Added wmap sql command to access db directly from wmap. XML reporting.

git-svn-id: file:///home/svn/framework3/trunk@6587 4d416f70-5f16-0410-b530-b9f4589650da
unstable
et 2009-05-28 03:26:27 +00:00
parent 3bc44cc395
commit 7c16f5b5c9
2 changed files with 46 additions and 1 deletions

View File

@ -715,7 +715,13 @@ class DBManager
#framework.events.on_db_request(context, rec) #framework.events.on_db_request(context, rec)
end end
#
# WMAP
# Quick way to query the database (used by wmap_sql)
#
def sql_query(sqlquery)
ActiveRecord::Base.connection.select_all(sqlquery)
end
end end

View File

@ -43,6 +43,7 @@ module Wmap
"wmap_website" => "List website structure", "wmap_website" => "List website structure",
"wmap_targets" => "List all targets in the database", "wmap_targets" => "List all targets in the database",
"wmap_reports" => "List all reported results", "wmap_reports" => "List all reported results",
"wmap_sql" => "Query the database",
"wmap_run" => "Automatically test/exploit everything", "wmap_run" => "Automatically test/exploit everything",
} }
end end
@ -59,6 +60,7 @@ module Wmap
end end
def cmd_wmap_targets(*args) def cmd_wmap_targets(*args)
args.push("-h") if args.length == 0 args.push("-h") if args.length == 0
while (arg = args.shift) while (arg = args.shift)
@ -203,6 +205,7 @@ module Wmap
print_line("\t-h Display this help text") print_line("\t-h Display this help text")
print_line("\t-p Print all available reports") print_line("\t-p Print all available reports")
print_line("\t-s [id] Select report for display") print_line("\t-s [id] Select report for display")
print_line("\t-x [id] Display XML report")
print_line("") print_line("")
return return
@ -211,6 +214,42 @@ module Wmap
end end
def cmd_wmap_sql(*args)
qsql = args.join(" ")
args.push("-h") if args.length == 0
while (arg = args.shift)
case arg
when '-h'
print_status("Usage: wmap_sql [sql query]")
print_line("\t-h Display this help text")
print_line("")
return
end
end
print_line("SQL: #{qsql}")
begin
res =framework.db.sql_query(qsql)
res.each do |o|
line = ''
o.each do |k, v|
if v
line << v
end
line << '|'
end
print_line(line)
end
rescue ::Exception
print_error("SQL Error #{$!}")
return
end
end
# #
# A copy of the shotgun approach to website exploitation # A copy of the shotgun approach to website exploitation
# #