Spliting sqlmap_stage.py into multiple files

clouedoc · clouedoc · commit 9de081de475b · 2018-05-21T20:49:01.000+02:00
diff --git a/autosqli/sqlmap_options.py b/autosqli/sqlmap_options.py
@@ -0,0 +1,28 @@
+# From AutoSQLi
+
+BASE_SQLMAP_OPTIONS = {
+    # Stealthization
+    'random_agent': True,
+
+    # Optimization
+    'keep_alive': True,
+    'threads': 4,
+
+    # Injection
+    'risk': 2,  # Setted risk to two because we are risky peoples.
+    'text-only': True,  # Comparing with images is weird and takes bandwitch.
+
+    # Technique
+    'time-sec': 15,  # Setted time-sec to 15 to avoid latency problems
+
+    # General
+    'batch': True,
+    'output-dir': 'sqlmap_results',
+    'tamper': '',  # Is modified with get_options_for_target
+    'forms': True,
+
+    # Misc
+    'skip-waf': True,
+    'beep': True,  # Beeps if an injection is found
+    'smart': True,  # This flag aborts the scan is results are negatives
+}
diff --git a/autosqli/sqlmap_stage.py b/autosqli/sqlmap_stage.py
@@ -1,54 +1,7 @@
 # From AutoSQLi
 from autosqli import save
 from autosqli import sqlmap_interface
-from autosqli import log
-
-BASE_SQLMAP_OPTIONS = {
-    # Stealthization
-    'random_agent': True,
-
-    # Optimization
-    'keep_alive': True,
-    'threads': 4,
-
-    # Injection
-    'risk': 2,  # Setted risk to two because we are risky peoples.
-    'text-only': True,  # Comparing with images is weird and takes bandwitch.
-
-    # Technique
-    'time-sec': 15,  # Setted time-sec to 15 to avoid latency problems
-
-    # General
-    'batch': True,
-    'output-dir': 'sqlmap_results',
-    'tamper': '',  # Is modified with get_options_for_target
-    'forms': True,
-
-    # Misc
-    'skip-waf': True,
-    'beep': True,  # Beeps if an injection is found
-    'smart': True,  # This flag aborts the scan is results are negatives
-}
-
-
-def get_options_for_target(target):
-    """ return a customized set of sqlmap options for a target ( tampers ) """
-    # FIXME: to debug :)
-    tampers_string = ''
-    tampers = target.get_tampers_paths()
-    options = BASE_SQLMAP_OPTIONS
-
-    for tamper in tampers:
-        tampers.remove(tamper)
-        tampers_string.append("{}{}".format(
-            tampers,
-            ',' if len(tampers == 0)
-        ))
-
-
-    options['tamper'] = tampers_string
-
-    return options
+from autosqli import tamper_engine
 
 
 def sqlmap_stage(args):
@@ -61,6 +14,7 @@ def sqlmap_stage(args):
             break
         else:
             sqlmapped_target = sqlmap_interface.\
-                sqlmap_target(target, get_options_for_target(target))
+                sqlmap_target(target, tamper_engine.
+                              get_options_for_target(target))
 
             save.update_target(sqlmapped_target)
diff --git a/autosqli/tamper_engine.py b/autosqli/tamper_engine.py
@@ -0,0 +1,22 @@
+# From AutoSQLi
+from autosqli import sqlmap_options
+
+
+def get_options_for_target(target):
+    """ return a customized set of sqlmap options for a target ( tampers ) """
+    # FIXME: to debug :)
+    tampers_string = ''
+    tampers = target.get_tampers_paths()
+    options = sqlmap_options.BASE_SQLMAP_OPTIONS
+
+    for tamper in tampers:
+        tampers.remove(tamper)
+        tampers_string.append("{}{}".format(
+            tampers,
+            ',' if len(tampers == 0) else None
+            )
+        )
+
+    options['tamper'] = tampers_string
+
+    return options
