solve problem of saving result of --sql-query in CSV file

extra/icmpsh/README.txt

@@ -1,45 +1,45 @@
-icmpsh - simple reverse ICMP shell
-
-icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl.
-
-
---- Running the Master ---
-
-The master is straight forward to use. There are no extra libraries required for the C version. 
-The Perl master however has the following dependencies:
-
-    * IO::Socket
-    * NetPacket::IP
-    * NetPacket::ICMP
-
-
-When running the master, don't forget to disable ICMP replies by the OS. For example:
-
-    sysctl -w net.ipv4.icmp_echo_ignore_all=1
-
-If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
-commands send from the master.
-
-
---- Running the Slave ---
-
-The slave comes with a few command line options as outlined below:
-
-
--t host            host ip address to send ping requests to. This option is mandatory!
-
--r                 send a single test icmp request containing the string "Test1234" and then quit. 
-                   This is for testing the connection.
-
--d milliseconds    delay between requests in milliseconds 
-
--o milliseconds    timeout of responses in milliseconds. If a response has not received in time, 
-                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
-                   The counter is set back to 0 if a response was received.
-
--b num             limit of blanks (unanswered icmp requests before quitting
-
--s bytes           maximal data buffer size in bytes
-
-
-In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.
+icmpsh - simple reverse ICMP shell
+
+icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible master in C or Perl.
+
+
+--- Running the Master ---
+
+The master is straight forward to use. There are no extra libraries required for the C version. 
+The Perl master however has the following dependencies:
+
+    * IO::Socket
+    * NetPacket::IP
+    * NetPacket::ICMP
+
+
+When running the master, don't forget to disable ICMP replies by the OS. For example:
+
+    sysctl -w net.ipv4.icmp_echo_ignore_all=1
+
+If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
+commands send from the master.
+
+
+--- Running the Slave ---
+
+The slave comes with a few command line options as outlined below:
+
+
+-t host            host ip address to send ping requests to. This option is mandatory!
+
+-r                 send a single test icmp request containing the string "Test1234" and then quit. 
+                   This is for testing the connection.
+
+-d milliseconds    delay between requests in milliseconds 
+
+-o milliseconds    timeout of responses in milliseconds. If a response has not received in time, 
+                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
+                   The counter is set back to 0 if a response was received.
+
+-b num             limit of blanks (unanswered icmp requests before quitting
+
+-s bytes           maximal data buffer size in bytes
+
+
+In order to improve the speed, lower the delay (-d) between requests or increase the size (-s) of the data buffer.

ok.py

@@ -0,0 +1,142 @@
+import subprocess
+from datetime import datetime
+import sys
+import os
+import csv
+import re
+from urllib.parse import urlparse
+
+#****************************************************************************************
+# this function verify if the argument given is an URL
+def est_url(url):
+    try:
+        result=urlparse(url)
+        return all([result.scheme, result.netloc])
+    except Exception as e:
+        return False
+
+# this function verify if the argument given is a request 
+def est_requete(req):
+    exp_reg= expression_reguliere = re.compile(
+        r'\b(SELECT|UPDATE|DELETE|INSERT INTO|CREATE|ALTER|DROP|GRANT|REVOKE)\b',
+        re.IGNORECASE)
+    return re.search(exp_reg,req) is not None
+
+#*****************************************************************************************
+
+# read the arguements 
+arg=sys.argv
+
+#*****************************************************************************************
+                 #verify if the arguments given are correct or not
+
+if (('-u' in arg)and('--sql-query' in arg)):
+    if (est_url(arg[2])):
+        if (est_requete(arg[-1])):
+            commande_sqlmap = ['python','sqlmap.py']+arg[1:]
+        else:
+            print("verify your request")
+            exit()
+    else:
+        print("verify your URL")
+        exit()
+else:
+    print("Verify that you input correctly -u or --sql-query")
+    exit()
+
+#*****************************************************************************************
+
+#*****************************************************************************************
+                   #extract the name of columns from the request
+deb="SELECT"
+fin="FROM"
+
+#find the start point of the ""deb"" variable in the request
+temp1=(arg[-1].upper()).find(deb)
+
+#find the start point of the ""fin"" variable in the request
+temp2=(arg[-1].upper()).find(fin)
+
+#select the request from the arguments given bu the user in command line
+temp_res=arg[-1]
+
+#start selection of the columns names after the ""deb"" variable
+T=len(deb)-temp1+1
+temp_res=temp_res[T:temp2]
+
+#split the String that contains columns name 
+temp_res=(temp_res.strip()).split(',')
+
+#******************************************************************************************
+
+#******************************************************************************************
+                    #process the request
+
+res=subprocess.check_output(commande_sqlmap)
+
+#res=subprocess.run(commande_sqlmap,capture_output=True, text=True)
+
+#view the result of processing the resquest
+res = res.decode('utf-8')
+print(res)
+
+
+# Select actuel time
+heure_actuelle = datetime.now()
+heure_formattee = heure_actuelle.strftime("%H:%M:%S")
+
+# ""m_deb"" variable is a string that represents the start point of showing the result of the request   
+m_deb="["+str(heure_formattee)+"]"+" [INFO] fetching SQL SELECT statement query output:"
+
+# ""m_fin"" variable is a string that represents the end point point of showing the result of the request
+m_fin="["+str(heure_formattee)+"]"+" [INFO] fetched data logged to text files under"
+
+#""debut_message"" contains the position of the ""m_deb"" variable in the result
+debut_message = res.find(m_deb)
+
+#""fin_message"" contains the position of the ""m_fin"" variable in the result
+fin_message = res.find(m_fin)
+
+#select a part of the result that is between ""m_deb"" variable and ""m_fin"" variable
+message = res[debut_message:fin_message].strip()
+
+
+lignes = message.splitlines()
+
+# ""donnees_sauvegarder"" variable is a list of dictionaries
+donnees_sauvegarder = []
+
+# loop on the ""lignes"" variable
+for ligne in lignes:
+    # verify if this line contain [*]
+    if ligne.startswith("[*]"):
+        # extract data after '[*]'
+        v_temp=(ligne[4:].strip()).split(',')
+        d_temp={}
+        for i in range(len(temp_res)):
+            # add for every column from ""temp_res"" variable a value from ""v_temp"" variable 
+            d_temp.update({temp_res[i]:v_temp[i]})
+
+        # add the dictionarie in the list
+        donnees_sauvegarder.append(d_temp)
+
+#*****************************************************************************************************
+
+            # create a file named ""data_save.csv"" in same repositories with this script file
+
+file_csv="data_save.csv"
+
+if(len(donnees_sauvegarder)!=0):# if the process of the request send data
+    with open(file_csv,mode='w',newline='') as file_csv:
+        # write the header of this CSV file
+        writer=csv.DictWriter(file_csv,fieldnames=temp_res)
+        writer.writeheader()
+        # loop on the list of dictionaries named ""donnees_sauvegarder"" to wite its content on the CSV file
+        for part in donnees_sauvegarder:
+            writer.writerow(part)
+        # if the data is successfully saved in the CSV file this message show the place of the file
+        print("data saved in csv format under "+"'"+os.path.realpath("data_save.csv")+"'")
+else:
+    print("data don't exist to create CSV file")
+
+#********************************************************************************************************