SqlmapAPI调用实现自动化SQL注入安全检测

文章目录

应用案例：前期通过信息收集拿到大量的URL地址，这个时候可以配置sqlmapAP接口进行批量的SQL注入检测 （SRC挖掘）

查看sqlmapapi使用方法

python sqlmapapi.py -h

启动sqlmapapi 的web服务：

任务流程：

1.创建新任务记录任务ID          @get("/task/new")）
2.设置任务ID扫描信息           @post("/option/<taskid>/set")
3.开始扫描对应ID任务           @post ("/scan/<taskid>/start")
4.读取扫描状态判断结果          @get("/scan/<taskid>/status")
5.如果结束删除ID并获取结果      @get ("/task/<taskid>/delete")
6.扫描结果查看                @get("/scan/<taskid>/data")        

简单使用

• 1.创建新任务记录任务ID

import requests

# 1.创建新任务记录任务ID
task_new_url='http://127.0.0.1:8775/task/new'
response=requests.get(url=task_new_url)print(response.json())

• 2.设置任务ID扫描信息

import requests
import json
# 1.创建新任务记录任务ID
task_new_url ='http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']# 2.设置任务ID扫描信息
data={'url':'http://192.168.8.3/sqli-labs-master/Less-2/?id=1'}
headers={'Content-Type':'application/json'}
task_set_url='http://127.0.0.1:8775/option/'+taskid+'/set'
task_set_response=requests.post(url=task_set_url,data=json.dumps(data),headers=headers)print(task_set_response.content.decode('utf-8'))

• 3.开始扫描对应ID任务

import requests
import json

# 1.创建新任务记录任务ID
task_new_url ='http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']# 2.设置任务ID扫描信息
data ={'url':'http://192.168.8.3/sqli-labs-master/Less-2/?id=1'}
headers ={'Content-Type':'application/json'}
task_set_url ='http://127.0.0.1:8775/option/'+ taskid +'/set'
task_set_response = requests.post(url=task_set_url, data=json.dumps(data), headers=headers)# print(task_set_response.content.decode('utf-8'))##### 3.开始扫描对应ID任务
task_start_url='http://127.0.0.1:8775/scan/'+taskid+'/start'
task_start_data=requests.post(task_start_url,data=json.dumps(data),headers=headers)print(task_start_data.content.decode('utf-8'))

这边任务id和上面不一样是因为我重启了服务

• 获取扫描状态

import requests
import json

# 1.创建新任务记录任务ID
task_new_url ='http://127.0.0.1:8775/task/new'
response = requests.get(url=task_new_url)
taskid = response.json()['taskid']# 2.设置任务ID扫描信息
data ={'url':'http://192.168.8.3/sqli-labs-master/Less-2/?id=1'}
headers ={'Content-Type':'application/json'}
task_set_url ='http://127.0.0.1:8775/option/'+ taskid +'/set'
task_set_response = requests.post(url=task_set_url, data=json.dumps(data), headers=headers)# print(task_set_response.content.decode('utf-8'))# 3.开始扫描对应ID任务
task_start_url ='http://127.0.0.1:8775/scan/'+ taskid +'/start'
task_start_data = requests.post(task_start_url, data=json.dumps(data), headers=headers)# print(task_start_data.content.decode('utf-8'))# 4.读取扫描状态判断结果
task_scan_url ='http://127.0.0.1:8775/scan/'+ taskid +'/status'
task_scan_data = requests.get(task_scan_url)print(task_scan_data.content.decode('utf-8'))

• 查看结果

查看扫描结果是get请求，所以可以在浏览器中查看结果

上述代码，在每运行一次都会创建一个任务ID，所以需要进行代码优化

优化

import time

import requests, json

# 创建任务defsqlmapapi(url):# 创建任务id
    task_new_url ='http://127.0.0.1:8775/task/new'
    response = requests.get(url=task_new_url)
    taskid = response.json()['taskid']if'success'in response.content.decode('utf-8'):print('sqlmapapi task create success !')
        data ={'url': url
        }
        headers ={'Content-Type':'application/json'}# 设置 任务
        task_set_url ='http://127.0.0.1:8775/option/'+ taskid +'/set'
        task_set_response = requests.post(url=task_set_url, data=json.dumps(data), headers=headers)if'success'in task_set_response.content.decode('utf-8'):print('sqlmapapi task set success !')# 扫描任务
            task_start_url ='http://127.0.0.1:8775/scan/'+ taskid +'/start'
            task_start_data = requests.post(task_start_url, data=json.dumps(data), headers=headers)if'success'in task_start_data.content.decode('utf-8'):print('sqlmapapi task start success !')# 获取扫描状态whileTrue:
                    task_status_url ='http://127.0.0.1:8775/scan/'+ taskid +'/status'
                    task_status_data = requests.get(task_status_url)if'running'in task_status_data.content.decode('utf-8'):print('sqlmapapi task scan running .....')else:# 查看扫描结果
                        task_data_url ='http://127.0.0.1:8775/scan/'+ taskid +'/data'
                
                        task_data = requests.get(task_data_url)print(task_data.content.decode('utf-8'))break
                time.sleep(3)if __name__ =='__main__':# url='http://192.168.8.3/sqli-labs-master/Less-2/?id=1'for url inopen('url.txt'):
        url = url.replace('\n','')
        sqlmapapi(url)