mirror of
https://github.com/lnbits/lnbits.git
synced 2025-03-17 13:21:48 +01:00
feat: first add of sqlmap
This commit is contained in:
parent
7fbab0c0ad
commit
b1366a697e
17
tests/sqlmap/requests/create_invoice.txt
Normal file
17
tests/sqlmap/requests/create_invoice.txt
Normal file
@ -0,0 +1,17 @@
|
||||
POST /api/v1/payments?usr=40d64a953a464ae4b5a226e524e79fcb HTTP/1.1
|
||||
Accept: application/json, text/plain, */*
|
||||
Accept-Language: en-GB,en;q=0.9
|
||||
Connection: keep-alive
|
||||
Content-Type: application/json
|
||||
Origin: http://localhost:5000
|
||||
Referer: http://localhost:5000/wallet?wal=deefb76e774b4a9e97a8088d52311e51
|
||||
Sec-Fetch-Dest: empty
|
||||
Sec-Fetch-Mode: cors
|
||||
Sec-Fetch-Site: same-origin
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
|
||||
X-Api-Key: 050d3e0d7f3b4ae48585e60811e86411
|
||||
sec-ch-ua-mobile: ?0
|
||||
Host: localhost:5000
|
||||
Content-Length: 1
|
||||
|
||||
{"out":false,"amount":10,"memo":"Ten Dollars","lnurl_callback":null,"unit":"USD"}
|
6
tests/sqlmap/requests/currency_rate.txt
Normal file
6
tests/sqlmap/requests/currency_rate.txt
Normal file
@ -0,0 +1,6 @@
|
||||
GET /api/v1/rate/USD* HTTP/1.1
|
||||
Referer: http://localhost:5000/wallet
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
|
||||
Accept: application/json, text/plain, */*
|
||||
sec-ch-ua-mobile: ?0
|
||||
Host: localhost:5000
|
6
tests/sqlmap/requests/get_extensions.txt
Normal file
6
tests/sqlmap/requests/get_extensions.txt
Normal file
@ -0,0 +1,6 @@
|
||||
GET /api/v1/extension/* HTTP/1.1
|
||||
Referer: http://localhost:5000/wallet
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
|
||||
Accept: application/json, text/plain, */*
|
||||
sec-ch-ua-mobile: ?0
|
||||
Host: localhost:5000
|
12
tests/sqlmap/requests/get_payments.txt
Normal file
12
tests/sqlmap/requests/get_payments.txt
Normal file
@ -0,0 +1,12 @@
|
||||
GET /api/v1/payments/paginated?limit=10&offset=0&sortby=time&direction=desc&time%5Bge%5D=2025-02-02T00%3A00%3A00&time%5Ble%5D=2025-02-26T23%3A59%3A59&status%5Bne%5D=failed HTTP/1.1
|
||||
Accept: application/json, text/plain, */*
|
||||
Accept-Language: en-GB,en;q=0.9
|
||||
Connection: keep-alive
|
||||
Referer: http://localhost:5000/wallet
|
||||
Sec-Fetch-Dest: empty
|
||||
Sec-Fetch-Mode: cors
|
||||
Sec-Fetch-Site: same-origin
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
|
||||
X-Api-Key: e4c94dcce3e04b4fbfc4e36dd63971de
|
||||
sec-ch-ua-mobile: ?0
|
||||
Host: localhost:5000
|
18
tests/sqlmap/requests/login.txt
Normal file
18
tests/sqlmap/requests/login.txt
Normal file
@ -0,0 +1,18 @@
|
||||
POST /api/v1/auth HTTP/1.1
|
||||
Host: localhost:5000
|
||||
Accept: application/json, text/plain, */*
|
||||
Accept-Language: en-GB,en;q=0.9
|
||||
Connection: keep-alive
|
||||
Content-Type: application/json
|
||||
Origin: http://localhost:5000
|
||||
Referer: http://localhost:5000/
|
||||
Sec-Fetch-Dest: empty
|
||||
Sec-Fetch-Mode: cors
|
||||
Sec-Fetch-Site: same-origin
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
|
||||
sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
|
||||
sec-ch-ua-mobile: ?0
|
||||
sec-ch-ua-platform: "macOS"
|
||||
Content-Length: 46
|
||||
|
||||
{"username":"admin1","password":"secret1234"}
|
6
tests/sqlmap/requests/wallet_daily_stats.txt
Normal file
6
tests/sqlmap/requests/wallet_daily_stats.txt
Normal file
@ -0,0 +1,6 @@
|
||||
GET /api/v1/payments/stats/daily?wallet_id=deefb76e774b4a9e97a8088d52311e51&usr=40d64a953a464ae4b5a226e524e79fcb HTTP/1.1
|
||||
Referer: http://localhost:5000/wallet
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
|
||||
Accept: application/json, text/plain, */*
|
||||
sec-ch-ua-mobile: ?0
|
||||
Host: localhost:5000
|
80
tools/sqlmap/curl_to_sqlmap.py
Normal file
80
tools/sqlmap/curl_to_sqlmap.py
Normal file
@ -0,0 +1,80 @@
|
||||
import argparse
|
||||
import re
|
||||
|
||||
def parse_curl_command(curl_cmd):
|
||||
"""Convert a cURL command string into a raw HTTP request."""
|
||||
# Extract the method (GET by default, POST if --data or -d is present)
|
||||
method = "GET"
|
||||
if "--data" in curl_cmd or "-d" in curl_cmd or "--data-raw" in curl_cmd:
|
||||
method = "POST"
|
||||
elif "-X" in curl_cmd:
|
||||
method_match = re.search(r"-X\s+(\w+)", curl_cmd)
|
||||
if method_match:
|
||||
method = method_match.group(1)
|
||||
|
||||
# Extract the URL and path
|
||||
url_match = re.search(r"curl\s+['\"]?(https?://[^/\s]+)(/[^'\"\s]*)['\"]? ", curl_cmd)
|
||||
if not url_match:
|
||||
raise ValueError("Could not extract URL from cURL command")
|
||||
host = url_match.group(1).replace("http://", "").replace("https://", "")
|
||||
path = url_match.group(2) if url_match.group(2) else "/"
|
||||
|
||||
# Extract headers
|
||||
headers = []
|
||||
header_matches = re.findall(r"-H\s+['\"]([^:'\"]+): ([^'\"]+)['\"]", curl_cmd)
|
||||
for key, value in header_matches:
|
||||
headers.append(f"{key}: {value}")
|
||||
headers.append(f"Host: {host}") # Add Host header if not already present
|
||||
|
||||
# Extract data (body)
|
||||
body = ""
|
||||
data_match = re.search(r"(?:--data-raw|--data|-d)\s+['\"]([^'\"]+)['\"]", curl_cmd)
|
||||
if data_match:
|
||||
body = data_match.group(1)
|
||||
|
||||
# Construct the raw HTTP request
|
||||
request_lines = [f"{method} {path} HTTP/1.1"]
|
||||
request_lines.extend(headers)
|
||||
if body:
|
||||
request_lines.append(f"Content-Length: {len(body)}")
|
||||
request_lines.append("") # Blank line before body
|
||||
request_lines.append(body)
|
||||
else:
|
||||
request_lines.append("") # Blank line to end headers
|
||||
|
||||
return "\n".join(request_lines)
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Convert cURL command to sqlmap-compatible HTTP request")
|
||||
parser.add_argument("curl", help="cURL command string or file path", nargs="?")
|
||||
parser.add_argument("--file", help="Output file (default: request.txt)", default="request.txt")
|
||||
args = parser.parse_args()
|
||||
|
||||
# If no curl command provided, use example
|
||||
if not args.curl:
|
||||
curl_cmd = (
|
||||
"""curl 'http://localhost:5000/api/v1/auth' -H 'Accept: application/json, text/plain, */*' """
|
||||
"""-H 'Content-Type: application/json' --data-raw '{"username":"admin1","password":"secret1234"}'"""
|
||||
)
|
||||
print("No cURL command provided, using example:")
|
||||
print(curl_cmd)
|
||||
else:
|
||||
# Check if input is a file
|
||||
try:
|
||||
with open(args.curl, "r") as f:
|
||||
curl_cmd = f.read().strip()
|
||||
except FileNotFoundError:
|
||||
curl_cmd = args.curl
|
||||
|
||||
try:
|
||||
http_request = parse_curl_command(curl_cmd)
|
||||
print("Generated HTTP request:")
|
||||
print(http_request)
|
||||
with open(args.file, "w") as f:
|
||||
f.write(http_request)
|
||||
print(f"Saved to {args.file}")
|
||||
except Exception as e:
|
||||
print(f"Error: {e}")
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
33
tools/sqlmap/sqlmap_fail_on_vuln.sh
Executable file
33
tools/sqlmap/sqlmap_fail_on_vuln.sh
Executable file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
files=$( ls ./sqlmap_requests/*.txt)
|
||||
echo "Files: $files"
|
||||
|
||||
for file in $files; do
|
||||
echo "################ Running test with $file ################"
|
||||
|
||||
logfile=$(basename "$file" ".log")
|
||||
# Run sqlmap and save output
|
||||
python sqlmap.py -r $file \
|
||||
--skip="usr" \
|
||||
--batch --level=2 --risk=2 \
|
||||
--ignore-code=400 --ignore-code=401 \
|
||||
--dbms=SQLite,PostgreSQL \
|
||||
--time-sec 5 2>&1 | tee $logfile
|
||||
|
||||
|
||||
|
||||
# Check for vulnerability indicators in output
|
||||
if grep -q "Parameter:.*is vulnerable" $logfile || grep -q "sqlmap identified the following injection point" $logfile; then
|
||||
echo "Vulnerability found for $file!"
|
||||
exit 1 # Exit with failure
|
||||
else
|
||||
echo "No vulnerabilities found for $file."
|
||||
fi
|
||||
echo "################ Done $file ################"
|
||||
|
||||
done
|
||||
echo "Done"
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user