The directory structure of Sqlmap's source learning notes

Source: Internet
Author: User
Tags documentation mssql mssqlserver postgresql cloudflare varnish modsecurity

0x00 Preface

Sqlmap is an open-source penetration testing tool that can be used to automate detection, exploit SQL injection vulnerabilities, and gain access to the database server. It has a powerful detection engine, a feature option for penetration testing of various types of databases, including obtaining data stored in a database, accessing operating system files, and even executing operating system commands in the form of a take-out data connection . This paper focuses on the SQLMAP software specific directory structure, the subsequent articles will also be compiled from the source code, the Sqlmap of the various coding results. From the structure, we can see the beauty of software engineering in Sqlmap, and at the same time, from the strict classification and construction of software structure, we see the large but concise structure of the software development process in Sqlmap.


0X01 directory Structure brief

In general, after downloading and extracting sqlmap from GitHub, the number of files or folders adds up to a total of 24, some directories and structures are typical of the GitHub project structure, but this article will still make a simple introduction, convenient for readers to fully understand.

. Git--->>> this is Git's code-management repository, which basically has this folder for every GitHub project, recording version information such as file upload changes.

. gitattributes--->>> This is the properties file for Git, such as which programming language, specific file type, and so on.

. Gitignore--->>> this is a git ignore file, such as ignoring some files and not uploading them to the Git repository.

. TRAVIS.YML--->>> This marks the version of Python and the script that sets Sqlmap.

doc/---->>> This folder contains specific instructions for sqlmap, such as a brief description of multiple languages, a detailed description of the PDF, FAQs, author information, and more.

extra/--->>> contains a variety of additional features sqlmap, such as audible (beep), run cmd, secure execution, Shellcode, and more.

lib/--->>> This includes various connection libraries for sqlmap, such as the parameters of the five injection type requests, the power-up operation, and so on.

plugins/--->>> This includes information on various databases and common database considerations.

procs/--->>> This includes triggers for MSSQLSERVER, MySQL, Oracle, and PostgreSQL

shell/--->>> This includes 9 shell Remote connection command execution and management database after successful injection

tamper/--->>> There are 47 kinds of bypass scripts, such as encoding bypass, comment bypass, and so on.

thirdparty/--->>> This includes some other third-party plugins, such as optimization, keep-out, color, and so on.

txt/--->>> This includes dictionaries, such as user browser proxies, tables, columns, keywords, and so on.

udf/--->>> This includes the user's own defined attack payload.

waf/--->>>> Here are some of the 44 common firewall features.

xml/--->>> This includes injection detection load, flag information, and other information for a variety of databases. Here you can see the injected.

README.MD--->>> documentation, briefly guide us to download, install and use Sqlmap, which is available in multiple languages (Chinese) installation download use introduction instructions.

sqlmap.conf--->>>> sqlmap configuration files, such as various default parameters (default is not set parameters, can be set default parameters for batch or automated detection).

sqlmap.py*--->>>> This is Sqlmap's main program, which can invoke various parameters for injection tasks.

sqlmapapi.py*--->>>> This is the Sqlmap API file that can integrate sqlmap on other platforms.


0x02 Directory sqlmap/doc/The specific instructions for use of Sqlmap are included here. such as a brief description of multiple languages, a detailed description of the PDF version, FAQs, author information, etc. The following is the contents of the folder:
Readme.pdf #英文说明文档, it explains in great detail how to invoke various parameters and settings to use Sqlmap. Adept at using Sqlmap is also very powerful.
Faq.pdf #英文解疑文档, which lists the problems and workarounds that are frequently encountered when using Sqlmap, and can be viewed for help in the event of a problem with the installation or use process.
Translations #翻译文件夹, contains a brief description of the download, installation, and use of Sqlmap, which is available in multiple languages, including the Chinese version.
AUTHORS #作者信息, which introduces Sqlmap's editors and their mailboxes. Two foreign Daniel is very generous open source Sqlmap injection tool, think of the clouds, many people rely on it to dig around, it is really thanks to the editor.
Changelog.md #更新日志, the update function and characteristics of SQLMAP are introduced. A lot of good features await digging. But a lot of people do not notice, after all, most of the students are using basic functions.
Contributing.md #贡献文件, it introduces us when using Sqlmap if there is a bug that can submit an attack contribution to GitHub.
COPYING #版权文件, which describes the release rights and redistribution instructions for Sqlmap.
Thanks.md #感谢文档, which introduces authors who have contributed to Sqlmap.
Third-party.md #第三方插件, which introduces a summary of the third-party plug-ins integrated in Sqlmap.
0x03 Directory sqlmap/extra/

sqlmap/extra/beep/  #警报声音文件夹.
sqlmap/extra/beep/beep.py, which is the file that generates the alarm sound, the parameter is--beep, and when SQL injection is found, an alert is emitted. The
Sqlmap/extra/beep/beep.wav the sound file for the alert.
sqlmap/extra/dbgtool/ # The folder to perform the conversion.
sqlmap/extra/dbgtool/dbgtool.py     #可以 ASCII text conversion to portable EXE files, the generated Nc.exe can be installed on Windows, for backdoor monitoring. The
sqlmap/extra/dbgtool/ readme.txt is the file's description file.
sqlmap/extra/mssqlsig/update.py# It updated the MSSQL version number, but it seems that the URL cannot be opened. It is the domestic reason.
sqlmap/extra/safe2bin/  #文件夹, files that have the function of turning into bin files. For example, you can convert a text into an executable file. Its README.txt has its brief description, and safe2bin.py is an actionable executable file.
sqlmap/extra/shutils/#python的文件操作工具. It implements features such as finding third-party plug-ins.
sqlmap/extra/cloak/  #可以利用cloak. PY can generate backdoor operations. The
sqlmap/extra/icmpsh/  #一个win32的反向ICMPshell is a shell that bounces back after a successful injection.
sqlmap/extra/runcmd/  #进行注入成功后, bounce back the auxiliary tool for the cmd command.
sqlmap/extra/shellcodeexec/  #被安装在受害者机器上的shellcode, these are not running on their own machines, with Windows 32,linux 32, 64-bit
Sqlmap /extra/sqlharvest/  #利用google进行搜索爬取文件.


0x04 Directory Sqlmap/libSqlmap calls a library of multiple functions, the following is the contents of its folder:

Controller # This directory is capable of carrying out a series of check-up tasks, with a brief introduction to several files.
action.py # uses the parameters affected by the URL for SQL injection, and extracts the data from the system or database under conditional permission.
checks.py #利用载荷对对发现的sql注入点进行注入检测.
controller.py #对用户传递的参数进行控制.
handler.py #对用户传递的数据库名称进行处理
Core # The Kernel folder has a variety of parameters for the calling file. For example, setting a target invokes target.py. There are agent.py,dump.py,threads.py and so on.
Parse # This parameter folder has banner.py cmdline.py sitemap.py configfile.py payloads.py handler.py html.py Header s.py a series of configuration processing parameters called files.
Request # The Requests folder has basic.py templates.py basicauthhandler.py redirecthandler.py comparison.py               rangehandler.py connect.py pkihandler.py direct.py methodrequest.py dns.py inject.py httpshandler.py A series of network request connection files.
Takeover # The Takeover folder has abstraction.py xp_cmdshell.py icmpsh.py web.py metasploit.py udf.py registry.py the shell that takes over the victim's machine after a successful injection.
Techniques #该注入分类文件夹有blind Brute DNS error union, such as five types of injection, where each folder has the appropriate injection type to execute the file.
Utils #小功能文件夹. The file has api.py xrange.pycrawler.py versioncheck.py deps.py timeout.py getch.py hash.py sqlalchemy.py hashd b.py search.py htmlentities.py purge.py pivotdumptable.py progress.py and other functions of the calling file.


0x05 Sqlmap\plugins

Plugin description

DBMS #该文件夹包含了各种数据说明.      For example access DB2 Firebird HSQLDB maxdb mssqlserver mysql Oracle PostgreSQL sqlite Sybase, and so on, each database file has a fixed file. For example, the Access folder has connector.py enumeration.py takeover.py filesystem.py syntax.py fingerprint.py, etc. File.
Generic #通用文件夹. It also contains connector.py enumeration.py takeover.py filesystem.py syntax.py fingerprint.py and other documents.


0x06 Sqlmap\procs

The access process when injecting a portion of the database

MSSQLServer #对mssqlserver the process of processing to access the data for easy access.
MySQL #对mysql the process of processing to access the data for easy access.
Oracle #对oracle进行处理的进程进行访问 for easy access to data.
PostgreSQL #对postgresql the process of processing to access the data for easy access.
README.txt #对该文件夹的说明. The file sqlmap the SQL fragment used on the target system.


0x07 Sqlmap\shell

Believe that you look at those names, will also understand that they are sqlmap successfully injected into the system shell, a variety of language of the shell, in order to avoid avira, need to make a certain conversion, as to how the conversion in README.txt have detailed instructions. /extra/cloak/cloak.py can restore these back doors into readable code.
Backdoor.asp_ backdoor.aspx_backdoor.jsp_ backdoor.php_ runcmd.exe_ stager.asp_ stager.aspx_ stager.jsp_ stager.ph P_
README.txt #以上shell均是加密了, directly open is garbled, so you can follow the instructions to convert the document.


0x08 Sqlmap\tamper

There are many kinds of scripts to bypass the firewall when injecting, 33 kinds, combined with a variety of script, the effect is good. The following is a specific bypass script:

apostrophemask.py apostrophenullencode.py appendnullbyte.py base64encode.py between.py bluecoat.py chardoubleencode.py charencode.py charunicodeencode.py commalesslimit.py com malessmid.py concat2concatws.py equaltolike.py escapequotes.py greatest.py Hal fversionedmorekeywordsifnull2ifisnull.py informationschemacomment.lowercase.py modsecurityversioned.py mo dsecurityzeroversioned.multiplespaces.py       nonrecursivereplacement.poverlongutf8.py           percentage.py            randomcase.py           randomcomments.py        securesphere.py sp_password.py           space2comment.py         space2dash.py            space2hash.py   Space2moreha sh.py        space2mssqlblank.py space2mssqlhash.py    space2mysqlblank.py     & nbsp;space2mysqldash.py     space2plus.py            space2randomblank.py   symboliclogical.py       unionalltounion.py       unmagicquotes.py         uppercase.py             varnish.py       &NBS P       versionedkeywords.py &nbsp versionedmorekeywords.py xforwardedfor.py         

#打开每个脚本, you can see the applicable conditions and environments for these scripts, and you can refer to the following articles:

http://blog.csdn.net/qq_29277155/article/details/51193071


0x09 Sqlmap\thirdparty

Third-party plug-ins, to achieve a variety of optimized format of small functions.

ANSISTRM #该文件夹中主要为ansistrm. Py, which defines the color display of the result output terminal.
BeautifulSoup #该文件夹中主要为beautifulsoup. PY, which transforms XML into a tree notation.
Bottle #bottle是Python的一个快速, simple and lightweight WSGI micro-web framework. It is distributed as a single file module and does not depend on other Python standard libraries. Primarily for bottle.py, which is the key to building static and dynamic HTTP requests, although PYTHON3 is supported, a compatibility check is done here because Sqlmap is developed as a whole with python2.
Chardet #该文件夹中有众多字符探针和字符定义文件, the main function is to probe the page encoding of Web pages.
Clientform #该文件夹主要为clientform. PY, which makes HTML table processing for Web clients.
Colorama #该文件夹的主要功能是为了将ansi转化为win32编码.
Fcrypt #该文件夹主要为标准的linux加密提供端口, or a Python version that fixes the missing encryption feature.
Gprof2dot #该文件夹提供了从几个解析器的输出中产生一个dot Graphics,
KeepAlive #该文件夹主要为keepalive. PY, its URLLIB2 supports HTTP1.1 and survives on HTTP handlers.
Magic #该文件夹主要为magic. Py,magic is a wrapper for the Libmagic file recognition library.
Multipart #该文件夹主要为multipartpost. py for multi-threaded sending of packets.
Odict #该文件夹主要为odict. PY, primarily an ordered Dictionary object, that holds the key for the insertion order.
Oset #python section of the ABC class patch, pyoset.py as the main program, _abc.py for the auxiliary class ABC class description.
PageRank #该文件夹主要为pagerank. py to get the page's script for Google page rankings.
Prettyprint #该文件夹主要为prettyprint. Py, which optimizes the terminal result output display.
Pydes #python中3DES加密解密算法, which contains the encryption and decryption algorithm description.
Socks #python中的sock模块.
Termcolor #该文件夹中主要为termcolor. Py, which implements the color formatting of the terminal output.

Xdot #dot格式的可视化图形.


0x10 Sqlmap\txt

This folder contains keywords, public lists, and some other dictionaries. Specific as follows:

Common-columns.txt #数据库中的共同列.
Common-outputs.txt #数据库中的共同输出.
Common-tables.txt #数据库中的共同表.
Keywords.txt #数据库中的共同关键词.

Smalldict.txt #数据库中的字典.
User-agents.txt #进行请求时的浏览器代理头.


0x11 sqlmap\udf

The following file runs the data code on the victim's machine, not on our attacker's and on its execution.

MySQL #包括linux和windows的lib_mysqludf_sys. Dll_, both 32-bit and 64-bit.
PostgreSQL #包括linux和windows的lib_mysqludf_sys. Dll_, both 32-bit and 64-bit.
README.txt #该文件夹的功能说明.


0x12 Sqlmap\waf

The folder has 44 scripts that detect 44 types of WAF, respectively. For example, 360, Green League waf,modsecurity, Baidu, Fortiweb,cloudflare. This shows that foreigners to the domestic WAF is also known, they will also be quietly to the domestic WAF bypass. The specific WAF probes are as follows:

360.py airlock.py anquanbao.pybaidu.pybarracuda.pybigip.py binarysec.pyblockdos.py        ciscoacexml.py   cloudflare.py  datapower.py         denyall.py          dotdefender.py         edgecast.py     &NB Sp  expressionengine.py    fortiweb.py         hyperguard.py       INCAPSU la.py        isaserver.py         jiasule.py        KNOWNSEC.P Y        kona.py          modsecurity.py       netcontinu um.py netscaler.py     newdefend.py          nsfocus.py         &NB sp;paloalto.py       profense.py        proventia.py         Radwar e.py       requestvalidationmode.py         safe3.py     safedog.py   &N Bsp  secureiis.pY          senginx.py        sucuri.py        teros.py &N Bsp        trafficshield.py     urlscan.py       uspses.py       & nbsp varnish.py          webappsecure.py        webknight.py             


0x013 Sqlmap\xml

XML records for various information

Banner # A flag XML record of various data and their associated data.    Example: Cookie.xml generic.xml mssql.xml mysql.xml oracle.xml postgresql.xml Server.xml servlet.xml sharepoint.xml x-aspnet-version.xml x-powered-by.xml
Payloads #布尔, errors, inline queries, heap queries, delay blinds, federated queries, and more than six injection types of attack injection detection load. This is important,if the SQLMAP can detect the injection point, it depends on the load.
Boundaries.xml #边界记录文件.
Errors.xml #错误显示的xml文件.
Livetests.xml #测试存活的xml记录文件.
Queries.xml #查询记录的xml文件.
Sqlmap.xsd #sqlmap的 XSD refers to the XML Structure definition (XML Schemas definition).


0x14 readme.md

This is a documentation that briefly directs us to download, install, and use Sqlmap, which contains a variety of language versions of the installation download using the introduction instructions, and is also a useful help file. Here you can find a brief description of Chinese!!!


0x15 sqlmap.conf

This is a sqlmap configuration file, such as various default parameters (default is not set parameters, you can set default parameters for batch or automated detection)


0x16sqlmapapi.py

interface files, you can integrate sqlmap on other platforms. such as Burp, in the end there is no security manufacturers to integrate it into their own products to go? _?



0x17 sqlmap.py

Sqlmap's main program, which can be used to invoke various parameters and display various help information at the terminal. Get an injection report a cloud, find an account Ah! ^^**__**^^




Welcome everyone to share a better idea, eagerly looking forward ^ ^_^ ^!


The directory structure of Sqlmap's source learning notes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.