May 24, 2012

Automating SQLMap with data from wapiti By Brandon Perry

 This version was modified to use in Backtrack 5 R2(ruby1.9.4dev), if you want the original version, please go to the Source.

You must to save this script in wapiti path.

#!/usr/bin/env ruby

#require 'active_support/secure_random'
require 'securerandom'
require 'rexml/document'

wapiti_path = '/pentest/web/wapiti/'
sqlmap_path = '/pentest/database/sqlmap-dev/'

wapiti_report_path = '/tmp/wapiti_report_' + SecureRandom.uuid + '.xml'

remote_host = ARGV[0]

p "Running wapiti..."

system "#{wapiti_path}wapiti.py #{ARGV[0]} -f xml -o #{wapiti_report_path}"

p "Report saved to #{wapiti_report_path}"

p "Parsing results"

results = []

report = ::File.open(wapiti_report_path, "rb")
doc = REXML::Document.new report.read

doc.elements.each('/report/bugTypeList/bugType') do |element|
        bug_type = element.attributes["name"]

        next if bug_type != "SQL Injection"

        p "Parsing " + bug_type

        result = {}
        element.elements.each("bugList/bug") do |bug|
                result[:type] = bug_type
             
                bug.elements.each do |child|
                        if child.name == "url"
                                result[:url] = child.text
                        elsif child.name == "parameter"
                                result[:parameter] = child.text
                        end
                end
                results << result
                result = {}
        end
end

results.each do |result|
        next if result[:type] !~ /SQL Injection/
        p "Running sqlmap"
     
        if result[:url].index(result[:parameter])
                url = result[:url].gsub("%BF%27%22%28", "abcd")
     
                params = result[:url].split("?")[1].split("&")

                skipped_params = []
                params.each do |param|
                        skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
                end
                     
                p "Running GET sql injection test on url: " + url
                sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --smart --skip=\"#{skipped_params.join(",")}\" --technique=EUS --flush-session --fresh-queries --level=2 --batch"
                out = `#{sqlmap_command}`
                printf out
        else
                url = result[:url]
                p "Running POST sql injection test on url: " + url
                p "With data: " + result[:parameter]

                parameter = result[:parameter].gsub("%BF%27%22%28", "abcd")

                params = result[:parameter].split("&")

                skipped_params = []
                params.each do |param|
                        skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
                end

                sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --data=\"#{parameter}\"  --skip=\"#{skipped_params.join(",")}\" --smart --technique=EUS --flush-session --fresh-queries --level=2 --batch"
                p sqlmap_command
                sqlmap_output = `#{sqlmap_command}`
             
                printf sqlmap_output
        end
end

Source:  http://volatile-minds.blogspot.com/2012/05/automating-sqlmap-with-data-from-wapiti.html/
 
If you like my blog, Please Donate Me

No comments:

 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |