diff --git a/lib/core/settings.py b/lib/core/settings.py index f40b3687282..3d58735a129 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.8" +VERSION = "1.2.11.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 7a7229ca579..05f39e879e7 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -437,25 +437,30 @@ def option_list(taskid): @post("/option//get") def option_get(taskid): """ - Get the value of an option (command line switch) for a certain task ID + Get value of option(s) for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_get()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) - option = request.json.get("option", "") + options = request.json or [] + results = {} - if option in DataStore.tasks[taskid].options: - logger.debug("[%s] Retrieved value for option %s" % (taskid, option)) - return jsonize({"success": True, option: DataStore.tasks[taskid].get_option(option)}) - else: - logger.debug("[%s] Requested value for unknown option %s" % (taskid, option)) - return jsonize({"success": False, "message": "Unknown option", option: "not set"}) + for option in options: + if option in DataStore.tasks[taskid].options: + results[option] = DataStore.tasks[taskid].options[option] + else: + logger.debug("[%s] Requested value for unknown option '%s'" % (taskid, option)) + return jsonize({"success": False, "message": "Unknown option '%s'" % option}) + + logger.debug("[%s] Retrieved values for option(s) '%s'" % (taskid, ",".join(options))) + + return jsonize({"success": True, "options": results}) @post("/option//set") def option_set(taskid): """ - Set an option (command line switch) for a certain task ID + Set value of option(s) for a certain task ID """ if taskid not in DataStore.tasks: @@ -775,11 +780,11 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non logger.error("No task ID in use") continue try: - command, option = command.split(" ") + command, option = command.split(" ", 1) except ValueError: raw = _client("%s/option/%s/list" % (addr, taskid)) else: - options = {"option": option} + options = re.split(r"\s*,\s*", option.strip()) raw = _client("%s/option/%s/get" % (addr, taskid), options) res = dejsonize(raw) if not res["success"]: diff --git a/swagger.yaml b/swagger.yaml index 3f00bf4d8cd..6269bba0b2a 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -1,8 +1,9 @@ +# Note: written with Swagger Editor (https://editor.swagger.io/) swagger: "2.0" info: description: "" version: "1.2" - title: "sqlmap API (REST-JSON)" + title: "sqlmap API" contact: email: "dev@sqlmap.org" license: @@ -183,6 +184,277 @@ paths: success: type: boolean enum: [true] + /option/{taskid}/list: + get: + tags: + - "option" + summary: "List task options" + description: "" + operationId: "optionList" + produces: + - "application/json" + parameters: + - name: "taskid" + in: "path" + description: "ID of an existing task to list it's options" + required: true + type: "string" + responses: + 200: + description: "Task options successfully listed" + schema: + type: object + properties: + success: + type: boolean + enum: [true] + options: + type: object + additionalProperties: + type: string + example: + crawlDepth: null + osShell: false + getUsers: false + getPasswordHashes: false + excludeSysDbs: false + ignoreTimeouts: false + regData: null + fileDest: null + prefix: null + code: null + googlePage: 1 + skip: null + query: null + randomAgent: false + osPwn: false + authType: null + safeUrl: null + requestFile: null + predictOutput: false + wizard: false + stopFail: false + forms: false + uChar: null + secondReq: null + taskid: d977b0e5f091370e + pivotColumn: null + dropSetCookie: false + smart: false + paramExclude: null + risk: 1 + sqlFile: null + rParam: null + getCurrentUser: false + notString: null + getRoles: false + getPrivileges: false + testParameter: null + tbl: null + charset: null + trafficFile: null + osSmb: false + level: 1 + dnsDomain: null + outputDir: null + encoding: null + skipWaf: false + timeout: 30 + firstChar: null + torPort: null + getComments: false + binaryFields: null + checkTor: false + commonTables: false + direct: null + tmpPath: null + titles: false + getSchema: false + identifyWaf: false + paramDel: null + safeReqFile: null + regKey: null + murphyRate: null + limitStart: null + crawlExclude: null + flushSession: false + loadCookies: null + csvDel: + offline: false + method: null + tmpDir: null + fileWrite: null + disablePrecon: false + osBof: false + testSkip: null + invalidLogical: false + getCurrentDb: false + hexConvert: false + proxyFile: null + answers: null + host: null + dependencies: false + cookie: null + proxy: null + regType: null + optimize: false + limitStop: null + search: false + uFrom: null + noCast: false + testFilter: null + ignoreCode: null + eta: false + csrfToken: null + threads: 1 + logFile: null + os: null + col: null + skipStatic: false + proxyCred: null + verbose: 1 + isDba: false + updateAll: false + privEsc: false + forceDns: false + getAll: false + api: true + url: http://www.test.com/index.php?id=1 + invalidBignum: false + regexp: null + getDbs: false + freshQueries: false + uCols: null + smokeTest: false + udfInject: false + invalidString: false + tor: false + forceSSL: false + beep: false + noEscape: false + configFile: null + scope: null + authFile: null + torType: SOCKS5 + regVal: null + dummy: false + checkInternet: false + safePost: null + safeFreq: null + skipUrlEncode: false + referer: null + liveTest: false + retries: 3 + extensiveFp: false + dumpTable: false + getColumns: false + batch: true + purge: false + headers: null + authCred: null + osCmd: null + suffix: null + dbmsCred: null + regDel: false + shLib: null + sitemapUrl: null + timeSec: 5 + msfPath: null + dumpAll: false + fileRead: null + getHostname: false + sessionFile: null + disableColoring: true + getTables: false + listTampers: false + agent: null + webRoot: null + exclude: null + lastChar: null + string: null + dbms: null + dumpWhere: null + tamper: null + ignoreRedirects: false + hpp: false + runCase: null + delay: 0 + evalCode: null + cleanup: false + csrfUrl: null + secondUrl: null + getBanner: true + profile: false + regRead: false + bulkFile: null + db: null + dumpFormat: CSV + alert: null + harFile: null + nullConnection: false + user: null + parseErrors: false + getCount: false + data: null + regAdd: false + ignoreProxy: false + database: /tmp/sqlmapipc-jGw6ZY + mobile: false + googleDork: null + saveConfig: null + sqlShell: false + tech: BEUSTQ + textOnly: false + cookieDel: null + commonColumns: false + keepAlive: false + /option/{taskid}/get: + post: + tags: + - "option" + summary: "Get task option value(s)" + description: "" + operationId: "optionGet" + consumes: + - "application/json" + produces: + - "application/json" + parameters: + - name: "taskid" + in: "path" + description: "ID of an existing task" + required: true + type: "string" + - in: body + name: options + description: "" + schema: + type: array + items: + type: string + example: ["url", "timeout"] + responses: + 200: + description: "Task option value successfully retrieved" + schema: + type: object + properties: + success: + type: boolean + options: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + example: + - success: true + options: + url: http://www.test.com/index.php?id=1 + timeout: 30 externalDocs: description: "Find out more about sqlmap API (REST-JSON)" url: "https://github.com/sqlmapproject/sqlmap/wiki/Usage#api-rest-json" \ No newline at end of file diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3ee88a07c12..611de95fe29 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f6c316b9de14838f5a70072e514c5974 lib/core/settings.py +b7d7300f745050d9a29bcf30a1ddcc5e lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -101,7 +101,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py 7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py -dfea8e2ca23c5160b2f57732d8d49023 lib/utils/api.py +038ec99105c59acc2b1c6cb90e9e4043 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py