feat: added support to mssql for execute query

2025-12-17 18:05:27 +00:00 · 2025-04-28 18:56:35 +05:30 · 2025-04-28 18:56:35 +05:30 · b14e634047
commit b14e634047
parent c4c1496ef8
2 changed files with 79 additions and 0 deletions
--- a/pkg/js/generated/ts/mssql.ts
+++ b/pkg/js/generated/ts/mssql.ts
@ -63,5 +63,33 @@ export class MSSQLClient {
    }
    

+    /**
+    * ExecuteQuery connects to MS SQL database using given credentials and executes a query.
+    * It returns the results of the query or an error if something goes wrong.
+    * @example
+    * ```javascript
+    * const mssql = require('nuclei/mssql');
+    * const client = new mssql.MSSQLClient;
+    * const result = client.ExecuteQuery('acme.com', 1433, 'username', 'password', 'master', 'SELECT @@version');
+    * log(to_json(result));
+    * ```
+    */
+    public ExecuteQuery(host: string, port: number, username: string): SQLResult | null | null {
+        return null;
+    }
+    
+
+}
+
+
+
+/**
+ * SQLResult Interface
+ */
+export interface SQLResult {
+    
+    Count?: number,
+    
+    Columns?: string[],
 }

--- a/pkg/js/libs/mssql/mssql.go
+++ b/pkg/js/libs/mssql/mssql.go
@ -11,6 +11,7 @@ import (

 	_ "github.com/microsoft/go-mssqldb"
 	"github.com/praetorian-inc/fingerprintx/pkg/plugins/services/mssql"
+	"github.com/projectdiscovery/nuclei/v3/pkg/js/utils"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
 )

@ -132,3 +133,53 @@ func isMssql(host string, port int) (bool, error) {
 	}
 	return false, nil
 }
+
+// ExecuteQuery connects to MS SQL database using given credentials and executes a query.
+// It returns the results of the query or an error if something goes wrong.
+// @example
+// ```javascript
+// const mssql = require('nuclei/mssql');
+// const client = new mssql.MSSQLClient;
+// const result = client.ExecuteQuery('acme.com', 1433, 'username', 'password', 'master', 'SELECT @@version');
+// log(to_json(result));
+// ```
+func (c *MSSQLClient) ExecuteQuery(host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) {
+	if host == "" || port <= 0 {
+		return nil, fmt.Errorf("invalid host or port")
+	}
+	if !protocolstate.IsHostAllowed(host) {
+		// host is not valid according to network policy
+		return nil, protocolstate.ErrHostDenied.Msgf(host)
+	}
+
+	target := net.JoinHostPort(host, fmt.Sprintf("%d", port))
+
+	connString := fmt.Sprintf("sqlserver://%s:%s@%s?database=%s&connection+timeout=30",
+		url.PathEscape(username),
+		url.PathEscape(password),
+		target,
+		dbName)
+
+	db, err := sql.Open("sqlserver", connString)
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+
+	db.SetMaxOpenConns(1)
+	db.SetMaxIdleConns(0)
+
+	rows, err := db.Query(query)
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := utils.UnmarshalSQLRows(rows)
+	if err != nil {
+		if data != nil && len(data.Rows) > 0 {
+			return data, nil
+		}
+		return nil, err
+	}
+	return data, nil
+}