I also documented a lot of the core methods on an old blog of mine: http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html
On Wed, Aug 12, 2015 at 7:16 AM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > From sqlmap's directory: > > $ python sqlmapapi.py -h > Usage: sqlmapapi.py [options] > > Options: > -h, --help show this help message and exit > -s, --server Act as a REST-JSON API server > -c, --client Act as a REST-JSON API client > -H HOST, --host=HOST Host of the REST-JSON API server > -p PORT, --port=PORT Port of the the REST-JSON API server > > $ python sqlmapapi.py -s > [14:12:14] [INFO] Running REST-JSON API server at '127.0.0.1:8775'.. > [14:12:14] [INFO] Admin ID: de761511ee44165ac5ea6030bbffb4a4 > [14:12:14] [DEBUG] IPC database: /tmp/sqlmapipc-KNEUQC > [14:12:14] [DEBUG] REST-JSON API server connected to IPC database > > (another terminal) > > $ python sqlmapapi.py -c > [14:12:32] [INFO] Starting REST-JSON API client to 'http://127.0.0.1:8775'. > .. > [14:12:32] [ERROR] Not yet implemented, use curl from command line instead > for now, for example: > > $ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I > '[a-f0-9]\{16\}') && echo $taskid > $ curl -H "Content-Type: application/json" -X POST -d '{"url": " > http://testphp.vulnweb.com/artists.php?artist=1"}' > http://127.0.0.1:8775/scan/$taskid/start > $ curl http://127.0.0.1:8775/scan/$taskid/data > $ curl http://127.0.0.1:8775/scan/$taskid/log > > $ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I > '[a-f0-9]\{16\}') && echo $taskid > 33bc7155e74d4454 > $ curl -H "Content-Type: application/json" -X POST -d '{"url": " > http://testphp.vulnweb.com/artists.php?artist=1"}' > http://127.0.0.1:8775/scan/$taskid/start > { > "engineid": 3236, > "success": true > } > $ curl http://127.0.0.1:8775/scan/$taskid/data > { > "data": [], > "success": true, > "error": [] > } > $ curl http://127.0.0.1:8775/scan/$taskid/log > { > "log": [ > { > "message": "using '/home/stamparm/.sqlmap/output' as the > output directory", > "level": "WARNING", > "time": "14:14:51" > }, > { > "message": "testing connection to the target URL", > "level": "INFO", > "time": "14:14:52" > }, > { > "message": "testing if the target URL is stable", > "level": "INFO", > "time": "14:14:53" > }, > { > "message": "target URL is stable", > "level": "INFO", > "time": "14:14:54" > }, > { > "message": "testing if GET parameter 'artist' is dynamic", > "level": "INFO", > "time": "14:14:54" > }, > { > "message": "confirming that GET parameter 'artist' is > dynamic", > > ........ > > > > On Wed, Aug 12, 2015 at 9:18 AM, Vojtěch Polášek <krec...@gmail.com> > wrote: > >> Greetings, >> wow I have never known about this option, I can't find any information >> about it in user guide or on the home page. >> Does anywhere exist any documentation? I can't seem to find any in sqlmap >> folder. >> Thanks, >> Vojta >> >> >> >> On 11.8.2015 16:19, Brandon Perry wrote: >> >> You can drive sqlmap via the REST API. in the root of the project is a >> sqlmapapi.py file which starts a web server. >> >> You can create any content you need, then pass the request which you want >> to fuzz to sqlmap via the API to get results. >> >> On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek <krec...@gmail.com> >> wrote: >> >>> Greetings, >>> I am searching for help. I would like to test a part of application >>> which deletes something. Obviously I am searching for SQL injection >>> vulnerability. >>> So I need to send request to create object, retrieve response, derive >>> needed information and send a request for deletion which is probed for >>> possible SQL injection. >>> I suppose that this is not possible just through command line even >>> through --eval function. Am I right? >>> If yes, my next logical step would be to use sqlmap in some Python >>> program. Are there any information about importing sqlmap and invoking >>> it from my Python program? Or should I go just with doc strings? >>> Thanks, >>> Vojta >>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sqlmap-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
