├── BappDescription.html
├── BappManifest.bmf
├── LICENSE
├── LICENSE - sqlmap
├── README.md
├── SQLiPy.py
└── sqlmap.zip


/BappDescription.html:
--------------------------------------------------------------------------------
 1 | <p>This extension integrates Burp Suite with SQLMap.</p>
 2 | 
 3 | <p>Requirements:</p>
 4 | <ul>
 5 | 	<li>Jython 2.7 beta, due to the use of json.</li>
 6 |     <li>Java 1.7 or later (the beta version of Jython 2.7 requires this).</li>
 7 | 	<li>A running instance of the SQLMap API server.</li>
 8 | </ul>
 9 | <p>SQLMap comes with a RESTful based server that will execute SQLMap scans. You can manually start the server 
10 | with: </p>
11 | <pre> python sqlmapapi.py -s -H &lt;ip&gt; -p &lt;port&gt;
12 | </pre>
13 | <p>Alternatively, you can use the SQLMap API tab to select the IP/Port on which to run, as well as the path to python and sqlmapapi.py on your system.
14 | 
15 | </p>
16 | <p>Once the SQLMap API is running, you just need to right-click in the 'Request' 
17 | sub tab of either the Target or Proxy main tabs and choose 'SQLiPy Scan' from 
18 | the context menu.
19 | 
20 | This will populate the SQLMap Scanner tab with information about that request.  Clicking the 'Start Scan' button will execute a scan.
21 | 
22 | If the page is vulnerable to SQL injection, then these will be added to the Scanner Results tab.
23 | </p>
24 | 


--------------------------------------------------------------------------------
/BappManifest.bmf:
--------------------------------------------------------------------------------
 1 | Uuid: f154175126a04bfe8edc6056f340f52e
 2 | ExtensionType: 2
 3 | Name: SQLiPy Sqlmap Integration
 4 | RepoName: sqli-py
 5 | ScreenVersion: 0.8.6
 6 | SerialVersion: 19
 7 | MinPlatformVersion: 0
 8 | ProOnly: False
 9 | Author: Josh Berry @ CodeWatch
10 | ShortDescription: Initiates SQLMap scans directly from within Burp.
11 | EntryPoint: SQLiPy.py
12 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <http://unlicense.org>
25 | 
26 | 


--------------------------------------------------------------------------------
/LICENSE - sqlmap:
--------------------------------------------------------------------------------
  1 | COPYING -- Describes the terms under which sqlmap is distributed. A copy
  2 | of the GNU General Public License (GPL) is appended to this file.
  3 | 
  4 | sqlmap is (C) 2006-2017 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar.
  5 | 
  6 | This program is free software; you may redistribute and/or modify it under
  7 | the terms of the GNU General Public License as published by the Free
  8 | Software Foundation; Version 2 (or later) with the clarifications and
  9 | exceptions described below. This guarantees your right to use, modify, and
 10 | redistribute this software under certain conditions. If you wish to embed
 11 | sqlmap technology into proprietary software, we sell alternative licenses
 12 | (contact sales@sqlmap.org).
 13 | 
 14 | Note that the GPL places important restrictions on "derived works", yet it
 15 | does not provide a detailed definition of that term. To avoid
 16 | misunderstandings, we interpret that term as broadly as copyright law
 17 | allows. For example, we consider an application to constitute a "derived
 18 | work" for the purpose of this license if it does any of the following:
 19 | * Integrates source code from sqlmap.
 20 | * Reads or includes sqlmap copyrighted data files, such as xml/queries.xml
 21 | * Executes sqlmap and parses the results (as opposed to typical shell or
 22 |   execution-menu apps, which simply display raw sqlmap output and so are
 23 |   not derivative works).
 24 | * Integrates/includes/aggregates sqlmap into a proprietary executable
 25 |   installer, such as those produced by InstallShield.
 26 | * Links to a library or executes a program that does any of the above
 27 | 
 28 | The term "sqlmap" should be taken to also include any portions or derived
 29 | works of sqlmap. This list is not exclusive, but is meant to clarify our
 30 | interpretation of derived works with some common examples. Our
 31 | interpretation applies only to sqlmap - we do not speak for other people's
 32 | GPL works.
 33 | 
 34 | This license does not apply to the third-party components. More details can
 35 | be found inside the file 'doc/THIRD-PARTY.md'.
 36 | 
 37 | If you have any questions about the GPL licensing restrictions on using
 38 | sqlmap in non-GPL works, we would be happy to help. As mentioned above,
 39 | we also offer alternative license to integrate sqlmap into proprietary
 40 | applications and appliances.
 41 | 
 42 | If you received these files with a written license agreement or contract
 43 | stating terms other than the terms above, then that alternative license
 44 | agreement takes precedence over these comments.
 45 | 
 46 | Source is provided to this software because we believe users have a right
 47 | to know exactly what a program is going to do before they run it.
 48 | 
 49 | Source code also allows you to fix bugs and add new features. You are
 50 | highly encouraged to send your changes to dev@sqlmap.org for possible
 51 | incorporation into the main distribution. By sending these changes to the
 52 | sqlmap developers or via Git pull request, checking them into the sqlmap
 53 | source code repository, it is understood (unless you specify otherwise)
 54 | that you are offering the sqlmap project the unlimited, non-exclusive
 55 | right to reuse, modify, and relicense the code. sqlmap will always be
 56 | available Open Source, but this is important because the inability to
 57 | relicense code has caused devastating problems for other Free Software
 58 | projects (such as KDE and NASM). If you wish to specify special license
 59 | conditions of your contributions, just say so when you send them.
 60 | 
 61 | This program is distributed in the hope that it will be useful, but
 62 | WITHOUT ANY WARRANTY; without even the implied warranty of
 63 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 64 | General Public License v2.0 for more details at
 65 | http://www.gnu.org/licenses/gpl-2.0.html, or below
 66 | 
 67 | ****************************************************************************
 68 | 
 69 |                     GNU GENERAL PUBLIC LICENSE
 70 |                        Version 2, June 1991
 71 | 
 72 |  Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 73 |  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 74 |  Everyone is permitted to copy and distribute verbatim copies
 75 |  of this license document, but changing it is not allowed.
 76 | 
 77 |                             Preamble
 78 | 
 79 |   The licenses for most software are designed to take away your
 80 | freedom to share and change it.  By contrast, the GNU General Public
 81 | License is intended to guarantee your freedom to share and change free
 82 | software--to make sure the software is free for all its users.  This
 83 | General Public License applies to most of the Free Software
 84 | Foundation's software and to any other program whose authors commit to
 85 | using it.  (Some other Free Software Foundation software is covered by
 86 | the GNU Lesser General Public License instead.)  You can apply it to
 87 | your programs, too.
 88 | 
 89 |   When we speak of free software, we are referring to freedom, not
 90 | price.  Our General Public Licenses are designed to make sure that you
 91 | have the freedom to distribute copies of free software (and charge for
 92 | this service if you wish), that you receive source code or can get it
 93 | if you want it, that you can change the software or use pieces of it
 94 | in new free programs; and that you know you can do these things.
 95 | 
 96 |   To protect your rights, we need to make restrictions that forbid
 97 | anyone to deny you these rights or to ask you to surrender the rights.
 98 | These restrictions translate to certain responsibilities for you if you
 99 | distribute copies of the software, or if you modify it.
100 | 
101 |   For example, if you distribute copies of such a program, whether
102 | gratis or for a fee, you must give the recipients all the rights that
103 | you have.  You must make sure that they, too, receive or can get the
104 | source code.  And you must show them these terms so they know their
105 | rights.
106 | 
107 |   We protect your rights with two steps: (1) copyright the software, and
108 | (2) offer you this license which gives you legal permission to copy,
109 | distribute and/or modify the software.
110 | 
111 |   Also, for each author's protection and ours, we want to make certain
112 | that everyone understands that there is no warranty for this free
113 | software.  If the software is modified by someone else and passed on, we
114 | want its recipients to know that what they have is not the original, so
115 | that any problems introduced by others will not reflect on the original
116 | authors' reputations.
117 | 
118 |   Finally, any free program is threatened constantly by software
119 | patents.  We wish to avoid the danger that redistributors of a free
120 | program will individually obtain patent licenses, in effect making the
121 | program proprietary.  To prevent this, we have made it clear that any
122 | patent must be licensed for everyone's free use or not licensed at all.
123 | 
124 |   The precise terms and conditions for copying, distribution and
125 | modification follow.
126 | 
127 |                     GNU GENERAL PUBLIC LICENSE
128 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
129 | 
130 |   0. This License applies to any program or other work which contains
131 | a notice placed by the copyright holder saying it may be distributed
132 | under the terms of this General Public License.  The "Program", below,
133 | refers to any such program or work, and a "work based on the Program"
134 | means either the Program or any derivative work under copyright law:
135 | that is to say, a work containing the Program or a portion of it,
136 | either verbatim or with modifications and/or translated into another
137 | language.  (Hereinafter, translation is included without limitation in
138 | the term "modification".)  Each licensee is addressed as "you".
139 | 
140 | Activities other than copying, distribution and modification are not
141 | covered by this License; they are outside its scope.  The act of
142 | running the Program is not restricted, and the output from the Program
143 | is covered only if its contents constitute a work based on the
144 | Program (independent of having been made by running the Program).
145 | Whether that is true depends on what the Program does.
146 | 
147 |   1. You may copy and distribute verbatim copies of the Program's
148 | source code as you receive it, in any medium, provided that you
149 | conspicuously and appropriately publish on each copy an appropriate
150 | copyright notice and disclaimer of warranty; keep intact all the
151 | notices that refer to this License and to the absence of any warranty;
152 | and give any other recipients of the Program a copy of this License
153 | along with the Program.
154 | 
155 | You may charge a fee for the physical act of transferring a copy, and
156 | you may at your option offer warranty protection in exchange for a fee.
157 | 
158 |   2. You may modify your copy or copies of the Program or any portion
159 | of it, thus forming a work based on the Program, and copy and
160 | distribute such modifications or work under the terms of Section 1
161 | above, provided that you also meet all of these conditions:
162 | 
163 |     a) You must cause the modified files to carry prominent notices
164 |     stating that you changed the files and the date of any change.
165 | 
166 |     b) You must cause any work that you distribute or publish, that in
167 |     whole or in part contains or is derived from the Program or any
168 |     part thereof, to be licensed as a whole at no charge to all third
169 |     parties under the terms of this License.
170 | 
171 |     c) If the modified program normally reads commands interactively
172 |     when run, you must cause it, when started running for such
173 |     interactive use in the most ordinary way, to print or display an
174 |     announcement including an appropriate copyright notice and a
175 |     notice that there is no warranty (or else, saying that you provide
176 |     a warranty) and that users may redistribute the program under
177 |     these conditions, and telling the user how to view a copy of this
178 |     License.  (Exception: if the Program itself is interactive but
179 |     does not normally print such an announcement, your work based on
180 |     the Program is not required to print an announcement.)
181 | 
182 | These requirements apply to the modified work as a whole.  If
183 | identifiable sections of that work are not derived from the Program,
184 | and can be reasonably considered independent and separate works in
185 | themselves, then this License, and its terms, do not apply to those
186 | sections when you distribute them as separate works.  But when you
187 | distribute the same sections as part of a whole which is a work based
188 | on the Program, the distribution of the whole must be on the terms of
189 | this License, whose permissions for other licensees extend to the
190 | entire whole, and thus to each and every part regardless of who wrote it.
191 | 
192 | Thus, it is not the intent of this section to claim rights or contest
193 | your rights to work written entirely by you; rather, the intent is to
194 | exercise the right to control the distribution of derivative or
195 | collective works based on the Program.
196 | 
197 | In addition, mere aggregation of another work not based on the Program
198 | with the Program (or with a work based on the Program) on a volume of
199 | a storage or distribution medium does not bring the other work under
200 | the scope of this License.
201 | 
202 |   3. You may copy and distribute the Program (or a work based on it,
203 | under Section 2) in object code or executable form under the terms of
204 | Sections 1 and 2 above provided that you also do one of the following:
205 | 
206 |     a) Accompany it with the complete corresponding machine-readable
207 |     source code, which must be distributed under the terms of Sections
208 |     1 and 2 above on a medium customarily used for software interchange; or,
209 | 
210 |     b) Accompany it with a written offer, valid for at least three
211 |     years, to give any third party, for a charge no more than your
212 |     cost of physically performing source distribution, a complete
213 |     machine-readable copy of the corresponding source code, to be
214 |     distributed under the terms of Sections 1 and 2 above on a medium
215 |     customarily used for software interchange; or,
216 | 
217 |     c) Accompany it with the information you received as to the offer
218 |     to distribute corresponding source code.  (This alternative is
219 |     allowed only for noncommercial distribution and only if you
220 |     received the program in object code or executable form with such
221 |     an offer, in accord with Subsection b above.)
222 | 
223 | The source code for a work means the preferred form of the work for
224 | making modifications to it.  For an executable work, complete source
225 | code means all the source code for all modules it contains, plus any
226 | associated interface definition files, plus the scripts used to
227 | control compilation and installation of the executable.  However, as a
228 | special exception, the source code distributed need not include
229 | anything that is normally distributed (in either source or binary
230 | form) with the major components (compiler, kernel, and so on) of the
231 | operating system on which the executable runs, unless that component
232 | itself accompanies the executable.
233 | 
234 | If distribution of executable or object code is made by offering
235 | access to copy from a designated place, then offering equivalent
236 | access to copy the source code from the same place counts as
237 | distribution of the source code, even though third parties are not
238 | compelled to copy the source along with the object code.
239 | 
240 |   4. You may not copy, modify, sublicense, or distribute the Program
241 | except as expressly provided under this License.  Any attempt
242 | otherwise to copy, modify, sublicense or distribute the Program is
243 | void, and will automatically terminate your rights under this License.
244 | However, parties who have received copies, or rights, from you under
245 | this License will not have their licenses terminated so long as such
246 | parties remain in full compliance.
247 | 
248 |   5. You are not required to accept this License, since you have not
249 | signed it.  However, nothing else grants you permission to modify or
250 | distribute the Program or its derivative works.  These actions are
251 | prohibited by law if you do not accept this License.  Therefore, by
252 | modifying or distributing the Program (or any work based on the
253 | Program), you indicate your acceptance of this License to do so, and
254 | all its terms and conditions for copying, distributing or modifying
255 | the Program or works based on it.
256 | 
257 |   6. Each time you redistribute the Program (or any work based on the
258 | Program), the recipient automatically receives a license from the
259 | original licensor to copy, distribute or modify the Program subject to
260 | these terms and conditions.  You may not impose any further
261 | restrictions on the recipients' exercise of the rights granted herein.
262 | You are not responsible for enforcing compliance by third parties to
263 | this License.
264 | 
265 |   7. If, as a consequence of a court judgment or allegation of patent
266 | infringement or for any other reason (not limited to patent issues),
267 | conditions are imposed on you (whether by court order, agreement or
268 | otherwise) that contradict the conditions of this License, they do not
269 | excuse you from the conditions of this License.  If you cannot
270 | distribute so as to satisfy simultaneously your obligations under this
271 | License and any other pertinent obligations, then as a consequence you
272 | may not distribute the Program at all.  For example, if a patent
273 | license would not permit royalty-free redistribution of the Program by
274 | all those who receive copies directly or indirectly through you, then
275 | the only way you could satisfy both it and this License would be to
276 | refrain entirely from distribution of the Program.
277 | 
278 | If any portion of this section is held invalid or unenforceable under
279 | any particular circumstance, the balance of the section is intended to
280 | apply and the section as a whole is intended to apply in other
281 | circumstances.
282 | 
283 | It is not the purpose of this section to induce you to infringe any
284 | patents or other property right claims or to contest validity of any
285 | such claims; this section has the sole purpose of protecting the
286 | integrity of the free software distribution system, which is
287 | implemented by public license practices.  Many people have made
288 | generous contributions to the wide range of software distributed
289 | through that system in reliance on consistent application of that
290 | system; it is up to the author/donor to decide if he or she is willing
291 | to distribute software through any other system and a licensee cannot
292 | impose that choice.
293 | 
294 | This section is intended to make thoroughly clear what is believed to
295 | be a consequence of the rest of this License.
296 | 
297 |   8. If the distribution and/or use of the Program is restricted in
298 | certain countries either by patents or by copyrighted interfaces, the
299 | original copyright holder who places the Program under this License
300 | may add an explicit geographical distribution limitation excluding
301 | those countries, so that distribution is permitted only in or among
302 | countries not thus excluded.  In such case, this License incorporates
303 | the limitation as if written in the body of this License.
304 | 
305 |   9. The Free Software Foundation may publish revised and/or new versions
306 | of the General Public License from time to time.  Such new versions will
307 | be similar in spirit to the present version, but may differ in detail to
308 | address new problems or concerns.
309 | 
310 | Each version is given a distinguishing version number.  If the Program
311 | specifies a version number of this License which applies to it and "any
312 | later version", you have the option of following the terms and conditions
313 | either of that version or of any later version published by the Free
314 | Software Foundation.  If the Program does not specify a version number of
315 | this License, you may choose any version ever published by the Free Software
316 | Foundation.
317 | 
318 |   10. If you wish to incorporate parts of the Program into other free
319 | programs whose distribution conditions are different, write to the author
320 | to ask for permission.  For software which is copyrighted by the Free
321 | Software Foundation, write to the Free Software Foundation; we sometimes
322 | make exceptions for this.  Our decision will be guided by the two goals
323 | of preserving the free status of all derivatives of our free software and
324 | of promoting the sharing and reuse of software generally.
325 | 
326 |                             NO WARRANTY
327 | 
328 |   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
329 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
330 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
331 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
332 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
333 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
334 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
335 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
336 | REPAIR OR CORRECTION.
337 | 
338 |   12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
339 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
340 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
341 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
342 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
343 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
344 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
345 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
346 | POSSIBILITY OF SUCH DAMAGES.
347 | 
348 |                      END OF TERMS AND CONDITIONS
349 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | sqlipy
 2 | ======
 3 | 
 4 | SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
 5 | 
 6 | SQLMap comes with a RESTful based server that will execute SQLMap scans.  This plugin can start the API for you or connect to an already running API to perform a scan.
 7 | 
 8 | Requirements
 9 | ============
10 | 
11 | Jython 2.7 (up to 2.7.2) <b>DO NOT USE Jython 2.7.3, it has a bug that will cause the extension to fail</b>
12 | Java 1.7 or 1.8 (the beta version of Jython 2.7 requires this)
13 | 
14 |   <b>Note:</b> Newer versions of Java do appear to work. Testing with jdk-11.0.7 works fine and newer versions are expected to work as well.
15 | 
16 | Usage
17 | =====
18 | 
19 | SQLiPy relies on a running instance of the SQLMap API server.  You can manually start the server with:
20 | <pre>
21 |   python sqlmapapi.py -s -H &lt;ip&gt; -p &lt;port&gt;
22 | </pre>
23 | 
24 | Or, you can use the SQLMap API tab to select the IP/Port on which to run, as well as the path to python and sqlmapapi.py on your system.
25 | 
26 | Once the SQLMap API is running, it is just a matter of right mouse clicking in the 'Request' sub tab of either the Target or Proxy main tabs and choosing 'SQLiPy Scan'.
27 | 
28 | This will populate the SQLMap Scanner tab of the plugin with information about that request.  Clicking the 'Start Scan' button will execute a scan.
29 | 
30 | If the page is vulnerable to SQL injection, then a thread from the plugin will poll the results and add them to the Scanner Results tab.
31 | 
32 | For more information, see the post here: https://www.codewatch.org/blog/?p=402
33 | 


--------------------------------------------------------------------------------
/SQLiPy.py:
--------------------------------------------------------------------------------
   1 | """
   2 | Name:           SQLiPy
   3 | Version:        0.8.6
   4 | Date:           9/3/2014
   5 | Author:         Josh Berry - josh.berry@codewatch.org
   6 | Github:         https://github.com/codewatchorg/sqlipy
   7 | 
   8 | Description:    This plugin leverages the SQLMap API to initiate SQLMap scans against the target.
   9 | 
  10 | This plugin requires the beta version of Jython as it uses the JSON module.
  11 | 
  12 | I used this blog post to quickly understand and leverage the SQLMap API (thrilled that someone figured this out for me):
  13 | http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html
  14 | 
  15 | The following Burp plugins were reviewed to help develop this:
  16 | - Payload Parser: https://github.com/infodel
  17 | - Burp SAMl: https://github.com/Meatballs1/burp_saml
  18 | - ActiveScan++:
  19 | - WCF Binary SOAP Handler: http://blog.securityps.com/2013/02/burp-suite-plugin-view-and-modify-wcf.html
  20 | - WSDL Wizard: https://github.com/SmeegeSec/WSDLWizard/blob/master/WSDLWizard.py
  21 | - co2: https://code.google.com/p/burp-co2/
  22 | 
  23 | """
  24 | 
  25 | from burp import IBurpExtender
  26 | from burp import IBurpExtenderCallbacks
  27 | from burp import IContextMenuFactory
  28 | from burp import IHttpRequestResponse
  29 | from burp import IMessageEditorController
  30 | from burp import IMessageEditorTabFactory
  31 | from burp import ITab
  32 | from burp import IMessageEditorTab
  33 | from burp import IScannerCheck
  34 | from burp import IScanIssue
  35 | from burp import IExtensionStateListener
  36 | from javax import swing
  37 | from javax.swing.filechooser import FileNameExtensionFilter
  38 | from java.awt import GridBagLayout
  39 | from java.awt import Font
  40 | from java.awt import Color
  41 | from java import awt
  42 | from java.lang import Runtime
  43 | from java.lang import Process
  44 | from java.lang import System
  45 | from java.lang import Runnable
  46 | from java.lang import Thread
  47 | from java.io import File
  48 | from java.io import Reader
  49 | from java.io import BufferedReader
  50 | from java.io import InputStreamReader
  51 | import subprocess
  52 | import re
  53 | import urllib2
  54 | import sys
  55 | import json
  56 | import threading
  57 | import time
  58 | import zipfile
  59 | import os
  60 | import traceback
  61 | 
  62 | class StreamGobbler(Runnable):
  63 | 
  64 |     def __init__(self, inStream, outStream):
  65 |         self.inStream = inStream
  66 |         self.outStream = outStream
  67 |         return
  68 | 
  69 |     def run(self):
  70 |         try:
  71 |             while (self.inStream.read() != -1):
  72 |                 isr = InputStreamReader(self.inStream)
  73 |                 br = BufferedReader(isr)
  74 |                 print str(br.readLine())
  75 | 
  76 |         except BaseException as ex:
  77 |             print 'Could not read API input/output/error buffer\n'
  78 | 
  79 | class SqlMapScanIssue(IScanIssue):
  80 | 
  81 |     def __init__(self, httpService, url, httpMessages, name, detail, confidence, severity):
  82 |         self.HttpService = httpService
  83 |         self.vulnurl = url
  84 |         self.HttpMessages = httpMessages
  85 |         self.vulnname = name
  86 |         self.vulndetail = detail
  87 |         self.vulnsev = severity
  88 |         self.vulnconf = confidence
  89 |         return
  90 | 
  91 |     def getUrl(self):
  92 |         return self.vulnurl
  93 | 
  94 |     def getIssueName(self):
  95 |         return self.vulnname
  96 | 
  97 |     def getIssueType(self):
  98 |         return 0
  99 | 
 100 |     def getSeverity(self):
 101 |         return self.vulnsev
 102 | 
 103 |     def getConfidence(self):
 104 |         return self.vulnconf
 105 | 
 106 |     def getIssueBackground(self):
 107 |         return None
 108 | 
 109 |     def getRemediationBackground(self):
 110 |         return None
 111 | 
 112 |     def getIssueDetail(self):
 113 |         return self.vulndetail
 114 | 
 115 |     def getRemediationDetail(self):
 116 |         return None
 117 | 
 118 |     def getHttpMessages(self):
 119 |         return self.HttpMessages
 120 | 
 121 |     def getHttpService(self):
 122 |         return self.HttpService
 123 | 
 124 | class ThreadExtender(IBurpExtender, IContextMenuFactory, ITab, IScannerCheck):
 125 |   def __init__(self, burpobject, sqlmapip, sqlmapport, sqlmaptask, url, httpmessage, cbacks):
 126 |     self.burpobject = burpobject
 127 |     self.sqlmapip = sqlmapip
 128 |     self.sqlmapport = sqlmapport
 129 |     self.sqlmaptask = sqlmaptask
 130 |     self.url = url
 131 |     self.httpmessage = httpmessage
 132 |     self.cbacks = cbacks
 133 | 
 134 |   def checkResults(self):
 135 |     t = threading.currentThread()
 136 |     time.sleep(5)
 137 |     print 'Checking results on task: '+self.sqlmaptask+'\n'
 138 | 
 139 |     while getattr(t, "keep_running", True):
 140 | 
 141 |       try:
 142 |         req = urllib2.Request('http://' + str(self.sqlmapip) + ':' + str(self.sqlmapport) + '/scan/' + str(self.sqlmaptask) + '/status')
 143 |         req.add_header('Content-Type', 'application/json')
 144 |         resp = json.load(urllib2.urlopen(req, timeout=10))
 145 | 
 146 |         if resp['status'] == "running":
 147 |           print 'Scan for task '+self.sqlmaptask+' is still running.\n'
 148 |           time.sleep(30)
 149 |         elif resp['status'] == "terminated":
 150 |           if resp['returncode'] == 0:
 151 |             print 'Scan for task '+self.sqlmaptask+' completed.  Gathering results.\n'
 152 |             vulnurl = ''
 153 |             vulnparam = ''
 154 |             dbtype = ''
 155 |             payloads = ''
 156 |             banner = ''
 157 |             cu = ''
 158 |             cdb = ''
 159 |             hostname = ''
 160 |             isdba = ''
 161 |             lusers = ''
 162 |             lprivs = ''
 163 |             lroles = ''
 164 |             ldbs = ''
 165 |             lpswds = ''
 166 | 
 167 |             try:
 168 |               req = urllib2.Request('http://' + str(self.sqlmapip) + ':' + str(self.sqlmapport) + '/scan/' + str(self.sqlmaptask) + '/data')
 169 |               req.add_header('Content-Type', 'application/json')
 170 |               resp = json.load(urllib2.urlopen(req, timeout=10))
 171 |               vulnerable = False
 172 | 
 173 |               for findings in resp['data']:
 174 |                 vulnerable = True
 175 | 
 176 |                 # Get vulnerable URL and param
 177 |                 if findings['type'] == 0:
 178 |                   vulnurl = findings['value']['url']
 179 |                   vulnparam = findings['value']['query']
 180 |                   vulndetails = '<ul><li>URL: '+str(vulnurl)+'</li><li>Parameter: '+str(vulnparam)+'</li></ul>'
 181 | 
 182 |                 # Get basic scan info
 183 |                 if findings['type'] == 1:
 184 |                   if isinstance(findings['value'][0]['dbms'], list):
 185 |                     for dbtypes in findings['value'][0]['dbms']:
 186 |                       dbtype = dbtype + dbtypes + ', or '
 187 | 
 188 |                     dbtype = dbtype[:-5]
 189 |                   else:
 190 |                     dbtype = findings['value'][0]['dbms']
 191 | 
 192 |                   for items in findings['value']:
 193 |                     firstpayload = True
 194 |                     for k in items['data']:
 195 |                       if firstpayload:
 196 |                         payloads = '<li>'+items['data'][k]['payload']+'</li>'
 197 |                         firstpayload = False
 198 |                       else:
 199 |                         payloads = payloads + '<li>'+items['data'][k]['payload']+'</li>'
 200 | 
 201 |                     if firstpayload == False:
 202 |                       payloads = '<ul>' + payloads + '</ul><BR>'
 203 | 
 204 |                 # Get banner info
 205 |                 if findings['type'] == 3:
 206 |                   banner = findings['value']+'<BR>'
 207 | 
 208 |                 # Get Current Users
 209 |                 elif findings['type'] == 4:
 210 |                   cu = 'Current User: '+findings['value']+'<BR>'
 211 | 
 212 |                 # Get Current Database
 213 |                 elif findings['type'] == 5:
 214 |                   cdb = 'Current Database: '+findings['value']+'<BR>'
 215 | 
 216 |                 # Get Hostname
 217 |                 elif findings['type'] == 6:
 218 |                   if findings['value'] is not None: 
 219 |                     hostname = 'Hostname: '+str(findings['value'])+'<BR>' 
 220 |                   else: 
 221 |                     hostname = 'Hostname: Enumeration failed.<BR>' 
 222 | 
 223 | 
 224 |                 # Is the user a DBA?
 225 |                 elif findings['type'] == 7:
 226 |                   if findings['value'] == True:
 227 |                     isdba = 'Is a DBA: Yes'+'<BR>'
 228 |                   else:
 229 |                     isdba = 'Is a DBA: No'+'<BR>'
 230 | 
 231 |                 # Get list of users
 232 |                 elif findings['type'] == 8:
 233 |                   firstuser = True
 234 |                   for user in findings['value']:
 235 |                     if firstuser:
 236 |                       lusers = '<li>'+user+'</li>'
 237 |                       firstuser = False
 238 |                     else:
 239 |                       lusers = lusers + '<li>'+user+'</li>'
 240 | 
 241 |                   if firstuser == False:
 242 |                     lusers = 'Users:<ul>' + lusers + '</ul><BR>'
 243 | 
 244 |                 # Get list of passwords
 245 |                 elif findings['type'] == 9:
 246 |                   userdata = ''
 247 |                   userpswds = ''
 248 |                   firstuser = True
 249 | 
 250 |                   for users in findings['value']:
 251 |                     firstpswd = True
 252 | 
 253 |                     if firstuser:
 254 |                       firstuser = False
 255 |                       userdata = '<li>'+users+'</li>'
 256 |                     else:
 257 |                       userdata = userdata + '<li>'+users+'</li>'
 258 | 
 259 |                     for pswd in findings['value'][users]:
 260 |                       if firstpswd:
 261 |                         firstswd = False
 262 |                         userpswds = '<li>'+pswd+'</li>'
 263 |                       else:
 264 |                         userpswds = userpswds + '<li>'+pswd+'</li>'
 265 | 
 266 |                     lpswds = lpswds + userdata + '<ul>'+userpswds+'</ul>'
 267 |                     userdata = ''
 268 |                     userpswds = ''
 269 | 
 270 |                   if firstuser == False:
 271 |                     lpswds = 'Password Hashes per User:<ul>'+lpswds+'</ul><BR>'
 272 | 
 273 |                 # Get list of privileges
 274 |                 elif findings['type'] == 10:
 275 |                   userdata = ''
 276 |                   userprivs = ''
 277 |                   firstuser = True
 278 | 
 279 |                   for users in findings['value']:
 280 |                     firstpriv = True
 281 | 
 282 |                     if firstuser:
 283 |                       firstuser = False
 284 |                       userdata = '<li>'+users+'</li>'
 285 |                     else:
 286 |                       userdata = userdata + '<li>'+users+'</li>'
 287 | 
 288 |                     if findings['value'][users] is not None:
 289 |                       for priv in findings['value'][users]:
 290 |                         if firstpriv:
 291 |                           firstpriv = False
 292 |                           userprivs = '<li>'+priv+'</li>'
 293 |                         else:
 294 |                           userprivs = userprivs + '<li>'+priv+'</li>'
 295 |                     else:
 296 |                       userprivs = '<li>Null</li>'
 297 | 
 298 |                     lprivs = lprivs + userdata + '<ul>'+userprivs+'</ul>'
 299 |                     userdata = ''
 300 |                     userprivs = ''
 301 | 
 302 |                   if firstuser == False:
 303 |                     lprivs = 'Privileges per User:<ul>'+lprivs+'</ul><BR>'
 304 | 
 305 |                 # Get list of roles
 306 |                 elif findings['type'] == 11:
 307 |                   userdata = ''
 308 |                   userroles = ''
 309 |                   firstuser = True
 310 | 
 311 |                   for users in findings['value']:
 312 |                     firstrole = True
 313 | 
 314 |                     if firstuser:
 315 |                       firstuser = False
 316 |                       userdata = '<li>'+users+'</li>'
 317 |                     else:
 318 |                       userdata = userdata + '<li>'+users+'</li>'
 319 | 
 320 |                     if findings['value'][users] is not None:
 321 |                       for role in findings['value'][users]:
 322 |                         if firstrole:
 323 |                           firstrole = False
 324 |                           userroles = '<li>'+role+'</li>'
 325 |                         else:
 326 |                           userroles = userroles + '<li>'+role+'</li>'
 327 |                     else:
 328 |                       userroles = '<li>Null</li>'
 329 | 
 330 |                     lroles = lroles + userdata + '<ul>'+userroles+'</ul>'
 331 |                     userdata = ''
 332 |                     userroles = ''
 333 | 
 334 |                   if firstuser == False:
 335 |                     lroles = 'Roles per User:<ul>'+lroles+'</ul><BR>'
 336 | 
 337 |                 # Get list of DBs
 338 |                 elif findings['type'] == 12:
 339 |                   firstdb = True
 340 |                   for db in findings['value']:
 341 |                     if firstdb:
 342 |                       ldbs = '<li>'+str(db)+'</li>'
 343 |                       firstdb = False
 344 |                     else:
 345 |                       ldbs = ldbs + '<li>'+str(db)+'</li>'
 346 | 
 347 |                   if firstdb == False:
 348 |                     ldbs = 'Databases:<ul>' + ldbs + '</ul><BR>'
 349 | 
 350 |               if vulnerable:
 351 |                 if re.search('Free', self.cbacks.getBurpVersion()[0], re.IGNORECASE) is not None:
 352 |                   findings = open(self.sqlmaptask + '.html', 'w')
 353 |                   findings.write('<html><head><title>SQLMap Scan - ' + self.sqlmaptask + '</title></head><body>')
 354 |                   findings.write('<h1>SQLMap Scan Finding</h1><br><p>The application has been found to be vulnerable to SQL injection by SQLMap.</p><br>')
 355 |                   findings.write('<p>Vulnerable URL and Parameter:</p><p>'+vulndetails+'</p>')
 356 |                   findings.write('<p>The following payloads successfully identified SQL injection vulnerabilities:</p><p>'+payloads+'</p><p>Enumerated Data:</p><BR><p>'+dbtype+': '+banner+'</p><p>'+cu+'</p><p>'+cdb+'</p><p>'+hostname+'</p><p>'+isdba+'</p><p>'+lusers+'</p><p>'+lpswds+'</p><p>'+lprivs+'</p><p>'+lroles+'</p><p>'+ldbs+'</p>')
 357 |                   findings.write('</body></html>')
 358 |                   findings.close()
 359 |                   print 'Wrote scan file ' + self.sqlmaptask + '.html\n'
 360 |                 else:
 361 |                   scanIssue = SqlMapScanIssue(self.httpmessage.getHttpService(), self.url, [self.httpmessage], 'SQLMap Scan Finding',
 362 |                       'The application has been found to be vulnerable to SQL injection by SQLMap.  <BR><BR>Vulnerable URL and Parameter:<p>'+vulndetails+'</p><BR>The following payloads successfully identified SQL injection vulnerabilities:<p>'+payloads+'</p><p>Enumerated Data:</p><BR><p>'+dbtype+': '+banner+'</p><p>'+cu+'</p><p>'+cdb+'</p><p>'+hostname+'</p><p>'+isdba+'</p><p>'+lusers+'</p><p>'+lpswds+'</p><p>'+lprivs+'</p><p>'+lroles+'</p><p>'+ldbs+'</p>', 'Certain', 'High')
 363 |                   self.cbacks.addScanIssue(scanIssue)
 364 | 
 365 |                 print 'SQLi vulnerabilities were found for task '+self.sqlmaptask+' and have been reported.\n'
 366 |               else:
 367 |                 print 'Scan completed for task '+self.sqlmaptask+' but SQLi vulnerabilities were not found.\n'
 368 | 
 369 |               break
 370 | 
 371 |             except:
 372 |               print 'No results for SQLMap task: '+self.sqlmaptask+'\n'
 373 |               break
 374 | 
 375 |           else:
 376 |             print 'SQLMap scan failed for task: '+self.sqlmaptask+'\n'
 377 |             break
 378 | 
 379 |         else:
 380 |           print 'SQLMap scan failed for task: '+self.sqlmaptask+'\n'
 381 |           break
 382 | 
 383 |       except:
 384 |         print 'Thread failed to get results for SQLMap task: ' + self.sqlmaptask+'\n'
 385 |         break
 386 | 
 387 | class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IExtensionStateListener):
 388 |   pythonfile = ''
 389 |   apifile = ''
 390 |   apiprocess = Process
 391 |   apistatus = 0
 392 |   threads = []
 393 |   scanMessage = ''
 394 |   scantasks = []
 395 |   scancmds = {}
 396 | 
 397 |   # Implement IBurpExtender
 398 |   def registerExtenderCallbacks(self, callbacks):
 399 |     # Print information about the plugin, set extension name, setup basic stuff
 400 |     self.printHeader()
 401 |     callbacks.setExtensionName("SQLiPy Sqlmap Integration")
 402 |     callbacks.registerExtensionStateListener(self)
 403 |     self._callbacks = callbacks
 404 |     self._helpers = callbacks.getHelpers()
 405 |     callbacks.registerContextMenuFactory(self)
 406 | 
 407 |     # Create SQLMap API configuration JPanel
 408 |     self._jPanel = swing.JPanel()
 409 |     self._jPanel.setLayout(awt.GridBagLayout())
 410 |     self._jPanelConstraints = awt.GridBagConstraints()
 411 | 
 412 |     # Create first blank space
 413 |     self._jLabelAPISpace1 = swing.JLabel(" ")
 414 |     self._jLabelAPISpace1.setFont(Font("Courier New", Font.BOLD, 30))
 415 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 416 |     self._jPanelConstraints.gridx = 0
 417 |     self._jPanelConstraints.gridy = 2
 418 |     self._jPanelConstraints.gridwidth = 2
 419 |     self._jPanel.add(self._jLabelAPISpace1, self._jPanelConstraints)
 420 | 
 421 |     # Create second blank space
 422 |     self._jLabelAPISpace2 = swing.JLabel(" ")
 423 |     self._jLabelAPISpace2.setFont(Font("Courier New", Font.BOLD, 30))
 424 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 425 |     self._jPanelConstraints.gridx = 0
 426 |     self._jPanelConstraints.gridy = 3
 427 |     self._jPanelConstraints.gridwidth = 2
 428 |     self._jPanel.add(self._jLabelAPISpace2, self._jPanelConstraints)
 429 | 
 430 |     # Create panel to show API status
 431 |     self._jLabelAPIStatus = swing.JLabel("SQLMap API is NOT running!")
 432 |     self._jLabelAPIStatus.setFont(Font("Courier New", Font.BOLD, 24))
 433 |     self._jLabelAPIStatus.setForeground(Color.RED)
 434 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 435 |     self._jPanelConstraints.gridx = 0
 436 |     self._jPanelConstraints.gridy = 4
 437 |     self._jPanelConstraints.gridwidth = 2
 438 |     self._jPanel.add(self._jLabelAPIStatus, self._jPanelConstraints)
 439 | 
 440 |     # Create third blank space
 441 |     self._jLabelAPISpace3 = swing.JLabel(" ")
 442 |     self._jLabelAPISpace3.setFont(Font("Courier New", Font.BOLD, 30))
 443 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 444 |     self._jPanelConstraints.gridx = 0
 445 |     self._jPanelConstraints.gridy = 5
 446 |     self._jPanelConstraints.gridwidth = 2
 447 |     self._jPanel.add(self._jLabelAPISpace3, self._jPanelConstraints)
 448 | 
 449 |     # Create panel for IP info
 450 |     self._jLabelIPListen = swing.JLabel("Listen on IP:")
 451 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 452 |     self._jPanelConstraints.gridx = 0
 453 |     self._jPanelConstraints.gridy = 6
 454 |     self._jPanelConstraints.gridwidth = 1
 455 |     self._jPanel.add(self._jLabelIPListen, self._jPanelConstraints)
 456 | 
 457 |     self._jTextFieldIPListen = swing.JTextField("127.0.0.1",15)
 458 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 459 |     self._jPanelConstraints.gridx = 1
 460 |     self._jPanelConstraints.gridy = 6
 461 |     self._jPanelConstraints.gridwidth = 1
 462 |     self._jPanel.add(self._jTextFieldIPListen, self._jPanelConstraints)
 463 | 
 464 |     # Create panel for Port info
 465 |     self._jLabelPortListen = swing.JLabel("Listen on Port:")
 466 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 467 |     self._jPanelConstraints.gridx = 0
 468 |     self._jPanelConstraints.gridy = 7
 469 |     self._jPanelConstraints.gridwidth = 1
 470 |     self._jPanel.add(self._jLabelPortListen, self._jPanelConstraints)
 471 | 
 472 |     self._jTextFieldPortListen = swing.JTextField("9090",3)
 473 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 474 |     self._jPanelConstraints.gridx = 1
 475 |     self._jPanelConstraints.gridy = 7
 476 |     self._jPanelConstraints.gridwidth = 1
 477 |     self._jPanel.add(self._jTextFieldPortListen, self._jPanelConstraints)
 478 | 
 479 |     # Create panel to contain Python button
 480 |     self._jLabelPython = swing.JLabel("Select Python:")
 481 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 482 |     self._jPanelConstraints.gridx = 0
 483 |     self._jPanelConstraints.gridy = 8
 484 |     self._jPanelConstraints.gridwidth = 1
 485 |     self._jPanel.add(self._jLabelPython, self._jPanelConstraints)
 486 | 
 487 |     self._jButtonSetPython = swing.JButton('Python', actionPerformed=self.setPython)
 488 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 489 |     self._jPanelConstraints.gridx = 1
 490 |     self._jPanelConstraints.gridy = 8
 491 |     self._jPanelConstraints.gridwidth = 1
 492 |     self._jPanel.add(self._jButtonSetPython, self._jPanelConstraints)
 493 | 
 494 |     # Create panel to contain API button
 495 |     self._jLabelAPI = swing.JLabel("Select API:")
 496 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 497 |     self._jPanelConstraints.gridx = 0
 498 |     self._jPanelConstraints.gridy = 9
 499 |     self._jPanelConstraints.gridwidth = 1
 500 |     self._jPanel.add(self._jLabelAPI, self._jPanelConstraints)
 501 | 
 502 |     self._jButtonSetAPI = swing.JButton('SQLMap API', actionPerformed=self.setAPI)
 503 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 504 |     self._jPanelConstraints.gridx = 1
 505 |     self._jPanelConstraints.gridy = 9
 506 |     self._jPanelConstraints.gridwidth = 1
 507 |     self._jPanel.add(self._jButtonSetAPI, self._jPanelConstraints)
 508 | 
 509 |     # Create panel to execute API
 510 |     self._jButtonStartAPI = swing.JButton('Start API', actionPerformed=self.startAPI)
 511 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 512 |     self._jPanelConstraints.gridx = 0
 513 |     self._jPanelConstraints.gridy = 10
 514 |     self._jPanelConstraints.gridwidth = 2
 515 |     self._jPanel.add(self._jButtonStartAPI, self._jPanelConstraints)
 516 | 
 517 |     # Create panel to stop API
 518 |     self._jButtonStopAPI = swing.JButton('Stop API', actionPerformed=self.stopAPI)
 519 |     self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
 520 |     self._jPanelConstraints.gridx = 0
 521 |     self._jPanelConstraints.gridy = 11
 522 |     self._jPanelConstraints.gridwidth = 2
 523 |     self._jPanel.add(self._jButtonStopAPI, self._jPanelConstraints)
 524 | 
 525 |     # Create SQLMap scanner panel
 526 |     # Combobox Values
 527 |     httpMethodValues = ['Default', 'GET', 'POST', 'PUT', 'DELETE', 'PATCH']
 528 |     levelValues = [1,2,3,4,5]
 529 |     riskValues = [0,1,2,3]
 530 |     threadValues = [1,2,3,4,5,6,7,8,9,10]
 531 |     delayValues = [0,1,2,3,4,5]
 532 |     timeoutValues = [1,5,10,15,20,25,30,35,40,45,50,55,60]
 533 |     retryValues = [1,2,3,4,5,6,7,8,9,10]
 534 |     dbmsValues = ['Any', 'MySQL', 'Oracle', 'PostgreSQL', 'Microsoft SQL Server', 'Microsoft Access', 'SQLite', 'Firebird', 'Sybase', 'SAP MaxDB', 'DB2', 'Informix', 'MariaDB', 'Percona', 'MemSQL', 'TiDB', 'CockroachDB', 'HSQLDB', 'H2', 'MonetDB', 'Apache Derby', 'Amazon Redshift', 'Vertica', 'Mckoi', 'Presto', 'Altibase', 'MimerSQL', 'CrateDB', 'Greenplum', 'Drizzle', 'Apache Ignite', 'Cubrid', 'InterSystems Cache', 'IRIS', 'eXtremeDB', 'FrontBase']
 535 |     authTypes = ['None', 'Basic', 'Digest', 'NTLM']
 536 |     osValues = ['Any', 'Linux', 'Windows']
 537 |     timeSecValues = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]
 538 |     torTypes = ['HTTP', 'SOCKS4', 'SOCKS5']
 539 | 
 540 |     # GUI components
 541 |     self._jLabelScanText = swing.JLabel()
 542 |     self._jLabelScanIPListen = swing.JLabel()
 543 |     self._jLabelScanPortListen = swing.JLabel()
 544 |     self._jTextFieldScanIPListen = swing.JTextField()
 545 |     self._jTextFieldScanPortListen = swing.JTextField()
 546 |     self._jSeparator1 = swing.JSeparator()
 547 |     self._jLabelHttpMethod = swing.JLabel()
 548 |     self._jLabelIgnoreCode = swing.JLabel()
 549 |     self._jComboHttpMethod = swing.JComboBox(httpMethodValues)
 550 |     self._jTextFieldIgnoreCode = swing.JTextField()
 551 |     self._jLabelURL = swing.JLabel()
 552 |     self._jTextFieldURL = swing.JTextField()
 553 |     self._jLabelData = swing.JLabel()
 554 |     self._jTextData = swing.JTextArea()
 555 |     self._jScrollPaneData = swing.JScrollPane(self._jTextData)
 556 |     self._jLabelCookie = swing.JLabel()
 557 |     self._jTextFieldCookie = swing.JTextField()
 558 |     self._jLabelReferer = swing.JLabel()
 559 |     self._jTextFieldReferer = swing.JTextField()
 560 |     self._jLabelUA = swing.JLabel()
 561 |     self._jTextFieldUA = swing.JTextField()
 562 |     self._jLabelCustHeader = swing.JLabel()
 563 |     self._jTextFieldCustHeader = swing.JTextField()
 564 |     self._jCustHeadCheckParam = swing.JCheckBox()
 565 |     self._jSeparator2 = swing.JSeparator()
 566 |     self._jLabelParam = swing.JLabel()
 567 |     self._jTextFieldParam = swing.JTextField()
 568 |     self._jCheckTO = swing.JCheckBox()
 569 |     self._jSeparator3 = swing.JSeparator()
 570 |     self._jComboLevel = swing.JComboBox(levelValues)
 571 |     self._jLabelLevel = swing.JLabel()
 572 |     self._jLabelRisk = swing.JLabel()
 573 |     self._jComboRisk = swing.JComboBox(riskValues)
 574 |     self._jSeparator4 = swing.JSeparator()
 575 |     self._jCheckHPP = swing.JCheckBox('Param Pollution')
 576 |     self._jCheckCU = swing.JCheckBox('Current User')
 577 |     self._jCheckDB = swing.JCheckBox('Current DB')
 578 |     self._jCheckHost = swing.JCheckBox('Hostname')
 579 |     self._jCheckDBA = swing.JCheckBox('Is DBA?')
 580 |     self._jCheckUsers = swing.JCheckBox('List Users')
 581 |     self._jCheckPrivs = swing.JCheckBox('List Privs')
 582 |     self._jCheckPswds = swing.JCheckBox('List Passwords')
 583 |     self._jCheckRoles = swing.JCheckBox('List Roles')
 584 |     self._jCheckDBs = swing.JCheckBox('List DBs')
 585 |     self._jSeparator5 = swing.JSeparator()
 586 |     self._jLabelThreads = swing.JLabel()
 587 |     self._jLabelDelay = swing.JLabel()
 588 |     self._jLabelTimeout = swing.JLabel()
 589 |     self._jLabelRetry = swing.JLabel()
 590 |     self._jLabelTimeSec = swing.JLabel()
 591 |     self._jComboThreads = swing.JComboBox(threadValues)
 592 |     self._jComboDelay = swing.JComboBox(delayValues)
 593 |     self._jComboTimeout = swing.JComboBox(timeoutValues)
 594 |     self._jComboRetry = swing.JComboBox(retryValues)
 595 |     self._jComboTimeSec = swing.JComboBox(timeSecValues)
 596 |     self._jSeparator6 = swing.JSeparator()
 597 |     self._jLabelDBMS = swing.JLabel()
 598 |     self._jComboDBMS = swing.JComboBox(dbmsValues)
 599 |     self._jLabelOS = swing.JLabel()
 600 |     self._jComboOS = swing.JComboBox(osValues)
 601 |     self._jSeparator7 = swing.JSeparator()
 602 |     self._jLabelProxy = swing.JLabel()
 603 |     self._jTextFieldProxy = swing.JTextField()
 604 |     self._jSeparator8 = swing.JSeparator()
 605 |     self._jLabelTamper = swing.JLabel()
 606 |     self._jTextFieldTamper = swing.JTextField()
 607 |     self._jButtonStartScan = swing.JButton('Start Scan', actionPerformed=self.startScan)
 608 |     self._jLabelScanAPI = swing.JLabel()
 609 |     self._jLabelScanAPI.setText('SQLMap API is NOT running!')
 610 |     self._jLabelScanAPI.setForeground(Color.RED)
 611 |     self._jSeparator9 = swing.JSeparator()
 612 |     self._jSeparator10 = swing.JSeparator()
 613 |     self._jCheckTor = swing.JCheckBox('Enable Tor')
 614 |     self._jLabelTorType = swing.JLabel()
 615 |     self._jComboTorType = swing.JComboBox(torTypes)
 616 |     self._jLabelTorPort = swing.JLabel()
 617 |     self._jTextFieldTorPort = swing.JTextField()
 618 |     self._jSeparator11 = swing.JSeparator()
 619 |     self._jLabelAuthType = swing.JLabel()
 620 |     self._jComboAuthType = swing.JComboBox(authTypes)
 621 |     self._jLabelAuthUser = swing.JLabel()
 622 |     self._jTextFieldAuthUser = swing.JTextField()
 623 |     self._jLabelAuthPass = swing.JLabel()
 624 |     self._jTextFieldAuthPass = swing.JTextField()
 625 |     self._jLabelTechnique = swing.JLabel()
 626 |     self._jTextFieldTechnique = swing.JTextField()
 627 | 
 628 |     # Configure GUI
 629 |     self._jLabelScanText.setText('API Listening On:')
 630 |     self._jLabelScanIPListen.setText('SQLMap API IP:')
 631 |     self._jLabelScanPortListen.setText('SQLMap API Port:')
 632 |     self._jLabelHttpMethod.setText('HTTP Method:')
 633 |     self._jLabelIgnoreCode.setText('Ignore Error Code:')
 634 |     self._jComboHttpMethod.setSelectedIndex(0)
 635 |     self._jLabelURL.setText('URL:')
 636 |     self._jLabelData.setText('Post Data:')
 637 |     self._jTextData.setLineWrap(True)
 638 |     self._jScrollPaneData.setVerticalScrollBarPolicy(swing.JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
 639 |     self._jLabelCookie.setText('Cookies:')
 640 |     self._jLabelReferer.setText('Referer:')
 641 |     self._jLabelUA.setText('User-Agent:')
 642 |     self._jLabelCustHeader.setText('Extra Headers:')
 643 |     self._jLabelParam.setText('Test Parameter(s):')
 644 |     self._jCustHeadCheckParam.setText('Add Headers')
 645 |     self._jCheckTO.setText('Text Only')
 646 |     self._jLabelLevel.setText('Level:')
 647 |     self._jLabelRisk.setText('Risk:')
 648 |     self._jComboLevel.setSelectedIndex(2)
 649 |     self._jComboRisk.setSelectedIndex(1)
 650 |     self._jComboThreads.setSelectedIndex(0)
 651 |     self._jComboDelay.setSelectedIndex(0)
 652 |     self._jComboTimeout.setSelectedIndex(6)
 653 |     self._jComboRetry.setSelectedIndex(2)
 654 |     self._jComboTimeSec.setSelectedIndex(4)
 655 |     self._jComboDBMS.setSelectedIndex(0)
 656 |     self._jComboOS.setSelectedIndex(0)
 657 |     self._jComboTorType.setSelectedIndex(2)
 658 |     self._jLabelThreads.setText('Threads:')
 659 |     self._jLabelDelay.setText('Delay:')
 660 |     self._jLabelTimeout.setText('Timeout:')
 661 |     self._jLabelRetry.setText('Retries:')
 662 |     self._jLabelTimeSec.setText('Time-Sec:')
 663 |     self._jLabelDBMS.setText('DBMS Backend:')
 664 |     self._jLabelOS.setText('Operating System:')
 665 |     self._jLabelProxy.setText('Proxy (HTTP://IP:Port):')
 666 |     self._jLabelTamper.setText('Tamper Scripts:')
 667 |     self._jLabelTorType.setText('Tor Type:')
 668 |     self._jLabelTorPort.setText('Tor Port:')
 669 |     self._jTextFieldTorPort.setText('9050')
 670 |     self._jLabelAuthType.setText('Auth Type:')
 671 |     self._jLabelAuthUser.setText('Auth User:')
 672 |     self._jLabelAuthPass.setText('Auth Pass:')
 673 |     self._jComboAuthType.setSelectedIndex(0)
 674 |     self._jLabelTechnique.setText('Technique (BEUSTQ):')
 675 |     self._jTextFieldTechnique.setText('BEUSTQ')
 676 | 
 677 |     # Configure locations
 678 |     self._jLabelScanText.setBounds(15, 16, 126, 20)
 679 |     self._jLabelScanIPListen.setBounds(15, 58, 115, 20)
 680 |     self._jLabelScanPortListen.setBounds(402, 55, 129, 20)
 681 |     self._jTextFieldScanIPListen.setBounds(167, 52, 206, 26)
 682 |     self._jTextFieldScanPortListen.setBounds(546, 52, 63, 26)
 683 |     self._jSeparator1.setBounds(15, 96, 790, 10)
 684 |     self._jLabelHttpMethod.setBounds(15, 117, 100, 26)
 685 |     self._jLabelIgnoreCode.setBounds(402, 117, 129, 26)
 686 |     self._jComboHttpMethod.setBounds(166, 117, 150, 26)
 687 |     self._jTextFieldIgnoreCode.setBounds(546, 117, 63, 26)
 688 |     self._jLabelURL.setBounds(15, 193, 35, 20)
 689 |     self._jTextFieldURL.setBounds(166, 190, 535, 26)
 690 |     self._jLabelData.setBounds(15, 232, 73, 20)
 691 |     self._jScrollPaneData.setBounds(166, 232, 535, 96)
 692 |     self._jLabelCookie.setBounds(15, 347, 61, 20)
 693 |     self._jTextFieldCookie.setBounds(166, 347, 535, 26)
 694 |     self._jLabelReferer.setBounds(15, 396, 57, 20)
 695 |     self._jTextFieldReferer.setBounds(166, 396, 535, 26)
 696 |     self._jLabelUA.setBounds(15, 445, 86, 20)
 697 |     self._jTextFieldUA.setBounds(166, 445, 535, 26)
 698 |     self._jLabelCustHeader.setBounds(15, 494, 132, 20)
 699 |     self._jTextFieldCustHeader.setBounds(166, 494, 366, 26)
 700 |     self._jCustHeadCheckParam.setBounds(584, 494, 101, 29)
 701 |     self._jSeparator2.setBounds(15, 535, 790, 10)
 702 |     self._jLabelParam.setBounds(15, 559, 132, 20)
 703 |     self._jTextFieldParam.setBounds(165, 556, 366, 26)
 704 |     self._jCheckTO.setBounds(584, 555, 101, 29)
 705 |     self._jSeparator3.setBounds(15, 602, 790, 10)
 706 |     self._jLabelLevel.setBounds(15, 623, 120, 20)
 707 |     self._jComboLevel.setBounds(65, 620, 120, 26)
 708 |     self._jLabelRisk.setBounds(205, 623, 120, 20)
 709 |     self._jComboRisk.setBounds(245, 620, 120, 26)
 710 |     self._jLabelTechnique.setBounds(375, 620, 140, 26)
 711 |     self._jTextFieldTechnique.setBounds(510, 620, 120, 26)
 712 |     self._jSeparator4.setBounds(15, 664, 790, 10)
 713 |     self._jCheckHPP.setBounds(15, 684, 145, 29)
 714 |     self._jCheckCU.setBounds(191, 684, 123, 29)
 715 |     self._jCheckDB.setBounds(340, 684, 111, 29)
 716 |     self._jCheckHost.setBounds(469, 684, 103, 29)
 717 |     self._jCheckDBA.setBounds(599, 684, 105, 29)
 718 |     self._jCheckUsers.setBounds(15, 731, 101, 29)
 719 |     self._jCheckPswds.setBounds(191, 731, 135, 29)
 720 |     self._jCheckPrivs.setBounds(344, 731, 95, 29)
 721 |     self._jCheckRoles.setBounds(469, 731, 99, 29)
 722 |     self._jCheckDBs.setBounds(599, 731, 89, 29)
 723 |     self._jSeparator5.setBounds(15, 772, 790, 10)
 724 |     self._jLabelThreads.setBounds(15, 795, 63, 20)
 725 |     self._jLabelDelay.setBounds(173, 795, 45, 20)
 726 |     self._jLabelTimeout.setBounds(326, 795, 65, 20)
 727 |     self._jLabelRetry.setBounds(484, 795, 48, 20)
 728 |     self._jLabelTimeSec.setBounds(642, 795, 65, 20)
 729 |     self._jComboThreads.setBounds(80, 792, 78, 26)
 730 |     self._jComboDelay.setBounds(233, 792, 78, 26)
 731 |     self._jComboTimeout.setBounds(391, 792, 78, 26)
 732 |     self._jComboRetry.setBounds(549, 792, 78, 26)
 733 |     self._jComboTimeSec.setBounds(717, 792, 78, 26)
 734 |     self._jSeparator6.setBounds(15, 834, 790, 10)
 735 |     self._jLabelDBMS.setBounds(15, 857, 110, 20)
 736 |     self._jComboDBMS.setBounds(143, 854, 191, 26)
 737 |     self._jLabelOS.setBounds(352, 857, 132, 20)
 738 |     self._jComboOS.setBounds(502, 854, 191, 26)
 739 |     self._jSeparator7.setBounds(15, 896, 790, 10)
 740 |     self._jLabelProxy.setBounds(15, 920, 171, 20)
 741 |     self._jTextFieldProxy.setBounds(204, 917, 256, 26)
 742 |     self._jSeparator8.setBounds(15, 963, 790, 10)
 743 |     self._jCheckTor.setBounds(15, 987, 171, 20)
 744 |     self._jLabelTorType.setBounds(206, 984, 65, 26)
 745 |     self._jComboTorType.setBounds(291, 984, 100, 26)
 746 |     self._jLabelTorPort.setBounds(460, 984, 129, 26)
 747 |     self._jTextFieldTorPort.setBounds(545, 984, 65, 26)
 748 |     self._jSeparator9.setBounds(15, 1030, 790, 10)
 749 |     self._jLabelTamper.setBounds(15, 1055, 171, 20)
 750 |     self._jTextFieldTamper.setBounds(204, 1052, 256, 26)
 751 |     self._jSeparator10.setBounds(15, 1098, 790, 10)
 752 |     self._jLabelAuthType.setBounds(15, 1123, 171, 20)
 753 |     self._jComboAuthType.setBounds(204, 1123, 100, 26)
 754 |     self._jLabelAuthUser.setBounds(15, 1172, 171, 20)
 755 |     self._jTextFieldAuthUser.setBounds(204, 1172, 256, 26)
 756 |     self._jLabelAuthPass.setBounds(15, 1221, 171, 20)
 757 |     self._jTextFieldAuthPass.setBounds(204, 1221, 256, 26)
 758 |     self._jSeparator11.setBounds(15, 1267, 790, 10)
 759 |     self._jButtonStartScan.setBounds(346, 1292, 103, 29)
 760 |     self._jLabelScanAPI.setBounds(167, 16, 275, 20)
 761 | 
 762 |     # Create main panel
 763 |     self._jScanPanel = swing.JPanel()
 764 |     self._jScanPanel.setLayout(None)
 765 |     self._jScanPanel.setPreferredSize(awt.Dimension(1368,1368))
 766 |     self._jScanPanel.add(self._jLabelScanText)
 767 |     self._jScanPanel.add(self._jLabelScanIPListen)
 768 |     self._jScanPanel.add(self._jLabelScanPortListen)
 769 |     self._jScanPanel.add(self._jTextFieldScanIPListen)
 770 |     self._jScanPanel.add(self._jTextFieldScanPortListen)
 771 |     self._jScanPanel.add(self._jSeparator1)
 772 |     self._jScanPanel.add(self._jLabelURL)
 773 |     self._jScanPanel.add(self._jTextFieldURL)
 774 |     self._jScanPanel.add(self._jLabelData)
 775 |     self._jScanPanel.add(self._jScrollPaneData)
 776 |     self._jScanPanel.add(self._jLabelCookie)
 777 |     self._jScanPanel.add(self._jTextFieldCookie)
 778 |     self._jScanPanel.add(self._jLabelReferer)
 779 |     self._jScanPanel.add(self._jTextFieldReferer)
 780 |     self._jScanPanel.add(self._jLabelHttpMethod)
 781 |     self._jScanPanel.add(self._jLabelIgnoreCode)
 782 |     self._jScanPanel.add(self._jComboHttpMethod)
 783 |     self._jScanPanel.add(self._jTextFieldIgnoreCode)
 784 |     self._jScanPanel.add(self._jLabelUA)
 785 |     self._jScanPanel.add(self._jTextFieldUA)
 786 |     self._jScanPanel.add(self._jLabelCustHeader)
 787 |     self._jScanPanel.add(self._jTextFieldCustHeader)
 788 |     self._jScanPanel.add(self._jCustHeadCheckParam)
 789 |     self._jScanPanel.add(self._jSeparator2)
 790 |     self._jScanPanel.add(self._jLabelParam)
 791 |     self._jScanPanel.add(self._jTextFieldParam)
 792 |     self._jScanPanel.add(self._jCheckTO)
 793 |     self._jScanPanel.add(self._jSeparator3)
 794 |     self._jScanPanel.add(self._jComboLevel)
 795 |     self._jScanPanel.add(self._jLabelLevel)
 796 |     self._jScanPanel.add(self._jLabelRisk)
 797 |     self._jScanPanel.add(self._jComboRisk)
 798 |     self._jScanPanel.add(self._jSeparator4)
 799 |     self._jScanPanel.add(self._jCheckHPP)
 800 |     self._jScanPanel.add(self._jCheckCU)
 801 |     self._jScanPanel.add(self._jCheckDB)
 802 |     self._jScanPanel.add(self._jCheckHost)
 803 |     self._jScanPanel.add(self._jCheckDBA)
 804 |     self._jScanPanel.add(self._jCheckUsers)
 805 |     self._jScanPanel.add(self._jCheckPswds)
 806 |     self._jScanPanel.add(self._jCheckPrivs)
 807 |     self._jScanPanel.add(self._jCheckRoles)
 808 |     self._jScanPanel.add(self._jCheckDBs)
 809 |     self._jScanPanel.add(self._jSeparator5)
 810 |     self._jScanPanel.add(self._jLabelThreads)
 811 |     self._jScanPanel.add(self._jLabelDelay)
 812 |     self._jScanPanel.add(self._jLabelTimeout)
 813 |     self._jScanPanel.add(self._jLabelRetry)
 814 |     self._jScanPanel.add(self._jLabelTimeSec)
 815 |     self._jScanPanel.add(self._jComboThreads)
 816 |     self._jScanPanel.add(self._jComboDelay)
 817 |     self._jScanPanel.add(self._jComboTimeout)
 818 |     self._jScanPanel.add(self._jComboRetry)
 819 |     self._jScanPanel.add(self._jComboTimeSec)
 820 |     self._jScanPanel.add(self._jSeparator6)
 821 |     self._jScanPanel.add(self._jLabelDBMS)
 822 |     self._jScanPanel.add(self._jComboDBMS)
 823 |     self._jScanPanel.add(self._jLabelOS)
 824 |     self._jScanPanel.add(self._jComboOS)
 825 |     self._jScanPanel.add(self._jSeparator7)
 826 |     self._jScanPanel.add(self._jLabelProxy)
 827 |     self._jScanPanel.add(self._jTextFieldProxy)
 828 |     self._jScanPanel.add(self._jSeparator8)
 829 |     self._jScanPanel.add(self._jCheckTor)
 830 |     self._jScanPanel.add(self._jLabelTorType)
 831 |     self._jScanPanel.add(self._jComboTorType)
 832 |     self._jScanPanel.add(self._jLabelTorPort)
 833 |     self._jScanPanel.add(self._jTextFieldTorPort)
 834 |     self._jScanPanel.add(self._jSeparator9)
 835 |     self._jScanPanel.add(self._jLabelTamper)
 836 |     self._jScanPanel.add(self._jTextFieldTamper)
 837 |     self._jScanPanel.add(self._jSeparator10)
 838 |     self._jScanPanel.add(self._jLabelAuthType)
 839 |     self._jScanPanel.add(self._jComboAuthType)
 840 |     self._jScanPanel.add(self._jLabelAuthUser)
 841 |     self._jScanPanel.add(self._jTextFieldAuthUser)
 842 |     self._jScanPanel.add(self._jLabelAuthPass)
 843 |     self._jScanPanel.add(self._jTextFieldAuthPass)
 844 |     self._jScanPanel.add(self._jSeparator11)
 845 |     self._jScanPanel.add(self._jButtonStartScan)
 846 |     self._jScanPanel.add(self._jLabelScanAPI)
 847 |     self._jScrollPaneMain = swing.JScrollPane(self._jScanPanel)
 848 |     self._jScanPanel.add(self._jLabelTechnique)
 849 |     self._jScanPanel.add(self._jTextFieldTechnique)
 850 |     self._jScrollPaneMain.setViewportView(self._jScanPanel)
 851 |     self._jScrollPaneMain.setPreferredSize(awt.Dimension(1357,1357))
 852 | 
 853 |     # Create SQLMap log JPanel
 854 |     self._jLogPanel = swing.JPanel()
 855 |     self._jLogPanel.setLayout(None)
 856 | 
 857 |     # Create label, combobox, and button to get logs and textarea to display them
 858 |     self._jLabelLog = swing.JLabel("Logs for Scan ID:")
 859 |     self._jComboLogs = swing.JComboBox(self.scantasks)
 860 |     self._jButtonGetLogs = swing.JButton('Get', actionPerformed=self.getLogs)
 861 |     self._jButtonRemoveLogs = swing.JButton('Remove', actionPerformed=self.removeLogs)
 862 |     self._jTextLogs = swing.JTextArea()
 863 |     self._jTextLogs.setColumns(50)
 864 |     self._jTextLogs.setRows(50)
 865 |     self._jTextLogs.setLineWrap(True)
 866 |     self._jTextLogs.setEditable(False)
 867 |     self._jScrollPaneLogs = swing.JScrollPane(self._jTextLogs)
 868 |     self._jScrollPaneLogs.setVerticalScrollBarPolicy(swing.JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
 869 | 
 870 |     self._jLabelLog.setBounds(15, 16, 126, 20)
 871 |     self._jComboLogs.setBounds(167, 16, 535, 20)
 872 |     self._jButtonGetLogs.setBounds(718, 16, 50, 20)
 873 |     self._jButtonRemoveLogs.setBounds(783, 16, 80, 20)
 874 |     self._jScrollPaneLogs.setBounds(15, 58, 846, 400)
 875 | 
 876 |     self._jLogPanel.add(self._jLabelLog)
 877 |     self._jLogPanel.add(self._jComboLogs)
 878 |     self._jLogPanel.add(self._jButtonGetLogs)
 879 |     self._jLogPanel.add(self._jButtonRemoveLogs)
 880 |     self._jLogPanel.add(self._jScrollPaneLogs)
 881 | 
 882 |     # Create SQLMap stop scan JPanel
 883 |     self._jStopScanPanel = swing.JPanel()
 884 |     self._jStopScanPanel.setLayout(None)
 885 | 
 886 |     # Create label, combobox, and button to stop scans and textfield to display success
 887 |     self._jLabelStopScan = swing.JLabel("Stop Scan ID:")
 888 |     self._jComboStopScan = swing.JComboBox(self.scantasks)
 889 |     self._jButtonStopScan = swing.JButton('Stop', actionPerformed=self.stopScan)
 890 |     self._jButtonRemoveScan = swing.JButton('Remove', actionPerformed=self.removeScan)
 891 |     self._jLabelStopStatus = swing.JLabel()
 892 | 
 893 |     self._jLabelStopScan.setBounds(15, 16, 126, 20)
 894 |     self._jComboStopScan.setBounds(167, 16, 535, 20)
 895 |     self._jButtonStopScan.setBounds(718, 16, 55, 20)
 896 |     self._jButtonRemoveScan.setBounds(783, 16, 80, 20)
 897 |     self._jLabelStopStatus.setBounds(167, 58, 846, 20)
 898 | 
 899 |     self._jStopScanPanel.add(self._jLabelStopScan)
 900 |     self._jStopScanPanel.add(self._jComboStopScan)
 901 |     self._jStopScanPanel.add(self._jButtonStopScan)
 902 |     self._jStopScanPanel.add(self._jButtonRemoveScan)
 903 |     self._jStopScanPanel.add(self._jLabelStopStatus)
 904 | 
 905 |     # Setup Tabs
 906 |     self._jConfigTab = swing.JTabbedPane()
 907 |     self._jConfigTab.addTab("SQLMap API", self._jPanel)
 908 |     self._jConfigTab.addTab("SQLMap Scanner", self._jScrollPaneMain)
 909 |     self._jConfigTab.addTab("SQLMap Logs", self._jLogPanel)
 910 |     self._jConfigTab.addTab("SQLMap Scan Stop", self._jStopScanPanel)
 911 | 
 912 |     # Automatically get and set the Python path if we can find it
 913 |     pythonpath = ''
 914 |     pythonregpath1 = ''
 915 |     pythonregpath2 = ''
 916 |     pathpart1 = ''
 917 |     pathpart2 = ''
 918 |     drivepart1 = ''
 919 |     drivepart2 = ''
 920 |     pythonaltpath1 = ''
 921 |     pythonaltpath2 = ''
 922 |     path_delim = ''
 923 |     ostype = System.getProperty('os.name')
 924 | 
 925 |     try:
 926 |       if 'Windows' in ostype:
 927 |         path_delim = '\\'
 928 | 
 929 |         try:
 930 |           pythonpath = subprocess.check_output(['where', 'python']).split('\n')[0].rstrip('\n\r')
 931 |         except:
 932 |           print 'Could not find python.exe in path.\n'
 933 | 
 934 |         try:
 935 |           pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath" /ve')
 936 |           pathpart1 = pythonregpath1.rsplit(':', 1)[1].rstrip('\n\r')
 937 |           drivepart1 = pythonregpath1.rsplit(':', 1)[0][-1]
 938 |         except:
 939 |           print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath.\n'
 940 | 
 941 |         try:
 942 |           pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath" /ve')
 943 |           pathpart2 = pythonregpath2.rsplit(':', 1)[1].rstrip('\n\r')
 944 |           drivepart2 = pythonregpath2.rsplit(':', 1)[0][-1]
 945 |         except:
 946 |           print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath.\n'
 947 | 
 948 |         if re.search('[pP]ython', pathpart1):
 949 |           pythonaltpath1 = drivepart1 + ':' + pathpart1 + path_delim + 'python.exe'
 950 |         else:
 951 |           try:
 952 |             pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore" /se #')
 953 |             match = re.findall("3\.\d", str(pythonregpath1))
 954 |             pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\' + match[0] + '\\InstallPath" /v ExecutablePath')
 955 |             pathpart1 = str(pythonregpath1).rsplit(':', 1)[1].rstrip('\n\r')[:-9]
 956 |             drivepart1 = str(pythonregpath1).rsplit(':', 1)[0][-1]
 957 |           except:
 958 |             print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\3.x\\InstallPath\\ExecutablePath.\n'
 959 | 
 960 |           if re.search('[pP]ython', pathpart1):
 961 |             pythonaltpath1 = drivepart1 + ':' + pathpart1
 962 | 
 963 |         if re.search('[pP]ython', pathpart2):
 964 |           pythonaltpath2 = drivepart2 + ':' + pathpart2 + path_delim + 'python.exe'
 965 |         else:
 966 |           try:
 967 |             pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore" /se #')
 968 |             match = re.findall("3\.\d", str(pythonregpath1))
 969 |             pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\' + match[0] + '\\InstallPath" /v ExecutablePath')
 970 |             pathpart2 = str(pythonregpath1).rsplit(':', 1)[1].rstrip('\n\r')[:-9]
 971 |             drivepart2 = str(pythonregpath1).rsplit(':', 1)[0][-1]
 972 |           except:
 973 |             print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\3.x\\InstallPath\\ExecutablePath.\n'
 974 | 
 975 |           if re.search('[pP]ython', pathpart2):
 976 |             pythonaltpath2 = drivepart2 + ':' + pathpart2
 977 |       else:
 978 |         path_delim = '/'
 979 | 
 980 |         try:
 981 |           pythonpath = subprocess.check_output(['which', 'python2.7']).split('\n')[0].rstrip('\n\r')
 982 |         except:
 983 |           print 'Could not find python2 in path.\n'
 984 | 
 985 |         if re.search('\/python2.7$', pythonpath) is None:
 986 |           try:
 987 |             pythonpath = subprocess.check_output(['which', 'python3']).split('\n')[0].rstrip('\n\r')
 988 |           except:
 989 |             print 'Could not find python3 in path.\n'
 990 | 
 991 |     except:
 992 |       print 'Could not get OS version, therefore could not find Python path\n'
 993 | 
 994 |     # Set python variables
 995 |     if re.search('python.exe', pythonpath) or re.search('\/python2.7$', pythonpath) or re.search('\/python3', pythonpath):
 996 |       self.pythonfile = pythonpath
 997 |       print 'Python found in system path at: ' + pythonpath + '\n'
 998 |     elif re.search('python.exe', pythonaltpath1):
 999 |       self.pythonfile = pythonaltpath1
1000 |       print 'Python found in registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7 or 3.x\\InstallPath at: ' + pythonaltpath1 + '\n'
1001 |     elif re.search('python.exe', pythonaltpath2):
1002 |       self.pythonfile = pythonaltpath2
1003 |       print 'Python found in registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7 or 3.x\InstallPath at: ' + pythonaltpath2 + '\n'
1004 |     else:
1005 |       print 'Could not set the correct Python path.\n'
1006 | 
1007 |     # Get Python version to confirm 2.7.x or 3.x
1008 |     if 'Windows' in ostype and re.search('python.exe', self.pythonfile):
1009 |       try:
1010 |         pythonver = subprocess.check_output(self.pythonfile + ' -c "import sys; print(str(sys.version_info[0]) + str(sys.version_info[1]))"')
1011 |         if str(pythonver[:-2]) == '27' or re.search('3\d', str(pythonver[:-2])):
1012 |           self._jLabelPython.setText('Python set to: ' + self.pythonfile)
1013 |         else:
1014 |           self.pythonfile = ''
1015 |           print 'Wrong version of Python: ' + pythonver[0] + '.' + pythonver[1] + '\n'
1016 |       except:
1017 |         print 'Could not get Python version\n'
1018 |     elif re.search('python2.7', self.pythonfile) or re.search('python3', self.pythonfile):
1019 |       self._jLabelPython.setText('Python set to: ' + self.pythonfile)
1020 |     else:
1021 |       print 'Wrong version of Python or something went wrong.\n'
1022 | 
1023 |     # Automatically set the sqlmapapi, first unzip if the extension has never run
1024 |     if os.path.isfile(os.getcwd() + path_delim + 'sqlmap.zip'):
1025 | 
1026 |       # Extract sqlmap
1027 |       try:
1028 |         with zipfile.ZipFile(os.getcwd() + path_delim + 'sqlmap.zip') as sqlmapzip:
1029 |           sqlmapzip.extractall(os.getcwd() + path_delim)
1030 | 
1031 |         # Remove sqlmap zip file
1032 |         os.remove(os.getcwd() + path_delim + 'sqlmap.zip')
1033 | 
1034 |         # Set API
1035 |         if os.path.isfile(os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'):
1036 |           self._jLabelAPI.setText('API set to: ' + os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py')
1037 |           self.apifile = os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'
1038 |           print 'SQLMap API found at: ' + self.apifile + '\n'
1039 |         else:
1040 |           print 'Could not find SQLMap API file.\n'
1041 |       except:
1042 |         print 'Failed to extract sqlmap.zip\n'
1043 |     else:
1044 |       # Set API
1045 |       if os.path.isfile(os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'):
1046 |         self._jLabelAPI.setText('API set to: ' + os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py')
1047 |         self.apifile = os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'
1048 |         print 'SQLMap API found at: ' + self.apifile + '\n'
1049 |       else:
1050 |         print 'Could not find SQLMap API file.\n'
1051 | 
1052 |     callbacks.customizeUiComponent(self._jConfigTab)
1053 |     callbacks.addSuiteTab(self)
1054 |     return
1055 | 
1056 |     # Create a menu item if the appropriate section of the UI is selected
1057 |   def createMenuItems(self, invocation):
1058 |     menu = []
1059 | 
1060 |     # Which part of the interface the user selects
1061 |     ctx = invocation.getInvocationContext()
1062 | 
1063 |     # Message Viewer Req will show menu item if selected by the user
1064 |     if ctx == 0 or ctx == 2:
1065 |       menu.append(swing.JMenuItem("SQLiPy Scan", None, actionPerformed=lambda x, inv=invocation: self.sqlMapScan(inv)))
1066 | 
1067 |     return menu if menu else None
1068 | 
1069 |   def getTabCaption(self):
1070 |     return 'SQLiPy'
1071 | 
1072 |   def getUiComponent(self):
1073 |     return self._jConfigTab
1074 | 
1075 |   def sqlMapScan(self, invocation):
1076 | 
1077 |     # Check initial message for proper request/response and set variables - Burp will not return valid info otherwise
1078 |       try:
1079 |         invMessage = invocation.getSelectedMessages()
1080 |         message = invMessage[0]
1081 |         reqInfo = self._helpers.analyzeRequest(message)
1082 |         reqUrl = str(reqInfo.getUrl())
1083 |         reqBody = message.getRequest()
1084 |         bodyData = self._helpers.bytesToString(reqBody[reqInfo.getBodyOffset():])
1085 |         reqHeaders = newHeaders = list(reqInfo.getHeaders())
1086 |         referer = ''
1087 |         ua = ''
1088 |         cookie = ''
1089 |         headerString = ''
1090 | 
1091 |         for header in reqHeaders:
1092 |           if re.search('^Referer', header, re.IGNORECASE) is not None:
1093 |             referer = re.sub('^Referer\:\s+', '', header, re.IGNORECASE)
1094 |           elif re.search('^User-Agent', header, re.IGNORECASE) is not None:
1095 |             ua = re.sub('^User-Agent\:\s+', '', header, re.IGNORECASE)
1096 |           elif re.search('^Cookie', header, re.IGNORECASE) is not None:
1097 |             cookie = re.sub('^Cookie\:\s+', '', header, re.IGNORECASE)
1098 |           elif ':' in header:
1099 |             headerString += ("\\n" if headerString != "" else "") + header
1100 | 
1101 |         self._jTextFieldURL.setText(reqUrl)
1102 |         self._jTextData.setText(bodyData)
1103 |         self._jTextFieldCookie.setText(cookie)
1104 |         self._jTextFieldUA.setText(ua)
1105 |         self._jTextFieldReferer.setText(referer)
1106 |         self._jTextFieldCustHeader.setText(headerString)
1107 |         self._jConfigTab.setSelectedComponent(self._jScrollPaneMain)
1108 |         self.scanMessage = message
1109 |         self.scanUrl = reqInfo.getUrl()
1110 |         parentTab = self._jConfigTab.getParent()
1111 |         parentTab.setSelectedComponent(self._jConfigTab)
1112 |       except:
1113 |         print 'Failed to add data to scan tab.'
1114 | 
1115 |   def printHeader(self):
1116 |     print 'SQLiPy - 0.8.6\nBurp interface to SQLMap via the SQLMap API\njosh.berry@codewatch.org\n\n'
1117 | 
1118 |   def setAPI(self, e):
1119 |     selectFile = swing.JFileChooser()
1120 |     filter = swing.filechooser.FileNameExtensionFilter("python files", ["py"])
1121 |     selectFile.addChoosableFileFilter(filter)
1122 | 
1123 |     returnedFile = selectFile.showDialog(self._jPanel, "SQLMap API")
1124 | 
1125 |     if returnedFile == swing.JFileChooser.APPROVE_OPTION:
1126 |       file = selectFile.getSelectedFile()
1127 |       self.apifile = file.getPath()
1128 |       print 'Selected API at ' + file.getPath()
1129 |       self._jLabelAPI.setText('API set to: ' + file.getPath())
1130 | 
1131 |   def setPython(self, e):
1132 |     selectFile = swing.JFileChooser()
1133 | 
1134 |     returnedFile = selectFile.showDialog(self._jPanel, "Python EXE")
1135 | 
1136 |     if returnedFile == swing.JFileChooser.APPROVE_OPTION:
1137 |       file = selectFile.getSelectedFile()
1138 |       self.pythonfile = file.getPath()
1139 |       print 'Selected Python at ' + file.getPath()
1140 |       self._jLabelPython.setText('Python set to: ' + file.getPath())
1141 | 
1142 |   def startAPI(self, button):
1143 |     if self.apistatus == 0:
1144 |       try:
1145 |         print 'Calling: ' + self.pythonfile + ' ' + self.apifile + ' -s -H ' + self._jTextFieldIPListen.getText() + ' -p ' + self._jTextFieldPortListen.getText() + '\n'
1146 |         sqlmapdir = ''
1147 | 
1148 |         if re.search('^[a-zA-Z]\:', self.apifile) is not None:
1149 |           sqlmapdir = self.apifile.rsplit('\\', 1)[0]
1150 |         else:
1151 |           sqlmapdir = self.apifile.rsplit('/', 1)[0]
1152 | 
1153 |         javaexec = getattr(Runtime.getRuntime(), "exec")
1154 |         cmd = [self.pythonfile, self.apifile, "-s", "-H", self._jTextFieldIPListen.getText(), "-p", self._jTextFieldPortListen.getText()]
1155 | 
1156 |         self.apiprocess = javaexec(cmd, None, File(sqlmapdir))
1157 | 
1158 |         self.errorGobbler = Thread(StreamGobbler(self.apiprocess.getErrorStream(), System.err))
1159 |         self.outputGobbler = Thread(StreamGobbler(self.apiprocess.getInputStream(), System.out))
1160 | 
1161 |         self.errorGobbler.start()
1162 |         self.outputGobbler.start()
1163 | 
1164 |         # Final validation the API is running
1165 |         try:
1166 |           time.sleep(5)
1167 |           req = urllib2.Request('http://' + str(self._jTextFieldIPListen.getText()) + ':' + str(self._jTextFieldPortListen.getText()) + '/scan/0/status')
1168 |           req.add_header('Content-Type', 'application/json')
1169 |           resp = json.load(urllib2.urlopen(req, timeout=10))
1170 | 
1171 |           if resp['message'] == "Invalid task ID":
1172 |             self._jLabelScanAPI.setText(self._jTextFieldIPListen.getText() + ':' + self._jTextFieldPortListen.getText())
1173 |             self._jLabelScanAPI.setForeground(Color.GREEN)
1174 |             self._jTextFieldScanIPListen.setText(self._jTextFieldIPListen.getText())
1175 |             self._jTextFieldScanPortListen.setText(self._jTextFieldPortListen.getText())
1176 |             self._jLabelAPIStatus.setText('SQLMap API IS CURRENTLY RUNNING!')
1177 |             self._jLabelAPIStatus.setForeground(Color.GREEN)
1178 |             self.apistatus = 1
1179 | 
1180 |             print 'SQLMap API started.\n'
1181 |         except:
1182 |           self.apiprocess.destroy()
1183 |           self.errorGobbler.join()
1184 |           self.outputGobbler.join()
1185 |           print 'Failed to start the SQLMap API\n'
1186 | 
1187 |       except:
1188 |         print 'Failed to start the SQLMap API\n'
1189 |     else:
1190 |       print 'The SQLMap API process has already been started\n'
1191 | 
1192 |   def stopAPI(self, button):
1193 |     if self.apistatus == 1:
1194 |       try:
1195 |         if self._jComboStopScan.getItemCount() is not 0:
1196 |           for item in range(0, self._jComboStopScan.getItemCount()):
1197 |             req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboStopScan.getItemAt(item).split('-')[0]) + '/kill')
1198 |             resp = json.load(urllib2.urlopen(req, timeout=3))
1199 | 
1200 |             if resp['success'] == True:
1201 |               print 'Scan stopped for ID: '+ self._jComboStopScan.getItemAt(item).split('-')[0]+'\n'
1202 |             else:
1203 |               print 'Failed to stop scan on ID: '+self._jComboStopScan.getItemAt(item).split('-')[0]+', likely already completed\n'
1204 |         
1205 |       except:
1206 |         print 'Failed to stop currently running SQLMap scans or no scans were still running\n'
1207 | 
1208 |       try:
1209 |         totalThreads = 1
1210 | 
1211 |         for thread in self.threads:
1212 |           print 'Stopping running scan check thread: ' + str(totalThreads) + '\n'
1213 |           totalThreads += 1
1214 |           thread.keep_running = False
1215 |           thread.join()
1216 | 
1217 |         i = 0
1218 |         while i < len(self.threads):
1219 |           self.threads.pop(0)
1220 |           i += 1
1221 | 
1222 |       except:
1223 |         print 'Could not stop running threads\n'
1224 | 
1225 |       try:
1226 |         self.apiprocess.destroy()
1227 |         self._jComboLogs.removeAllItems()
1228 |         self._jComboStopScan.removeAllItems()
1229 |         self._jLabelScanAPI.setText('SQLMap API is NOT running!')
1230 |         self._jLabelScanAPI.setForeground(Color.RED)
1231 |         self._jLabelAPIStatus.setText('SQLMap API is NOT running!')
1232 |         self._jLabelAPIStatus.setForeground(Color.RED)
1233 |         self.apistatus = 0
1234 | 
1235 |         print 'Stopping the SQLMap API\n'
1236 |       except:
1237 |         print 'Failed to stop the SQLMap API\n'
1238 | 
1239 |       try:
1240 |           self.errorGobbler.join()
1241 |           self.outputGobbler.join()
1242 | 
1243 |           print 'Stopping API input/output/error buffers threads\n'
1244 |       except:
1245 |           print 'Failed to stop API input/output/error buffers threads\n'
1246 | 
1247 |   def extensionUnloaded(self):
1248 |     if self.apistatus == 1:
1249 |       try:
1250 |         if self._jComboStopScan.getItemCount() is not 0:
1251 |           for item in range(0, self._jComboStopScan.getItemCount()):
1252 |             req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboStopScan.getItemAt(item).split('-')[0]) + '/kill')
1253 |             resp = json.load(urllib2.urlopen(req, timeout=3))
1254 | 
1255 |             if resp['success'] == True:
1256 |               print 'Scan stopped for ID: '+ self._jComboStopScan.getItemAt(item).split('-')[0]+'\n'
1257 |             else:
1258 |               print 'Failed to stop scan on ID: '+self._jComboStopScan.getItemAt(item).split('-')[0]+', likely already completed\n'
1259 |         
1260 |       except:
1261 |         print 'Failed to stop currently running SQLMap scans or no scans were still running\n'
1262 | 
1263 |       try:
1264 |         totalThreads = 1
1265 | 
1266 |         for thread in self.threads:
1267 |           print 'Stopping running scan check thread: ' + str(totalThreads) + '\n'
1268 |           totalThreads += 1
1269 |           thread.keep_running = False
1270 |           thread.join()
1271 | 
1272 |       except:
1273 |         print 'Could not stop running threads\n'
1274 | 
1275 |       try:
1276 |         self.apiprocess.destroy()
1277 |         print 'Stopping the SQLMap API...\n'
1278 |       except:
1279 |         print 'Failed to stop the SQLMap API\n'
1280 | 
1281 |       try:
1282 |           self.errorGobbler.join()
1283 |           self.outputGobbler.join()
1284 | 
1285 |           print 'Stopping API input/output/error buffers threads\n'
1286 |       except:
1287 |           print 'Failed to stop API input/output/error buffers threads\n'
1288 | 
1289 |   def getLogs(self, button):
1290 |     try:
1291 |       req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboLogs.getSelectedItem().split('-')[0]) + '/log')
1292 |       resp = json.load(urllib2.urlopen(req, timeout=10))
1293 | 
1294 |       if resp['success'] == True:
1295 |         logdata = ''
1296 |         for logs in resp['log']:
1297 |           logdata = logdata + logs['level'] + ': ' + logs['time'] + ' - ' + logs['message'] + '\n'
1298 | 
1299 |         self._jTextLogs.setText('Log results for: ' + self.scancmds[self._jComboLogs.getSelectedItem().split('-')[0]] + logdata)
1300 |       else:
1301 |         print 'Failed to get logs for: '+self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
1302 |     except:
1303 |       print 'Failed to get logs for: '+self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
1304 | 
1305 |   def removeLogs(self, button):
1306 |     print 'Removing Log Entry for ID: '+ self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
1307 |     self._jComboLogs.removeItem(self._jComboLogs.getSelectedItem())
1308 | 
1309 |   def stopScan(self, button):
1310 |     try:
1311 |       req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + str(self._jComboStopScan.getSelectedItem().split('-')[0]) + '/kill')
1312 |       resp = json.load(urllib2.urlopen(req, timeout=10))
1313 | 
1314 |       if resp['success'] == True:
1315 |         print 'Scan stopped for ID: '+ self._jComboStopScan.getSelectedItem().split('-')[0]+'\n'
1316 |         self._jLabelStopStatus.setText('Scan stopped for ID: ' + self._jComboStopScan.getSelectedItem().split('-')[0])
1317 |         self._jComboStopScan.removeItem(self._jComboStopScan.getSelectedItem())
1318 |       else:
1319 |         print 'Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed\n'
1320 |         self._jLabelStopStatus.setText('Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed')
1321 |     except:
1322 |       print 'Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed\n'
1323 |       self._jLabelStopStatus.setText('Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed')
1324 | 
1325 |   def removeScan(self, button):
1326 |     print 'Removing Scan Stop Entry for ID: '+ self._jComboStopScan.getSelectedItem().split('-')[0]+'\n'
1327 |     self._jLabelStopStatus.setText('Scan removed from stop tab for ID: ' + self._jComboStopScan.getSelectedItem().split('-')[0])
1328 |     self._jComboStopScan.removeItem(self._jComboStopScan.getSelectedItem())
1329 | 
1330 |   def startScan(self, button):
1331 |     hpp = ''
1332 |     cu = ''
1333 |     cdb = ''
1334 |     hostname = ''
1335 |     isdba = ''
1336 |     lusers = ''
1337 |     lpswds = ''
1338 |     lprivs = ''
1339 |     lroles = ''
1340 |     ldbs = ''
1341 |     textonly = ''
1342 |     postdata = None
1343 |     datacmd = ''
1344 |     cookiedata = None
1345 |     cookiecmd = ''
1346 |     uadata = None
1347 |     uacmd = ''
1348 |     ignorecodedata = None
1349 |     ignorecodecmd = ''
1350 |     custheaderdata = None
1351 |     custheadercmd = ''
1352 |     headerdata = None
1353 |     headercmd = ''
1354 |     refererdata = None
1355 |     referercmd = ''
1356 |     proxy = None
1357 |     proxycmd = ''
1358 |     dbms = None
1359 |     dbmscmd = ''
1360 |     os = None
1361 |     oscmd = ''
1362 |     tampercmd = ''
1363 |     tamperdata = None
1364 |     paramcmd = ''
1365 |     paramdata = None
1366 |     csrfurl = None
1367 |     csrftoken = None
1368 |     torcmd = ''
1369 |     tortypecmd = ''
1370 |     torportcmd = ''
1371 |     httpmethod = None
1372 |     httpmethodcmd = ''
1373 |     authtype = None
1374 |     authtypecmd = ''
1375 |     authcred = None
1376 |     authcredcmd = ''
1377 |     livecookies = None
1378 |     skipheuristics = None
1379 |     proxyfreq = None
1380 | 
1381 |     if self._jCheckTO.isSelected():
1382 |       textonly = ' --text-only'
1383 |       textonlystatus = True
1384 |     else:
1385 |       textonlystatus = False
1386 | 
1387 |     if self._jCheckHPP.isSelected():
1388 |       hpp = ' --hpp'
1389 |       hppstatus = True
1390 |     else:
1391 |       hppstatus = False
1392 | 
1393 |     if self._jCheckCU.isSelected():
1394 |       cu = ' --current-user'
1395 |       custatus = True
1396 |     else:
1397 |       custatus = False
1398 | 
1399 |     if self._jCheckDB.isSelected():
1400 |       cdb = ' --current-db'
1401 |       cdbstatus = True
1402 |     else:
1403 |       cdbstatus = False
1404 | 
1405 |     if self._jCheckHost.isSelected():
1406 |       hostname = ' --hostname'
1407 |       hostnamestatus = True
1408 |     else:
1409 |       hostnamestatus = False
1410 | 
1411 |     if self._jCheckDBA.isSelected():
1412 |       isdba = ' --is-dba'
1413 |       isdbastatus = True
1414 |     else:
1415 |       isdbastatus = False
1416 | 
1417 |     if self._jCheckUsers.isSelected():
1418 |       lusers = ' --users'
1419 |       lusersstatus = True
1420 |     else:
1421 |       lusersstatus = False
1422 | 
1423 |     if self._jCheckPswds.isSelected():
1424 |       lpswds = ' --passwords'
1425 |       lpswdsstatus = True
1426 |     else:
1427 |       lpswdsstatus = False
1428 | 
1429 |     if self._jCheckPrivs.isSelected():
1430 |       lprivs = ' --privileges'
1431 |       lprivsstatus = True
1432 |     else:
1433 |       lprivsstatus = False
1434 | 
1435 |     if self._jCheckRoles.isSelected():
1436 |       lroles = ' --roles'
1437 |       lrolesstatus = True
1438 |     else:
1439 |       lrolesstatus = False
1440 | 
1441 |     if self._jCheckDBs.isSelected():
1442 |       ldbs = ' --dbs'
1443 |       ldbsstatus = True
1444 |     else:
1445 |       ldbsstatus = False
1446 | 
1447 |     if self._jCheckTor.isSelected():
1448 |       torstatus = True
1449 |       torcmd = ' --tor'
1450 |       tortype = self._jComboTorType.getSelectedItem()
1451 |       tortypecmd = ' --tor-type=' + self._jComboTorType.getSelectedItem()
1452 |       torport = self._jTextFieldTorPort.getText()
1453 |       torportcmd = ' --tor-port=' + self._jTextFieldTorPort.getText()
1454 |     else:
1455 |       torstatus = False
1456 |       tortype = 'HTTP'
1457 |       torport = None
1458 | 
1459 |     if not re.search('^None$', self._jComboAuthType.getSelectedItem()) is not None and re.search('[a-zA-Z0-9]', self._jTextFieldAuthUser.getText()) is not None:
1460 |       authtype = self._jComboAuthType.getSelectedItem()
1461 |       authtypecmd = ' --auth-type=' + self._jComboAuthType.getSelectedItem()
1462 |       authuser = self._jTextFieldAuthUser.getText()
1463 |       authpass = self._jTextFieldAuthPass.getText()
1464 |       authcred = authuser + ':' + authpass
1465 |       authcredcmd = ' --auth-cred="' + authuser + ':' + authpass + '"'
1466 |     else:
1467 |       authtype = None
1468 |       authtypecmd = ''
1469 |       authuser = ''
1470 |       authpass = ''
1471 |       authcred = None
1472 |       authcredcmd = ''  
1473 | 
1474 |     if re.search('[a-zA-Z0-9]', self._jTextFieldIgnoreCode.getText()) is not None:
1475 |       ignorecodedata = self._jTextFieldIgnoreCode.getText()
1476 |       ignorecodecmd = ' --ignore-code=' + self._jTextFieldIgnoreCode.getText()
1477 | 
1478 |     if re.search('(http|https)\://', self._jTextFieldProxy.getText()) is not None:
1479 |       proxy = self._jTextFieldProxy.getText()
1480 |       proxycmd = ' --proxy=' + self._jTextFieldProxy.getText()
1481 | 
1482 |     if not re.search('^Default$', self._jComboHttpMethod.getSelectedItem()) is not None:
1483 |       httpmethod = self._jComboHttpMethod.getSelectedItem()
1484 |       httpmethodcmd = ' --method="' + self._jComboHttpMethod.getSelectedItem()+'"'
1485 | 
1486 |     if not re.search('^Any$', self._jComboDBMS.getSelectedItem()) is not None:
1487 |       dbms = self._jComboDBMS.getSelectedItem()
1488 |       dbmscmd = ' --dbms="' + self._jComboDBMS.getSelectedItem()+'"'
1489 | 
1490 |     if not re.search('^Any$', self._jComboOS.getSelectedItem()) is not None:
1491 |       os = self._jComboOS.getSelectedItem()
1492 |       oscmd = ' --os=' + self._jComboOS.getSelectedItem()
1493 | 
1494 |     if re.search('[a-zA-Z0-9]', self._jTextFieldTamper.getText()) is not None:
1495 |       tampercmd = ' --tamper="' + self._jTextFieldTamper.getText() + '"'
1496 |       tamperdata = self._jTextFieldTamper.getText()
1497 | 
1498 |     if re.search('[a-zA-Z0-9]', self._jTextData.getText()) is not None:
1499 |       postdata = self._jTextData.getText()
1500 |       datacmd = ' --data="' + self._jTextData.getText() + '"'
1501 | 
1502 |     if re.search('[a-zA-Z0-9]', self._jTextFieldCookie.getText()) is not None:
1503 |       cookiedata = self._jTextFieldCookie.getText()
1504 |       cookiecmd = ' --cookie="' + self._jTextFieldCookie.getText() + '"'
1505 | 
1506 |     if re.search('[a-zA-Z0-9]', self._jTextFieldUA.getText()) is not None:
1507 |       uadata = self._jTextFieldUA.getText()
1508 |       uacmd = ' --user-agent="' + self._jTextFieldUA.getText() + '"'
1509 | 
1510 |     if re.search('[a-zA-Z0-9]', self._jTextFieldCustHeader.getText()) is not None and self._jCustHeadCheckParam.isSelected():
1511 |       custheaderdata = self._jTextFieldCustHeader.getText()
1512 |       custheadercmd = ' --headers="' + self._jTextFieldCustHeader.getText() + '"'
1513 | 
1514 |     if re.search('[a-zA-Z0-9]', self._jTextFieldReferer.getText()) is not None:
1515 |       refererdata = self._jTextFieldReferer.getText()
1516 |       referercmd = ' --referer="' + self._jTextFieldReferer.getText() + '"'
1517 | 
1518 |     if re.search('[a-zA-Z0-9]', self._jTextFieldParam.getText()) is not None:
1519 |       paramdata = self._jTextFieldParam.getText()
1520 |       paramcmd = ' -p "' + self._jTextFieldParam.getText() + '"'
1521 | 
1522 |     try:
1523 |       sqlmapcmd = 'sqlmap.py -u "' + self._jTextFieldURL.getText() + '"' + datacmd + httpmethodcmd + cookiecmd + uacmd + referercmd + custheadercmd + authtypecmd + authcredcmd + ignorecodecmd + proxycmd + torcmd + tortypecmd + torportcmd + ' --delay=' + str(self._jComboDelay.getSelectedItem()) + ' --timeout=' + str(self._jComboTimeout.getSelectedItem()) + ' --retries=' + str(self._jComboDelay.getSelectedItem()) + paramcmd + dbmscmd + oscmd + tampercmd + ' --level=' + str(self._jComboLevel.getSelectedItem()) + ' --risk=' + str(self._jComboRisk.getSelectedItem()) + textonly + hpp + ' --threads=' + str(self._jComboThreads.getSelectedItem()) + ' --time-sec=' + str(self._jComboTimeSec.getSelectedItem()) + ' --technique=' + str(self._jTextFieldTechnique.getText()) + ' -b' + cu + cdb + hostname + isdba + lusers + lpswds + lprivs + lroles + ldbs + ' --batch --answers="crack=N,dict=N,continue=Y,quit=N"\n\n'
1524 |       print 'SQLMap Command: ' + sqlmapcmd
1525 |       url = 'http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/task/new'
1526 |       req = urllib2.urlopen(url, timeout=10)
1527 |       resp = json.loads(req.read())
1528 | 
1529 |       if resp['success'] == True and resp['taskid']:
1530 |         sqlitask = str(resp['taskid'])
1531 |         sqliopts = {'authType': authtype, 'csrfUrl': csrfurl, 'csrfToken': csrftoken, 'liveCookies': livecookies, 'skipHeuristics': skipheuristics, 'proxyFreq': proxyfreq, 'getUsers': lusersstatus, 'getPasswordHashes': lpswdsstatus, 'delay': self._jComboDelay.getSelectedItem(), 'isDba': isdbastatus, 'risk': self._jComboRisk.getSelectedItem(), 'getCurrentUser': custatus, 'getRoles': lrolesstatus, 'getPrivileges': lprivsstatus, 'testParameter': paramdata, 'timeout': self._jComboTimeout.getSelectedItem(), 'ignoreCode': ignorecodedata, 'torPort': torport, 'level': self._jComboLevel.getSelectedItem(), 'technique': self._jTextFieldTechnique.getText(), 'getCurrentDb': cdbstatus, 'answers': 'crack=N,dict=N,continue=Y,quit=N', 'method': httpmethod, 'cookie': cookiedata, 'proxy': proxy, 'os': os, 'threads': self._jComboThreads.getSelectedItem(), 'url': self._jTextFieldURL.getText(), 'getDbs': ldbsstatus, 'tor': torstatus, 'torType': tortype, 'referer': refererdata, 'retries': self._jComboRetry.getSelectedItem(), 'headers': custheaderdata, 'authCred': authcred, 'timeSec': self._jComboTimeSec.getSelectedItem(), 'getHostname': hostnamestatus, 'agent': uadata, 'dbms': dbms, 'tamper': tamperdata, 'hpp': hppstatus, 'getBanner': 'true', 'data': postdata, 'textOnly': textonlystatus}
1532 | 
1533 |         print 'Created SQLMap Task: ' + sqlitask + '\n'
1534 | 
1535 |         try:
1536 |           req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/option/' + sqlitask + '/set')
1537 |           req.add_header('Content-Type', 'application/json')
1538 |           resp = json.load(urllib2.urlopen(req, json.dumps(sqliopts), timeout=10))
1539 | 
1540 |           if resp['success'] == True:
1541 |             print 'SQLMap options set on Task ' + sqlitask + ': ' + json.dumps(sqliopts) + '\n'
1542 |             sqliopts = {'url': self._jTextFieldURL.getText()}
1543 | 
1544 |             try:
1545 |               checkreq = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/option/' + sqlitask + '/list')
1546 |               checkresp = json.load(urllib2.urlopen(checkreq, timeout=10))
1547 |               print 'SQLMap options returned: ' + json.dumps(checkresp) + '\n'
1548 |             except:
1549 |               print 'Failed to get list of options from SQLMap API\n'
1550 | 
1551 |             try:
1552 |               req = urllib2.Request('http://' + str(self._jTextFieldScanIPListen.getText()) + ':' + str(self._jTextFieldScanPortListen.getText()) + '/scan/' + sqlitask + '/start')
1553 |               req.add_header('Content-Type', 'application/json')
1554 |               resp = json.load(urllib2.urlopen(req, json.dumps(sqliopts), timeout=10))
1555 | 
1556 |               if resp['success'] == True:
1557 |                 findings = ThreadExtender(self, self._jTextFieldScanIPListen.getText(), self._jTextFieldScanPortListen.getText(), sqlitask, self.scanUrl, self.scanMessage, self._callbacks)
1558 |                 t = threading.Thread(target=findings.checkResults)
1559 |                 self.threads.append(t)
1560 |                 t.start()
1561 |                 self._jComboLogs.addItem(sqlitask + '-' + self._jTextFieldURL.getText())
1562 |                 self._jComboStopScan.addItem(sqlitask + '-' + self._jTextFieldURL.getText())
1563 |                 self.scancmds[sqlitask] = sqlmapcmd
1564 |                 print 'Started SQLMap Scan on Task ' + sqlitask +' with Engine ID: ' + str(resp['engineid']) + ' - ' + self._jTextFieldURL.getText() + '\n'
1565 |               else:
1566 |                 print 'Failed to start SQLMap Scan for Task: ' + sqlitask + '\n'
1567 | 
1568 |             except:
1569 |               print 'Failed to start SQLMap Scan for Task: ' + sqlitask + '\n'
1570 | 
1571 |           else:
1572 |             print 'Failed to set options on SQLMap Task: ' + sqlitask + '\n'
1573 | 
1574 |         except:
1575 |           print 'Failed to set options on SQLMap Task: ' + sqlitask + '\n'
1576 | 
1577 |       else:
1578 |         print(traceback.format_exc())
1579 |         print 'SQLMap task creation failed\n'
1580 | 
1581 |     except:
1582 |       print(traceback.format_exc())
1583 |       print 'SQLMap task creation failed\n'


--------------------------------------------------------------------------------
/sqlmap.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codewatchorg/sqlipy/940900693ea760864695cd04bddbca758d5336e0/sqlmap.zip


--------------------------------------------------------------------------------