public static void Main(string[] args)
{
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
{
using (SqlmapManager manager = new SqlmapManager(session))
{
string taskid = manager.NewTask();
Dictionary<string, object> options = manager.GetOptions(taskid);
options["url"] = args[0];
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated") {
System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
status = manager.GetScanStatus(taskid);
}
List<SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
Console.WriteLine(item.Message);
manager.DeleteTask(taskid);
}
}
}
public static void Main(string[] args)
{
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
{
using (SqlmapManager manager = new SqlmapManager(session))
{
string taskid = manager.NewTask();
Console.WriteLine(taskid);
Dictionary<string, object> options = manager.GetOptions(taskid);
manager.SetOption(taskid, "msfPath", "/path/to/msf");
Dictionary<string, object> newoptions = manager.GetOptions(taskid);
Console.WriteLine("Old msfpath: " + options["msfPath"].ToString());
Console.WriteLine("New msfpath: " + newoptions["msfPath"].ToString());
options["url"] = "http://192.168.1.254/xslt?PAGE=C_0_0";
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
status = manager.GetScanStatus(taskid);
}
List<SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
Console.WriteLine(item.Message);
manager.DeleteTask(taskid);
}
}
}
static void TestPostRequestWithSqlmap(string url, string data, string soapAction, string vulnValue)
{
Console.WriteLine("Testing url with sqlmap: " + url);
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8081)) {
using (SqlmapManager manager = new SqlmapManager(session)) {
string taskid = manager.NewTask();
var options = manager.GetOptions(taskid);
options["url"] = url;
//options["proxy"] = "http://127.0.0.1:8081";
options["data"] = data.Replace(vulnValue, "fdsa*").Replace("\"", "\\\"").Trim();
options["skipUrlEncode"] = "true";
if (!string.IsNullOrEmpty(soapAction))
options["headers"] = "Content-Type: text/xml\\nSOAPAction: " + soapAction;
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
status = manager.GetScanStatus(taskid);
}
List<SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
Console.WriteLine(item.Message);
manager.DeleteTask(taskid);
}
}
}
static void TestGetRequestWithSqlmap(string url)
{
Console.WriteLine("Testing url with sqlmap: " + url);
using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8081)) {
using (SqlmapManager manager = new SqlmapManager(session)) {
string taskid = manager.NewTask();
var options = manager.GetOptions(taskid);
options["url"] = url;
manager.StartTask(taskid, options);
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
status = manager.GetScanStatus(taskid);
}
List<SqlmapLogItem> logItems = manager.GetLog(taskid);
foreach (SqlmapLogItem item in logItems)
Console.WriteLine(item.Message);
manager.DeleteTask(taskid);
}
}
}
private List<IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary<string, string> config)
{
List<IToolResults > _results = new List<IToolResults> ();
Console.WriteLine ("Scanning host: " + host.Hostname);
foreach (var port in host.Ports) {
port.ParentIPAddress = host.IPAddressv4;
if ((port.Service == "http" || port.Service == "https") && bool.Parse (config ["isSQLMap"])) {
IToolOptions _options = new WapitiToolOptions ();
(_options as WapitiToolOptions).Host = host.IPAddressv4;
(_options as WapitiToolOptions).Port = port.PortNumber;
(_options as WapitiToolOptions).Path = config ["wapitiPath"];
Wapiti wapiti = new Wapiti (_options);
Console.WriteLine ("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname));
WapitiToolResults wapitiResults = null;
try {
wapitiResults = wapiti.Run (new TimeSpan (0, 10, 0)) as WapitiToolResults;
wapitiResults.HostIPAddressV4 = host.IPAddressv4;
wapitiResults.HostPort = port.PortNumber;
wapitiResults.IsTCP = true;
_results.Add (wapitiResults);
} catch (Exception ex) {
Console.WriteLine (ex.Message);
}
if (sqlmapOptions != null && wapitiResults != null) {
if (wapitiResults.Bugs == null) { // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.
sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4;
sqlmapOptions.Port = port.PortNumber;
sqlmapOptions.Path = config ["sqlmapPath"];
SQLMap mapper = new SQLMap (sqlmapOptions);
SQLMapResults sqlmapResults = mapper.Run () as SQLMapResults;
sqlmapResults.ParentHostPort = port;
_results.Add (sqlmapResults);
} else {
using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
using (SqlmapManager manager = new SqlmapManager(sess)) {
foreach (WapitiBug bug in wapitiResults.Bugs) {
if (bug.Type.StartsWith ("SQL Injection")) {
Console.WriteLine ("Starting SQLMap on host/port: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);
sqlmapOptions.Path = config ["sqlmapPath"];
//SQLMap mapper = new SQLMap (sqlmapOptions);
//SQLMapResults results = mapper.Run (bug) as SQLMapResults;
// if (results == null )
// continue;
//
// if (results.Vulnerabilities != null)
// foreach (var vuln in results.Vulnerabilities)
// vuln.Target = bug.URL;
//
// results.ParentHostPort = port;
//
// _results.Add (results);
string taskid = manager.NewTask ();
Dictionary<string, object> opts = manager.GetOptions (taskid);
if (bug.URL.Contains (bug.Parameter)) {
opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
manager.StartTask(taskid, opts);
} else {
opts ["url"] = bug.URL;
opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
manager.StartTask(taskid, opts);
}
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
status = manager.GetScanStatus(taskid);
}
List<SqlmapLogItem> logItems = manager.GetLog(taskid);
SQLMapResults results = new SQLMapResults();
results.Vulnerabilities = new List<SQLMapVulnerability>();
foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
{
SQLMapVulnerability vuln = new SQLMapVulnerability();
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskid);
} else if (bug.Type.Contains ("Cross Site Scripting)")) {
//dsxs
}
}
}
}
}
}
}
}
Console.WriteLine ("Done with host: " + host.Hostname);
return _results;
}