├── BappDescription.html
├── BappManifest.bmf
├── LICENSE
├── LICENSE - sqlmap
├── README.md
├── SQLiPy.py
└── sqlmap.zip
/BappDescription.html:
--------------------------------------------------------------------------------
1 | SQLiPy integrates SQLMap using its API, enabling SQL injection scans directly within Burp Suite. The plugin connects to a running instance of the SQLMap API server to perform scans on requests.
2 |
3 | Features
4 |
5 | - Integrates SQLMap API for automated SQL injection scanning.
6 | - Option to manually start the SQLMap API server or connect to an existing one.
7 | - Initiates scans by right-clicking requests in the "Target" or "Proxy" tabs.
8 | - Displays scan results in the "Scanner Results" tab if vulnerabilities are detected.
9 |
10 |
11 | Usage
12 |
13 | - Start the SQLMap API server manually with the following command:
14 | python sqlmapapi.py -s -H <ip> -p <port>
15 |
16 | - Alternatively, use the "SQLMap API" tab to select the IP/Port and provide the path to your
sqlmapapi.py and Python installations.
17 | - Once the SQLMap API is active, right-click a request in the "Request" sub-tab of the "Target" or "Proxy" tabs and select "SQLiPy Scan".
18 | - The request details will populate the SQLMap Scanner tab. Click the "Start Scan" button to initiate the scan.
19 | - If the page is vulnerable to SQL injection, the plugin will poll the results and add them to the "Scanner Results" tab.
20 |
21 |
22 | Note: Jython 2.7-2.7.2 is supported. DO NOT USE Jython 2.7.3, as it has a bug that will cause the extension to fail.
23 |
--------------------------------------------------------------------------------
/BappManifest.bmf:
--------------------------------------------------------------------------------
1 | Uuid: f154175126a04bfe8edc6056f340f52e
2 | ExtensionType: 2
3 | Name: SQLiPy Sqlmap Integration
4 | RepoName: sqli-py
5 | ScreenVersion: 0.8.6
6 | SerialVersion: 24
7 | MinPlatformVersion: 0
8 | ProOnly: False
9 | Author: Josh Berry @ CodeWatch
10 | ShortDescription: Initiates SQLMap scans directly from within Burp.
11 | EntryPoint: SQLiPy.py
12 | BuildCommand:
13 | SupportedProducts: Pro, Community
14 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | This is free and unencumbered software released into the public domain.
2 |
3 | Anyone is free to copy, modify, publish, use, compile, sell, or
4 | distribute this software, either in source code form or as a compiled
5 | binary, for any purpose, commercial or non-commercial, and by any
6 | means.
7 |
8 | In jurisdictions that recognize copyright laws, the author or authors
9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 |
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 |
24 | For more information, please refer to
25 |
26 |
--------------------------------------------------------------------------------
/LICENSE - sqlmap:
--------------------------------------------------------------------------------
1 | COPYING -- Describes the terms under which sqlmap is distributed. A copy
2 | of the GNU General Public License (GPL) is appended to this file.
3 |
4 | sqlmap is (C) 2006-2017 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
5 |
6 | This program is free software; you may redistribute and/or modify it under
7 | the terms of the GNU General Public License as published by the Free
8 | Software Foundation; Version 2 (or later) with the clarifications and
9 | exceptions described below. This guarantees your right to use, modify, and
10 | redistribute this software under certain conditions. If you wish to embed
11 | sqlmap technology into proprietary software, we sell alternative licenses
12 | (contact sales@sqlmap.org).
13 |
14 | Note that the GPL places important restrictions on "derived works", yet it
15 | does not provide a detailed definition of that term. To avoid
16 | misunderstandings, we interpret that term as broadly as copyright law
17 | allows. For example, we consider an application to constitute a "derived
18 | work" for the purpose of this license if it does any of the following:
19 | * Integrates source code from sqlmap.
20 | * Reads or includes sqlmap copyrighted data files, such as xml/queries.xml
21 | * Executes sqlmap and parses the results (as opposed to typical shell or
22 | execution-menu apps, which simply display raw sqlmap output and so are
23 | not derivative works).
24 | * Integrates/includes/aggregates sqlmap into a proprietary executable
25 | installer, such as those produced by InstallShield.
26 | * Links to a library or executes a program that does any of the above
27 |
28 | The term "sqlmap" should be taken to also include any portions or derived
29 | works of sqlmap. This list is not exclusive, but is meant to clarify our
30 | interpretation of derived works with some common examples. Our
31 | interpretation applies only to sqlmap - we do not speak for other people's
32 | GPL works.
33 |
34 | This license does not apply to the third-party components. More details can
35 | be found inside the file 'doc/THIRD-PARTY.md'.
36 |
37 | If you have any questions about the GPL licensing restrictions on using
38 | sqlmap in non-GPL works, we would be happy to help. As mentioned above,
39 | we also offer alternative license to integrate sqlmap into proprietary
40 | applications and appliances.
41 |
42 | If you received these files with a written license agreement or contract
43 | stating terms other than the terms above, then that alternative license
44 | agreement takes precedence over these comments.
45 |
46 | Source is provided to this software because we believe users have a right
47 | to know exactly what a program is going to do before they run it.
48 |
49 | Source code also allows you to fix bugs and add new features. You are
50 | highly encouraged to send your changes to dev@sqlmap.org for possible
51 | incorporation into the main distribution. By sending these changes to the
52 | sqlmap developers or via Git pull request, checking them into the sqlmap
53 | source code repository, it is understood (unless you specify otherwise)
54 | that you are offering the sqlmap project the unlimited, non-exclusive
55 | right to reuse, modify, and relicense the code. sqlmap will always be
56 | available Open Source, but this is important because the inability to
57 | relicense code has caused devastating problems for other Free Software
58 | projects (such as KDE and NASM). If you wish to specify special license
59 | conditions of your contributions, just say so when you send them.
60 |
61 | This program is distributed in the hope that it will be useful, but
62 | WITHOUT ANY WARRANTY; without even the implied warranty of
63 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
64 | General Public License v2.0 for more details at
65 | http://www.gnu.org/licenses/gpl-2.0.html, or below
66 |
67 | ****************************************************************************
68 |
69 | GNU GENERAL PUBLIC LICENSE
70 | Version 2, June 1991
71 |
72 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
73 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
74 | Everyone is permitted to copy and distribute verbatim copies
75 | of this license document, but changing it is not allowed.
76 |
77 | Preamble
78 |
79 | The licenses for most software are designed to take away your
80 | freedom to share and change it. By contrast, the GNU General Public
81 | License is intended to guarantee your freedom to share and change free
82 | software--to make sure the software is free for all its users. This
83 | General Public License applies to most of the Free Software
84 | Foundation's software and to any other program whose authors commit to
85 | using it. (Some other Free Software Foundation software is covered by
86 | the GNU Lesser General Public License instead.) You can apply it to
87 | your programs, too.
88 |
89 | When we speak of free software, we are referring to freedom, not
90 | price. Our General Public Licenses are designed to make sure that you
91 | have the freedom to distribute copies of free software (and charge for
92 | this service if you wish), that you receive source code or can get it
93 | if you want it, that you can change the software or use pieces of it
94 | in new free programs; and that you know you can do these things.
95 |
96 | To protect your rights, we need to make restrictions that forbid
97 | anyone to deny you these rights or to ask you to surrender the rights.
98 | These restrictions translate to certain responsibilities for you if you
99 | distribute copies of the software, or if you modify it.
100 |
101 | For example, if you distribute copies of such a program, whether
102 | gratis or for a fee, you must give the recipients all the rights that
103 | you have. You must make sure that they, too, receive or can get the
104 | source code. And you must show them these terms so they know their
105 | rights.
106 |
107 | We protect your rights with two steps: (1) copyright the software, and
108 | (2) offer you this license which gives you legal permission to copy,
109 | distribute and/or modify the software.
110 |
111 | Also, for each author's protection and ours, we want to make certain
112 | that everyone understands that there is no warranty for this free
113 | software. If the software is modified by someone else and passed on, we
114 | want its recipients to know that what they have is not the original, so
115 | that any problems introduced by others will not reflect on the original
116 | authors' reputations.
117 |
118 | Finally, any free program is threatened constantly by software
119 | patents. We wish to avoid the danger that redistributors of a free
120 | program will individually obtain patent licenses, in effect making the
121 | program proprietary. To prevent this, we have made it clear that any
122 | patent must be licensed for everyone's free use or not licensed at all.
123 |
124 | The precise terms and conditions for copying, distribution and
125 | modification follow.
126 |
127 | GNU GENERAL PUBLIC LICENSE
128 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
129 |
130 | 0. This License applies to any program or other work which contains
131 | a notice placed by the copyright holder saying it may be distributed
132 | under the terms of this General Public License. The "Program", below,
133 | refers to any such program or work, and a "work based on the Program"
134 | means either the Program or any derivative work under copyright law:
135 | that is to say, a work containing the Program or a portion of it,
136 | either verbatim or with modifications and/or translated into another
137 | language. (Hereinafter, translation is included without limitation in
138 | the term "modification".) Each licensee is addressed as "you".
139 |
140 | Activities other than copying, distribution and modification are not
141 | covered by this License; they are outside its scope. The act of
142 | running the Program is not restricted, and the output from the Program
143 | is covered only if its contents constitute a work based on the
144 | Program (independent of having been made by running the Program).
145 | Whether that is true depends on what the Program does.
146 |
147 | 1. You may copy and distribute verbatim copies of the Program's
148 | source code as you receive it, in any medium, provided that you
149 | conspicuously and appropriately publish on each copy an appropriate
150 | copyright notice and disclaimer of warranty; keep intact all the
151 | notices that refer to this License and to the absence of any warranty;
152 | and give any other recipients of the Program a copy of this License
153 | along with the Program.
154 |
155 | You may charge a fee for the physical act of transferring a copy, and
156 | you may at your option offer warranty protection in exchange for a fee.
157 |
158 | 2. You may modify your copy or copies of the Program or any portion
159 | of it, thus forming a work based on the Program, and copy and
160 | distribute such modifications or work under the terms of Section 1
161 | above, provided that you also meet all of these conditions:
162 |
163 | a) You must cause the modified files to carry prominent notices
164 | stating that you changed the files and the date of any change.
165 |
166 | b) You must cause any work that you distribute or publish, that in
167 | whole or in part contains or is derived from the Program or any
168 | part thereof, to be licensed as a whole at no charge to all third
169 | parties under the terms of this License.
170 |
171 | c) If the modified program normally reads commands interactively
172 | when run, you must cause it, when started running for such
173 | interactive use in the most ordinary way, to print or display an
174 | announcement including an appropriate copyright notice and a
175 | notice that there is no warranty (or else, saying that you provide
176 | a warranty) and that users may redistribute the program under
177 | these conditions, and telling the user how to view a copy of this
178 | License. (Exception: if the Program itself is interactive but
179 | does not normally print such an announcement, your work based on
180 | the Program is not required to print an announcement.)
181 |
182 | These requirements apply to the modified work as a whole. If
183 | identifiable sections of that work are not derived from the Program,
184 | and can be reasonably considered independent and separate works in
185 | themselves, then this License, and its terms, do not apply to those
186 | sections when you distribute them as separate works. But when you
187 | distribute the same sections as part of a whole which is a work based
188 | on the Program, the distribution of the whole must be on the terms of
189 | this License, whose permissions for other licensees extend to the
190 | entire whole, and thus to each and every part regardless of who wrote it.
191 |
192 | Thus, it is not the intent of this section to claim rights or contest
193 | your rights to work written entirely by you; rather, the intent is to
194 | exercise the right to control the distribution of derivative or
195 | collective works based on the Program.
196 |
197 | In addition, mere aggregation of another work not based on the Program
198 | with the Program (or with a work based on the Program) on a volume of
199 | a storage or distribution medium does not bring the other work under
200 | the scope of this License.
201 |
202 | 3. You may copy and distribute the Program (or a work based on it,
203 | under Section 2) in object code or executable form under the terms of
204 | Sections 1 and 2 above provided that you also do one of the following:
205 |
206 | a) Accompany it with the complete corresponding machine-readable
207 | source code, which must be distributed under the terms of Sections
208 | 1 and 2 above on a medium customarily used for software interchange; or,
209 |
210 | b) Accompany it with a written offer, valid for at least three
211 | years, to give any third party, for a charge no more than your
212 | cost of physically performing source distribution, a complete
213 | machine-readable copy of the corresponding source code, to be
214 | distributed under the terms of Sections 1 and 2 above on a medium
215 | customarily used for software interchange; or,
216 |
217 | c) Accompany it with the information you received as to the offer
218 | to distribute corresponding source code. (This alternative is
219 | allowed only for noncommercial distribution and only if you
220 | received the program in object code or executable form with such
221 | an offer, in accord with Subsection b above.)
222 |
223 | The source code for a work means the preferred form of the work for
224 | making modifications to it. For an executable work, complete source
225 | code means all the source code for all modules it contains, plus any
226 | associated interface definition files, plus the scripts used to
227 | control compilation and installation of the executable. However, as a
228 | special exception, the source code distributed need not include
229 | anything that is normally distributed (in either source or binary
230 | form) with the major components (compiler, kernel, and so on) of the
231 | operating system on which the executable runs, unless that component
232 | itself accompanies the executable.
233 |
234 | If distribution of executable or object code is made by offering
235 | access to copy from a designated place, then offering equivalent
236 | access to copy the source code from the same place counts as
237 | distribution of the source code, even though third parties are not
238 | compelled to copy the source along with the object code.
239 |
240 | 4. You may not copy, modify, sublicense, or distribute the Program
241 | except as expressly provided under this License. Any attempt
242 | otherwise to copy, modify, sublicense or distribute the Program is
243 | void, and will automatically terminate your rights under this License.
244 | However, parties who have received copies, or rights, from you under
245 | this License will not have their licenses terminated so long as such
246 | parties remain in full compliance.
247 |
248 | 5. You are not required to accept this License, since you have not
249 | signed it. However, nothing else grants you permission to modify or
250 | distribute the Program or its derivative works. These actions are
251 | prohibited by law if you do not accept this License. Therefore, by
252 | modifying or distributing the Program (or any work based on the
253 | Program), you indicate your acceptance of this License to do so, and
254 | all its terms and conditions for copying, distributing or modifying
255 | the Program or works based on it.
256 |
257 | 6. Each time you redistribute the Program (or any work based on the
258 | Program), the recipient automatically receives a license from the
259 | original licensor to copy, distribute or modify the Program subject to
260 | these terms and conditions. You may not impose any further
261 | restrictions on the recipients' exercise of the rights granted herein.
262 | You are not responsible for enforcing compliance by third parties to
263 | this License.
264 |
265 | 7. If, as a consequence of a court judgment or allegation of patent
266 | infringement or for any other reason (not limited to patent issues),
267 | conditions are imposed on you (whether by court order, agreement or
268 | otherwise) that contradict the conditions of this License, they do not
269 | excuse you from the conditions of this License. If you cannot
270 | distribute so as to satisfy simultaneously your obligations under this
271 | License and any other pertinent obligations, then as a consequence you
272 | may not distribute the Program at all. For example, if a patent
273 | license would not permit royalty-free redistribution of the Program by
274 | all those who receive copies directly or indirectly through you, then
275 | the only way you could satisfy both it and this License would be to
276 | refrain entirely from distribution of the Program.
277 |
278 | If any portion of this section is held invalid or unenforceable under
279 | any particular circumstance, the balance of the section is intended to
280 | apply and the section as a whole is intended to apply in other
281 | circumstances.
282 |
283 | It is not the purpose of this section to induce you to infringe any
284 | patents or other property right claims or to contest validity of any
285 | such claims; this section has the sole purpose of protecting the
286 | integrity of the free software distribution system, which is
287 | implemented by public license practices. Many people have made
288 | generous contributions to the wide range of software distributed
289 | through that system in reliance on consistent application of that
290 | system; it is up to the author/donor to decide if he or she is willing
291 | to distribute software through any other system and a licensee cannot
292 | impose that choice.
293 |
294 | This section is intended to make thoroughly clear what is believed to
295 | be a consequence of the rest of this License.
296 |
297 | 8. If the distribution and/or use of the Program is restricted in
298 | certain countries either by patents or by copyrighted interfaces, the
299 | original copyright holder who places the Program under this License
300 | may add an explicit geographical distribution limitation excluding
301 | those countries, so that distribution is permitted only in or among
302 | countries not thus excluded. In such case, this License incorporates
303 | the limitation as if written in the body of this License.
304 |
305 | 9. The Free Software Foundation may publish revised and/or new versions
306 | of the General Public License from time to time. Such new versions will
307 | be similar in spirit to the present version, but may differ in detail to
308 | address new problems or concerns.
309 |
310 | Each version is given a distinguishing version number. If the Program
311 | specifies a version number of this License which applies to it and "any
312 | later version", you have the option of following the terms and conditions
313 | either of that version or of any later version published by the Free
314 | Software Foundation. If the Program does not specify a version number of
315 | this License, you may choose any version ever published by the Free Software
316 | Foundation.
317 |
318 | 10. If you wish to incorporate parts of the Program into other free
319 | programs whose distribution conditions are different, write to the author
320 | to ask for permission. For software which is copyrighted by the Free
321 | Software Foundation, write to the Free Software Foundation; we sometimes
322 | make exceptions for this. Our decision will be guided by the two goals
323 | of preserving the free status of all derivatives of our free software and
324 | of promoting the sharing and reuse of software generally.
325 |
326 | NO WARRANTY
327 |
328 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
329 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
330 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
331 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
332 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
333 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
334 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
335 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
336 | REPAIR OR CORRECTION.
337 |
338 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
339 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
340 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
341 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
342 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
343 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
344 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
345 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
346 | POSSIBILITY OF SUCH DAMAGES.
347 |
348 | END OF TERMS AND CONDITIONS
349 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | sqlipy
2 | ======
3 |
4 | SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
5 |
6 | SQLMap comes with a RESTful based server that will execute SQLMap scans. This plugin can start the API for you or connect to an already running API to perform a scan.
7 |
8 | Requirements
9 | ============
10 |
11 | Jython 2.7 (up to 2.7.2) DO NOT USE Jython 2.7.3, it has a bug that will cause the extension to fail
12 | Java 1.7 or 1.8 (the beta version of Jython 2.7 requires this)
13 |
14 | Note: Newer versions of Java do appear to work. Testing with jdk-11.0.7 works fine and newer versions are expected to work as well.
15 |
16 | Usage
17 | =====
18 |
19 | SQLiPy relies on a running instance of the SQLMap API server. You can manually start the server with:
20 |
21 | python sqlmapapi.py -s -H <ip> -p <port>
22 |
23 |
24 | Or, you can use the SQLMap API tab to select the IP/Port on which to run, as well as the path to python and sqlmapapi.py on your system.
25 |
26 | Once the SQLMap API is running, it is just a matter of right mouse clicking in the 'Request' sub tab of either the Target or Proxy main tabs and choosing 'SQLiPy Scan'.
27 |
28 | This will populate the SQLMap Scanner tab of the plugin with information about that request. Clicking the 'Start Scan' button will execute a scan.
29 |
30 | If the page is vulnerable to SQL injection, then a thread from the plugin will poll the results and add them to the Scanner Results tab.
31 |
32 | For more information, see the post here: https://www.codewatch.org/blog/?p=402
33 |
--------------------------------------------------------------------------------
/SQLiPy.py:
--------------------------------------------------------------------------------
1 | """
2 | Name: SQLiPy
3 | Version: 0.8.6
4 | Date: 9/3/2014
5 | Author: Josh Berry - josh.berry@codewatch.org
6 | Github: https://github.com/codewatchorg/sqlipy
7 |
8 | Description: This plugin leverages the SQLMap API to initiate SQLMap scans against the target.
9 |
10 | This plugin requires the beta version of Jython as it uses the JSON module.
11 |
12 | I used this blog post to quickly understand and leverage the SQLMap API (thrilled that someone figured this out for me):
13 | http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html
14 |
15 | The following Burp plugins were reviewed to help develop this:
16 | - Payload Parser: https://github.com/infodel
17 | - Burp SAMl: https://github.com/Meatballs1/burp_saml
18 | - ActiveScan++:
19 | - WCF Binary SOAP Handler: http://blog.securityps.com/2013/02/burp-suite-plugin-view-and-modify-wcf.html
20 | - WSDL Wizard: https://github.com/SmeegeSec/WSDLWizard/blob/master/WSDLWizard.py
21 | - co2: https://code.google.com/p/burp-co2/
22 |
23 | """
24 |
25 | from burp import IBurpExtender
26 | from burp import IBurpExtenderCallbacks
27 | from burp import IContextMenuFactory
28 | from burp import IHttpRequestResponse
29 | from burp import IMessageEditorController
30 | from burp import IMessageEditorTabFactory
31 | from burp import ITab
32 | from burp import IMessageEditorTab
33 | from burp import IScannerCheck
34 | from burp import IScanIssue
35 | from burp import IExtensionStateListener
36 | from javax import swing
37 | from javax.swing.filechooser import FileNameExtensionFilter
38 | from java.awt import GridBagLayout
39 | from java.awt import Font
40 | from java.awt import Color
41 | from java import awt
42 | from java.lang import Runtime
43 | from java.lang import Process
44 | from java.lang import System
45 | from java.lang import Runnable
46 | from java.lang import Thread
47 | from java.io import File
48 | from java.io import Reader
49 | from java.io import BufferedReader
50 | from java.io import InputStreamReader
51 | import subprocess
52 | import re
53 | import urllib2
54 | import sys
55 | import json
56 | import threading
57 | import time
58 | import zipfile
59 | import os
60 | import traceback
61 |
62 | class StreamGobbler(Runnable):
63 |
64 | def __init__(self, inStream, outStream):
65 | self.inStream = inStream
66 | self.outStream = outStream
67 | return
68 |
69 | def run(self):
70 | try:
71 | while (self.inStream.read() != -1):
72 | isr = InputStreamReader(self.inStream)
73 | br = BufferedReader(isr)
74 | print str(br.readLine())
75 |
76 | except BaseException as ex:
77 | print 'Could not read API input/output/error buffer\n'
78 |
79 | class SqlMapScanIssue(IScanIssue):
80 |
81 | def __init__(self, httpService, url, httpMessages, name, detail, confidence, severity):
82 | self.HttpService = httpService
83 | self.vulnurl = url
84 | self.HttpMessages = httpMessages
85 | self.vulnname = name
86 | self.vulndetail = detail
87 | self.vulnsev = severity
88 | self.vulnconf = confidence
89 | return
90 |
91 | def getUrl(self):
92 | return self.vulnurl
93 |
94 | def getIssueName(self):
95 | return self.vulnname
96 |
97 | def getIssueType(self):
98 | return 0
99 |
100 | def getSeverity(self):
101 | return self.vulnsev
102 |
103 | def getConfidence(self):
104 | return self.vulnconf
105 |
106 | def getIssueBackground(self):
107 | return None
108 |
109 | def getRemediationBackground(self):
110 | return None
111 |
112 | def getIssueDetail(self):
113 | return self.vulndetail
114 |
115 | def getRemediationDetail(self):
116 | return None
117 |
118 | def getHttpMessages(self):
119 | return self.HttpMessages
120 |
121 | def getHttpService(self):
122 | return self.HttpService
123 |
124 | class ThreadExtender(IBurpExtender, IContextMenuFactory, ITab, IScannerCheck):
125 | def __init__(self, burpobject, sqlmapip, sqlmapport, sqlmaptask, url, httpmessage, cbacks):
126 | self.burpobject = burpobject
127 | self.sqlmapip = sqlmapip
128 | self.sqlmapport = sqlmapport
129 | self.sqlmaptask = sqlmaptask
130 | self.url = url
131 | self.httpmessage = httpmessage
132 | self.cbacks = cbacks
133 |
134 | def checkResults(self):
135 | t = threading.currentThread()
136 | time.sleep(5)
137 | print 'Checking results on task: '+self.sqlmaptask+'\n'
138 |
139 | while getattr(t, "keep_running", True):
140 |
141 | try:
142 | req = urllib2.Request('http://' + str(self.sqlmapip) + ':' + str(self.sqlmapport) + '/scan/' + str(self.sqlmaptask) + '/status')
143 | req.add_header('Content-Type', 'application/json')
144 | resp = json.load(urllib2.urlopen(req, timeout=10))
145 |
146 | if resp['status'] == "running":
147 | print 'Scan for task '+self.sqlmaptask+' is still running.\n'
148 | time.sleep(30)
149 | elif resp['status'] == "terminated":
150 | if resp['returncode'] == 0:
151 | print 'Scan for task '+self.sqlmaptask+' completed. Gathering results.\n'
152 | vulnurl = ''
153 | vulnparam = ''
154 | dbtype = ''
155 | payloads = ''
156 | banner = ''
157 | cu = ''
158 | cdb = ''
159 | hostname = ''
160 | isdba = ''
161 | lusers = ''
162 | lprivs = ''
163 | lroles = ''
164 | ldbs = ''
165 | lpswds = ''
166 |
167 | try:
168 | req = urllib2.Request('http://' + str(self.sqlmapip) + ':' + str(self.sqlmapport) + '/scan/' + str(self.sqlmaptask) + '/data')
169 | req.add_header('Content-Type', 'application/json')
170 | resp = json.load(urllib2.urlopen(req, timeout=10))
171 | vulnerable = False
172 |
173 | for findings in resp['data']:
174 | vulnerable = True
175 |
176 | # Get vulnerable URL and param
177 | if findings['type'] == 0:
178 | vulnurl = findings['value']['url']
179 | vulnparam = findings['value']['query']
180 | vulndetails = '- URL: '+str(vulnurl)+'
- Parameter: '+str(vulnparam)+'
'
181 |
182 | # Get basic scan info
183 | if findings['type'] == 1:
184 | if isinstance(findings['value'][0]['dbms'], list):
185 | for dbtypes in findings['value'][0]['dbms']:
186 | dbtype = dbtype + dbtypes + ', or '
187 |
188 | dbtype = dbtype[:-5]
189 | else:
190 | dbtype = findings['value'][0]['dbms']
191 |
192 | for items in findings['value']:
193 | firstpayload = True
194 | for k in items['data']:
195 | if firstpayload:
196 | payloads = ''+items['data'][k]['payload']+''
197 | firstpayload = False
198 | else:
199 | payloads = payloads + ''+items['data'][k]['payload']+''
200 |
201 | if firstpayload == False:
202 | payloads = '
'
203 |
204 | # Get banner info
205 | if findings['type'] == 3:
206 | banner = findings['value']+'
'
207 |
208 | # Get Current Users
209 | elif findings['type'] == 4:
210 | cu = 'Current User: '+findings['value']+'
'
211 |
212 | # Get Current Database
213 | elif findings['type'] == 5:
214 | cdb = 'Current Database: '+findings['value']+'
'
215 |
216 | # Get Hostname
217 | elif findings['type'] == 6:
218 | if findings['value'] is not None:
219 | hostname = 'Hostname: '+str(findings['value'])+'
'
220 | else:
221 | hostname = 'Hostname: Enumeration failed.
'
222 |
223 |
224 | # Is the user a DBA?
225 | elif findings['type'] == 7:
226 | if findings['value'] == True:
227 | isdba = 'Is a DBA: Yes'+'
'
228 | else:
229 | isdba = 'Is a DBA: No'+'
'
230 |
231 | # Get list of users
232 | elif findings['type'] == 8:
233 | firstuser = True
234 | for user in findings['value']:
235 | if firstuser:
236 | lusers = ''+user+''
237 | firstuser = False
238 | else:
239 | lusers = lusers + ''+user+''
240 |
241 | if firstuser == False:
242 | lusers = 'Users:
'
243 |
244 | # Get list of passwords
245 | elif findings['type'] == 9:
246 | userdata = ''
247 | userpswds = ''
248 | firstuser = True
249 |
250 | for users in findings['value']:
251 | firstpswd = True
252 |
253 | if firstuser:
254 | firstuser = False
255 | userdata = ''+users+''
256 | else:
257 | userdata = userdata + ''+users+''
258 |
259 | for pswd in findings['value'][users]:
260 | if firstpswd:
261 | firstswd = False
262 | userpswds = ''+pswd+''
263 | else:
264 | userpswds = userpswds + ''+pswd+''
265 |
266 | lpswds = lpswds + userdata + ''
267 | userdata = ''
268 | userpswds = ''
269 |
270 | if firstuser == False:
271 | lpswds = 'Password Hashes per User:
'
272 |
273 | # Get list of privileges
274 | elif findings['type'] == 10:
275 | userdata = ''
276 | userprivs = ''
277 | firstuser = True
278 |
279 | for users in findings['value']:
280 | firstpriv = True
281 |
282 | if firstuser:
283 | firstuser = False
284 | userdata = ''+users+''
285 | else:
286 | userdata = userdata + ''+users+''
287 |
288 | if findings['value'][users] is not None:
289 | for priv in findings['value'][users]:
290 | if firstpriv:
291 | firstpriv = False
292 | userprivs = ''+priv+''
293 | else:
294 | userprivs = userprivs + ''+priv+''
295 | else:
296 | userprivs = 'Null'
297 |
298 | lprivs = lprivs + userdata + ''
299 | userdata = ''
300 | userprivs = ''
301 |
302 | if firstuser == False:
303 | lprivs = 'Privileges per User:
'
304 |
305 | # Get list of roles
306 | elif findings['type'] == 11:
307 | userdata = ''
308 | userroles = ''
309 | firstuser = True
310 |
311 | for users in findings['value']:
312 | firstrole = True
313 |
314 | if firstuser:
315 | firstuser = False
316 | userdata = ''+users+''
317 | else:
318 | userdata = userdata + ''+users+''
319 |
320 | if findings['value'][users] is not None:
321 | for role in findings['value'][users]:
322 | if firstrole:
323 | firstrole = False
324 | userroles = ''+role+''
325 | else:
326 | userroles = userroles + ''+role+''
327 | else:
328 | userroles = 'Null'
329 |
330 | lroles = lroles + userdata + ''
331 | userdata = ''
332 | userroles = ''
333 |
334 | if firstuser == False:
335 | lroles = 'Roles per User:
'
336 |
337 | # Get list of DBs
338 | elif findings['type'] == 12:
339 | firstdb = True
340 | for db in findings['value']:
341 | if firstdb:
342 | ldbs = ''+str(db)+''
343 | firstdb = False
344 | else:
345 | ldbs = ldbs + ''+str(db)+''
346 |
347 | if firstdb == False:
348 | ldbs = 'Databases:
'
349 |
350 | if vulnerable:
351 | if re.search('Free', self.cbacks.getBurpVersion()[0], re.IGNORECASE) is not None:
352 | findings = open(self.sqlmaptask + '.html', 'w')
353 | findings.write('SQLMap Scan - ' + self.sqlmaptask + '')
354 | findings.write('SQLMap Scan Finding
The application has been found to be vulnerable to SQL injection by SQLMap.
')
355 | findings.write('Vulnerable URL and Parameter:
'+vulndetails+'
')
356 | findings.write('The following payloads successfully identified SQL injection vulnerabilities:
'+payloads+'
Enumerated Data:
'+dbtype+': '+banner+'
'+cu+'
'+cdb+'
'+hostname+'
'+isdba+'
'+lusers+'
'+lpswds+'
'+lprivs+'
'+lroles+'
'+ldbs+'
')
357 | findings.write('')
358 | findings.close()
359 | print 'Wrote scan file ' + self.sqlmaptask + '.html\n'
360 | else:
361 | scanIssue = SqlMapScanIssue(self.httpmessage.getHttpService(), self.url, [self.httpmessage], 'SQLMap Scan Finding',
362 | 'The application has been found to be vulnerable to SQL injection by SQLMap.
Vulnerable URL and Parameter:'+vulndetails+'
The following payloads successfully identified SQL injection vulnerabilities:'+payloads+'
Enumerated Data:
'+dbtype+': '+banner+'
'+cu+'
'+cdb+'
'+hostname+'
'+isdba+'
'+lusers+'
'+lpswds+'
'+lprivs+'
'+lroles+'
'+ldbs+'
', 'Certain', 'High')
363 | self.cbacks.addScanIssue(scanIssue)
364 |
365 | print 'SQLi vulnerabilities were found for task '+self.sqlmaptask+' and have been reported.\n'
366 | else:
367 | print 'Scan completed for task '+self.sqlmaptask+' but SQLi vulnerabilities were not found.\n'
368 |
369 | break
370 |
371 | except:
372 | print 'No results for SQLMap task: '+self.sqlmaptask+'\n'
373 | break
374 |
375 | else:
376 | print 'SQLMap scan failed for task: '+self.sqlmaptask+'\n'
377 | break
378 |
379 | else:
380 | print 'SQLMap scan failed for task: '+self.sqlmaptask+'\n'
381 | break
382 |
383 | except:
384 | print 'Thread failed to get results for SQLMap task: ' + self.sqlmaptask+'\n'
385 | break
386 |
387 | class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IExtensionStateListener):
388 | pythonfile = ''
389 | apifile = ''
390 | apiprocess = Process
391 | apistatus = 0
392 | threads = []
393 | scanMessage = ''
394 | scantasks = []
395 | scancmds = {}
396 |
397 | # Implement IBurpExtender
398 | def registerExtenderCallbacks(self, callbacks):
399 | # Print information about the plugin, set extension name, setup basic stuff
400 | self.printHeader()
401 | callbacks.setExtensionName("SQLiPy Sqlmap Integration")
402 | callbacks.registerExtensionStateListener(self)
403 | self._callbacks = callbacks
404 | self._helpers = callbacks.getHelpers()
405 | callbacks.registerContextMenuFactory(self)
406 |
407 | # Create SQLMap API configuration JPanel
408 | self._jPanel = swing.JPanel()
409 | self._jPanel.setLayout(awt.GridBagLayout())
410 | self._jPanelConstraints = awt.GridBagConstraints()
411 |
412 | # Create first blank space
413 | self._jLabelAPISpace1 = swing.JLabel(" ")
414 | self._jLabelAPISpace1.setFont(Font("Courier New", Font.BOLD, 30))
415 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
416 | self._jPanelConstraints.gridx = 0
417 | self._jPanelConstraints.gridy = 2
418 | self._jPanelConstraints.gridwidth = 2
419 | self._jPanel.add(self._jLabelAPISpace1, self._jPanelConstraints)
420 |
421 | # Create second blank space
422 | self._jLabelAPISpace2 = swing.JLabel(" ")
423 | self._jLabelAPISpace2.setFont(Font("Courier New", Font.BOLD, 30))
424 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
425 | self._jPanelConstraints.gridx = 0
426 | self._jPanelConstraints.gridy = 3
427 | self._jPanelConstraints.gridwidth = 2
428 | self._jPanel.add(self._jLabelAPISpace2, self._jPanelConstraints)
429 |
430 | # Create panel to show API status
431 | self._jLabelAPIStatus = swing.JLabel("SQLMap API is NOT running!")
432 | self._jLabelAPIStatus.setFont(Font("Courier New", Font.BOLD, 24))
433 | self._jLabelAPIStatus.setForeground(Color.RED)
434 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
435 | self._jPanelConstraints.gridx = 0
436 | self._jPanelConstraints.gridy = 4
437 | self._jPanelConstraints.gridwidth = 2
438 | self._jPanel.add(self._jLabelAPIStatus, self._jPanelConstraints)
439 |
440 | # Create third blank space
441 | self._jLabelAPISpace3 = swing.JLabel(" ")
442 | self._jLabelAPISpace3.setFont(Font("Courier New", Font.BOLD, 30))
443 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
444 | self._jPanelConstraints.gridx = 0
445 | self._jPanelConstraints.gridy = 5
446 | self._jPanelConstraints.gridwidth = 2
447 | self._jPanel.add(self._jLabelAPISpace3, self._jPanelConstraints)
448 |
449 | # Create panel for IP info
450 | self._jLabelIPListen = swing.JLabel("Listen on IP:")
451 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
452 | self._jPanelConstraints.gridx = 0
453 | self._jPanelConstraints.gridy = 6
454 | self._jPanelConstraints.gridwidth = 1
455 | self._jPanel.add(self._jLabelIPListen, self._jPanelConstraints)
456 |
457 | self._jTextFieldIPListen = swing.JTextField("127.0.0.1",15)
458 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
459 | self._jPanelConstraints.gridx = 1
460 | self._jPanelConstraints.gridy = 6
461 | self._jPanelConstraints.gridwidth = 1
462 | self._jPanel.add(self._jTextFieldIPListen, self._jPanelConstraints)
463 |
464 | # Create panel for Port info
465 | self._jLabelPortListen = swing.JLabel("Listen on Port:")
466 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
467 | self._jPanelConstraints.gridx = 0
468 | self._jPanelConstraints.gridy = 7
469 | self._jPanelConstraints.gridwidth = 1
470 | self._jPanel.add(self._jLabelPortListen, self._jPanelConstraints)
471 |
472 | self._jTextFieldPortListen = swing.JTextField("9090",3)
473 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
474 | self._jPanelConstraints.gridx = 1
475 | self._jPanelConstraints.gridy = 7
476 | self._jPanelConstraints.gridwidth = 1
477 | self._jPanel.add(self._jTextFieldPortListen, self._jPanelConstraints)
478 |
479 | # Create panel to contain Python button
480 | self._jLabelPython = swing.JLabel("Select Python:")
481 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
482 | self._jPanelConstraints.gridx = 0
483 | self._jPanelConstraints.gridy = 8
484 | self._jPanelConstraints.gridwidth = 1
485 | self._jPanel.add(self._jLabelPython, self._jPanelConstraints)
486 |
487 | self._jButtonSetPython = swing.JButton('Python', actionPerformed=self.setPython)
488 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
489 | self._jPanelConstraints.gridx = 1
490 | self._jPanelConstraints.gridy = 8
491 | self._jPanelConstraints.gridwidth = 1
492 | self._jPanel.add(self._jButtonSetPython, self._jPanelConstraints)
493 |
494 | # Create panel to contain API button
495 | self._jLabelAPI = swing.JLabel("Select API:")
496 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
497 | self._jPanelConstraints.gridx = 0
498 | self._jPanelConstraints.gridy = 9
499 | self._jPanelConstraints.gridwidth = 1
500 | self._jPanel.add(self._jLabelAPI, self._jPanelConstraints)
501 |
502 | self._jButtonSetAPI = swing.JButton('SQLMap API', actionPerformed=self.setAPI)
503 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
504 | self._jPanelConstraints.gridx = 1
505 | self._jPanelConstraints.gridy = 9
506 | self._jPanelConstraints.gridwidth = 1
507 | self._jPanel.add(self._jButtonSetAPI, self._jPanelConstraints)
508 |
509 | # Create panel to execute API
510 | self._jButtonStartAPI = swing.JButton('Start API', actionPerformed=self.startAPI)
511 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
512 | self._jPanelConstraints.gridx = 0
513 | self._jPanelConstraints.gridy = 10
514 | self._jPanelConstraints.gridwidth = 2
515 | self._jPanel.add(self._jButtonStartAPI, self._jPanelConstraints)
516 |
517 | # Create panel to stop API
518 | self._jButtonStopAPI = swing.JButton('Stop API', actionPerformed=self.stopAPI)
519 | self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
520 | self._jPanelConstraints.gridx = 0
521 | self._jPanelConstraints.gridy = 11
522 | self._jPanelConstraints.gridwidth = 2
523 | self._jPanel.add(self._jButtonStopAPI, self._jPanelConstraints)
524 |
525 | # Create SQLMap scanner panel
526 | # Combobox Values
527 | httpMethodValues = ['Default', 'GET', 'POST', 'PUT', 'DELETE', 'PATCH']
528 | levelValues = [1,2,3,4,5]
529 | riskValues = [0,1,2,3]
530 | threadValues = [1,2,3,4,5,6,7,8,9,10]
531 | delayValues = [0,1,2,3,4,5]
532 | timeoutValues = [1,5,10,15,20,25,30,35,40,45,50,55,60]
533 | retryValues = [1,2,3,4,5,6,7,8,9,10]
534 | dbmsValues = ['Any', 'MySQL', 'Oracle', 'PostgreSQL', 'Microsoft SQL Server', 'Microsoft Access', 'SQLite', 'Firebird', 'Sybase', 'SAP MaxDB', 'DB2', 'Informix', 'MariaDB', 'Percona', 'MemSQL', 'TiDB', 'CockroachDB', 'HSQLDB', 'H2', 'MonetDB', 'Apache Derby', 'Amazon Redshift', 'Vertica', 'Mckoi', 'Presto', 'Altibase', 'MimerSQL', 'CrateDB', 'Greenplum', 'Drizzle', 'Apache Ignite', 'Cubrid', 'InterSystems Cache', 'IRIS', 'eXtremeDB', 'FrontBase']
535 | authTypes = ['None', 'Basic', 'Digest', 'NTLM']
536 | osValues = ['Any', 'Linux', 'Windows']
537 | timeSecValues = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]
538 | torTypes = ['HTTP', 'SOCKS4', 'SOCKS5']
539 |
540 | # GUI components
541 | self._jLabelScanText = swing.JLabel()
542 | self._jLabelScanIPListen = swing.JLabel()
543 | self._jLabelScanPortListen = swing.JLabel()
544 | self._jTextFieldScanIPListen = swing.JTextField()
545 | self._jTextFieldScanPortListen = swing.JTextField()
546 | self._jSeparator1 = swing.JSeparator()
547 | self._jLabelHttpMethod = swing.JLabel()
548 | self._jLabelIgnoreCode = swing.JLabel()
549 | self._jComboHttpMethod = swing.JComboBox(httpMethodValues)
550 | self._jTextFieldIgnoreCode = swing.JTextField()
551 | self._jLabelURL = swing.JLabel()
552 | self._jTextFieldURL = swing.JTextField()
553 | self._jLabelData = swing.JLabel()
554 | self._jTextData = swing.JTextArea()
555 | self._jScrollPaneData = swing.JScrollPane(self._jTextData)
556 | self._jLabelCookie = swing.JLabel()
557 | self._jTextFieldCookie = swing.JTextField()
558 | self._jLabelReferer = swing.JLabel()
559 | self._jTextFieldReferer = swing.JTextField()
560 | self._jLabelUA = swing.JLabel()
561 | self._jTextFieldUA = swing.JTextField()
562 | self._jLabelCustHeader = swing.JLabel()
563 | self._jTextFieldCustHeader = swing.JTextField()
564 | self._jCustHeadCheckParam = swing.JCheckBox()
565 | self._jSeparator2 = swing.JSeparator()
566 | self._jLabelParam = swing.JLabel()
567 | self._jTextFieldParam = swing.JTextField()
568 | self._jCheckTO = swing.JCheckBox()
569 | self._jSeparator3 = swing.JSeparator()
570 | self._jComboLevel = swing.JComboBox(levelValues)
571 | self._jLabelLevel = swing.JLabel()
572 | self._jLabelRisk = swing.JLabel()
573 | self._jComboRisk = swing.JComboBox(riskValues)
574 | self._jSeparator4 = swing.JSeparator()
575 | self._jCheckHPP = swing.JCheckBox('Param Pollution')
576 | self._jCheckCU = swing.JCheckBox('Current User')
577 | self._jCheckDB = swing.JCheckBox('Current DB')
578 | self._jCheckHost = swing.JCheckBox('Hostname')
579 | self._jCheckDBA = swing.JCheckBox('Is DBA?')
580 | self._jCheckUsers = swing.JCheckBox('List Users')
581 | self._jCheckPrivs = swing.JCheckBox('List Privs')
582 | self._jCheckPswds = swing.JCheckBox('List Passwords')
583 | self._jCheckRoles = swing.JCheckBox('List Roles')
584 | self._jCheckDBs = swing.JCheckBox('List DBs')
585 | self._jSeparator5 = swing.JSeparator()
586 | self._jLabelThreads = swing.JLabel()
587 | self._jLabelDelay = swing.JLabel()
588 | self._jLabelTimeout = swing.JLabel()
589 | self._jLabelRetry = swing.JLabel()
590 | self._jLabelTimeSec = swing.JLabel()
591 | self._jComboThreads = swing.JComboBox(threadValues)
592 | self._jComboDelay = swing.JComboBox(delayValues)
593 | self._jComboTimeout = swing.JComboBox(timeoutValues)
594 | self._jComboRetry = swing.JComboBox(retryValues)
595 | self._jComboTimeSec = swing.JComboBox(timeSecValues)
596 | self._jSeparator6 = swing.JSeparator()
597 | self._jLabelDBMS = swing.JLabel()
598 | self._jComboDBMS = swing.JComboBox(dbmsValues)
599 | self._jLabelOS = swing.JLabel()
600 | self._jComboOS = swing.JComboBox(osValues)
601 | self._jSeparator7 = swing.JSeparator()
602 | self._jLabelProxy = swing.JLabel()
603 | self._jTextFieldProxy = swing.JTextField()
604 | self._jSeparator8 = swing.JSeparator()
605 | self._jLabelTamper = swing.JLabel()
606 | self._jTextFieldTamper = swing.JTextField()
607 | self._jButtonStartScan = swing.JButton('Start Scan', actionPerformed=self.startScan)
608 | self._jLabelScanAPI = swing.JLabel()
609 | self._jLabelScanAPI.setText('SQLMap API is NOT running!')
610 | self._jLabelScanAPI.setForeground(Color.RED)
611 | self._jSeparator9 = swing.JSeparator()
612 | self._jSeparator10 = swing.JSeparator()
613 | self._jCheckTor = swing.JCheckBox('Enable Tor')
614 | self._jLabelTorType = swing.JLabel()
615 | self._jComboTorType = swing.JComboBox(torTypes)
616 | self._jLabelTorPort = swing.JLabel()
617 | self._jTextFieldTorPort = swing.JTextField()
618 | self._jSeparator11 = swing.JSeparator()
619 | self._jLabelAuthType = swing.JLabel()
620 | self._jComboAuthType = swing.JComboBox(authTypes)
621 | self._jLabelAuthUser = swing.JLabel()
622 | self._jTextFieldAuthUser = swing.JTextField()
623 | self._jLabelAuthPass = swing.JLabel()
624 | self._jTextFieldAuthPass = swing.JTextField()
625 | self._jLabelTechnique = swing.JLabel()
626 | self._jTextFieldTechnique = swing.JTextField()
627 |
628 | # Configure GUI
629 | self._jLabelScanText.setText('API Listening On:')
630 | self._jLabelScanIPListen.setText('SQLMap API IP:')
631 | self._jLabelScanPortListen.setText('SQLMap API Port:')
632 | self._jLabelHttpMethod.setText('HTTP Method:')
633 | self._jLabelIgnoreCode.setText('Ignore Error Code:')
634 | self._jComboHttpMethod.setSelectedIndex(0)
635 | self._jLabelURL.setText('URL:')
636 | self._jLabelData.setText('Post Data:')
637 | self._jTextData.setLineWrap(True)
638 | self._jScrollPaneData.setVerticalScrollBarPolicy(swing.JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
639 | self._jLabelCookie.setText('Cookies:')
640 | self._jLabelReferer.setText('Referer:')
641 | self._jLabelUA.setText('User-Agent:')
642 | self._jLabelCustHeader.setText('Extra Headers:')
643 | self._jLabelParam.setText('Test Parameter(s):')
644 | self._jCustHeadCheckParam.setText('Add Headers')
645 | self._jCheckTO.setText('Text Only')
646 | self._jLabelLevel.setText('Level:')
647 | self._jLabelRisk.setText('Risk:')
648 | self._jComboLevel.setSelectedIndex(2)
649 | self._jComboRisk.setSelectedIndex(1)
650 | self._jComboThreads.setSelectedIndex(0)
651 | self._jComboDelay.setSelectedIndex(0)
652 | self._jComboTimeout.setSelectedIndex(6)
653 | self._jComboRetry.setSelectedIndex(2)
654 | self._jComboTimeSec.setSelectedIndex(4)
655 | self._jComboDBMS.setSelectedIndex(0)
656 | self._jComboOS.setSelectedIndex(0)
657 | self._jComboTorType.setSelectedIndex(2)
658 | self._jLabelThreads.setText('Threads:')
659 | self._jLabelDelay.setText('Delay:')
660 | self._jLabelTimeout.setText('Timeout:')
661 | self._jLabelRetry.setText('Retries:')
662 | self._jLabelTimeSec.setText('Time-Sec:')
663 | self._jLabelDBMS.setText('DBMS Backend:')
664 | self._jLabelOS.setText('Operating System:')
665 | self._jLabelProxy.setText('Proxy (HTTP://IP:Port):')
666 | self._jLabelTamper.setText('Tamper Scripts:')
667 | self._jLabelTorType.setText('Tor Type:')
668 | self._jLabelTorPort.setText('Tor Port:')
669 | self._jTextFieldTorPort.setText('9050')
670 | self._jLabelAuthType.setText('Auth Type:')
671 | self._jLabelAuthUser.setText('Auth User:')
672 | self._jLabelAuthPass.setText('Auth Pass:')
673 | self._jComboAuthType.setSelectedIndex(0)
674 | self._jLabelTechnique.setText('Technique (BEUSTQ):')
675 | self._jTextFieldTechnique.setText('BEUSTQ')
676 |
677 | # Configure locations
678 | self._jLabelScanText.setBounds(15, 16, 126, 20)
679 | self._jLabelScanIPListen.setBounds(15, 58, 115, 20)
680 | self._jLabelScanPortListen.setBounds(402, 55, 129, 20)
681 | self._jTextFieldScanIPListen.setBounds(167, 52, 206, 26)
682 | self._jTextFieldScanPortListen.setBounds(546, 52, 63, 26)
683 | self._jSeparator1.setBounds(15, 96, 790, 10)
684 | self._jLabelHttpMethod.setBounds(15, 117, 100, 26)
685 | self._jLabelIgnoreCode.setBounds(402, 117, 129, 26)
686 | self._jComboHttpMethod.setBounds(166, 117, 150, 26)
687 | self._jTextFieldIgnoreCode.setBounds(546, 117, 63, 26)
688 | self._jLabelURL.setBounds(15, 193, 35, 20)
689 | self._jTextFieldURL.setBounds(166, 190, 535, 26)
690 | self._jLabelData.setBounds(15, 232, 73, 20)
691 | self._jScrollPaneData.setBounds(166, 232, 535, 96)
692 | self._jLabelCookie.setBounds(15, 347, 61, 20)
693 | self._jTextFieldCookie.setBounds(166, 347, 535, 26)
694 | self._jLabelReferer.setBounds(15, 396, 57, 20)
695 | self._jTextFieldReferer.setBounds(166, 396, 535, 26)
696 | self._jLabelUA.setBounds(15, 445, 86, 20)
697 | self._jTextFieldUA.setBounds(166, 445, 535, 26)
698 | self._jLabelCustHeader.setBounds(15, 494, 132, 20)
699 | self._jTextFieldCustHeader.setBounds(166, 494, 366, 26)
700 | self._jCustHeadCheckParam.setBounds(584, 494, 101, 29)
701 | self._jSeparator2.setBounds(15, 535, 790, 10)
702 | self._jLabelParam.setBounds(15, 559, 132, 20)
703 | self._jTextFieldParam.setBounds(165, 556, 366, 26)
704 | self._jCheckTO.setBounds(584, 555, 101, 29)
705 | self._jSeparator3.setBounds(15, 602, 790, 10)
706 | self._jLabelLevel.setBounds(15, 623, 120, 20)
707 | self._jComboLevel.setBounds(65, 620, 120, 26)
708 | self._jLabelRisk.setBounds(205, 623, 120, 20)
709 | self._jComboRisk.setBounds(245, 620, 120, 26)
710 | self._jLabelTechnique.setBounds(375, 620, 140, 26)
711 | self._jTextFieldTechnique.setBounds(510, 620, 120, 26)
712 | self._jSeparator4.setBounds(15, 664, 790, 10)
713 | self._jCheckHPP.setBounds(15, 684, 145, 29)
714 | self._jCheckCU.setBounds(191, 684, 123, 29)
715 | self._jCheckDB.setBounds(340, 684, 111, 29)
716 | self._jCheckHost.setBounds(469, 684, 103, 29)
717 | self._jCheckDBA.setBounds(599, 684, 105, 29)
718 | self._jCheckUsers.setBounds(15, 731, 101, 29)
719 | self._jCheckPswds.setBounds(191, 731, 135, 29)
720 | self._jCheckPrivs.setBounds(344, 731, 95, 29)
721 | self._jCheckRoles.setBounds(469, 731, 99, 29)
722 | self._jCheckDBs.setBounds(599, 731, 89, 29)
723 | self._jSeparator5.setBounds(15, 772, 790, 10)
724 | self._jLabelThreads.setBounds(15, 795, 63, 20)
725 | self._jLabelDelay.setBounds(173, 795, 45, 20)
726 | self._jLabelTimeout.setBounds(326, 795, 65, 20)
727 | self._jLabelRetry.setBounds(484, 795, 48, 20)
728 | self._jLabelTimeSec.setBounds(642, 795, 65, 20)
729 | self._jComboThreads.setBounds(80, 792, 78, 26)
730 | self._jComboDelay.setBounds(233, 792, 78, 26)
731 | self._jComboTimeout.setBounds(391, 792, 78, 26)
732 | self._jComboRetry.setBounds(549, 792, 78, 26)
733 | self._jComboTimeSec.setBounds(717, 792, 78, 26)
734 | self._jSeparator6.setBounds(15, 834, 790, 10)
735 | self._jLabelDBMS.setBounds(15, 857, 110, 20)
736 | self._jComboDBMS.setBounds(143, 854, 191, 26)
737 | self._jLabelOS.setBounds(352, 857, 132, 20)
738 | self._jComboOS.setBounds(502, 854, 191, 26)
739 | self._jSeparator7.setBounds(15, 896, 790, 10)
740 | self._jLabelProxy.setBounds(15, 920, 171, 20)
741 | self._jTextFieldProxy.setBounds(204, 917, 256, 26)
742 | self._jSeparator8.setBounds(15, 963, 790, 10)
743 | self._jCheckTor.setBounds(15, 987, 171, 20)
744 | self._jLabelTorType.setBounds(206, 984, 65, 26)
745 | self._jComboTorType.setBounds(291, 984, 100, 26)
746 | self._jLabelTorPort.setBounds(460, 984, 129, 26)
747 | self._jTextFieldTorPort.setBounds(545, 984, 65, 26)
748 | self._jSeparator9.setBounds(15, 1030, 790, 10)
749 | self._jLabelTamper.setBounds(15, 1055, 171, 20)
750 | self._jTextFieldTamper.setBounds(204, 1052, 256, 26)
751 | self._jSeparator10.setBounds(15, 1098, 790, 10)
752 | self._jLabelAuthType.setBounds(15, 1123, 171, 20)
753 | self._jComboAuthType.setBounds(204, 1123, 100, 26)
754 | self._jLabelAuthUser.setBounds(15, 1172, 171, 20)
755 | self._jTextFieldAuthUser.setBounds(204, 1172, 256, 26)
756 | self._jLabelAuthPass.setBounds(15, 1221, 171, 20)
757 | self._jTextFieldAuthPass.setBounds(204, 1221, 256, 26)
758 | self._jSeparator11.setBounds(15, 1267, 790, 10)
759 | self._jButtonStartScan.setBounds(346, 1292, 103, 29)
760 | self._jLabelScanAPI.setBounds(167, 16, 275, 20)
761 |
762 | # Create main panel
763 | self._jScanPanel = swing.JPanel()
764 | self._jScanPanel.setLayout(None)
765 | self._jScanPanel.setPreferredSize(awt.Dimension(1368,1368))
766 | self._jScanPanel.add(self._jLabelScanText)
767 | self._jScanPanel.add(self._jLabelScanIPListen)
768 | self._jScanPanel.add(self._jLabelScanPortListen)
769 | self._jScanPanel.add(self._jTextFieldScanIPListen)
770 | self._jScanPanel.add(self._jTextFieldScanPortListen)
771 | self._jScanPanel.add(self._jSeparator1)
772 | self._jScanPanel.add(self._jLabelURL)
773 | self._jScanPanel.add(self._jTextFieldURL)
774 | self._jScanPanel.add(self._jLabelData)
775 | self._jScanPanel.add(self._jScrollPaneData)
776 | self._jScanPanel.add(self._jLabelCookie)
777 | self._jScanPanel.add(self._jTextFieldCookie)
778 | self._jScanPanel.add(self._jLabelReferer)
779 | self._jScanPanel.add(self._jTextFieldReferer)
780 | self._jScanPanel.add(self._jLabelHttpMethod)
781 | self._jScanPanel.add(self._jLabelIgnoreCode)
782 | self._jScanPanel.add(self._jComboHttpMethod)
783 | self._jScanPanel.add(self._jTextFieldIgnoreCode)
784 | self._jScanPanel.add(self._jLabelUA)
785 | self._jScanPanel.add(self._jTextFieldUA)
786 | self._jScanPanel.add(self._jLabelCustHeader)
787 | self._jScanPanel.add(self._jTextFieldCustHeader)
788 | self._jScanPanel.add(self._jCustHeadCheckParam)
789 | self._jScanPanel.add(self._jSeparator2)
790 | self._jScanPanel.add(self._jLabelParam)
791 | self._jScanPanel.add(self._jTextFieldParam)
792 | self._jScanPanel.add(self._jCheckTO)
793 | self._jScanPanel.add(self._jSeparator3)
794 | self._jScanPanel.add(self._jComboLevel)
795 | self._jScanPanel.add(self._jLabelLevel)
796 | self._jScanPanel.add(self._jLabelRisk)
797 | self._jScanPanel.add(self._jComboRisk)
798 | self._jScanPanel.add(self._jSeparator4)
799 | self._jScanPanel.add(self._jCheckHPP)
800 | self._jScanPanel.add(self._jCheckCU)
801 | self._jScanPanel.add(self._jCheckDB)
802 | self._jScanPanel.add(self._jCheckHost)
803 | self._jScanPanel.add(self._jCheckDBA)
804 | self._jScanPanel.add(self._jCheckUsers)
805 | self._jScanPanel.add(self._jCheckPswds)
806 | self._jScanPanel.add(self._jCheckPrivs)
807 | self._jScanPanel.add(self._jCheckRoles)
808 | self._jScanPanel.add(self._jCheckDBs)
809 | self._jScanPanel.add(self._jSeparator5)
810 | self._jScanPanel.add(self._jLabelThreads)
811 | self._jScanPanel.add(self._jLabelDelay)
812 | self._jScanPanel.add(self._jLabelTimeout)
813 | self._jScanPanel.add(self._jLabelRetry)
814 | self._jScanPanel.add(self._jLabelTimeSec)
815 | self._jScanPanel.add(self._jComboThreads)
816 | self._jScanPanel.add(self._jComboDelay)
817 | self._jScanPanel.add(self._jComboTimeout)
818 | self._jScanPanel.add(self._jComboRetry)
819 | self._jScanPanel.add(self._jComboTimeSec)
820 | self._jScanPanel.add(self._jSeparator6)
821 | self._jScanPanel.add(self._jLabelDBMS)
822 | self._jScanPanel.add(self._jComboDBMS)
823 | self._jScanPanel.add(self._jLabelOS)
824 | self._jScanPanel.add(self._jComboOS)
825 | self._jScanPanel.add(self._jSeparator7)
826 | self._jScanPanel.add(self._jLabelProxy)
827 | self._jScanPanel.add(self._jTextFieldProxy)
828 | self._jScanPanel.add(self._jSeparator8)
829 | self._jScanPanel.add(self._jCheckTor)
830 | self._jScanPanel.add(self._jLabelTorType)
831 | self._jScanPanel.add(self._jComboTorType)
832 | self._jScanPanel.add(self._jLabelTorPort)
833 | self._jScanPanel.add(self._jTextFieldTorPort)
834 | self._jScanPanel.add(self._jSeparator9)
835 | self._jScanPanel.add(self._jLabelTamper)
836 | self._jScanPanel.add(self._jTextFieldTamper)
837 | self._jScanPanel.add(self._jSeparator10)
838 | self._jScanPanel.add(self._jLabelAuthType)
839 | self._jScanPanel.add(self._jComboAuthType)
840 | self._jScanPanel.add(self._jLabelAuthUser)
841 | self._jScanPanel.add(self._jTextFieldAuthUser)
842 | self._jScanPanel.add(self._jLabelAuthPass)
843 | self._jScanPanel.add(self._jTextFieldAuthPass)
844 | self._jScanPanel.add(self._jSeparator11)
845 | self._jScanPanel.add(self._jButtonStartScan)
846 | self._jScanPanel.add(self._jLabelScanAPI)
847 | self._jScrollPaneMain = swing.JScrollPane(self._jScanPanel)
848 | self._jScanPanel.add(self._jLabelTechnique)
849 | self._jScanPanel.add(self._jTextFieldTechnique)
850 | self._jScrollPaneMain.setViewportView(self._jScanPanel)
851 | self._jScrollPaneMain.setPreferredSize(awt.Dimension(1357,1357))
852 |
853 | # Create SQLMap log JPanel
854 | self._jLogPanel = swing.JPanel()
855 | self._jLogPanel.setLayout(None)
856 |
857 | # Create label, combobox, and button to get logs and textarea to display them
858 | self._jLabelLog = swing.JLabel("Logs for Scan ID:")
859 | self._jComboLogs = swing.JComboBox(self.scantasks)
860 | self._jButtonGetLogs = swing.JButton('Get', actionPerformed=self.getLogs)
861 | self._jButtonRemoveLogs = swing.JButton('Remove', actionPerformed=self.removeLogs)
862 | self._jTextLogs = swing.JTextArea()
863 | self._jTextLogs.setColumns(50)
864 | self._jTextLogs.setRows(50)
865 | self._jTextLogs.setLineWrap(True)
866 | self._jTextLogs.setEditable(False)
867 | self._jScrollPaneLogs = swing.JScrollPane(self._jTextLogs)
868 | self._jScrollPaneLogs.setVerticalScrollBarPolicy(swing.JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
869 |
870 | self._jLabelLog.setBounds(15, 16, 126, 20)
871 | self._jComboLogs.setBounds(167, 16, 535, 20)
872 | self._jButtonGetLogs.setBounds(718, 16, 50, 20)
873 | self._jButtonRemoveLogs.setBounds(783, 16, 80, 20)
874 | self._jScrollPaneLogs.setBounds(15, 58, 846, 400)
875 |
876 | self._jLogPanel.add(self._jLabelLog)
877 | self._jLogPanel.add(self._jComboLogs)
878 | self._jLogPanel.add(self._jButtonGetLogs)
879 | self._jLogPanel.add(self._jButtonRemoveLogs)
880 | self._jLogPanel.add(self._jScrollPaneLogs)
881 |
882 | # Create SQLMap stop scan JPanel
883 | self._jStopScanPanel = swing.JPanel()
884 | self._jStopScanPanel.setLayout(None)
885 |
886 | # Create label, combobox, and button to stop scans and textfield to display success
887 | self._jLabelStopScan = swing.JLabel("Stop Scan ID:")
888 | self._jComboStopScan = swing.JComboBox(self.scantasks)
889 | self._jButtonStopScan = swing.JButton('Stop', actionPerformed=self.stopScan)
890 | self._jButtonRemoveScan = swing.JButton('Remove', actionPerformed=self.removeScan)
891 | self._jLabelStopStatus = swing.JLabel()
892 |
893 | self._jLabelStopScan.setBounds(15, 16, 126, 20)
894 | self._jComboStopScan.setBounds(167, 16, 535, 20)
895 | self._jButtonStopScan.setBounds(718, 16, 55, 20)
896 | self._jButtonRemoveScan.setBounds(783, 16, 80, 20)
897 | self._jLabelStopStatus.setBounds(167, 58, 846, 20)
898 |
899 | self._jStopScanPanel.add(self._jLabelStopScan)
900 | self._jStopScanPanel.add(self._jComboStopScan)
901 | self._jStopScanPanel.add(self._jButtonStopScan)
902 | self._jStopScanPanel.add(self._jButtonRemoveScan)
903 | self._jStopScanPanel.add(self._jLabelStopStatus)
904 |
905 | # Setup Tabs
906 | self._jConfigTab = swing.JTabbedPane()
907 | self._jConfigTab.addTab("SQLMap API", self._jPanel)
908 | self._jConfigTab.addTab("SQLMap Scanner", self._jScrollPaneMain)
909 | self._jConfigTab.addTab("SQLMap Logs", self._jLogPanel)
910 | self._jConfigTab.addTab("SQLMap Scan Stop", self._jStopScanPanel)
911 |
912 | # Automatically get and set the Python path if we can find it
913 | pythonpath = ''
914 | pythonregpath1 = ''
915 | pythonregpath2 = ''
916 | pathpart1 = ''
917 | pathpart2 = ''
918 | drivepart1 = ''
919 | drivepart2 = ''
920 | pythonaltpath1 = ''
921 | pythonaltpath2 = ''
922 | path_delim = ''
923 | ostype = System.getProperty('os.name')
924 |
925 | try:
926 | if 'Windows' in ostype:
927 | path_delim = '\\'
928 |
929 | try:
930 | pythonpath = subprocess.check_output(['where', 'python']).split('\n')[0].rstrip('\n\r')
931 | except:
932 | print 'Could not find python.exe in path.\n'
933 |
934 | try:
935 | pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath" /ve')
936 | pathpart1 = pythonregpath1.rsplit(':', 1)[1].rstrip('\n\r')
937 | drivepart1 = pythonregpath1.rsplit(':', 1)[0][-1]
938 | except:
939 | print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath.\n'
940 |
941 | try:
942 | pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath" /ve')
943 | pathpart2 = pythonregpath2.rsplit(':', 1)[1].rstrip('\n\r')
944 | drivepart2 = pythonregpath2.rsplit(':', 1)[0][-1]
945 | except:
946 | print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath.\n'
947 |
948 | if re.search('[pP]ython', pathpart1):
949 | pythonaltpath1 = drivepart1 + ':' + pathpart1 + path_delim + 'python.exe'
950 | else:
951 | try:
952 | pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore" /se #')
953 | match = re.findall("3\.\d", str(pythonregpath1))
954 | pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\' + match[0] + '\\InstallPath" /v ExecutablePath')
955 | pathpart1 = str(pythonregpath1).rsplit(':', 1)[1].rstrip('\n\r')[:-9]
956 | drivepart1 = str(pythonregpath1).rsplit(':', 1)[0][-1]
957 | except:
958 | print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\3.x\\InstallPath\\ExecutablePath.\n'
959 |
960 | if re.search('[pP]ython', pathpart1):
961 | pythonaltpath1 = drivepart1 + ':' + pathpart1
962 |
963 | if re.search('[pP]ython', pathpart2):
964 | pythonaltpath2 = drivepart2 + ':' + pathpart2 + path_delim + 'python.exe'
965 | else:
966 | try:
967 | pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore" /se #')
968 | match = re.findall("3\.\d", str(pythonregpath1))
969 | pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\' + match[0] + '\\InstallPath" /v ExecutablePath')
970 | pathpart2 = str(pythonregpath1).rsplit(':', 1)[1].rstrip('\n\r')[:-9]
971 | drivepart2 = str(pythonregpath1).rsplit(':', 1)[0][-1]
972 | except:
973 | print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\3.x\\InstallPath\\ExecutablePath.\n'
974 |
975 | if re.search('[pP]ython', pathpart2):
976 | pythonaltpath2 = drivepart2 + ':' + pathpart2
977 | else:
978 | path_delim = '/'
979 |
980 | try:
981 | pythonpath = subprocess.check_output(['which', 'python2.7']).split('\n')[0].rstrip('\n\r')
982 | except:
983 | print 'Could not find python2 in path.\n'
984 |
985 | if re.search('\/python2.7$', pythonpath) is None:
986 | try:
987 | pythonpath = subprocess.check_output(['which', 'python3']).split('\n')[0].rstrip('\n\r')
988 | except:
989 | print 'Could not find python3 in path.\n'
990 |
991 | except:
992 | print 'Could not get OS version, therefore could not find Python path\n'
993 |
994 | # Set python variables
995 | if re.search('python.exe', pythonpath) or re.search('\/python2.7$', pythonpath) or re.search('\/python3', pythonpath):
996 | self.pythonfile = pythonpath
997 | print 'Python found in system path at: ' + pythonpath + '\n'
998 | elif re.search('python.exe', pythonaltpath1):
999 | self.pythonfile = pythonaltpath1
1000 | print 'Python found in registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7 or 3.x\\InstallPath at: ' + pythonaltpath1 + '\n'
1001 | elif re.search('python.exe', pythonaltpath2):
1002 | self.pythonfile = pythonaltpath2
1003 | print 'Python found in registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7 or 3.x\InstallPath at: ' + pythonaltpath2 + '\n'
1004 | else:
1005 | print 'Could not set the correct Python path.\n'
1006 |
1007 | # Get Python version to confirm 2.7.x or 3.x
1008 | if 'Windows' in ostype and re.search('python.exe', self.pythonfile):
1009 | try:
1010 | pythonver = subprocess.check_output(self.pythonfile + ' -c "import sys; print(str(sys.version_info[0]) + str(sys.version_info[1]))"')
1011 | if str(pythonver[:-2]) == '27' or re.search('3\d', str(pythonver[:-2])):
1012 | self._jLabelPython.setText('Python set to: ' + self.pythonfile)
1013 | else:
1014 | self.pythonfile = ''
1015 | print 'Wrong version of Python: ' + pythonver[0] + '.' + pythonver[1] + '\n'
1016 | except:
1017 | print 'Could not get Python version\n'
1018 | elif re.search('python2.7', self.pythonfile) or re.search('python3', self.pythonfile):
1019 | self._jLabelPython.setText('Python set to: ' + self.pythonfile)
1020 | else:
1021 | print 'Wrong version of Python or something went wrong.\n'
1022 |
1023 | # Automatically set the sqlmapapi, first unzip if the extension has never run
1024 | if os.path.isfile(os.getcwd() + path_delim + 'sqlmap.zip'):
1025 |
1026 | # Extract sqlmap
1027 | try:
1028 | with zipfile.ZipFile(os.getcwd() + path_delim + 'sqlmap.zip') as sqlmapzip:
1029 | sqlmapzip.extractall(os.getcwd() + path_delim)
1030 |
1031 | # Remove sqlmap zip file
1032 | os.remove(os.getcwd() + path_delim + 'sqlmap.zip')
1033 |
1034 | # Set API
1035 | if os.path.isfile(os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'):
1036 | self._jLabelAPI.setText('API set to: ' + os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py')
1037 | self.apifile = os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'
1038 | print 'SQLMap API found at: ' + self.apifile + '\n'
1039 | else:
1040 | print 'Could not find SQLMap API file.\n'
1041 | except:
1042 | print 'Failed to extract sqlmap.zip\n'
1043 | else:
1044 | # Set API
1045 | if os.path.isfile(os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'):
1046 | self._jLabelAPI.setText('API set to: ' + os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py')
1047 | self.apifile = os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'
1048 | print 'SQLMap API found at: ' + self.apifile + '\n'
1049 | else:
1050 | print 'Could not find SQLMap API file.\n'
1051 |
1052 | callbacks.customizeUiComponent(self._jConfigTab)
1053 | callbacks.addSuiteTab(self)
1054 | return
1055 |
1056 | # Create a menu item if the appropriate section of the UI is selected
1057 | def createMenuItems(self, invocation):
1058 | menu = []
1059 |
1060 | # Which part of the interface the user selects
1061 | ctx = invocation.getInvocationContext()
1062 |
1063 | # Message Viewer Req will show menu item if selected by the user
1064 | if ctx == 0 or ctx == 2:
1065 | menu.append(swing.JMenuItem("SQLiPy Scan", None, actionPerformed=lambda x, inv=invocation: self.sqlMapScan(inv)))
1066 |
1067 | return menu if menu else None
1068 |
1069 | def getTabCaption(self):
1070 | return 'SQLiPy'
1071 |
1072 | def getUiComponent(self):
1073 | return self._jConfigTab
1074 |
1075 | def sqlMapScan(self, invocation):
1076 |
1077 | # Check initial message for proper request/response and set variables - Burp will not return valid info otherwise
1078 | try:
1079 | invMessage = invocation.getSelectedMessages()
1080 | message = invMessage[0]
1081 | reqInfo = self._helpers.analyzeRequest(message)
1082 | reqUrl = str(reqInfo.getUrl())
1083 | reqBody = message.getRequest()
1084 | bodyData = self._helpers.bytesToString(reqBody[reqInfo.getBodyOffset():])
1085 | reqHeaders = newHeaders = list(reqInfo.getHeaders())
1086 | referer = ''
1087 | ua = ''
1088 | cookie = ''
1089 | headerString = ''
1090 |
1091 | for header in reqHeaders:
1092 | if re.search('^Referer', header, re.IGNORECASE) is not None:
1093 | referer = re.sub('^Referer\:\s+', '', header, re.IGNORECASE)
1094 | elif re.search('^User-Agent', header, re.IGNORECASE) is not None:
1095 | ua = re.sub('^User-Agent\:\s+', '', header, re.IGNORECASE)
1096 | elif re.search('^Cookie', header, re.IGNORECASE) is not None:
1097 | cookie = re.sub('^Cookie\:\s+', '', header, re.IGNORECASE)
1098 | elif ':' in header:
1099 | headerString += ("\\n" if headerString != "" else "") + header
1100 |
1101 | self._jTextFieldURL.setText(reqUrl)
1102 | self._jTextData.setText(bodyData)
1103 | self._jTextFieldCookie.setText(cookie)
1104 | self._jTextFieldUA.setText(ua)
1105 | self._jTextFieldReferer.setText(referer)
1106 | self._jTextFieldCustHeader.setText(headerString)
1107 | self._jConfigTab.setSelectedComponent(self._jScrollPaneMain)
1108 | self.scanMessage = message
1109 | self.scanUrl = reqInfo.getUrl()
1110 | parentTab = self._jConfigTab.getParent()
1111 | parentTab.setSelectedComponent(self._jConfigTab)
1112 | except:
1113 | print 'Failed to add data to scan tab.'
1114 |
1115 | def printHeader(self):
1116 | print 'SQLiPy - 0.8.6\nBurp interface to SQLMap via the SQLMap API\njosh.berry@codewatch.org\n\n'
1117 |
1118 | def setAPI(self, e):
1119 | selectFile = swing.JFileChooser()
1120 | filter = swing.filechooser.FileNameExtensionFilter("python files", ["py"])
1121 | selectFile.addChoosableFileFilter(filter)
1122 |
1123 | returnedFile = selectFile.showDialog(self._jPanel, "SQLMap API")
1124 |
1125 | if returnedFile == swing.JFileChooser.APPROVE_OPTION:
1126 | file = selectFile.getSelectedFile()
1127 | self.apifile = file.getPath()
1128 | print 'Selected API at ' + file.getPath()
1129 | self._jLabelAPI.setText('API set to: ' + file.getPath())
1130 |
1131 | def setPython(self, e):
1132 | selectFile = swing.JFileChooser()
1133 |
1134 | returnedFile = selectFile.showDialog(self._jPanel, "Python EXE")
1135 |
1136 | if returnedFile == swing.JFileChooser.APPROVE_OPTION:
1137 | file = selectFile.getSelectedFile()
1138 | self.pythonfile = file.getPath()
1139 | print 'Selected Python at ' + file.getPath()
1140 | self._jLabelPython.setText('Python set to: ' + file.getPath())
1141 |
1142 | def startAPI(self, button):
1143 | if self.apistatus == 0:
1144 | try:
1145 | print 'Calling: ' + self.pythonfile + ' ' + self.apifile + ' -s -H ' + self._jTextFieldIPListen.getText() + ' -p ' + self._jTextFieldPortListen.getText() + '\n'
1146 | sqlmapdir = ''
1147 |
1148 | if re.search('^[a-zA-Z]\:', self.apifile) is not None:
1149 | sqlmapdir = self.apifile.rsplit('\\', 1)[0]
1150 | else:
1151 | sqlmapdir = self.apifile.rsplit('/', 1)[0]
1152 |
1153 | javaexec = getattr(Runtime.getRuntime(), "exec")
1154 | cmd = [self.pythonfile, self.apifile, "-s", "-H", self._jTextFieldIPListen.getText(), "-p", self._jTextFieldPortListen.getText()]
1155 |
1156 | self.apiprocess = javaexec(cmd, None, File(sqlmapdir))
1157 |
1158 | self.errorGobbler = Thread(StreamGobbler(self.apiprocess.getErrorStream(), System.err))
1159 | self.outputGobbler = Thread(StreamGobbler(self.apiprocess.getInputStream(), System.out))
1160 |
1161 | self.errorGobbler.start()
1162 | self.outputGobbler.start()
1163 |
1164 | # Final validation the API is running
1165 | try:
1166 | time.sleep(5)
1167 | req = urllib2.Request('http://' + str(self._jTextFieldIPListen.getText()) + ':' + str(self._jTextFieldPortListen.getText()) + '/scan/0/status')
1168 | req.add_header('Content-Type', 'application/json')
1169 | resp = json.load(urllib2.urlopen(req, timeout=10))
1170 |
1171 | if resp['message'] == "Invalid task ID":
1172 | self._jLabelScanAPI.setText(self._jTextFieldIPListen.getText() + ':' + self._jTextFieldPortListen.getText())
1173 | self._jLabelScanAPI.setForeground(Color.GREEN)
1174 | self._jTextFieldScanIPListen.setText(self._jTextFieldIPListen.getText())
1175 | self._jTextFieldScanPortListen.setText(self._jTextFieldPortListen.getText())
1176 | self._jLabelAPIStatus.setText('SQLMap API IS CURRENTLY RUNNING!')
1177 | self._jLabelAPIStatus.setForeground(Color.GREEN)
1178 | self.apistatus = 1
1179 |
1180 | print 'SQLMap API started.\n'
1181 | except:
1182 | self.apiprocess.destroy()
1183 | self.errorGobbler.join()
1184 | self.outputGobbler.join()
1185 | print 'Failed to start the SQLMap API\n'
1186 |
1187 | except:
1188 | print 'Failed to start the SQLMap API\n'
1189 | else:
1190 | print 'The SQLMap API process has already been started\n'
1191 |
1192 | def stopAPI(self, button):
1193 | if self.apistatus == 1:
1194 | try:
1195 | if self._jComboStopScan.getItemCount() is not 0:
1196 | for item in range(0, self._jComboStopScan.getItemCount()):
1197 | req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboStopScan.getItemAt(item).split('-')[0]) + '/kill')
1198 | resp = json.load(urllib2.urlopen(req, timeout=3))
1199 |
1200 | if resp['success'] == True:
1201 | print 'Scan stopped for ID: '+ self._jComboStopScan.getItemAt(item).split('-')[0]+'\n'
1202 | else:
1203 | print 'Failed to stop scan on ID: '+self._jComboStopScan.getItemAt(item).split('-')[0]+', likely already completed\n'
1204 |
1205 | except:
1206 | print 'Failed to stop currently running SQLMap scans or no scans were still running\n'
1207 |
1208 | try:
1209 | totalThreads = 1
1210 |
1211 | for thread in self.threads:
1212 | print 'Stopping running scan check thread: ' + str(totalThreads) + '\n'
1213 | totalThreads += 1
1214 | thread.keep_running = False
1215 | thread.join()
1216 |
1217 | i = 0
1218 | while i < len(self.threads):
1219 | self.threads.pop(0)
1220 | i += 1
1221 |
1222 | except:
1223 | print 'Could not stop running threads\n'
1224 |
1225 | try:
1226 | self.apiprocess.destroy()
1227 | self._jComboLogs.removeAllItems()
1228 | self._jComboStopScan.removeAllItems()
1229 | self._jLabelScanAPI.setText('SQLMap API is NOT running!')
1230 | self._jLabelScanAPI.setForeground(Color.RED)
1231 | self._jLabelAPIStatus.setText('SQLMap API is NOT running!')
1232 | self._jLabelAPIStatus.setForeground(Color.RED)
1233 | self.apistatus = 0
1234 |
1235 | print 'Stopping the SQLMap API\n'
1236 | except:
1237 | print 'Failed to stop the SQLMap API\n'
1238 |
1239 | try:
1240 | self.errorGobbler.join()
1241 | self.outputGobbler.join()
1242 |
1243 | print 'Stopping API input/output/error buffers threads\n'
1244 | except:
1245 | print 'Failed to stop API input/output/error buffers threads\n'
1246 |
1247 | def extensionUnloaded(self):
1248 | if self.apistatus == 1:
1249 | try:
1250 | if self._jComboStopScan.getItemCount() is not 0:
1251 | for item in range(0, self._jComboStopScan.getItemCount()):
1252 | req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboStopScan.getItemAt(item).split('-')[0]) + '/kill')
1253 | resp = json.load(urllib2.urlopen(req, timeout=3))
1254 |
1255 | if resp['success'] == True:
1256 | print 'Scan stopped for ID: '+ self._jComboStopScan.getItemAt(item).split('-')[0]+'\n'
1257 | else:
1258 | print 'Failed to stop scan on ID: '+self._jComboStopScan.getItemAt(item).split('-')[0]+', likely already completed\n'
1259 |
1260 | except:
1261 | print 'Failed to stop currently running SQLMap scans or no scans were still running\n'
1262 |
1263 | try:
1264 | totalThreads = 1
1265 |
1266 | for thread in self.threads:
1267 | print 'Stopping running scan check thread: ' + str(totalThreads) + '\n'
1268 | totalThreads += 1
1269 | thread.keep_running = False
1270 | thread.join()
1271 |
1272 | except:
1273 | print 'Could not stop running threads\n'
1274 |
1275 | try:
1276 | self.apiprocess.destroy()
1277 | print 'Stopping the SQLMap API...\n'
1278 | except:
1279 | print 'Failed to stop the SQLMap API\n'
1280 |
1281 | try:
1282 | self.errorGobbler.join()
1283 | self.outputGobbler.join()
1284 |
1285 | print 'Stopping API input/output/error buffers threads\n'
1286 | except:
1287 | print 'Failed to stop API input/output/error buffers threads\n'
1288 |
1289 | def getLogs(self, button):
1290 | try:
1291 | req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboLogs.getSelectedItem().split('-')[0]) + '/log')
1292 | resp = json.load(urllib2.urlopen(req, timeout=10))
1293 |
1294 | if resp['success'] == True:
1295 | logdata = ''
1296 | for logs in resp['log']:
1297 | logdata = logdata + logs['level'] + ': ' + logs['time'] + ' - ' + logs['message'] + '\n'
1298 |
1299 | self._jTextLogs.setText('Log results for: ' + self.scancmds[self._jComboLogs.getSelectedItem().split('-')[0]] + logdata)
1300 | else:
1301 | print 'Failed to get logs for: '+self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
1302 | except:
1303 | print 'Failed to get logs for: '+self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
1304 |
1305 | def removeLogs(self, button):
1306 | print 'Removing Log Entry for ID: '+ self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
1307 | self._jComboLogs.removeItem(self._jComboLogs.getSelectedItem())
1308 |
1309 | def stopScan(self, button):
1310 | try:
1311 | req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboStopScan.getSelectedItem().split('-')[0]) + '/kill')
1312 | resp = json.load(urllib2.urlopen(req, timeout=10))
1313 |
1314 | if resp['success'] == True:
1315 | print 'Scan stopped for ID: '+ self._jComboStopScan.getSelectedItem().split('-')[0]+'\n'
1316 | self._jLabelStopStatus.setText('Scan stopped for ID: ' + self._jComboStopScan.getSelectedItem().split('-')[0])
1317 | self._jComboStopScan.removeItem(self._jComboStopScan.getSelectedItem())
1318 | else:
1319 | print 'Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed\n'
1320 | self._jLabelStopStatus.setText('Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed')
1321 | except:
1322 | print 'Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed\n'
1323 | self._jLabelStopStatus.setText('Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed')
1324 |
1325 | def removeScan(self, button):
1326 | print 'Removing Scan Stop Entry for ID: '+ self._jComboStopScan.getSelectedItem().split('-')[0]+'\n'
1327 | self._jLabelStopStatus.setText('Scan removed from stop tab for ID: ' + self._jComboStopScan.getSelectedItem().split('-')[0])
1328 | self._jComboStopScan.removeItem(self._jComboStopScan.getSelectedItem())
1329 |
1330 | def startScan(self, button):
1331 | hpp = ''
1332 | cu = ''
1333 | cdb = ''
1334 | hostname = ''
1335 | isdba = ''
1336 | lusers = ''
1337 | lpswds = ''
1338 | lprivs = ''
1339 | lroles = ''
1340 | ldbs = ''
1341 | textonly = ''
1342 | postdata = None
1343 | datacmd = ''
1344 | cookiedata = None
1345 | cookiecmd = ''
1346 | uadata = None
1347 | uacmd = ''
1348 | ignorecodedata = None
1349 | ignorecodecmd = ''
1350 | custheaderdata = None
1351 | custheadercmd = ''
1352 | headerdata = None
1353 | headercmd = ''
1354 | refererdata = None
1355 | referercmd = ''
1356 | proxy = None
1357 | proxycmd = ''
1358 | dbms = None
1359 | dbmscmd = ''
1360 | os = None
1361 | oscmd = ''
1362 | tampercmd = ''
1363 | tamperdata = None
1364 | paramcmd = ''
1365 | paramdata = None
1366 | csrfurl = None
1367 | csrftoken = None
1368 | torcmd = ''
1369 | tortypecmd = ''
1370 | torportcmd = ''
1371 | httpmethod = None
1372 | httpmethodcmd = ''
1373 | authtype = None
1374 | authtypecmd = ''
1375 | authcred = None
1376 | authcredcmd = ''
1377 | livecookies = None
1378 | skipheuristics = None
1379 | proxyfreq = None
1380 |
1381 | if self._jCheckTO.isSelected():
1382 | textonly = ' --text-only'
1383 | textonlystatus = True
1384 | else:
1385 | textonlystatus = False
1386 |
1387 | if self._jCheckHPP.isSelected():
1388 | hpp = ' --hpp'
1389 | hppstatus = True
1390 | else:
1391 | hppstatus = False
1392 |
1393 | if self._jCheckCU.isSelected():
1394 | cu = ' --current-user'
1395 | custatus = True
1396 | else:
1397 | custatus = False
1398 |
1399 | if self._jCheckDB.isSelected():
1400 | cdb = ' --current-db'
1401 | cdbstatus = True
1402 | else:
1403 | cdbstatus = False
1404 |
1405 | if self._jCheckHost.isSelected():
1406 | hostname = ' --hostname'
1407 | hostnamestatus = True
1408 | else:
1409 | hostnamestatus = False
1410 |
1411 | if self._jCheckDBA.isSelected():
1412 | isdba = ' --is-dba'
1413 | isdbastatus = True
1414 | else:
1415 | isdbastatus = False
1416 |
1417 | if self._jCheckUsers.isSelected():
1418 | lusers = ' --users'
1419 | lusersstatus = True
1420 | else:
1421 | lusersstatus = False
1422 |
1423 | if self._jCheckPswds.isSelected():
1424 | lpswds = ' --passwords'
1425 | lpswdsstatus = True
1426 | else:
1427 | lpswdsstatus = False
1428 |
1429 | if self._jCheckPrivs.isSelected():
1430 | lprivs = ' --privileges'
1431 | lprivsstatus = True
1432 | else:
1433 | lprivsstatus = False
1434 |
1435 | if self._jCheckRoles.isSelected():
1436 | lroles = ' --roles'
1437 | lrolesstatus = True
1438 | else:
1439 | lrolesstatus = False
1440 |
1441 | if self._jCheckDBs.isSelected():
1442 | ldbs = ' --dbs'
1443 | ldbsstatus = True
1444 | else:
1445 | ldbsstatus = False
1446 |
1447 | if self._jCheckTor.isSelected():
1448 | torstatus = True
1449 | torcmd = ' --tor'
1450 | tortype = self._jComboTorType.getSelectedItem()
1451 | tortypecmd = ' --tor-type=' + self._jComboTorType.getSelectedItem()
1452 | torport = self._jTextFieldTorPort.getText()
1453 | torportcmd = ' --tor-port=' + self._jTextFieldTorPort.getText()
1454 | else:
1455 | torstatus = False
1456 | tortype = 'HTTP'
1457 | torport = None
1458 |
1459 | if not re.search('^None$', self._jComboAuthType.getSelectedItem()) is not None and re.search('[a-zA-Z0-9]', self._jTextFieldAuthUser.getText()) is not None:
1460 | authtype = self._jComboAuthType.getSelectedItem()
1461 | authtypecmd = ' --auth-type=' + self._jComboAuthType.getSelectedItem()
1462 | authuser = self._jTextFieldAuthUser.getText()
1463 | authpass = self._jTextFieldAuthPass.getText()
1464 | authcred = authuser + ':' + authpass
1465 | authcredcmd = ' --auth-cred="' + authuser + ':' + authpass + '"'
1466 | else:
1467 | authtype = None
1468 | authtypecmd = ''
1469 | authuser = ''
1470 | authpass = ''
1471 | authcred = None
1472 | authcredcmd = ''
1473 |
1474 | if re.search('[a-zA-Z0-9]', self._jTextFieldIgnoreCode.getText()) is not None:
1475 | ignorecodedata = self._jTextFieldIgnoreCode.getText()
1476 | ignorecodecmd = ' --ignore-code=' + self._jTextFieldIgnoreCode.getText()
1477 |
1478 | if re.search('(http|https)\://', self._jTextFieldProxy.getText()) is not None:
1479 | proxy = self._jTextFieldProxy.getText()
1480 | proxycmd = ' --proxy=' + self._jTextFieldProxy.getText()
1481 |
1482 | if not re.search('^Default$', self._jComboHttpMethod.getSelectedItem()) is not None:
1483 | httpmethod = self._jComboHttpMethod.getSelectedItem()
1484 | httpmethodcmd = ' --method="' + self._jComboHttpMethod.getSelectedItem()+'"'
1485 |
1486 | if not re.search('^Any$', self._jComboDBMS.getSelectedItem()) is not None:
1487 | dbms = self._jComboDBMS.getSelectedItem()
1488 | dbmscmd = ' --dbms="' + self._jComboDBMS.getSelectedItem()+'"'
1489 |
1490 | if not re.search('^Any$', self._jComboOS.getSelectedItem()) is not None:
1491 | os = self._jComboOS.getSelectedItem()
1492 | oscmd = ' --os=' + self._jComboOS.getSelectedItem()
1493 |
1494 | if re.search('[a-zA-Z0-9]', self._jTextFieldTamper.getText()) is not None:
1495 | tampercmd = ' --tamper="' + self._jTextFieldTamper.getText() + '"'
1496 | tamperdata = self._jTextFieldTamper.getText()
1497 |
1498 | if re.search('[a-zA-Z0-9]', self._jTextData.getText()) is not None:
1499 | postdata = self._jTextData.getText()
1500 | datacmd = ' --data="' + self._jTextData.getText() + '"'
1501 |
1502 | if re.search('[a-zA-Z0-9]', self._jTextFieldCookie.getText()) is not None:
1503 | cookiedata = self._jTextFieldCookie.getText()
1504 | cookiecmd = ' --cookie="' + self._jTextFieldCookie.getText() + '"'
1505 |
1506 | if re.search('[a-zA-Z0-9]', self._jTextFieldUA.getText()) is not None:
1507 | uadata = self._jTextFieldUA.getText()
1508 | uacmd = ' --user-agent="' + self._jTextFieldUA.getText() + '"'
1509 |
1510 | if re.search('[a-zA-Z0-9]', self._jTextFieldCustHeader.getText()) is not None and self._jCustHeadCheckParam.isSelected():
1511 | custheaderdata = self._jTextFieldCustHeader.getText()
1512 | custheadercmd = ' --headers="' + self._jTextFieldCustHeader.getText() + '"'
1513 |
1514 | if re.search('[a-zA-Z0-9]', self._jTextFieldReferer.getText()) is not None:
1515 | refererdata = self._jTextFieldReferer.getText()
1516 | referercmd = ' --referer="' + self._jTextFieldReferer.getText() + '"'
1517 |
1518 | if re.search('[a-zA-Z0-9]', self._jTextFieldParam.getText()) is not None:
1519 | paramdata = self._jTextFieldParam.getText()
1520 | paramcmd = ' -p "' + self._jTextFieldParam.getText() + '"'
1521 |
1522 | try:
1523 | sqlmapcmd = 'sqlmap.py -u "' + self._jTextFieldURL.getText() + '"' + datacmd + httpmethodcmd + cookiecmd + uacmd + referercmd + custheadercmd + authtypecmd + authcredcmd + ignorecodecmd + proxycmd + torcmd + tortypecmd + torportcmd + ' --delay=' + str(self._jComboDelay.getSelectedItem()) + ' --timeout=' + str(self._jComboTimeout.getSelectedItem()) + ' --retries=' + str(self._jComboDelay.getSelectedItem()) + paramcmd + dbmscmd + oscmd + tampercmd + ' --level=' + str(self._jComboLevel.getSelectedItem()) + ' --risk=' + str(self._jComboRisk.getSelectedItem()) + textonly + hpp + ' --threads=' + str(self._jComboThreads.getSelectedItem()) + ' --time-sec=' + str(self._jComboTimeSec.getSelectedItem()) + ' --technique=' + str(self._jTextFieldTechnique.getText()) + ' -b' + cu + cdb + hostname + isdba + lusers + lpswds + lprivs + lroles + ldbs + ' --batch --answers="crack=N,dict=N,continue=Y,quit=N"\n\n'
1524 | print 'SQLMap Command: ' + sqlmapcmd
1525 | url = 'http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/task/new'
1526 | req = urllib2.urlopen(url, timeout=10)
1527 | resp = json.loads(req.read())
1528 |
1529 | if resp['success'] == True and resp['taskid']:
1530 | sqlitask = str(resp['taskid'])
1531 | sqliopts = {'authType': authtype, 'csrfUrl': csrfurl, 'csrfToken': csrftoken, 'liveCookies': livecookies, 'skipHeuristics': skipheuristics, 'proxyFreq': proxyfreq, 'getUsers': lusersstatus, 'getPasswordHashes': lpswdsstatus, 'delay': self._jComboDelay.getSelectedItem(), 'isDba': isdbastatus, 'risk': self._jComboRisk.getSelectedItem(), 'getCurrentUser': custatus, 'getRoles': lrolesstatus, 'getPrivileges': lprivsstatus, 'testParameter': paramdata, 'timeout': self._jComboTimeout.getSelectedItem(), 'ignoreCode': ignorecodedata, 'torPort': torport, 'level': self._jComboLevel.getSelectedItem(), 'technique': self._jTextFieldTechnique.getText(), 'getCurrentDb': cdbstatus, 'answers': 'crack=N,dict=N,continue=Y,quit=N', 'method': httpmethod, 'cookie': cookiedata, 'proxy': proxy, 'os': os, 'threads': self._jComboThreads.getSelectedItem(), 'url': self._jTextFieldURL.getText(), 'getDbs': ldbsstatus, 'tor': torstatus, 'torType': tortype, 'referer': refererdata, 'retries': self._jComboRetry.getSelectedItem(), 'headers': custheaderdata, 'authCred': authcred, 'timeSec': self._jComboTimeSec.getSelectedItem(), 'getHostname': hostnamestatus, 'agent': uadata, 'dbms': dbms, 'tamper': tamperdata, 'hpp': hppstatus, 'getBanner': 'true', 'data': postdata, 'textOnly': textonlystatus}
1532 |
1533 | print 'Created SQLMap Task: ' + sqlitask + '\n'
1534 |
1535 | try:
1536 | req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/option/' + sqlitask + '/set')
1537 | req.add_header('Content-Type', 'application/json')
1538 | resp = json.load(urllib2.urlopen(req, json.dumps(sqliopts), timeout=10))
1539 |
1540 | if resp['success'] == True:
1541 | print 'SQLMap options set on Task ' + sqlitask + ': ' + json.dumps(sqliopts) + '\n'
1542 | sqliopts = {'url': self._jTextFieldURL.getText()}
1543 |
1544 | try:
1545 | checkreq = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/option/' + sqlitask + '/list')
1546 | checkresp = json.load(urllib2.urlopen(checkreq, timeout=10))
1547 | print 'SQLMap options returned: ' + json.dumps(checkresp) + '\n'
1548 | except:
1549 | print 'Failed to get list of options from SQLMap API\n'
1550 |
1551 | try:
1552 | req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + sqlitask + '/start')
1553 | req.add_header('Content-Type', 'application/json')
1554 | resp = json.load(urllib2.urlopen(req, json.dumps(sqliopts), timeout=10))
1555 |
1556 | if resp['success'] == True:
1557 | findings = ThreadExtender(self, self._jTextFieldScanIPListen.getText(), self._jTextFieldScanPortListen.getText(), sqlitask, self.scanUrl, self.scanMessage, self._callbacks)
1558 | t = threading.Thread(target=findings.checkResults)
1559 | self.threads.append(t)
1560 | t.start()
1561 | self._jComboLogs.addItem(sqlitask + '-' + self._jTextFieldURL.getText())
1562 | self._jComboStopScan.addItem(sqlitask + '-' + self._jTextFieldURL.getText())
1563 | self.scancmds[sqlitask] = sqlmapcmd
1564 | print 'Started SQLMap Scan on Task ' + sqlitask +' with Engine ID: ' + str(resp['engineid']) + ' - ' + self._jTextFieldURL.getText() + '\n'
1565 | else:
1566 | print 'Failed to start SQLMap Scan for Task: ' + sqlitask + '\n'
1567 |
1568 | except:
1569 | print 'Failed to start SQLMap Scan for Task: ' + sqlitask + '\n'
1570 |
1571 | else:
1572 | print 'Failed to set options on SQLMap Task: ' + sqlitask + '\n'
1573 |
1574 | except:
1575 | print 'Failed to set options on SQLMap Task: ' + sqlitask + '\n'
1576 |
1577 | else:
1578 | print(traceback.format_exc())
1579 | print 'SQLMap task creation failed\n'
1580 |
1581 | except:
1582 | print(traceback.format_exc())
1583 | print 'SQLMap task creation failed\n'
--------------------------------------------------------------------------------
/sqlmap.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PortSwigger/sqli-py/1a9c1a4ae14ca4d06872955eb03ead1bfc077c0f/sqlmap.zip
--------------------------------------------------------------------------------