Implementation for an Issue #293

stamparm · stamparm · commit 5c2451d83c34 · 2012-12-11T12:48:58.000+01:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -12,6 +12,9 @@
 import socket
 import time
 
+from subprocess import PIPE
+from subprocess import Popen as execute
+
 from extra.beep.beep import beep
 from lib.core.agent import agent
 from lib.core.common import arrayizeValue
@@ -521,6 +524,13 @@ def genCmpPayload():
                         if conf.beep:
                             beep()
 
+                        if conf.alert:
+                            infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
+                            logger.info(infoMsg)
+
+                            process = execute(conf.alert, shell=True)
+                            process.wait()
+
                         # There is no need to perform this test for other
                         # <where> tags
                         break
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -191,6 +191,7 @@
 
             "Miscellaneous": {
                                "mnemonics":         "string",
+                               "alert":             "string",
                                "answers":           "string",
                                "beep":              "boolean",
                                "checkPayload":      "boolean",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -603,6 +603,9 @@ def cmdLineParser():
         miscellaneous.add_option("-z", dest="mnemonics",
                                help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")")
 
+        miscellaneous.add_option("--alert", dest="alert",
+                                  help="Run shell command(s) when SQL injection is found")
+
         miscellaneous.add_option("--answers", dest="answers",
                                   help="Set question answers (e.g. \"quit=N,follow=N\")")
 
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -650,13 +650,16 @@ updateAll = False
 
 [Miscellaneous]
 
-# Use short mnemonics (e.g. "flu,bat,ban,tec=EU")
+# Use short mnemonics (e.g. "flu,bat,ban,tec=EU").
 mnemonics =
 
-# Set question answers (e.g. "quit=N,follow=N")
+# Run shell command(s) when SQL injection is found.
+alert =
+
+# Set question answers (e.g. "quit=N,follow=N").
 answers =
 
-# Make a beep sound when SQL injection is found
+# Make a beep sound when SQL injection is found.
 # Valid: True or False
 beep = False
 
