Skip to content

Commit 4da29d3

Browse files
vizzdoomvizzdoom
committed
v20250610
1 parent 2b46d18 commit 4da29d3

File tree

3 files changed

+385
-155
lines changed

3 files changed

+385
-155
lines changed

app.js

Lines changed: 168 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -31,12 +31,14 @@ class SQLMapGenerator {
3131
this.setupEventListeners();
3232
this.setupTabs();
3333
this.setupSliders();
34+
this.handleHashtag();
3435
this.updateCommand();
3536
}
3637

3738
setupEventListeners() {
3839
// Copy button
3940
document.getElementById('copyBtn').addEventListener('click', () => this.copyCommand());
41+
document.getElementById('copyUrlBtn').addEventListener('click', () => this.copyUrl());
4042

4143
// Template buttons
4244
document.querySelectorAll('.template-btn').forEach(btn => {
@@ -85,38 +87,47 @@ class SQLMapGenerator {
8587
const levelValue = document.getElementById('levelValue');
8688
levelSlider.addEventListener('input', (e) => {
8789
levelValue.textContent = e.target.value;
90+
let levelHelp = "";
91+
switch (levelSlider.value) {
92+
case "1": levelHelp = "1: Fastest and least intrusive testing of GET and POST parameters (default)."; break;
93+
case "2": levelHelp = "2: Additionaly test injections in the Cookie header."; break;
94+
case "3": levelHelp = "3: Additionaly test injections in User-Agent and Referer headers ."; break;
95+
case "4": levelHelp = "4: Additionaly perform more advbanced tests, such as null values and some extra payloads."; break;
96+
case "5": levelHelp = "5: Additionaly test Host header, using all possible payloads."; break;
97+
}
98+
document.getElementById('level-help').textContent = levelHelp;
8899
});
89100

90101
// Risk slider
91102
const riskSlider = document.getElementById('risk');
92103
const riskValue = document.getElementById('riskValue');
93104
riskSlider.addEventListener('input', (e) => {
94105
riskValue.textContent = e.target.value;
106+
let riskHelp = "";
107+
switch (riskSlider.value) {
108+
case "1": riskHelp = "1: Innocuous test for the majority of SQL injection points (default)."; break;
109+
case "2": riskHelp = "2: Adds also time-based SQL injections."; break;
110+
case "3": riskHelp = "3: Adds also OR-based SQL injection tests."; break;
111+
}
112+
document.getElementById('risk-help').textContent = riskHelp;
95113
});
96114

97115
// Verbose slider
98116
const verboseSlider = document.getElementById('verbose');
99117
const verboseValue = document.getElementById('verboseValue');
100118
verboseSlider.addEventListener('input', (e) => {
101119
verboseValue.textContent = e.target.value;
102-
let verboseLevelHelp = "";
103-
switch (document.getElementById('verbose').value) {
104-
case "0":
105-
verboseLevelHelp = "0: Show only Python tracebacks, error and critical messages."; break;
106-
case "1":
107-
verboseLevelHelp = "1: Show also information and warning messages (default)."; break;
108-
case "2":
109-
verboseLevelHelp = "2: Show also debug messages."; break;
110-
case "3":
111-
verboseLevelHelp = "3: Show also payloads injected."; break;
112-
case "4":
113-
verboseLevelHelp = "4: Show also HTTP requests."; break;
114-
case "5":
115-
verboseLevelHelp = "5: Show also HTTP responses' headers."; break;
116-
case "6":
117-
verboseLevelHelp = "6: Show also HTTP responses' page content."; break;
120+
let verboseHelp = "";
121+
switch (verboseSlider.value) {
122+
case "0": verboseHelp = "0: Show only Python tracebacks, error and critical messages."; break;
123+
case "1": verboseHelp = "1: Show also information and warning messages (default)."; break;
124+
case "2": verboseHelp = "2: Show also debug messages."; break;
125+
case "3": verboseHelp = "3: Show also payloads injected."; break;
126+
case "4": verboseHelp = "4: Show also HTTP requests."; break;
127+
case "5": verboseHelp = "5: Show also HTTP responses' headers."; break;
128+
case "6": verboseHelp = "6: Show also HTTP responses' page content."; break;
118129
}
119-
document.getElementById('verbose-help').textContent = verboseLevelHelp;
130+
document.getElementById('verbose-help').textContent = verboseHelp;
120131
});
121132

122133

@@ -128,26 +139,70 @@ class SQLMapGenerator {
128139
// Target options
129140
const url = document.getElementById('url').value.trim();
130141
if (url) config['-u'] = url;
131-
132-
const method = document.getElementById('method').value;
133-
if (method) config['--method'] = method;
134-
135-
const data = document.getElementById('data').value.trim();
136-
if (data) config['--data'] = data;
142+
143+
const directDb = document.getElementById('directDb').value.trim();
144+
if (directDb) config['-d'] = directDb;
137145

138146
const requestFile = document.getElementById('requestFile').value.trim();
139147
if (requestFile) config['-r'] = requestFile;
140148

141149
const targetsFile = document.getElementById('targetsFile').value.trim();
142150
if (targetsFile) config['-m'] = targetsFile;
143-
144-
const directDb = document.getElementById('directDb').value.trim();
145-
if (directDb) config['-d'] = directDb;
151+
152+
const burpFile = document.getElementById('burpFile').value.trim();
153+
if (burpFile) config['-l'] = burpFile;
154+
155+
const burpFileScope = document.getElementById('burpFileScope').value.trim();
156+
if (burpFileScope) config['--scope'] = burpFileScope;
157+
if (burpFileScope && !burpFile) document.getElementById('burpFile').value = "burp.txt";
146158

147159
const googleDork = document.getElementById('googleDork').value.trim();
148160
if (googleDork) config['-g'] = googleDork;
161+
162+
// Connection options
163+
const forceSsl = document.getElementById('forceSsl').checked;
164+
if (forceSsl) config['--force-ssl'] = forceSsl;
165+
166+
const timeout = document.getElementById('timeout').value;
167+
if (timeout && timeout != 30) config['--timeout'] = timeout;
168+
169+
const delay = document.getElementById('delay').value;
170+
if (delay && delay > 0) config['--delay'] = delay;
171+
172+
const threads = document.getElementById('threads').value;
173+
if (threads && threads > 1) config['--threads'] = threads;
174+
175+
const proxy = document.getElementById('proxy').value.trim();
176+
if (proxy) config['--proxy'] = proxy;
177+
178+
const proxyCred = document.getElementById('proxyCred').value.trim();
179+
if (proxyCred) config['--proxy-cred'] = proxyCred;
180+
181+
const proxyFile = document.getElementById('proxyFile').value.trim();
182+
if (proxyFile) config['--proxy-file'] = proxyFile;
183+
184+
const proxyFreq = document.getElementById('proxyFreq').value.trim();
185+
if (proxyFreq && proxyFreq >= 1) config['--proxy-freq'] = proxyFreq;
186+
187+
const proxyIgnore = document.getElementById('proxyIgnore').checked
188+
if (proxyIgnore) config['--ignore-proxy'] = proxyIgnore;
189+
190+
191+
192+
193+
194+
//
195+
196+
const method = document.getElementById('method').value;
197+
if (method) config['--method'] = method;
198+
199+
const data = document.getElementById('data').value.trim();
200+
if (data) config['--data'] = data;
201+
202+
203+
149204

150-
if (document.getElementById('forceSsl').checked) config['--force-ssl'] = true;
205+
151206

152207
// Request options
153208
const userAgent = document.getElementById('userAgent').value;
@@ -167,14 +222,8 @@ class SQLMapGenerator {
167222
const referer = document.getElementById('referer').value.trim();
168223
if (referer) config['--referer'] = referer;
169224

170-
const proxy = document.getElementById('proxy').value.trim();
171-
if (proxy) config['--proxy'] = proxy;
172225

173-
const timeout = document.getElementById('timeout').value;
174-
if (timeout) config['--timeout'] = timeout;
175226

176-
const delay = document.getElementById('delay').value;
177-
if (delay) config['--delay'] = delay;
178227

179228
if (document.getElementById('randomAgent').checked) config['--random-agent'] = true;
180229

@@ -240,8 +289,7 @@ class SQLMapGenerator {
240289
if (column) config['-C'] = column;
241290

242291
// Optimization options
243-
const threads = document.getElementById('threads').value;
244-
if (threads && threads > 1) config['--threads'] = threads;
292+
245293

246294
if (document.getElementById('keepAlive').checked) config['--keep-alive'] = true;
247295
if (document.getElementById('nullConnection').checked) config['--null-connection'] = true;
@@ -276,13 +324,15 @@ class SQLMapGenerator {
276324

277325
// Order of parameters for better readability
278326
const paramOrder = [
279-
'-u', '--method', '--data', '-r', '-m', '-d', '-g', '--force-ssl',
280-
'-A', '-H', '--cookie', '--referer', '--proxy', '--timeout', '--delay', '--random-agent',
327+
'-u', '-d', '-r', '-m', '-l', '--scope', '-g',
328+
'--force-ssl', '--timeout', '--delay', '--threads',
329+
'--proxy', '--proxy-cred', '--proxy-file', '--proxy-freq', '--ignore-proxy',
330+
'--method', '--data',
281331
'-p', '--skip', '--level', '--risk', '--dbms', '--os', '--technique',
282332
'--batch', '-v', '-t', '--parse-errors', '--test-filter',
283333
'--current-user', '--current-db', '--dbs', '--tables', '--columns', '--schema', '--dump-all',
284334
'-D', '-T', '-C',
285-
'--threads', '--keep-alive', '--null-connection', '--predict-output', '-o',
335+
'--keep-alive', '--null-connection', '--predict-output', '-o',
286336
'--tamper', '--prefix', '--suffix', '--csrf-token', '--csrf-url', '--second-url'
287337
];
288338

@@ -306,30 +356,43 @@ class SQLMapGenerator {
306356
return command;
307357
}
308358

359+
handleHashtag() {
360+
// Check if we have hashtag with proper config and load it if so
361+
try {
362+
let hashtag = location.hash.substr(1);
363+
if (hashtag.length > 0) {
364+
let hashtagCmd = JSON.parse(atob(hashtag));
365+
this.applyConfiguration(hashtagCmd);
366+
}
367+
} catch (ex) {
368+
console.log(ex);
369+
}
370+
}
371+
309372
updateCommand() {
310-
const command = this.generateCommand();
311-
const commandOutput = document.getElementById('commandOutput');
312-
commandOutput.textContent = command;
313-
314-
// Add syntax highlighting
315-
this.applySyntaxHighlighting(commandOutput);
373+
const command = this.generateCommand();
374+
const commandOutput = document.getElementById('commandOutput');
375+
commandOutput.textContent = command;
376+
377+
// Add syntax highlighting
378+
this.applySyntaxHighlighting(commandOutput);
316379
}
317380

318381
applySyntaxHighlighting(element) {
319-
/* BUG
382+
320383
let html = element.textContent;
321384

322385
// Highlight options (starting with -)
323-
html = html.replace(/(--?[\w-]+)/g, '<span class="option">$1</span>');
386+
html = html.replace(/(--?[\w-]+)/g, "<span class='option'>$1</span>");
324387

325388
// Highlight quoted values
326-
html = html.replace(/"([^"]+)"/g, '"<span class="value">$1</span>"');
389+
html = html.replace(/"([^"]+)"/g, "<span class='value'>\"$1\"</span>");
327390

328391
// Highlight sqlmap command
329-
html = html.replace(/^sqlmap/, '<span class="flag">sqlmap</span>');
392+
html = html.replace(/^sqlmap/, "<span class='flag'>sqlmap</span>");
330393

331394
element.innerHTML = html;
332-
*/
395+
333396
}
334397

335398
async copyCommand() {
@@ -340,12 +403,12 @@ class SQLMapGenerator {
340403
try {
341404
await navigator.clipboard.writeText(command);
342405
copyBtn.classList.add('copying');
343-
copyText.textContent = 'Copied!';
406+
copyText.textContent = 'Command Copied!';
344407

345408
setTimeout(() => {
346409
copyBtn.classList.remove('copying');
347-
copyText.textContent = 'Copy';
348-
}, 2000);
410+
copyText.textContent = 'COPY COMMAND TO A CLIPBOARD';
411+
}, 3000);
349412
} catch (err) {
350413
// Fallback for older browsers
351414
const textArea = document.createElement('textarea');
@@ -355,10 +418,46 @@ class SQLMapGenerator {
355418
document.execCommand('copy');
356419
document.body.removeChild(textArea);
357420

358-
copyText.textContent = 'Copied!';
421+
copyText.textContent = 'Command Copied!';
422+
setTimeout(() => {
423+
copyText.textContent = 'COPY COMMAND TO A CLIPBOARD';
424+
}, 3000);
425+
}
426+
}
427+
428+
async copyUrl() {
429+
const serializedCommand = btoa(JSON.stringify(this.getCurrentConfig()));
430+
const command = location.href.replace(location.hash, "") + "#" + serializedCommand;
431+
const copyUrlBtn = document.getElementById('copyUrlBtn');
432+
const copyUrlText = document.getElementById('copyUrlText');
433+
434+
try {
435+
await navigator.clipboard.writeText(command);
436+
copyUrlBtn.classList.add('copying');
437+
copyUrlText.textContent = 'Copied!';
438+
439+
setTimeout(() => {
440+
copyUrlBtn.classList.remove('copying');
441+
copyUrlText.textContent = 'COPY URL WITH THIS CONFIG';
442+
}, 3000);
443+
debugger;
444+
location.replace("#" + serializedCommand);
445+
446+
} catch (err) {
447+
// Fallback for older browsers
448+
const textArea = document.createElement('textarea');
449+
textArea.value = command;
450+
document.body.appendChild(textArea);
451+
textArea.select();
452+
document.execCommand('copy');
453+
document.body.removeChild(textArea);
454+
455+
copyUrlText.textContent = 'URL Copied!';
359456
setTimeout(() => {
360-
copyText.textContent = 'Copy';
361-
}, 2000);
457+
copyUrlText.textContent = 'COPY URL WITH THIS CONFIG';
458+
}, 3000);
459+
debugger;
460+
location.replace("#" + serializedCommand);
362461
}
363462
}
364463

@@ -378,6 +477,8 @@ class SQLMapGenerator {
378477
'url': 'url',
379478
'data': 'data',
380479
'requestFile': 'requestFile',
480+
'requestFileScope': 'requestFileScope',
481+
'burpFile': 'burpFile',
381482
'level': 'level',
382483
'risk': 'risk',
383484
'randomAgent': 'randomAgent',
@@ -468,6 +569,8 @@ class SQLMapGenerator {
468569
'--method': 'method',
469570
'--data': 'data',
470571
'-r': 'requestFile',
572+
'-l': 'burpFile',
573+
'--scope': 'burpFileScope',
471574
'-m': 'targetsFile',
472575
'-d': 'directDb',
473576
'-g': 'googleDork',
@@ -477,6 +580,10 @@ class SQLMapGenerator {
477580
'--cookie': 'cookie',
478581
'--referer': 'referer',
479582
'--proxy': 'proxy',
583+
'--proxy-cred': 'proxyCred',
584+
'--proxy-file': 'proxyFile',
585+
'--proxy-freq': 'proxyFreq',
586+
'--ignore-proxy': 'proxyIgnore',
480587
'--timeout': 'timeout',
481588
'--delay': 'delay',
482589
'--random-agent': 'randomAgent',
@@ -585,16 +692,18 @@ class SQLMapGenerator {
585692

586693
document.body.appendChild(messageEl);
587694

588-
// Remove after 3 seconds
695+
// Remove after 10 seconds
589696
setTimeout(() => {
590697
if (messageEl.parentNode) {
591698
messageEl.parentNode.removeChild(messageEl);
592699
}
593-
}, 3000);
700+
}, 10000);
594701
}
595702
}
596703

597704
// Initialize the application when DOM is loaded
705+
let sqlgen = null;
598706
document.addEventListener('DOMContentLoaded', () => {
599-
new SQLMapGenerator();
600-
});
707+
sqlgen = new SQLMapGenerator();
708+
document.querySelectorAll('input[type=text], textarea').forEach(field => field.spellcheck = false);
709+
});

0 commit comments

Comments
 (0)