def download_image(img_path, img_url):
# Fetch URL
url = urllib2.urlopen(img_url)
meta = url.info()
file_size = int(meta.getheaders("Content-Length")[0])
print_verbose("Downloading image %s (%s)" % (url.geturl(),
size(file_size, system=alternative)), 0)
# Set progress bar
widgets = ['Progress: ', Percentage(), ' ', Bar(),
' ', AdaptiveETA(), ' ', AdaptiveTransferSpeed()]
pbar = ProgressBar(widgets=widgets, maxval=file_size).start()
# Download
f = open(img_path, 'wb')
file_size_dl = 0
block_sz = 1024 * 8
while True:
buff = url.read(block_sz)
if not buff:
break
file_size_dl += len(buff)
f.write(buff)
pbar.update(file_size_dl)
# Done
f.close()
pbar.finish()
return url.getcode()
def example27():
# Testing AdaptiveETA when the value doesn't actually change
pbar = ProgressBar(widgets=[AdaptiveETA(), AdaptiveTransferSpeed()],
max_value=2, poll=0.0001)
pbar.start()
pbar.update(1)
time.sleep(0.001)
pbar.update(1)
pbar.finish()
def example26():
widgets = [
Percentage(),
' ', Bar(),
' ', ETA(),
' ', AdaptiveETA(),
' ', AdaptiveTransferSpeed(),
]
pbar = ProgressBar(widgets=widgets, max_value=500)
pbar.start()
for i in range(500):
time.sleep(0.001 + (i < 100) * 0.0001 + (i > 400) * 0.009)
pbar.update(i + 1)
pbar.finish()
def attack(self, urls, forms):
#Load ProgressBar
widgets = [
Percentage(),
' ', Bar(),
' ', ETA(),
' ', AdaptiveETA(),
' ', AdaptiveTransferSpeed(),
]
# Load config file...
user_input = raw_input("[*] Use [E]lite, [G]reat or [N]ormal buster payload?\n")
if user_input == "E":
self.CONFIG_FILE = "busterElitePayloads.txt"
self.pbar = ProgressBar(widgets=widgets, maxval=1292)
elif user_input == "G":
self.CONFIG_FILE = "busterGreatPayloads.txt"
self.pbar = ProgressBar(widgets=widgets, maxval=7372)
else:
self.CONFIG_FILE = "busterPayloads.txt"
self.pbar = ProgressBar(widgets=widgets, maxval=45524)
self.payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE))
# First we make a list of uniq webdirs and webpages without parameters
for res in urls:
path = res.path
if path.endswith("/"):
if path not in self.known_dirs:
self.known_dirs.append(path)
else:
if path not in self.known_pages:
self.known_pages.append(path)
# Then for each known webdirs we look for unknown webpages inside
for current_dir in self.known_dirs:
self.test_directory(current_dir)
# Finally, for each discovered webdirs we look for more webpages
while self.new_resources:
current_res = self.new_resources.pop(0)
if current_res.endswith("/"):
# Mark as known then explore
self.known_dirs.append(current_res)
self.test_directory(current_res)
else:
self.known_pages.append(current_res)
self.pbar.finish()
def get_file_iterator(self, remote, chunk_size=4096, progress=None):
"""Get a file iterator from the disk.
.. note::
This function is a generator, and thus can be used in a for loop
:param remote: the name of the remote file or a QFileInfo
:type remote: str or FileInfo
:param int chunk_size: Size of chunks to be yield
:raises qarnot.exceptions.MissingDiskException: the disk is not on the server
:raises qarnot.exceptions.QarnotGenericException: API general error, see message for details
:raises qarnot.exceptions.UnauthorizedException: invalid credentials
:raises ValueError: no such file
"""
progressbar = None
def _cb(c, total, remote):
c = max(0, min(c, 100))
progressbar.update(c)
if isinstance(remote, FileInfo):
remote = remote.name
# Ensure file is done uploading
pending = self._filethreads.get(remote)
if pending is not None:
pending.join()
if remote in self._filecache:
try:
self._filecache[remote].seek(0)
except AttributeError:
pass
while True:
chunk = self._filecache[remote].read(chunk_size)
if not chunk:
break
yield chunk
else:
response = self._connection._get(get_url('update file',
name=self._uuid,
path=remote),
stream=True)
if response.status_code == 404:
if response.json()['message'] == "No such disk":
raise MissingDiskException(response.json()['message'])
raise_on_error(response)
total_length = float(response.headers.get('content-length'))
if progress is not None:
if progress is True:
progress = _cb
try:
widgets = [
remote, ' ',
Percentage(), ' ',
AnimatedMarker(), ' ',
Bar(), ' ',
AdaptiveETA(), ' ',
AdaptiveTransferSpeed(unit='B')
]
progressbar = ProgressBar(widgets=widgets,
max_value=total_length)
except Exception as e:
print(str(e))
progress = None
elif progress is False:
progress = None
count = 0
for chunk in response.iter_content(chunk_size):
count += len(chunk)
if progress is not None:
progress(count, total_length, remote)
yield chunk
if progress:
progressbar.finish()
def copySourceFiles(self):
"""Initiates the copy of source files from the data directory to the sourcefiles directory.
:returns: False if there are no source files. True if the files were copied or don't need to be copied.
"""
if self._sourceFilesDir == self._dataDir:
print("Not copying source files")
return True
if not os.path.exists(self._dataDir):
print("Data directory doesn't exist")
self._installer.log.error(
"Data directory \"{0}\" doesn't exist".format(self._dataDir))
return False
filebytes = 0
self._installer.log.debug("Determining size of data directory")
# Number of bytes to copy
for path, dirs, files in os.walk(self._dataDir):
for f in files:
filebytes += os.path.getsize(os.path.join(path, f))
# Remove the source files directory if it already exists
if os.path.exists(self._sourceFilesDir):
self._installer.log.debug(
"Removing old sourcefiles directory: \"{0}\"".format(
self._sourceFilesDir))
shutil.rmtree(self._sourceFilesDir)
widgets = [
'Copying source files: ',
Percentage(), ' ',
Bar(marker='#'), ' ',
AdaptiveETA(num_samples=100), ' ',
AdaptiveTransferSpeed(num_samples=100)
]
# Create a progress bar instance. We'll use this to count files as we transfer them.
with ProgressBar(widgets=widgets, maxval=filebytes) as pb:
try:
os.makedirs(self._sourceFilesDir)
except:
self._installer.log.warning(
"Directory already exists \"{0}\"".format(
self._sourceFilesDir))
for path, dirs, filenames in os.walk(self._dataDir):
for directory in dirs:
dest = path.replace(self._dataDir, self._sourceFilesDir)
directory = os.path.join(dest, directory)
try:
os.makedirs(directory)
except:
self._installer.log.warning(
"Directory already exists \"{0}\"".format(
directory))
for sfile in filenames:
srcFile = os.path.join(path, sfile)
destFile = os.path.join(
path.replace(self._dataDir, self._sourceFilesDir),
sfile)
if not shutil.copy(srcFile, destFile):
self._installer.log.error(
"Error copying the file:\n From: \"{0}\"\n To:\"{1}\""
.format(srcFile, destFile))
pb += os.path.getsize(destFile)
if configset.read_config('PLAYER', 'PLAYER2'):
PLAYER2 = configset.read_config('PLAYER', 'PLAYER2')
else:
PLAYER2 = r'c:\TOOLS\EXE\playwav.exe'
IS_PLAYER = ''
COVER_ART = r'F:\ICONS\Phuzion_Icon_Pack\PNG\Devices\Headphones2.png'
widgets = [
Percentage(),
' ',
Bar(),
' ',
ETA(),
' ',
AdaptiveETA(),
' ',
AdaptiveTransferSpeed(),
]
def makeThumb(image_file_path):
img = Image.open(image_file_path)
img = resizeimage.resize_width(img, 48)
img.save(
os.path.join(os.path.dirname(image_file_path),
os.path.splitext(os.path.basename(image_file_path))[0]) +
"_thumb" + os.path.splitext(os.path.basename(image_file_path))[1],
img.format)
if os.path.join(os.path.dirname(image_file_path),
os.path.splitext(os.path.basename(image_file_path))
[0]) + "_thumb" + os.path.splitext(
os.path.basename(image_file_path))[1]:
def generate_payloads(self, html_code, code):
# We must keep the original source code because bs gives us something that may differ...
e = []
if self.parser == "BS":
soup = BeautifulSoup(html_code, 'lxml')
self.study(soup, keyword=code, entries=e)
elif self.parser == "lxml":
tree = etree.HTML(html_code)
self.study(tree, keyword=code, entries=e)
payloads = []
for elem in e:
payload = ""
# Try each case where our string can be found
# Leave at the first possible exploitation found
# Our string is in the value of a tag attribute
# ex: <a href="our_string"></a>
if elem['type'] == "attrval":
# print("tag -> {0}".format(elem['tag']))
# print(elem['name'])
code_index = html_code.find(code)
attrval_index = 0
before_code = html_code[:code_index]
# Not perfect but still best than the former rfind
attr_pattern = "\s*" + elem['name'] + "\s*=\s*"
# Let's find the last match
for m in re.finditer(attr_pattern, before_code, flags=re.IGNORECASE):
attrval_index = m.end()
attrval = before_code[attrval_index:]
# between the tag name and our injected attribute there is an equal sign and maybe
# a quote or a double-quote that we need to close before adding our payload
if attrval.startswith("'"):
payload = "'"
elif attrval.startswith('"'):
payload = '"'
# we must deal differently with self-closing tags
if elem['tag'].lower() in ["img", "input"]:
payload += "/>"
else:
payload += "></" + elem['tag'] + ">"
payload += elem['noscript']
# ok let's send the requests
for xss in self.independant_payloads:
js_code = payload + xss.replace("__XSS__", code)
if js_code not in payloads:
payloads.append(js_code)
if elem['name'].lower() == "src" and elem['tag'].lower() in ["frame", "iframe"]:
js_code = "javascript:String.fromCharCode(0,__XSS__,1);".replace("__XSS__", code)
if js_code not in payloads:
payloads.insert(0, js_code)
# we control an attribute name
# ex: <a our_string="/index.html">
elif elem['type'] == "attrname": # name,tag
if code == elem['name']:
for xss in self.independant_payloads:
js_code = '>' + elem['noscript'] + xss.replace("__XSS__", code)
if js_code not in payloads:
payloads.append(js_code)
# we control the tag name
# ex: <our_string name="column" />
elif elem['type'] == "tag":
if elem['value'].startswith(code):
# use independent payloads, just remove the first character (<)
for xss in self.independant_payloads:
payload = elem['noscript'] + xss.replace("__XSS__", code)
js_code = payload[1:]
if js_code not in payloads:
payloads.append(js_code)
else:
for xss in self.independant_payloads:
js_code = "/>" + elem['noscript'] + xss.replace("__XSS__", code)
if js_code not in payloads:
payloads.append(js_code)
# we control the text of the tag
# ex: <textarea>our_string</textarea>
elif elem['type'] == "text":
if elem['parent'] in ["title", "textarea"]: # we can't execute javascript in those tags
if elem['noscript'] != "":
payload = elem['noscript']
else:
payload = "</{0}>".format(elem['parent'])
elif elem['parent'] == "script": # Control over the body of a script :)
# Just check if we can use brackets
js_code = "String.fromCharCode(0,__XSS__,1)".replace("__XSS__", code)
if js_code not in payloads:
payloads.insert(0, js_code)
for xss in self.independant_payloads:
js_code = payload + xss.replace("__XSS__", code)
if js_code not in payloads:
payloads.append(js_code)
# Injection occurred in a comment tag
# ex: <!-- <div> whatever our_string blablah </div> -->
elif elem['type'] == "comment":
payload = "-->"
if elem['parent'] in ["title", "textarea"]: # we can't execute javascript in those tags
if elem['noscript'] != "":
payload += elem['noscript']
else:
payload += "</{0}>".format(elem['parent'])
elif elem['parent'] == "script": # Control over the body of a script :)
# Just check if we can use brackets
js_code = payload + "String.fromCharCode(0,__XSS__,1)".replace("__XSS__", code)
if js_code not in payloads:
payloads.insert(0, js_code)
for xss in self.independant_payloads:
js_code = payload + xss.replace("__XSS__", code)
if js_code not in payloads:
payloads.append(js_code)
html_code = html_code.replace(code, "none", 1) # Reduce the research zone
#Load ProgressBar
widgets = [
Percentage(),
' ', Bar(),
' ', ETA(),
' ', AdaptiveETA(),
' ', AdaptiveTransferSpeed(),
]
self.pbar = ProgressBar(widgets=widgets, maxval=len(payloads))
return payloads
