sqlmap-users Mailing List for sqlmap (Page 9)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2015-08-14 21:31:31
|
Hi. With the latest revision you have a special variable "lastPage" for --eval purposes. For example: python sqlmap.py -u " http://testphp.vulnweb.com/artists.php?artist=1" --eval="print lastPage" Bye p.s. for REST API quick reference go to the http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html as Brandon already suggested On Thu, Aug 13, 2015 at 12:11 PM, Vojtěch Polášek <kr...@gm...> wrote: > Thank you very much, this will certainly help in automating Sqlmap. > But I think it doesn't solve my problem. > I will try to explain it once more and suggest some possible solution, > which came to my mind: > I am trying to find SQL injection flaw in a HTTP request which deletes > an object. > Before every request I need to: > 1. send a POSt request to create an object - every object gets a new ID > 2. receive response and get new object ID > 3. send the deletion request which tests for SQL injection flaw. > As far as I thought about it, the REST API won't help me here. > The --eval argument seems like the best approach for me. From the usage > page I can see, that I can change parameter values in the request > through --eval. That's good. But is it also possible to access > information send in the last response? That's all I need I think. If I > could access information from last response within the --eval, I could > modify original request for deletion to delete the right object. > I guess that there is some name space which can be accessed by my custom > script in the context of --eval, right? > What do you think about it? Do you understand it or should I provide > more information? > And one more question - in which class should I look to get list of all > implemented methods for REST API? I took a brief look at > lib/utils/api.py, but I can't seem to find the right class. I have never > worked with Bottle framework before. > Thanks alot for your help, I really appreciate it. > Best regards, > Vojtěch Polášek > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2015-08-14 20:50:13
|
Solved both of issues with the latest commit. Bye On Thu, Aug 13, 2015 at 11:46 AM, Vojtěch Polášek <kr...@gm...> wrote: > Greetings, > I think I have found several bugs when using --save to save configuration. > 1. I can't specify the file name, it tries to create some random file in > Sqlmap base directory. This can cause problems, for example, I don't > have permissions to write there, so I have to run Sqlmap with sudo. > 2. When it saves configuration, it also saves it with option --save > turned on, this is nonsense in my opinion. > Could you please look into this? > Thank you very much, > Vojtěch Polášek > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Christopher D. <chr...@ch...> - 2015-08-14 14:56:13
|
Yeah Exactly. Im wondering if you can do that maybe the strict servers would not just barf out on retrieval ? I've seen others with this issue and it's seams pretty obvious. But I'm trying to see if there is anything else I should try before I know it's not worth it. Thanks ! Chris. On Fri, Aug 14, 2015 at 9:18 AM, Miroslav Stampar < mir...@gm...> wrote: > Throttle like? You mean like slower data retrieval? > > Bye > On Aug 14, 2015 4:11 PM, "Christopher Downs" <chr...@ch...> > wrote: > >> Good Morning Gents, >> Is there a way to throttle or manipulate data retrieval through app >> servers that are puking with strict permissions or am I just out of luck ? >> I can see this happening in v6 debug mode. I thought I may email the list >> and ask. >> >> Maybe you guys have some thoughts ? >> >> sql-shell> select name from Customer LIMIT 10; >> [13:16:51] [INFO] fetching SQL SELECT statement query output: 'select >> name from Customer LIMIT 10' >> [13:16:51] [INFO] retrieving the length of query output >> [13:16:51] [INFO] retrieved: >> [13:16:52] [INFO] retrieved: >> [13:16:52] [INFO] retrieving the length of query output >> ------ snip for brevity ------ >> [13:16:54] [INFO] retrieved: >> [13:16:54] [INFO] retrieving the length of query output >> [13:16:55] [INFO] retrieved: >> [13:16:55] [INFO] retrieved: >> select name from Customer LIMIT 10; [10]: >> [*] >> [*] >> [*] >> [*] >> [*] >> [*] >> [*] >> [*] >> [*] >> [*] >> >> sql-shell> x >> >> As a note I am running last nights latest git repo release. >> 1.0-dev-2c1cde0 >> >> Thanks in Advance. >> Chris. >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> |
|
From: Christopher D. <chr...@ch...> - 2015-08-14 14:47:33
|
Bummer doesn't work. I'm getting the same errors on 5 and 10 sec delay inervals. [14:45:11] [ERROR] unable to retrieve the table names for any database The other idea I was thinking about ( I'm not sure if it's even possible ) is like a reverse tamper. We're the data retrieval is set to some other response technique the app server would respond too ? Much appreciated ! Chris. On Fri, Aug 14, 2015 at 9:38 AM, Miroslav Stampar < mir...@gm...> wrote: > Try option --delay > > Bye > On Aug 14, 2015 4:30 PM, "Christopher Downs" <chr...@ch...> > wrote: > >> Yeah Exactly. Im wondering if you can do that maybe the strict servers >> would not just barf out on retrieval ? I've seen others with this issue and >> it's seams pretty obvious. But I'm trying to see if there is anything else >> I should try before I know it's not worth it. >> >> Thanks ! >> Chris. >> >> On Fri, Aug 14, 2015 at 9:18 AM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> Throttle like? You mean like slower data retrieval? >>> >>> Bye >>> On Aug 14, 2015 4:11 PM, "Christopher Downs" < >>> chr...@ch...> wrote: >>> >>>> Good Morning Gents, >>>> Is there a way to throttle or manipulate data retrieval through app >>>> servers that are puking with strict permissions or am I just out of luck ? >>>> I can see this happening in v6 debug mode. I thought I may email the list >>>> and ask. >>>> >>>> Maybe you guys have some thoughts ? >>>> >>>> sql-shell> select name from Customer LIMIT 10; >>>> [13:16:51] [INFO] fetching SQL SELECT statement query output: 'select >>>> name from Customer LIMIT 10' >>>> [13:16:51] [INFO] retrieving the length of query output >>>> [13:16:51] [INFO] retrieved: >>>> [13:16:52] [INFO] retrieved: >>>> [13:16:52] [INFO] retrieving the length of query output >>>> ------ snip for brevity ------ >>>> [13:16:54] [INFO] retrieved: >>>> [13:16:54] [INFO] retrieving the length of query output >>>> [13:16:55] [INFO] retrieved: >>>> [13:16:55] [INFO] retrieved: >>>> select name from Customer LIMIT 10; [10]: >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> [*] >>>> >>>> sql-shell> x >>>> >>>> As a note I am running last nights latest git repo release. >>>> 1.0-dev-2c1cde0 >>>> >>>> Thanks in Advance. >>>> Chris. >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >> >> |
|
From: Miroslav S. <mir...@gm...> - 2015-08-14 14:38:24
|
Try option --delay Bye On Aug 14, 2015 4:30 PM, "Christopher Downs" <chr...@ch...> wrote: > Yeah Exactly. Im wondering if you can do that maybe the strict servers > would not just barf out on retrieval ? I've seen others with this issue and > it's seams pretty obvious. But I'm trying to see if there is anything else > I should try before I know it's not worth it. > > Thanks ! > Chris. > > On Fri, Aug 14, 2015 at 9:18 AM, Miroslav Stampar < > mir...@gm...> wrote: > >> Throttle like? You mean like slower data retrieval? >> >> Bye >> On Aug 14, 2015 4:11 PM, "Christopher Downs" <chr...@ch...> >> wrote: >> >>> Good Morning Gents, >>> Is there a way to throttle or manipulate data retrieval through app >>> servers that are puking with strict permissions or am I just out of luck ? >>> I can see this happening in v6 debug mode. I thought I may email the list >>> and ask. >>> >>> Maybe you guys have some thoughts ? >>> >>> sql-shell> select name from Customer LIMIT 10; >>> [13:16:51] [INFO] fetching SQL SELECT statement query output: 'select >>> name from Customer LIMIT 10' >>> [13:16:51] [INFO] retrieving the length of query output >>> [13:16:51] [INFO] retrieved: >>> [13:16:52] [INFO] retrieved: >>> [13:16:52] [INFO] retrieving the length of query output >>> ------ snip for brevity ------ >>> [13:16:54] [INFO] retrieved: >>> [13:16:54] [INFO] retrieving the length of query output >>> [13:16:55] [INFO] retrieved: >>> [13:16:55] [INFO] retrieved: >>> select name from Customer LIMIT 10; [10]: >>> [*] >>> [*] >>> [*] >>> [*] >>> [*] >>> [*] >>> [*] >>> [*] >>> [*] >>> [*] >>> >>> sql-shell> x >>> >>> As a note I am running last nights latest git repo release. >>> 1.0-dev-2c1cde0 >>> >>> Thanks in Advance. >>> Chris. >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> > > |
|
From: Miroslav S. <mir...@gm...> - 2015-08-14 14:18:27
|
Throttle like? You mean like slower data retrieval? Bye On Aug 14, 2015 4:11 PM, "Christopher Downs" <chr...@ch...> wrote: > Good Morning Gents, > Is there a way to throttle or manipulate data retrieval through app > servers that are puking with strict permissions or am I just out of luck ? > I can see this happening in v6 debug mode. I thought I may email the list > and ask. > > Maybe you guys have some thoughts ? > > sql-shell> select name from Customer LIMIT 10; > [13:16:51] [INFO] fetching SQL SELECT statement query output: 'select name > from Customer LIMIT 10' > [13:16:51] [INFO] retrieving the length of query output > [13:16:51] [INFO] retrieved: > [13:16:52] [INFO] retrieved: > [13:16:52] [INFO] retrieving the length of query output > ------ snip for brevity ------ > [13:16:54] [INFO] retrieved: > [13:16:54] [INFO] retrieving the length of query output > [13:16:55] [INFO] retrieved: > [13:16:55] [INFO] retrieved: > select name from Customer LIMIT 10; [10]: > [*] > [*] > [*] > [*] > [*] > [*] > [*] > [*] > [*] > [*] > > sql-shell> x > > As a note I am running last nights latest git repo release. > 1.0-dev-2c1cde0 > > Thanks in Advance. > Chris. > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Christopher D. <chr...@ch...> - 2015-08-14 14:11:30
|
Good Morning Gents, Is there a way to throttle or manipulate data retrieval through app servers that are puking with strict permissions or am I just out of luck ? I can see this happening in v6 debug mode. I thought I may email the list and ask. Maybe you guys have some thoughts ? sql-shell> select name from Customer LIMIT 10; [13:16:51] [INFO] fetching SQL SELECT statement query output: 'select name from Customer LIMIT 10' [13:16:51] [INFO] retrieving the length of query output [13:16:51] [INFO] retrieved: [13:16:52] [INFO] retrieved: [13:16:52] [INFO] retrieving the length of query output ------ snip for brevity ------ [13:16:54] [INFO] retrieved: [13:16:54] [INFO] retrieving the length of query output [13:16:55] [INFO] retrieved: [13:16:55] [INFO] retrieved: select name from Customer LIMIT 10; [10]: [*] [*] [*] [*] [*] [*] [*] [*] [*] [*] sql-shell> x As a note I am running last nights latest git repo release. 1.0-dev-2c1cde0 Thanks in Advance. Chris. |
|
From: Vojtěch P. <kr...@gm...> - 2015-08-13 10:11:29
|
Thank you very much, this will certainly help in automating Sqlmap. But I think it doesn't solve my problem. I will try to explain it once more and suggest some possible solution, which came to my mind: I am trying to find SQL injection flaw in a HTTP request which deletes an object. Before every request I need to: 1. send a POSt request to create an object - every object gets a new ID 2. receive response and get new object ID 3. send the deletion request which tests for SQL injection flaw. As far as I thought about it, the REST API won't help me here. The --eval argument seems like the best approach for me. From the usage page I can see, that I can change parameter values in the request through --eval. That's good. But is it also possible to access information send in the last response? That's all I need I think. If I could access information from last response within the --eval, I could modify original request for deletion to delete the right object. I guess that there is some name space which can be accessed by my custom script in the context of --eval, right? What do you think about it? Do you understand it or should I provide more information? And one more question - in which class should I look to get list of all implemented methods for REST API? I took a brief look at lib/utils/api.py, but I can't seem to find the right class. I have never worked with Bottle framework before. Thanks alot for your help, I really appreciate it. Best regards, Vojtěch Polášek |
|
From: Vojtěch P. <kr...@gm...> - 2015-08-13 09:46:54
|
Greetings, I think I have found several bugs when using --save to save configuration. 1. I can't specify the file name, it tries to create some random file in Sqlmap base directory. This can cause problems, for example, I don't have permissions to write there, so I have to run Sqlmap with sudo. 2. When it saves configuration, it also saves it with option --save turned on, this is nonsense in my opinion. Could you please look into this? Thank you very much, Vojtěch Polášek |
|
From: Brandon P. <bpe...@gm...> - 2015-08-12 13:58:20
|
I also documented a lot of the core methods on an old blog of mine: http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html On Wed, Aug 12, 2015 at 7:16 AM, Miroslav Stampar < mir...@gm...> wrote: > From sqlmap's directory: > > $ python sqlmapapi.py -h > Usage: sqlmapapi.py [options] > > Options: > -h, --help show this help message and exit > -s, --server Act as a REST-JSON API server > -c, --client Act as a REST-JSON API client > -H HOST, --host=HOST Host of the REST-JSON API server > -p PORT, --port=PORT Port of the the REST-JSON API server > > $ python sqlmapapi.py -s > [14:12:14] [INFO] Running REST-JSON API server at '127.0.0.1:8775'.. > [14:12:14] [INFO] Admin ID: de761511ee44165ac5ea6030bbffb4a4 > [14:12:14] [DEBUG] IPC database: /tmp/sqlmapipc-KNEUQC > [14:12:14] [DEBUG] REST-JSON API server connected to IPC database > > (another terminal) > > $ python sqlmapapi.py -c > [14:12:32] [INFO] Starting REST-JSON API client to 'http://127.0.0.1:8775'. > .. > [14:12:32] [ERROR] Not yet implemented, use curl from command line instead > for now, for example: > > $ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I > '[a-f0-9]\{16\}') && echo $taskid > $ curl -H "Content-Type: application/json" -X POST -d '{"url": " > http://testphp.vulnweb.com/artists.php?artist=1"}' > http://127.0.0.1:8775/scan/$taskid/start > $ curl http://127.0.0.1:8775/scan/$taskid/data > $ curl http://127.0.0.1:8775/scan/$taskid/log > > $ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I > '[a-f0-9]\{16\}') && echo $taskid > 33bc7155e74d4454 > $ curl -H "Content-Type: application/json" -X POST -d '{"url": " > http://testphp.vulnweb.com/artists.php?artist=1"}' > http://127.0.0.1:8775/scan/$taskid/start > { > "engineid": 3236, > "success": true > } > $ curl http://127.0.0.1:8775/scan/$taskid/data > { > "data": [], > "success": true, > "error": [] > } > $ curl http://127.0.0.1:8775/scan/$taskid/log > { > "log": [ > { > "message": "using '/home/stamparm/.sqlmap/output' as the > output directory", > "level": "WARNING", > "time": "14:14:51" > }, > { > "message": "testing connection to the target URL", > "level": "INFO", > "time": "14:14:52" > }, > { > "message": "testing if the target URL is stable", > "level": "INFO", > "time": "14:14:53" > }, > { > "message": "target URL is stable", > "level": "INFO", > "time": "14:14:54" > }, > { > "message": "testing if GET parameter 'artist' is dynamic", > "level": "INFO", > "time": "14:14:54" > }, > { > "message": "confirming that GET parameter 'artist' is > dynamic", > > ........ > > > > On Wed, Aug 12, 2015 at 9:18 AM, Vojtěch Polášek <kr...@gm...> > wrote: > >> Greetings, >> wow I have never known about this option, I can't find any information >> about it in user guide or on the home page. >> Does anywhere exist any documentation? I can't seem to find any in sqlmap >> folder. >> Thanks, >> Vojta >> >> >> >> On 11.8.2015 16:19, Brandon Perry wrote: >> >> You can drive sqlmap via the REST API. in the root of the project is a >> sqlmapapi.py file which starts a web server. >> >> You can create any content you need, then pass the request which you want >> to fuzz to sqlmap via the API to get results. >> >> On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek <kr...@gm...> >> wrote: >> >>> Greetings, >>> I am searching for help. I would like to test a part of application >>> which deletes something. Obviously I am searching for SQL injection >>> vulnerability. >>> So I need to send request to create object, retrieve response, derive >>> needed information and send a request for deletion which is probed for >>> possible SQL injection. >>> I suppose that this is not possible just through command line even >>> through --eval function. Am I right? >>> If yes, my next logical step would be to use sqlmap in some Python >>> program. Are there any information about importing sqlmap and invoking >>> it from my Python program? Or should I go just with doc strings? >>> Thanks, >>> Vojta >>> >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Miroslav S. <mir...@gm...> - 2015-08-12 12:16:42
|
>From sqlmap's directory:
$ python sqlmapapi.py -h
Usage: sqlmapapi.py [options]
Options:
-h, --help show this help message and exit
-s, --server Act as a REST-JSON API server
-c, --client Act as a REST-JSON API client
-H HOST, --host=HOST Host of the REST-JSON API server
-p PORT, --port=PORT Port of the the REST-JSON API server
$ python sqlmapapi.py -s
[14:12:14] [INFO] Running REST-JSON API server at '127.0.0.1:8775'..
[14:12:14] [INFO] Admin ID: de761511ee44165ac5ea6030bbffb4a4
[14:12:14] [DEBUG] IPC database: /tmp/sqlmapipc-KNEUQC
[14:12:14] [DEBUG] REST-JSON API server connected to IPC database
(another terminal)
$ python sqlmapapi.py -c
[14:12:32] [INFO] Starting REST-JSON API client to 'http://127.0.0.1:8775'.
..
[14:12:32] [ERROR] Not yet implemented, use curl from command line instead
for now, for example:
$ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I
'[a-f0-9]\{16\}') && echo $taskid
$ curl -H "Content-Type: application/json" -X POST -d '{"url": "
http://testphp.vulnweb.com/artists.php?artist=1"}'
http://127.0.0.1:8775/scan/$taskid/start
$ curl http://127.0.0.1:8775/scan/$taskid/data
$ curl http://127.0.0.1:8775/scan/$taskid/log
$ taskid=$(curl http://127.0.0.1:8775/task/new 2>1 | grep -o -I
'[a-f0-9]\{16\}') && echo $taskid
33bc7155e74d4454
$ curl -H "Content-Type: application/json" -X POST -d '{"url": "
http://testphp.vulnweb.com/artists.php?artist=1"}'
http://127.0.0.1:8775/scan/$taskid/start
{
"engineid": 3236,
"success": true
}
$ curl http://127.0.0.1:8775/scan/$taskid/data
{
"data": [],
"success": true,
"error": []
}
$ curl http://127.0.0.1:8775/scan/$taskid/log
{
"log": [
{
"message": "using '/home/stamparm/.sqlmap/output' as the output
directory",
"level": "WARNING",
"time": "14:14:51"
},
{
"message": "testing connection to the target URL",
"level": "INFO",
"time": "14:14:52"
},
{
"message": "testing if the target URL is stable",
"level": "INFO",
"time": "14:14:53"
},
{
"message": "target URL is stable",
"level": "INFO",
"time": "14:14:54"
},
{
"message": "testing if GET parameter 'artist' is dynamic",
"level": "INFO",
"time": "14:14:54"
},
{
"message": "confirming that GET parameter 'artist' is dynamic",
........
On Wed, Aug 12, 2015 at 9:18 AM, Vojtěch Polášek <kr...@gm...> wrote:
> Greetings,
> wow I have never known about this option, I can't find any information
> about it in user guide or on the home page.
> Does anywhere exist any documentation? I can't seem to find any in sqlmap
> folder.
> Thanks,
> Vojta
>
>
>
> On 11.8.2015 16:19, Brandon Perry wrote:
>
> You can drive sqlmap via the REST API. in the root of the project is a
> sqlmapapi.py file which starts a web server.
>
> You can create any content you need, then pass the request which you want
> to fuzz to sqlmap via the API to get results.
>
> On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek <kr...@gm...>
> wrote:
>
>> Greetings,
>> I am searching for help. I would like to test a part of application
>> which deletes something. Obviously I am searching for SQL injection
>> vulnerability.
>> So I need to send request to create object, retrieve response, derive
>> needed information and send a request for deletion which is probed for
>> possible SQL injection.
>> I suppose that this is not possible just through command line even
>> through --eval function. Am I right?
>> If yes, my next logical step would be to use sqlmap in some Python
>> program. Are there any information about importing sqlmap and invoking
>> it from my Python program? Or should I go just with doc strings?
>> Thanks,
>> Vojta
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Vojtěch P. <kr...@gm...> - 2015-08-12 07:18:54
|
Greetings, wow I have never known about this option, I can't find any information about it in user guide or on the home page. Does anywhere exist any documentation? I can't seem to find any in sqlmap folder. Thanks, Vojta On 11.8.2015 16:19, Brandon Perry wrote: > You can drive sqlmap via the REST API. in the root of the project is a > sqlmapapi.py file which starts a web server. > > You can create any content you need, then pass the request which you > want to fuzz to sqlmap via the API to get results. > > On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek <kr...@gm... > <mailto:kr...@gm...>> wrote: > > Greetings, > I am searching for help. I would like to test a part of application > which deletes something. Obviously I am searching for SQL injection > vulnerability. > So I need to send request to create object, retrieve response, derive > needed information and send a request for deletion which is probed for > possible SQL injection. > I suppose that this is not possible just through command line even > through --eval function. Am I right? > If yes, my next logical step would be to use sqlmap in some Python > program. Are there any information about importing sqlmap and invoking > it from my Python program? Or should I go just with doc strings? > Thanks, > Vojta > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website |
|
From: Brandon P. <bpe...@gm...> - 2015-08-11 14:19:34
|
You can drive sqlmap via the REST API. in the root of the project is a sqlmapapi.py file which starts a web server. You can create any content you need, then pass the request which you want to fuzz to sqlmap via the API to get results. On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek <kr...@gm...> wrote: > Greetings, > I am searching for help. I would like to test a part of application > which deletes something. Obviously I am searching for SQL injection > vulnerability. > So I need to send request to create object, retrieve response, derive > needed information and send a request for deletion which is probed for > possible SQL injection. > I suppose that this is not possible just through command line even > through --eval function. Am I right? > If yes, my next logical step would be to use sqlmap in some Python > program. Are there any information about importing sqlmap and invoking > it from my Python program? Or should I go just with doc strings? > Thanks, > Vojta > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Vojtěch P. <kr...@gm...> - 2015-08-11 14:13:55
|
Greetings, I am searching for help. I would like to test a part of application which deletes something. Obviously I am searching for SQL injection vulnerability. So I need to send request to create object, retrieve response, derive needed information and send a request for deletion which is probed for possible SQL injection. I suppose that this is not possible just through command line even through --eval function. Am I right? If yes, my next logical step would be to use sqlmap in some Python program. Are there any information about importing sqlmap and invoking it from my Python program? Or should I go just with doc strings? Thanks, Vojta |
|
From: Miroslav S. <mir...@gm...> - 2015-08-06 08:41:38
|
Yes, please do attach the actual file (you can reply to me only). Will test it later today. Bye On Aug 6, 2015 10:25, "Vojtěch Polášek" <kr...@gm...> wrote: > Greetings, > I am working on some automation for Sqlmap. I am using Python2 native > cookielib to save cookies in Netscape format. > then I want Sqlmap to load this file and use cookies from it. > But i receive [CRITICAL] no valid cookies found. > File looks like this: > > # Netscape HTTP Cookie File > # http://curl.haxx.se/rfc/cookie_spec.html > # This is a generated file! Do not edit. > > 192.168.56.102 FALSE / FALSE JSESSIONID > C1E2347B37A1E1DCCF8CDF72CCD7CF04 > > Should I attach actual file? > What is the problem? > Thanks, > Vojta > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Vojtěch P. <kr...@gm...> - 2015-08-06 08:25:24
|
Greetings, I am working on some automation for Sqlmap. I am using Python2 native cookielib to save cookies in Netscape format. then I want Sqlmap to load this file and use cookies from it. But i receive [CRITICAL] no valid cookies found. File looks like this: # Netscape HTTP Cookie File # http://curl.haxx.se/rfc/cookie_spec.html # This is a generated file! Do not edit. 192.168.56.102 FALSE / FALSE JSESSIONID C1E2347B37A1E1DCCF8CDF72CCD7CF04 Should I attach actual file? What is the problem? Thanks, Vojta |
|
From: Miroslav S. <mir...@gm...> - 2015-07-24 14:07:42
|
Will take a look later today. Currently finishing regular day job. Bye On Fri, Jul 24, 2015 at 1:39 PM, Andres Riancho <and...@gm...> wrote: > Done! Now it's possible to run mysql testenv inside docker: > https://github.com/sqlmapproject/testenv/pull/8 > > @Miroslav: I'm available at GTalk if you want to discuss this, but I > believe the PR description is good enough :) > > On Wed, Jul 22, 2015 at 12:33 PM, Andres Riancho > <and...@gm...> wrote: > > We always ignore you ;) ;) ;) > > > > On Wed, Jul 22, 2015 at 12:32 PM, Brandon Perry > > <bpe...@gm...> wrote: > >> Oh shit I should have read the email more carefully. Testenv, not > sqlmap. > >> Ignore me. > >> > >> Sent from a phone > >> > >> On Jul 22, 2015, at 9:07 AM, Miroslav Stampar < > mir...@gm...> > >> wrote: > >> > >> Hi. > >> > >> No, but if someone is interested to do it we would be more than happy to > >> accept/use it. > >> > >> Kind regards, > >> Miroslav Stampar > >> > >> On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho < > and...@gm...> > >> wrote: > >>> > >>> List, > >>> > >>> Anyone created a docker image for the sqlmap testenv [0]? I'm in > >>> the process of migrating all the test apps we use for w3af build > >>> process to docker and was wondering if maybe someone already did this. > >>> > >>> [0] https://github.com/sqlmapproject/testenv > >>> [1] https://github.com/andresriancho/w3af/issues/11353 > >>> > >>> Regards, > >>> -- > >>> Andrés Riancho > >>> Project Leader at w3af - http://w3af.org/ > >>> Web Application Attack and Audit Framework > >>> Twitter: @w3af > >>> GPG: 0x93C344F3 > >>> > >>> > >>> > ------------------------------------------------------------------------------ > >>> Don't Limit Your Business. Reach for the Cloud. > >>> GigeNET's Cloud Solutions provide you with the tools and support that > >>> you need to offload your IT needs and focus on growing your business. > >>> Configured For All Businesses. Start Your Cloud Today. > >>> https://www.gigenetcloud.com/ > >>> _______________________________________________ > >>> sqlmap-users mailing list > >>> sql...@li... > >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > >> > >> > >> -- > >> Miroslav Stampar > >> http://about.me/stamparm > >> > >> > ------------------------------------------------------------------------------ > >> > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > > Andrés Riancho > > Project Leader at w3af - http://w3af.org/ > > Web Application Attack and Audit Framework > > Twitter: @w3af > > GPG: 0x93C344F3 > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > -- Miroslav Stampar http://about.me/stamparm |
|
From: Andres R. <and...@gm...> - 2015-07-24 11:40:19
|
Done! Now it's possible to run mysql testenv inside docker:
https://github.com/sqlmapproject/testenv/pull/8
@Miroslav: I'm available at GTalk if you want to discuss this, but I
believe the PR description is good enough :)
On Wed, Jul 22, 2015 at 12:33 PM, Andres Riancho
<and...@gm...> wrote:
> We always ignore you ;) ;) ;)
>
> On Wed, Jul 22, 2015 at 12:32 PM, Brandon Perry
> <bpe...@gm...> wrote:
>> Oh shit I should have read the email more carefully. Testenv, not sqlmap.
>> Ignore me.
>>
>> Sent from a phone
>>
>> On Jul 22, 2015, at 9:07 AM, Miroslav Stampar <mir...@gm...>
>> wrote:
>>
>> Hi.
>>
>> No, but if someone is interested to do it we would be more than happy to
>> accept/use it.
>>
>> Kind regards,
>> Miroslav Stampar
>>
>> On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho <and...@gm...>
>> wrote:
>>>
>>> List,
>>>
>>> Anyone created a docker image for the sqlmap testenv [0]? I'm in
>>> the process of migrating all the test apps we use for w3af build
>>> process to docker and was wondering if maybe someone already did this.
>>>
>>> [0] https://github.com/sqlmapproject/testenv
>>> [1] https://github.com/andresriancho/w3af/issues/11353
>>>
>>> Regards,
>>> --
>>> Andrés Riancho
>>> Project Leader at w3af - http://w3af.org/
>>> Web Application Attack and Audit Framework
>>> Twitter: @w3af
>>> GPG: 0x93C344F3
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Don't Limit Your Business. Reach for the Cloud.
>>> GigeNET's Cloud Solutions provide you with the tools and support that
>>> you need to offload your IT needs and focus on growing your business.
>>> Configured For All Businesses. Start Your Cloud Today.
>>> https://www.gigenetcloud.com/
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
|
From: Andres R. <and...@gm...> - 2015-07-22 15:41:22
|
We always ignore you ;) ;) ;) On Wed, Jul 22, 2015 at 12:32 PM, Brandon Perry <bpe...@gm...> wrote: > Oh shit I should have read the email more carefully. Testenv, not sqlmap. > Ignore me. > > Sent from a phone > > On Jul 22, 2015, at 9:07 AM, Miroslav Stampar <mir...@gm...> > wrote: > > Hi. > > No, but if someone is interested to do it we would be more than happy to > accept/use it. > > Kind regards, > Miroslav Stampar > > On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho <and...@gm...> > wrote: >> >> List, >> >> Anyone created a docker image for the sqlmap testenv [0]? I'm in >> the process of migrating all the test apps we use for w3af build >> process to docker and was wondering if maybe someone already did this. >> >> [0] https://github.com/sqlmapproject/testenv >> [1] https://github.com/andresriancho/w3af/issues/11353 >> >> Regards, >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
|
From: Brandon P. <bpe...@gm...> - 2015-07-22 15:32:21
|
Oh shit I should have read the email more carefully. Testenv, not sqlmap. Ignore me. Sent from a phone > On Jul 22, 2015, at 9:07 AM, Miroslav Stampar <mir...@gm...> wrote: > > Hi. > > No, but if someone is interested to do it we would be more than happy to accept/use it. > > Kind regards, > Miroslav Stampar > >> On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho <and...@gm...> wrote: >> List, >> >> Anyone created a docker image for the sqlmap testenv [0]? I'm in >> the process of migrating all the test apps we use for w3af build >> process to docker and was wondering if maybe someone already did this. >> >> [0] https://github.com/sqlmapproject/testenv >> [1] https://github.com/andresriancho/w3af/issues/11353 >> >> Regards, >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Miroslav Stampar > http://about.me/stamparm > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Brandon P. <bpe...@gm...> - 2015-07-22 15:31:43
|
Iirc Kali has docker images and ships with sqlmap Sent from a phone > On Jul 22, 2015, at 9:07 AM, Miroslav Stampar <mir...@gm...> wrote: > > Hi. > > No, but if someone is interested to do it we would be more than happy to accept/use it. > > Kind regards, > Miroslav Stampar > >> On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho <and...@gm...> wrote: >> List, >> >> Anyone created a docker image for the sqlmap testenv [0]? I'm in >> the process of migrating all the test apps we use for w3af build >> process to docker and was wondering if maybe someone already did this. >> >> [0] https://github.com/sqlmapproject/testenv >> [1] https://github.com/andresriancho/w3af/issues/11353 >> >> Regards, >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Miroslav Stampar > http://about.me/stamparm > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Andres R. <and...@gm...> - 2015-07-22 14:36:31
|
Cool, thanks for the info On Wed, Jul 22, 2015 at 11:28 AM, Miroslav Stampar <mir...@gm...> wrote: > Debian >= 6 should do. Our old one (we still use internally) was/is Debian > 5. > > Bye > > p.s. for virtual environment we use VMWare, but VirtualBox should be fine > too. > > On Wed, Jul 22, 2015 at 4:24 PM, Andres Riancho <and...@gm...> > wrote: >> >> Miroslav, >> >> Ok, I'll start with that today. Most likely I'll just do the mysql >> part because it's what I use in my w3af tests, but I'll build it in >> such a way that it should be trivial for anyone to extend it to the >> other DBs. >> >> I'll base my work on deployment.sh [0], quick question about that >> script, which base OS are you guys using for it? I can tell it's >> debian/ubuntu but not sure about the exact distro/version. I'll build >> the docker image based on the same OS you guys use for (I assume >> virtualbox) >> >> [0] https://github.com/sqlmapproject/testenv/blob/master/deployment.sh >> >> Regards, >> >> On Wed, Jul 22, 2015 at 11:07 AM, Miroslav Stampar >> <mir...@gm...> wrote: >> > Hi. >> > >> > No, but if someone is interested to do it we would be more than happy to >> > accept/use it. >> > >> > Kind regards, >> > Miroslav Stampar >> > >> > On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho >> > <and...@gm...> >> > wrote: >> >> >> >> List, >> >> >> >> Anyone created a docker image for the sqlmap testenv [0]? I'm in >> >> the process of migrating all the test apps we use for w3af build >> >> process to docker and was wondering if maybe someone already did this. >> >> >> >> [0] https://github.com/sqlmapproject/testenv >> >> [1] https://github.com/andresriancho/w3af/issues/11353 >> >> >> >> Regards, >> >> -- >> >> Andrés Riancho >> >> Project Leader at w3af - http://w3af.org/ >> >> Web Application Attack and Audit Framework >> >> Twitter: @w3af >> >> GPG: 0x93C344F3 >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Don't Limit Your Business. Reach for the Cloud. >> >> GigeNET's Cloud Solutions provide you with the tools and support that >> >> you need to offload your IT needs and focus on growing your business. >> >> Configured For All Businesses. Start Your Cloud Today. >> >> https://www.gigenetcloud.com/ >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sql...@li... >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > >> > >> > >> > -- >> > Miroslav Stampar >> > http://about.me/stamparm >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 > > > > > -- > Miroslav Stampar > http://about.me/stamparm -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
|
From: Andres R. <and...@gm...> - 2015-07-22 14:31:25
|
Miroslav,
Ok, I'll start with that today. Most likely I'll just do the mysql
part because it's what I use in my w3af tests, but I'll build it in
such a way that it should be trivial for anyone to extend it to the
other DBs.
I'll base my work on deployment.sh [0], quick question about that
script, which base OS are you guys using for it? I can tell it's
debian/ubuntu but not sure about the exact distro/version. I'll build
the docker image based on the same OS you guys use for (I assume
virtualbox)
[0] https://github.com/sqlmapproject/testenv/blob/master/deployment.sh
Regards,
On Wed, Jul 22, 2015 at 11:07 AM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi.
>
> No, but if someone is interested to do it we would be more than happy to
> accept/use it.
>
> Kind regards,
> Miroslav Stampar
>
> On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho <and...@gm...>
> wrote:
>>
>> List,
>>
>> Anyone created a docker image for the sqlmap testenv [0]? I'm in
>> the process of migrating all the test apps we use for w3af build
>> process to docker and was wondering if maybe someone already did this.
>>
>> [0] https://github.com/sqlmapproject/testenv
>> [1] https://github.com/andresriancho/w3af/issues/11353
>>
>> Regards,
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>>
>>
>> ------------------------------------------------------------------------------
>> Don't Limit Your Business. Reach for the Cloud.
>> GigeNET's Cloud Solutions provide you with the tools and support that
>> you need to offload your IT needs and focus on growing your business.
>> Configured For All Businesses. Start Your Cloud Today.
>> https://www.gigenetcloud.com/
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
|
From: Miroslav S. <mir...@gm...> - 2015-07-22 14:28:13
|
Debian >= 6 should do. Our old one (we still use internally) was/is Debian 5. Bye p.s. for virtual environment we use VMWare, but VirtualBox should be fine too. On Wed, Jul 22, 2015 at 4:24 PM, Andres Riancho <and...@gm...> wrote: > Miroslav, > > Ok, I'll start with that today. Most likely I'll just do the mysql > part because it's what I use in my w3af tests, but I'll build it in > such a way that it should be trivial for anyone to extend it to the > other DBs. > > I'll base my work on deployment.sh [0], quick question about that > script, which base OS are you guys using for it? I can tell it's > debian/ubuntu but not sure about the exact distro/version. I'll build > the docker image based on the same OS you guys use for (I assume > virtualbox) > > [0] https://github.com/sqlmapproject/testenv/blob/master/deployment.sh > > Regards, > > On Wed, Jul 22, 2015 at 11:07 AM, Miroslav Stampar > <mir...@gm...> wrote: > > Hi. > > > > No, but if someone is interested to do it we would be more than happy to > > accept/use it. > > > > Kind regards, > > Miroslav Stampar > > > > On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho < > and...@gm...> > > wrote: > >> > >> List, > >> > >> Anyone created a docker image for the sqlmap testenv [0]? I'm in > >> the process of migrating all the test apps we use for w3af build > >> process to docker and was wondering if maybe someone already did this. > >> > >> [0] https://github.com/sqlmapproject/testenv > >> [1] https://github.com/andresriancho/w3af/issues/11353 > >> > >> Regards, > >> -- > >> Andrés Riancho > >> Project Leader at w3af - http://w3af.org/ > >> Web Application Attack and Audit Framework > >> Twitter: @w3af > >> GPG: 0x93C344F3 > >> > >> > >> > ------------------------------------------------------------------------------ > >> Don't Limit Your Business. Reach for the Cloud. > >> GigeNET's Cloud Solutions provide you with the tools and support that > >> you need to offload your IT needs and focus on growing your business. > >> Configured For All Businesses. Start Your Cloud Today. > >> https://www.gigenetcloud.com/ > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2015-07-22 14:07:54
|
Hi. No, but if someone is interested to do it we would be more than happy to accept/use it. Kind regards, Miroslav Stampar On Wed, Jul 22, 2015 at 2:16 PM, Andres Riancho <and...@gm...> wrote: > List, > > Anyone created a docker image for the sqlmap testenv [0]? I'm in > the process of migrating all the test apps we use for w3af build > process to docker and was wondering if maybe someone already did this. > > [0] https://github.com/sqlmapproject/testenv > [1] https://github.com/andresriancho/w3af/issues/11353 > > Regards, > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
48 messages has been excluded from this view by a project administrator.
