Comments (16)
That's good feedback. The API provides log information that I might be able to add to the scan queue or if not, maybe I could add it somewhere else. It wouldn't quite be real time as it would be a thread polling the API on some regular basis, but that would still be a good addition.
from sqlipy.
One more idea, It would be really nice if there was a field where it's possible to put other config options which can not be set by the UI. For example --prefix="'" --suffix="'" --time-sec=2.
from sqlipy.
I just pushed an update that adds a tab from which you can select a scan ID and then get the logs associated with that ID (up to that point).
I'm not sure how to address the extra config options issue. I thought about trying to add that at first, but the problem is that the config option names don't line up with the JSON variables. So I would have to track all the other options and write if/else statements to attempt to align submitted options and their values with the write variables for the JSON API.
Eventually, I just might add all the available options. For now, I am just trying to get a good working sqlmap integration plugin with some of the key features.
Let me know if the new SQLMap Logs tab is close to what you were wanting.
from sqlipy.
Nice, this is a great improvement!
I just tested it with an actual pentest I’m doing. In the ‘logs’ tab I can now nicely see what sqlmap has been doing and if any important messages were output (for example, there is a possibility that the target (or WAF) is dropping 'suspicious' requests), which I could use to investigate a URL or parameter more closely. However, I usually start a bunch of SQLi scans at the same time and currently I can’t see what URL and sqlmap settings have been used for a specific scan. I only have the log. I can only see what the settings were for the last scan that was started. Is this something that you could fix?
from sqlipy.
Would it help to print the URL and options that were run for each scan at the top of the logs output? I should be able to whip that up pretty quick.
from sqlipy.
I updated the log display to show the sqlmap command that was run for each task. The command is displayed at the top of the log results. I think this should make it easier to tell the status of each scan. Let me know if you have a better idea for where to display this info.
from sqlipy.
Perfect, thanks!
Is it possible to change the tamper button (file select) to a more convenient mutiple selectbox? Normally I would simply do something like "--tamper=between,space2plus".
from sqlipy.
Perhaps it is a good idea to put the URL in het selectbox with the scan ID's? This way it easier to get the status of a specific scan.
from sqlipy.
I just pushed out an update that adds a dash and the URL to the end of the scan ID. It seems to be working as expected, hopefully that helps.
from sqlipy.
I also created a new issue for enhancing the tamper script selection button.
from sqlipy.
I pushed another update out that adds the ability to select multiple files using the "Tamper" button. In addition, you can now clear out any selected files.
from sqlipy.
Thank you very much! I’ll let you know if more ideas come to mind :)
from sqlipy.
How about a button to cancel/stop a running scan?
from sqlipy.
That is a good idea, and I began working on it this evening. In testing the Sqlmap API, I tried manually killing a running scan using both "GET /scan//stop" and "GET /scan//kill" and neither worked.
I submitted the issue to the sqlmap team. If it gets fixed, I will add the feature. There is no way for me to kill it until this part of the API is resolved (I've been playing around with the API code to see if I could figure out an OS agnostic way as well).
from sqlipy.
The sqlmap guys fixed the API issue of killing/stopping scans within hours, so I have added this feature to the plugin.
There is now a tab that allows you to pick a scan and stop it. Note that this requires an update to sqlmap as of 10/10/2014 (it was fixed 7 or so hours ago).
from sqlipy.
Fixes made and features added months ago. Forgot to close this out.
from sqlipy.
Related Issues (20)
- always freezes the whole burp suite HOT 12
- https://github.com/codewatchorg/sqlipy HOT 3
- No burp
- No "SQLiPy Scan" option in context menu HOT 1
- Scan starts but does not appear in the scan list HOT 6
- FR: Table View of Results
- FR: Auto Start Scan after Sending to SQLiPy
- FR: Ignore Cookies HOT 1
- FR: Flag False Positives as an FP or Info Issue HOT 1
- No right click console integration HOT 2
- Problem with running SQLiPy.py HOT 3
- Not getting same results in cli sqlmap HOT 3
- "Start Scan" button does nothing HOT 2
- SQLMap API not starting HOT 21
- Cannot See Scan Results HOT 3
- Sqlmaps do not keep path HOT 2
- SQLMap API is NOT running Error HOT 5
- Allow Specification of Technique in BurpSuite HOT 4
- Support for auto logs fetching
- FR: Auto save logs to disk / project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqlipy.