feat: first add of sqlmap

2025-03-17 21:31:55 +01:00 · 2025-02-26 17:48:19 +02:00 · 2025-02-26 17:48:19 +02:00 · b1366a697e
commit b1366a697e
parent 7fbab0c0ad
8 changed files with 178 additions and 0 deletions
--- a/tests/sqlmap/requests/create_invoice.txt
+++ b/tests/sqlmap/requests/create_invoice.txt
@ -0,0 +1,17 @@
+POST /api/v1/payments?usr=40d64a953a464ae4b5a226e524e79fcb HTTP/1.1
+Accept: application/json, text/plain, */*
+Accept-Language: en-GB,en;q=0.9
+Connection: keep-alive
+Content-Type: application/json
+Origin: http://localhost:5000
+Referer: http://localhost:5000/wallet?wal=deefb76e774b4a9e97a8088d52311e51
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+X-Api-Key: 050d3e0d7f3b4ae48585e60811e86411
+sec-ch-ua-mobile: ?0
+Host: localhost:5000
+Content-Length: 1
+
+{"out":false,"amount":10,"memo":"Ten Dollars","lnurl_callback":null,"unit":"USD"}
--- a/tests/sqlmap/requests/currency_rate.txt
+++ b/tests/sqlmap/requests/currency_rate.txt
@ -0,0 +1,6 @@
+GET /api/v1/rate/USD* HTTP/1.1
+Referer: http://localhost:5000/wallet
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+Accept: application/json, text/plain, */*
+sec-ch-ua-mobile: ?0
+Host: localhost:5000
--- a/tests/sqlmap/requests/get_extensions.txt
+++ b/tests/sqlmap/requests/get_extensions.txt
@ -0,0 +1,6 @@
+GET /api/v1/extension/* HTTP/1.1
+Referer: http://localhost:5000/wallet
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+Accept: application/json, text/plain, */*
+sec-ch-ua-mobile: ?0
+Host: localhost:5000
--- a/tests/sqlmap/requests/get_payments.txt
+++ b/tests/sqlmap/requests/get_payments.txt
@ -0,0 +1,12 @@
+GET /api/v1/payments/paginated?limit=10&offset=0&sortby=time&direction=desc&time%5Bge%5D=2025-02-02T00%3A00%3A00&time%5Ble%5D=2025-02-26T23%3A59%3A59&status%5Bne%5D=failed HTTP/1.1
+Accept: application/json, text/plain, */*
+Accept-Language: en-GB,en;q=0.9
+Connection: keep-alive
+Referer: http://localhost:5000/wallet
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+X-Api-Key: e4c94dcce3e04b4fbfc4e36dd63971de
+sec-ch-ua-mobile: ?0
+Host: localhost:5000
--- a/tests/sqlmap/requests/login.txt
+++ b/tests/sqlmap/requests/login.txt
@ -0,0 +1,18 @@
+POST /api/v1/auth HTTP/1.1
+Host: localhost:5000
+Accept: application/json, text/plain, */*
+Accept-Language: en-GB,en;q=0.9
+Connection: keep-alive
+Content-Type: application/json
+Origin: http://localhost:5000
+Referer: http://localhost:5000/
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+sec-ch-ua: "Not(A:Brand";v="99", "Google Chrome";v="133", "Chromium";v="133"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "macOS"
+Content-Length: 46
+
+{"username":"admin1","password":"secret1234"}
--- a/tests/sqlmap/requests/wallet_daily_stats.txt
+++ b/tests/sqlmap/requests/wallet_daily_stats.txt
@ -0,0 +1,6 @@
+GET /api/v1/payments/stats/daily?wallet_id=deefb76e774b4a9e97a8088d52311e51&usr=40d64a953a464ae4b5a226e524e79fcb HTTP/1.1
+Referer: http://localhost:5000/wallet
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+Accept: application/json, text/plain, */*
+sec-ch-ua-mobile: ?0
+Host: localhost:5000
--- a/tools/sqlmap/curl_to_sqlmap.py
+++ b/tools/sqlmap/curl_to_sqlmap.py
@ -0,0 +1,80 @@
+import argparse
+import re
+
+def parse_curl_command(curl_cmd):
+    """Convert a cURL command string into a raw HTTP request."""
+    # Extract the method (GET by default, POST if --data or -d is present)
+    method = "GET"
+    if "--data" in curl_cmd or "-d" in curl_cmd or "--data-raw" in curl_cmd:
+        method = "POST"
+    elif "-X" in curl_cmd:
+        method_match = re.search(r"-X\s+(\w+)", curl_cmd)
+        if method_match:
+            method = method_match.group(1)
+
+    # Extract the URL and path
+    url_match = re.search(r"curl\s+['\"]?(https?://[^/\s]+)(/[^'\"\s]*)['\"]? ", curl_cmd)
+    if not url_match:
+        raise ValueError("Could not extract URL from cURL command")
+    host = url_match.group(1).replace("http://", "").replace("https://", "")
+    path = url_match.group(2) if url_match.group(2) else "/"
+
+    # Extract headers
+    headers = []
+    header_matches = re.findall(r"-H\s+['\"]([^:'\"]+): ([^'\"]+)['\"]", curl_cmd)
+    for key, value in header_matches:
+        headers.append(f"{key}: {value}")
+    headers.append(f"Host: {host}")  # Add Host header if not already present
+
+    # Extract data (body)
+    body = ""
+    data_match = re.search(r"(?:--data-raw|--data|-d)\s+['\"]([^'\"]+)['\"]", curl_cmd)
+    if data_match:
+        body = data_match.group(1)
+
+    # Construct the raw HTTP request
+    request_lines = [f"{method} {path} HTTP/1.1"]
+    request_lines.extend(headers)
+    if body:
+        request_lines.append(f"Content-Length: {len(body)}")
+        request_lines.append("")  # Blank line before body
+        request_lines.append(body)
+    else:
+        request_lines.append("")  # Blank line to end headers
+
+    return "\n".join(request_lines)
+
+def main():
+    parser = argparse.ArgumentParser(description="Convert cURL command to sqlmap-compatible HTTP request")
+    parser.add_argument("curl", help="cURL command string or file path", nargs="?")
+    parser.add_argument("--file", help="Output file (default: request.txt)", default="request.txt")
+    args = parser.parse_args()
+
+    # If no curl command provided, use example
+    if not args.curl:
+        curl_cmd = (
+            """curl 'http://localhost:5000/api/v1/auth' -H 'Accept: application/json, text/plain, */*' """
+            """-H 'Content-Type: application/json' --data-raw '{"username":"admin1","password":"secret1234"}'"""
+        )
+        print("No cURL command provided, using example:")
+        print(curl_cmd)
+    else:
+        # Check if input is a file
+        try:
+            with open(args.curl, "r") as f:
+                curl_cmd = f.read().strip()
+        except FileNotFoundError:
+            curl_cmd = args.curl
+
+    try:
+        http_request = parse_curl_command(curl_cmd)
+        print("Generated HTTP request:")
+        print(http_request)
+        with open(args.file, "w") as f:
+            f.write(http_request)
+        print(f"Saved to {args.file}")
+    except Exception as e:
+        print(f"Error: {e}")
+
+if __name__ == "__main__":
+    main()
--- a/tools/sqlmap/sqlmap_fail_on_vuln.sh
+++ b/tools/sqlmap/sqlmap_fail_on_vuln.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+
+files=$( ls ./sqlmap_requests/*.txt)
+echo "Files: $files"
+
+for file in $files; do
+    echo "################ Running test with $file ################"
+
+    logfile=$(basename "$file" ".log")
+    # Run sqlmap and save output
+    python sqlmap.py -r $file \
+    --skip="usr" \
+    --batch --level=2 --risk=2 \
+    --ignore-code=400 --ignore-code=401 \
+    --dbms=SQLite,PostgreSQL \
+    --time-sec 5 2>&1 | tee $logfile
+
+    
+
+    # Check for vulnerability indicators in output
+    if grep -q "Parameter:.*is vulnerable" $logfile || grep -q "sqlmap identified the following injection point" $logfile; then
+        echo "Vulnerability found for $file!"
+        exit 1  # Exit with failure
+    else
+        echo "No vulnerabilities found for $file."
+    fi
+    echo "################ Done $file ################"
+
+done
+echo "Done"
+
+
+