Location>code7788 >text

SqlmapAPI: A powerful tool for automating SQL injection

Popularity:590 ℃/2025-03-15 21:33:10

SqlmapAPI: A powerful tool for automating SQL injection

Introduction to Sqlmap API

Sqlmap API is an API interface based on the sqlmap tool. It allows users to programmatically call the functions of sqlmap to achieve automated SQL injection security detection.

When using the Sqlmap API, users can interact with the API by sending HTTP requests. Sqlmap API provides rich API interfaces, including creating new tasks, setting scanning parameters, starting scanning, obtaining scanning status, reading scanning results, etc. These interfaces allow users to flexibly control the scanning process and obtain scan results in real time.

Specifically, the process of using Sqlmap API for SQL injection security detection usually includes the following steps:

  1. Start Sqlmap API service: The user needs to start the Sqlmap API web service first in order to interact with it via HTTP request.
  2. Create a new task: By sending an HTTP GET request to a specific URL, the user can create a new scan task and obtain the task ID.
  3. Start scanning: Using HTTP POST request, users can set parameters of scan tasks, specify task ID, and start scanning.
  4. Get scan status: By sending HTTP GET requests, users can obtain the progress and status of the scanning task in real time.
  5. Read scan results: After the scan is completed, the user can send an HTTP GET request to read the scan result and perform corresponding processing based on the results.

SqlmapAPI

1. Get the server version

path: /version
method: GET
describe: Get the version information of the server.
response:

  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "version": "1.5.7.7#dev", // Version number, for example "1.5.7.7#dev"
   "success": true // Whether the operation is successful, for example true
 }

2. Create a new task

path: /task/new
method: GET
describe: Create a new scan task.
response:

  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "taskid": "fad44d6beef72285", // Task ID, for example "fad44d6beef72285"
   "success": true // Whether the operation is successful, for example true
 }

3. Start scanning

path: /scan/{taskid}/start
method: POST
describe: Start scanning based on the task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    Request header:
  • Content-Type: application/json
  • Request body:
Example 1:
 {
   "url": "/?artist=1" // URL to scan
 }
 Example 2:
 {
   "url": "http://192.168.0.2:3100/api/v1/role/create",
   "method": "POST",
   "data": "{\"name\":\"2\"}",
   "headers": "token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\nContent-Type: application/json"
 }

response:

  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "engineid": 19720, // Engine ID, for example 19720
   "success": true // Whether the operation is successful, for example true
 }

4. Stop scanning

path: /scan/{taskid}/stop
method: GET
describe: Stop scanning according to the task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "success": true // Whether the operation is successful, for example true
 }

5. Get the scan status

path: /scan/{taskid}/status
method: GET
describe: Get the scan status based on the task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "status": "terminated", // Status, for example "terminated"
   "returncode": 0, // Return code, for example 0
   "success": true // Whether the operation is successful, for example true
 }

6. List task options

path: /scan/{taskid}/list
method: GET
describe: List task options based on task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "success": true, // Whether the operation is successful, for example true
   "options": [ // Option list
     {
       // Options object
     }
   ]
 }

7. Obtain scan result data

path: /scan/{taskid}/data
method: GET
describe: Obtain scan result data based on task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "data": [ // Data list
     {
       // Data object
     }
   ],
   "success": true, // Whether the operation is successful, for example true
   "error": [ // Error list (if any)
     {
       // Error object
     }
   ]
 }

8. Get log messages

path: /scan/{taskid}/log
method: GET
describe: Get log messages based on task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "log": [ // Log list
     {
       // Log object
     }
   ],
   "success": true // Whether the operation is successful, for example true
 }

9. Kill the scan mission

path: /scan/{taskid}/kill
method: GET
describe: Kill the scan task based on the task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "success": true // Whether the operation is successful, for example true
 }

10. Delete the task

path: /task/{taskid}/delete
method: GET
describe: Delete the task according to the task ID.
parameter:

  • taskid(Path parameters, required): Scan the task ID.
    response:
  • 200 OK:
    • Content-Type: application/json
    • Response body:
{
   "success": true // Whether the operation is successful, for example true
 }
<Previous