Skip to main content

SqlmapEngine

Struct SqlmapEngine 

Source
pub struct SqlmapEngine { /* private fields */ }
Expand description

Manages the sqlmapapi lifecycle and provides access to its REST API.

When the engine is dropped, the locally spawned daemon subprocess is killed automatically via RAII (best-effort).

Implementations§

Source§

impl SqlmapEngine

Source

pub async fn new( port: u16, spawn_local: bool, binary_path: Option<&str>, ) -> Result<Self, SqlmapError>

Launches a local sqlmapapi daemon bound to 127.0.0.1.

§Arguments
  • port — TCP port for the daemon. If 0 is passed with spawn_local, the OS assigns an ephemeral port (not yet supported by sqlmapapi).
  • spawn_local — If true, spawns a local sqlmapapi subprocess.
  • binary_path — Override the sqlmapapi binary location.
§Errors

Returns SqlmapError::ProcessError if the daemon fails to spawn, or SqlmapError::ApiError if it doesn’t become responsive within 5 seconds.

Examples found in repository?
examples/full_scan.rs (line 26)
13async fn main() -> Result<(), Box<dyn std::error::Error>> {
14    // ── 1. Check availability ────────────────────────────
15    if !SqlmapEngine::is_available() {
16        eprintln!("ERROR: sqlmapapi not found in PATH");
17        eprintln!("Quick fix:");
18        eprintln!("  conda env create -f environment.yml");
19        eprintln!("  conda activate sqlmap-env");
20        eprintln!("  # OR: ./setup.sh");
21        std::process::exit(1);
22    }
23
24    // ── 2. Boot the daemon ───────────────────────────────
25    println!("Booting sqlmapapi daemon on port 8775...");
26    let engine = SqlmapEngine::new(8775, true, None).await?;
27    println!("Daemon ready at {}", engine.api_url());
28
29    // ── 3. Configure scan with builder ───────────────────
30    let target = std::env::args().nth(1).unwrap_or_else(|| {
31        eprintln!("Usage: cargo run --example full_scan -- <target-url>");
32        eprintln!("Example: cargo run --example full_scan -- http://example.com/page?id=1");
33        std::process::exit(1);
34    });
35
36    println!("Target: {target}");
37
38    let opts = SqlmapOptions::builder()
39        .url(&target)
40        .level(3)
41        .risk(2)
42        .batch(true)
43        .threads(4)
44        .random_agent(true)
45        .build();
46
47    // ── 4. Create and run task ───────────────────────────
48    let task = engine.create_task(&opts).await?;
49    println!("Task created: {}", task.task_id());
50
51    task.start().await?;
52    println!("Scan started, polling for completion...");
53
54    // ── 5. Monitor execution ─────────────────────────────
55    task.wait_for_completion(300).await?;
56    println!("Scan complete!");
57
58    // ── 6. Fetch and display logs ────────────────────────
59    match task.fetch_log().await {
60        Ok(log_resp) => {
61            if let Some(logs) = &log_resp.log {
62                println!("\n=== Scan Log ({} entries) ===", logs.len());
63                for entry in logs.iter().rev().take(10) {
64                    println!("  [{}] {}: {}", entry.time, entry.level, entry.message);
65                }
66                if logs.len() > 10 {
67                    println!("  ... and {} more entries", logs.len() - 10);
68                }
69            }
70        }
71        Err(err) => eprintln!("Could not fetch log: {err}"),
72    }
73
74    // ── 7. Fetch results ─────────────────────────────────
75    let data = task.fetch_data().await?;
76    let findings = data.findings();
77
78    println!("\n=== Results ===");
79    println!("  Findings: {}", findings.len());
80
81    if findings.is_empty() {
82        println!("  No SQL injection vulnerabilities detected.");
83    } else {
84        // ── 8. Multi-format output ───────────────────────
85        println!("\n{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Plain));
86
87        println!("=== JSON ===");
88        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::JsonPretty));
89
90        println!("=== CSV ===");
91        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Csv));
92
93        println!("=== Markdown ===");
94        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Markdown));
95    }
96
97    // ── 9. Inspect configured options ────────────────────
98    match task.list_options().await {
99        Ok(options) => {
100            println!("\n=== Active Options ===");
101            println!("{}", serde_json::to_string_pretty(&options)?);
102        }
103        Err(err) => eprintln!("Could not fetch options: {err}"),
104    }
105
106    // Task is auto-deleted from daemon on drop.
107    // Engine daemon is auto-killed on drop.
108    println!("\nDone. Task and daemon will be cleaned up automatically.");
109
110    Ok(())
111}
Source

pub async fn with_config( port: u16, spawn_local: bool, binary_path: Option<&str>, request_timeout: Duration, poll_interval: Duration, ) -> Result<Self, SqlmapError>

Launches a daemon with custom HTTP timeout and polling interval.

§Arguments
  • request_timeout — HTTP request timeout for API calls.
  • poll_interval — Interval between status polls in wait_for_completion.
Source

pub async fn create_task( &self, options: &SqlmapOptions, ) -> Result<SqlmapTask<'_>, SqlmapError>

Creates and configures a new scanning task, returning an RAII wrapper.

The task is automatically deleted from the daemon when dropped.

Examples found in repository?
examples/full_scan.rs (line 48)
13async fn main() -> Result<(), Box<dyn std::error::Error>> {
14    // ── 1. Check availability ────────────────────────────
15    if !SqlmapEngine::is_available() {
16        eprintln!("ERROR: sqlmapapi not found in PATH");
17        eprintln!("Quick fix:");
18        eprintln!("  conda env create -f environment.yml");
19        eprintln!("  conda activate sqlmap-env");
20        eprintln!("  # OR: ./setup.sh");
21        std::process::exit(1);
22    }
23
24    // ── 2. Boot the daemon ───────────────────────────────
25    println!("Booting sqlmapapi daemon on port 8775...");
26    let engine = SqlmapEngine::new(8775, true, None).await?;
27    println!("Daemon ready at {}", engine.api_url());
28
29    // ── 3. Configure scan with builder ───────────────────
30    let target = std::env::args().nth(1).unwrap_or_else(|| {
31        eprintln!("Usage: cargo run --example full_scan -- <target-url>");
32        eprintln!("Example: cargo run --example full_scan -- http://example.com/page?id=1");
33        std::process::exit(1);
34    });
35
36    println!("Target: {target}");
37
38    let opts = SqlmapOptions::builder()
39        .url(&target)
40        .level(3)
41        .risk(2)
42        .batch(true)
43        .threads(4)
44        .random_agent(true)
45        .build();
46
47    // ── 4. Create and run task ───────────────────────────
48    let task = engine.create_task(&opts).await?;
49    println!("Task created: {}", task.task_id());
50
51    task.start().await?;
52    println!("Scan started, polling for completion...");
53
54    // ── 5. Monitor execution ─────────────────────────────
55    task.wait_for_completion(300).await?;
56    println!("Scan complete!");
57
58    // ── 6. Fetch and display logs ────────────────────────
59    match task.fetch_log().await {
60        Ok(log_resp) => {
61            if let Some(logs) = &log_resp.log {
62                println!("\n=== Scan Log ({} entries) ===", logs.len());
63                for entry in logs.iter().rev().take(10) {
64                    println!("  [{}] {}: {}", entry.time, entry.level, entry.message);
65                }
66                if logs.len() > 10 {
67                    println!("  ... and {} more entries", logs.len() - 10);
68                }
69            }
70        }
71        Err(err) => eprintln!("Could not fetch log: {err}"),
72    }
73
74    // ── 7. Fetch results ─────────────────────────────────
75    let data = task.fetch_data().await?;
76    let findings = data.findings();
77
78    println!("\n=== Results ===");
79    println!("  Findings: {}", findings.len());
80
81    if findings.is_empty() {
82        println!("  No SQL injection vulnerabilities detected.");
83    } else {
84        // ── 8. Multi-format output ───────────────────────
85        println!("\n{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Plain));
86
87        println!("=== JSON ===");
88        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::JsonPretty));
89
90        println!("=== CSV ===");
91        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Csv));
92
93        println!("=== Markdown ===");
94        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Markdown));
95    }
96
97    // ── 9. Inspect configured options ────────────────────
98    match task.list_options().await {
99        Ok(options) => {
100            println!("\n=== Active Options ===");
101            println!("{}", serde_json::to_string_pretty(&options)?);
102        }
103        Err(err) => eprintln!("Could not fetch options: {err}"),
104    }
105
106    // Task is auto-deleted from daemon on drop.
107    // Engine daemon is auto-killed on drop.
108    println!("\nDone. Task and daemon will be cleaned up automatically.");
109
110    Ok(())
111}
Source

pub fn is_available() -> bool

Check if sqlmapapi is available on this system.

Tests that the sqlmapapi binary exists and is executable. Does NOT fall back to python3 -c "import sqlmap" since that doesn’t guarantee the REST API server is available.

Examples found in repository?
examples/full_scan.rs (line 15)
13async fn main() -> Result<(), Box<dyn std::error::Error>> {
14    // ── 1. Check availability ────────────────────────────
15    if !SqlmapEngine::is_available() {
16        eprintln!("ERROR: sqlmapapi not found in PATH");
17        eprintln!("Quick fix:");
18        eprintln!("  conda env create -f environment.yml");
19        eprintln!("  conda activate sqlmap-env");
20        eprintln!("  # OR: ./setup.sh");
21        std::process::exit(1);
22    }
23
24    // ── 2. Boot the daemon ───────────────────────────────
25    println!("Booting sqlmapapi daemon on port 8775...");
26    let engine = SqlmapEngine::new(8775, true, None).await?;
27    println!("Daemon ready at {}", engine.api_url());
28
29    // ── 3. Configure scan with builder ───────────────────
30    let target = std::env::args().nth(1).unwrap_or_else(|| {
31        eprintln!("Usage: cargo run --example full_scan -- <target-url>");
32        eprintln!("Example: cargo run --example full_scan -- http://example.com/page?id=1");
33        std::process::exit(1);
34    });
35
36    println!("Target: {target}");
37
38    let opts = SqlmapOptions::builder()
39        .url(&target)
40        .level(3)
41        .risk(2)
42        .batch(true)
43        .threads(4)
44        .random_agent(true)
45        .build();
46
47    // ── 4. Create and run task ───────────────────────────
48    let task = engine.create_task(&opts).await?;
49    println!("Task created: {}", task.task_id());
50
51    task.start().await?;
52    println!("Scan started, polling for completion...");
53
54    // ── 5. Monitor execution ─────────────────────────────
55    task.wait_for_completion(300).await?;
56    println!("Scan complete!");
57
58    // ── 6. Fetch and display logs ────────────────────────
59    match task.fetch_log().await {
60        Ok(log_resp) => {
61            if let Some(logs) = &log_resp.log {
62                println!("\n=== Scan Log ({} entries) ===", logs.len());
63                for entry in logs.iter().rev().take(10) {
64                    println!("  [{}] {}: {}", entry.time, entry.level, entry.message);
65                }
66                if logs.len() > 10 {
67                    println!("  ... and {} more entries", logs.len() - 10);
68                }
69            }
70        }
71        Err(err) => eprintln!("Could not fetch log: {err}"),
72    }
73
74    // ── 7. Fetch results ─────────────────────────────────
75    let data = task.fetch_data().await?;
76    let findings = data.findings();
77
78    println!("\n=== Results ===");
79    println!("  Findings: {}", findings.len());
80
81    if findings.is_empty() {
82        println!("  No SQL injection vulnerabilities detected.");
83    } else {
84        // ── 8. Multi-format output ───────────────────────
85        println!("\n{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Plain));
86
87        println!("=== JSON ===");
88        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::JsonPretty));
89
90        println!("=== CSV ===");
91        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Csv));
92
93        println!("=== Markdown ===");
94        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Markdown));
95    }
96
97    // ── 9. Inspect configured options ────────────────────
98    match task.list_options().await {
99        Ok(options) => {
100            println!("\n=== Active Options ===");
101            println!("{}", serde_json::to_string_pretty(&options)?);
102        }
103        Err(err) => eprintln!("Could not fetch options: {err}"),
104    }
105
106    // Task is auto-deleted from daemon on drop.
107    // Engine daemon is auto-killed on drop.
108    println!("\nDone. Task and daemon will be cleaned up automatically.");
109
110    Ok(())
111}
Source

pub fn is_available_at(binary_path: &str) -> bool

Check if sqlmapapi is available, trying the provided binary path first.

Source

pub fn api_url(&self) -> &str

Returns the base API URL for this engine.

Examples found in repository?
examples/full_scan.rs (line 27)
13async fn main() -> Result<(), Box<dyn std::error::Error>> {
14    // ── 1. Check availability ────────────────────────────
15    if !SqlmapEngine::is_available() {
16        eprintln!("ERROR: sqlmapapi not found in PATH");
17        eprintln!("Quick fix:");
18        eprintln!("  conda env create -f environment.yml");
19        eprintln!("  conda activate sqlmap-env");
20        eprintln!("  # OR: ./setup.sh");
21        std::process::exit(1);
22    }
23
24    // ── 2. Boot the daemon ───────────────────────────────
25    println!("Booting sqlmapapi daemon on port 8775...");
26    let engine = SqlmapEngine::new(8775, true, None).await?;
27    println!("Daemon ready at {}", engine.api_url());
28
29    // ── 3. Configure scan with builder ───────────────────
30    let target = std::env::args().nth(1).unwrap_or_else(|| {
31        eprintln!("Usage: cargo run --example full_scan -- <target-url>");
32        eprintln!("Example: cargo run --example full_scan -- http://example.com/page?id=1");
33        std::process::exit(1);
34    });
35
36    println!("Target: {target}");
37
38    let opts = SqlmapOptions::builder()
39        .url(&target)
40        .level(3)
41        .risk(2)
42        .batch(true)
43        .threads(4)
44        .random_agent(true)
45        .build();
46
47    // ── 4. Create and run task ───────────────────────────
48    let task = engine.create_task(&opts).await?;
49    println!("Task created: {}", task.task_id());
50
51    task.start().await?;
52    println!("Scan started, polling for completion...");
53
54    // ── 5. Monitor execution ─────────────────────────────
55    task.wait_for_completion(300).await?;
56    println!("Scan complete!");
57
58    // ── 6. Fetch and display logs ────────────────────────
59    match task.fetch_log().await {
60        Ok(log_resp) => {
61            if let Some(logs) = &log_resp.log {
62                println!("\n=== Scan Log ({} entries) ===", logs.len());
63                for entry in logs.iter().rev().take(10) {
64                    println!("  [{}] {}: {}", entry.time, entry.level, entry.message);
65                }
66                if logs.len() > 10 {
67                    println!("  ... and {} more entries", logs.len() - 10);
68                }
69            }
70        }
71        Err(err) => eprintln!("Could not fetch log: {err}"),
72    }
73
74    // ── 7. Fetch results ─────────────────────────────────
75    let data = task.fetch_data().await?;
76    let findings = data.findings();
77
78    println!("\n=== Results ===");
79    println!("  Findings: {}", findings.len());
80
81    if findings.is_empty() {
82        println!("  No SQL injection vulnerabilities detected.");
83    } else {
84        // ── 8. Multi-format output ───────────────────────
85        println!("\n{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Plain));
86
87        println!("=== JSON ===");
88        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::JsonPretty));
89
90        println!("=== CSV ===");
91        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Csv));
92
93        println!("=== Markdown ===");
94        println!("{}", sqlmap_rs::types::format_findings(&findings, OutputFormat::Markdown));
95    }
96
97    // ── 9. Inspect configured options ────────────────────
98    match task.list_options().await {
99        Ok(options) => {
100            println!("\n=== Active Options ===");
101            println!("{}", serde_json::to_string_pretty(&options)?);
102        }
103        Err(err) => eprintln!("Could not fetch options: {err}"),
104    }
105
106    // Task is auto-deleted from daemon on drop.
107    // Engine daemon is auto-killed on drop.
108    println!("\nDone. Task and daemon will be cleaned up automatically.");
109
110    Ok(())
111}

Trait Implementations§

Source§

impl Drop for SqlmapEngine

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)
Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more