Skip to content

Instantly share code, notes, and snippets.

@brandonprry
Created June 29, 2012 20:18
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brandonprry/3020398 to your computer and use it in GitHub Desktop.
Save brandonprry/3020398 to your computer and use it in GitHub Desktop.
wapiti_to_sqlmap_2
#!/usr/bin/env ruby
#require 'active_support/secure_random'
require 'rexml/document'
wapiti_path = '/home/bperry/tools/wapiti/trunk/src/'
sqlmap_path = '/home/bperry/tools/sqlmap/'
wapiti_report_path = '/home/bperry/tmp/wapiti_report_' + rand(99999).to_s + '.xml'
remote_host = ARGV[0]
p "Running wapiti..."
`#{wapiti_path}wapiti.py #{ARGV[0]} -f xml -o #{wapiti_report_path}`
p "Report saved to #{wapiti_report_path}"
p "Parsing results"
results = []
report = ::File.open(wapiti_report_path, "rb")
doc = REXML::Document.new report.read
doc.elements.each('/report/bugTypeList/bugType') do |element|
bug_type = element.attributes["name"]
next if bug_type != "SQL Injection"
p "Parsing " + bug_type
result = {}
element.elements.each("bugList/bug") do |bug|
result[:type] = bug_type
bug.elements.each do |child|
if child.name == "url"
result[:url] = child.text
elsif child.name == "parameter"
result[:parameter] = child.text
end
end
results << result
result = {}
end
end
results.each do |result|
next if result[:type] !~ /SQL Injection/
if result[:url].index(result[:parameter])
url = result[:url].gsub("%BF%27%22%28", "abcd")
params = result[:url].split("?")[1].split("&")
skipped_params = []
params.each do |param|
skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
end
`#{sqlmap_path}sqlmap.py --purge-output`
p "Running GET sql injection test on url: " + url
sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --smart --skip=\"#{skipped_params.join(",")}\" --technique=BEUST --flush-session --fresh-queries --level=3 --risk=2 --batch"
printf "\nRunning Command: #{sqlmap_command}\n"
`#{sqlmap_command}`
file = File.open("#{sqlmap_path}output/#{remote_host}/log", "r")
contents = file.read
if contents.length > 0
printf contents
else
printf "SQLMap couldn't exploit the injection point. Try altering the SQLMap options to get more coverage.\n\n"
end
else
url = result[:url]
p "Running POST sql injection test on url: " + url
p "With data: " + result[:parameter]
parameter = result[:parameter].gsub("%BF%27%22%28", "abcd")
params = result[:parameter].split("&")
skipped_params = []
params.each do |param|
skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
end
`#{sqlmap_path}sqlmap.py --purge-output`
sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --data=\"#{parameter}\" --skip=\"#{skipped_params.join(",")}\" --smart --technique=BEUST --flush-session --fresh-queries --level=3 --risk=2 --batch"
printf "\nRunning Command: #{sqlmap_command}\n"
`#{sqlmap_command}`
file = File.open("#{sqlmap_path}output/#{remote_host}/log", "r")
contents = file.read
if contents.length > 0
printf contents
else
puts "SQLMap couldn't exploit the injection point. Try altering the SQLMap options to get more coverage.\n\n"
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment