def queue_get(queue_waiting, queue_scaning):
while not queue_scaning.full():
while queue_waiting.qsize()>0 :
postdata = queue_waiting.get()
data = postdata['data'] if postdata['data'] else ''
queue_scaning.put(1)
wow = AutoSqli('http://127.0.0.1:8775',postdata['url'],data,postdata['header']['referer'],postdata['header']['cookie'])
wow.run()
queue_scaning.get()
def sqli_detect(self):
from AutoSqli import AutoSqli
try:
t = AutoSqli(sqlmap_api_address, self.req_url, self.para_str, '',
self.cookie, self.request)
t.deamon = True
t.start()
except Exception, e:
print e
def queue_get(queue_waiting, queue_scaning):
while not queue_scaning.full():
while queue_waiting.qsize()>0 :
postdata = queue_waiting.get()
data = postdata['data'] if postdata['data'] else ''
queue_scaning.put(1)
wow = AutoSqli('http://127.0.0.1:8775',postdata['url'],data,postdata['header']['referer'],postdata['header']['cookie'])
wow.run()
queue_scaning.get()
def run(self):
"""
Run the sqli detection using HTTPRequest object.
"""
try:
detecter = AutoSqli(SERVER, self.url, self.data,
self.referer, self.cookie, self.req_text)
detecter.deamon = True
detecter.start()
except Exception, e:
print e
def run(self):
"""
Run the sqli detection using HTTPRequest object.
"""
try:
detecter = AutoSqli(SERVER, self.url, self.data, self.referer,
self.cookie, self.req_text)
detecter.deamon = True
detecter.start()
except Exception, e:
print e
def queue_get(queue_waiting, queue_scaning):
while not queue_scaning.full():
while queue_waiting.qsize() > 0:
postdata = queue_waiting.get()
data = postdata["data"] if postdata["data"] else ""
queue_scaning.put(1)
wow = AutoSqli(
"http://127.0.0.1:8775",
postdata["url"],
data,
postdata["header"]["referer"],
postdata["header"]["cookie"],
)
wow.run()
queue_scaning.get()
def run(word):
c = Crawl(word)
c.urls, c.next_page = c.baidu_crawl()
while True:
while not c.urls.empty():
url = c.urls.get().strip()
s = AutoSqli(url)
# t = threading.Thread(target=s.run)
t = gevent.spawn(s.run)
c.threads.append(t)
print url
# t.start()
else:
gevent.joinall(c.threads)
# for t in c.threads:
# t.join()
print c.next_page
if c.next_page:
c.urls, c.next_page = c.baidu_crawl()
else:
break
def test_Sqli(test_url):
t = AutoSqli('http://127.0.0.1:8775',test_url)
t.run()
#if not log_value:
#此处如果没有得到回显,可尝试检查reverse domain的结果
#现在借助api已解决这类问题。
#print "[+]Well, you could check the reverse domain for result here.\n"
elif self.detect_type == "ssrf":
log_value = self.ssrf_detect()
#此处无法添加可匹配的regx,可尝试检查reverse domain的结果
#现在借助api已解决这类问题。
#print "[+]Well, you could check the reverse domain for result here.\n"
elif self.detect_type == "xxe":
log_value = self.xxe_detect()
elif self.detect_type == "sqli":
from AutoSqli import AutoSqli
try:
t = AutoSqli(sqlmap_api_address, self.req_url, self.para_str,
'', self.cookie, self.request)
t.deamon = True
t.start()
except Exception, e:
print e
log_value = False
print "[+]Please wait for sqli time-delay detect.\n"
else:
return
#print log_value
if log_value != False and log_value != None:
print "[!]Well. mabye success exploit here!\n"
self.log_print(self.detect_type)
#else:
def test_Sqli(test_url):
t = AutoSqli('http://127.0.0.1:8775', test_url)
t.run()