安徽省建设网站,网站维护主要是做哪些,作品集模板,企业网站建设用什么语言文章目录 简单使用优化 应用案例#xff1a;前期通过信息收集拿到大量的URL地址#xff0c;这个时候可以配置sqlmapAP接口进行批量的SQL注入检测 #xff08;SRC挖掘#xff09; 查看sqlmapapi使用方法
python sqlmapapi.py -h启动sqlmapapi 的web服务#xff1a; 任务流… 文章目录 简单使用优化 应用案例前期通过信息收集拿到大量的URL地址这个时候可以配置sqlmapAP接口进行批量的SQL注入检测 SRC挖掘 查看sqlmapapi使用方法
python sqlmapapi.py -h启动sqlmapapi 的web服务 任务流程
1.创建新任务记录任务ID get(/task/new)
2.设置任务ID扫描信息 post(/option/taskid/set)
3.开始扫描对应ID任务 post (/scan/taskid/start)
4.读取扫描状态判断结果 get(/scan/taskid/status)
5.如果结束删除ID并获取结果 get (/task/taskid/delete)
6.扫描结果查看 get(/scan/taskid/data) 简单使用
1.创建新任务记录任务ID
import requests# 1.创建新任务记录任务ID
task_new_urlhttp://127.0.0.1:8775/task/new
responserequests.get(urltask_new_url)
print(response.json())2.设置任务ID扫描信息
import requests
import json
# 1.创建新任务记录任务ID
task_new_url http://127.0.0.1:8775/task/new
response requests.get(urltask_new_url)
taskid response.json()[taskid]# 2.设置任务ID扫描信息
data{url:http://192.168.8.3/sqli-labs-master/Less-2/?id1
}
headers{Content-Type:application/json
}
task_set_urlhttp://127.0.0.1:8775/option/taskid/set
task_set_responserequests.post(urltask_set_url,datajson.dumps(data),headersheaders)
print(task_set_response.content.decode(utf-8))3.开始扫描对应ID任务
import requests
import json# 1.创建新任务记录任务ID
task_new_url http://127.0.0.1:8775/task/new
response requests.get(urltask_new_url)
taskid response.json()[taskid]# 2.设置任务ID扫描信息
data {url: http://192.168.8.3/sqli-labs-master/Less-2/?id1
}
headers {Content-Type: application/json
}
task_set_url http://127.0.0.1:8775/option/ taskid /set
task_set_response requests.post(urltask_set_url, datajson.dumps(data), headersheaders)
# print(task_set_response.content.decode(utf-8))##### 3.开始扫描对应ID任务
task_start_urlhttp://127.0.0.1:8775/scan/taskid/start
task_start_datarequests.post(task_start_url,datajson.dumps(data),headersheaders)
print(task_start_data.content.decode(utf-8)) 这边任务id和上面不一样是因为我重启了服务 获取扫描状态
import requests
import json# 1.创建新任务记录任务ID
task_new_url http://127.0.0.1:8775/task/new
response requests.get(urltask_new_url)
taskid response.json()[taskid]# 2.设置任务ID扫描信息
data {url: http://192.168.8.3/sqli-labs-master/Less-2/?id1
}
headers {Content-Type: application/json
}
task_set_url http://127.0.0.1:8775/option/ taskid /set
task_set_response requests.post(urltask_set_url, datajson.dumps(data), headersheaders)
# print(task_set_response.content.decode(utf-8))# 3.开始扫描对应ID任务
task_start_url http://127.0.0.1:8775/scan/ taskid /start
task_start_data requests.post(task_start_url, datajson.dumps(data), headersheaders)
# print(task_start_data.content.decode(utf-8))# 4.读取扫描状态判断结果
task_scan_url http://127.0.0.1:8775/scan/ taskid /status
task_scan_data requests.get(task_scan_url)
print(task_scan_data.content.decode(utf-8))查看结果
查看扫描结果是get请求所以可以在浏览器中查看结果 上述代码在每运行一次都会创建一个任务ID所以需要进行代码优化
优化
import timeimport requests, json# 创建任务def sqlmapapi(url):# 创建任务idtask_new_url http://127.0.0.1:8775/task/newresponse requests.get(urltask_new_url)taskid response.json()[taskid]if success in response.content.decode(utf-8):print(sqlmapapi task create success !)data {url: url}headers {Content-Type: application/json}# 设置 任务task_set_url http://127.0.0.1:8775/option/ taskid /settask_set_response requests.post(urltask_set_url, datajson.dumps(data), headersheaders)if success in task_set_response.content.decode(utf-8):print(sqlmapapi task set success !)# 扫描任务task_start_url http://127.0.0.1:8775/scan/ taskid /starttask_start_data requests.post(task_start_url, datajson.dumps(data), headersheaders)if success in task_start_data.content.decode(utf-8):print(sqlmapapi task start success !)# 获取扫描状态while True:task_status_url http://127.0.0.1:8775/scan/ taskid /statustask_status_data requests.get(task_status_url)if running in task_status_data.content.decode(utf-8):print(sqlmapapi task scan running .....)else:# 查看扫描结果task_data_url http://127.0.0.1:8775/scan/ taskid /datatask_data requests.get(task_data_url)print(task_data.content.decode(utf-8))breaktime.sleep(3)if __name__ __main__:# urlhttp://192.168.8.3/sqli-labs-master/Less-2/?id1for url in open(url.txt):url url.replace(\n, )sqlmapapi(url)
