public static void Main(string[] args)
        {
            using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
            {
                using (SqlmapManager manager = new SqlmapManager(session))
                {
                    string taskid = manager.NewTask();

                    Dictionary<string, object> options = manager.GetOptions(taskid);
                    options["url"] = args[0];

                    manager.StartTask(taskid, options);

                    SqlmapStatus status = manager.GetScanStatus(taskid);
                    while (status.Status != "terminated") {
                        System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
                        status = manager.GetScanStatus(taskid);
                    }

                    List<SqlmapLogItem> logItems = manager.GetLog(taskid);
                    foreach (SqlmapLogItem item in logItems)
                        Console.WriteLine(item.Message);

                    manager.DeleteTask(taskid);
                }
            }
        }
        public static void Main(string[] args)
        {
            using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
            {
                using (SqlmapManager manager = new SqlmapManager(session))
                {
                    string taskid = manager.NewTask();

                    Console.WriteLine(taskid);

                    Dictionary<string, object> options = manager.GetOptions(taskid);

                    manager.SetOption(taskid, "msfPath", "/path/to/msf");

                    Dictionary<string, object> newoptions = manager.GetOptions(taskid);

                    Console.WriteLine("Old msfpath: " + options["msfPath"].ToString());
                    Console.WriteLine("New msfpath: " + newoptions["msfPath"].ToString());

                    options["url"] = "http://192.168.1.254/xslt?PAGE=C_0_0";

                    manager.StartTask(taskid, options);

                    SqlmapStatus status = manager.GetScanStatus(taskid);

                    while (status.Status != "terminated")
                    {
                        System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
                        status = manager.GetScanStatus(taskid);
                    }

                    List<SqlmapLogItem> logItems = manager.GetLog(taskid);

                    foreach (SqlmapLogItem item in logItems)
                        Console.WriteLine(item.Message);

                    manager.DeleteTask(taskid);
                }
            }
        }
Exemple #3
0
        static void TestPostRequestWithSqlmap(string url, string data, string soapAction, string vulnValue)
        {
            Console.WriteLine("Testing url with sqlmap: " + url);
            using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8081)) {
                using (SqlmapManager manager = new SqlmapManager(session)) {

                    string taskid = manager.NewTask();
                    var options = manager.GetOptions(taskid);
                    options["url"] = url;
                    //options["proxy"] = "http://127.0.0.1:8081";
                    options["data"] = data.Replace(vulnValue, "fdsa*").Replace("\"", "\\\"").Trim();
                    options["skipUrlEncode"] = "true";

                    if (!string.IsNullOrEmpty(soapAction))
                        options["headers"] = "Content-Type: text/xml\\nSOAPAction: " + soapAction;

                    manager.StartTask(taskid, options);

                    SqlmapStatus status = manager.GetScanStatus(taskid);
                    while (status.Status != "terminated")
                    {
                        System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
                        status = manager.GetScanStatus(taskid);
                    }

                    List<SqlmapLogItem> logItems = manager.GetLog(taskid);

                    foreach (SqlmapLogItem item in logItems)
                        Console.WriteLine(item.Message);

                    manager.DeleteTask(taskid);
                }
            }
        }
Exemple #4
0
        static void TestGetRequestWithSqlmap(string url)
        {
            Console.WriteLine("Testing url with sqlmap: " + url);
            using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8081)) {
                using (SqlmapManager manager = new SqlmapManager(session)) {
                    string taskid = manager.NewTask();
                    var options = manager.GetOptions(taskid);
                    options["url"] = url;
                    manager.StartTask(taskid, options);

                    SqlmapStatus status = manager.GetScanStatus(taskid);
                    while (status.Status != "terminated")
                    {
                        System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
                        status = manager.GetScanStatus(taskid);
                    }

                    List<SqlmapLogItem> logItems = manager.GetLog(taskid);

                    foreach (SqlmapLogItem item in logItems)
                        Console.WriteLine(item.Message);

                    manager.DeleteTask(taskid);
                }
            }
        }
Exemple #5
0
        private List<IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary<string, string> config)
        {
            List<IToolResults > _results = new List<IToolResults> ();

            Console.WriteLine ("Scanning host: " + host.Hostname);
            foreach (var port in host.Ports) {

                port.ParentIPAddress = host.IPAddressv4;

                if ((port.Service == "http" || port.Service == "https") && bool.Parse (config ["isSQLMap"])) {
                    IToolOptions _options = new WapitiToolOptions ();

                    (_options as WapitiToolOptions).Host = host.IPAddressv4;
                    (_options as WapitiToolOptions).Port = port.PortNumber;
                    (_options as WapitiToolOptions).Path = config ["wapitiPath"];

                    Wapiti wapiti = new Wapiti (_options);

                    Console.WriteLine ("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname));
                    WapitiToolResults wapitiResults = null;
                    try {
                        wapitiResults = wapiti.Run (new TimeSpan (0, 10, 0)) as WapitiToolResults;
                        wapitiResults.HostIPAddressV4 = host.IPAddressv4;
                        wapitiResults.HostPort = port.PortNumber;
                        wapitiResults.IsTCP = true;

                        _results.Add (wapitiResults);
                    } catch (Exception ex) {
                        Console.WriteLine (ex.Message);
                    }

                    if (sqlmapOptions != null && wapitiResults != null) {

                        if (wapitiResults.Bugs == null) { // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.

                            sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4;
                            sqlmapOptions.Port = port.PortNumber;
                            sqlmapOptions.Path = config ["sqlmapPath"];

                            SQLMap mapper = new SQLMap (sqlmapOptions);

                            SQLMapResults sqlmapResults = mapper.Run () as SQLMapResults;
                            sqlmapResults.ParentHostPort = port;

                            _results.Add (sqlmapResults);
                        } else {

                            using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
                                using (SqlmapManager manager = new SqlmapManager(sess)) {
                                    foreach (WapitiBug bug in wapitiResults.Bugs) {
                                        if (bug.Type.StartsWith ("SQL Injection")) {

                                            Console.WriteLine ("Starting SQLMap on host/port: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);

                                            sqlmapOptions.Path = config ["sqlmapPath"];
                                            //SQLMap mapper = new SQLMap (sqlmapOptions);

                                            //SQLMapResults results = mapper.Run (bug) as SQLMapResults;

            //									if (results == null )
            //										continue;
            //
            //									if (results.Vulnerabilities != null)
            //										foreach (var vuln in results.Vulnerabilities)
            //											vuln.Target = bug.URL;
            //
            //									results.ParentHostPort = port;
            //
            //									_results.Add (results);

                                            string taskid = manager.NewTask ();
                                            Dictionary<string, object> opts = manager.GetOptions (taskid);

                                            if (bug.URL.Contains (bug.Parameter)) {
                                                opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);

                                            } else {
                                                opts ["url"] = bug.URL;
                                                opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);
                                            }

                                            SqlmapStatus status = manager.GetScanStatus(taskid);

                                            while (status.Status != "terminated")
                                            {
                                                System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
                                                status = manager.GetScanStatus(taskid);
                                            }

                                            List<SqlmapLogItem> logItems = manager.GetLog(taskid);

                                            SQLMapResults results = new SQLMapResults();
                                            results.Vulnerabilities = new List<SQLMapVulnerability>();

                                            foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
                                            {
                                                SQLMapVulnerability vuln = new SQLMapVulnerability();

                                                Console.WriteLine(item.Message);
                                            }
                                            manager.DeleteTask(taskid);

                                        } else if (bug.Type.Contains ("Cross Site Scripting)")) {
                                            //dsxs
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            Console.WriteLine ("Done with host: " + host.Hostname);

            return _results;
        }