Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("config.php");
- /*
- Ghetto Check if file is binary or ascii
- This way we can determine if we can print the contents in textarea or not
- Returns True if file is ascii, False otherwise
- */
- function is_ascii($sourcefile) {
- if (is_file($sourcefile)) {
- $content = str_replace(array("\n", "\r", "\t", "\v", "\b"), '', file_get_contents($sourcefile));
- return ctype_print($content);
- } else {
- return false;
- }
- }
- /*
- Check if array is a associated (hash) array vs a simple list array
- Returns True when array is an associative array (key:value pairings)
- Returns False otherwise
- Borrowed from stackoverflow discussion:
- http://stackoverflow.com/questions/5996749/determine-whether-an-array-is-associative-hash-or-not
- */
- function is_assoc(array $array) {
- $keys = array_keys($array); // Keys of the array
- return array_keys($keys) !== $keys;
- }
- // SQLMAP Rest API Client Communicator Class
- class SQLMAPClientAPI {
- private $api = API_URL; // REST API Server Address
- public $task_id; // Task ID to track against
- /*
- Initialize our Class Object
- Set the task id for new instance
- */
- public function __construct() {
- // Commented out to avoid spinning up unneccary tasks for admin
- // Manually call the generateNewTaskID() function to set...
- // $this->task_id = $this->generateNewTaskID();
- }
- /*
- Start up a new Task
- Returns the new task id on success, false otherwise
- */
- public function generateNewTaskID() {
- $json = json_decode(file_get_contents($this->api . "task/new"), true);
- if(($json['success'] == "true") && (trim($json['taskid']) != "")) {
- return trim($json['taskid']);
- }
- return NULL;
- }
- /*
- Delete an Active Task by ID
- Returns true on success, false otherwise
- */
- public function deleteTaskID($id) {
- $json = json_decode(file_get_contents($this->api . "task/" . $id . "/delete"), true);
- if($json['success'] == "true") {
- return true;
- }
- return false;
- }
- /*
- Lists current tasks with ADMIN ID, NOT task id
- Returns associative array on success, false otherwise
- array(
- 'tasks_num' => int,
- 'tasks' => array('1eb32c498dd90fb3','e398810ea2603520',...)
- )'
- */
- public function adminListTasks($adminid) {
- $json = json_decode(file_get_contents($this->api . "admin/" . $adminid . "/list"), true);
- if($json['success'] == "true") {
- return array('tasks_num' => $json['tasks_num'], 'tasks' => $json['tasks']);
- }
- return false;
- }
- /*
- Flush all tasks with ADMIN ID, NOT task id
- Returns true on success, false otherwise
- */
- public function adminFlushTasks($adminid) {
- $json = json_decode(file_get_contents($this->api . "admin/" . $adminid . "/flush"), true);
- if($json['success'] == "true") {
- return true;
- }
- return false;
- }
- /*
- List the currently set options under particular task ID
- Returns an associative array on success, false otherwise
- {
- "options": {
- "taskid": "e398810ea2603520",
- "agent": null,
- "alert": null,
- "answers": null,
- "api": true,
- "authCred": null,
- "authPrivate": null,
- "authType": null,
- "batch": true,
- "beep": false,
- "binaryFields": null,
- "bulkFile": null,
- "charset": null,
- "checkTor": false,
- "cleanup": false,
- "code": null,
- "col": null,
- "commonColumns": false,
- "commonTables": false,
- "configFile": null,
- "cookie": null,
- "cookieDel": null,
- "cpuThrottle": 5,
- "crawlDepth": null,
- "csrfToken": null,
- "csrfUrl": null,
- "csvDel": ",",
- "data": null,
- "database": "/tmp/sqlmapipc-rA0QdN",
- "db": null,
- "dbms": null,
- "dbmsCred": null,
- "delay": 0,
- "dependencies": false,
- "dFile": null,
- "direct": null,
- "disableColoring": true,
- "dnsName": null,
- "dropSetCookie": false,
- "dummy": false,
- "dumpAll": false,
- "dumpFormat": "CSV",
- "dumpTable": false,
- "dumpWhere": null,
- "eta": false,
- "excludeCol": null,
- "excludeSysDbs": false,
- "extensiveFp": false,
- "evalCode": null,
- "firstChar": null,
- "flushSession": false,
- "forceDns": false,
- "forceSSL": false,
- "forms": false,
- "freshQueries": false,
- "getAll": false,
- "getBanner": false,
- "getColumns": false,
- "getComments": false,
- "getCount": false,
- "getCurrentDb": false,
- "getCurrentUser": false,
- "getDbs": false,
- "getHostname": false,
- "getPasswordHashes": false,
- "getPrivileges": false,
- "getRoles": false,
- "getSchema": false,
- "getTables": false,
- "getUsers": false,
- "googleDork": null,
- "googlePage": 1,
- "headers": null,
- "hexConvert": false,
- "host": null,
- "hpp": false,
- "identifyWaf": false,
- "ignore401": false,
- "ignoreProxy": false,
- "invalidBignum": false,
- "invalidLogical": false,
- "invalidString": false,
- "isDba": false,
- "keepAlive": false,
- "lastChar": null,
- "level": 1,
- "limitStart": null,
- "limitStop": null,
- "liveTest": false,
- "loadCookies": null,
- "logFile": null,
- "method": null,
- "mnemonics": null,
- "mobile": false,
- "msfPath": null,
- "noCast": false,
- "noEscape": false,
- "notString": null,
- "nullConnection": false,
- "optimize": false,
- "outputDir": null,
- "os": null,
- "osBof": false,
- "osCmd": null,
- "osPwn": false,
- "osShell": false,
- "osSmb": false,
- "pageRank": false,
- "paramDel": null,
- "parseErrors": false,
- "pivotColumn": null,
- "predictOutput": false,
- "prefix": null,
- "privEsc": false,
- "profile": false,
- "proxy": null,
- "proxyCred": null,
- "proxyFile": null,
- "purgeOutput": false,
- "query": null,
- "randomAgent": false,
- "referer": null,
- "regexp": null,
- "regAdd": false,
- "regData": null,
- "regDel": false,
- "regKey": null,
- "regRead": false,
- "regType": null,
- "regVal": null,
- "requestFile": null,
- "retries": 3,
- "risk": 1,
- "rFile": null,
- "rParam": null,
- "runCase": null,
- "safUrl": null,
- "saFreq": 0,
- "saveCmdline": false,
- "scope": null,
- "search": false,
- "secondOrder": null,
- "sessionFile": null,
- "shLib": null,
- "sitemapUrl": null,
- "skip": null,
- "skipUrlEncode": false,
- "smart": false,
- "smokeTest": false,
- "sqlFile": null,
- "sqlShell": false,
- "stopFail": false,
- "string": null,
- "suffix": null,
- "tamper": null,
- "tbl": null,
- "tech": "BEUSTQ",
- "testFilter": null,
- "testParameter": null,
- "textOnly": false,
- "threads": 1,
- "timeout": 30,
- "timeSec": 5,
- "titles": false,
- "tmpPath": null,
- "tor": false,
- "torPort": null,
- "torType": "HTTP",
- "trafficFile": null,
- "uChar": null,
- "uCols": null,
- "udfInject": false,
- "uFrom": null,
- "updateAll": false,
- "url": null,
- "user": null,
- "verbose": 1,
- "wizard": false,
- "wFile": null
- },
- "success": true
- }
- */
- public function listOptions($taskid) {
- $json = json_decode(file_get_contents($this->api . "option/" . $taskid . "/list"), true);
- if($json['success'] == "true") {
- return $json;
- }
- return false;
- }
- /*
- Get SQLMAP Configuration Option Value under specific task ID
- Returns the option value as string on success, false otherwise
- $taskid = your user level task id to look under
- $optstr = the SQLMAP configuration option string
- NOTE: It's case sensitive, so reference list example above if stuck
- */
- public function getOptionValue($taskid, $optstr) {
- // Sorry, not going to pass through code to be eval'd in setter so not going to bother trying to return value...
- if((strtolower(trim($optstr)) != "evalcode") && (strtolower(trim($optstr)) != "eval")) {
- $opts = array(
- 'http'=> array(
- 'method'=>"POST",
- 'header'=>"Content-Type: application/json\r\n",
- 'content' => '{"option":"' . trim($optstr) . '"}',
- 'timeout' => 60
- )
- );
- $context = stream_context_create($opts);
- $json = json_decode(file_get_contents($this->api . "option/" . $taskid . "/get", false, $context), true);
- if($json['success'] == "true") {
- return $json[$optstr];
- }
- }
- return false;
- }
- /*
- Set SQLMAP Configuration Option Value under specific task ID
- Returns true on success, false otherwise
- $taskid = your user level task id to look under
- $optstr = the SQLMAP configuration option we want to set value for (case sensitive)
- $optvalue = the value to set for configuration option above ($optstr)
- */
- public function setOptionValue($taskid, $optstr, $optvalue, $integer=false) {
- // Sorry, not going to pass through code to be eval'd here...
- if((strtolower(trim($optstr)) != "evalcode") && (strtolower(trim($optstr)) != "eval")) {
- if(!$integer) {
- $opts = array(
- 'http'=> array(
- 'method'=>"POST",
- 'header'=>"Content-Type: application/json\r\n",
- 'content' => '{"' . trim($optstr) . '":"' . trim($optvalue) . '"}',
- 'timeout' => 60
- )
- );
- } else {
- $opts = array(
- 'http'=> array(
- 'method'=>"POST",
- 'header'=>"Content-Type: application/json\r\n",
- 'content' => '{"' . trim($optstr) . '":' . trim($optvalue) . '}',
- 'timeout' => 60
- )
- );
- }
- $context = stream_context_create($opts);
- $json = json_decode(file_get_contents($this->api . "option/" . $taskid . "/set", false, $context), true);
- if($json['success'] == "true") {
- return true;
- }
- }
- return false;
- }
- /*
- Start SQLMAP Scan using all configured options under user level task ID
- Returns the scan engine id for tracking status and results on success, false otherwise
- $taskid = your user level task id to track scan under
- */
- public function startScan($taskid) {
- $opts = array(
- 'http'=> array(
- 'method'=>"POST",
- 'header'=>"Content-Type: application/json\r\n",
- 'content' => '{ "url":"' . trim($this->getOptionValue($taskid, "url")) . '"}',
- 'timeout' => 60
- )
- );
- $context = stream_context_create($opts);
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/start", false, $context), true);
- if($json['success'] == 1) {
- return $json['engineid'];
- }
- return false;
- }
- /*
- Gracefully Stop a SQLMAP Scan, identified by user level task ID
- Returns true on success, false otherwise
- $taskid = your user level task id to stop scan for
- */
- public function stopScan($taskid) {
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/stop"), true);
- if($json['success'] == 1) {
- return true;
- }
- return false;
- }
- /*
- Forcefully KILL a SQLMAP Scan, identified by user level task ID
- Returns true on success, false otherwise
- $taskid = your user level task id to kill scan for
- */
- public function killScan($taskid) {
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/kill"), true);
- if($json['success'] == 1) {
- return true;
- }
- return false;
- }
- /*
- Check Status for a SQLMAP Scan, identified by user level task ID
- Returns associative array on success, false otherwise
- array(
- "status" => "running|terminated|not running",
- "code" => (int) "Process Polling Return Code, Status Percent?"
- );
- $taskid = your user level task id to check scan status for
- */
- public function checkScanStatus($taskid) {
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/status"), true);
- if($json['success'] == 1) {
- return array("status" => $json['status'], "code" => $json['returncode']);
- }
- return false;
- }
- /*
- Fetch the Scan Data from finished SQLMAP scan, identified by user level task ID
- Returns associative array on success, false otherwise
- array(
- "data" => array(
- "status" => "stats",
- "type" => "content_type",
- "value" => "some value"
- ),
- "error" => array("error msg", "error msg2", ...)
- );
- $taskid = your user level task id to get scan data for
- */
- public function getScanData($taskid) {
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/data"), true);
- if($json['success'] == 1) {
- return array("data" => $json['data'], "error" => $json['error']);
- }
- return false;
- }
- /*
- Review a subset of the SQLMAP scan log messages
- Message subset is based on start and end points provided by user
- Returns associative array on success, false otherwise
- array(
- "log" => array(
- array(
- "message" => "testing connection to the target URL",
- "level" => "INFO",
- "time" => "19:44:23"
- ),
- array(
- "message" => "testing if the target URL is stable. This can take a couple of seconds",
- "level" => "INFO",
- "time" => "19:44:24"
- ),
- array(...)
- );
- $taskid = your user level task id to get scan log for
- $start = the log entry index to start on
- $end = the log entry index to end on
- */
- public function reviewScanLogPartial($taskid, $start, $end) {
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/log/" . $start . "/" . $end), true);
- if($json['success'] == 1) {
- return $json['log'];
- }
- return false;
- }
- /*
- Review the FULL set of SQLMAP scan log messages
- Returns associative array on success, false otherwise
- array(
- "log" => array(
- array(
- "message" => "testing connection to the target URL",
- "level" => "INFO",
- "time" => "19:44:23"
- ),
- array(
- "message" => "testing if the target URL is stable. This can take a couple of seconds",
- "level" => "INFO",
- "time" => "19:44:24"
- ),
- array(...)
- );
- $taskid = your user level task id to get scan log for
- */
- public function reviewScanLogFull($taskid) {
- $json = json_decode(file_get_contents($this->api . "scan/" . $taskid . "/log"), true);
- if($json['success'] == 1) {
- return $json['log'];
- }
- return false;
- }
- /*
- Download a Scan Result File for a Particular Target under Task ID
- Returns $filename's content as base64 encoded string on success, false otherwise
- $taskid = your user level task id to find results under
- $target = ip or domain from scan
- NOTE: This is what SQLMAP will create folder under in output directory on scan initialization
- i.e. 10.10.10.10, domain.com, sub.domain.com or www.domain.com
- $filename = the file you wish to download
- NOTE: filename should include path (relative to sqlmap/output/target/ folder)
- i.e. dump/dbname/tblname.csv
- i.e. dump/ipbf_db/ipbf_members.csv
- i.e. files/filename
- i.e. files/_etc_passwd
- */
- public function downloadTargetFile($taskid, $target, $filename) {
- if((!preg_match("#..|%2e%2e|\x2e\x2e|0x2e0x2e#", $target)) && (!preg_match("#..|%2e%2e|\x2e\x2e|0x2e0x2e#", $filename))) {
- $json = json_decode(file_get_contents($this->api . "download/" . $taskid . "/" . $target . "/" . $filename), true);
- if($json['success'] == "true") {
- return $json['file'];
- }
- }
- return false;
- }
- }
- ?>
Add Comment
Please, Sign In to add comment