更新: 359 个文件 - 2026-03-16 23:30:01

01-sql-injection/tools/sqli-scanner.py

@@ -30,6 +30,22 @@ import urllib.parse
 from concurrent.futures import ThreadPoolExecutor, as_completed
 from typing import List, Dict, Tuple, Optional
 import sys
+from pathlib import Path
+
+
+SCRIPTS_DIR = Path(__file__).resolve().parents[2] / "scripts"
+if str(SCRIPTS_DIR) not in sys.path:
+    sys.path.insert(0, str(SCRIPTS_DIR))
+
+from tool_contract import (  # noqa: E402
+    add_common_args,
+    emit_report,
+    ensure_authorized,
+    make_report,
+    parse_cookie_string,
+    parse_headers,
+    write_evidence,
+)
 
 
 class Colors:
@@ -322,12 +338,19 @@ def main():
     parser.add_argument("-p", "--params", help="指定参数 (逗号分隔)")
     parser.add_argument("-t", "--threads", type=int, default=5, help="线程数")
     parser.add_argument("--timeout", type=int, default=10, help="超时时间")
+    add_common_args(parser)
 
     args = parser.parse_args()
+    ensure_authorized(args, parser)
 
     requests.packages.urllib3.disable_warnings()
 
     scanner = SQLiScanner(timeout=args.timeout, threads=args.threads)
+    scanner.session.headers.update(parse_headers(args.header))
+    if args.proxy:
+        scanner.session.proxies.update({"http": args.proxy, "https": args.proxy})
+    if args.format != "text":
+        scanner.print_result = lambda *_args, **_kwargs: None  # type: ignore[assignment]
 
     data = {}
     if args.data:
@@ -336,32 +359,48 @@ def main():
                 k, v = pair.split("=", 1)
                 data[k] = v
 
-    cookies = {}
-    if args.cookie:
-        for pair in args.cookie.split(";"):
-            if "=" in pair:
-                k, v = pair.strip().split("=", 1)
-                cookies[k] = v
+    cookies = parse_cookie_string(args.cookie)
 
     params = args.params.split(",") if args.params else None
 
-    print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
-    print(f"{Colors.BOLD}SQL Injection Scanner{Colors.END}")
-    print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
-
     scanner.print_result("INFO", f"目标: {args.url}")
     scanner.print_result("INFO", f"方法: {args.method}")
 
     results = scanner.scan_url(args.url, args.method, data, cookies, params)
 
-    print(f"\n{Colors.BOLD}{'=' * 60}{Colors.END}")
-    if results:
-        scanner.print_result("SUCCESS", f"发现 {len(results)} 个SQL注入漏洞!")
-        for r in results:
-            print(f"  - {r}")
-    else:
-        scanner.print_result("INFO", "未发现SQL注入漏洞")
-    print(f"{Colors.BOLD}{'=' * 60}{Colors.END}\n")
+    evidence_refs = []
+    ref = write_evidence(args, "sqli-results.json", results)
+    if ref:
+        evidence_refs.append(ref)
+    status = "verified" if results else "needs-review"
+    severity = "high" if results else "info"
+    report = make_report(
+        tool="sqli-scanner",
+        mode="non-destructive-sqli-scan",
+        target=args.url,
+        status=status,
+        severity=severity,
+        payload_or_probe={"hits": results, "params": params or sorted(data.keys())},
+        request_summary={
+            "method": args.method,
+            "params": params or [],
+            "threads": args.threads,
+            "header_names": sorted(parse_headers(args.header).keys()),
+        },
+        evidence_refs=evidence_refs,
+        destructive_risk="medium",
+        args=args,
+    )
+    text_lines = [
+        "=" * 60,
+        "SQL Injection Scanner",
+        "=" * 60,
+        f"Target: {args.url}",
+        f"Method: {args.method}",
+        f"Hits: {len(results)}",
+        f"Status: {status}",
+    ]
+    emit_report(args, report, text_lines)
 
 
 if __name__ == "__main__":