Skip to content

Commit 93ebe9a

Browse files
bkbilly-intrackbkbilly-intrack
committed
Formated json output
1 parent 9c86cc4 commit 93ebe9a

File tree

1 file changed

+35
-1
lines changed

1 file changed

+35
-1
lines changed

lib/controller/controller.py

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,38 @@ def _formatInjection(inj):
167167

168168
return data
169169

170+
def _formatDictInjection(inj):
171+
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
172+
data = {
173+
"parameter": inj.parameter,
174+
"paramtype": paramType,
175+
"injection": []
176+
}
177+
178+
for stype, sdata in inj.data.items():
179+
title = sdata.title
180+
vector = sdata.vector
181+
comment = sdata.comment
182+
payload = agent.adjustLateValues(sdata.payload)
183+
if inj.place == PLACE.CUSTOM_HEADER:
184+
payload = payload.split(',', 1)[1]
185+
if stype == PAYLOAD.TECHNIQUE.UNION:
186+
count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
187+
title = re.sub(r"\d+ to \d+", str(count), title)
188+
vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
189+
if count == 1:
190+
title = title.replace("columns", "column")
191+
elif comment:
192+
vector = "%s%s" % (vector, comment)
193+
injection = {
194+
"type": PAYLOAD.SQLINJECTION[stype],
195+
"payload": urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus)),
196+
"vector": vector
197+
}
198+
data["injection"].append(injection)
199+
200+
return data
201+
170202
def _showInjections():
171203
if conf.wizard and kb.wizardMode:
172204
kb.wizardMode = False
@@ -195,12 +227,14 @@ def _showInjections():
195227
logger.warning(warnMsg)
196228

197229
def _saveInjections():
230+
data = [_formatDictInjection(inj) for inj in kb.injections]
231+
198232
if conf.jsonFile:
199233
data = {
200234
"url": conf.url,
201235
"query": conf.parameters.get(PLACE.GET),
202236
"data": conf.parameters.get(PLACE.POST),
203-
"injections": kb.injections,
237+
"injections": data,
204238
}
205239
conf.dumper.json(conf.jsonFile, data)
206240

0 commit comments

Comments
 (0)