Re: [sqlmap-users] w3af REST API recommendations
Brought to you by:
inquisb
From: Brandon P. <bpe...@gm...> - 2014-03-20 15:12:48
|
I can't comment on building the API, but I maintain C# bindings to the sqlmap REST API and, programmatically, it works really well. There is no authentication, but I only ever run it on localhost anyway so this isn't a big deal to me. I have tested it under relatively heavy load (one API instance testing multiple applications) and it has been performant. I don't recall ever saying "Man, I wish this were faster". JSON is totally the way to go for data requests/responses. One recommendation I have since I deal with many APIs on a daily basis is please don't assume the programmers will be interacting with your API with language X. The Metasploit MSGPACK API is a good example of this and is very cumbersome to use from a strongly typed language. Arachni falls into a similar field relying on Ruby-style marshalling or YAML which I simply can't do from, say, C#. Aside from sqlmap, I also really like the cuckoo-sandbox API. On Thu, Mar 20, 2014 at 10:00 AM, Andres Riancho <and...@gm...>wrote: > List, > > I'm going to abuse the list a little bit, and poke your brains for > a while, so be prepared :) > > The w3af project wants to implement its own REST API to expose the > w3afCore and KnowledgeBase objects. The core allows users to configure > the plugins and start the scan, and the knowledge base holds the > vulnerabilities. > > You guys implemented a REST API for sqlmap, which has been up and > running for a while now. > > What I wanted to know is: > * What's the technology stack you guys used for creating the REST > API? > * Were you happy with it? Would you use something different if > you had the chance? > * Have you tested the API under heavy load? > * Do you have the concept of sessions and users in the API? Why > not? > * Any recommendations on API design? (paths, results, hrefs, etc.) > > Thanks! > > Regards, > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |