-
Notifications
You must be signed in to change notification settings - Fork 274
/
fptool.c
79 lines (65 loc) · 2.22 KB
/
fptool.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/**
* Copyright 2012, 2013 Nick Galbreath
* BSD License -- see COPYING.txt for details
*
* This is for testing against files in ../data/ *.txt
* Reads from stdin or a list of files, and emits if a line
* is a SQLi attack or not, and does basic statistics
*
*/
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include "libinjection.h"
#include "libinjection_sqli.h"
int main(int argc, const char* argv[])
{
size_t slen;
int ok;
int single = 0;
int offset = 1;
sfilter sf;
if (argc < 2) {
fprintf(stderr, "need more args\n");
return 1;
}
while (1) {
if (strcmp(argv[offset], "-0") == 0) {
single = 1;
offset += 1;
} else {
break;
}
}
slen = strlen(argv[offset]);
if (slen == 0) {
return 1;
}
/*
* "plain" context.. test string "as-is"
*/
libinjection_sqli_init(&sf, argv[offset], slen, 0);
if (single) {
libinjection_sqli_fingerprint(&sf, FLAG_QUOTE_NONE | FLAG_SQL_ANSI);
libinjection_sqli_check_fingerprint(&sf);
fprintf(stdout, "%s\n", sf.fingerprint);
return 0;
}
libinjection_sqli_fingerprint(&sf, FLAG_QUOTE_NONE | FLAG_SQL_ANSI);
ok = libinjection_sqli_check_fingerprint(&sf);
fprintf(stdout, "plain-asni\t%s\t%s\n", sf.fingerprint, ok ? "true": "false");
libinjection_sqli_fingerprint(&sf, FLAG_QUOTE_NONE | FLAG_SQL_MYSQL);
ok = libinjection_sqli_check_fingerprint(&sf);
fprintf(stdout, "plain-mysql\t%s\t%s\n", sf.fingerprint, ok ? "true": "false");
libinjection_sqli_fingerprint(&sf, FLAG_QUOTE_SINGLE | FLAG_SQL_ANSI);
ok = libinjection_sqli_check_fingerprint(&sf);
fprintf(stdout, "single-ansi\t%s\t%s\n", sf.fingerprint, ok ? "true": "false");
libinjection_sqli_fingerprint(&sf, FLAG_QUOTE_SINGLE | FLAG_SQL_MYSQL);
ok = libinjection_sqli_check_fingerprint(&sf);
fprintf(stdout, "single-mysql\t%s\t%s\n", sf.fingerprint, ok ? "true": "false");
libinjection_sqli_fingerprint(&sf, FLAG_QUOTE_DOUBLE | FLAG_SQL_MYSQL);
ok = libinjection_sqli_check_fingerprint(&sf);
fprintf(stdout, "double-mysql\t%s\t%s\n", sf.fingerprint, ok ? "true": "false");
return 0;
}