Comments (2)
It would require writing new tests for SQLi to detect it using BODY_REGEX_FILTER
. Additionally finding SQLi precisely can be a challenging task. Maybe, OFFAT can integrate sqlmap into the tool.
from offat.
Here is a short code we can integrate that will generate text (test.rst
) that that an be provided to sqlmap to do SQL injection testing
def test_EndPoint(self):
"""./sqlmap.py --batch -r test.rst --answers="involving it=n"""
tmp_spec = tempfile.NamedTemporaryFile(mode="+a", encoding="utf-8")
tmp_spec.write("""
{
"openapi": "3.0.0",
"paths": {
"/api/testimonials/count": {
"get": {
"operationId": "TestimonialsController_getCount",
"summary": "",
"description": "Returns count of all testimonials based on provided sql query",
"parameters": [
{
"name": "query",
"required": true,
"in": "query",
"example": "select count(*) as count from testimonial",
"schema": { "type": "string" }
}
],
"responses": {
"200": {
"description": "",
"content": {
"application/json": { "schema": { "type": "string" } }
}
}
},
"tags": ["Testimonials controller"]
}
},
"/api/products/views": {
"get": {
"operationId": "ProductsController_viewProduct",
"summary": "",
"description": "Updates the product's 'viewsCount' according to product name provided in the header 'x-product-name' and returns the query result.",
"parameters": [
{
"name": "x-product-name",
"required": true,
"in": "header",
"schema": { "type": "string" }
}
],
"responses": {
"200": { "description": "" },
"500": {
"description": "",
"content": {
"application/json": {
"schema": {
"type": "object",
"properties": {
"error": { "type": "string" },
"location": { "type": "string" }
}
}
}
}
}
},
"tags": ["Products controller"]
}
}
},
"info": {
"title": "Test",
"description": "info -> description",
"version": "1.0",
"contact": {}
},
"tags": [],
"servers": [{ "url": "https://someserver.com" }],
"components": {
"schemas": {
}
}
}
"""
)
tmp_spec.flush()
obj = BaseParser(tmp_spec.name)
server_hostname = "brokencrystals.com"
server_port = ":443"
server_ssl = "s"
end_points = obj.specification.get('paths')
for end_point, end_object in end_points.items():
for method, method_object in end_object.items():
parameters = method_object["parameters"]
req = requests.Request(method=method, url=f"http{server_ssl}://{server_hostname}{server_port}{end_point}")
req.headers["Host"] = f"{server_hostname}{server_port}"
for parameter in parameters:
if "value" not in parameter:
parameter["value"] = "*"
if parameter["in"] == "header":
req.headers[parameter["name"]] = parameter["value"]
if parameter["in"] == "query":
req.params[parameter["name"]] = parameter["value"]
if parameter["in"] == "body":
req.data.append([parameter["name"], parameter["value"]])
req = req.prepare()
print(f"==========\n{self.format_prepped_request(req)}\n==========")
I think integrating this into OFFAT is fairly easy - i.e. OFFAT can generate the file and potentially run sqlmap and bundle the results from it
The issue is that sqlmap
isn't built to be easily automated - it doesn't output JSON results for example - so some manual labor related to reading the results is needed
from offat.
Related Issues (19)
- Make output more clear if the endpoint is or not vulnerable HOT 5
- `PhoneNumberIN` returns empty values in the array HOT 7
- Additional tokens for `data_leak` HOT 2
- Add automated tests HOT 1
- Issue running the OFFAT tool to scan Open Source API's HOT 2
- Need to be able to skip SSL Verification HOT 3
- Support for HTTP/2 HOT 1
- API Testing Error HOT 5
- Host/Server Parsing Bug leading to scan crash HOT 4
- Semaphore-Lock-Bug
- [feature] capability to set Host and port , and even basePath HOT 5
- Feature : Documentation HOT 4
- Feature : Output filter HOT 1
- Install Error HOT 2
- Installation fails on Ubuntu / venv HOT 3
- False positive on SSTI check HOT 6
- False negative in OS Injection HOT 1
- Strange values instead of Payloads HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from offat.