Automatic SQL injection with Charles and sqlmapapi
中文版说明文档点这里
Automatic SQL injection with Charles and sqlmapapi
- Django
- PostgreSQL
- Celery
- sqlmap
- redis
- Linux
- osx
Preferably, you can download SQLiScanner by cloning the Git repository:
git clone https://github.com/0xbug/SQLiScanner.git --depth 1 You can download sqlmap by cloning the Git repository:
git clone https://github.com/sqlmapproject/sqlmap.git --depth 1 SQLiScanner works with Python version 3.x on Linux and osx.
Create virtualenv and install requirements
cd SQLiScanner/ virtualenv --python=/usr/local/bin/python3.5 venv source venv/bin/activate pip install -r requirements.txt DATABASES Setting
SQLiScanner/settings.py:85 DATABASES ={'default':{'ENGINE': 'django.db.backends.postgresql', 'NAME': '', 'USER': '', 'PASSWORD': '', 'HOST': '127.0.0.1', 'PORT': '5432', } } SendEmail Setting
SQLiScanner/settings.py:158 # Email EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_USE_TLS = False EMAIL_HOST = '' EMAIL_PORT = 25 EMAIL_HOST_USER = '' EMAIL_HOST_PASSWORD = '' DEFAULT_FROM_EMAIL = '' scanner/tasks.py:14 class SqlScanTask(object): def __init__(self, sqli_obj): self.api_url = "http://127.0.0.1:8775" self.mail_from = "" self.mail_to = [""] python manage.py makemigrations scanner python manage.py migrate python manage.py createsuperuser redis-server python sqlmapapi.py -s -p 8775 python manage.py celery worker --loglevel=info python manage.py runserver