Re: [sqlmap-users] w3af REST API recommendations
Brought to you by:
inquisb
From: Miroslav S. <mir...@gm...> - 2014-03-20 19:05:33
|
Great reply :) Bye On Mar 20, 2014 4:13 PM, "Brandon Perry" <bpe...@gm...> wrote: > I can't comment on building the API, but I maintain C# bindings to the > sqlmap REST API and, programmatically, it works really well. > > There is no authentication, but I only ever run it on localhost anyway so > this isn't a big deal to me. > > I have tested it under relatively heavy load (one API instance testing > multiple applications) and it has been performant. I don't recall ever > saying "Man, I wish this were faster". > > JSON is totally the way to go for data requests/responses. > > One recommendation I have since I deal with many APIs on a daily basis is > please don't assume the programmers will be interacting with your API with > language X. The Metasploit MSGPACK API is a good example of this and is > very cumbersome to use from a strongly typed language. Arachni falls into a > similar field relying on Ruby-style marshalling or YAML which I simply > can't do from, say, C#. > > Aside from sqlmap, I also really like the cuckoo-sandbox API. > > > > On Thu, Mar 20, 2014 at 10:00 AM, Andres Riancho <and...@gm... > > wrote: > >> List, >> >> I'm going to abuse the list a little bit, and poke your brains for >> a while, so be prepared :) >> >> The w3af project wants to implement its own REST API to expose the >> w3afCore and KnowledgeBase objects. The core allows users to configure >> the plugins and start the scan, and the knowledge base holds the >> vulnerabilities. >> >> You guys implemented a REST API for sqlmap, which has been up and >> running for a while now. >> >> What I wanted to know is: >> * What's the technology stack you guys used for creating the REST >> API? >> * Were you happy with it? Would you use something different if >> you had the chance? >> * Have you tested the API under heavy load? >> * Do you have the concept of sessions and users in the API? Why >> not? >> * Any recommendations on API design? (paths, results, hrefs, etc.) >> >> Thanks! >> >> Regards, >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/13534_NeoTech >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |