(self):
tasklist = self._get_task_list()
for taskid in tasklist:
self._delete_task(taskid)
self.mysql.delete('sub_sqli', 'sqli is NULL')
return
#清库
def clean_db(self):
self.mysql.delete('sub_sqli')
return
def add_holidays():
for dic in calendarifics['response']['holidays']:
response = Mysql.insert(dic)
return jsonify(response)