"""
Name: SQLiPy
Version: 0.8.1
Date: 9/3/2014
Author: Josh Berry - josh.berry@codewatch.org
Github: https://github.com/codewatchorg/sqlipy
Description: This plugin leverages the SQLMap API to initiate SQLMap scans against the target.
This plugin requires the beta version of Jython as it uses the JSON module.
I used this blog post to quickly understand and leverage the SQLMap API (thrilled that someone figured this out for me):
http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html
The following Burp plugins were reviewed to help develop this:
- Payload Parser: https://github.com/infodel
- Burp SAMl: https://github.com/Meatballs1/burp_saml
- ActiveScan++:
- WCF Binary SOAP Handler: http://blog.securityps.com/2013/02/burp-suite-plugin-view-and-modify-wcf.html
- WSDL Wizard: https://github.com/SmeegeSec/WSDLWizard/blob/master/WSDLWizard.py
- co2: https://code.google.com/p/burp-co2/
"""
from burp import IBurpExtender
from burp import IBurpExtenderCallbacks
from burp import IContextMenuFactory
from burp import IHttpRequestResponse
from burp import IMessageEditorController
from burp import IMessageEditorTabFactory
from burp import ITab
from burp import IMessageEditorTab
from burp import IScannerCheck
from burp import IScanIssue
from burp import IExtensionStateListener
from javax import swing
from javax.swing.filechooser import FileNameExtensionFilter
from java.awt import GridBagLayout
from java.awt import Font
from java.awt import Color
from java import awt
from java.lang import Runtime
from java.lang import Process
from java.lang import System
from java.lang import Runnable
from java.lang import Thread
from java.io import File
from java.io import Reader
from java.io import BufferedReader
from java.io import InputStreamReader
import subprocess
import re
import urllib2
import sys
import json
import threading
import time
import zipfile
import os
class StreamGobbler(Runnable):
def __init__(self, inStream, outStream):
self.inStream = inStream
self.outStream = outStream
return
def run(self):
try:
while (self.inStream.read() != -1):
isr = InputStreamReader(self.inStream)
br = BufferedReader(isr)
print str(br.readLine())
except BaseException as ex:
print 'Could not read API input/output/error buffer\n'
class SqlMapScanIssue(IScanIssue):
def __init__(self, httpService, url, httpMessages, name, detail, confidence, severity):
self.HttpService = httpService
self.vulnurl = url
self.HttpMessages = httpMessages
self.vulnname = name
self.vulndetail = detail
self.vulnsev = severity
self.vulnconf = confidence
return
def getUrl(self):
return self.vulnurl
def getIssueName(self):
return self.vulnname
def getIssueType(self):
return 0
def getSeverity(self):
return self.vulnsev
def getConfidence(self):
return self.vulnconf
def getIssueBackground(self):
return None
def getRemediationBackground(self):
return None
def getIssueDetail(self):
return self.vulndetail
def getRemediationDetail(self):
return None
def getHttpMessages(self):
return self.HttpMessages
def getHttpService(self):
return self.HttpService
class ThreadExtender(IBurpExtender, IContextMenuFactory, ITab, IScannerCheck):
def __init__(self, burpobject, sqlmapip, sqlmapport, sqlmaptask, url, httpmessage, cbacks):
self.burpobject = burpobject
self.sqlmapip = sqlmapip
self.sqlmapport = sqlmapport
self.sqlmaptask = sqlmaptask
self.url = url
self.httpmessage = httpmessage
self.cbacks = cbacks
def checkResults(self):
t = threading.currentThread()
time.sleep(5)
print 'Checking results on task: '+self.sqlmaptask+'\n'
while getattr(t, "keep_running", True):
try:
req = urllib2.Request('http://' + self.sqlmapip + ':' + self.sqlmapport + '/scan/' + self.sqlmaptask + '/status')
req.add_header('Content-Type', 'application/json')
resp = json.load(urllib2.urlopen(req, timeout=10))
if resp['status'] == "running":
print 'Scan for task '+self.sqlmaptask+' is still running.\n'
time.sleep(30)
elif resp['status'] == "terminated":
if resp['returncode'] == 0:
print 'Scan for task '+self.sqlmaptask+' completed. Gathering results.\n'
vulnurl = ''
vulnparam = ''
dbtype = ''
payloads = ''
banner = ''
cu = ''
cdb = ''
hostname = ''
isdba = ''
lusers = ''
lprivs = ''
lroles = ''
ldbs = ''
lpswds = ''
try:
req = urllib2.Request('http://' + self.sqlmapip + ':' + self.sqlmapport + '/scan/' + self.sqlmaptask + '/data')
req.add_header('Content-Type', 'application/json')
resp = json.load(urllib2.urlopen(req, timeout=10))
vulnerable = False
for findings in resp['data']:
vulnerable = True
# Get vulnerable URL and param
if findings['type'] == 0:
vulnurl = findings['value']['url']
vulnparam = findings['value']['query']
vulndetails = '<ul><li>URL: '+str(vulnurl)+'</li><li>Parameter: '+str(vulnparam)+'</li></ul>'
# Get basic scan info
if findings['type'] == 1:
if isinstance(findings['value'][0]['dbms'], list):
for dbtypes in findings['value'][0]['dbms']:
dbtype = dbtype + dbtypes + ', or '
dbtype = dbtype[:-5]
else:
dbtype = findings['value'][0]['dbms']
for items in findings['value']:
firstpayload = True
for k in items['data']:
if firstpayload:
payloads = '<li>'+items['data'][k]['payload']+'</li>'
firstpayload = False
else:
payloads = payloads + '<li>'+items['data'][k]['payload']+'</li>'
if firstpayload == False:
payloads = '<ul>' + payloads + '</ul><BR>'
# Get banner info
if findings['type'] == 3:
banner = findings['value']+'<BR>'
# Get Current Users
elif findings['type'] == 4:
cu = 'Current User: '+findings['value']+'<BR>'
# Get Current Database
elif findings['type'] == 5:
cdb = 'Current Database: '+findings['value']+'<BR>'
# Get Hostname
elif findings['type'] == 6:
if findings['value'] is not None:
hostname = 'Hostname: '+str(findings['value'])+'<BR>'
else:
hostname = 'Hostname: Enumeration failed.<BR>'
# Is the user a DBA?
elif findings['type'] == 7:
if findings['value'] == True:
isdba = 'Is a DBA: Yes'+'<BR>'
else:
isdba = 'Is a DBA: No'+'<BR>'
# Get list of users
elif findings['type'] == 8:
firstuser = True
for user in findings['value']:
if firstuser:
lusers = '<li>'+user+'</li>'
firstuser = False
else:
lusers = lusers + '<li>'+user+'</li>'
if firstuser == False:
lusers = 'Users:<ul>' + lusers + '</ul><BR>'
# Get list of passwords
elif findings['type'] == 9:
userdata = ''
userpswds = ''
firstuser = True
for users in findings['value']:
firstpswd = True
if firstuser:
firstuser = False
userdata = '<li>'+users+'</li>'
else:
userdata = userdata + '<li>'+users+'</li>'
for pswd in findings['value'][users]:
if firstpswd:
firstswd = False
userpswds = '<li>'+pswd+'</li>'
else:
userpswds = userpswds + '<li>'+pswd+'</li>'
lpswds = lpswds + userdata + '<ul>'+userpswds+'</ul>'
userdata = ''
userpswds = ''
if firstuser == False:
lpswds = 'Password Hashes per User:<ul>'+lpswds+'</ul><BR>'
# Get list of privileges
elif findings['type'] == 10:
userdata = ''
userprivs = ''
firstuser = True
for users in findings['value']:
firstpriv = True
if firstuser:
firstuser = False
userdata = '<li>'+users+'</li>'
else:
userdata = userdata + '<li>'+users+'</li>'
if findings['value'][users] is not None:
for priv in findings['value'][users]:
if firstpriv:
firstpriv = False
userprivs = '<li>'+priv+'</li>'
else:
userprivs = userprivs + '<li>'+priv+'</li>'
else:
userprivs = '<li>Null</li>'
lprivs = lprivs + userdata + '<ul>'+userprivs+'</ul>'
userdata = ''
userprivs = ''
if firstuser == False:
lprivs = 'Privileges per User:<ul>'+lprivs+'</ul><BR>'
# Get list of roles
elif findings['type'] == 11:
userdata = ''
userroles = ''
firstuser = True
for users in findings['value']:
firstrole = True
if firstuser:
firstuser = False
userdata = '<li>'+users+'</li>'
else:
userdata = userdata + '<li>'+users+'</li>'
if findings['value'][users] is not None:
for role in findings['value'][users]:
if firstrole:
firstrole = False
userroles = '<li>'+role+'</li>'
else:
userroles = userroles + '<li>'+role+'</li>'
else:
userroles = '<li>Null</li>'
lroles = lroles + userdata + '<ul>'+userroles+'</ul>'
userdata = ''
userroles = ''
if firstuser == False:
lroles = 'Roles per User:<ul>'+lroles+'</ul><BR>'
# Get list of DBs
elif findings['type'] == 12:
firstdb = True
for db in findings['value']:
if firstdb:
ldbs = '<li>'+str(db)+'</li>'
firstdb = False
else:
ldbs = ldbs + '<li>'+str(db)+'</li>'
if firstdb == False:
ldbs = 'Databases:<ul>' + ldbs + '</ul><BR>'
if vulnerable:
if re.search('Free', self.cbacks.getBurpVersion()[0], re.IGNORECASE) is not None:
findings = open(self.sqlmaptask + '.html', 'w')
findings.write('<html><head><title>SQLMap Scan - ' + self.sqlmaptask + '</title></head><body>')
findings.write('<h1>SQLMap Scan Finding</h1><br><p>The application has been found to be vulnerable to SQL injection by SQLMap.</p><br>')
findings.write('<p>Vulnerable URL and Parameter:</p><p>'+vulndetails+'</p>')
findings.write('<p>The following payloads successfully identified SQL injection vulnerabilities:</p><p>'+payloads+'</p><p>Enumerated Data:</p><BR><p>'+dbtype+': '+banner+'</p><p>'+cu+'</p><p>'+cdb+'</p><p>'+hostname+'</p><p>'+isdba+'</p><p>'+lusers+'</p><p>'+lpswds+'</p><p>'+lprivs+'</p><p>'+lroles+'</p><p>'+ldbs+'</p>')
findings.write('</body></html>')
findings.close()
print 'Wrote scan file ' + self.sqlmaptask + '.html\n'
else:
scanIssue = SqlMapScanIssue(self.httpmessage.getHttpService(), self.url, [self.httpmessage], 'SQLMap Scan Finding',
'The application has been found to be vulnerable to SQL injection by SQLMap. <BR><BR>Vulnerable URL and Parameter:<p>'+vulndetails+'</p><BR>The following payloads successfully identified SQL injection vulnerabilities:<p>'+payloads+'</p><p>Enumerated Data:</p><BR><p>'+dbtype+': '+banner+'</p><p>'+cu+'</p><p>'+cdb+'</p><p>'+hostname+'</p><p>'+isdba+'</p><p>'+lusers+'</p><p>'+lpswds+'</p><p>'+lprivs+'</p><p>'+lroles+'</p><p>'+ldbs+'</p>', 'Certain', 'High')
self.cbacks.addScanIssue(scanIssue)
print 'SQLi vulnerabilities were found for task '+self.sqlmaptask+' and have been reported.\n'
else:
print 'Scan completed for task '+self.sqlmaptask+' but SQLi vulnerabilities were not found.\n'
break
except:
print 'No results for SQLMap task: '+self.sqlmaptask+'\n'
break
else:
print 'SQLMap scan failed for task: '+self.sqlmaptask+'\n'
break
else:
print 'SQLMap scan failed for task: '+self.sqlmaptask+'\n'
break
except:
print 'Thread failed to get results for SQLMap task: ' + self.sqlmaptask+'\n'
break
class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IExtensionStateListener):
pythonfile = ''
apifile = ''
apiprocess = Process
apistatus = 0
threads = []
scanMessage = ''
scantasks = []
scancmds = {}
# Implement IBurpExtender
def registerExtenderCallbacks(self, callbacks):
# Print information about the plugin, set extension name, setup basic stuff
self.printHeader()
callbacks.setExtensionName("SQLiPy Sqlmap Integration")
callbacks.registerExtensionStateListener(self)
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.registerContextMenuFactory(self)
# Create SQLMap API configuration JPanel
self._jPanel = swing.JPanel()
self._jPanel.setLayout(awt.GridBagLayout())
self._jPanelConstraints = awt.GridBagConstraints()
# Create first blank space
self._jLabelAPISpace1 = swing.JLabel(" ")
self._jLabelAPISpace1.setFont(Font("Courier New", Font.BOLD, 30))
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 2
self._jPanelConstraints.gridwidth = 2
self._jPanel.add(self._jLabelAPISpace1, self._jPanelConstraints)
# Create second blank space
self._jLabelAPISpace2 = swing.JLabel(" ")
self._jLabelAPISpace2.setFont(Font("Courier New", Font.BOLD, 30))
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 3
self._jPanelConstraints.gridwidth = 2
self._jPanel.add(self._jLabelAPISpace2, self._jPanelConstraints)
# Create panel to show API status
self._jLabelAPIStatus = swing.JLabel("SQLMap API is NOT running!")
self._jLabelAPIStatus.setFont(Font("Courier New", Font.BOLD, 24))
self._jLabelAPIStatus.setForeground(Color.RED)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 4
self._jPanelConstraints.gridwidth = 2
self._jPanel.add(self._jLabelAPIStatus, self._jPanelConstraints)
# Create third blank space
self._jLabelAPISpace3 = swing.JLabel(" ")
self._jLabelAPISpace3.setFont(Font("Courier New", Font.BOLD, 30))
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 5
self._jPanelConstraints.gridwidth = 2
self._jPanel.add(self._jLabelAPISpace3, self._jPanelConstraints)
# Create panel for IP info
self._jLabelIPListen = swing.JLabel("Listen on IP:")
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 6
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jLabelIPListen, self._jPanelConstraints)
self._jTextFieldIPListen = swing.JTextField("127.0.0.1",15)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 1
self._jPanelConstraints.gridy = 6
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jTextFieldIPListen, self._jPanelConstraints)
# Create panel for Port info
self._jLabelPortListen = swing.JLabel("Listen on Port:")
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 7
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jLabelPortListen, self._jPanelConstraints)
self._jTextFieldPortListen = swing.JTextField("9090",3)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 1
self._jPanelConstraints.gridy = 7
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jTextFieldPortListen, self._jPanelConstraints)
# Create panel to contain Python button
self._jLabelPython = swing.JLabel("Select Python:")
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 8
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jLabelPython, self._jPanelConstraints)
self._jButtonSetPython = swing.JButton('Python', actionPerformed=self.setPython)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 1
self._jPanelConstraints.gridy = 8
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jButtonSetPython, self._jPanelConstraints)
# Create panel to contain API button
self._jLabelAPI = swing.JLabel("Select API:")
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 9
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jLabelAPI, self._jPanelConstraints)
self._jButtonSetAPI = swing.JButton('SQLMap API', actionPerformed=self.setAPI)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 1
self._jPanelConstraints.gridy = 9
self._jPanelConstraints.gridwidth = 1
self._jPanel.add(self._jButtonSetAPI, self._jPanelConstraints)
# Create panel to execute API
self._jButtonStartAPI = swing.JButton('Start API', actionPerformed=self.startAPI)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 10
self._jPanelConstraints.gridwidth = 2
self._jPanel.add(self._jButtonStartAPI, self._jPanelConstraints)
# Create panel to stop API
self._jButtonStopAPI = swing.JButton('Stop API', actionPerformed=self.stopAPI)
self._jPanelConstraints.fill = awt.GridBagConstraints.HORIZONTAL
self._jPanelConstraints.gridx = 0
self._jPanelConstraints.gridy = 11
self._jPanelConstraints.gridwidth = 2
self._jPanel.add(self._jButtonStopAPI, self._jPanelConstraints)
# Create SQLMap scanner panel
# Combobox Values
httpMethodValues = ['Default', 'GET', 'POST', 'PUT', 'DELETE', 'PATCH']
levelValues = [1,2,3,4,5]
riskValues = [0,1,2,3]
threadValues = [1,2,3,4,5,6,7,8,9,10]
delayValues = [0,1,2,3,4,5]
timeoutValues = [1,5,10,15,20,25,30,35,40,45,50,55,60]
retryValues = [1,2,3,4,5,6,7,8,9,10]
dbmsValues = ['Any', 'MySQL', 'Oracle', 'PostgreSQL', 'Microsoft SQL Server', 'Microsoft Access', 'SQLite', 'Firebird', 'Sybase', 'SAP MaxDB', 'DB2']
authTypes = ['None', 'Basic', 'Digest', 'NTLM']
osValues = ['Any', 'Linux', 'Windows']
timeSecValues = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]
torTypes = ['HTTP', 'SOCKS4', 'SOCKS5']
# GUI components
self._jLabelScanText = swing.JLabel()
self._jLabelScanIPListen = swing.JLabel()
self._jLabelScanPortListen = swing.JLabel()
self._jTextFieldScanIPListen = swing.JTextField()
self._jTextFieldScanPortListen = swing.JTextField()
self._jSeparator1 = swing.JSeparator()
self._jLabelHttpMethod = swing.JLabel()
self._jLabelIgnoreCode = swing.JLabel()
self._jComboHttpMethod = swing.JComboBox(httpMethodValues)
self._jTextFieldIgnoreCode = swing.JTextField()
self._jLabelURL = swing.JLabel()
self._jTextFieldURL = swing.JTextField()
self._jLabelData = swing.JLabel()
self._jTextData = swing.JTextArea()
self._jScrollPaneData = swing.JScrollPane(self._jTextData)
self._jLabelCookie = swing.JLabel()
self._jTextFieldCookie = swing.JTextField()
self._jLabelReferer = swing.JLabel()
self._jTextFieldReferer = swing.JTextField()
self._jLabelUA = swing.JLabel()
self._jTextFieldUA = swing.JTextField()
self._jLabelCustHeader = swing.JLabel()
self._jTextFieldCustHeader = swing.JTextField()
self._jSeparator2 = swing.JSeparator()
self._jLabelParam = swing.JLabel()
self._jTextFieldParam = swing.JTextField()
self._jCheckTO = swing.JCheckBox()
self._jSeparator3 = swing.JSeparator()
self._jComboLevel = swing.JComboBox(levelValues)
self._jLabelLevel = swing.JLabel()
self._jLabelRisk = swing.JLabel()
self._jComboRisk = swing.JComboBox(riskValues)
self._jSeparator4 = swing.JSeparator()
self._jCheckHPP = swing.JCheckBox('Param Pollution')
self._jCheckCU = swing.JCheckBox('Current User')
self._jCheckDB = swing.JCheckBox('Current DB')
self._jCheckHost = swing.JCheckBox('Hostname')
self._jCheckDBA = swing.JCheckBox('Is DBA?')
self._jCheckUsers = swing.JCheckBox('List Users')
self._jCheckPrivs = swing.JCheckBox('List Privs')
self._jCheckPswds = swing.JCheckBox('List Passwords')
self._jCheckRoles = swing.JCheckBox('List Roles')
self._jCheckDBs = swing.JCheckBox('List DBs')
self._jSeparator5 = swing.JSeparator()
self._jLabelThreads = swing.JLabel()
self._jLabelDelay = swing.JLabel()
self._jLabelTimeout = swing.JLabel()
self._jLabelRetry = swing.JLabel()
self._jLabelTimeSec = swing.JLabel()
self._jComboThreads = swing.JComboBox(threadValues)
self._jComboDelay = swing.JComboBox(delayValues)
self._jComboTimeout = swing.JComboBox(timeoutValues)
self._jComboRetry = swing.JComboBox(retryValues)
self._jComboTimeSec = swing.JComboBox(timeSecValues)
self._jSeparator6 = swing.JSeparator()
self._jLabelDBMS = swing.JLabel()
self._jComboDBMS = swing.JComboBox(dbmsValues)
self._jLabelOS = swing.JLabel()
self._jComboOS = swing.JComboBox(osValues)
self._jSeparator7 = swing.JSeparator()
self._jLabelProxy = swing.JLabel()
self._jTextFieldProxy = swing.JTextField()
self._jSeparator8 = swing.JSeparator()
self._jLabelTamper = swing.JLabel()
self._jTextFieldTamper = swing.JTextField()
self._jButtonStartScan = swing.JButton('Start Scan', actionPerformed=self.startScan)
self._jLabelScanAPI = swing.JLabel()
self._jLabelScanAPI.setText('SQLMap API is NOT running!')
self._jLabelScanAPI.setForeground(Color.RED)
self._jSeparator9 = swing.JSeparator()
self._jSeparator10 = swing.JSeparator()
self._jCheckTor = swing.JCheckBox('Enable Tor')
self._jLabelTorType = swing.JLabel()
self._jComboTorType = swing.JComboBox(torTypes)
self._jLabelTorPort = swing.JLabel()
self._jTextFieldTorPort = swing.JTextField()
self._jSeparator11 = swing.JSeparator()
self._jLabelAuthType = swing.JLabel()
self._jComboAuthType = swing.JComboBox(authTypes)
self._jLabelAuthUser = swing.JLabel()
self._jTextFieldAuthUser = swing.JTextField()
self._jLabelAuthPass = swing.JLabel()
self._jTextFieldAuthPass = swing.JTextField()
# Configure GUI
self._jLabelScanText.setText('API Listening On:')
self._jLabelScanIPListen.setText('SQLMap API IP:')
self._jLabelScanPortListen.setText('SQLMap API Port:')
self._jLabelHttpMethod.setText('HTTP Method:')
self._jLabelIgnoreCode.setText('Ignore Error Code:')
self._jComboHttpMethod.setSelectedIndex(0)
self._jLabelURL.setText('URL:')
self._jLabelData.setText('Post Data:')
self._jTextData.setLineWrap(True)
self._jScrollPaneData.setVerticalScrollBarPolicy(swing.JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
self._jLabelCookie.setText('Cookies:')
self._jLabelReferer.setText('Referer:')
self._jLabelUA.setText('User-Agent:')
self._jLabelCustHeader.setText('Custom Headers:')
self._jLabelParam.setText('Test Parameter(s):')
self._jCheckTO.setText('Text Only')
self._jLabelLevel.setText('Level:')
self._jLabelRisk.setText('Risk:')
self._jComboLevel.setSelectedIndex(2)
self._jComboRisk.setSelectedIndex(1)
self._jComboThreads.setSelectedIndex(0)
self._jComboDelay.setSelectedIndex(0)
self._jComboTimeout.setSelectedIndex(6)
self._jComboRetry.setSelectedIndex(2)
self._jComboTimeSec.setSelectedIndex(4)
self._jComboDBMS.setSelectedIndex(0)
self._jComboOS.setSelectedIndex(0)
self._jComboTorType.setSelectedIndex(2)
self._jLabelThreads.setText('Threads:')
self._jLabelDelay.setText('Delay:')
self._jLabelTimeout.setText('Timeout:')
self._jLabelRetry.setText('Retries:')
self._jLabelTimeSec.setText('Time-Sec:')
self._jLabelDBMS.setText('DBMS Backend:')
self._jLabelOS.setText('Operating System:')
self._jLabelProxy.setText('Proxy (HTTP://IP:Port):')
self._jLabelTamper.setText('Tamper Scripts:')
self._jLabelTorType.setText('Tor Type:')
self._jLabelTorPort.setText('Tor Port:')
self._jTextFieldTorPort.setText('9050')
self._jLabelAuthType.setText('Auth Type:')
self._jLabelAuthUser.setText('Auth User:')
self._jLabelAuthPass.setText('Auth Pass:')
self._jComboAuthType.setSelectedIndex(0)
# Configure locations
self._jLabelScanText.setBounds(15, 16, 126, 20)
self._jLabelScanIPListen.setBounds(15, 58, 115, 20)
self._jLabelScanPortListen.setBounds(402, 55, 129, 20)
self._jTextFieldScanIPListen.setBounds(167, 52, 206, 26)
self._jTextFieldScanPortListen.setBounds(546, 52, 63, 26)
self._jSeparator1.setBounds(15, 96, 790, 10)
self._jLabelHttpMethod.setBounds(15, 117, 100, 26)
self._jLabelIgnoreCode.setBounds(402, 117, 129, 26)
self._jComboHttpMethod.setBounds(166, 117, 150, 26)
self._jTextFieldIgnoreCode.setBounds(546, 117, 63, 26)
self._jLabelURL.setBounds(15, 193, 35, 20)
self._jTextFieldURL.setBounds(166, 190, 535, 26)
self._jLabelData.setBounds(15, 232, 73, 20)
self._jScrollPaneData.setBounds(166, 232, 535, 96)
self._jLabelCookie.setBounds(15, 347, 61, 20)
self._jTextFieldCookie.setBounds(166, 347, 535, 26)
self._jLabelReferer.setBounds(15, 396, 57, 20)
self._jTextFieldReferer.setBounds(166, 396, 535, 26)
self._jLabelUA.setBounds(15, 445, 86, 20)
self._jTextFieldUA.setBounds(166, 445, 535, 26)
self._jLabelCustHeader.setBounds(15, 494, 132, 20)
self._jTextFieldCustHeader.setBounds(166, 494, 535, 26)
self._jSeparator2.setBounds(15, 535, 790, 10)
self._jLabelParam.setBounds(15, 559, 132, 20)
self._jTextFieldParam.setBounds(165, 556, 366, 26)
self._jCheckTO.setBounds(584, 555, 101, 29)
self._jSeparator3.setBounds(15, 602, 790, 10)
self._jComboLevel.setBounds(165, 620, 180, 26)
self._jLabelLevel.setBounds(15, 623, 42, 20)
self._jLabelRisk.setBounds(430, 623, 35, 20)
self._jComboRisk.setBounds(518, 620, 180, 26)
self._jSeparator4.setBounds(15, 664, 790, 10)
self._jCheckHPP.setBounds(15, 684, 145, 29)
self._jCheckCU.setBounds(191, 684, 123, 29)
self._jCheckDB.setBounds(340, 684, 111, 29)
self._jCheckHost.setBounds(469, 684, 103, 29)
self._jCheckDBA.setBounds(599, 684, 105, 29)
self._jCheckUsers.setBounds(15, 731, 101, 29)
self._jCheckPswds.setBounds(191, 731, 135, 29)
self._jCheckPrivs.setBounds(344, 731, 95, 29)
self._jCheckRoles.setBounds(469, 731, 99, 29)
self._jCheckDBs.setBounds(599, 731, 89, 29)
self._jSeparator5.setBounds(15, 772, 790, 10)
self._jLabelThreads.setBounds(15, 795, 63, 20)
self._jLabelDelay.setBounds(173, 795, 45, 20)
self._jLabelTimeout.setBounds(326, 795, 65, 20)
self._jLabelRetry.setBounds(484, 795, 48, 20)
self._jLabelTimeSec.setBounds(642, 795, 65, 20)
self._jComboThreads.setBounds(80, 792, 78, 26)
self._jComboDelay.setBounds(233, 792, 78, 26)
self._jComboTimeout.setBounds(391, 792, 78, 26)
self._jComboRetry.setBounds(549, 792, 78, 26)
self._jComboTimeSec.setBounds(717, 792, 78, 26)
self._jSeparator6.setBounds(15, 834, 790, 10)
self._jLabelDBMS.setBounds(15, 857, 110, 20)
self._jComboDBMS.setBounds(143, 854, 191, 26)
self._jLabelOS.setBounds(352, 857, 132, 20)
self._jComboOS.setBounds(502, 854, 191, 26)
self._jSeparator7.setBounds(15, 896, 790, 10)
self._jLabelProxy.setBounds(15, 920, 171, 20)
self._jTextFieldProxy.setBounds(204, 917, 256, 26)
self._jSeparator8.setBounds(15, 963, 790, 10)
self._jCheckTor.setBounds(15, 987, 171, 20)
self._jLabelTorType.setBounds(206, 984, 65, 26)
self._jComboTorType.setBounds(291, 984, 100, 26)
self._jLabelTorPort.setBounds(460, 984, 129, 26)
self._jTextFieldTorPort.setBounds(545, 984, 65, 26)
self._jSeparator9.setBounds(15, 1030, 790, 10)
self._jLabelTamper.setBounds(15, 1055, 171, 20)
self._jTextFieldTamper.setBounds(204, 1052, 256, 26)
self._jSeparator10.setBounds(15, 1098, 790, 10)
self._jLabelAuthType.setBounds(15, 1123, 171, 20)
self._jComboAuthType.setBounds(204, 1123, 100, 26)
self._jLabelAuthUser.setBounds(15, 1172, 171, 20)
self._jTextFieldAuthUser.setBounds(204, 1172, 256, 26)
self._jLabelAuthPass.setBounds(15, 1221, 171, 20)
self._jTextFieldAuthPass.setBounds(204, 1221, 256, 26)
self._jSeparator11.setBounds(15, 1267, 790, 10)
self._jButtonStartScan.setBounds(346, 1292, 103, 29)
self._jLabelScanAPI.setBounds(167, 16, 275, 20)
# Create main panel
self._jScanPanel = swing.JPanel()
self._jScanPanel.setLayout(None)
self._jScanPanel.setPreferredSize(awt.Dimension(1368,1368))
self._jScanPanel.add(self._jLabelScanText)
self._jScanPanel.add(self._jLabelScanIPListen)
self._jScanPanel.add(self._jLabelScanPortListen)
self._jScanPanel.add(self._jTextFieldScanIPListen)
self._jScanPanel.add(self._jTextFieldScanPortListen)
self._jScanPanel.add(self._jSeparator1)
self._jScanPanel.add(self._jLabelURL)
self._jScanPanel.add(self._jTextFieldURL)
self._jScanPanel.add(self._jLabelData)
self._jScanPanel.add(self._jScrollPaneData)
self._jScanPanel.add(self._jLabelCookie)
self._jScanPanel.add(self._jTextFieldCookie)
self._jScanPanel.add(self._jLabelReferer)
self._jScanPanel.add(self._jTextFieldReferer)
self._jScanPanel.add(self._jLabelHttpMethod)
self._jScanPanel.add(self._jLabelIgnoreCode)
self._jScanPanel.add(self._jComboHttpMethod)
self._jScanPanel.add(self._jTextFieldIgnoreCode)
self._jScanPanel.add(self._jLabelUA)
self._jScanPanel.add(self._jTextFieldUA)
self._jScanPanel.add(self._jLabelCustHeader)
self._jScanPanel.add(self._jTextFieldCustHeader)
self._jScanPanel.add(self._jSeparator2)
self._jScanPanel.add(self._jLabelParam)
self._jScanPanel.add(self._jTextFieldParam)
self._jScanPanel.add(self._jCheckTO)
self._jScanPanel.add(self._jSeparator3)
self._jScanPanel.add(self._jComboLevel)
self._jScanPanel.add(self._jLabelLevel)
self._jScanPanel.add(self._jLabelRisk)
self._jScanPanel.add(self._jComboRisk)
self._jScanPanel.add(self._jSeparator4)
self._jScanPanel.add(self._jCheckHPP)
self._jScanPanel.add(self._jCheckCU)
self._jScanPanel.add(self._jCheckDB)
self._jScanPanel.add(self._jCheckHost)
self._jScanPanel.add(self._jCheckDBA)
self._jScanPanel.add(self._jCheckUsers)
self._jScanPanel.add(self._jCheckPswds)
self._jScanPanel.add(self._jCheckPrivs)
self._jScanPanel.add(self._jCheckRoles)
self._jScanPanel.add(self._jCheckDBs)
self._jScanPanel.add(self._jSeparator5)
self._jScanPanel.add(self._jLabelThreads)
self._jScanPanel.add(self._jLabelDelay)
self._jScanPanel.add(self._jLabelTimeout)
self._jScanPanel.add(self._jLabelRetry)
self._jScanPanel.add(self._jLabelTimeSec)
self._jScanPanel.add(self._jComboThreads)
self._jScanPanel.add(self._jComboDelay)
self._jScanPanel.add(self._jComboTimeout)
self._jScanPanel.add(self._jComboRetry)
self._jScanPanel.add(self._jComboTimeSec)
self._jScanPanel.add(self._jSeparator6)
self._jScanPanel.add(self._jLabelDBMS)
self._jScanPanel.add(self._jComboDBMS)
self._jScanPanel.add(self._jLabelOS)
self._jScanPanel.add(self._jComboOS)
self._jScanPanel.add(self._jSeparator7)
self._jScanPanel.add(self._jLabelProxy)
self._jScanPanel.add(self._jTextFieldProxy)
self._jScanPanel.add(self._jSeparator8)
self._jScanPanel.add(self._jCheckTor)
self._jScanPanel.add(self._jLabelTorType)
self._jScanPanel.add(self._jComboTorType)
self._jScanPanel.add(self._jLabelTorPort)
self._jScanPanel.add(self._jTextFieldTorPort)
self._jScanPanel.add(self._jSeparator9)
self._jScanPanel.add(self._jLabelTamper)
self._jScanPanel.add(self._jTextFieldTamper)
self._jScanPanel.add(self._jSeparator10)
self._jScanPanel.add(self._jLabelAuthType)
self._jScanPanel.add(self._jComboAuthType)
self._jScanPanel.add(self._jLabelAuthUser)
self._jScanPanel.add(self._jTextFieldAuthUser)
self._jScanPanel.add(self._jLabelAuthPass)
self._jScanPanel.add(self._jTextFieldAuthPass)
self._jScanPanel.add(self._jSeparator11)
self._jScanPanel.add(self._jButtonStartScan)
self._jScanPanel.add(self._jLabelScanAPI)
self._jScrollPaneMain = swing.JScrollPane(self._jScanPanel)
self._jScrollPaneMain.setViewportView(self._jScanPanel)
self._jScrollPaneMain.setPreferredSize(awt.Dimension(1357,1357))
# Create SQLMap log JPanel
self._jLogPanel = swing.JPanel()
self._jLogPanel.setLayout(None)
# Create label, combobox, and button to get logs and textarea to display them
self._jLabelLog = swing.JLabel("Logs for Scan ID:")
self._jComboLogs = swing.JComboBox(self.scantasks)
self._jButtonGetLogs = swing.JButton('Get', actionPerformed=self.getLogs)
self._jButtonRemoveLogs = swing.JButton('Remove', actionPerformed=self.removeLogs)
self._jTextLogs = swing.JTextArea()
self._jTextLogs.setColumns(50)
self._jTextLogs.setRows(50)
self._jTextLogs.setLineWrap(True)
self._jTextLogs.setEditable(False)
self._jScrollPaneLogs = swing.JScrollPane(self._jTextLogs)
self._jScrollPaneLogs.setVerticalScrollBarPolicy(swing.JScrollPane.VERTICAL_SCROLLBAR_ALWAYS)
self._jLabelLog.setBounds(15, 16, 126, 20)
self._jComboLogs.setBounds(167, 16, 535, 20)
self._jButtonGetLogs.setBounds(718, 16, 50, 20)
self._jButtonRemoveLogs.setBounds(783, 16, 80, 20)
self._jScrollPaneLogs.setBounds(15, 58, 846, 400)
self._jLogPanel.add(self._jLabelLog)
self._jLogPanel.add(self._jComboLogs)
self._jLogPanel.add(self._jButtonGetLogs)
self._jLogPanel.add(self._jButtonRemoveLogs)
self._jLogPanel.add(self._jScrollPaneLogs)
# Create SQLMap stop scan JPanel
self._jStopScanPanel = swing.JPanel()
self._jStopScanPanel.setLayout(None)
# Create label, combobox, and button to stop scans and textfield to display success
self._jLabelStopScan = swing.JLabel("Stop Scan ID:")
self._jComboStopScan = swing.JComboBox(self.scantasks)
self._jButtonStopScan = swing.JButton('Stop', actionPerformed=self.stopScan)
self._jButtonRemoveScan = swing.JButton('Remove', actionPerformed=self.removeScan)
self._jLabelStopStatus = swing.JLabel()
self._jLabelStopScan.setBounds(15, 16, 126, 20)
self._jComboStopScan.setBounds(167, 16, 535, 20)
self._jButtonStopScan.setBounds(718, 16, 55, 20)
self._jButtonRemoveScan.setBounds(783, 16, 80, 20)
self._jLabelStopStatus.setBounds(167, 58, 846, 20)
self._jStopScanPanel.add(self._jLabelStopScan)
self._jStopScanPanel.add(self._jComboStopScan)
self._jStopScanPanel.add(self._jButtonStopScan)
self._jStopScanPanel.add(self._jButtonRemoveScan)
self._jStopScanPanel.add(self._jLabelStopStatus)
# Setup Tabs
self._jConfigTab = swing.JTabbedPane()
self._jConfigTab.addTab("SQLMap API", self._jPanel)
self._jConfigTab.addTab("SQLMap Scanner", self._jScrollPaneMain)
self._jConfigTab.addTab("SQLMap Logs", self._jLogPanel)
self._jConfigTab.addTab("SQLMap Scan Stop", self._jStopScanPanel)
# Automatically get and set the Python path if we can find it
pythonpath = ''
pythonregpath1 = ''
pythonregpath2 = ''
pathpart1 = ''
pathpart2 = ''
drivepart1 = ''
drivepart2 = ''
pythonaltpath1 = ''
pythonaltpath2 = ''
path_delim = ''
ostype = System.getProperty('os.name')
try:
if 'Windows' in ostype:
path_delim = '\\'
try:
pythonpath = subprocess.check_output(['where', 'python']).split('\n')[0].rstrip('\n\r')
except:
print 'Could not find python.exe in path.\n'
try:
pythonregpath1 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath" /ve')
pathpart1 = pythonregpath1.rsplit(':', 1)[1].rstrip('\n\r')
drivepart1 = pythonregpath1.rsplit(':', 1)[0][-1]
except:
print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath.\n'
try:
pythonregpath2 = subprocess.check_output('reg query "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath" /ve')
pathpart2 = pythonregpath2.rsplit(':', 1)[1].rstrip('\n\r')
drivepart2 = pythonregpath2.rsplit(':', 1)[0][-1]
except:
print 'Could not find python path in registry at: HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath.\n'
if re.search('[pP]ython', pathpart1):
pythonaltpath1 = drivepart1 + ':' + pathpart1 + path_delim + 'python.exe'
if re.search('[pP]ython', pathpart2):
pythonaltpath2 = drivepart2 + ':' + pathpart2 + path_delim + 'python.exe'
else:
path_delim = '/'
try:
pythonpath = subprocess.check_output(['which', 'python2.7']).split('\n')[0].rstrip('\n\r')
except:
print 'Could not find python.exe in path.\n'
except:
print 'Could not get OS version, therefore could not find Python path\n'
# Set python variables
if re.search('python.exe', pythonpath) or re.search('\/python2.7$', pythonpath):
self.pythonfile = pythonpath
print 'Python found in system path at: ' + pythonpath + '\n'
elif re.search('python.exe', pythonaltpath1):
self.pythonfile = pythonaltpath1
print 'Python found in registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\2.7\\InstallPath at: ' + pythonaltpath1 + '\n'
elif re.search('python.exe', pythonaltpath2):
self.pythonfile = pythonaltpath2
print 'Python found in registry under HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Python\\PythonCore\\2.7\InstallPath at: ' + pythonaltpath2 + '\n'
else:
print 'Could not set the correct Python path.\n'
# Get Python version to confirm 2.7.x
if 'Windows' in ostype and re.search('python.exe', self.pythonfile):
try:
pythonver = subprocess.check_output(self.pythonfile + ' -c "import sys; print str(sys.version_info[0]) + str(sys.version_info[1])"').rstrip('\n\r')
if pythonver == '27':
self._jLabelPython.setText('Python set to: ' + self.pythonfile)
else:
self.pythonfile = ''
print 'Wrong version of Python: ' + pythonver[0] + '.' + pythonver[1] + '\n'
except:
print 'Could not get Python version\n'
elif re.search('python2.7', self.pythonfile):
self._jLabelPython.setText('Python set to: ' + self.pythonfile)
else:
print 'Wrong version of Python or something went wrong.\n'
# Automatically set the sqlmapapi, first unzip if the extension has never run
if os.path.isfile(os.getcwd() + path_delim + 'sqlmap.zip'):
# Extract sqlmap
try:
with zipfile.ZipFile(os.getcwd() + path_delim + 'sqlmap.zip') as sqlmapzip:
sqlmapzip.extractall(os.getcwd() + path_delim)
# Remove sqlmap zip file
os.remove(os.getcwd() + path_delim + 'sqlmap.zip')
# Set API
if os.path.isfile(os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'):
self._jLabelAPI.setText('API set to: ' + os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py')
self.apifile = os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'
print 'SQLMap API found at: ' + self.apifile + '\n'
else:
print 'Could not find SQLMap API file.\n'
except:
print 'Failed to extract sqlmap.zip\n'
else:
# Set API
if os.path.isfile(os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'):
self._jLabelAPI.setText('API set to: ' + os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py')
self.apifile = os.getcwd() + path_delim + 'sqlmap' + path_delim + 'sqlmapapi.py'
print 'SQLMap API found at: ' + self.apifile + '\n'
else:
print 'Could not find SQLMap API file.\n'
callbacks.customizeUiComponent(self._jConfigTab)
callbacks.addSuiteTab(self)
return
# Create a menu item if the appropriate section of the UI is selected
def createMenuItems(self, invocation):
menu = []
# Which part of the interface the user selects
ctx = invocation.getInvocationContext()
# Message Viewer Req will show menu item if selected by the user
if ctx == 0 or ctx == 2:
menu.append(swing.JMenuItem("SQLiPy Scan", None, actionPerformed=lambda x, inv=invocation: self.sqlMapScan(inv)))
return menu if menu else None
def getTabCaption(self):
return 'SQLiPy'
def getUiComponent(self):
return self._jConfigTab
def sqlMapScan(self, invocation):
# Check initial message for proper request/response and set variables - Burp will not return valid info otherwise
try:
invMessage = invocation.getSelectedMessages()
message = invMessage[0]
reqInfo = self._helpers.analyzeRequest(message)
reqUrl = str(reqInfo.getUrl())
reqBody = message.getRequest()
bodyData = self._helpers.bytesToString(reqBody[reqInfo.getBodyOffset():])
reqHeaders = newHeaders = list(reqInfo.getHeaders())
referer = ''
ua = ''
cookie = ''
for header in reqHeaders:
if re.search('^Referer', header, re.IGNORECASE) is not None:
referer = re.sub('^Referer\:\s+', '', header, re.IGNORECASE)
elif re.search('^User-Agent', header, re.IGNORECASE) is not None:
ua = re.sub('^User-Agent\:\s+', '', header, re.IGNORECASE)
elif re.search('^Cookie', header, re.IGNORECASE) is not None:
cookie = re.sub('^Cookie\:\s+', '', header, re.IGNORECASE)
self._jTextFieldURL.setText(reqUrl)
self._jTextData.setText(bodyData)
self._jTextFieldCookie.setText(cookie)
self._jTextFieldUA.setText(ua)
self._jTextFieldReferer.setText(referer)
self._jConfigTab.setSelectedComponent(self._jScrollPaneMain)
self.scanMessage = message
self.scanUrl = reqInfo.getUrl()
parentTab = self._jConfigTab.getParent()
parentTab.setSelectedComponent(self._jConfigTab)
except:
print 'Failed to add data to scan tab.'
def printHeader(self):
print 'SQLiPy - 0.8.1\nBurp interface to SQLMap via the SQLMap API\njosh.berry@codewatch.org\n\n'
def setAPI(self, e):
selectFile = swing.JFileChooser()
filter = swing.filechooser.FileNameExtensionFilter("python files", ["py"])
selectFile.addChoosableFileFilter(filter)
returnedFile = selectFile.showDialog(self._jPanel, "SQLMap API")
if returnedFile == swing.JFileChooser.APPROVE_OPTION:
file = selectFile.getSelectedFile()
self.apifile = file.getPath()
print 'Selected API at ' + file.getPath()
self._jLabelAPI.setText('API set to: ' + file.getPath())
def setPython(self, e):
selectFile = swing.JFileChooser()
returnedFile = selectFile.showDialog(self._jPanel, "Python EXE")
if returnedFile == swing.JFileChooser.APPROVE_OPTION:
file = selectFile.getSelectedFile()
self.pythonfile = file.getPath()
print 'Selected Python at ' + file.getPath()
self._jLabelPython.setText('Python set to: ' + file.getPath())
def startAPI(self, button):
if self.apistatus == 0:
try:
print 'Calling: ' + self.pythonfile + ' ' + self.apifile + ' -s -H ' + self._jTextFieldIPListen.getText() + ' -p ' + self._jTextFieldPortListen.getText() + '\n'
sqlmapdir = ''
if re.search('^[a-zA-Z]\:', self.apifile) is not None:
sqlmapdir = self.apifile.rsplit('\\', 1)[0]
else:
sqlmapdir = self.apifile.rsplit('/', 1)[0]
javaexec = getattr(Runtime.getRuntime(), "exec")
cmd = [self.pythonfile, self.apifile, "-s", "-H", self._jTextFieldIPListen.getText(), "-p", self._jTextFieldPortListen.getText()]
self.apiprocess = javaexec(cmd, None, File(sqlmapdir))
self.errorGobbler = Thread(StreamGobbler(self.apiprocess.getErrorStream(), System.err))
self.outputGobbler = Thread(StreamGobbler(self.apiprocess.getInputStream(), System.out))
self.errorGobbler.start()
self.outputGobbler.start()
# Final validation the API is running
try:
time.sleep(5)
req = urllib2.Request('http://' + self._jTextFieldIPListen.getText() + ':' + self._jTextFieldPortListen.getText() + '/scan/0/status')
req.add_header('Content-Type', 'application/json')
resp = json.load(urllib2.urlopen(req, timeout=10))
if resp['message'] == "Invalid task ID":
self._jLabelScanAPI.setText(self._jTextFieldIPListen.getText() + ':' + self._jTextFieldPortListen.getText())
self._jLabelScanAPI.setForeground(Color.GREEN)
self._jTextFieldScanIPListen.setText(self._jTextFieldIPListen.getText())
self._jTextFieldScanPortListen.setText(self._jTextFieldPortListen.getText())
self._jLabelAPIStatus.setText('SQLMap API IS CURRENTLY RUNNING!')
self._jLabelAPIStatus.setForeground(Color.GREEN)
self.apistatus = 1
print 'SQLMap API started.\n'
except:
self.apiprocess.destroy()
self.errorGobbler.join()
self.outputGobbler.join()
print 'Failed to start the SQLMap API\n'
except:
print 'Failed to start the SQLMap API\n'
else:
print 'The SQLMap API process has already been started\n'
def stopAPI(self, button):
if self.apistatus == 1:
try:
if self._jComboStopScan.getItemCount() is not 0:
for item in range(0, self._jComboStopScan.getItemCount()):
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/scan/' + self._jComboStopScan.getItemAt(item).split('-')[0] + '/kill')
resp = json.load(urllib2.urlopen(req, timeout=3))
if resp['success'] == True:
print 'Scan stopped for ID: '+ self._jComboStopScan.getItemAt(item).split('-')[0]+'\n'
else:
print 'Failed to stop scan on ID: '+self._jComboStopScan.getItemAt(item).split('-')[0]+', likely already completed\n'
except:
print 'Failed to stop currently running SQLMap scans or no scans were still running\n'
try:
totalThreads = 1
for thread in self.threads:
print 'Stopping running scan check thread: ' + str(totalThreads) + '\n'
totalThreads += 1
thread.keep_running = False
thread.join()
i = 0
while i < len(self.threads):
self.threads.pop(0)
i += 1
except:
print 'Could not stop running threads\n'
try:
self.apiprocess.destroy()
self._jComboLogs.removeAllItems()
self._jComboStopScan.removeAllItems()
self._jLabelScanAPI.setText('SQLMap API is NOT running!')
self._jLabelScanAPI.setForeground(Color.RED)
self._jLabelAPIStatus.setText('SQLMap API is NOT running!')
self._jLabelAPIStatus.setForeground(Color.RED)
self.apistatus = 0
print 'Stopping the SQLMap API\n'
except:
print 'Failed to stop the SQLMap API\n'
try:
self.errorGobbler.join()
self.outputGobbler.join()
print 'Stopping API input/output/error buffers threads\n'
except:
print 'Failed to stop API input/output/error buffers threads\n'
def extensionUnloaded(self):
if self.apistatus == 1:
try:
if self._jComboStopScan.getItemCount() is not 0:
for item in range(0, self._jComboStopScan.getItemCount()):
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/scan/' + self._jComboStopScan.getItemAt(item).split('-')[0] + '/kill')
resp = json.load(urllib2.urlopen(req, timeout=3))
if resp['success'] == True:
print 'Scan stopped for ID: '+ self._jComboStopScan.getItemAt(item).split('-')[0]+'\n'
else:
print 'Failed to stop scan on ID: '+self._jComboStopScan.getItemAt(item).split('-')[0]+', likely already completed\n'
except:
print 'Failed to stop currently running SQLMap scans or no scans were still running\n'
try:
totalThreads = 1
for thread in self.threads:
print 'Stopping running scan check thread: ' + str(totalThreads) + '\n'
totalThreads += 1
thread.keep_running = False
thread.join()
except:
print 'Could not stop running threads\n'
try:
self.apiprocess.destroy()
print 'Stopping the SQLMap API...\n'
except:
print 'Failed to stop the SQLMap API\n'
try:
self.errorGobbler.join()
self.outputGobbler.join()
print 'Stopping API input/output/error buffers threads\n'
except:
print 'Failed to stop API input/output/error buffers threads\n'
def getLogs(self, button):
try:
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/scan/' + self._jComboLogs.getSelectedItem().split('-')[0] + '/log')
resp = json.load(urllib2.urlopen(req, timeout=10))
if resp['success'] == True:
logdata = ''
for logs in resp['log']:
logdata = logdata + logs['level'] + ': ' + logs['time'] + ' - ' + logs['message'] + '\n'
self._jTextLogs.setText('Log results for: ' + self.scancmds[self._jComboLogs.getSelectedItem().split('-')[0]] + logdata)
else:
print 'Failed to get logs for: '+self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
except:
print 'Failed to get logs for: '+self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
def removeLogs(self, button):
print 'Removing Log Entry for ID: '+ self._jComboLogs.getSelectedItem().split('-')[0]+'\n'
self._jComboLogs.removeItem(self._jComboLogs.getSelectedItem())
def stopScan(self, button):
try:
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/scan/' + self._jComboStopScan.getSelectedItem().split('-')[0] + '/kill')
resp = json.load(urllib2.urlopen(req, timeout=10))
if resp['success'] == True:
print 'Scan stopped for ID: '+ self._jComboStopScan.getSelectedItem().split('-')[0]+'\n'
self._jLabelStopStatus.setText('Scan stopped for ID: ' + self._jComboStopScan.getSelectedItem().split('-')[0])
self._jComboStopScan.removeItem(self._jComboStopScan.getSelectedItem())
else:
print 'Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed\n'
self._jLabelStopStatus.setText('Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed')
except:
print 'Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed\n'
self._jLabelStopStatus.setText('Failed to stop scan on ID: '+self._jComboStopScan.getSelectedItem().split('-')[0]+', likely already completed')
def removeScan(self, button):
print 'Removing Scan Stop Entry for ID: '+ self._jComboStopScan.getSelectedItem().split('-')[0]+'\n'
self._jLabelStopStatus.setText('Scan removed from stop tab for ID: ' + self._jComboStopScan.getSelectedItem().split('-')[0])
self._jComboStopScan.removeItem(self._jComboStopScan.getSelectedItem())
def startScan(self, button):
hpp = ''
cu = ''
cdb = ''
hostname = ''
isdba = ''
lusers = ''
lpswds = ''
lprivs = ''
lroles = ''
ldbs = ''
textonly = ''
postdata = None
datacmd = ''
cookiedata = None
cookiecmd = ''
uadata = None
uacmd = ''
ignorecodedata = None
ignorecodecmd = ''
custheaderdata = None
custheadercmd = ''
headerdata = None
headercmd = ''
refererdata = None
referercmd = ''
proxy = None
proxycmd = ''
dbms = None
dbmscmd = ''
os = None
oscmd = ''
tampercmd = ''
tamperdata = None
paramcmd = ''
paramdata = None
csrfurl = None
csrftoken = None
torcmd = ''
tortypecmd = ''
torportcmd = ''
httpmethod = None
httpmethodcmd = ''
authtype = None
authtypecmd = ''
authcred = None
authcredcmd = ''
if self._jCheckTO.isSelected():
textonly = ' --text-only'
textonlystatus = True
else:
textonlystatus = False
if self._jCheckHPP.isSelected():
hpp = ' --hpp'
hppstatus = True
else:
hppstatus = False
if self._jCheckCU.isSelected():
cu = ' --current-user'
custatus = True
else:
custatus = False
if self._jCheckDB.isSelected():
cdb = ' --current-db'
cdbstatus = True
else:
cdbstatus = False
if self._jCheckHost.isSelected():
hostname = ' --hostname'
hostnamestatus = True
else:
hostnamestatus = False
if self._jCheckDBA.isSelected():
isdba = ' --is-dba'
isdbastatus = True
else:
isdbastatus = False
if self._jCheckUsers.isSelected():
lusers = ' --users'
lusersstatus = True
else:
lusersstatus = False
if self._jCheckPswds.isSelected():
lpswds = ' --passwords'
lpswdsstatus = True
else:
lpswdsstatus = False
if self._jCheckPrivs.isSelected():
lprivs = ' --privileges'
lprivsstatus = True
else:
lprivsstatus = False
if self._jCheckRoles.isSelected():
lroles = ' --roles'
lrolesstatus = True
else:
lrolesstatus = False
if self._jCheckDBs.isSelected():
ldbs = ' --dbs'
ldbsstatus = True
else:
ldbsstatus = False
if self._jCheckTor.isSelected():
torstatus = True
torcmd = ' --tor'
tortype = self._jComboTorType.getSelectedItem()
tortypecmd = ' --tor-type=' + self._jComboTorType.getSelectedItem()
torport = self._jTextFieldTorPort.getText()
torportcmd = ' --tor-port=' + self._jTextFieldTorPort.getText()
else:
torstatus = False
tortype = 'HTTP'
torport = None
if not re.search('^None$', self._jComboAuthType.getSelectedItem()) is not None and re.search('[a-zA-Z0-9]', self._jTextFieldAuthUser.getText()) is not None:
authtype = self._jComboAuthType.getSelectedItem()
authtypecmd = ' --auth-type=' + self._jComboAuthType.getSelectedItem()
authuser = self._jTextFieldAuthUser.getText()
authpass = self._jTextFieldAuthPass.getText()
authcred = authuser + ':' + authpass
authcredcmd = ' --auth-cred="' + authuser + ':' + authpass + '"'
else:
authtype = None
authtypecmd = ''
authuser = ''
authpass = ''
authcred = None
authcredcmd = ''
if re.search('[a-zA-Z0-9]', self._jTextFieldIgnoreCode.getText()) is not None:
ignorecodedata = self._jTextFieldIgnoreCode.getText()
ignorecodecmd = ' --ignore-code=' + self._jTextFieldIgnoreCode.getText()
if re.search('(http|https)\://', self._jTextFieldProxy.getText()) is not None:
proxy = self._jTextFieldProxy.getText()
proxycmd = ' --proxy=' + self._jTextFieldProxy.getText()
if not re.search('^Default$', self._jComboHttpMethod.getSelectedItem()) is not None:
httpmethod = self._jComboHttpMethod.getSelectedItem()
httpmethodcmd = ' --method="' + self._jComboHttpMethod.getSelectedItem()+'"'
if not re.search('^Any$', self._jComboDBMS.getSelectedItem()) is not None:
dbms = self._jComboDBMS.getSelectedItem()
dbmscmd = ' --dbms="' + self._jComboDBMS.getSelectedItem()+'"'
if not re.search('^Any$', self._jComboOS.getSelectedItem()) is not None:
os = self._jComboOS.getSelectedItem()
oscmd = ' --os=' + self._jComboOS.getSelectedItem()
if re.search('[a-zA-Z0-9]', self._jTextFieldTamper.getText()) is not None:
tampercmd = ' --tamper="' + self._jTextFieldTamper.getText() + '"'
tamperdata = self._jTextFieldTamper.getText()
if re.search('[a-zA-Z0-9]', self._jTextData.getText()) is not None:
postdata = self._jTextData.getText()
datacmd = ' --data="' + self._jTextData.getText() + '"'
if re.search('[a-zA-Z0-9]', self._jTextFieldCookie.getText()) is not None:
cookiedata = self._jTextFieldCookie.getText()
cookiecmd = ' --cookie="' + self._jTextFieldCookie.getText() + '"'
if re.search('[a-zA-Z0-9]', self._jTextFieldUA.getText()) is not None:
uadata = self._jTextFieldUA.getText()
uacmd = ' --user-agent="' + self._jTextFieldUA.getText() + '"'
if re.search('[a-zA-Z0-9]', self._jTextFieldCustHeader.getText()) is not None:
custheaderdata = self._jTextFieldCustHeader.getText()
custheadercmd = ' --headers="' + self._jTextFieldCustHeader.getText() + '"'
if re.search('[a-zA-Z0-9]', self._jTextFieldReferer.getText()) is not None:
refererdata = self._jTextFieldReferer.getText()
referercmd = ' --referer="' + self._jTextFieldReferer.getText() + '"'
if re.search('[a-zA-Z0-9]', self._jTextFieldParam.getText()) is not None:
paramdata = self._jTextFieldParam.getText()
paramcmd = ' -p "' + self._jTextFieldParam.getText() + '"'
try:
sqlmapcmd = 'sqlmap.py -u "' + self._jTextFieldURL.getText() + '"' + datacmd + httpmethodcmd + cookiecmd + uacmd + referercmd + custheadercmd + authtypecmd + authcredcmd + ignorecodecmd + proxycmd + torcmd + tortypecmd + torportcmd + ' --delay=' + str(self._jComboDelay.getSelectedItem()) + ' --timeout=' + str(self._jComboTimeout.getSelectedItem()) + ' --retries=' + str(self._jComboDelay.getSelectedItem()) + paramcmd + dbmscmd + oscmd + tampercmd + ' --level=' + str(self._jComboLevel.getSelectedItem()) + ' --risk=' + str(self._jComboRisk.getSelectedItem()) + textonly + hpp + ' --threads=' + str(self._jComboThreads.getSelectedItem()) + ' --time-sec=' + str(self._jComboTimeSec.getSelectedItem()) + ' -b' + cu + cdb + hostname + isdba + lusers + lpswds + lprivs + lroles + ldbs + ' --batch --answers="crack=N,dict=N,continue=Y,quit=N"\n\n'
print 'SQLMap Command: ' + sqlmapcmd
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/task/new')
resp = json.load(urllib2.urlopen(req, timeout=10))
if resp['success'] == True and resp['taskid']:
sqlitask = resp['taskid']
sqliopts = {'authType': authtype, 'csrfUrl': csrfurl, 'csrfToken': csrftoken, 'getUsers': lusersstatus, 'getPasswordHashes': lpswdsstatus, 'delay': self._jComboDelay.getSelectedItem(), 'isDba': isdbastatus, 'risk': self._jComboRisk.getSelectedItem(), 'getCurrentUser': custatus, 'getRoles': lrolesstatus, 'getPrivileges': lprivsstatus, 'testParameter': paramdata, 'timeout': self._jComboTimeout.getSelectedItem(), 'ignoreCode': ignorecodedata, 'torPort': torport, 'level': self._jComboLevel.getSelectedItem(), 'getCurrentDb': cdbstatus, 'answers': 'crack=N,dict=N,continue=Y,quit=N', 'method': httpmethod, 'cookie': cookiedata, 'proxy': proxy, 'os': os, 'threads': self._jComboThreads.getSelectedItem(), 'url': self._jTextFieldURL.getText(), 'getDbs': ldbsstatus, 'tor': torstatus, 'torType': tortype, 'referer': refererdata, 'retries': self._jComboRetry.getSelectedItem(), 'headers': custheaderdata, 'authCred': authcred, 'timeSec': self._jComboTimeSec.getSelectedItem(), 'getHostname': hostnamestatus, 'agent': uadata, 'dbms': dbms, 'tamper': tamperdata, 'hpp': hppstatus, 'getBanner': 'true', 'data': postdata, 'textOnly': textonlystatus}
print 'Created SQLMap Task: ' + sqlitask + '\n'
try:
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/option/' + sqlitask + '/set')
req.add_header('Content-Type', 'application/json')
resp = json.load(urllib2.urlopen(req, json.dumps(sqliopts), timeout=10))
if resp['success'] == True:
print 'SQLMap options set on Task ' + sqlitask + ': ' + json.dumps(sqliopts) + '\n'
sqliopts = {'url': self._jTextFieldURL.getText()}
try:
checkreq = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/option/' + sqlitask + '/list')
checkresp = json.load(urllib2.urlopen(checkreq, timeout=10))
print 'SQLMap options returned: ' + json.dumps(checkresp) + '\n'
except:
print 'Failed to get list of options from SQLMap API\n'
try:
req = urllib2.Request('http://' + self._jTextFieldScanIPListen.getText() + ':' + self._jTextFieldScanPortListen.getText() + '/scan/' + sqlitask + '/start')
req.add_header('Content-Type', 'application/json')
resp = json.load(urllib2.urlopen(req, json.dumps(sqliopts), timeout=10))
if resp['success'] == True:
findings = ThreadExtender(self, self._jTextFieldScanIPListen.getText(), self._jTextFieldScanPortListen.getText(), sqlitask, self.scanUrl, self.scanMessage, self._callbacks)
t = threading.Thread(target=findings.checkResults)
self.threads.append(t)
t.start()
self._jComboLogs.addItem(sqlitask + '-' + self._jTextFieldURL.getText())
self._jComboStopScan.addItem(sqlitask + '-' + self._jTextFieldURL.getText())
self.scancmds[sqlitask] = sqlmapcmd
print 'Started SQLMap Scan on Task ' + sqlitask +' with Engine ID: ' + str(resp['engineid']) + ' - ' + self._jTextFieldURL.getText() + '\n'
else:
print 'Failed to start SQLMap Scan for Task: ' + sqlitask + '\n'
except:
print 'Failed to start SQLMap Scan for Task: ' + sqlitask + '\n'
else:
print 'Failed to set options on SQLMap Task: ' + sqlitask + '\n'
except:
print 'Failed to set options on SQLMap Task: ' + sqlitask + '\n'
else:
print 'SQLMap task creation failed\n'
except:
print 'SQLMap task creation failed\n'
