UNPKG

gc-sqlmap-mcp

Version:

Model Context Protocol (MCP) server for interacting with SQLMap SQL injection tool

github.com/GH05TCREW/sqlmap-mcp

GH05TCREW/sqlmap-mcp

181 lines (162 loc) 6.37 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
#!/usr/bin/env node "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js"); const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js"); const zod_1 = require("zod"); const node_child_process_1 = require("node:child_process"); // Get sqlmap path from environment variable const sqlmapPath = process.env.SQLMAP_PATH; if (!sqlmapPath) { console.error("SQLMAP_PATH environment variable not set"); process.exit(1); } // Utility function to handle string or array input function parseArgs(args) { if (Array.isArray(args)) { return args; } // Handle string input - need to parse respecting quotes const result = []; let current = ''; let inQuote = false; let quoteChar = ''; for (let i = 0; i < args.length; i++) { const char = args[i]; if ((char === '"' || char === "'") && (i === 0 || args[i - 1] !== '\\')) { if (!inQuote) { inQuote = true; quoteChar = char; } else if (char === quoteChar) { inQuote = false; quoteChar = ''; } else { current += char; } } else if (char === ' ' && !inQuote) { if (current) { result.push(current); current = ''; } } else { current += char; } } if (current) { result.push(current); } return result; } // Create server instance const server = new mcp_js_1.McpServer({ name: "sqlmap", version: "1.1.6", }); server.tool("do-sqlmap", "Run sqlmap with specified URL", { url: zod_1.z.string().url().describe("Target URL to detect SQL Injection"), sqlmap_args: zod_1.z.union([ zod_1.z.string().describe("SQLMap arguments as a string (e.g. '--batch --dbs')"), zod_1.z.array(zod_1.z.string()).describe("SQLMap arguments as an array (e.g. ['--batch', '--dbs'])") ]).describe(`Additional SQLmap arguments -g GOOGLEDORK Process Google dork results as target URLs Request: These options can be used to specify how to connect to the target URL --data=DATA Data string to be sent through POST (e.g. "id=1") --cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..") --random-agent Use randomly selected HTTP User-Agent header value --proxy=PROXY Use a proxy to connect to the target URL --tor Use Tor anonymity network --check-tor Check to see if Tor is used properly Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts -p TESTPARAMETER Testable parameter(s) --dbms=DBMS Force back-end DBMS to provided value Detection: These options can be used to customize the detection phase --level=LEVEL Level of tests to perform (1-5, default 1) --risk=RISK Risk of tests to perform (1-3, default 1) Techniques: These options can be used to tweak testing of specific SQL injection techniques --technique=TECH.. SQL injection techniques to use (default "BEUSTQ") Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables -a, --all Retrieve everything -b, --banner Retrieve DBMS banner --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --passwords Enumerate DBMS users password hashes --dbs Enumerate DBMS databases --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --schema Enumerate DBMS schema --dump Dump DBMS database table entries --dump-all Dump all DBMS databases tables entries -D DB DBMS database to enumerate -T TBL DBMS database table(s) to enumerate -C COL DBMS database table column(s) to enumerate Operating system access: These options can be used to access the back-end database management system underlying operating system --os-shell Prompt for an interactive operating system shell --os-pwn Prompt for an OOB shell, Meterpreter or VNC General: These options can be used to set some general working parameters --batch Never ask for user input, use the default behavior --flush-session Flush session files for current target Miscellaneous: These options do not fit into any other category --wizard Simple wizard interface for beginner users `), }, async ({ url, sqlmap_args }) => { // Convert string arguments to array if needed const parsedArgs = parseArgs(sqlmap_args); const sqlmap = (0, node_child_process_1.spawn)('python', [sqlmapPath, '-u', url, ...parsedArgs], { shell: true }); let output = ''; // Handle stdout sqlmap.stdout.on('data', (data) => { output += data.toString(); }); // Handle stderr sqlmap.stderr.on('data', (data) => { output += data.toString(); }); // Handle process completion return new Promise((resolve, reject) => { sqlmap.on('close', (code) => { if (code === 0) { resolve({ content: [{ type: "text", text: `${output}\n sqlmap completed successfully` }] }); } else { reject(new Error(`sqlmap exited with code ${code}`)); } }); sqlmap.on('error', (error) => { reject(new Error(`Failed to start sqlmap: ${error.message}`)); }); }); }); // Start the server async function main() { const transport = new stdio_js_1.StdioServerTransport(); await server.connect(transport); console.error("sqlmap MCP Server running on stdio"); } main().catch((error) => { console.error("Fatal error in main():", error); process.exit(1); });