brandonprry · June 28, 2012 21:39
diff --git a/gistfile1.rb b/gistfile1.rb
 #!/usr/bin/env ruby

 require 'active_support/secure_random'
 require 'rexml/document'

 wapiti_path = '/home/bperry/tools/wapiti/trunk/src/'
 sqlmap_path = '/home/bperry/tools/sqlmap/'

 wapiti_report_path = '/tmp/wapiti_report_' + SecureRandom.uuid + '.xml'

 remote_host = ARGV[0]

 p "Running wapiti..."
 `#{wapiti_path}wapiti.py #{ARGV[0]} -f xml -o #{wapiti_report_path}`

 p "Report saved to #{wapiti_report_path}"

 p "Parsing results"

 results = []

 report = ::File.open(wapiti_report_path, "rb")
 doc = REXML::Document.new report.read

 doc.elements.each('/report/bugTypeList/bugType') do |element|
 	bug_type = element.attributes["name"]

 	next if bug_type != "SQL Injection"

 	p "Parsing " + bug_type

 	result = {}
 	element.elements.each("bugList/bug") do |bug|
 		result[:type] = bug_type
 		
 		bug.elements.each do |child|
 			if child.name == "url"
 				result[:url] = child.text
 			elsif child.name == "parameter"
 				result[:parameter] = child.text
 			end
 		end
 		results << result
 		result = {}
 	end
 end

 results.each do |result|
 	next if result[:type] !~ /SQL Injection/
 	p "Running sqlmap"
 	
 	if result[:url].index(result[:parameter])
 		url = result[:url].gsub("%BF%27%22%28", "abcd")
 	
 		params = result[:url].split("?")[1].split("&")

 		skipped_params = []
 		params.each do |param|
 			skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
 		end
 			
 		p "Running GET sql injection test on url: " + url
 		sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --smart --skip=\"#{skipped_params.join(",")}\" --technique=EUS --flush-session --fresh-queries --level=2 --batch"
 		out = `#{sqlmap_command}`
 		printf out
 	else
 		url = result[:url]
 		p "Running POST sql injection test on url: " + url
 		p "With data: " + result[:parameter]

 		parameter = result[:parameter].gsub("%BF%27%22%28", "abcd")

 		params = result[:parameter].split("&")

 		skipped_params = []
 		params.each do |param|
 			skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
 		end

 		sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --data=\"#{parameter}\"  --skip=\"#{skipped_params.join(",")}\" --smart --technique=EUS --flush-session --fresh-queries --level=2 --batch"
 		p sqlmap_command
 		sqlmap_output = `#{sqlmap_command}`
 		
 		printf sqlmap_output
 	end
 end
	#!/usr/bin/env ruby

	require 'active_support/secure_random'
	require 'rexml/document'

	wapiti_path = '/home/bperry/tools/wapiti/trunk/src/'
	sqlmap_path = '/home/bperry/tools/sqlmap/'

	wapiti_report_path = '/tmp/wapiti_report_' + SecureRandom.uuid + '.xml'

	remote_host = ARGV[0]

	p "Running wapiti..."
	`#{wapiti_path}wapiti.py #{ARGV[0]} -f xml -o #{wapiti_report_path}`

	p "Report saved to #{wapiti_report_path}"

	p "Parsing results"

	results = []

	report = ::File.open(wapiti_report_path, "rb")
	doc = REXML::Document.new report.read

	doc.elements.each('/report/bugTypeList/bugType') do \|element\|
	bug_type = element.attributes["name"]

	next if bug_type != "SQL Injection"

	p "Parsing " + bug_type

	result = {}
	element.elements.each("bugList/bug") do \|bug\|
	result[:type] = bug_type

	bug.elements.each do \|child\|
	if child.name == "url"
	result[:url] = child.text
	elsif child.name == "parameter"
	result[:parameter] = child.text
	end
	end
	results << result
	result = {}
	end
	end

	results.each do \|result\|
	next if result[:type] !~ /SQL Injection/
	p "Running sqlmap"

	if result[:url].index(result[:parameter])
	url = result[:url].gsub("%BF%27%22%28", "abcd")

	params = result[:url].split("?")[1].split("&")

	skipped_params = []
	params.each do \|param\|
	skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
	end

	p "Running GET sql injection test on url: " + url
	sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --smart --skip=\"#{skipped_params.join(",")}\" --technique=EUS --flush-session --fresh-queries --level=2 --batch"
	out = `#{sqlmap_command}`
	printf out
	else
	url = result[:url]
	p "Running POST sql injection test on url: " + url
	p "With data: " + result[:parameter]

	parameter = result[:parameter].gsub("%BF%27%22%28", "abcd")

	params = result[:parameter].split("&")

	skipped_params = []
	params.each do \|param\|
	skipped_params << param.split("=")[0] if not param.index("%BF%27%22%28")
	end

	sqlmap_command = "#{sqlmap_path}sqlmap.py -u \"#{url}\" --data=\"#{parameter}\" --skip=\"#{skipped_params.join(",")}\" --smart --technique=EUS --flush-session --fresh-queries --level=2 --batch"
	p sqlmap_command
	sqlmap_output = `#{sqlmap_command}`

	printf sqlmap_output
	end
	end