Thanks for your input Brandon, very useful! On Thu, Mar 20, 2014 at 12:12 PM, Brandon Perry <bperry.volat...@gmail.com> wrote: > I can't comment on building the API, but I maintain C# bindings to the > sqlmap REST API and, programmatically, it works really well. > > There is no authentication, but I only ever run it on localhost anyway so > this isn't a big deal to me. > > I have tested it under relatively heavy load (one API instance testing > multiple applications) and it has been performant. I don't recall ever > saying "Man, I wish this were faster". > > JSON is totally the way to go for data requests/responses. > > One recommendation I have since I deal with many APIs on a daily basis is > please don't assume the programmers will be interacting with your API with > language X. The Metasploit MSGPACK API is a good example of this and is very > cumbersome to use from a strongly typed language. Arachni falls into a > similar field relying on Ruby-style marshalling or YAML which I simply can't > do from, say, C#. > > Aside from sqlmap, I also really like the cuckoo-sandbox API. > > > > On Thu, Mar 20, 2014 at 10:00 AM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> List, >> >> I'm going to abuse the list a little bit, and poke your brains for >> a while, so be prepared :) >> >> The w3af project wants to implement its own REST API to expose the >> w3afCore and KnowledgeBase objects. The core allows users to configure >> the plugins and start the scan, and the knowledge base holds the >> vulnerabilities. >> >> You guys implemented a REST API for sqlmap, which has been up and >> running for a while now. >> >> What I wanted to know is: >> * What's the technology stack you guys used for creating the REST >> API? >> * Were you happy with it? Would you use something different if >> you had the chance? >> * Have you tested the API under heavy load? >> * Do you have the concept of sessions and users in the API? Why >> not? >> * Any recommendations on API design? (paths, results, hrefs, etc.) >> >> Thanks! >> >> Regards, >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/13534_NeoTech >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website
-- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
