Added wmap sql command to access db directly from wmap. XML reporting.
git-svn-id: file:///home/svn/framework3/trunk@6587 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
3bc44cc395
commit
7c16f5b5c9
|
@ -715,7 +715,13 @@ class DBManager
|
||||||
#framework.events.on_db_request(context, rec)
|
#framework.events.on_db_request(context, rec)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# WMAP
|
||||||
|
# Quick way to query the database (used by wmap_sql)
|
||||||
|
#
|
||||||
|
def sql_query(sqlquery)
|
||||||
|
ActiveRecord::Base.connection.select_all(sqlquery)
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -43,6 +43,7 @@ module Wmap
|
||||||
"wmap_website" => "List website structure",
|
"wmap_website" => "List website structure",
|
||||||
"wmap_targets" => "List all targets in the database",
|
"wmap_targets" => "List all targets in the database",
|
||||||
"wmap_reports" => "List all reported results",
|
"wmap_reports" => "List all reported results",
|
||||||
|
"wmap_sql" => "Query the database",
|
||||||
"wmap_run" => "Automatically test/exploit everything",
|
"wmap_run" => "Automatically test/exploit everything",
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
@ -59,6 +60,7 @@ module Wmap
|
||||||
end
|
end
|
||||||
|
|
||||||
def cmd_wmap_targets(*args)
|
def cmd_wmap_targets(*args)
|
||||||
|
|
||||||
args.push("-h") if args.length == 0
|
args.push("-h") if args.length == 0
|
||||||
|
|
||||||
while (arg = args.shift)
|
while (arg = args.shift)
|
||||||
|
@ -203,6 +205,7 @@ module Wmap
|
||||||
print_line("\t-h Display this help text")
|
print_line("\t-h Display this help text")
|
||||||
print_line("\t-p Print all available reports")
|
print_line("\t-p Print all available reports")
|
||||||
print_line("\t-s [id] Select report for display")
|
print_line("\t-s [id] Select report for display")
|
||||||
|
print_line("\t-x [id] Display XML report")
|
||||||
|
|
||||||
print_line("")
|
print_line("")
|
||||||
return
|
return
|
||||||
|
@ -211,6 +214,42 @@ module Wmap
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def cmd_wmap_sql(*args)
|
||||||
|
qsql = args.join(" ")
|
||||||
|
|
||||||
|
args.push("-h") if args.length == 0
|
||||||
|
|
||||||
|
while (arg = args.shift)
|
||||||
|
case arg
|
||||||
|
when '-h'
|
||||||
|
print_status("Usage: wmap_sql [sql query]")
|
||||||
|
print_line("\t-h Display this help text")
|
||||||
|
|
||||||
|
print_line("")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
print_line("SQL: #{qsql}")
|
||||||
|
|
||||||
|
begin
|
||||||
|
res =framework.db.sql_query(qsql)
|
||||||
|
res.each do |o|
|
||||||
|
line = ''
|
||||||
|
o.each do |k, v|
|
||||||
|
if v
|
||||||
|
line << v
|
||||||
|
end
|
||||||
|
line << '|'
|
||||||
|
end
|
||||||
|
print_line(line)
|
||||||
|
end
|
||||||
|
rescue ::Exception
|
||||||
|
print_error("SQL Error #{$!}")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# A copy of the shotgun approach to website exploitation
|
# A copy of the shotgun approach to website exploitation
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue