0xbug / sqliscanner Goto Github PK

View Code? Open in Web Editor NEW

775.0 775.0 283.0 601 KB

Automatic SQL injection with Charles and sqlmap api

License: GNU General Public License v3.0

Python 54.49% HTML 2.15% CSS 9.04% JavaScript 33.93% Shell 0.40%

autoscan scanner security security-audit security-vulnerability sqlmap sqlmap-webui sqlmapapi

sqliscanner's People

Contributors

Stargazers

Watchers

Forkers

kbahaxor lovecppp lovesuae ourren teardemon jadore bewhoyouwanttobe av1080p jumbo-wjb tuian sun9git nightsuki caineqt tdr130 i3esn0w blowfishj chaigon catcherman kisbuddy xxoxx lee-0x00 78778443 melbshark jackhuyh loveshell jzxyouok wmswu cqf539 geekgalaxy mel0day free1ife aylhex ouyanghuangzheng chennqqi bopo yaoyi2008 lanshan-studio cake654326 s270987763 chickenlove findlakes dipsec alotofthings wateroot zhaoxiaojun lengxu mk-z lixuanxian tuhaolam rainism tkaven nx4dm1n xssddq b0t0w1 jijicanyu maliciouskr lingkeyang llovoll boy-hack sbhack solertis avineshwar newset smallmeet zhaojunhouse qardeneden v0re xfkxfk imperio-wxm h3len peterdocter moriarty2016 az0ne xiaofengtongxue aliluyala m3g4byt3 xocoder sueking jackrichardzon loganding tanyhuan02 763483000 0x706a79 cinno jing-admin 0ps elsaliu01 nan3r wzp73656296 denzw ponusjang javarockstar v1cker whitesharks ganglongguni zevfung xiaoxiaoshuo haxbyczy earthl7s bbghunter

sqliscanner's Issues

mac 安装报错

→ virtualenv --python=/usr/local/bin/python3.6 venv
zsh: command not found: virtualenv

→ ls /usr/local/bin/pyenv-virtualenv --python=/usr/local/bin/python3.6 venv
ls: --python=/usr/local/bin/python3.6: No such file or directory
ls: venv: No such file or directory
/usr/local/bin/pyenv-virtualenv

扫描完成后出现异常

咨询下大表哥～

运行：$ python3.5 manage.py celery worker --loglevel=info

[2016-09-20 13:40:13,123: ERROR/MainProcess] Task scanner.tasks.update[4569003b-453d-452f-8bea-567ab27a2b4a] raised unexpected: SMTPServerDisconnected('Connection unexpectedly closed',)
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 240, in trace_task
    R = retval = fun(*args, **kwargs)
  File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 438, in __protected_call__
    return self.run(*args, **kwargs)
  File "/home/x/SQLiScanner/scanner/tasks.py", line 64, in update
    self.mail_to, fail_silently=False)
  File "/usr/local/lib/python3.5/dist-packages/django/core/mail/__init__.py", line 61, in send_mail
    return mail.send()
  File "/usr/local/lib/python3.5/dist-packages/django/core/mail/message.py", line 292, in send
    return self.get_connection(fail_silently).send_messages([self])
  File "/usr/local/lib/python3.5/dist-packages/django/core/mail/backends/smtp.py", line 100, in send_messages
    new_conn_created = self.open()
  File "/usr/local/lib/python3.5/dist-packages/django/core/mail/backends/smtp.py", line 58, in open
    self.connection = connection_class(self.host, self.port, **connection_params)
  File "/usr/lib/python3.5/smtplib.py", line 251, in __init__
    (code, msg) = self.connect(host, port)
  File "/usr/lib/python3.5/smtplib.py", line 337, in connect
    (code, msg) = self.getreply()
  File "/usr/lib/python3.5/smtplib.py", line 393, in getreply
    raise SMTPServerDisconnected("Connection unexpectedly closed")
smtplib.SMTPServerDisconnected: Connection unexpectedly closed

另外，如果概览中某条记录一直在扫描中，日志显示undefined，那么我要终止或清空执行任务，就只能停止脚本，清空scanner_sqliscantask表吗？

扫描需要很久吗？

如提，导入了har数据了，过了很长的时间，几个小时吧，还是在扫描中，正常吗？可以查看实时的扫描状态吗？比如，sqlmap的运行情况？谢谢！

Update psycopg2 version in requirements.txt

To avoid this error message when installing: psycopg/psycopg2#594

扫描时候没携带参数

使用的是charles 4.0，记录的har文件里有参数的，上传进行后
如下图

传递过来的数据没有参数

测试地址如下：
http://testphp.vulnweb.com/listproducts.php?cat=1

[root@localhost SQLiScanner]# python manage.py migrate
Operations to perform:
Apply all migrations: auth, admin, contenttypes, sessions, scanner, djcelery
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying djcelery.0001_initial... OK
Applying scanner.0001_initial...Traceback (most recent call last):
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 62, in execute
return self.cursor.execute(sql)
psycopg2.ProgrammingError: type "jsonb" does not exist
LINE 1: ... timestamp with time zone NOT NULL, "scan_status" jsonb NOT ...
^

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/init.py", line 350, in execute_from_command_line
utility.execute()
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/init.py", line 342, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/base.py", line 348, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/base.py", line 399, in execute
output = self.handle(*args, **options)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/commands/migrate.py", line 200, in handle
executor.migrate(targets, plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/executor.py", line 92, in migrate
self._migrate_all_forwards(plan, full_plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/executor.py", line 121, in _migrate_all_forwards
state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/executor.py", line 198, in apply_migration
state = migration.apply(state, schema_editor)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/migration.py", line 123, in apply
operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/operations/models.py", line 59, in database_forwards
schema_editor.create_model(model)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/base/schema.py", line 284, in create_model
self.execute(sql, params or None)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/base/schema.py", line 110, in execute
cursor.execute(sql, params)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 79, in execute
return super(CursorDebugWrapper, self).execute(sql, params)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/utils.py", line 95, in exit
six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/usr/local/python35/lib/python3.5/site-packages/django/utils/six.py", line 685, in reraise
raise value.with_traceback(tb)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 62, in execute
return self.cursor.execute(sql)
django.db.utils.ProgrammingError: type "jsonb" does not exist
LINE 1: ... timestamp with time zone NOT NULL, "scan_status" jsonb NOT ...

这个的应用场景是怎样的？怎么会要把请求通过代理抓下来再上传上去这么别扭的？面向web扫描的，应该有url就行吧。

mac 安装时候报错。

Collecting psycopg2==2.6.2 (from -r requirements.txt (line 8))
  Using cached psycopg2-2.6.2.tar.gz
    Complete output from command python setup.py egg_info:
    running egg_info
    creating pip-egg-info/psycopg2.egg-info
    writing pip-egg-info/psycopg2.egg-info/PKG-INFO
    writing top-level names to pip-egg-info/psycopg2.egg-info/top_level.txt
    writing dependency_links to pip-egg-info/psycopg2.egg-info/dependency_links.txt
    writing manifest file 'pip-egg-info/psycopg2.egg-info/SOURCES.txt'
    Error: pg_config executable not found.

    Please add the directory containing pg_config to the PATH
    or specify the full executable path with the option:

        python setup.py build_ext --pg-config /path/to/pg_config build ...

    or with the pg_config option in 'setup.cfg'.

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /private/var/folders/1k/_yh_dpzn721401tdqztp_qb40000gn/T/pip-build-aBbk2v/psycopg2/

怎么解决呢？

上传 har 不成功

Charles ： 4.0.1
导出的har文件

在 http://127.0.0.1:8000/ 上传没反应

在 python manage.py runserver 终端下为：

[07/Oct/2016 20:17:23] "GET /api-auth/login/?next=/ HTTP/1.1" 200 2662
[07/Oct/2016 20:17:38] "POST /api-auth/login/ HTTP/1.1" 302 0
[07/Oct/2016 20:17:38] "GET / HTTP/1.1" 200 399
[07/Oct/2016 20:17:40] "GET /api/tasks/stat/sqli HTTP/1.1" 200 2
Internal Server Error: /api/har/upload
Traceback (most recent call last):
  File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 149, in get_response
    response = self.process_exception_by_middleware(e, request)
  File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 147, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view
    return view_func(request, *args, **kwargs)
  File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
    return view_func(*args, **kwargs)
  File "/ruby-ex/SQLiScanner/scanner/views.py", line 37, in addtaskbyhar
    handle_uploaded_file(request.FILES['file'], str(request.FILES['file']))
  File "/ruby-ex/SQLiScanner/scanner/views.py", line 49, in handle_uploaded_file
    parse_uploaded_file(filename)
  File "/ruby-ex/SQLiScanner/scanner/views.py", line 87, in parse_uploaded_file
    scan_options = handle_get_request_entrie(entrie, scan_options)
  File "/ruby-ex/SQLiScanner/scanner/views.py", line 104, in handle_get_request_entrie
    if '.' not in node and re.findall('(\d+)', node):
NameError: name 're' is not defined
[07/Oct/2016 20:17:54] "POST /api/har/upload HTTP/1.1" 500 16844

概览里没显示有添加记录。

无法部署完成卡在创建数据库上面

python manage.py makemigrations scanner
python manage.py migrate

django.core.exceptions.ImproperlyConfigured: settings.DATABASES is improperly configured. Please supply the NAME value.

你好，我按照你的readme文档操作的，django.core.exceptions.ImproperlyConfigured: settings.DATABASES is improperly configured. Please supply the NAME value.出现这个报错信息

后续支持 pcap 文件

目前 Charles 支持直接打开 .pcap 文件，然后可以导出为 har

依赖包安装失败

在执行pip install -r requirements.txt时抛出这个错误

`Using cached djangorestframework_word_filter-0.1.1-py2.py3-none-any.whl
Collecting psycopg2==2.6.2 (from -r requirements.txt (line 8))
Using cached psycopg2-2.6.2.tar.gz
Complete output from command python setup.py egg_info:
running egg_info
creating pip-egg-info/psycopg2.egg-info
writing pip-egg-info/psycopg2.egg-info/PKG-INFO
writing top-level names to pip-egg-info/psycopg2.egg-info/top_level.txt
writing dependency_links to pip-egg-info/psycopg2.egg-info/dependency_links.txt
writing manifest file 'pip-egg-info/psycopg2.egg-info/SOURCES.txt'
warning: manifest_maker: standard file '-c' not found

Error: b'You need to install postgresql-server-dev-X.Y for building a server-side extension or libpq-dev for building a client-side application.\n'

----------------------------------------

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bftx538c/psycopg2/
`
我的操作系统是kali2.0，我感觉是virtualenv的问题吧，kali2.0里自带python3.4，如果不用virtualenv，该怎么解决？求解答，感谢!

配置好数据库之后运行报错

配置好数据库账号密码之后，
运行python manage.py makemigrations scanner报错
Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/core/management/init.py", line 350, in execute_from_command_line
utility.execute()
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/core/management/init.py", line 302, in execute
settings.INSTALLED_APPS
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/conf/init.py", line 55, in getattr
self._setup(name)
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/conf/init.py", line 43, in _setup
self._wrapped = Settings(settings_module)
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/conf/init.py", line 99, in init
mod = importlib.import_module(self.SETTINGS_MODULE)
File "/SQLiScanner/venv/lib/python3.5/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 986, in _gcd_import
File "", line 969, in _find_and_load
File "", line 958, in _find_and_load_unlocked
File "", line 673, in _load_unlocked
File "", line 669, in exec_module
File "", line 775, in get_code
File "", line 735, in source_to_code
File "", line 222, in _call_with_frames_removed
File "/SQLiScanner/SQLiScanner/settings.py", line 2
Django settings for SQLiScanner project.
^
SyntaxError: invalid syntax

0xbug / sqliscanner Goto Github PK

sqliscanner's People

Contributors

Stargazers

Watchers

Forkers

sqliscanner's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs