Create app.py
Browse files
app.py
ADDED
|
@@ -0,0 +1,57 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import gradio as gr
|
| 2 |
+
import subprocess
|
| 3 |
+
|
| 4 |
+
# 常见 SQLMap 指令选项
|
| 5 |
+
COMMON_OPTIONS = {
|
| 6 |
+
"URL": "",
|
| 7 |
+
"参数名称": "",
|
| 8 |
+
"数据库类型": "",
|
| 9 |
+
"线程数": "1",
|
| 10 |
+
"代理": "",
|
| 11 |
+
}
|
| 12 |
+
|
| 13 |
+
# 构建命令函数
|
| 14 |
+
def build_sqlmap_command(url, param, dbms, threads, proxy, extra):
|
| 15 |
+
cmd = ["sqlmap", "-u", url]
|
| 16 |
+
if param:
|
| 17 |
+
cmd += ["--param", param]
|
| 18 |
+
if dbms:
|
| 19 |
+
cmd += ["-p", dbms]
|
| 20 |
+
cmd += ["--threads", threads]
|
| 21 |
+
if proxy:
|
| 22 |
+
cmd += ["--proxy", proxy]
|
| 23 |
+
if extra:
|
| 24 |
+
cmd += extra.split()
|
| 25 |
+
return cmd
|
| 26 |
+
|
| 27 |
+
# 执行函数
|
| 28 |
+
|
| 29 |
+
def run_sqlmap(url, param, dbms, threads, proxy, extra):
|
| 30 |
+
cmd = build_sqlmap_command(url, param, dbms, threads, proxy, extra)
|
| 31 |
+
try:
|
| 32 |
+
result = subprocess.check_output(cmd, stderr=subprocess.STDOUT, text=True, timeout=300)
|
| 33 |
+
except subprocess.CalledProcessError as e:
|
| 34 |
+
result = e.output
|
| 35 |
+
except subprocess.TimeoutExpired:
|
| 36 |
+
result = "执行超时,请检查目标或减少负载。"
|
| 37 |
+
return result
|
| 38 |
+
|
| 39 |
+
# Gradio 界面布局
|
| 40 |
+
with gr.Blocks(title="SQLMap Web UI") as demo:
|
| 41 |
+
gr.Markdown("# SQLMap Web 图形化界面\n简洁、美观,快速构建常见注入测试。")
|
| 42 |
+
with gr.Row():
|
| 43 |
+
with gr.Column():
|
| 44 |
+
url = gr.Textbox(label="目标 URL", placeholder="http://example.com/vuln.php?id=1")
|
| 45 |
+
param = gr.Textbox(label="参数名称 (param)", placeholder="id, user 等,可留空")
|
| 46 |
+
dbms = gr.Dropdown(label="数据库类型 (dbms)", choices=["", "MySQL", "PostgreSQL", "MSSQL", "Oracle", "SQLite", "MongoDB"], value="")
|
| 47 |
+
threads = gr.Slider(label="线程数", minimum=1, maximum=10, step=1, value=1)
|
| 48 |
+
proxy = gr.Textbox(label="HTTP 代理 (可选)", placeholder="http://127.0.0.1:8080")
|
| 49 |
+
extra = gr.Textbox(label="额外参数 (如: --os-shell)", placeholder="--dump --batch 等")
|
| 50 |
+
run_btn = gr.Button("运行 SQLMap")
|
| 51 |
+
with gr.Column():
|
| 52 |
+
output = gr.Textbox(label="输出结果", interactive=False, lines=20)
|
| 53 |
+
|
| 54 |
+
run_btn.click(fn=run_sqlmap, inputs=[url, param, dbms, threads, proxy, extra], outputs=output)
|
| 55 |
+
|
| 56 |
+
if __name__ == "__main__":
|
| 57 |
+
demo.launch(server_name="0.0.0.0", server_port=7860)
|