mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-02 22:42:30 +00:00
Updated REST API (markdown)
parent
558f7fc084
commit
df294412ef
1 changed files with 31 additions and 6 deletions
37
REST-API.md
37
REST-API.md
|
|
@ -126,7 +126,9 @@ Some API-level errors are returned with HTTP status `200` and `success: false`,
|
|||
|
||||
### `GET /version`
|
||||
|
||||
Returns the sqlmap version exposed by the API server.
|
||||
Returns the sqlmap version and the API contract version exposed by the server.
|
||||
|
||||
`api_version` is the MAJOR version of the REST API contract (semantic versioning), independent of the sqlmap version. Only the major is exposed at runtime because only a major bump breaks clients; use it to check compatibility (e.g. `api_version == 2`).
|
||||
|
||||
Example:
|
||||
|
||||
|
|
@ -139,7 +141,8 @@ Response:
|
|||
```json
|
||||
{
|
||||
"success": true,
|
||||
"version": "1.9.12.1#dev"
|
||||
"version": "1.9.12.1#dev",
|
||||
"api_version": 2
|
||||
}
|
||||
```
|
||||
|
||||
|
|
@ -477,15 +480,37 @@ Response:
|
|||
"data": [
|
||||
{
|
||||
"status": 1,
|
||||
"type": 0,
|
||||
"value": "example output"
|
||||
"type": 2,
|
||||
"type_name": "DBMS_FINGERPRINT",
|
||||
"value": "back-end DBMS: MySQL >= 5.1"
|
||||
},
|
||||
{
|
||||
"status": 1,
|
||||
"type": 4,
|
||||
"type_name": "CURRENT_USER",
|
||||
"value": "root@%"
|
||||
}
|
||||
],
|
||||
"error": []
|
||||
}
|
||||
```
|
||||
|
||||
The shape of `value` depends on the scan result type. It can be a string, number, boolean, array, object or `null`.
|
||||
Each item has a numeric `type`, its readable `type_name` (e.g. `TARGET`, `TECHNIQUES`, `DBMS_FINGERPRINT`, `BANNER`, `CURRENT_USER`, `DBS`, `TABLES`, `COLUMNS`, `DUMP_TABLE`), a `status` (`0` = in progress, `1` = complete) and a `value`. `type_name` is `null` for any unmapped type.
|
||||
|
||||
The shape of `value` depends on the type (string, number, boolean, array, object or `null`). Internal detection/plumbing fields are not exposed and SQL identifiers are unquoted. Notable shapes:
|
||||
|
||||
- `TECHNIQUES` — a list of injection points; each point's `data` is a list of techniques, each named via a `technique` field:
|
||||
|
||||
```json
|
||||
{
|
||||
"place": "GET", "parameter": "id", "dbms": "MySQL", "dbms_version": [">= 5.1"], "os": null, "notes": [],
|
||||
"data": [
|
||||
{"technique": "boolean-based blind", "title": "AND boolean-based blind - WHERE or HAVING clause", "payload": "id=1 AND 7997=7997", "vector": "AND [INFERENCE]", "comment": ""}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
- `DUMP_TABLE` — `{"db": ..., "table": ..., "count": N, "columns": {"<column>": [values, ...]}}`. A database `NULL` value is reported as JSON `null`.
|
||||
|
||||
## Downloading output files
|
||||
|
||||
|
|
@ -643,7 +668,7 @@ Useful client commands include:
|
|||
| `kill` | Kill the current task |
|
||||
| `list` | Display visible tasks |
|
||||
| `flush` | Flush visible tasks |
|
||||
| `version` | Fetch server version |
|
||||
| `version` | Fetch server and API version |
|
||||
| `exit` | Exit the client |
|
||||
|
||||
Example:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue