def sqlmap_scan(request, level):
message = {"request_stat": 0, "message": ""}
sqlmap_api = config.load_rule()["sqlmap_api"]
sqlmap_conf = json.load(open(config.rule_read("sqlmap", get_file_handle=True)))
conf_ban = ["url", "headers", "data", "taskid", "database"]
for ban in conf_ban:
if ban in sqlmap_conf.keys():
del sqlmap_conf[ban]
sqlmap_conf['url'] = request['url']
sqlmap_conf['data'] = request['postdata']
sqlmap_conf['headers'] = ""
for header in request['headers'].keys():
sqlmap_conf['headers'] += "%s: %s\r\n" % (header, request['headers'][header])
json_headers = {"Content-Type": "application/json"}
taskid = json.loads(requests.get("%s/task/new" % sqlmap_api).content)['taskid']
data = json.dumps(sqlmap_conf)
try:
requests.post("%s/option/%s/set" % (sqlmap_api, taskid), data=json.dumps(sqlmap_conf), headers=json_headers)
requests.post("%s/scan/%s/start" % (sqlmap_api, taskid), data="{}", headers=json_headers)
while json.loads(requests.get("%s/scan/%s/status" % (sqlmap_api, taskid)).content)['status'] != "terminated":
time.sleep(5)
data = json.loads(requests.get("%s/scan/%s/data" % (sqlmap_api, taskid)).content)['data']
if data != []:
message['request_stat'] = 3
message['message'] += "title: %s|#|payload: %s|#|taskid: %s|,|" % (data[0]['value'][0]['data']['1']['title'], data[0]['value'][0]['data']['1']['payload'], taskid)
except Exception as e:
print(e)
finally:
return message
def scan_start():
while config.load()['scan_stat'].lower() == "true":
try:
# TODO 这两个sleep没有必要
while thread_filled():
time.sleep(5)
# 取出一个等待的任务, 并将其标记为运行中
item = ReqItem()
item.set_status(ITEM_STATUS.RUNNING)
reqhash = item.data_obj['hash']
if not reqhash:
time.sleep(10)
continue
request = item.data_obj['request'] # TODO 检查request值
rules = config.load_rule()['scan_type']
url = urlparse.urlparse(request['url']).query
if (request['method'] == "GET" and
url != "") or (request['method'] == "POST" and
(request["postdata"] != "" or url != "")):
t = threading.Thread(target=new_scan,
args=(reqhash, item, rules))
t.start()
else: # 不合规的任务直接标记为finished
item.set_status(ITEM_STATUS.FINISHED)
except Exception, e:
out.error(str(e))
def get(self):
start = {}
rule = [
"sqlireflect", "sqlitime", "sqlmap", "xpath", "xss", "lfi", "ldap",
"sqlibool"
]
for i in rule:
start[i + "_true"] = ""
start[i + "_false"] = "checked"
for i in config.load_rule()["scan_type"]:
start[i + "_true"] = "checked"
start[i + "_false"] = ""
rules = {}
for i in rule:
rules[i] = config.rule_read(i)
return self.render("scan_config.html",
config=config.load(),
start=start,
rules=rules,
scan_stat=config.load()['scan_stat'],
sqlmap_api=config.load_rule()['sqlmap_api'])
def post(self):
start = []
rule = ["sqlireflect", "sqlitime", "xpath", "xss", "sqlibool"]
conf = config.load_rule()
for i in rule:
on = self.get_argument(i + "_start")
if on == "true":
start.append(i)
rules = self.get_argument(i + "_rule")
config.rule_write(i, rules)
if i == "sqlmap":
address = self.get_argument("sqlmap_api")
conf['sqlmap_api'] = address
conf['scan_type'] = start
config.update_rule(conf)
return self.write(out.jump("/scan_config"))
def scan_start():
while config.load()['scan_stat'].lower() == "true":
try:
while thread_filled():
time.sleep(5)
reqhash = conn.rpoplpush("waiting", "running")
if not reqhash:
time.sleep(10)
continue
reqed = conn.hget("request", reqhash)
request = json.loads(ds(reqed))
rules = config.load_rule()['scan_type']
url = urlparse.urlparse(request['url']).query
if (request['method'] == "GET" and url != "") or (request['method'] == "POST" and (request["postdata"] != "" or url != "")):
t = threading.Thread(target=new_scan, args=(reqhash, requests_convert(request), rules))
t.start()
else:
conn.lrem("running", 1, reqhash)
conn.lpush("finished", reqhash)
except Exception,e:
out.error(str(e))
