def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return #check fileext if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' keystr = req.path else: request = req_header_text + '\n' + req_body a = req_body b = a.split('&') c = [] for i in b: if i.find('=') > 0: arr = i.split('=') c.append(arr[0]) keystr = "%s%s"%(req.path,''.join(sorted(c))) else: request = req_header_text + '\n' keystr = req.path #post请求时把postdata放入检测 #print req_body #avoid same params multi test sig = self.make_sig(req.path) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() #print req.headers.get('Cookie') if req_body: payload = {'url':req.path,'data':req_body,'cookie':req.headers.get('Cookie')} else: payload = {'url':req.path,'cookie':req.headers.get('Cookie')} #通过类传参,把payload传入检测队列 i = SqlmapAPIWrapper(fname,payload) if i.scan_start(): self.q.put((fname,i.taskid,payload,time.time()))
def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([ h for h in config.included_host if req.headers.get('Host', '').endswith(h) ]): return if len([ h for h in config.excluded_host if req.headers.get('Host', '').endswith(h) ]): return #check fileext if len([ h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h) ]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext( req.path )[1] and req.command == 'GET' and not urlparse.urlparse( req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' else: request = req_header_text + '\n' + req_body #avoid same params multi test sig = self.make_sig(req.path) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() i = SqlmapAPIWrapper(fname) if i.scan_start(): config.queue.put((fname, i.taskid, req.path, time.time()))
def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return #check fileext if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' else: request = req_header_text + '\n' + req_body #avoid same params multi test sig = self.make_sig(req.path) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() i = SqlmapAPIWrapper(fname) if i.scan_start(): config.queue.put((fname,i.taskid,req.path,time.time()))
def run(self): while True: try: (fname, taskid, url, start_time) = config.queue.get(timeout=1) injector = SqlmapAPIWrapper(fname) injector.settaskid(taskid) if not injector.terminal(): if time.time() - start_time > config.sqlmap_tasktimeout: injector.clear() continue config.queue.put((fname, taskid, url, start_time)) time.sleep(3) continue if injector.vulnerable(): print with_color( 32, "#%s [VulUrl] %s" % (time.strftime("%H:%M:%S"), url)) print with_color( 32, "#%s [Exploit] sqlmap -r %s" % (time.strftime("%H:%M:%S"), config.save_path + '/' + fname)) sys.stdout.flush() injector.delete() else: injector.clear() except Empty: time.sleep(3) except KeyboardInterrupt: return
def run(self): while True: try: (fname,taskid,url,start_time) = config.queue.get(timeout=1) injector = SqlmapAPIWrapper(fname) injector.settaskid(taskid) if not injector.terminal(): if time.time()-start_time>config.sqlmap_tasktimeout: injector.clear() continue config.queue.put((fname,taskid,url,start_time)) time.sleep(3) continue if injector.vulnerable(): print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),url)) print with_color(32, "#%s [Exploit] sqlmap -r %s"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname)) sys.stdout.flush() injector.delete() else: injector.clear() except Empty: time.sleep(3) except KeyboardInterrupt: return
def run(self): while True: try: (fname, taskid, payload, start_time, hostname) = config.queue.get(timeout=1) #print (fname,taskid,payload,start_time) injector = SqlmapAPIWrapper(fname, payload) injector.settaskid(taskid) #当sqlmapapi检测结束后... if not injector.terminal(): if time.time() - start_time > config.sqlmap_tasktimeout: injector.clear() continue config.queue.put( (fname, taskid, payload, start_time, hostname)) time.sleep(5) continue if injector.vulnerable(): print with_color( 32, "#%s [VulUrl] %s" % (time.strftime("%H:%M:%S"), payload['url'])) print with_color( 32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3" % (time.strftime("%H:%M:%S"), config.save_path + '/' + fname)) vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3" % ( time.strftime("%H:%M:%S"), payload['url'], time.strftime("%H:%M:%S"), config.save_path + '/' + fname) writelog(vlu_str, "%s_%s" % (hostname, time.strftime("%Y-%m-%d"))) sys.stdout.flush() injector.delete() else: injector.clear() except Empty: time.sleep(3) pass except KeyboardInterrupt: return
def run(self): while True: try: (fname,taskid,payload,start_time) = config.queue.get(timeout=1) #print (fname,taskid,payload,start_time) injector = SqlmapAPIWrapper(fname,payload) injector.settaskid(taskid) #当sqlmapapi检测结束后... if not injector.terminal(): if time.time()-start_time>config.sqlmap_tasktimeout: injector.clear() continue config.queue.put((fname,taskid,payload,start_time)) time.sleep(5) continue if injector.vulnerable(): print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),payload['url'])) print with_color(32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname)) vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"),payload['url'],time.strftime("%H:%M:%S"), config.save_path + '/' + fname) writelog(vlu_str,time.strftime("%Y-%m-%d")) sys.stdout.flush() injector.delete() else: injector.clear() except Empty: time.sleep(3) pass except KeyboardInterrupt: return
def save_handler(self, req, req_body, res, res_body): #check res.status if re.match(config.filter_code, str(res.status)): return #check host if not len([ h for h in config.included_host if req.headers.get('Host', '').endswith(h) ]): return if len([ h for h in config.excluded_host if req.headers.get('Host', '').endswith(h) ]): return #check fileext if len([ h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h) ]): return #check query, get must have query string or url-rewrited #GET method, have ext and do not have query string if os.path.splitext( req.path )[1] and req.command == 'GET' and not urlparse.urlparse( req.path).query: return #prepare request req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers) if req.command == 'GET': request = req_header_text + '\n' keystr = req.path else: #POST if req_body: request = req_header_text + '\n' + str(req_body) a = str(req_body) #分割post data参数 b = a.split('&') c = [] for i in b: if i.find('=') > 0: arr = i.split('=') c.append(arr[0]) keystr = "%s/%s" % (req.path, ''.join(sorted(c))) #修改某些Post请求为空时出错 #else: request = req_header_text + '\n' + str(req_body) keystr = req.path #post请求时把postdata放入检测 #print req_body #avoid same params multi test sig = self.make_sig(keystr) if self.check_history(sig): return self.query_log[sig] = True fname = str(uuid.uuid4()) f = open(config.save_path + '/' + fname, 'w') f.write(request) f.close() #print req.headers.get('Cookie') if req_body: payload = { 'url': req.path, 'data': req_body, 'cookie': req.headers.get('Cookie'), 'agent': req.headers.get('User-Agent'), 'level': 3 } else: payload = { 'url': req.path, 'cookie': req.headers.get('Cookie'), 'agent': req.headers.get('User-Agent'), 'level': 3 } #通过类传参,把payload传入检测队列 i = SqlmapAPIWrapper(fname, payload) if i.scan_start(): self.q.put((fname, i.taskid, payload, time.time()))