class Window(wx.Frame):
def __init__(self, parent):
super().__init__(parent, title = 'sqlmap-wx')
self.SetIcon(wx.Icon('sqlmap_wx.ico'))
self.m = Model()
self._handlers = Handler(self, self.m) # 需要先设置handler, Bind需要它
self.initUI()
self.make_accelerators() # 要先初始化完成后, 才能设全局键
# 添加tooltips, placeholders等
INIT_MESG(self.m)
# 读取 上次所有选项
self.session = Session(self.m)
self.session.load_from_tmp()
# @profile
def initUI(self):
p = Panel(self)
self._target_notebook = nb(p)
self.build_target_notebook(self._target_notebook)
self.main_notebook = nb(p)
page1 = self.build_page1(self.main_notebook)
page2 = self.build_page2(self.main_notebook)
page3 = self.build_page3(self.main_notebook)
page4 = self.build_page4(self.main_notebook)
page5 = self.build_page5(self.main_notebook)
page6 = self.build_page6(self.main_notebook)
self.main_notebook.AddPage(page1, '选项区(1)')
self.main_notebook.AddPage(page2, '输出区(2)')
self.main_notebook.AddPage(page3, '日志区(3)')
self.main_notebook.AddPage(page4, 'API区(4)')
self.main_notebook.AddPage(page5, '帮助(H)')
self.main_notebook.AddPage(page6, '关于')
vbox = BoxSizer(VERTICAL)
vbox.Add(self._target_notebook, flag = EXPAND)
vbox.Add(self.main_notebook, proportion = 1, flag = EXPAND)
p.SetSizer(vbox)
_frame_sz = BoxSizer()
_frame_sz.Add(p, proportion = 1, flag = EXPAND)
# 使用SetSizerAndFit方法使frame拥有最小size
self.SetSizerAndFit(_frame_sz)
def make_accelerators(self):
'''
https://www.blog.pythonlibrary.org/2017/09/28/wxpython-all-about-accelerators/
只有最后一次的SetAcceleratorTable会生效
'''
self.Bind(wx.EVT_CLOSE, self.onExit)
self.Bind(wx.EVT_MENU, self.onCloseByAccel, id = wx.ID_EXIT)
self.accel_entries = [(wx.ACCEL_CTRL, ord('Q'), wx.ID_EXIT),
(wx.ACCEL_CTRL, ord('W'), wx.ID_EXIT)]
main_note_ks = ['1', '2', '3', '4', 'H']
for i in range(len(main_note_ks)):
pageid = self.main_notebook.GetPage(i).GetId()
self.accel_entries.append((wx.ACCEL_ALT, ord(main_note_ks[i]), pageid))
self.Bind(
wx.EVT_MENU,
lambda evt, page = i: self.main_notebook.SetSelection(page),
id = pageid)
_note_keys = ['Q', 'W', 'E', 'R', 'T']
for i in range(len(_note_keys)):
pageid = self._notebook.GetPage(i).GetId()
self.accel_entries.append((wx.ACCEL_ALT, ord(_note_keys[i]), pageid))
self.Bind(
wx.EVT_MENU,
lambda evt, page = i:
self._notebook.SetSelection(page)
if self.main_notebook.GetSelection() == 0 else evt.Skip(),
id = pageid)
# win下, 若焦点没按钮上, 则不响应mnemonic, 只能在这里实现了
_btn_keys = ['A', 'S', 'D', 'F']
btns = self.btn_grid.GetChildren()
for i in range(len(btns)):
btn = btns[i].GetWindow()
btnid = btn.GetId()
self.accel_entries.append((wx.ACCEL_ALT, ord(_btn_keys[i]), btnid))
self.Bind(
wx.EVT_MENU,
lambda evt, _btn = btn: # 防止闭包: btn这个变量名跟lambda绑定成一体
self.make_btn_accel(_btn)
if self.main_notebook.GetSelection() == 0 else evt.Skip(),
id = btnid)
accel_tbl = wx.AcceleratorTable(self.accel_entries)
self.SetAcceleratorTable(accel_tbl)
def make_btn_accel(self, btn):
'''
https://stackoverflow.com/questions/12786471/invoking-a-wxpython-evt-button-event-programmatically
'''
evt = wx.PyCommandEvent(wx.EVT_BUTTON.typeId, btn.GetId())
# print(evt)
wx.PostEvent(btn, evt)
def clear_all_entry(self, event):
m = self.m
for _i in dir(m):
if _i.endswith('entry'):
_tmp_entry = getattr(m, _i)
if isinstance(_tmp_entry, tc) and _tmp_entry is not m.sqlmap_path_entry:
_tmp_entry.SetValue('')
self._notebook.SetFocus()
def unselect_all_ckbtn(self, event):
m = self.m
for _i in dir(m):
if _i.endswith('ckbtn'):
_tmp_ckbtn = getattr(m, _i)
if isinstance(_tmp_ckbtn, cb) and _tmp_ckbtn.IsChecked():
_tmp_ckbtn.SetValue(False)
for _i in m._enum_area_opts_ckbtns:
for _j in _i:
if _j.IsChecked():
_j.SetValue(False)
self._notebook.SetFocus()
def onCloseByAccel(self, event):
'''
https://stackoverflow.com/questions/49454737/how-can-i-exit-out-of-a-wxpython-application-cleanly
'''
# print('by accelerator.')
wx.CallAfter(self.Close)
def onExit(self, event):
'''
https://www.daniweb.com/programming/software-development/code/216760/verify-exit-dialog-wxpython
'''
# print('by ALT-<F4> or click close button.')
try:
# 保存 此次所有选项
self.session.save_to_tmp()
except Exception as e:
raise e
finally:
event.Skip()
def build_target_notebook(self, parent):
m = self.m
m._url_combobox.Create(parent, choices = ['http://www.site.com/vuln.php?id=1']) # style = wx.CB_DROPDOWN
p2 = Panel(parent)
hbox2 = BoxSizer()
m._burp_logfile.Create(p2)
m._burp_logfile_chooser.Create(p2, label = '打开')
m._burp_logfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._burp_logfile]:
self._handlers.set_file_entry_text(evt, data))
hbox2.Add(m._burp_logfile, proportion = 1, flag = EXPAND)
hbox2.Add(m._burp_logfile_chooser, flag = EXPAND)
p2.SetSizer(hbox2)
p3 = Panel(parent)
hbox3 = BoxSizer()
m._request_file.Create(p3)
m._request_file_chooser.Create(p3, label = '打开')
m._request_file_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._request_file]:
self._handlers.set_file_entry_text(evt, data))
hbox3.Add(m._request_file, proportion = 1, flag = EXPAND)
hbox3.Add(m._request_file_chooser, flag = EXPAND)
p3.SetSizer(hbox3)
p4 = Panel(parent)
hbox4 = BoxSizer()
m._bulkfile.Create(p4)
m._bulkfile_chooser.Create(p4, label = '打开')
m._bulkfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._bulkfile]:
self._handlers.set_file_entry_text(evt, data))
hbox4.Add(m._bulkfile, proportion = 1, flag = EXPAND)
hbox4.Add(m._bulkfile_chooser, flag = EXPAND)
p4.SetSizer(hbox4)
p5 = Panel(parent)
hbox5 = BoxSizer()
m._configfile.Create(p5)
m._configfile_chooser.Create(p5, label = '打开')
m._configfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._configfile]:
self._handlers.set_file_entry_text(evt, data))
hbox5.Add(m._configfile, proportion = 1, flag = EXPAND)
hbox5.Add(m._configfile_chooser, flag = EXPAND)
p5.SetSizer(hbox5)
m._sitemap_url.Create(parent)
m._google_dork.Create(parent)
parent.AddPage(m._url_combobox, '目标url')
parent.AddPage(p2, 'burp日志')
parent.AddPage(p3, 'HTTP请求')
parent.AddPage(p4, 'BULKFILE')
parent.AddPage(p5, 'ini文件')
parent.AddPage(m._sitemap_url, 'xml_url')
parent.AddPage(m._google_dork, 'GOOGLEDORK')
def build_page1(self, parent):
p = Panel(parent)
m = self.m
# sqlmap命令语句
cmd_area = StaticBoxSizer(VERTICAL, p, 'A.收集选项 的结果显示在这:')
_cmd_area = cmd_area.GetStaticBox()
m._cmd_entry.Create(_cmd_area)
cmd_area.Add(m._cmd_entry, flag = EXPAND)
# 主构造区
self._notebook = Notebook(p, m, self._handlers)
# 构造与执行 和 改善ui的使用体验
self.btn_grid = GridSizer(1, 4, 0, 0)
_build_button = btn(p, label = 'A.收集选项(A)')
_unselect_all_btn = btn(p, label = '反选所有复选框(S)')
_clear_all_entry = btn(p, label = '清空所有输入框(D)')
_build_button.Bind(EVT_BUTTON, self._handlers.build_all)
_unselect_all_btn.Bind(EVT_BUTTON, self.unselect_all_ckbtn)
_clear_all_entry.Bind(EVT_BUTTON, self.clear_all_entry)
_run_button = btn(p, label = 'B.开始(F)')
_run_button.Bind(EVT_BUTTON, self._handlers.run_cmdline)
self.btn_grid.Add(_build_button, flag = ALIGN_CENTER)
self.btn_grid.Add(_unselect_all_btn, flag = ALIGN_CENTER)
self.btn_grid.Add(_clear_all_entry, flag = ALIGN_CENTER)
self.btn_grid.Add(_run_button, flag = ALIGN_CENTER)
vbox = BoxSizer(VERTICAL)
vbox.Add(cmd_area, flag = EXPAND)
vbox.Add(self._notebook, proportion = 1, flag = EXPAND)
vbox.Add(self.btn_grid, flag = EXPAND)
p.SetSizerAndFit(vbox)
return p
def build_page2(self, parent):
p = Panel(parent)
st(p, label = 'TODO')
return p
def build_page3(self, parent):
p = Panel(parent)
m = self.m
# 多行文本框的默认size太小了
# 默认高度太低, 不指定个高度, 会报 滚动条相关的size 警告
m._page3_log_view.Create(p,
size = (-1, 300),
style = wx.TE_MULTILINE | wx.TE_READONLY)
# self._handlers.clear_log_view_buffer(None)
grid = GridSizer(1, 3, 0, 0)
m._page3_read_target_btn.Create(p, label = '查看target文件')
m._page3_clear_btn.Create(p, label = '清空(&C)')
m._page3_read_log_btn.Create(p, label = '查看log文件')
m._page3_read_target_btn.Bind(EVT_BUTTON, self._handlers.read_target_file)
m._page3_clear_btn.Bind(EVT_BUTTON, self._handlers.clear_log_view_buffer)
m._page3_read_log_btn.Bind(EVT_BUTTON, self._handlers.read_log_file)
grid.Add(m._page3_read_target_btn, flag = ALIGN_CENTER)
grid.Add(m._page3_clear_btn, flag = ALIGN_CENTER)
grid.Add(m._page3_read_log_btn, flag = ALIGN_CENTER)
vbox = BoxSizer(VERTICAL)
vbox.Add(m._page3_log_view, proportion = 1, flag = EXPAND | ALL, border = 10)
vbox.Add(grid, flag = EXPAND)
p.SetSizerAndFit(vbox)
return p
def build_page4(self, parent):
p = Panel(parent)
m = self.m
border = SizerFlags().Border(LEFT | RIGHT, 5).Align(ALIGN_CENTER)
proportion_border = SizerFlags(1).Border(LEFT | RIGHT, 5).Align(ALIGN_CENTER)
row1, row2 = (BoxSizer() for _ in range(2))
m._page4_api_server_label.Create(p, label = 'REST-JSON API server:')
m._page4_api_server_entry.Create(p, value = '127.0.0.1:8775')
m._page4_admin_token_label.Create(p, label = 'Admin (secret) token:')
m._page4_admin_token_entry.Create(p)
m._page4_admin_token_entry.SetMaxLength(32)
row1.Add(m._page4_api_server_label, border)
row1.Add(m._page4_api_server_entry, proportion_border)
row1.Add(m._page4_admin_token_label, border)
row1.Add(m._page4_admin_token_entry, proportion_border)
m._page4_task_new_btn.Create(p, label = '创建任务')
m._page4_admin_list_btn.Create(p, label = '显示任务')
m._page4_admin_flush_btn.Create(p, label = '删除所有任务')
m._page4_clear_task_view_btn.Create(p, label = '清空反馈的结果')
m._page4_username_label.Create(p, label = '用户名:')
m._page4_username_entry.Create(p)
m._page4_password_label.Create(p, label = '密码:')
m._page4_password_entry.Create(p)
_arrow_down = wx.ArtProvider.GetBitmap(wx.ART_GO_DOWN, wx.ART_BUTTON)
m._page4_admin_list_btn.SetBitmap(_arrow_down, dir = RIGHT)
m._page4_task_new_btn.Bind(EVT_BUTTON, self._handlers.api.task_new)
m._page4_admin_list_btn.Bind(EVT_BUTTON, self._handlers.api.admin_list)
m._page4_admin_flush_btn.Bind(EVT_BUTTON, self._handlers.api.admin_flush)
m._page4_clear_task_view_btn.Bind(EVT_BUTTON, self._handlers.clear_task_view_buffer)
row2.Add(m._page4_task_new_btn, border)
row2.Add(m._page4_admin_list_btn, border)
row2.Add(m._page4_admin_flush_btn, border)
row2.Add(m._page4_clear_task_view_btn, border)
row2.Add(m._page4_username_label, flag = ALIGN_CENTER | LEFT, border = 200)
row2.Add(m._page4_username_entry, proportion_border)
row2.Add(m._page4_password_label, border)
row2.Add(m._page4_password_entry, proportion_border)
row3 = SplitterWindow(p, style = wx.SP_LIVE_UPDATE | wx.BORDER_SUNKEN)
# 不能放在SplitVertically后面, 不然gravity会无效
# row3.SetSashGravity(0.5)
row3.SetMinimumPaneSize(400)
lpane = Scroll(row3)
self._api_admin_list_rows = lpane
lpane.SetSizer(BoxSizer(VERTICAL))
rpane = Panel(row3)
_rbox = BoxSizer(VERTICAL)
m._page4_option_get_entry.Create(rpane, value = 'url risk level')
_page4_option_set_view_tip = st(rpane, label = '所有选项见sqlmap目录中的optiondict.py')
_options_example = ("{\n"
" 'url': 'http://www.site.com/vuln.php?id=1',\n"
" 'level': 1, 'risk': 1,\n\n"
"}\n")
m._page4_option_set_view.Create(rpane,
value = _options_example,
style = wx.TE_MULTILINE)
_rbox.Add(m._page4_option_get_entry, flag = EXPAND | ALL, border = 2)
_rbox.Add(_page4_option_set_view_tip, flag = ALL, border = 2)
_rbox.Add(m._page4_option_set_view, proportion = 1, flag = EXPAND | ALL, border = 2)
rpane.SetSizer(_rbox)
row3.SplitVertically(lpane, rpane)
# win下, lpane是灰色的, 将row3设下颜色, 又是兼容代码...
row3.SetBackgroundColour(m._page4_option_set_view.GetBackgroundColour())
row3.SetSashPosition(lpane.GetMinWidth())
m._page4_task_view.Create(p, value = '此处显示反馈的结果:\n', style = wx.TE_MULTILINE | wx.TE_READONLY)
vbox = BoxSizer(VERTICAL)
vbox.Add(row1, flag = EXPAND | ALL, border = 5)
vbox.Add(row2, flag = EXPAND | ALL, border = 5)
vbox.Add(row3, proportion = 1, flag = EXPAND | LEFT | RIGHT, border = 10)
vbox.Add(m._page4_task_view, proportion = 1, flag = EXPAND | ALL, border = 10)
p.SetSizerAndFit(vbox)
return p
def build_page5(self, parent):
p = Panel(parent)
m = self.m
self._get_sqlmap_path_btn = btn(p, label = '获取帮助')
self._get_sqlmap_path_btn.Disable()
# 多行文本框的默认size太小了
# 默认高度太低, 不指定个高度, gtk会报 滚动条相关的size 警告
m._page5_manual_view.Create(p,
size = (-1, 300),
style = wx.TE_MULTILINE | wx.TE_READONLY)
self._get_sqlmap_path_btn.Bind(
EVT_BUTTON, lambda evt, view = m._page5_manual_view:
self._make_help_thread(evt, view))
self._make_help_thread(None, m._page5_manual_view)
vbox = BoxSizer(VERTICAL)
vbox.Add(self._get_sqlmap_path_btn, flag = TOP | LEFT | BOTTOM, border = 10)
vbox.Add(m._page5_manual_view, proportion = 1, flag = EXPAND | LEFT | RIGHT, border = 10)
p.SetSizerAndFit(vbox)
return p
def _make_help_thread(self, event, view):
isClick = True if event else False
# 使用线程 填充 帮助标签, 加快启动速度
t = Thread(target = self._set_manual_view,
args = (view, isClick))
t.daemon = True # 主线程退出了, 当然守护进程也要退出
t.start()
def _set_manual_view(self, view, isClick):
'''
不用多线程能行嘛? 想要获得输出结果就一定会有阻塞的可能!
https://www.jianshu.com/p/11090e197648
https://wiki.gnome.org/Projects/PyGObject/Threading
needle注: 操作的共享对象有两个: _get_sqlmap_path_btn, view
原则一样, 所有对共用对象的操作都要用CallAfter
这样写是不是很丑?
'''
if isClick:
wx.CallAfter(self._get_sqlmap_path_btn.Disable)
wx.CallAfter(view.SetValue, '')
byte_coding = 'utf8' if IS_POSIX else 'gbk'
# _manual_hh = '/home/needle/bin/output_interval.sh'
# win下的sqlmap -hh有Enter阻塞
_manual_hh = 'echo y|%s -hh' % self._handlers.get_sqlmap_path()
try:
_subprocess = Popen(_manual_hh, stdout=PIPE, stderr=STDOUT, bufsize=1, shell = True)
for _an_bytes_line_tmp in iter(_subprocess.stdout.readline, b''):
wx.CallAfter(view.write,
_an_bytes_line_tmp.decode(byte_coding))
_subprocess.wait()
_subprocess.stdout.close()
except FileNotFoundError as e:
wx.CallAfter(view.write, str(e))
except Exception as e:
print(e) # 如果主线程结束太快, 会: AssertionError: No wx.App created yet
finally:
wx.CallAfter(self._get_sqlmap_path_btn.Enable)
if isClick:
# 用gtk时, 如果view不在屏幕上可见, ShowPosition会报错
wx.CallAfter(view.ShowPosition, 0)
wx.CallAfter(self._get_sqlmap_path_btn.SetFocus)
def build_page6(self, parent):
p = Panel(parent)
_about_str = '''
1. VERSION: 0.3.3
2019年 10月 16日 星期三 06:54:46 CST
required: python3.5+, wxPython4.0+, sqlmap
作者: needle wang ( [email protected] )
https://github.com/needle-wang/sqlmap-wx\n
2. 使用wxPython重写sqlmap-ui(using PyGObject)\n
3. wxpython教程: https://wiki.wxpython.org/
http://zetcode.com/wxpython/
4. wxpython API: https://wxpython.org/Phoenix/docs/html/index.html\n\n
5. 感谢sqm带来的灵感, 其作者: KINGX ( https://github.com/kxcode ), sqm UI 使用的是python2 + tkinter
'''
hbox = BoxSizer()
_page6_about = st(p, label = _about_str)
# 完全居中!
hbox.Add(_page6_about, flag = ALIGN_CENTER)
vbox = BoxSizer(VERTICAL)
vbox.Add(hbox, proportion = 1, flag = ALIGN_CENTER)
p.SetSizerAndFit(vbox)
return p
