class UsageCommand(Command):
def __init__(self):
self.params = None
def initialize(self):
if self.params is None:
'[-] Error: chori is not a valid command'
self.params = Parameter()
for cmd in cmd_manager.cmds:
self.params.add_parameter(cmd, Parameter(lambda __, _, cmd=cmd:
output_manager.normal(' {0}'.format(cmd_manager.cmds[cmd].usage(cmd))).line_break()))
def blah(self, data):
output_manager.normal(' {0}'.format(data)).line_break()
def execute(self, mole, params):
self.initialize()
self.params.execute(mole, params)
def parameters(self, mole, current_params):
self.initialize()
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <CMD_NAME>'
class UsageCommand(Command):
def __init__(self):
self.params = None
def initialize(self):
if self.params is None:
'[-] Error: chori is not a valid command'
self.params = Parameter()
for cmd in cmd_manager.cmds:
self.params.add_parameter(
cmd,
Parameter(lambda __, _, cmd=cmd: output_manager.normal(
' {0}'.format(cmd_manager.cmds[cmd].usage(cmd))).
line_break()))
def blah(self, data):
output_manager.normal(' {0}'.format(data)).line_break()
def execute(self, mole, params):
self.initialize()
self.params.execute(mole, params)
def parameters(self, mole, current_params):
self.initialize()
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <CMD_NAME>'
def generate_config_parameters(self, mole):
ret = {}
for i in mole.requester.query_filters.active_filters():
try:
param = Parameter()
subparams = mole.requester.query_filters.config_parameters(i)
for subparam in subparams:
param.add_parameter(subparam, subparams[subparam])
ret[i] = param
except Exception as ex:
print(ex)
return ret
def generate_config_parameters(self, mole):
ret = {}
for i in mole.requester.query_filters.active_filters():
try:
param = Parameter()
subparams = mole.requester.query_filters.config_parameters(i)
for subparam in subparams:
param.add_parameter(subparam, subparams[subparam])
ret[i] = param
except Exception as ex:
print(ex)
return ret
class BaseFilterCommand(Command):
def __init__(self, functor):
self.functor = functor
self.params = Parameter(lambda mole, _: self.print_filters(mole))
add_param = Parameter()
add_param.set_param_generator(
lambda mole, _: self.generate_add_filters(mole))
del_param = Parameter()
del_param.set_param_generator(
lambda mole, _: self.generate_del_filters(mole))
self.params.add_parameter('add', add_param)
self.params.add_parameter('del', del_param)
def generate_add_filters(self, mole):
ret = {}
for i in self.functor(mole).available_filters():
ret[i] = Parameter(
lambda mole, params, i=i: self.add_filter(mole, i, params))
return ret
def generate_del_filters(self, mole):
ret = {}
for i in self.functor(mole).active_filters():
ret[i] = Parameter(
lambda mole, params, i=i: self.functor(mole).remove_filter(i))
return ret
def add_filter(self, mole, name, params):
try:
self.functor(mole).add_filter(name, params)
except FilterCreationError as ex:
raise CommandException(
'Filter {0} failed to initialize({1})'.format(name, str(ex)))
def print_filters(self, mole):
filters = self.functor(mole).active_filters_to_string()
if len(filters) == 0:
output_manager.normal('No filters added yet.').line_break()
else:
for i in filters:
output_manager.normal(i).line_break()
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' [add|del|config] [FILTER_NAME [ARGS]]'
class QueryModeCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(mole.mode).line_break())
self.params.add_parameter('union', Parameter(lambda mole, _: mole.set_mode('union')))
self.params.add_parameter('blind', Parameter(lambda mole, _: mole.set_mode('blind')))
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <union|blind>'
class RequestSenderCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(str(mole.requester.sender)).line_break())
self.params.add_parameter('headsender', Parameter(lambda mole, _: self.set_sender(mole, HttpHeadRequestSender)))
self.params.add_parameter('httpsender', Parameter(lambda mole, _: self.set_sender(mole, HttpRequestSender)))
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def set_sender(self, mole, sender):
mole.requester.sender = sender()
mole.initialized = False
mole.requester.encoding = None
class OutputCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(output_manager.result_output).line_break())
self.params.add_parameter('pretty', Parameter(lambda mole, _: self.set_output('pretty')))
self.params.add_parameter('plain', Parameter(lambda mole, _: self.set_output('plain')))
def set_output(self, value):
output_manager.result_output = value
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <pretty|plain>'
class VerboseCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal('on' if mole.verbose else 'off').line_break())
self.params.add_parameter('on', Parameter(lambda mole, _: self.set_verbose(mole, True)))
self.params.add_parameter('off', Parameter(lambda mole, _: self.set_verbose(mole, False)))
def set_verbose(self, mole, value):
mole.verbose = value
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <on|off>'
class RedirectCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal('on' if mole.requester.sender.follow_redirects else 'off').line_break())
self.params.add_parameter('on', Parameter(lambda mole, _: self.set_follow_redirects(mole, True)))
self.params.add_parameter('off', Parameter(lambda mole, _: self.set_follow_redirects(mole, False)))
def set_follow_redirects(self, mole, value):
mole.requester.sender.follow_redirects = value
def execute(self, mole, params):
self.params.execute(mole, params)
def usage(self, cmd_name):
return cmd_name + ' [on|off]'
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
class QueryModeCommand(Command):
def __init__(self):
self.params = Parameter(
lambda mole, _: output_manager.normal(mole.mode).line_break())
self.params.add_parameter(
'union', Parameter(lambda mole, _: mole.set_mode('union')))
self.params.add_parameter(
'blind', Parameter(lambda mole, _: mole.set_mode('blind')))
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <union|blind>'
class BaseFilterCommand(Command):
def __init__(self, functor):
self.functor = functor
self.params = Parameter(lambda mole, _: self.print_filters(mole))
add_param = Parameter()
add_param.set_param_generator(lambda mole, _: self.generate_add_filters(mole))
del_param = Parameter()
del_param.set_param_generator(lambda mole, _: self.generate_del_filters(mole))
self.params.add_parameter('add', add_param)
self.params.add_parameter('del', del_param)
def generate_add_filters(self, mole):
ret = {}
for i in self.functor(mole).available_filters():
ret[i] = Parameter(lambda mole, params, i=i: self.add_filter(mole, i, params))
return ret
def generate_del_filters(self, mole):
ret = {}
for i in self.functor(mole).active_filters():
ret[i] = Parameter(lambda mole, params, i=i: self.functor(mole).remove_filter(i))
return ret
def add_filter(self, mole, name, params):
try:
self.functor(mole).add_filter(name, params)
except FilterCreationError as ex:
raise CommandException('Filter {0} failed to initialize({1})'.format(name, str(ex)))
def print_filters(self, mole):
filters = self.functor(mole).active_filters_to_string()
if len(filters) == 0:
output_manager.normal('No filters added yet.').line_break()
else:
for i in filters:
output_manager.normal(i).line_break()
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' [add|del|config] [FILTER_NAME [ARGS]]'
class OutputCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(
output_manager.result_output).line_break())
self.params.add_parameter(
'pretty', Parameter(lambda mole, _: self.set_output('pretty')))
self.params.add_parameter(
'plain', Parameter(lambda mole, _: self.set_output('plain')))
def set_output(self, value):
output_manager.result_output = value
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <pretty|plain>'
class VerboseCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(
'on' if mole.verbose else 'off').line_break())
self.params.add_parameter(
'on', Parameter(lambda mole, _: self.set_verbose(mole, True)))
self.params.add_parameter(
'off', Parameter(lambda mole, _: self.set_verbose(mole, False)))
def set_verbose(self, mole, value):
mole.verbose = value
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def usage(self, cmd_name):
return cmd_name + ' <on|off>'
class RequestSenderCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(
str(mole.requester.sender)).line_break())
self.params.add_parameter(
'headsender',
Parameter(
lambda mole, _: self.set_sender(mole, HttpHeadRequestSender)))
self.params.add_parameter(
'httpsender',
Parameter(
lambda mole, _: self.set_sender(mole, HttpRequestSender)))
def execute(self, mole, params):
self.params.execute(mole, params)
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
def set_sender(self, mole, sender):
mole.requester.sender = sender()
mole.initialized = False
mole.requester.encoding = None
class RedirectCommand(Command):
def __init__(self):
self.params = Parameter(lambda mole, _: output_manager.normal(
'on'
if mole.requester.sender.follow_redirects else 'off').line_break())
self.params.add_parameter(
'on',
Parameter(lambda mole, _: self.set_follow_redirects(mole, True)))
self.params.add_parameter(
'off',
Parameter(lambda mole, _: self.set_follow_redirects(mole, False)))
def set_follow_redirects(self, mole, value):
mole.requester.sender.follow_redirects = value
def execute(self, mole, params):
self.params.execute(mole, params)
def usage(self, cmd_name):
return cmd_name + ' [on|off]'
def parameters(self, mole, current_params):
return self.params.parameter_list(mole, current_params)
class SQLServerCollationFilter(BaseQueryFilter):
def __init__(self, name, params):
BaseQueryFilter.__init__(self, name, params)
self.cast_match = re.compile('cast\([\w\d_\-@]+ as varchar\([\d]+\)\)')
self.field_match = re.compile(
'cast\(([\w\d_\-@]+) as varchar\([\d]+\)\)')
self.blacklist = []
self.collation = params[0] if len(params) == 1 else 'DATABASE_DEFAULT'
self.blist_param = Parameter(lambda _, __: self.print_blacklist())
add_blist = Parameter(lambda _, params: self.blacklist_add(params))
del_blist = Parameter(no_args_str='Expected argument after "del"')
self.blist_param.add_parameter('add', add_blist)
del_blist.set_param_generator(lambda _, __: self.del_generator())
self.blist_param.add_parameter('del', del_blist)
self.collation_param = Parameter(
lambda _, params: self.exec_collation(params))
self.params = {
'blacklist': self.blist_param,
'collation': self.collation_param
}
def configuration_parameters(self):
return self.params
def exec_collation(self, params):
if len(params) < 1:
output_manager.normal(self.collation).line_break()
else:
self.collation = params[0]
def blacklist_add(self, params):
if len(params) == 0:
output_manager.error('Expected argument after "add"').line_break()
else:
for i in params:
self.blacklist.append(i)
def del_generator(self):
ret = {}
for i in self.blacklist:
ret[i] = Parameter(lambda _, __, i=i: self.blacklist.remove(i))
return ret
def print_blacklist(self):
if len(self.blacklist) == 0:
output_manager.info('No fields in blacklist.').line_break()
else:
for i in self.blacklist:
output_manager.normal(i).line_break()
def filter_(self, query):
try:
matches = self.cast_match.findall(query)
for i in matches:
field = self.field_match.findall(i)[0]
if not field in self.blacklist:
replaced = i.replace(
field,
'(' + field + ' COLLATE ' + self.collation + ')')
query = query.replace(i, replaced)
except Exception as ex:
output_manager.error('{0}'.format(ex)).line_break()
return query
def export_config(self):
import copy
blacklist_config = ['blacklist', 'add'] + copy.copy(self.blacklist)
collation_config = ['collation', self.collation]
return [blacklist_config, collation_config]
def __str__(self):
return self.name + ' ' + self.collation
class SQLServerCollationFilter(BaseQueryFilter):
def __init__(self, name, params):
BaseQueryFilter.__init__(self, name, params)
self.cast_match = re.compile('cast\([\w\d_\-@]+ as varchar\([\d]+\)\)')
self.field_match = re.compile('cast\(([\w\d_\-@]+) as varchar\([\d]+\)\)')
self.blacklist = []
self.collation = params[0] if len(params) == 1 else 'DATABASE_DEFAULT'
self.blist_param = Parameter(lambda _, __: self.print_blacklist())
add_blist = Parameter(lambda _, params: self.blacklist_add(params))
del_blist = Parameter(no_args_str='Expected argument after "del"')
self.blist_param.add_parameter('add', add_blist)
del_blist.set_param_generator(lambda _, __: self.del_generator())
self.blist_param.add_parameter('del', del_blist)
self.collation_param = Parameter(lambda _, params: self.exec_collation(params))
self.params = { 'blacklist' : self.blist_param, 'collation' : self.collation_param }
def configuration_parameters(self):
return self.params
def exec_collation(self, params):
if len(params) < 1:
output_manager.normal(self.collation).line_break()
else:
self.collation = params[0]
def blacklist_add(self, params):
if len(params) == 0:
output_manager.error('Expected argument after "add"').line_break()
else:
for i in params:
self.blacklist.append(i)
def del_generator(self):
ret = {}
for i in self.blacklist:
ret[i] = Parameter(lambda _, __, i=i: self.blacklist.remove(i))
return ret
def print_blacklist(self):
if len(self.blacklist) == 0:
output_manager.info('No fields in blacklist.').line_break()
else:
for i in self.blacklist:
output_manager.normal(i).line_break()
def filter_(self, query):
try:
matches = self.cast_match.findall(query)
for i in matches:
field = self.field_match.findall(i)[0]
if not field in self.blacklist:
replaced = i.replace(field, '(' + field + ' COLLATE ' + self.collation + ')')
query = query.replace(i, replaced)
except Exception as ex:
output_manager.error('{0}'.format(ex)).line_break()
return query
def export_config(self):
import copy
blacklist_config = ['blacklist', 'add'] + copy.copy(self.blacklist)
collation_config = ['collation', self.collation]
return [blacklist_config, collation_config]
def __str__(self):
return self.name + ' ' + self.collation