platform/libinjection/misc/run_sqlmap.sh

30 lines
829 B
Bash
Raw Normal View History

2019-08-16 14:42:40 +00:00
#!/bin/bash
# Starts a bogus webserver that logs all input
# Then runs sqlmap
#
./nullserver.py --logging=none &
if [ ! -d "sqlmap" ]; then
git clone https://github.com/sqlmapproject/sqlmap.git
else
(cd sqlmap; git pull)
fi
SQLMAP=./sqlmap/sqlmap.py
URL=http://127.0.0.1:8888
HPP=
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
HPP=--hpp
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
curl -o /dev/null ${URL}/shutdown