Permalink
Browse files

First commit

  • Loading branch information...
Hood3dRob1n committed Mar 20, 2015
1 parent e1f38dd commit e63f1c9a038dcf12b722bb2b4727d16e9a8c2d89
View
@@ -1,2 +1,27 @@
# SQLMAP-Web-GUI
PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
Before anything, this project wouldn't even be possible without the awesome development team behind SQLMAP - hats off to them!
This is a PHP Frontend I made to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
Here is a few quick videos I made to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI.
Demo against: Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005
YOUTUBE LINK: http://youtu.be/8MRew20Q1xE
Demo against: Linux (CentOS), Apache, MySQL, PHP
YOUTUBE LINK: http://youtu.be/cs2Gvss0v-k
Blog Write-Up: http://kaoticcreations.blogspot.com/
Requirements:
- Linux, Apache, PHP (check your favorite distro's wiki or forum pages, or use google)
- PHP 5.3+ is suggested, older versions not tests so mileage may vary
- Python and any SQLMAP dependencies (refer to their wiki for any help there)
- Clone this repo to your machine
- Edit the sqlmap/inc/config.php file so the paths all point to the right locations on your system
- Copy the entire sqlmap/ directory and contents to your web root directory (cd SQLMAP-Web-GUI && cp -R sqlmap/ /var/www/)
- When you want to use, simply fire up the sqlmap API server (python /home/user/tools/sqlmap/sqlmapapi.py -s)
- Then you can navigate to the Web GUI address in your Browser to begin (firefox http://127.0.0.1/sqlmap/index.php)
Enjoy!
View
@@ -0,0 +1,128 @@
<br />
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-6">
<label for="select_file_privs">File System Options:</label>
<select class="form-control" id="file_privs" name="file_privs">
<option value="" selected="selected" onClick="divHideAndSeek('display_file_read_data_form', 1); divHideAndSeek('display_file_write_data_form', 1);">None</option>
<option value="r" onClick="divHideAndSeek('display_file_read_data_form', 0); divHideAndSeek('display_file_write_data_form', 1);">Read Files from DB Server</option>
<option value="w" onClick="divHideAndSeek('display_file_write_data_form', 0); divHideAndSeek('display_file_read_data_form', 1);">Write Payload Files to Target DB Server</option>
</select>
<div id="display_file_read_data_form" align="central" style="display: none">
<br />
<label for="file_read">File to Read:</label>
<input type="text" class="form-control" id="file_read" name="rFile" placeholder="i.e. /etc/passwd or c:/windows/win.ini ">
<br />
</div>
<div id="display_file_write_data_form" align="central" style="display: none">
<br />
<label for="file_write">File to Write:</label>
<select class="form-control" id="file_write" name="file_write">
<option value="cmdShell" selected="selected" onClick="divHideAndSeek('display_file_write_revShell_data_form', 1);">Basic Web Based Command Shell</option>
<option value="uploader" onClick="divHideAndSeek('display_file_write_revShell_data_form', 1);">Basic File Uploader</option>
<option value="revShell" onClick="divHideAndSeek('display_file_write_revShell_data_form', 0);" disabled>Reverse Shell Script</option>
</select>
<br />
<div id="display_file_write_cmdShell_data_form" align="central" style="display: block">
<label for="dFile">Full Path & Filename to Write on Target:</label>
<input type="text" class="form-control" id="dFile" name="dFile" placeholder="i.e. /var/www/writeable/customFile.fileType ">
<br />
<label for="cmdShellLang">Command Shell Language Type to Use:</label>
<select class="form-control" id="cmdShellLang" name="cmdShellLang">
<option value="1">ASP</option>
<option value="2">ASPX</option>
<option value="3">JSP</option>
<option value="4" selected="selected">PHP</option>
</select>
<br />
<div id="display_file_write_revShell_data_form" align="central" style="display: none">
<label for="revShell_ip">Reverse Shell IP:</label>
<input type="text" class="form-control" id="revShell_ip" name="revShell_ip" placeholder="i.e. 10.10.10.10 ">
<br />
<label for="revShell_port">Reverse Shell Port:</label>
<input type="text" class="form-control" id="revShell_port" name="revShell_port" placeholder="i.e. 31337 ">
</div>
</div>
</div><br />
<label for="select_os_privs">Operating System Options:</label>
<select class="form-control" id="os_privs" name="os_privs">
<option value="" selected="selected" onClick="divHideAndSeek('display_os_cmd_data_form', 1); divHideAndSeek('display_osPwn_revShell_data_form', 1)">None</option>
<option value="r" onClick="divHideAndSeek('display_os_cmd_data_form', 0); divHideAndSeek('display_osPwn_revShell_data_form', 1)">OS Cmd - Run OS Command on Target</option>
<option value="p" onClick="divHideAndSeek('display_osPwn_revShell_data_form', 1); divHideAndSeek('display_osPwn_revShell_data_form', 0)" disabled>OS Pwn - Spawn Meterpreter Reverse Shell</option>
</select>
<div id="display_os_cmd_data_form" align="central" style="display: none">
<br />
<label for="os_cmd">OS Command to Run:</label>
<input type="text" class="form-control" id="os_cmd" name="osCmd" placeholder="i.e. whoami ">
<br />
<label for="cmdShellLang">(Optional) Command Shell Language Type to Use:</label>
<select class="form-control" id="cmdShellLang" name="cmdShellLang">
<option value="1">ASP</option>
<option value="2">ASPX</option>
<option value="3">JSP</option>
<option value="4" selected="selected">PHP</option>
</select>
<br />
<label for="os_cmd_dFile">(Optional) Writeable File Path to Try on Target:</label>
<input type="text" class="form-control" id="os_cmd_dFile" name="os_cmd_dFile" placeholder="i.e. /var/www/html/writeable/ ">
<br />
</div><br />
<div id="display_osPwn_revShell_data_form" align="central" style="display: none">
<label for="meterpreter_type">Meterpreter Reverse Payload Type to Use:</label>
<select class="form-control" id="meterpreter_type" name="meterpreter_type">
<option value="1" selected="selected">TCP - meterpreter/reverse_tcp</option>
<!-- <option value="2">TCP Any Port</option> -->
<option value="3">HTTP - meterpreter/reverse_http</option>
<option value="4">HTTPS - meterpreter/reverse_https</option>
</select>
<br />
<label for="osPwn_tmpPath">(Optional) Temp Path on Target</label>
<input type="text" class="form-control" id="osPwn_tmpPath" name="osPwn_tmpPath" placeholder="i.e. C:\\CUSTOM\\TEMP\\ ">
<br />
<label for="revShell_ip">Meterpreter Listener IP:</label>
<input type="text" class="form-control" id="osPwn_ip" name="osPwn_ip" placeholder="i.e. 10.10.10.10 ">
<br />
<label for="revShell_port">Meterpreter Listener Port:</label>
<input type="text" class="form-control" id="osPwn_port" name="osPwn_port" placeholder="i.e. 4444 ">
<br /><br />
</div>
<label for="select_win_reg">Windows Registry Options:</label>
<select class="form-control" id="win_reg" name="win_reg">
<option value="" selected="selected" onClick="divHideAndSeek('display_win_reg_data_form', 1)">None</option>
<option value="r" onClick="divHideAndSeek('display_win_reg_data_form', 0)">Read Windows Registry Key Value</option>
<option value="a" onClick="divHideAndSeek('display_win_reg_data_form', 0)">Add Windows Registry Key Value Data</option>
<option value="d" onClick="divHideAndSeek('display_win_reg_data_form', 0)">Delete Windows Registry Key Value</option>
</select><br />
<br />
</div>
<div class="col-md-3"></div>
</div>
<div class="row">
<div id="display_win_reg_data_form" align="central" style="display: none">
<br />
<div class="col-md-2"></div>
<div class="col-md-4">
<label for="win_reg_key">Windows Registry Key:</label>
<input type="text" class="form-control" id="win_reg_key" name="regKey" placeholder="i.e. HKEY_LOCAL_MACHINE\SOFTWARE\sqlmap ">
<br />
<label for="win_reg_value">Windows Registry Value:</label>
<input type="text" class="form-control" id="win_reg_value" name="regVal" placeholder="i.e. Test ">
<br />
</div>
<div class="col-md-4">
<label for="win_reg_type">Windows Registry Type:</label>
<input type="text" class="form-control" id="win_reg_type" name="regType" placeholder="i.e. REG_SZ ">
<br />
<label for="win_reg_data">Windows Registry Data:</label>
<input type="text" class="form-control" id="win_reg_data" name="regData" placeholder="i.e. 1 ">
<br />
</div>
<div class="col-md-2"></div>
</div>
</div>
View
@@ -0,0 +1,223 @@
<?php
@session_start(); // Start a new Session, if not already created (tracking later?)
@set_time_limit(0); // May run long at times, remove time limits on script execution time
$sess = session_id(); // Current Session ID, use tbd...
if($_SESSION['authenticated'] != true) {
header("Location: /sqlmap/admin/login.php");
}
// Establish Admin ID to manage tasks
if((isset($_POST['myAdminID'])) && (strlen(trim($_POST['myAdminID'])) == 32)) {
$_SESSION['myAdminID'] = trim($_POST['myAdminID']);
}
include("../inc/config.php");
include("../inc/SQLMAPClientAPI.class.php");
$salt = "!SQL!"; // Salt for form token hash generation
$token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
$_SESSION['token'] = $token; // Set CSRF Token for Form Submit Verification
$taskConfig = array();
if(isset($_SESSION['myAdminID'])) {
$sqlmap = new SQLMAPClientAPI();
if((isset($_GET['task'])) && (trim($_GET['task']) != "")) {
$actionTaskId = trim($_GET['task']);
if(isset($_GET['action'])) {
switch(trim($_GET['action'])) {
case "conf": // Show Config for specified Task ID
$taskConfig = $sqlmap->listOptions($actionTaskId); // We will actually store it for use in a second...
break;
case "stop": // Stop a specified running Task ID
$sqlmap->stopScan($actionTaskId);
break;
case "kill": // Forcefully Kill a specified running Task ID
$sqlmap->killScan($actionTaskId);
break;
case "del": // Delete a specified running Task ID
$sqlmap->deleteTaskID($actionTaskId);
break;
default: // Do Nothing if nothing is specified...
break;
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title id="ttl">SQLMAP Web GUI - Admin Panel</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/sqlmap/css/bootstrap.min.css">
<link rel="stylesheet" href="/sqlmap/css/css.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="/sqlmap/js/bootstrap.min.js"></script>
<script src="/sqlmap/js/sqlmap.js"></script>
</head>
<body>
<br />
<?php
/*
Need ability to set Admin level taskID
Need ability to change during session if desired (reboot/restarts)
Admin Functionality Needed:
List all available tasks
List Configuration Options for Task by Task ID
Stop scan by Task ID
Kill scan by task ID
Delete task by task ID
Delete ALL tasks
*/
echo "<h1 align=\"center\">SQLMAP Web GUI - Admin Panel</h1>";
if(isset($_SESSION['myAdminID'])) {
$taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID']));
if(!$taskList) {
?>
<br />
<div class="container">
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-6">
<div class="epic_fail">[WARNING] '<?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?>' - Appears to be an Invalid Admin ID!</div><br />
<form class="form-horizontal" role="form" id="myAdminID" action="/sqlmap/admin/index.php" method="POST">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="text" name="myAdminID" class="form-control" placeholder="78203fa6630db256fcd7f57ea8420eb8" required autofocus><br />
<input type="submit" class="btn" name="submit" value="Set Admin ID"/>
</form><br />
</div>
<div class="col-md-3"></div>
</div>
</div>
<?php
} else {
?>
<br />
<div class="container">
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-6">
<div class="adminIdDisplay" id="adminIdDisplay" align="center">
<h4>
<b>Admin ID:</b> <?php echo htmlentities(trim($_SESSION['myAdminID']), ENT_QUOTES, 'UTF-8'); ?><br />
<b>Total Number of Known Tasks:</b> <?php echo htmlentities($taskList['tasks_num'], ENT_QUOTES, 'UTF-8'); ?><br />
</h4>
<br /><br />
<div class="adminTasksDisplay" id="adminTasksDisplay">
<div class="row">
<div class="col-md-2"></div>
<div class="col-md-8">
<?php
if((isset($_GET['task'])) && (isset($_GET['action'])) && (trim($_GET['action']) == "conf")) {
echo '<br /><br />';
echo '<label for="results_textarea">ScanID: ' . htmlentities(trim($_GET['task']), ENT_QUOTES, 'UTF-8') . ', API Scan Configuration</label>';
echo '<textarea class="form-control" id="task_configuration_textarea" rows="20">';
echo "[*] API Scan Configuration:\n";
print_r(htmlentities($sqlmap->listOptions(trim($_GET['task']))['options']), ENT_QUOTES, 'UTF-8');
echo '</textarea><br />';
} else {
?>
<table class="table table-hover" id="adminTasksDisplayTable">
<thead>
<tr>
<th>TaskID</th>
<th>Target</th>
<th>Status</th>
<th colspan="5">Options</th>
</tr>
</thead>
<tbody>
<?php
foreach($taskList['tasks'] as $t) {
$status = $sqlmap->checkScanStatus($t);
$taskConfig = $sqlmap->listOptions($t);
echo "<tr>";
echo "<td>";
echo htmlentities($t, ENT_QUOTES, 'UTF-8');
echo "</td>";
if(sizeof($taskConfig) > 0) {
$targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST);
echo "<td>" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . "</td>";
} else {
echo "<td> - </td>";
}
if(isset($status['status'])) {
echo "<td>" . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . "</td>";
} else {
echo "<td> - </td>";
}
echo "<td> <a href=\"/sqlmap/admin/index.php?task=" . htmlentities($t, ENT_QUOTES, 'UTF-8') . "&action=conf\" target=\"_blank\">Conf</a> </td>";
if($status['status'] == 'running') {
echo "<td> <a href=\"/sqlmap/admin/index.php?task=" . htmlentities($t, ENT_QUOTES, 'UTF-8') . "&action=stop\">Stop</a> </td>";
echo "<td> <a href=\"/sqlmap/admin/index.php?task=" . htmlentities($t, ENT_QUOTES, 'UTF-8') . "&action=kill\">Kill</a> </td>";
} else {
echo "<td> - </td>";
echo "<td> - </td>";
}
echo "<td> <a href=\"/sqlmap/admin/index.php?task=" . htmlentities($t, ENT_QUOTES, 'UTF-8') . "&action=del\">Del</a> </td>";
echo "</tr>";
}
?>
</tbody>
</table>
<?php } ?>
</div>
<div class="col-md-2"></div>
</div>
</div>
</div>
</div>
<div class="col-md-3"></div>
</div>
</div>
<?php
}
} else {
?>
<br />
<div class="container">
<div class="row">
<div class="col-md-3"></div>
<div class="col-md-6">
<div class="epic_fail">[WARNING] NO Admin ID Set!</div><br />
<form class="form-horizontal" role="form" id="myAdminID" action="/sqlmap/admin/index.php" method="POST">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="text" name="myAdminID" class="form-control" placeholder="78203fa6630db256fcd7f57ea8420eb8" required autofocus><br />
<input type="submit" class="btn" name="submit" value="Set Admin ID"/>
</form><br />
</div>
<div class="col-md-3"></div>
</div>
</div>
<?php
}
?>
<br /><br /><br />
<div class="footer" align="center">
<a href="/sqlmap/admin/logout.php">Logout</a><br />
Want to learn more about <a href="http://sqlmap.org/" target="_blank">SQLMAP</a>, Visit the <a href="http://sqlmap.org/" target="_blank">Project Page!</a><br/>
SQLMAP Web Operator Copyright &#0169; 2015, Coded By: HR, All rights reserved.<br/>
</div>
<br/><br/>
</body>
</html>
Oops, something went wrong.

0 comments on commit e63f1c9

Please sign in to comment.