Automatic SQL injection with Charles and sqlmap api
Automatic SQL injection with Charles and sqlmapapi
中文版说明文档点这里
Automatic SQL injection with Charles and sqlmapapi
Preferably, you can download SQLiScanner by cloning the Git repository:
git clone https://github.com/0xbug/SQLiScanner.git --depth 1
You can download sqlmap by cloning the Git repository:
git clone https://github.com/sqlmapproject/sqlmap.git --depth 1
SQLiScanner works with Python version 3.x on Linux and osx.
Create virtualenv and install requirements
cd SQLiScanner/
virtualenv --python=/usr/local/bin/python3.5 venv
source venv/bin/activate
pip install -r requirements.txt
DATABASES Setting
SQLiScanner/settings.py:85
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': '',
'USER': '',
'PASSWORD': '',
'HOST': '127.0.0.1',
'PORT': '5432',
}
}
SendEmail Setting
SQLiScanner/settings.py:158
# Email
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_USE_TLS = False
EMAIL_HOST = ''
EMAIL_PORT = 25
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
DEFAULT_FROM_EMAIL = ''
scanner/tasks.py:14
class SqlScanTask(object):
def __init__(self, sqli_obj):
self.api_url = "http://127.0.0.1:8775"
self.mail_from = ""
self.mail_to = [""]
python manage.py makemigrations scanner
python manage.py migrate
python manage.py createsuperuser
redis-server
python sqlmapapi.py -s -p 8775
python manage.py celery worker --loglevel=info
python manage.py runserver