public static void Main(string[] args)
{
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
{
using (SqlmapManager manager = new SqlmapManager(session))
{
string taskid = manager.NewTask();
Dictionary <string, object> options = manager.GetOptions(taskid);
options["url"] = args[0];
options ["flushSession"] = true;
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskid);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
{
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskid);
}
}
}
static void TestGetRequestWithSqlmap(string url, string parameter)
{
Console.WriteLine("Testing url with sqlmap: " + url);
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775)) {
using (SqlmapManager manager = new SqlmapManager(session)) {
string taskID = manager.NewTask();
var options = manager.GetOptions(taskID);
options ["url"] = url;
options ["level"] = 1;
options ["risk"] = 1;
options ["dbms"] = "postgresql";
options ["testParameter"] = parameter;
options ["flushSession"] = "true";
manager.StartTask(taskID, options);
SqlmapStatus status = manager.GetScanStatus(taskID);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskID);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskID);
foreach (SqlmapLogItem item in logItems)
{
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskID);
}
}
}
static void TestPostRequestWithSqlmap(string url, string data, string soapAction, string vulnValue)
{
Console.WriteLine("Testing url with sqlmap: " + url);
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775)) {
using (SqlmapManager manager = new SqlmapManager(session)) {
string taskID = manager.NewTask();
var options = manager.GetOptions(taskID);
options ["url"] = url;
options ["level"] = 1;
options ["risk"] = 1;
options ["dbms"] = "postgresql";
options ["data"] = data.Replace(vulnValue, "*").Trim();
options ["flushSession"] = "true";
string headers = string.Empty;
if (!string.IsNullOrEmpty(soapAction))
{
headers = "Content-Type: text/xml\nSOAPAction: " + soapAction;
}
else
{
headers = "Content-Type: application/x-www-form-urlencoded";
}
options ["headers"] = headers;
manager.StartTask(taskID, options);
SqlmapStatus status = manager.GetScanStatus(taskID);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskID);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskID);
foreach (SqlmapLogItem item in logItems)
{
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskID);
}
}
}
public static void Main(string[] args)
{
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
{
using (SqlmapManager manager = new SqlmapManager(session))
{
string taskid = manager.NewTask();
Console.WriteLine(taskid);
Dictionary <string, object> options = manager.GetOptions(taskid);
manager.SetOption(taskid, "msfPath", "/path/to/msf");
Dictionary <string, object> newoptions = manager.GetOptions(taskid);
Console.WriteLine("Old msfpath: " + options["msfPath"].ToString());
Console.WriteLine("New msfpath: " + newoptions["msfPath"].ToString());
options["url"] = "http://192.168.1.254/xslt?PAGE=C_0_0";
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskid);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
{
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskid);
}
}
}
public static void Main(string[] args)
{
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
{
using (SqlmapManager manager = new SqlmapManager(session))
{
string taskid = manager.NewTask();
Dictionary <string, object> options = manager.GetOptions(taskid);
options["url"] = "http://testfire.net/bank/login.aspx?uid=fdsa&passw=fdsa";
options["flushSession"] = true;
foreach (var pair in options)
{
Console.WriteLine("Key: " + pair.Key + "\t::Value: " + pair.Value);
}
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskid);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
{
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskid);
}
}
}
private List <IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary <string, string> config)
{
List <IToolResults> _results = new List <IToolResults> ();
Console.WriteLine("Scanning host: " + host.Hostname);
foreach (var port in host.Ports)
{
port.ParentIPAddress = host.IPAddressv4;
if ((port.Service == "http" || port.Service == "https") && bool.Parse(config ["isSQLMap"]))
{
IToolOptions _options = new WapitiToolOptions();
(_options as WapitiToolOptions).Host = host.IPAddressv4;
(_options as WapitiToolOptions).Port = port.PortNumber;
(_options as WapitiToolOptions).Path = config ["wapitiPath"];
Wapiti wapiti = new Wapiti(_options);
Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname));
WapitiToolResults wapitiResults = null;
try {
wapitiResults = wapiti.Run(new TimeSpan(0, 10, 0)) as WapitiToolResults;
wapitiResults.HostIPAddressV4 = host.IPAddressv4;
wapitiResults.HostPort = port.PortNumber;
wapitiResults.IsTCP = true;
_results.Add(wapitiResults);
} catch (Exception ex) {
Console.WriteLine(ex.Message);
}
if (sqlmapOptions != null && wapitiResults != null)
{
if (wapitiResults.Bugs == null) // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.
{
sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4;
sqlmapOptions.Port = port.PortNumber;
sqlmapOptions.Path = config ["sqlmapPath"];
SQLMap mapper = new SQLMap(sqlmapOptions);
SQLMapResults sqlmapResults = mapper.Run() as SQLMapResults;
sqlmapResults.ParentHostPort = port;
_results.Add(sqlmapResults);
}
else
{
using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
using (SqlmapManager manager = new SqlmapManager(sess)) {
foreach (WapitiBug bug in wapitiResults.Bugs)
{
if (bug.Type.StartsWith("SQL Injection"))
{
Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);
sqlmapOptions.Path = config ["sqlmapPath"];
//SQLMap mapper = new SQLMap (sqlmapOptions);
//SQLMapResults results = mapper.Run (bug) as SQLMapResults;
// if (results == null )
// continue;
//
// if (results.Vulnerabilities != null)
// foreach (var vuln in results.Vulnerabilities)
// vuln.Target = bug.URL;
//
// results.ParentHostPort = port;
//
// _results.Add (results);
string taskid = manager.NewTask();
Dictionary <string, object> opts = manager.GetOptions(taskid);
if (bug.URL.Contains(bug.Parameter))
{
opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
manager.StartTask(taskid, opts);
}
else
{
opts ["url"] = bug.URL;
opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
manager.StartTask(taskid, opts);
}
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskid);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskid);
SQLMapResults results = new SQLMapResults();
results.Vulnerabilities = new List <SQLMapVulnerability>();
foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
{
SQLMapVulnerability vuln = new SQLMapVulnerability();
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskid);
}
else if (bug.Type.Contains("Cross Site Scripting)"))
{
//dsxs
}
}
}
}
}
}
}
}
Console.WriteLine("Done with host: " + host.Hostname);
return(_results);
}
