SQLMAPAPI usage/sqlmapapi使用手册


$ sqlmapapi -h # 帮助
  -h, --help            show this help message and exit # 帮助
  -s, --server          Run as a REST-JSON API server # 启动服务
  -c, --client          Run as a REST-JSON API client # 打开一个客户端
  -H HOST, --host=HOST  Host of the REST-JSON API server (default "") # 设置主机地址将
  -p PORT, --port=PORT  Port of the the REST-JSON API server (default 8775) # 设置主机端口
  --adapter=ADAPTER     Server (bottle) adapter to use (default "wsgiref") # bottle服务器适配器(所以到底有什么用)
  --username=USERNAME   Basic authentication username (optional) # 用户名
  --password=PASSWORD   Basic authentication password (optional)
# 密码


以application/json格式post/get| Post/get as application/json format

新建一个任务,这将返回一个包含taskid的json | New task

GET /task/new HTTP/1.1

开始一个任务,这将返回一个包含状态和引擎id(如果有)的json | Start task

POST /task/{{TASKID}}/start HTTP/1.1
Content-type: application/json
Content-length: blahblah

{“url”: "{{TARGET_URL}}"}

设定一个任务的参数,这将返回设定结果(成功/失败),注意: 如果这是一个未分配参数,这将依然返回成功状态。 | Set {{OPTION}} to {{VALUE}} if there is

POST /options/{{TASKID}}/set HTTP/1.1
Content-type: application/json
Content-length: NotAContentButNoOneCares=]

{"{{OPTION}}": "{{VALUE}}"}

获取一个任务的状态,如果这个任务完成或未开始,这将返回已终结,否则返回其它状态。 | Get task status. ‘terminated’ if task not running else other.

GET /scan/{{TASKID}}/status HTTP/1.1

获取一个任务的日志,这将返回一个包含任务日志的json,类似于sqlmap在shell上输出的log。 | Get task log.

GET /scan/{{TASKID}}/log HTTP/1.1

获取一个任务的数据(如果有) ,这将返回一个包含当前任务的数据的json,根据你的设置来决定获得数据的类型。 | Get data.

GET /scan/{{TASKID}}/data HTTP/1.1

停止一个任务。这将返回这个动作的结果, | Stop a task.

GET /scan/{{TASKID}}/stop HTTP/1.1


Argument values

// Frequency used argument below.
// I'm lazy for this so I just post some of that. Forgive me plz =]

Target setting
url: Target URL/ 目标URL
requestFile: Request file/ 请求文件
bulkFile: URL list/ URL列表用于批量注入
logFile: Log from BURP/ Burpsuite log
sitemapUrl: Sitempa URL/ 站点地图进行全站检测(不确认)
googleDork: Google DORK/ 谷歌dork页面

Request setting
method: Request method/ 请求方法(例如PUT, OPTIONS, DELETE)
data: Post data/ 数据用于POST方法。
cookie: Cookie/ 指定cookie
agent: User agent/ 指定ua
host: Host header/ 主机头
referer: HTTP referer/ HTTP referer
headers: Headers/ headers

Proxy setting
proxy: Proxy, Use bool/ 代理, 取得布尔值
proxyCred: Proxy credential/ 代理认证
proxyfile: Proxy file(WTF is this)/ 代理文件(鬼知道这是什么东西)
tor: Tor switch, Use bool/ 使用Tor代理, 取得布尔值
torPort: Tor port/ Tor服务端口
torType: Tor type(HTTP(s)/SOCKS4/5)/ Tor类型(HTTP/SOCKS/...)
checkTor: Check tor(Bool)/ 检测Tor服务, 取得布尔值

Testing setting
testParamter: Parameter to test/ 检测参数
tamer: Tamper/ Tamper脚本
dbms: Database type/ 数据库类型

Detection setting
level: Level(int)/ 探测等级(整型)
risk: Risk(int)/ 风险等级(整形)

Testing setting
technique: Technique/ 技术
timeSec: Delay for time-based injection(int)/ 时间型盲注的延迟(整形)( and sleep(123))
uCols: Column number(int)/列数(整形)
uFrom: Union from/ 从... union(' union select foo bar from {{TABLE_NAME}} where blah=blah limit 0,1)
dnsDomain: DNS Domain/ DNS延展攻击使用的服务器

Data setting
# ///Bools below. Because I'm lazy.///
getDbs: Get Database/ 获取数据库列表
# Google IME Server fucked up here. Wait for network.
getTables: Get tables/ 获取表
getColumns: Get comlumns/ 获取列
dumpTable: Dump table/ 拖表
dumpAll: Dump Database/ 脱裤
# ///Bools before.///
db: Database/ 数据库
tbl: Table name/ 表名
col: Column name/ 列名

Takeover options
# So why don't you just go and try SQLNinja?
osCmd: Command to execute/ 执行的命令
osShell: Pop a interactive shell(bool)/ 弹一个交互shell(布尔)
# I just wonder would this shit work.
osPwn: Pop a OOB shell, Meterpreter or VNC(bool)/ 弹一个oob shell, MP或者VNC 链接(布尔值)
msfPath: Metasploit path/ MSF路径
tmpPath: /tmp path/ tmp分区路径

# You want more? Go and find yourself.
# Good luck.
# By BREACHERS security

更多参数请在sqlmap目录自行寻找。| Go find more parms yourself.

API file

We post our api on Github. Find it here.

本文为原创文章且采用CC-BY-SA 授权,请务必在转载时标明来源且采用同样方式授权。

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *