From f267c9c1f5cd8b1c0bab962728f113ec8cc184cd Mon Sep 17 00:00:00 2001
From: bkbilly <bkbilly@hotmail.com>
Date: Tue, 25 Jul 2023 15:26:33 +0300
Subject: [PATCH] Formated json output

---
 lib/controller/controller.py | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 7d43290a8..e2578bb85 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -167,6 +167,38 @@ def _formatInjection(inj):
 
     return data
 
+def _formatDictInjection(inj):
+    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.place
+    data = {
+        "parameter": inj.parameter,
+        "paramtype": paramType,
+        "injection": []
+    }
+
+    for stype, sdata in inj.data.items():
+        title = sdata.title
+        vector = sdata.vector
+        comment = sdata.comment
+        payload = agent.adjustLateValues(sdata.payload)
+        if inj.place == PLACE.CUSTOM_HEADER:
+            payload = payload.split(',', 1)[1]
+        if stype == PAYLOAD.TECHNIQUE.UNION:
+            count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
+            title = re.sub(r"\d+ to \d+", str(count), title)
+            vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
+            if count == 1:
+                title = title.replace("columns", "column")
+        elif comment:
+            vector = "%s%s" % (vector, comment)
+        injection = {
+            "type": PAYLOAD.SQLINJECTION[stype],
+            "payload": urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus)),
+            "vector": vector
+        }
+        data["injection"].append(injection)
+
+    return data
+
 def _showInjections():
     if conf.wizard and kb.wizardMode:
         kb.wizardMode = False
@@ -195,12 +227,14 @@ def _showInjections():
         logger.warning(warnMsg)
 
 def _saveInjections():
+    data = [_formatDictInjection(inj) for inj in kb.injections]
+
     if conf.jsonFile:
         data = {
             "url": conf.url,
             "query": conf.parameters.get(PLACE.GET),
             "data": conf.parameters.get(PLACE.POST),
-            "injections": kb.injections,
+            "injections": data,
         }
         conf.dumper.json(conf.jsonFile, data)