def sqli_detect(self): from AutoSqli import AutoSqli try: t = AutoSqli(sqlmap_api_address, self.req_url, self.para_str, '', self.cookie, self.request) t.deamon = True t.start() except Exception, e: print e
def run(self): """ Run the sqli detection using HTTPRequest object. """ try: detecter = AutoSqli(SERVER, self.url, self.data, self.referer, self.cookie, self.req_text) detecter.deamon = True detecter.start() except Exception, e: print e
#print "[+]Well, you could check the reverse domain for result here.\n" elif self.detect_type == "ssrf": log_value = self.ssrf_detect() #此处无法添加可匹配的regx,可尝试检查reverse domain的结果 #现在借助api已解决这类问题。 #print "[+]Well, you could check the reverse domain for result here.\n" elif self.detect_type == "xxe": log_value = self.xxe_detect() elif self.detect_type == "sqli": from AutoSqli import AutoSqli try: t = AutoSqli(sqlmap_api_address, self.req_url, self.para_str, '', self.cookie, self.request) t.deamon = True t.start() except Exception, e: print e log_value = False print "[+]Please wait for sqli time-delay detect.\n" else: return #print log_value if log_value != False and log_value != None: print "[!]Well. mabye success exploit here!\n" self.log_print(self.detect_type) #else: # print "[+]Maybe no vulns or here, you can wait for time-delay detect.\n"