from MaltegoTransform import *
from TeethLib import *

m = MaltegoTransform()
m.parseArguments(sys.argv);
hash=sys.argv[1]


#get fields
url=sillydecode(m.getVar('url'))
postdata=sillydecode(m.getVar('postdata'))
varstocheck=sillydecode(m.getVar('varstocheck'))
method=sillydecode(m.getVar('method'))

if method=='POST' and postdata is None:
 logger.info("Can't run a POST without any POSTDATA - exiting. [%s][%s][%s]"%(url,postdata,varstocheck))
 m.returnOutput()
 quit()

if varstocheck is None:
 logger.info("No variables to check - exiting. [%s][%s][%s]"%(url,postdata,varstocheck))
 m.returnOutput()
 quit()
 
if url is None:
 logger.info("No URL or URL malformed - exiting. [%s][%s][%s]"%(url,postdata,varstocheck))
 quit()
 
 
if url.find("?")<0 and method=='GET' and len(postdata)>0:
 #hmmm
 url=url+"?"+postdata
 logger.debug("Exception. Now url is %s"%url)
  
 
#for now 
db="MYSQL" 
additional=read_config_file('SQLMAP','AdditionalArguments')

if postdata is None:
 postdata=""
 
#OK ready go
if method=='POST' or len(postdata)>0:
 cmd="sqlmap %s --dbms %s -u \"%s\" --data \"%s\" -p \"%s\""%(additional,db,url,postdata,varstocheck)
else:
 cmd="sqlmap %s --dbms %s -u \"%s\" -p \"%s\""%(additional,db,url,varstocheck)

logger.debug("Running SQLMAP like so: [%s]"%cmd)
logger.info("Running SQLMAP on [%s][%s][%s]"%(url,postdata,varstocheck))
out=run_external(cmd)

logger.debug("SQLMAP output:>>>%s<<<<"%out)
logger.info("Finished testing on [%s][%s][%s]"%(url,postdata,varstocheck)) 

if out.find("identified the following injection points")>0:
 wootEnt=m.addEntity("maltego.Phrase","INJECTED!"+hash[0:7])
 wootEnt.setDisplayInformation('Click <a href="file:///opt/Teeth/cache/SQLMAP-output/'+urlparse(url).netloc+'/log">here</a> to open report')
m.returnOutput()