sqlinj-ant/autoinj.py

#!/usr/bin/python
# -*- coding:utf-8 -*-

import time
import json
import urllib
import urllib2
import redis
import requests
import param

class Autoinj(object):
	"""
		sqlmapapi 接口建立和管理sqlmap任务
		by zhangh (zhanghang.org#gmail.com)

		php install requests
	"""

	def __init__(self, server='', target='', method='', data='', cookie='', referer=''):
		super(Autoinj, self).__init__()
		self.server = server
		if self.server[-1] != '/':
			self.server = self.server + '/'
		if method == "GET":
			self.target = target + '?' + data
		else:
			self.target = target
		self.taskid = ''
		self.engineid = ''
		self.status = ''
		self.method = method
		self.data = data
		self.referer = referer
		self.cookie = cookie
		self.start_time = time.time()
		#print "server: %s \ttarget:%s \tmethod:%s \tdata:%s \tcookie:%s" % (self.server, self.target, self.method, self.data, self.cookie)

	def task_new(self):
		code = urllib.urlopen(self.server + param.task_new).read()
		self.taskid = json.loads(code)['taskid']
		return True

	def task_delete(self):
		url = self.server + param.task_del
		url = url.replace(param.taskid, self.taskid)
		requests.get(url).json()

	def scan_start(self):
		headers = {'Content-Type':'application/json'}
		url = self.server + param.scan_task_start
		url = url.replace(param.taskid, self.taskid)
		data = {'url':self.target}
		t = requests.post(url, data=json.dumps(data), headers=headers).text
		t = json.loads(t)
		self.engineid = t['engineid']
		return True

	def scan_status(self):
		url = self.server + param.scan_task_status
		url = url.replace(param.taskid, self.taskid)
		self.status = requests.get(url).json()['status']

	def scan_data(self):
		url = self.server + param.scan_task_data
		url = url.replace(param.taskid, self.taskid)
		return requests.get(url).json()

	def option_set(self):
		headers = {'Content-Type':'application/json'}
		url = self.server + param.option_task_set
		url = url.replace(param.taskid, self.taskid)
		data = {
				"user-agent":
					'''Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2)
				 		AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106'''
				}
		if self.method == "POST":
			data["data"] = self.data
		if len(self.cookie)>1:
			data["cookie"] = self.cookie
		#print data

		t = requests.post(url, data=json.dumps(data), headers=headers).text
		t = json.loads(t)

	def option_get(self):
		url = self.server + param.option_task_get
		url = url.replace(param.taskid, self.taskid)
		return requests.get(url).json()

	def scan_stop(self):
		url = self.server + param.scan_task_stop
		url = url.replace(param.taskid, self.taskid)
		return requests.get(url).json()

	def scan_kill(self):
		url = self.server + param.scan_task_kill
		url = url.replace(param.taskid, self.taskid)
		return requests.get(url).json()

	def run(self):
		# 开始任务
		if not self.task_new():
			print "Error: task created failed."
			return False
		# 设置扫描参数
		self.option_set()
		# 启动扫描任务
		if not self.scan_start():
			print "Error: scan start failed."
			return False
		# 等待扫描任务
		while True:
			self.scan_status()
			if self.status == 'running':
				time.sleep(3)
			elif self.status== 'terminated':
				break
			else:
				print "unkown status"
				break
			if time.time() - self.start_time > 30000:
				error = True
				self.scan_stop()
				self.scan_kill()
				break

		# 取结果
		res = self.scan_data()
		# 删任务
		self.task_delete()
		print "耗时:" + str(time.time() - self.start_time)
		return res



# if __name__ == '__main__':
# 	server = 'http://127.0.0.1:8775/'
# 	target = 'http://192.168.48.124:8080/index/news'
# 	#target = 'http://passport.youzu.com/payment/default/showContent/game_id/8/serviceProvider/rg_pay'
# 	#target = 'http://127.0.0.1:8080/index/login'
# 	data = "id=1"
# 	cookies = ""
# 	inj = Autoinj(server, target, 'GET', data, cookies)
# 	rs = inj.run()
# 	print rs

# 	if len(rs['data'])>0:
# 		print "SQL注入"