mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-06-11 10:41:09 +00:00
893 lines
27 KiB
YAML
893 lines
27 KiB
YAML
openapi: 3.0.3
|
|
info:
|
|
title: sqlmap REST-JSON API
|
|
version: "1.0.0"
|
|
description: |
|
|
OpenAPI/Swagger specification for sqlmapapi.py, the sqlmap REST-JSON API server.
|
|
|
|
This specification describes the API surface implemented by `lib/utils/api.py`.
|
|
The API is expected to be protected with HTTP Basic authentication when started
|
|
with `--username` and `--password`; hardened builds should require credentials
|
|
for server/client usage.
|
|
|
|
Notes for implementers:
|
|
* Most sqlmap options are represented as dynamic JSON object properties.
|
|
* API-level failures are commonly returned as HTTP 200 with `success: false`
|
|
and a `message` field, matching the current server behavior.
|
|
* The API starts scans by spawning sqlmap in a separate process and storing
|
|
logs/data in the configured IPC database.
|
|
license:
|
|
name: GPL-2.0-only or commercial
|
|
url: https://github.com/sqlmapproject/sqlmap/blob/master/LICENSE
|
|
contact:
|
|
name: sqlmap project
|
|
url: https://sqlmap.org
|
|
externalDocs:
|
|
description: sqlmap project repository
|
|
url: https://github.com/sqlmapproject/sqlmap
|
|
servers:
|
|
- url: http://127.0.0.1:8775
|
|
description: Default local sqlmapapi.py server
|
|
security:
|
|
- basicAuth: []
|
|
tags:
|
|
- name: Version
|
|
description: Server/version metadata
|
|
- name: Tasks
|
|
description: Task lifecycle management
|
|
- name: Options
|
|
description: Task option inspection and mutation
|
|
- name: Scans
|
|
description: Scan process lifecycle, status, logs, and results
|
|
- name: Admin
|
|
description: Task pool administration
|
|
- name: Files
|
|
description: Retrieval of output files
|
|
paths:
|
|
/version:
|
|
get:
|
|
tags: [Version]
|
|
operationId: getVersion
|
|
summary: Fetch server version
|
|
description: Returns the sqlmap version string reported by the API server.
|
|
responses:
|
|
"200":
|
|
description: Server version returned.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/VersionResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
version: "1.10.6.51#dev"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/task/new:
|
|
get:
|
|
tags: [Tasks]
|
|
operationId: createTask
|
|
summary: Create a new task
|
|
description: Creates an empty task and returns a 16-character hexadecimal task ID.
|
|
responses:
|
|
"200":
|
|
description: Task created.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/TaskNewResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
taskid: "fad44d6beef72285"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/task/{taskid}/delete:
|
|
get:
|
|
tags: [Tasks]
|
|
operationId: deleteTask
|
|
summary: Delete an existing task
|
|
description: Kills the task process, if still running, and removes the task from the in-memory task pool.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
description: Task deleted.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/SimpleSuccessResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
"404":
|
|
description: Non-existing task ID.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
notFound:
|
|
value:
|
|
success: false
|
|
message: Non-existing task ID
|
|
|
|
/admin/list:
|
|
get:
|
|
tags: [Admin]
|
|
operationId: listTasksForRemoteAddress
|
|
summary: List visible tasks
|
|
description: |
|
|
Lists task statuses visible to the caller. Without the admin token path variant,
|
|
the server returns tasks associated with the same remote address.
|
|
responses:
|
|
"200":
|
|
$ref: "#/components/responses/AdminList"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/admin/{token}/list:
|
|
get:
|
|
tags: [Admin]
|
|
operationId: listTasksWithAdminToken
|
|
summary: List all tasks with admin token
|
|
description: Lists all task statuses when the path token matches the server-generated admin token.
|
|
parameters:
|
|
- $ref: "#/components/parameters/AdminToken"
|
|
responses:
|
|
"200":
|
|
$ref: "#/components/responses/AdminList"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/admin/flush:
|
|
get:
|
|
tags: [Admin]
|
|
operationId: flushTasksForRemoteAddress
|
|
summary: Flush visible tasks
|
|
description: |
|
|
Kills and removes tasks visible to the caller. Without the admin token path variant,
|
|
the server flushes tasks associated with the same remote address.
|
|
responses:
|
|
"200":
|
|
description: Matching tasks flushed.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/SimpleSuccessResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/admin/{token}/flush:
|
|
get:
|
|
tags: [Admin]
|
|
operationId: flushTasksWithAdminToken
|
|
summary: Flush all tasks with admin token
|
|
description: Kills and removes all tasks when the path token matches the server-generated admin token.
|
|
parameters:
|
|
- $ref: "#/components/parameters/AdminToken"
|
|
responses:
|
|
"200":
|
|
description: Matching tasks flushed.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/SimpleSuccessResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/option/{taskid}/list:
|
|
get:
|
|
tags: [Options]
|
|
operationId: listOptions
|
|
summary: List task options
|
|
description: Returns the current option object for a task.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
description: Options returned, or an API-level failure envelope for an invalid task ID.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/OptionListResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
options:
|
|
url: "http://testphp.vulnweb.com/artists.php?artist=1"
|
|
batch: true
|
|
threads: 1
|
|
invalidTask:
|
|
value:
|
|
success: false
|
|
message: Invalid task ID
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/option/{taskid}/get:
|
|
post:
|
|
tags: [Options]
|
|
operationId: getOptions
|
|
summary: Get selected task options
|
|
description: Returns values for the requested option names.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/OptionGetRequest"
|
|
examples:
|
|
selectedOptions:
|
|
value: ["url", "cookie"]
|
|
responses:
|
|
"200":
|
|
description: Selected options returned, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/OptionGetResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
options:
|
|
url: "http://testphp.vulnweb.com/artists.php?artist=1"
|
|
cookie: "id=1"
|
|
unknownOption:
|
|
value:
|
|
success: false
|
|
message: "Unknown option 'doesNotExist'"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/option/{taskid}/set:
|
|
post:
|
|
tags: [Options]
|
|
operationId: setOptions
|
|
summary: Set task options
|
|
description: |
|
|
Sets one or more options on a task. Values are persisted in the task option
|
|
object and are used when the scan is started.
|
|
|
|
Hardened behavior: options listed in `x-sqlmap-unsupported-options` should be
|
|
rejected here with `success: false`, matching `/scan/{taskid}/start`.
|
|
x-sqlmap-unsupported-options:
|
|
- sqlShell
|
|
- wizard
|
|
- evalCode
|
|
- alert
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/SqlmapOptions"
|
|
examples:
|
|
setCookie:
|
|
value:
|
|
cookie: "id=1"
|
|
setTarget:
|
|
value:
|
|
url: "http://testphp.vulnweb.com/artists.php?artist=1"
|
|
responses:
|
|
"200":
|
|
description: Options set, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/SimpleSuccessResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
invalidJson:
|
|
value:
|
|
success: false
|
|
message: Invalid JSON options
|
|
unsupportedOption:
|
|
value:
|
|
success: false
|
|
message: "Unsupported option 'evalCode'"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/start:
|
|
post:
|
|
tags: [Scans]
|
|
operationId: startScan
|
|
summary: Launch a scan
|
|
description: |
|
|
Applies the provided options to the task and starts sqlmap in a separate process.
|
|
The response contains the spawned engine process ID.
|
|
|
|
Current API behavior rejects options listed in `x-sqlmap-unsupported-options`
|
|
when they are supplied in this request body.
|
|
x-sqlmap-unsupported-options:
|
|
- sqlShell
|
|
- wizard
|
|
- evalCode
|
|
- alert
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/SqlmapOptions"
|
|
examples:
|
|
basicUrlScan:
|
|
value:
|
|
url: "http://testphp.vulnweb.com/artists.php?artist=1"
|
|
responses:
|
|
"200":
|
|
description: Scan started, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/ScanStartResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
engineid: 19720
|
|
unsupportedOption:
|
|
value:
|
|
success: false
|
|
message: "Unsupported option 'evalCode'"
|
|
invalidJson:
|
|
value:
|
|
success: false
|
|
message: Invalid JSON options
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/stop:
|
|
get:
|
|
tags: [Scans]
|
|
operationId: stopScan
|
|
summary: Stop a scan
|
|
description: Terminates the running scan process for the task and waits for process exit.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
$ref: "#/components/responses/ScanControl"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/kill:
|
|
get:
|
|
tags: [Scans]
|
|
operationId: killScan
|
|
summary: Kill a scan
|
|
description: Force-kills the running scan process for the task and waits for process exit.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
$ref: "#/components/responses/ScanControl"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/status:
|
|
get:
|
|
tags: [Scans]
|
|
operationId: getScanStatus
|
|
summary: Fetch scan status
|
|
description: Returns the process status and return code for the task.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
description: Scan status returned, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/ScanStatusResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
running:
|
|
value:
|
|
success: true
|
|
status: running
|
|
returncode: null
|
|
terminated:
|
|
value:
|
|
success: true
|
|
status: terminated
|
|
returncode: 0
|
|
notRunning:
|
|
value:
|
|
success: true
|
|
status: not running
|
|
returncode: null
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/data:
|
|
get:
|
|
tags: [Scans]
|
|
operationId: getScanData
|
|
summary: Retrieve scan data
|
|
description: Returns structured scan output and recorded error messages for the task.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
description: Scan data returned, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/ScanDataResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
data:
|
|
- status: 1
|
|
type: 0
|
|
value: []
|
|
error: []
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/log:
|
|
get:
|
|
tags: [Scans]
|
|
operationId: getScanLog
|
|
summary: Retrieve all scan log messages
|
|
description: Returns all recorded log messages for the task.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
responses:
|
|
"200":
|
|
$ref: "#/components/responses/ScanLog"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/scan/{taskid}/log/{start}/{end}:
|
|
get:
|
|
tags: [Scans]
|
|
operationId: getScanLogRange
|
|
summary: Retrieve a bounded scan log range
|
|
description: Returns log messages with database IDs from `start` through `end`, inclusive.
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
- name: start
|
|
in: path
|
|
required: true
|
|
description: Inclusive starting log row ID. Must be a positive integer.
|
|
schema:
|
|
type: integer
|
|
minimum: 1
|
|
example: 1
|
|
- name: end
|
|
in: path
|
|
required: true
|
|
description: Inclusive ending log row ID. Must be greater than or equal to `start`.
|
|
schema:
|
|
type: integer
|
|
minimum: 1
|
|
example: 100
|
|
responses:
|
|
"200":
|
|
$ref: "#/components/responses/ScanLog"
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
/download/{taskid}/{target}/{filename}:
|
|
get:
|
|
tags: [Files]
|
|
operationId: downloadOutputFile
|
|
summary: Download an output file
|
|
description: |
|
|
Retrieves a file from sqlmap's output directory for the given task/target and
|
|
returns it as Base64 in JSON.
|
|
|
|
Implementation note: `filename` is a Bottle `:path` parameter and may contain
|
|
slash characters in the running server. Some OpenAPI tooling requires those
|
|
slashes to be URL-encoded or handled with a custom client.
|
|
x-bottle-path-parameter: filename
|
|
parameters:
|
|
- $ref: "#/components/parameters/TaskId"
|
|
- name: target
|
|
in: path
|
|
required: true
|
|
description: Target output-directory name.
|
|
schema:
|
|
type: string
|
|
example: testphp.vulnweb.com
|
|
- name: filename
|
|
in: path
|
|
required: true
|
|
description: Output file path relative to the target directory.
|
|
allowReserved: true
|
|
schema:
|
|
type: string
|
|
example: log
|
|
responses:
|
|
"200":
|
|
description: File returned, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/DownloadResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
file: "SGVsbG8K"
|
|
forbidden:
|
|
value:
|
|
success: false
|
|
message: Forbidden path
|
|
missing:
|
|
value:
|
|
success: false
|
|
message: File does not exist
|
|
"401":
|
|
$ref: "#/components/responses/Unauthorized"
|
|
|
|
components:
|
|
securitySchemes:
|
|
basicAuth:
|
|
type: http
|
|
scheme: basic
|
|
description: |
|
|
HTTP Basic authentication using the `--username` and `--password` values
|
|
supplied to sqlmapapi.py. Hardened builds should require both values.
|
|
|
|
parameters:
|
|
TaskId:
|
|
name: taskid
|
|
in: path
|
|
required: true
|
|
description: 16-character hexadecimal scan task ID.
|
|
schema:
|
|
type: string
|
|
pattern: "^[0-9a-fA-F]{16}$"
|
|
example: fad44d6beef72285
|
|
AdminToken:
|
|
name: token
|
|
in: path
|
|
required: true
|
|
description: Server-generated admin token printed when sqlmapapi.py starts.
|
|
schema:
|
|
type: string
|
|
pattern: "^[0-9a-fA-F]{32}$"
|
|
example: "0123456789abcdef0123456789abcdef"
|
|
|
|
responses:
|
|
Unauthorized:
|
|
description: Missing or invalid HTTP Basic credentials. The response body is empty.
|
|
AdminList:
|
|
description: Task pool listing returned.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: "#/components/schemas/AdminListResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
tasks:
|
|
fad44d6beef72285: running
|
|
c04d8c5c7582efb4: terminated
|
|
tasks_num: 2
|
|
ScanControl:
|
|
description: Scan control action completed, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/SimpleSuccessResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
invalidTask:
|
|
value:
|
|
success: false
|
|
message: Invalid task ID
|
|
ScanLog:
|
|
description: Scan log returned, or an API-level failure envelope.
|
|
content:
|
|
application/json:
|
|
schema:
|
|
oneOf:
|
|
- $ref: "#/components/schemas/ScanLogResponse"
|
|
- $ref: "#/components/schemas/ErrorResponse"
|
|
examples:
|
|
success:
|
|
value:
|
|
success: true
|
|
log:
|
|
- time: "12:34:56"
|
|
level: INFO
|
|
message: testing connection to the target URL
|
|
invalidRange:
|
|
value:
|
|
success: false
|
|
message: Invalid start or end value, must be digits
|
|
|
|
schemas:
|
|
SuccessFlag:
|
|
type: boolean
|
|
description: Indicates whether the API action succeeded.
|
|
|
|
ErrorResponse:
|
|
type: object
|
|
required: [success, message]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [false]
|
|
message:
|
|
type: string
|
|
additionalProperties: false
|
|
|
|
SimpleSuccessResponse:
|
|
type: object
|
|
required: [success]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
additionalProperties: false
|
|
|
|
VersionResponse:
|
|
type: object
|
|
required: [success, version]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
version:
|
|
type: string
|
|
description: sqlmap version string without the `sqlmap/` prefix.
|
|
example: "1.10.6.51#dev"
|
|
additionalProperties: false
|
|
|
|
TaskNewResponse:
|
|
type: object
|
|
required: [success, taskid]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
taskid:
|
|
type: string
|
|
pattern: "^[0-9a-fA-F]{16}$"
|
|
example: fad44d6beef72285
|
|
additionalProperties: false
|
|
|
|
AdminListResponse:
|
|
type: object
|
|
required: [success, tasks, tasks_num]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
tasks:
|
|
type: object
|
|
description: Object keyed by task ID, with current task status as the value.
|
|
additionalProperties:
|
|
$ref: "#/components/schemas/ScanStatus"
|
|
example:
|
|
fad44d6beef72285: running
|
|
tasks_num:
|
|
type: integer
|
|
minimum: 0
|
|
example: 1
|
|
additionalProperties: false
|
|
|
|
ScanStatus:
|
|
type: string
|
|
enum:
|
|
- not running
|
|
- running
|
|
- terminated
|
|
|
|
OptionValue:
|
|
description: Value accepted by sqlmap options. The exact type depends on the option.
|
|
nullable: true
|
|
oneOf:
|
|
- type: string
|
|
- type: boolean
|
|
- type: integer
|
|
- type: number
|
|
- type: array
|
|
items: {}
|
|
- type: object
|
|
additionalProperties: true
|
|
|
|
SqlmapOptions:
|
|
type: object
|
|
description: |
|
|
Dynamic object containing sqlmap option names and values. Option names map to
|
|
sqlmap's internal option dictionary. Unsupported REST API options should be
|
|
rejected by endpoints that accept this object.
|
|
additionalProperties:
|
|
$ref: "#/components/schemas/OptionValue"
|
|
example:
|
|
url: "http://testphp.vulnweb.com/artists.php?artist=1"
|
|
cookie: "id=1"
|
|
batch: true
|
|
threads: 1
|
|
|
|
OptionListResponse:
|
|
type: object
|
|
required: [success, options]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
options:
|
|
$ref: "#/components/schemas/SqlmapOptions"
|
|
additionalProperties: false
|
|
|
|
OptionGetRequest:
|
|
type: array
|
|
description: List of option names to return.
|
|
minItems: 1
|
|
items:
|
|
type: string
|
|
minLength: 1
|
|
example:
|
|
- url
|
|
- cookie
|
|
|
|
OptionGetResponse:
|
|
type: object
|
|
required: [success, options]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
options:
|
|
$ref: "#/components/schemas/SqlmapOptions"
|
|
additionalProperties: false
|
|
|
|
ScanStartResponse:
|
|
type: object
|
|
required: [success, engineid]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
engineid:
|
|
type: integer
|
|
description: Process ID of the spawned sqlmap engine.
|
|
example: 19720
|
|
additionalProperties: false
|
|
|
|
ScanStatusResponse:
|
|
type: object
|
|
required: [success, status, returncode]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
status:
|
|
$ref: "#/components/schemas/ScanStatus"
|
|
returncode:
|
|
type: integer
|
|
nullable: true
|
|
description: Process return code, or null when no process is running or the process has not exited.
|
|
example: 0
|
|
additionalProperties: false
|
|
|
|
ScanDataItem:
|
|
type: object
|
|
required: [status, type, value]
|
|
properties:
|
|
status:
|
|
type: integer
|
|
description: Numeric content status stored by sqlmap.
|
|
example: 1
|
|
type:
|
|
type: integer
|
|
description: Numeric content type stored by sqlmap.
|
|
example: 0
|
|
value:
|
|
nullable: true
|
|
description: JSON-decoded scan output value. Shape depends on the content type.
|
|
additionalProperties: true
|
|
|
|
ScanDataResponse:
|
|
type: object
|
|
required: [success, data, error]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
data:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/ScanDataItem"
|
|
error:
|
|
type: array
|
|
items:
|
|
type: string
|
|
additionalProperties: false
|
|
|
|
LogEntry:
|
|
type: object
|
|
required: [time, level, message]
|
|
properties:
|
|
time:
|
|
type: string
|
|
description: Server-local time in HH:MM:SS format.
|
|
pattern: "^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]$"
|
|
example: "12:34:56"
|
|
level:
|
|
type: string
|
|
description: Python logging level name.
|
|
example: INFO
|
|
message:
|
|
type: string
|
|
example: testing connection to the target URL
|
|
additionalProperties: false
|
|
|
|
ScanLogResponse:
|
|
type: object
|
|
required: [success, log]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
log:
|
|
type: array
|
|
items:
|
|
$ref: "#/components/schemas/LogEntry"
|
|
additionalProperties: false
|
|
|
|
DownloadResponse:
|
|
type: object
|
|
required: [success, file]
|
|
properties:
|
|
success:
|
|
type: boolean
|
|
enum: [true]
|
|
file:
|
|
type: string
|
|
format: byte
|
|
description: Base64-encoded file content.
|
|
example: SGVsbG8K
|
|
additionalProperties: false
|