Saturday, April 13, 2013

Interacting with SQLMap from C#

I just checked in some basic bindings to the SQLMap RESTful API. Pretty simple, below is an example application. It creates a new task, sets the msfPath option (but stores a copy of the options from before), starts the task using a specific URL set in the options dictionary, watches the scan until it completes, then writes the logs messages to stdout. You can get the bindings on github.
using System;
using sqlmapsharp;
using System.Collections.Generic;

namespace Example
{
 class MainClass
 {
  public static void Main (string[] args)
  {
   using (SqlmapSession session = new SqlmapSession("127.0.0.1", 8775))
   {
    using (SqlmapManager manager = new SqlmapManager(session))
    {
     string taskid = manager.NewTask();

     Console.WriteLine(taskid);

     Dictionary options = manager.GetOptions(taskid);

     manager.SetOption(taskid, "msfPath", "/path/to/msf");

     Dictionary newoptions = manager.GetOptions(taskid);

     Console.WriteLine("Old msfpath: " + options["msfPath"].ToString());
     Console.WriteLine("New msfpath: " + newoptions["msfPath"].ToString());

     options["url"] = "http://192.168.1.254/xslt?PAGE=C_0_0";

     manager.StartTask(taskid, options);

     SqlmapStatus status = manager.GetScanStatus(taskid);

     while (status.Status != "terminated")
     {
      System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
      status = manager.GetScanStatus(taskid);
     }

     List logItems = manager.GetLog(taskid);

     foreach (SqlmapLogItem item in logItems)
      Console.WriteLine(item.Message);

     manager.DeleteTask(taskid);
    }
   }
  }
 }
}

No comments:

Post a Comment