• Request爬蟲技術，sqlmap深入分析，Pocsuite分析，框架程式碼二次修改等

• 掌握安全工具的API介面開發利用，掌握優秀框架的二次開發外掛引用等

• 1.建立新任務記錄任務ID @get("/task/new")
• 2.設定任務ID掃描資訊@get("/option//set")
• 3.開始掃描對應ID任務 @get("/scan//start")
• 4.讀取掃描狀態判斷結果 @get("/scan//status")
• 5.如果結束刪除ID@get("/task//delete")
• 6.掃描結果檢視@get("/scan//data")

# Author:Serena
import requests,json


# 首先：進入sqlmap目錄，啟動sqlmapapi，命令：python sqlmapapi.py -s
# 出現以下內容說明啟動成功
# F:\安全測試\00安全測試工具\sqlmap\sqlmap-package\sqlmapproject-sqlmap-1.2.2-18-g93859fd>python sqlmapapi.py -s
 

# [14:40:28] [INFO] Running REST-JSON API server at '127.0.0.1:8775'..
# [14:40:28] [INFO] Admin ID: b551026d61168d80124301f545c24096
# [14:40:28] [DEBUG] IPC database: 'c:\users\admini~1\appdata\local\temp\sqlmapipc-kdq7ha'
# [14:40:28] [DEBUG] REST-JSON API server connected to IPC database
# [14:40:28] [DEBUG] Using adapter 'wsgiref' to run bottle
 


#建立新任務，記錄任務ID
task_new_url = 'http://127.0.0.1:8775/task/new'
resp = requests.get(task_new_url)
task_id = resp.json()['taskid']
# print(task_id)

#設定任務ID的配置資訊（掃描資訊）
data = {
    "url":"http://127.0.0.1:8081/sqlilabs/Less-2/?id=1"
}
headers = {
    "Content-Type":"application/json"
}
task_set_url = "http://127.0.0.1:8775/option/"+task_id+"/set"
task_set_resp = requests.post(task_set_url,data=json.dumps(data),headers=headers)
# print(task_set_resp.json())

#啟動對應ID的掃描任務
task_start_url = "http://127.0.0.1:8775/scan/"+task_id+"/start"
task_start_resp = requests.post(task_start_url,data=json.dumps(data),headers=headers)
# print(task_start_resp.json())


#獲取對應ID的掃描狀態
task_status_url =  "http://127.0.0.1:8775/scan/"+task_id+"/status"
task_status_resp = requests.get(task_status_url)
print(task_status_resp.json())

# Author:Serena
import time
import requests,json


# 首先：進入sqlmap目錄，啟動sqlmapapi，命令：python sqlmapapi.py -s


def sqlmapapi(url):

    data = {
        "url": url
    }
    headers = {
        "Content-Type": "application/json"
    }

    # 建立新任務，記錄任務ID
    task_new_url = 'http://127.0.0.1:8775/task/new'
    resp = requests.get(task_new_url)
    task_id = resp.json()['taskid']
    # print(task_id)

    if 'success' in resp.content.decode('utf-8'):
        print('sqlmapapi task create success!')
        # 設定任務ID的配置資訊（掃描資訊）
        task_set_url = "http://127.0.0.1:8775/option/" + task_id + "/set"
        task_set_resp = requests.post(task_set_url, data=json.dumps(data), headers=headers)
        # print(task_set_resp.json())

        if 'success' in task_set_resp.content.decode('utf-8'):
            print('sqlmapapi task set success!')
            # 啟動對應ID的掃描任務
            task_start_url = "http://127.0.0.1:8775/scan/" + task_id + "/start"
            task_start_resp = requests.post(task_start_url, data=json.dumps(data), headers=headers)
            # print(task_start_resp.json())
            if 'success' in task_start_resp.content.decode('utf-8'):
                print('sqlmapapi task start success!')
                while 1:
                    # 獲取對應ID的掃描狀態
                    task_status_url = "http://127.0.0.1:8775/scan/" + task_id + "/status"
                    task_status_resp = requests.get(task_status_url)
                    # print(task_status_resp.json())
                    if 'running' in task_status_resp.content.decode('utf-8'):
                        print('suqmapapi task scan running!-->' + url)
                        pass
                    else:
                        # print('sqlmapapi task scan end!')
                        #掃描結果檢視
                        task_data_url = "http://127.0.0.1:8775/scan/" + task_id + "/data"
                        task_data_resp = requests.get(task_data_url).content.decode('utf-8')
                        print(task_data_resp)
                        with open(r'scan_result.txt','a+') as f:
                            f.write(url + '\n')
                            f.write(task_data_resp + '\n')
                            f.write('==========python sqlmapapi by Serena==========' + '\n')
                        #如果結束刪除ID
                        task_delete_url = "http://127.0.0.1:8775/task/" + task_id + "/delete"
                        task_delete_resp = requests.get(task_delete_url)
                        if 'success' in task_delete_resp.content.decode('utf-8'):
                            print('delete taskid success!')
                        break
                    time.sleep(3)


if __name__ == '__main__':
    for url in open('url.txt'):
        url = url.replace('\n','')
        # print(url)
        sqlmapapi(url)

案例3：Pocsuite3漏掃框架二次開發POC/EXP引入使用

• 1.熟悉Pocsuite3專案使用及介紹
• 2.熟悉使用命令及程式碼檔案對應情況
• 3.選取Glassfish漏洞進行編寫測試
• 4.參考自帶漏洞模板程式碼模仿寫法測試
  • python cli.py -u x.x.x.x -r Glassfish.py --verify

• http://sqlmap.org
• https:/github.com/konwnsec/pocsuite/
• https://www.freebuf.com/articles/web/204875.html
• https://www.freebuf.com/articles/people/162868.html
• https://pan.baidu.com/s/13y3U6jX3WUYmnfKnXT8abQ，提取碼：xiao