Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c44a829

Browse files
committed
pass a pickled options object to sqlmap engine when called from API
1 parent 8457cff commit c44a829

3 files changed

Lines changed: 15 additions & 6 deletions

File tree

lib/core/option.py

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@
5151
from lib.core.common import UnicodeRawConfigParser
5252
from lib.core.common import urldecode
5353
from lib.core.common import urlencode
54+
from lib.core.convert import base64unpickle
5455
from lib.core.data import conf
5556
from lib.core.data import kb
5657
from lib.core.data import logger
@@ -1766,6 +1767,9 @@ def _mergeOptions(inputOptions, overrideOptions):
17661767
@type inputOptions: C{instance}
17671768
"""
17681769

1770+
if inputOptions.pickledOptions:
1771+
inputOptions = base64unpickle(inputOptions.pickledOptions)
1772+
17691773
if inputOptions.configFile:
17701774
configFileParser(inputOptions.configFile)
17711775

@@ -2051,9 +2055,9 @@ def init(inputOptions=AttribDict(), overrideOptions=False):
20512055

20522056
if not inputOptions.disableColoring:
20532057
coloramainit()
2054-
else:
2055-
if hasattr(LOGGER_HANDLER, "disable_coloring"):
2056-
LOGGER_HANDLER.disable_coloring = True
2058+
elif hasattr(LOGGER_HANDLER, "disable_coloring"):
2059+
LOGGER_HANDLER.disable_coloring = True
2060+
20572061
_setConfAttributes()
20582062
_setKnowledgeBaseAttributes()
20592063
_mergeOptions(inputOptions, overrideOptions)

lib/parse/cmdline.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -664,6 +664,8 @@ def cmdLineParser():
664664
help="Simple wizard interface for beginner users")
665665

666666
# Hidden and/or experimental options
667+
parser.add_option("--pickle", dest="pickledOptions", help=SUPPRESS_HELP)
668+
667669
parser.add_option("--profile", dest="profile", action="store_true",
668670
help=SUPPRESS_HELP)
669671

@@ -757,7 +759,7 @@ def _(self, *args):
757759

758760
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
759761
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \
760-
args.purgeOutput)):
762+
args.purgeOutput, args.pickledOptions)):
761763
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
762764
errMsg += "use -h for basic or -hh for advanced help"
763765
parser.error(errMsg)

lib/utils/api.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818

1919
from lib.controller.controller import start
2020
from lib.core.common import unArrayizeValue
21+
from lib.core.convert import base64pickle
2122
from lib.core.convert import hexencode
2223
from lib.core.convert import stdoutencode
2324
from lib.core.data import paths
@@ -48,6 +49,7 @@
4849

4950
# Local global variables
5051
adminid = ""
52+
procs = dict()
5153
tasks = AttribDict()
5254

5355
# Generic functions
@@ -251,6 +253,7 @@ def scan_start(taskid):
251253
Launch a scan
252254
"""
253255
global tasks
256+
global procs
254257

255258
if taskid not in tasks:
256259
abort(500, "Invalid task ID")
@@ -266,8 +269,8 @@ def scan_start(taskid):
266269
# Launch sqlmap engine in a separate thread
267270
logger.debug("starting a scan for task ID %s" % taskid)
268271

269-
proc = Popen("python sqlmap.py -c %s" % config_file, shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
270-
stdout, stderr = proc.communicate()
272+
procs[taskid] = Popen("python sqlmap.py --pickle %s" % base64pickle(tasks[taskid]), shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE)
273+
stdout, stderr = procs[taskid].communicate()
271274

272275
return jsonize({"success": True})
273276

0 commit comments

Comments
 (0)