0xbug / sqliscanner Goto Github PK
View Code? Open in Web Editor NEWAutomatic SQL injection with Charles and sqlmap api
License: GNU General Public License v3.0
Automatic SQL injection with Charles and sqlmap api
License: GNU General Public License v3.0
→ virtualenv --python=/usr/local/bin/python3.6 venv
zsh: command not found: virtualenv
→ ls /usr/local/bin/pyenv-virtualenv --python=/usr/local/bin/python3.6 venv
ls: --python=/usr/local/bin/python3.6: No such file or directory
ls: venv: No such file or directory
/usr/local/bin/pyenv-virtualenv
咨询下大表哥~
运行:$ python3.5 manage.py celery worker --loglevel=info
[2016-09-20 13:40:13,123: ERROR/MainProcess] Task scanner.tasks.update[4569003b-453d-452f-8bea-567ab27a2b4a] raised unexpected: SMTPServerDisconnected('Connection unexpectedly closed',)
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 240, in trace_task
R = retval = fun(*args, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/celery/app/trace.py", line 438, in __protected_call__
return self.run(*args, **kwargs)
File "/home/x/SQLiScanner/scanner/tasks.py", line 64, in update
self.mail_to, fail_silently=False)
File "/usr/local/lib/python3.5/dist-packages/django/core/mail/__init__.py", line 61, in send_mail
return mail.send()
File "/usr/local/lib/python3.5/dist-packages/django/core/mail/message.py", line 292, in send
return self.get_connection(fail_silently).send_messages([self])
File "/usr/local/lib/python3.5/dist-packages/django/core/mail/backends/smtp.py", line 100, in send_messages
new_conn_created = self.open()
File "/usr/local/lib/python3.5/dist-packages/django/core/mail/backends/smtp.py", line 58, in open
self.connection = connection_class(self.host, self.port, **connection_params)
File "/usr/lib/python3.5/smtplib.py", line 251, in __init__
(code, msg) = self.connect(host, port)
File "/usr/lib/python3.5/smtplib.py", line 337, in connect
(code, msg) = self.getreply()
File "/usr/lib/python3.5/smtplib.py", line 393, in getreply
raise SMTPServerDisconnected("Connection unexpectedly closed")
smtplib.SMTPServerDisconnected: Connection unexpectedly closed
另外,如果概览中某条记录一直在扫描中,日志显示undefined
,那么我要终止或清空执行任务,就只能停止脚本,清空scanner_sqliscantask
表吗?
如提,导入了har数据了,过了很长的时间,几个小时吧,还是在扫描中,正常吗?可以查看实时的扫描状态吗?比如,sqlmap的运行情况?谢谢!
新版本 看起来很不错 新版本什么时候更新呀
折腾了一个月 环境各种错误 我要崩溃了##
To avoid this error message when installing: psycopg/psycopg2#594
[root@localhost SQLiScanner]# python manage.py migrate
Operations to perform:
Apply all migrations: auth, admin, contenttypes, sessions, scanner, djcelery
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying djcelery.0001_initial... OK
Applying scanner.0001_initial...Traceback (most recent call last):
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 62, in execute
return self.cursor.execute(sql)
psycopg2.ProgrammingError: type "jsonb" does not exist
LINE 1: ... timestamp with time zone NOT NULL, "scan_status" jsonb NOT ...
^
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/init.py", line 350, in execute_from_command_line
utility.execute()
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/init.py", line 342, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/base.py", line 348, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/base.py", line 399, in execute
output = self.handle(*args, **options)
File "/usr/local/python35/lib/python3.5/site-packages/django/core/management/commands/migrate.py", line 200, in handle
executor.migrate(targets, plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/executor.py", line 92, in migrate
self._migrate_all_forwards(plan, full_plan, fake=fake, fake_initial=fake_initial)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/executor.py", line 121, in _migrate_all_forwards
state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/executor.py", line 198, in apply_migration
state = migration.apply(state, schema_editor)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/migration.py", line 123, in apply
operation.database_forwards(self.app_label, schema_editor, old_state, project_state)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/migrations/operations/models.py", line 59, in database_forwards
schema_editor.create_model(model)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/base/schema.py", line 284, in create_model
self.execute(sql, params or None)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/base/schema.py", line 110, in execute
cursor.execute(sql, params)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 79, in execute
return super(CursorDebugWrapper, self).execute(sql, params)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/utils.py", line 95, in exit
six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/usr/local/python35/lib/python3.5/site-packages/django/utils/six.py", line 685, in reraise
raise value.with_traceback(tb)
File "/usr/local/python35/lib/python3.5/site-packages/django/db/backends/utils.py", line 62, in execute
return self.cursor.execute(sql)
django.db.utils.ProgrammingError: type "jsonb" does not exist
LINE 1: ... timestamp with time zone NOT NULL, "scan_status" jsonb NOT ...
Collecting psycopg2==2.6.2 (from -r requirements.txt (line 8))
Using cached psycopg2-2.6.2.tar.gz
Complete output from command python setup.py egg_info:
running egg_info
creating pip-egg-info/psycopg2.egg-info
writing pip-egg-info/psycopg2.egg-info/PKG-INFO
writing top-level names to pip-egg-info/psycopg2.egg-info/top_level.txt
writing dependency_links to pip-egg-info/psycopg2.egg-info/dependency_links.txt
writing manifest file 'pip-egg-info/psycopg2.egg-info/SOURCES.txt'
Error: pg_config executable not found.
Please add the directory containing pg_config to the PATH
or specify the full executable path with the option:
python setup.py build_ext --pg-config /path/to/pg_config build ...
or with the pg_config option in 'setup.cfg'.
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /private/var/folders/1k/_yh_dpzn721401tdqztp_qb40000gn/T/pip-build-aBbk2v/psycopg2/
怎么解决呢?
Charles : 4.0.1
导出的har文件
在 http://127.0.0.1:8000/ 上传没反应
在 python manage.py runserver 终端下为:
[07/Oct/2016 20:17:23] "GET /api-auth/login/?next=/ HTTP/1.1" 200 2662
[07/Oct/2016 20:17:38] "POST /api-auth/login/ HTTP/1.1" 302 0
[07/Oct/2016 20:17:38] "GET / HTTP/1.1" 200 399
[07/Oct/2016 20:17:40] "GET /api/tasks/stat/sqli HTTP/1.1" 200 2
Internal Server Error: /api/har/upload
Traceback (most recent call last):
File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 149, in get_response
response = self.process_exception_by_middleware(e, request)
File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/core/handlers/base.py", line 147, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/contrib/auth/decorators.py", line 23, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/ruby-ex/SQLiScanner/venv/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(*args, **kwargs)
File "/ruby-ex/SQLiScanner/scanner/views.py", line 37, in addtaskbyhar
handle_uploaded_file(request.FILES['file'], str(request.FILES['file']))
File "/ruby-ex/SQLiScanner/scanner/views.py", line 49, in handle_uploaded_file
parse_uploaded_file(filename)
File "/ruby-ex/SQLiScanner/scanner/views.py", line 87, in parse_uploaded_file
scan_options = handle_get_request_entrie(entrie, scan_options)
File "/ruby-ex/SQLiScanner/scanner/views.py", line 104, in handle_get_request_entrie
if '.' not in node and re.findall('(\d+)', node):
NameError: name 're' is not defined
[07/Oct/2016 20:17:54] "POST /api/har/upload HTTP/1.1" 500 16844
概览 里没显示有添加记录。
python manage.py makemigrations scanner
python manage.py migrate
你好,我按照你的readme文档操作的,django.core.exceptions.ImproperlyConfigured: settings.DATABASES is improperly configured. Please supply the NAME value.出现这个报错信息
目前 Charles 支持直接打开 .pcap 文件,然后可以导出为 har
在执行pip install -r requirements.txt时抛出这个错误
`Using cached djangorestframework_word_filter-0.1.1-py2.py3-none-any.whl
Collecting psycopg2==2.6.2 (from -r requirements.txt (line 8))
Using cached psycopg2-2.6.2.tar.gz
Complete output from command python setup.py egg_info:
running egg_info
creating pip-egg-info/psycopg2.egg-info
writing pip-egg-info/psycopg2.egg-info/PKG-INFO
writing top-level names to pip-egg-info/psycopg2.egg-info/top_level.txt
writing dependency_links to pip-egg-info/psycopg2.egg-info/dependency_links.txt
writing manifest file 'pip-egg-info/psycopg2.egg-info/SOURCES.txt'
warning: manifest_maker: standard file '-c' not found
Error: b'You need to install postgresql-server-dev-X.Y for building a server-side extension or libpq-dev for building a client-side application.\n'
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bftx538c/psycopg2/
`
我的操作系统是kali2.0,我感觉是virtualenv的问题吧,kali2.0里自带python3.4,如果不用virtualenv,该怎么解决?求解答,感谢!
配置好数据库账号密码之后,
运行python manage.py makemigrations scanner报错
Traceback (most recent call last):
File "manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/core/management/init.py", line 350, in execute_from_command_line
utility.execute()
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/core/management/init.py", line 302, in execute
settings.INSTALLED_APPS
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/conf/init.py", line 55, in getattr
self._setup(name)
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/conf/init.py", line 43, in _setup
self._wrapped = Settings(settings_module)
File "/SQLiScanner/venv/lib/python3.5/site-packages/django/conf/init.py", line 99, in init
mod = importlib.import_module(self.SETTINGS_MODULE)
File "/SQLiScanner/venv/lib/python3.5/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 986, in _gcd_import
File "", line 969, in _find_and_load
File "", line 958, in _find_and_load_unlocked
File "", line 673, in _load_unlocked
File "", line 669, in exec_module
File "", line 775, in get_code
File "", line 735, in source_to_code
File "", line 222, in _call_with_frames_removed
File "/SQLiScanner/SQLiScanner/settings.py", line 2
Django settings for SQLiScanner project.
^
SyntaxError: invalid syntax
我不想使用邮件通知,但是我注释了几行代码就报错了,不知道如果要取消邮件通知,应该注释掉哪几行?
UnicodeDecodeError at /api/har/upload
'ascii' codec can't decode byte 0xef in position 642: ordinal not in range(128)
FATAL: password authentication failed for user "sqli"
请问怎么解决?
如果提供docker镜像就好了
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.