How to use sqlmap - 4 common examples
To help you get started, we’ve selected a few sqlmap examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
andresriancho / w3af / w3af / plugins / attack / db / sqlmap / sqlmapapi.py View on Github 
def main():
"""
REST-JSON API main function
"""
# Set default logging level to debug
logger.setLevel(logging.DEBUG)
# Initialize paths
setPaths(modulePath())
# Parse command line options
apiparser = optparse.OptionParser()
apiparser.add_option("-s", "--server", help="Act as a REST-JSON API server", default=RESTAPI_DEFAULT_PORT, action="store_true")
apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_DEFAULT_PORT, action="store_true")
apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server (default \"%s\")" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS, action="store")
apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type="int", action="store")
apiparser.add_option("--adapter", help="Server (bottle) adapter to use (default \"%s\")" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER, action="store")
(args, _) = apiparser.parse_args()
# Start the client or the server
if args.server is True:
server(args.host, args.port, adapter=args.adapter)
elif args.client is True:
client(args.host, args.port)
else:from lib.core.data import logger
from lib.utils.api import client
from lib.utils.api import server
RESTAPI_SERVER_HOST = "127.0.0.1"
RESTAPI_SERVER_PORT = 8775
if __name__ == "__main__":
"""
REST-JSON API main function
"""
# Set default logging level to debug
logger.setLevel(logging.DEBUG)
# Initialize path variable
paths.SQLMAP_ROOT_PATH = modulePath()
setPaths()
# Parse command line options
apiparser = optparse.OptionParser()
apiparser.add_option("-s", "--server", help="Act as a REST-JSON API server", default=RESTAPI_SERVER_PORT, action="store_true")
apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_SERVER_PORT, action="store_true")
apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server", default=RESTAPI_SERVER_HOST, action="store")
apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server", default=RESTAPI_SERVER_PORT, type="int", action="store")
(args, _) = apiparser.parse_args()
# Start the client or the server
if args.server is True:
server(args.host, args.port)
elif args.client is True:
client(args.host, args.port)
else:# sqlmap paths
paths.clear()
# object to store original command line options
cmdLineOptions.clear()
# object to store merged options (command line, configuration file and default options)
mergedOptions.clear()
# object to share within function and classes command
# line options and settings
conf.clear()
# object to share within function and classes results
kb.clear()
# object with each database management system specific queries
queries.clear()
Logger.debug('starting sqlmap')
try:
sqlmap.main()
finally:
App.get_running_app().running = Falsedef __init__(self, host: str = DEFAULT_HOST, port: int = DEFAULT_PORT):
"""
:param host: The host
:param port: The port
"""
self.host = host
self.port = port
self.base_url = 'http://' + self.host + ':' + str(port)
# Start the sqlmap-api server in a parallel thread
Log.info("Starting sqlmap-api server in a parallel thread")
MultiTask.multithread(sqlmap_server, (self.host, self.port), True, 1)
while not check_socket(self.host, self.port):
# Wait sqlmap-api server
sleep(0.1)
Log.success("Sqlmap-api server started!")sqlmap
Automatic SQL injection and database takeover tool
