Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package attack :: Module sqlmap :: Class sqlmap
[hide private]

Class sqlmap



Exploits [blind] sql injections using sqlmap ( http://sqlmap.sf.net ).

Instance Methods [hide private]
 
__init__(self)
 
fastExploit(self)
Exploits a web app with [blind] sql injections vulns.
 
getAttackType(self)
Returns the type of exploit, SHELL, PROXY, etc.
 
getExploitableVulns(self)
 
canExploit(self, vulnToExploit=None)
Searches the kb for vulnerabilities that the plugin can exploit.
 
exploit(self, vulnToExploit=None)
Exploits a [blind] sql injections vulns that was found and stored in the kb.
 
_generateShell(self, vuln)
Returns: A sqlmap shell object if sqlmap could fingerprint the database.
 
getOptions(self)
Returns: A list of option objects for this plugin.
 
setOptions(self, optionsMap)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
 
getPluginDeps(self)
Returns: A list with the names of the plugins that should be runned before the current one.
 
getRootProbability(self)
Returns: This method returns the probability of getting a root shell using this attack plugin.
 
getLongDesc(self)
Returns: A DETAILED description of the plugin functions and features.

Inherited from core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin: GET2POST, getType, getVulnName2Exploit

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, end, getDesc, getName, printUniq, setUrlOpener

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _analyzeResult, _sendMutant

Inherited from core.controllers.misc.commonAttackMethods.commonAttackMethods: getCut, setCut

Inherited from core.controllers.misc.commonAttackMethods.commonAttackMethods (private): _cut, _defineCut

Method Details [hide private]

__init__(self)
(Constructor)

 
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.__init__

fastExploit(self)

 
Exploits a web app with [blind] sql injections vulns. The options are configured using the plugin options and setOptions() method.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.fastExploit

getAttackType(self)

 
Returns the type of exploit, SHELL, PROXY, etc.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getAttackType
(inherited documentation)

getExploitableVulns(self)

 
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getExploitableVulns

canExploit(self, vulnToExploit=None)

 
Searches the kb for vulnerabilities that the plugin can exploit.
Returns:
True if plugin knows how to exploit a found vuln.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.canExploit

exploit(self, vulnToExploit=None)

 
Exploits a [blind] sql injections vulns that was found and stored in the kb.
Returns:
True if the shell is working and the user can start calling rexec
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.exploit

_generateShell(self, vuln)

 
Parameters:
  • vuln - The vuln to exploit, as it was saved in the kb or supplied by the user with set commands.
Returns:
A sqlmap shell object if sqlmap could fingerprint the database.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin._generateShell

getOptions(self)

 

This method returns an optionList containing the options objects that the configurable object has. Using this option list the framework will build a window, a menu, or some other input method to retrieve the info from the user.

This method MUST be implemented on every plugin.
Returns:
A list of option objects for this plugin.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptions

setOptions(self, optionsMap)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
Parameters:
  • optionsMap - A map with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

getPluginDeps(self)

 
Returns:
A list with the names of the plugins that should be runned before the current one.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getPluginDeps

getRootProbability(self)

 
Returns:
This method returns the probability of getting a root shell using this attack plugin. This is used by the "exploit *" function to order the plugins and first try to exploit the more critical ones. This method should return 0 for an exploit that will never return a root shell, and 1 for an exploit that WILL ALWAYS return a root shell.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getRootProbability

getLongDesc(self)

 
Returns:
A DETAILED description of the plugin functions and features.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getLongDesc

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0beta1 on Sun Sep 14 17:13:08 2008 http://epydoc.sourceforge.net