Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Add contrib/refresh_token_daemon.py — automated token refresh helper for sqlmap #5963

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gouriphadnis0301 wants to merge 1 commit into sqlmapproject:master
base: master
Choose a base branch
Loading
from gouriphadnis0301:feature/refresh-token

Conversation

@gouriphadnis0301
Copy link

@gouriphadnis0301 gouriphadnis0301 commented Oct 10, 2025

This PR adds contrib/refresh_token_daemon.py, a cross-platform Python utility designed to automatically refresh authentication tokens for long-running sqlmap runs. It is intended to be used with sqlmap's --eval option to inject fresh tokens into request headers and avoid 401 Unauthorized errors when tokens expire mid-fuzzing.

Key Features:

  • Periodically fetches a new auth token from a configured endpoint.
  • Writes token to a file in an atomic, thread-safe way using file locks.
  • Supports configuration via environment variables:
    • AUTH_URL, AUTH_BODY_JSON, TOKEN_OUT, TOKEN_JSON_KEY, REFRESH_TTL, REFRESH_FREQ.
  • Safe defaults; credentials must be provided via environment variables (not hard-coded).
  • Placed under contrib/ as an auxiliary tool, not core functionality.
  • Cross-platform: works on Windows, macOS, and Linux.

Suggested usage:

export AUTH_URL="https://target.example.com/auth"
export AUTH_BODY_JSON='{"username":"alice","password":"secret"}'
export TOKEN_OUT="/tmp/current_token.txt"
export TOKEN_JSON_KEY="access_token"
python3 contrib/refresh_token_daemon.py &
sqlmap -r request.txt --eval="headers['Authorization']='Bearer ' + open('/tmp/current_token.txt').read().strip()"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

AltStyle によって変換されたページ (->オリジナル) /