diff --git a/tests/sqlmap/requests/create_invoice.txt b/tests/sqlmap/requests/create_invoice.txt new file mode 100644 index 000000000..37e011d2a --- /dev/null +++ b/tests/sqlmap/requests/create_invoice.txt @@ -0,0 +1,17 @@ +POST /api/v1/payments?usr=40d64a953a464ae4b5a226e524e79fcb HTTP/1.1 +Accept: application/json, text/plain, */* +Accept-Language: en-GB,en;q=0.9 +Connection: keep-alive +Content-Type: application/json +Origin: http://localhost:5000 +Referer: http://localhost:5000/wallet?wal=deefb76e774b4a9e97a8088d52311e51 +Sec-Fetch-Dest: empty +Sec-Fetch-Mode: cors +Sec-Fetch-Site: same-origin +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 +X-Api-Key: 050d3e0d7f3b4ae48585e60811e86411 +sec-ch-ua-mobile: ?0 +Host: localhost:5000 +Content-Length: 1 + +{"out":false,"amount":10,"memo":"Ten Dollars","lnurl_callback":null,"unit":"USD"} \ No newline at end of file diff --git a/tests/sqlmap/requests/currency_rate.txt b/tests/sqlmap/requests/currency_rate.txt new file mode 100644 index 000000000..431ea3711 --- /dev/null +++ b/tests/sqlmap/requests/currency_rate.txt @@ -0,0 +1,6 @@ +GET /api/v1/rate/USD* HTTP/1.1 +Referer: http://localhost:5000/wallet +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 +Accept: application/json, text/plain, */* +sec-ch-ua-mobile: ?0 +Host: localhost:5000 \ No newline at end of file diff --git a/tests/sqlmap/requests/get_extensions.txt b/tests/sqlmap/requests/get_extensions.txt new file mode 100644 index 000000000..074b14bd1 --- /dev/null +++ b/tests/sqlmap/requests/get_extensions.txt @@ -0,0 +1,6 @@ +GET /api/v1/extension/* HTTP/1.1 +Referer: http://localhost:5000/wallet +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 +Accept: application/json, text/plain, */* +sec-ch-ua-mobile: ?0 +Host: localhost:5000 \ No newline at end of file diff --git a/tests/sqlmap/requests/get_payments.txt b/tests/sqlmap/requests/get_payments.txt new file mode 100644 index 000000000..a65c944ea --- /dev/null +++ b/tests/sqlmap/requests/get_payments.txt @@ -0,0 +1,12 @@ +GET /api/v1/payments/paginated?limit=10&offset=0&sortby=time&direction=desc&time%5Bge%5D=2025-02-02T00%3A00%3A00&time%5Ble%5D=2025-02-26T23%3A59%3A59&status%5Bne%5D=failed HTTP/1.1 +Accept: application/json, text/plain, */* +Accept-Language: en-GB,en;q=0.9 +Connection: keep-alive +Referer: http://localhost:5000/wallet +Sec-Fetch-Dest: empty +Sec-Fetch-Mode: cors +Sec-Fetch-Site: same-origin +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 +X-Api-Key: e4c94dcce3e04b4fbfc4e36dd63971de +sec-ch-ua-mobile: ?0 +Host: localhost:5000 diff --git a/tests/sqlmap/requests/login.txt b/tests/sqlmap/requests/login.txt new file mode 100644 index 000000000..22c213cd3 --- /dev/null +++ b/tests/sqlmap/requests/login.txt @@ -0,0 +1,18 @@ +POST /api/v1/auth HTTP/1.1 +Host: localhost:5000 +Accept: application/json, text/plain, */* +Accept-Language: en-GB,en;q=0.9 +Connection: keep-alive +Content-Type: application/json +Origin: http://localhost:5000 +Referer: http://localhost:5000/ +Sec-Fetch-Dest: empty +Sec-Fetch-Mode: cors +Sec-Fetch-Site: same-origin +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 +sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133" +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "macOS" +Content-Length: 46 + +{"username":"admin1","password":"secret1234"} \ No newline at end of file diff --git a/tests/sqlmap/requests/wallet_daily_stats.txt b/tests/sqlmap/requests/wallet_daily_stats.txt new file mode 100644 index 000000000..015ff85b0 --- /dev/null +++ b/tests/sqlmap/requests/wallet_daily_stats.txt @@ -0,0 +1,6 @@ +GET /api/v1/payments/stats/daily?wallet_id=deefb76e774b4a9e97a8088d52311e51&usr=40d64a953a464ae4b5a226e524e79fcb HTTP/1.1 +Referer: http://localhost:5000/wallet +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 +Accept: application/json, text/plain, */* +sec-ch-ua-mobile: ?0 +Host: localhost:5000 \ No newline at end of file diff --git a/tools/sqlmap/curl_to_sqlmap.py b/tools/sqlmap/curl_to_sqlmap.py new file mode 100644 index 000000000..dc7721cd0 --- /dev/null +++ b/tools/sqlmap/curl_to_sqlmap.py @@ -0,0 +1,80 @@ +import argparse +import re + +def parse_curl_command(curl_cmd): + """Convert a cURL command string into a raw HTTP request.""" + # Extract the method (GET by default, POST if --data or -d is present) + method = "GET" + if "--data" in curl_cmd or "-d" in curl_cmd or "--data-raw" in curl_cmd: + method = "POST" + elif "-X" in curl_cmd: + method_match = re.search(r"-X\s+(\w+)", curl_cmd) + if method_match: + method = method_match.group(1) + + # Extract the URL and path + url_match = re.search(r"curl\s+['\"]?(https?://[^/\s]+)(/[^'\"\s]*)['\"]? ", curl_cmd) + if not url_match: + raise ValueError("Could not extract URL from cURL command") + host = url_match.group(1).replace("http://", "").replace("https://", "") + path = url_match.group(2) if url_match.group(2) else "/" + + # Extract headers + headers = [] + header_matches = re.findall(r"-H\s+['\"]([^:'\"]+): ([^'\"]+)['\"]", curl_cmd) + for key, value in header_matches: + headers.append(f"{key}: {value}") + headers.append(f"Host: {host}") # Add Host header if not already present + + # Extract data (body) + body = "" + data_match = re.search(r"(?:--data-raw|--data|-d)\s+['\"]([^'\"]+)['\"]", curl_cmd) + if data_match: + body = data_match.group(1) + + # Construct the raw HTTP request + request_lines = [f"{method} {path} HTTP/1.1"] + request_lines.extend(headers) + if body: + request_lines.append(f"Content-Length: {len(body)}") + request_lines.append("") # Blank line before body + request_lines.append(body) + else: + request_lines.append("") # Blank line to end headers + + return "\n".join(request_lines) + +def main(): + parser = argparse.ArgumentParser(description="Convert cURL command to sqlmap-compatible HTTP request") + parser.add_argument("curl", help="cURL command string or file path", nargs="?") + parser.add_argument("--file", help="Output file (default: request.txt)", default="request.txt") + args = parser.parse_args() + + # If no curl command provided, use example + if not args.curl: + curl_cmd = ( + """curl 'http://localhost:5000/api/v1/auth' -H 'Accept: application/json, text/plain, */*' """ + """-H 'Content-Type: application/json' --data-raw '{"username":"admin1","password":"secret1234"}'""" + ) + print("No cURL command provided, using example:") + print(curl_cmd) + else: + # Check if input is a file + try: + with open(args.curl, "r") as f: + curl_cmd = f.read().strip() + except FileNotFoundError: + curl_cmd = args.curl + + try: + http_request = parse_curl_command(curl_cmd) + print("Generated HTTP request:") + print(http_request) + with open(args.file, "w") as f: + f.write(http_request) + print(f"Saved to {args.file}") + except Exception as e: + print(f"Error: {e}") + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/tools/sqlmap/sqlmap_fail_on_vuln.sh b/tools/sqlmap/sqlmap_fail_on_vuln.sh new file mode 100755 index 000000000..2974adf63 --- /dev/null +++ b/tools/sqlmap/sqlmap_fail_on_vuln.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +files=$( ls ./sqlmap_requests/*.txt) +echo "Files: $files" + +for file in $files; do + echo "################ Running test with $file ################" + + logfile=$(basename "$file" ".log") + # Run sqlmap and save output + python sqlmap.py -r $file \ + --skip="usr" \ + --batch --level=2 --risk=2 \ + --ignore-code=400 --ignore-code=401 \ + --dbms=SQLite,PostgreSQL \ + --time-sec 5 2>&1 | tee $logfile + + + + # Check for vulnerability indicators in output + if grep -q "Parameter:.*is vulnerable" $logfile || grep -q "sqlmap identified the following injection point" $logfile; then + echo "Vulnerability found for $file!" + exit 1 # Exit with failure + else + echo "No vulnerabilities found for $file." + fi + echo "################ Done $file ################" + +done +echo "Done" + + +