There is currently none :). I‘ll just give you a quick intro.

At server side:

$ python sqlmapapi.py -s -H 0.0.0.0

[19:42:00] [INFO] Running REST-JSON API server at ‘0.0.0.0:8775‘..

[19:42:00] [INFO] Admin ID: cfdd0c84a8ebbccf40a97fe6eaaeac9d

[19:42:00] [DEBUG] IPC database: /tmp/sqlmapipc-QUdQ7m

[19:42:00] [DEBUG] REST-JSON API server connected to IPC database

At client side:

$ curl http://127.0.0.1:8775/task/new

{

"taskid": "4be40bb5e98a03c2",

"success": true

}

$ curl -H "Content-Type: application/json" -X POST -d ‘{"url": "http://testphp.vulnweb.com/artists.php?artist=1"}‘ http://127.0.0.1:8775/scan/4be40bb5e98a03c2/start

{

"engineid": 3068,

"success": true

}

$ curl http://127.0.0.1:8775/scan/4be40bb5e98a03c2/data

{

"data": [],

"success": true,

"error": []

}

$ curl http://127.0.0.1:8775/scan/4be40bb5e98a03c2/log

{

"log": [

{

"message": "testing connection to the target URL",

"level": "INFO",

"time": "19:44:23"

},

{

"message": "testing if the target URL is stable. This can take a couple of seconds",

"level": "INFO",

"time": "19:44:24"

},

{

"message": "target URL is stable",

"level": "INFO",

"time": "19:44:25"

},

{

"message": "testing if GET parameter ‘artist‘ is dynamic",

"level": "INFO",

"time": "19:44:25"

},

{

"message": "confirming that GET parameter ‘artist‘ is dynamic",

"level": "INFO",

"time": "19:44:25"

},

{

"message": "GET parameter ‘artist‘ is dynamic",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "heuristic (basic) test shows that GET parameter ‘artist‘ might be injectable (possible DBMS: ‘MySQL‘)",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "testing for SQL injection on GET parameter ‘artist‘",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "testing ‘AND boolean-based blind - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "GET parameter ‘artist‘ seems to be ‘AND boolean-based blind - WHERE or HAVING clause‘ injectable ",

"level": "INFO",

"time": "19:44:27"

},

{

"message": "testing ‘MySQL >= 5.0 AND error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:27"

},

{

"message": "testing ‘MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)‘",

"level": "INFO",

"time": "19:44:27"

},

{

"message": "testing ‘MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)‘",

"level": "INFO",

"time": "19:44:28"

},

{

"message": "testing ‘MySQL >= 4.1 AND error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:28"

},

{

"message": "testing ‘MySQL >= 5.0 OR error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:28"

},

{

"message": "testing ‘MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL >= 4.1 OR error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL OR error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL >= 5.0 error-based - Parameter replace‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL inline queries‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL > 5.0.11 stacked queries‘",

"level": "INFO",

"time": "19:44:31"

},

{

"message": "testing ‘MySQL < 5.0.12 stacked queries (heavy query)‘",

"level": "INFO",

"time": "19:44:31"

},

{

"message": "testing ‘MySQL > 5.0.11 AND time-based blind‘",

"level": "INFO",

"time": "19:44:31"

},

{

"message": "GET parameter ‘artist‘ seems to be ‘MySQL > 5.0.11 AND time-based blind‘ injectable ",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "testing ‘MySQL UNION query (NULL) - 1 to 20 columns‘",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "target URL appears to have 3 columns in query",

"level": "INFO",

"time": "19:44:43"

},

{

"message": "GET parameter ‘artist‘ is ‘MySQL UNION query (NULL) - 1 to 20 columns‘ injectable",

"level": "INFO",

"time": "19:44:44"

},

{

"message": "the back-end DBMS is MySQL",

"level": "INFO",

"time": "19:44:45"

}

],

"success": true

}

java web sqlmapapi,Sqlmap的sqlmapapi.py简单使用相关推荐

  1. java web 里的JSP 对象的简单了解

    1.基本的组成元素 page指令                 <%@ page ..........%>                   1-1.  language---当前页面 ...

  2. 1)Java web项目配置(最简单的javaweb项目)

    Java web示例一 1.创建一个简单的Maven 项目 2.在webapp/WEB-INF下创建两个文件夹classes和lib,classes用来存放编译后输出的classes文件,lib用于存 ...

  3. Hello World -- Java Web版(Java Web 入门教程)

    在阅读本文之前,你一定知道如何用Java语言写出"Hello, World!"了.那么,用Java语言如何写出Web版的"Hello, World!",使之显示 ...

  4. java web实验_javaweb实验报告

    javaweb实验报告 甘肃政法学院本科生实验报告(一)姓名:学院:计算机科学学院专业: 计算机科学与技术班级实验课程名称:实验日期:2012 年 04 月 9 日指导教师及职称实验成绩:开课时间:2 ...

  5. Jenkins部署Java web应用极简指南

    Jenkins快速尝鲜指南 安装Jenkins 配置Jenkins 配置访问路径和端口号 配置Jenkins用户 配置全局工具 配置插件 配置nginx转发 新建构建任务 参数化构建 使用参数 指定分 ...

  6. 一个简单的Java web服务器实现

    前言 一个简单的Java web服务器实现,比较简单,基于java.net.Socket和java.net.ServerSocket实现: 程序执行步骤 创建一个ServerSocket对象: 调用S ...

  7. java web简单三层结构

    java web可以分为三层结构:表现层.业务层.持久化层 表现层: 1.主要由jsp页面实现,jsp页面主要负责页面的渲染工作,它从浏览器接收从客户端传来的动作传递给servlet,servlet接 ...

  8. Java WEB之Servlet学习之路(一)一个最简单的Servlet应用

    好久没有更新博客了,有点冷清,主要是最近忙着看Java WEb前段时间都是基础,一些http理论和WEB容器理论,没有什么实践性代码,所以没写代码,现在终于正式开始Servlet编程了,下面就得好好的 ...

  9. java web ee_Java EE 6 Web配置文件。 在云上。 简单。

    java web ee Java SE还可以. Java EE是邪恶的. 这就是我一直想的. 好吧,现在不再了. 让我分享我的经验. 几周前,我开始考虑将旧版spring + hibernate + ...

  10. java web项目请求控制及简单漏洞防范

    背景:当时项目没用什么框架,过滤器,请求限制等都需要自己手写. 1.请求加时间戳 在后台过滤器中可以加判断,如果请求时间戳与服务器时间相差太大,可以返回异常,具体情况可以具体使用. 请求中加时间戳的示 ...

最新文章

  1. 七年程序员生涯,我学到的重要六课
  2. 32.Docker安装MongoDb
  3. [听尉迟方侃侃]平台
  4. 模拟模型学习 几何布朗运动_Java的几何布朗运动
  5. 【开源项目】Android下自定义HASH【支持一个key对应多个value--根据key排序】
  6. java qq通信_结对博客(Java通信项目QQ)
  7. solidwork运行python脚本_Matlab – Solidworks 机器人建模(3)如何把URDF文件导入到Matlab...
  8. leetcode [35]搜索插入位置/Search Insert Position 优雅的暴力可能比二分查找效率更高
  9. python组合数据类型实验报告_Python程序设计实验七:组合数据类型
  10. SOMEIP报文格式部分字段概述(二)
  11. 用友U8修改货位现存量
  12. NBA30只球队2020年各队数据分析
  13. hget和get redis_redis hget阻塞 使用redis时遇到的问题 - Redis - 服务器之家
  14. python往npy写入数据_Python 存取npy格式数据实例
  15. 怎样保存html视频,网页上的视频怎么保存到电脑 网页视频保存到电脑的步骤教程...
  16. AVR单片机LED单灯闪烁
  17. 2021全国省市区街道社区五级SQL文件以及JAVA爬取代码
  18. 区块链是什么,如何去理解?
  19. vue3 集成西瓜视频播放器xgplayer
  20. Android各版本分布

热门文章

  1. 2020-08-22 每日一句
  2. 七月算法机器学习 8 信息论、最大熵模型与EM算法
  3. property属性学习
  4. python定义和调用函数
  5. 一个简单的Matlab面向对象编程实例
  6. Atitit 成果艺术 attilax著 艾提拉著 目录 1. 2 2. 理论类 2 2.1. xxx模型 曲线 定律 原则 曲线 2 3. 代码类成果 范例代码项目 代码类库 与代码片段
  7. Atitit.url 汉字中文路径  404 resin4 resin  解决  v2 q329
  8. paip.函数式编程方法概述以及总结
  9. JS调试设置断点却无法中断的解决
  10. Rust: (作者 洛佳) 使用Rust编写操作系统(附录一):链接器参数