sqlmapthread/sqlmapthread.py at master · yt-huang/sqlmapthread · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
from concurrent.futures import ThreadPoolExecutor
import subprocess
import sys
# 目标URL

# 固定大小线程池
pool = ThreadPoolExecutor(max_workers=10)

ipaddress = sys.argv[1]
auth = sys.argv[2]

print(ipaddress)
print(auth)
def read_from_case_file(url):
    f = open(url,mode="r")
    case_files = f.readlines()
    f.close()
    return case_files

def sqlmap_scan(url,count):
    command = f"python3 sqlmap.py -u \"https://{ipaddress}{url}\" --banner -H \"Authorization:{auth}\" --batch --threads=10 --level=5 --risk=3 --dbms=mysql --output-dir=./tmp/{count}"
    print("执行sqlmap: "+command)
    subprocess.call(command, shell=True)

# 提交任务
urls = read_from_case_file("case.txt")
count=0
for url in urls:
    print("start thread ")
    count = count+1
    pool.submit(sqlmap_scan, url.strip(),count)
    print("thread down ")


# 等待完成
pool.shutdown()