30 lines
829 B
Bash
30 lines
829 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
# Starts a bogus webserver that logs all input
|
||
|
# Then runs sqlmap
|
||
|
#
|
||
|
|
||
|
./nullserver.py --logging=none &
|
||
|
|
||
|
if [ ! -d "sqlmap" ]; then
|
||
|
git clone https://github.com/sqlmapproject/sqlmap.git
|
||
|
else
|
||
|
(cd sqlmap; git pull)
|
||
|
fi
|
||
|
|
||
|
SQLMAP=./sqlmap/sqlmap.py
|
||
|
URL=http://127.0.0.1:8888
|
||
|
|
||
|
HPP=
|
||
|
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
|
||
|
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
|
||
|
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
|
||
|
|
||
|
HPP=--hpp
|
||
|
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
|
||
|
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
|
||
|
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
|
||
|
|
||
|
curl -o /dev/null ${URL}/shutdown
|
||
|
|