>From sqlmap's directory: $ python sqlmapapi.py -h Usage: sqlmapapi.py [options]
Options: -h, --help show this help message and exit -s, --server Act as a REST-JSON API server -c, --client Act as a REST-JSON API client -H HOST, --host=HOST Host of the REST-JSON API server -p PORT, --port=PORT Port of the the REST-JSON API server $ python sqlmapapi.py -s [14:12:14] [INFO] Running REST-JSON API server at '127.0.0.1:8775'.. [14:12:14] [INFO] Admin ID: de761511ee44165ac5ea6030bbffb4a4 [14:12:14] [DEBUG] IPC database: /tmp/sqlmapipc-KNEUQC [14:12:14] [DEBUG] REST-JSON API server connected to IPC database (another terminal) $ python sqlmapapi.py -c [14:12:32] [INFO] Starting REST-JSON API client to 'http://127.0.0.1:8775'. .. [14:12:32] [ERROR] Not yet implemented, use curl from command line instead for now, for example: $ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I '[a-f0-9]\{16\}') && echo $taskid $ curl -H "Content-Type: application/json" -X POST -d '{"url": " http://testphp.vulnweb.com/artists.php?artist=1"}' http://127.0.0.1:8775/scan/$taskid/start $ curl http://127.0.0.1:8775/scan/$taskid/data $ curl http://127.0.0.1:8775/scan/$taskid/log $ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I '[a-f0-9]\{16\}') && echo $taskid 33bc7155e74d4454 $ curl -H "Content-Type: application/json" -X POST -d '{"url": " http://testphp.vulnweb.com/artists.php?artist=1"}' http://127.0.0.1:8775/scan/$taskid/start { "engineid": 3236, "success": true } $ curl http://127.0.0.1:8775/scan/$taskid/data { "data": [], "success": true, "error": [] } $ curl http://127.0.0.1:8775/scan/$taskid/log { "log": [ { "message": "using '/home/stamparm/.sqlmap/output' as the output directory", "level": "WARNING", "time": "14:14:51" }, { "message": "testing connection to the target URL", "level": "INFO", "time": "14:14:52" }, { "message": "testing if the target URL is stable", "level": "INFO", "time": "14:14:53" }, { "message": "target URL is stable", "level": "INFO", "time": "14:14:54" }, { "message": "testing if GET parameter 'artist' is dynamic", "level": "INFO", "time": "14:14:54" }, { "message": "confirming that GET parameter 'artist' is dynamic", ........ On Wed, Aug 12, 2015 at 9:18 AM, Vojtěch Polášek <krec...@gmail.com> wrote: > Greetings, > wow I have never known about this option, I can't find any information > about it in user guide or on the home page. > Does anywhere exist any documentation? I can't seem to find any in sqlmap > folder. > Thanks, > Vojta > > > > On 11.8.2015 16:19, Brandon Perry wrote: > > You can drive sqlmap via the REST API. in the root of the project is a > sqlmapapi.py file which starts a web server. > > You can create any content you need, then pass the request which you want > to fuzz to sqlmap via the API to get results. > > On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek <krec...@gmail.com> > wrote: > >> Greetings, >> I am searching for help. I would like to test a part of application >> which deletes something. Obviously I am searching for SQL injection >> vulnerability. >> So I need to send request to create object, retrieve response, derive >> needed information and send a request for deletion which is probed for >> possible SQL injection. >> I suppose that this is not possible just through command line even >> through --eval function. Am I right? >> If yes, my next logical step would be to use sqlmap in some Python >> program. Are there any information about importing sqlmap and invoking >> it from my Python program? Or should I go just with doc strings? >> Thanks, >> Vojta >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
