2014-07-04 15:54:07 +00:00
|
|
|
require 'sqlmap/sqlmap_session'
|
|
|
|
require 'sqlmap/sqlmap_manager'
|
|
|
|
require 'json'
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
class Plugin::Sqlmap < Msf::Plugin
|
|
|
|
class SqlmapCommandDispatcher
|
|
|
|
include Msf::Ui::Console::CommandDispatcher
|
|
|
|
|
|
|
|
def name
|
2014-08-04 05:11:25 +00:00
|
|
|
'Sqlmap'
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def commands
|
|
|
|
{
|
2015-04-24 07:00:50 +00:00
|
|
|
'sqlmap_new_task' => 'Create a new task',
|
2014-07-21 23:00:03 +00:00
|
|
|
'sqlmap_connect' => 'sqlmap_connect <host> [<port>]',
|
2015-04-24 07:00:50 +00:00
|
|
|
'sqlmap_list_tasks' => 'List the knows tasks. New tasks are not stored in DB, so lives as long as the console does',
|
2014-07-21 23:00:03 +00:00
|
|
|
'sqlmap_get_option' => 'Get an option for a task',
|
|
|
|
'sqlmap_set_option' => 'Set an option for a task',
|
|
|
|
'sqlmap_start_task' => 'Start the task',
|
|
|
|
'sqlmap_get_status' => 'Get the status of a task',
|
|
|
|
'sqlmap_get_log' => 'Get the running log of a task',
|
|
|
|
'sqlmap_get_data' => 'Get the resulting data of the task',
|
|
|
|
'sqlmap_save_data' => 'Save the resulting data as web_vulns'
|
2014-07-04 15:54:07 +00:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_connect(*args)
|
|
|
|
if args.length == 0
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Need a host, and optionally a port')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2015-04-24 07:00:50 +00:00
|
|
|
@host, @port = args
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2015-04-24 07:00:50 +00:00
|
|
|
if !@port
|
2015-05-02 10:18:25 +00:00
|
|
|
@port = '8775'
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
2015-04-24 07:00:50 +00:00
|
|
|
@manager = Sqlmap::Manager.new(Sqlmap::Session.new(@host, @port))
|
|
|
|
print_good("Set connection settings for host #{@host} on port #{@port}")
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_set_option(*args)
|
2014-07-21 22:49:53 +00:00
|
|
|
unless args.length == 3
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_set_option <taskid> <option_name> <option_value>')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-08-04 00:11:49 +00:00
|
|
|
val = args[2] =~ /^\d+$/ ? args[2].to_i : args[2]
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
res = @manager.set_option(@hid_tasks[args[0]], args[1], val)
|
2014-08-04 00:11:49 +00:00
|
|
|
print_status("Success: #{res['success']}")
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_start_task(*args)
|
|
|
|
if args.length == 0
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_start_task <taskid> [<url>]')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
options = {}
|
2014-08-04 00:11:49 +00:00
|
|
|
options['url'] = args[1] if args.length == 2
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
if !options['url'] && @tasks[@hid_tasks[args[0]]]['url'] == ''
|
2014-07-21 23:00:03 +00:00
|
|
|
print_error('You need to specify a URL either as an argument to sqlmap_start_task or sqlmap_set_option')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
res = @manager.start_task(@hid_tasks[args[0]], options)
|
2014-08-04 00:25:33 +00:00
|
|
|
print_status("Started task: #{res['success']}")
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_get_log(*args)
|
2014-07-21 22:49:53 +00:00
|
|
|
unless args.length == 1
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_get_log <taskid>')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
res = @manager.get_task_log(@hid_tasks[args[0]])
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 23:00:03 +00:00
|
|
|
res['log'].each do |message|
|
2014-08-04 05:11:25 +00:00
|
|
|
print_status("[#{message['time']}] #{message['level']}: #{message['message']}")
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_get_status(*args)
|
2014-07-21 22:49:53 +00:00
|
|
|
unless args.length == 1
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_get_status <taskid>')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
res = @manager.get_task_status(@hid_tasks[args[0]])
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2015-04-24 07:00:50 +00:00
|
|
|
print_status("Status: #{res['status']}")
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_get_data(*args)
|
2014-07-21 22:49:53 +00:00
|
|
|
unless args.length == 1
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_get_data <taskid>')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
@hid_tasks ||= {}
|
|
|
|
@tasks ||= {}
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 23:00:03 +00:00
|
|
|
@tasks[@hid_tasks[args[0]]] = @manager.get_options(@hid_tasks[args[0]])['options']
|
2014-07-04 15:54:07 +00:00
|
|
|
|
|
|
|
print_line
|
2015-05-07 19:20:25 +00:00
|
|
|
print_status("URL: #{@tasks[@hid_tasks[args[0]]]['url']}")
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
res = @manager.get_task_data(@hid_tasks[args[0]])
|
2014-07-04 15:54:07 +00:00
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
2014-08-04 05:11:25 +00:00
|
|
|
'Columns' => ['Title', 'Payload'])
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 23:00:03 +00:00
|
|
|
res['data'].each do |d|
|
|
|
|
d['value'].each do |v|
|
|
|
|
v['data'].each do |i|
|
|
|
|
title = i[1]['title'].split('-')[0]
|
|
|
|
payload = i[1]['payload']
|
2014-07-04 15:54:07 +00:00
|
|
|
tbl << [title, payload]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
print_line
|
|
|
|
print_line tbl.to_s
|
|
|
|
print_line
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_save_data(*args)
|
2014-07-21 22:49:53 +00:00
|
|
|
unless args.length == 1
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_save_data <taskid>')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless framework.db && framework.db.usable
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('No database is connected or usable')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
@hid_tasks ||= {}
|
|
|
|
@tasks ||= {}
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-07-21 23:00:03 +00:00
|
|
|
@tasks[@hid_tasks[args[0]]] = @manager.get_options(@hid_tasks[args[0]])['options']
|
2014-07-04 15:54:07 +00:00
|
|
|
|
|
|
|
print_line
|
2015-05-02 10:18:25 +00:00
|
|
|
print_status('URL: ' + @tasks[@hid_tasks[args[0]]]['url'])
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
res = @manager.get_task_data(@hid_tasks[args[0]])
|
2014-07-04 15:54:07 +00:00
|
|
|
web_vuln_info = {}
|
2014-07-21 22:49:53 +00:00
|
|
|
url = @tasks[@hid_tasks[args[0]]]['url']
|
2014-07-21 23:00:03 +00:00
|
|
|
proto = url.split(':')[0]
|
|
|
|
host = url.split('/')[2]
|
2014-07-04 15:54:07 +00:00
|
|
|
port = 80
|
2014-08-04 04:59:03 +00:00
|
|
|
host, port = host.split(':') if host.include?(':')
|
2014-07-21 23:00:03 +00:00
|
|
|
path = '/' + (url.split('/')[3..(url.split('/').length - 1)].join('/'))
|
|
|
|
query = url.split('?')[1]
|
2014-07-04 15:54:07 +00:00
|
|
|
web_vuln_info[:web_site] = url
|
|
|
|
web_vuln_info[:path] = path
|
|
|
|
web_vuln_info[:query] = query
|
|
|
|
web_vuln_info[:host] = host
|
|
|
|
web_vuln_info[:port] = port
|
|
|
|
web_vuln_info[:ssl] = (proto =~ /https/)
|
2014-07-21 23:00:03 +00:00
|
|
|
web_vuln_info[:category] = 'imported from sqlmap'
|
|
|
|
res['data'].each do |d|
|
|
|
|
d['value'].each do |v|
|
|
|
|
web_vuln_info[:pname] = v['parameter']
|
|
|
|
web_vuln_info[:method] = v['place']
|
|
|
|
web_vuln_info[:payload] = v['suffix']
|
2014-08-04 05:11:25 +00:00
|
|
|
v['data'].values.each do |i|
|
2014-07-21 23:00:03 +00:00
|
|
|
web_vuln_info[:name] = i['title']
|
2014-07-04 15:54:07 +00:00
|
|
|
web_vuln_info[:description] = res.to_json
|
2014-07-21 23:00:03 +00:00
|
|
|
web_vuln_info[:proof] = i['payload']
|
2014-07-04 15:54:07 +00:00
|
|
|
framework.db.report_web_vuln(web_vuln_info)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2015-05-02 10:18:25 +00:00
|
|
|
print_good('Saved vulnerabilities to database.')
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_sqlmap_get_option(*args)
|
2014-07-21 22:49:53 +00:00
|
|
|
@hid_tasks ||= {}
|
|
|
|
@tasks ||= {}
|
|
|
|
|
|
|
|
unless args.length == 2
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Usage:')
|
|
|
|
print_error('\tsqlmap_get_option <taskid> <option_name>')
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2014-08-04 05:11:25 +00:00
|
|
|
arg = args.first
|
|
|
|
task_options = @manager.get_options(@hid_tasks[arg])
|
|
|
|
@tasks[@hid_tasks[arg]] = task_options['options']
|
2014-07-21 22:49:53 +00:00
|
|
|
|
2014-08-04 05:11:25 +00:00
|
|
|
if @tasks[@hid_tasks[arg]]
|
2015-05-07 19:20:25 +00:00
|
|
|
print_good("#{args[1]} : #{@tasks[@hid_tasks[arg]][args[1]]}")
|
2014-07-21 22:49:53 +00:00
|
|
|
else
|
2014-08-04 05:11:25 +00:00
|
|
|
print_error("Option #{arg} doesn't exist")
|
2014-07-21 22:49:53 +00:00
|
|
|
end
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
2014-08-04 05:11:25 +00:00
|
|
|
def cmd_sqlmap_new_task
|
2014-07-21 22:49:53 +00:00
|
|
|
@hid_tasks ||= {}
|
|
|
|
@tasks ||= {}
|
2014-07-04 15:54:07 +00:00
|
|
|
|
2014-07-21 22:49:53 +00:00
|
|
|
unless @manager
|
2015-05-02 10:18:25 +00:00
|
|
|
print_error('Please run sqlmap_connect <host> first.')
|
2014-07-04 15:54:07 +00:00
|
|
|
return
|
|
|
|
end
|
2015-05-02 10:11:59 +00:00
|
|
|
task_id = @manager.new_task
|
|
|
|
if task_id['taskid']
|
|
|
|
t_id = task_id['taskid'].to_s
|
|
|
|
@hid_tasks[(@hid_tasks.length + 1).to_s] = t_id
|
|
|
|
task_options = @manager.get_options(t_id)
|
2015-04-24 07:00:50 +00:00
|
|
|
@tasks[@hid_tasks[@hid_tasks.length]] = task_options['options']
|
|
|
|
print_good("Created task: #{@hid_tasks.length}")
|
|
|
|
else
|
|
|
|
print_error("Error connecting to the server. Please make sure the sqlmapapi server is running at #{@host}:#{@port}")
|
|
|
|
end
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
2014-08-04 05:11:25 +00:00
|
|
|
def cmd_sqlmap_list_tasks
|
2014-07-21 22:49:53 +00:00
|
|
|
@hid_tasks ||= {}
|
|
|
|
@tasks ||= {}
|
2014-08-04 05:11:25 +00:00
|
|
|
@hid_tasks.keys.each do |task|
|
2014-08-04 00:11:49 +00:00
|
|
|
print_good("Task ID: #{task}")
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def initialize(framework, opts)
|
|
|
|
super
|
|
|
|
|
|
|
|
add_console_dispatcher(SqlmapCommandDispatcher)
|
|
|
|
|
2015-05-02 10:18:25 +00:00
|
|
|
print_status('Sqlmap plugin loaded')
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def cleanup
|
|
|
|
remove_console_dispatcher('Sqlmap')
|
|
|
|
end
|
|
|
|
|
|
|
|
def name
|
2015-05-02 10:18:25 +00:00
|
|
|
'Sqlmap'
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def desc
|
2015-05-02 10:18:25 +00:00
|
|
|
'sqlmap plugin for Metasploit'
|
2014-07-04 15:54:07 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|