brandonprry/gist:3014103

## gistfile1.rb
#!/usr/bin/env ruby

require 'active_support/secure_random'
require 'rexml/document'

wapiti_path = '/home/bperry/tools/wapiti/trunk/src/'
sqlmap_path = '/home/bperry/tools/sqlmap/'

wapiti_report_path = '/tmp/wapiti_report_' + SecureRandom.uuid + '.xml'

remote_host = ARGV[0]

p "Running wapiti..."
`#{wapiti_path}wapiti.py #{ARGV[0]} -f xml -o #{wapiti_report_path}`

p "Report saved to #{wapiti_report_path}"

p "Parsing results"

results = []

report = ::File.open(wapiti_report_path, "rb")
doc = REXML::Document.new report.read

doc.elements.each('/report/bugTypeList/bugType') do |element|
	bug_type = element.attributes["name"]

	next if bug_type != "SQL Injection"

	p "Parsing " + bug_type

	result = {}
	element.elements.each("bugList/bug") do |bug|
		result[:type] = bug_type

		bug.elements.each do |child|
			if child.name == "url"
				result[:url] = child.text
			elsif child.name == "parameter"
				result[:parameter] = child.text
			end
		end
		results << result
		result = {}
	end
end

results.each do |result|
	next if result[:type] !~ /SQL Injection/
	p "Running sqlmap"

	if result[:url].index(result[:parameter])
		url = result[:url].gsub("%BF%27%22%28", "abcd")

		params = result[:url].split("?")[1].split("&")

		skipped_params = []
		params.each do |param|
			skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
		end

		p "Running GET sql injection test on url: " + url
		sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --smart --skip=\"#{skipped_params.join(",")}\" --technique=EUS --flush-session --fresh-queries --level=2 --batch"
		out = `#{sqlmap_command}`
		printf out
	else
		url = result[:url]
		p "Running POST sql injection test on url: " + url
		p "With data: " + result[:parameter]

		parameter = result[:parameter].gsub("%BF%27%22%28", "abcd")

		params = result[:parameter].split("&")

		skipped_params = []
		params.each do |param|
			skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
		end

		sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --data=\"#{parameter}\"  --skip=\"#{skipped_params.join(",")}\" --smart --technique=EUS --flush-session --fresh-queries --level=2 --batch"
		p sqlmap_command
		sqlmap_output = `#{sqlmap_command}`

		printf sqlmap_output
	end
end
	#!/usr/bin/env ruby

	require 'active_support/secure_random'
	require 'rexml/document'

	wapiti_path = '/home/bperry/tools/wapiti/trunk/src/'
	sqlmap_path = '/home/bperry/tools/sqlmap/'

	wapiti_report_path = '/tmp/wapiti_report_' + SecureRandom.uuid + '.xml'

	remote_host = ARGV[0]

	p "Running wapiti..."
	`#{wapiti_path}wapiti.py #{ARGV[0]} -f xml -o #{wapiti_report_path}`

	p "Report saved to #{wapiti_report_path}"

	p "Parsing results"

	results = []

	report = ::File.open(wapiti_report_path, "rb")
	doc = REXML::Document.new report.read

	doc.elements.each('/report/bugTypeList/bugType') do \|element\|
	bug_type = element.attributes["name"]

	next if bug_type != "SQL Injection"

	p "Parsing " + bug_type

	result = {}
	element.elements.each("bugList/bug") do \|bug\|
	result[:type] = bug_type

	bug.elements.each do \|child\|
	if child.name == "url"
	result[:url] = child.text
	elsif child.name == "parameter"
	result[:parameter] = child.text
	end
	end
	results << result
	result = {}
	end
	end

	results.each do \|result\|
	next if result[:type] !~ /SQL Injection/
	p "Running sqlmap"

	if result[:url].index(result[:parameter])
	url = result[:url].gsub("%BF%27%22%28", "abcd")

	params = result[:url].split("?")[1].split("&")

	skipped_params = []
	params.each do \|param\|
	skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
	end

	p "Running GET sql injection test on url: " + url
	sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --smart --skip=\"#{skipped_params.join(",")}\" --technique=EUS --flush-session --fresh-queries --level=2 --batch"
	out = `#{sqlmap_command}`
	printf out
	else
	url = result[:url]
	p "Running POST sql injection test on url: " + url
	p "With data: " + result[:parameter]

	parameter = result[:parameter].gsub("%BF%27%22%28", "abcd")

	params = result[:parameter].split("&")

	skipped_params = []
	params.each do \|param\|
	skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
	end

	sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --data=\"#{parameter}\" --skip=\"#{skipped_params.join(",")}\" --smart --technique=EUS --flush-session --fresh-queries --level=2 --batch"
	p sqlmap_command
	sqlmap_output = `#{sqlmap_command}`

	printf sqlmap_output
	end
	end