def makeTree(self):
#-----------------------------------------------------------------------
# First, build the hierarchy of Tree nodes
#-----------------------------------------------------------------------
root = DefaultMutableTreeNode('Root Node')
for name in 'Parent 1,Parent 2'.split(','):
here = DefaultMutableTreeNode(name)
for child in 'Child 1,Child 2'.split(','):
here.add(DefaultMutableTreeNode(child))
root.add(here)
#-----------------------------------------------------------------------
# Next, use the hierarchy to create a Tree Model, with a listener
#-----------------------------------------------------------------------
model = DefaultTreeModel(root, treeModelListener=myTreeModelListener())
#-----------------------------------------------------------------------
# Then, build our editable JTree() using this model
#-----------------------------------------------------------------------
tree = JTree(model,
editable=1,
showsRootHandles=1,
valueChanged=self.select)
#-----------------------------------------------------------------------
# Only allow one node to be selectable at a time
#-----------------------------------------------------------------------
tree.getSelectionModel().setSelectionMode(
TreeSelectionModel.SINGLE_TREE_SELECTION)
return tree
def gui(self): xnode = self.xdoc.getDocumentElement() tnode = self.createTree(xnode) # create tree and display jt = JTree(tnode) jsp = JScrollPane(jt) tree_box = Box(BoxLayout.Y_AXIS) tree_box.add(jsp) tree_box.add(Box.createHorizontalStrut(10)) headerSorter = TableSorter(DefaultTableModel()) jtb = JTable(headerSorter) headerSorter.addMouseListenerToHeaderInTable(jtb) jtb.setAutoResizeMode(JTable.AUTO_RESIZE_OFF) jsp2 = JScrollPane(jtb) table_box = Box(BoxLayout.Y_AXIS) table_box.add(jsp2) table_box.add(Box.createHorizontalStrut(500)) mp = JPanel() mp.setLayout(BoxLayout(mp,BoxLayout.X_AXIS)) mp.add(tree_box) mp.add(table_box) # add listeners nsl = NodeSelectionListener(jtb,xnode) jt.addTreeSelectionListener(nsl) # return mp
def __initTree(self):
''' construct the suite tree '''
top = DefaultMutableTreeNode("RootSuite")
self.__createNodes(top)
self.tree = JTree(top)
self.__setupRenderer()
self.scrollpane = JScrollPane(self.tree)
self.add(self.scrollpane,self.__setupLayout())
self.tree.addTreeSelectionListener(NodeHighlighter())
self.tree.addMouseListener(TreeMouseListener())
def issuesTab(self):
self.root = DefaultMutableTreeNode('Issues')
frame = JFrame("Issues Tree")
self.tree = JTree(self.root)
self.rowSelected = ''
self.tree.addMouseListener(mouseclick(self))
self.issuepanel = JScrollPane()
self.issuepanel.setPreferredSize(Dimension(300,450))
self.issuepanel.getViewport().setView((self.tree))
frame.add(self.issuepanel,BorderLayout.CENTER)
def __init__(self, channels, item_model):
print "ChannelTree __init__"
self.item_model = item_model
root = DefaultMutableTreeNode("Root")
tree_model = DefaultTreeModel(root)
idx = 0
print "channels", channels
for channel in channels:
node = ChannelTreeNode(channel)
tree_model.insertNodeInto(node, root, idx)
idx = idx + 1
JTree.__init__(self, tree_model)
def __init__(self, channels, item_model):
print "ChannelTree __init__"
self.item_model = item_model
root = DefaultMutableTreeNode("Root")
tree_model = DefaultTreeModel(root)
idx = 0
print "channels", channels
for channel in channels:
node = ChannelTreeNode(channel)
tree_model.insertNodeInto(node, root, idx)
idx = idx + 1
JTree.__init__(self, tree_model)
def groupTree(self):
data = AdminTask.help('-commandGroups').expandtabs().splitlines()
root = DefaultMutableTreeNode('command groups')
for line in data[1:]:
mo = re.match('([a-zA-Z ]+) -', line)
if mo:
groupName = mo.group(1)
group = None
text = AdminTask.help(groupName)
cmds = text.find('Commands:')
if cmds > 0:
for line in text[cmds + 9:].splitlines():
mo = re.match('([a-zA-Z_2]+) -', line)
if mo:
if not group:
group = DefaultMutableTreeNode(groupName)
group.add(DefaultMutableTreeNode(mo.group(1)))
if group:
root.add(group)
else:
print 'Empty group:', groupName
return JTree(
root,
rootVisible=0 #,
# valueChanged = self.select
)
def make_tree(self):
print('make_tree')
root = DefaultMutableTreeNode(self.exper.name)
sb = br.SimilarityBuilder()
for hseg in self.exper.hsegs():
all_file_dict = hseg.file_dict()
all_file_dict.update(hseg.cell_file_dict())
all_file_dict.update(hseg.bin_file_dict())
sb.add_group(hseg.name, all_file_dict)
simprofile, comparisons = sb.simprofile_comparison()
sim_str = ''
for val in simprofile:
sim_str += str(val) + '\n'
tp = JTextArea(sim_str)
stp = JScrollPane()
stp.getViewport().setView(tp)
#
# stp.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
# stp.setPreferredSize(Dimension(250, 250));
# tp.setPreferredSize(Dimension(250, 250))
stp_panel = JPanel(BorderLayout())
stp_panel.add(tp, BorderLayout.CENTER)
# self.add(stp_panel, 'grow')
for hseg in self.exper.hsegs():
hseg_node = DefaultMutableTreeNode(hseg.name)
root.add(hseg_node)
if len(comparisons[hseg.name]) > 0:
for definer, file_names in comparisons[hseg.name].items():
for file_name in file_names:
node_str = definer + ': ' + file_name
hseg_node.add(DefaultMutableTreeNode(node_str))
# for file_suf in hseg.file_dict() :
# hseg_node.add(DefaultMutableTreeNode(file_suf))
self.tree = JTree(root)
scrollPane = JScrollPane()
scrollPane.getViewport().setView((self.tree))
# scrollPan
# scrollPane.setPreferredSize(Dimension(300,250))
tree_panel = JPanel(BorderLayout())
tree_panel.add(scrollPane, BorderLayout.CENTER)
combo_panel = JPanel(GridLayout(0, 2, 10, 10))
# combo_panel.setLayout(BoxLayout(combo_panel, BoxLayout.X_AXIS))
combo_panel.add(stp_panel) #, BorderLayout.LINE_START)
combo_panel.add(tree_panel) #, BorderLayout.LINE_END)
self.panel.add(combo_panel)
# self.add(scrollPane, 'grow')
self.revalidate()
def load_data(self, file_name):
self.view.set_checklist(file_name)
checklist = self.view.get_checklist()
self.view.set_checklist_tree()
checklist_tree = self.view.get_checklist_tree()
new_tree = JTree(checklist_tree)
model = new_tree.getModel()
old_tree = self.view.get_tree()
old_tree.setModel(model)
tabbed_panes = self.view.get_tabbed_panes()
del tabbed_panes
self.view.set_tabbed_panes()
old_tsl = self.view.get_tsl()
old_tree.removeTreeSelectionListener(old_tsl)
tsl = TSL(self.view)
old_tree.addTreeSelectionListener(tsl)
def __init__(self, dir=None, label=None):
if not dir: dir = os.getcwd()
if not label: label = "FileTree"
dir = File(dir)
self._dir = dir
self.this = JPanel()
self.this.setLayout(BorderLayout())
# Add a label
self.this.add(BorderLayout.PAGE_START, JLabel(label))
# Make a tree list with all the nodes, and make it a JTree
tree = JTree(self._add_nodes(None, dir))
tree.setRootVisible(False)
self._tree = tree
# Lastly, put the JTree into a JScrollPane.
scrollpane = JScrollPane()
scrollpane.getViewport().add(tree)
self.this.add(BorderLayout.CENTER, scrollpane)
def cellTree(self):
# Use the cellName as the tree root node
cell = AdminConfig.list('Cell')
root = DefaultMutableTreeNode(self.getName(cell))
for node in AdminConfig.list('Node').splitlines():
here = DefaultMutableTreeNode(self.getName(node))
servers = AdminConfig.list('Server', node)
for server in servers.splitlines():
leaf = DefaultMutableTreeNode(self.getName(server))
here.add(leaf)
root.add(here)
return JTree(root, editable=1)
def __init__(self, title=""):
JFrame.__init__(self, title)
self.size = 400, 500
self.windowClosing = self.closing
label = JLabel(text="Class Name:")
label.horizontalAlignment = JLabel.RIGHT
tpanel = JPanel(layout=awt.FlowLayout())
self.text = JTextField(20, actionPerformed=self.entered)
btn = JButton("Enter", actionPerformed=self.entered)
tpanel.add(label)
tpanel.add(self.text)
tpanel.add(btn)
bpanel = JPanel()
self.tree = JTree(default_tree())
scrollpane = JScrollPane(self.tree)
scrollpane.setMinimumSize(awt.Dimension(200, 200))
scrollpane.setPreferredSize(awt.Dimension(350, 400))
bpanel.add(scrollpane)
bag = GridBag(self.contentPane)
bag.addRow(tpanel, fill='HORIZONTAL', weightx=1.0, weighty=0.5)
bag.addRow(bpanel, fill='BOTH', weightx=0.5, weighty=1.0)
def make_hseg_tree_panel(self):
root = DefaultMutableTreeNode(self.exper.name)
for hseg in self.exper.hsegs():
hseg_node = DefaultMutableTreeNode(hseg.name)
root.add(hseg_node)
hseg_at_deviations = self.exper.hseg_all_files_cab(
).archetype_deviations
if len(hseg_at_deviations[hseg.name]) > 0:
for definer, file_names in hseg_at_deviations[
hseg.name].items():
for file_name in file_names:
node_str = definer + ': ' + file_name
temp = DefaultMutableTreeNode(node_str)
hseg_node.add(temp)
hseg_tree = JTree(root)
hseg_tree.setCellRenderer(BobPyTreeCellRenderer())
hseg_scroll_pane = JScrollPane()
hseg_scroll_pane.getViewport().setView((hseg_tree))
return hseg_scroll_pane
def make_hseg_tree_panel(self):
root = DefaultMutableTreeNode(self.exper.name)
for hseg in self.exper.hsegs():
hseg_node = DefaultMutableTreeNode(hseg.name)
root.add(hseg_node)
hseg_at_deviations = self.exper.hseg_files_cab(
).archetype_deviations
if len(hseg_at_deviations[hseg.name]) > 0:
for definer, file_names in hseg_at_deviations[
hseg.name].items():
for file_name in file_names:
node_str = definer + ': ' + file_name
temp = DefaultMutableTreeNode(node_str)
hseg_node.add(temp)
hseg_tree = JTree(root)
hseg_tree.setCellRenderer(BobPyTreeCellRenderer())
hseg_scroll_pane = JScrollPane()
hseg_scroll_pane.getViewport().setView((hseg_tree))
hseg_panel = JPanel(MigLayout('insets 0'))
hseg_panel.add(hseg_scroll_pane, 'grow, span, push, wrap')
run_button = JButton('Run')
run_button.addActionListener(ActionListenerFactory(self, self.run_al))
rerun_button = JButton('Rerun')
rerun_button.addActionListener(
ActionListenerFactory(self, self.rerun_al))
hseg_panel.add(run_button)
hseg_panel.add(rerun_button)
return hseg_panel
def make_tree(self):
root = DefaultMutableTreeNode(self.exper.name)
for hseg in self.exper.hsegs():
hseg_node = DefaultMutableTreeNode(hseg.name)
root.add(hseg_node)
for file_suf in hseg.file_dict():
hseg_node.add(DefaultMutableTreeNode(file_suf))
self.tree = JTree(root)
scrollPane = JScrollPane()
scrollPane.getViewport().setView((self.tree))
# scrollPane.setPreferredSize(Dimension(300,250))
tree_panel = JPanel()
tree_panel.add(scrollPane)
box_layout = BoxLayout(self.panel, BoxLayout.Y_AXIS)
self.panel.setLayout(box_layout)
self.panel.add(tree_panel)
self.revalidate()
class PathBrowser(object):
def __init__(self, view):
model = DefaultTreeModel(PathBrowserTreeItem())
self.tree = JTree(model, mousePressed=self.__mousePressed)
self.tree.cellRenderer = BrowserCellRenderer()
self.panel = JScrollPane(self.tree)
def __mousePressed(self, event):
selPath = self.tree.getPathForLocation(event.x, event.y)
if selPath and isinstance(selPath.lastPathComponent,
ModuleBrowserTreeItem):
if event.clickCount == 2:
jEdit.openFile(jEdit.getLastView(),
selPath.lastPathComponent.file)
if event.clickCount == 1:
buffers = jEdit.getBuffers()
for aBuffer in buffers:
if aBuffer.file or (aBuffer.file.path
== selPath.lastPathComponent.file):
jEdit.getLastView().buffer = aBuffer
def cellTree(self):
#-----------------------------------------------------------------------
# Use the cellName as the tree root node
#-----------------------------------------------------------------------
cell = AdminConfig.list('Cell')
cellName = self.getName(cell)
root = DefaultMutableTreeNode(cellName)
#-----------------------------------------------------------------------
# Build an item name to configId dictionary
#-----------------------------------------------------------------------
result = {cellName: cell}
#-----------------------------------------------------------------------
# Use the node name for the branches
#-----------------------------------------------------------------------
for node in AdminConfig.list('Node').splitlines():
nodeName = self.getName(node)
here = DefaultMutableTreeNode(nodeName)
#-------------------------------------------------------------------
# Add this node to the dictionary
#-------------------------------------------------------------------
result[nodeName] = node
#-------------------------------------------------------------------
# and the server name for each leaf
#-------------------------------------------------------------------
servers = AdminConfig.list('Server', node)
for server in servers.splitlines():
name = self.getName(server)
leaf = DefaultMutableTreeNode(name)
#---------------------------------------------------------------
# Add this server to the dictionary
# Note: Server names are not guaranteed to be unique in the cell
#---------------------------------------------------------------
result[(nodeName, name)] = server
here.add(leaf)
root.add(here)
return JTree(root), result
def __init__(self, title=""):
JFrame.__init__(self, title)
self.size = 400,500
self.windowClosing = self.closing
label = JLabel(text="Class Name:")
label.horizontalAlignment = JLabel.RIGHT
tpanel = JPanel(layout = awt.FlowLayout())
self.text = JTextField(20, actionPerformed = self.entered)
btn = JButton("Enter", actionPerformed = self.entered)
tpanel.add(label)
tpanel.add(self.text)
tpanel.add(btn)
bpanel = JPanel()
self.tree = JTree(default_tree())
scrollpane = JScrollPane(self.tree)
scrollpane.setMinimumSize(awt.Dimension(200,200))
scrollpane.setPreferredSize(awt.Dimension(350,400))
bpanel.add(scrollpane)
bag = GridBag(self.contentPane)
bag.addRow(tpanel, fill='HORIZONTAL', weightx=1.0, weighty=0.5)
bag.addRow(bpanel, fill='BOTH', weightx=0.5, weighty=1.0)
class TestSuitePanel(JPanel, Dockable, GraphMouseListener):
''' Show an expandable list of the test entites {suites,cases,methods} '''
#
# Constructor
#
def __init__(self):
self.myParent = None
#com.hp.hpl.guess.ui.GraphEvents.getGraphEvents().addGraphMouseListener(self)
self.__initTree()
self.setBounds(self.getDefaultFrameBounds())
ui.dock(self)
#
# JTree Setup
#
def __initTree(self):
''' construct the suite tree '''
top = DefaultMutableTreeNode("RootSuite")
self.__createNodes(top)
self.tree = JTree(top)
self.__setupRenderer()
self.scrollpane = JScrollPane(self.tree)
self.add(self.scrollpane,self.__setupLayout())
self.tree.addTreeSelectionListener(NodeHighlighter())
self.tree.addMouseListener(TreeMouseListener())
def __setupRenderer(self):
renderer = DefaultTreeCellRenderer()
renderer.setOpenIcon(None)
renderer.setClosedIcon(None)
renderer.setLeafIcon(None)
self.tree.setCellRenderer(renderer);
def __setupLayout(self):
self.setLayout(GridBagLayout())
constr = GridBagConstraints()
constr.weighty = 1
constr.weightx = 1
constr.gridx = 0
constr.gridy = 1
constr.fill = GridBagConstraints.BOTH
return constr
def __createNodes(self, top):
''' build the tree, by adding packages, testcases and commands '''
for pkg in (entity == 'package'):
pkgNode = DefaultMutableTreeNode(pkg.name)
top.add(pkgNode)
self.__appendCases(pkg, pkgNode)
#
# Node builders
#
def __appendCases(self, pkg, pkgNode):
''' append the test cases of a single package to the tree '''
testcases = [edge.getNode2() for edge in (pkg->g.nodes)]
testcases.sort(cmpTc)
for tc in testcases:
tcNode = DefaultMutableTreeNode(tc.label.split('::')[-1])
pkgNode.add(tcNode)
self.__appendCommands(tc, tcNode)
self.__appendFixture(tc, tcNode)
self.__appendHelpers(tc, tcNode)
def __appendCaseMethodsHelper(self, case, caseNode, metaName, entityName):
''' helper for appendCommands, appendFixture & appendHelpers '''
mtdMeta = DefaultMutableTreeNode(metaName)
caseNode.add(mtdMeta)
mtds = [edge.getNode2() for edge in case->(entity == entityName)]
mtds.sort(cmpTc)
for mtd in mtds:
mtdNode = DefaultMutableTreeNode(mtd.label)
mtdMeta.add(mtdNode)
def __init__(self, view):
model = DefaultTreeModel(PathBrowserTreeItem())
self.tree = JTree(model, mousePressed=self.__mousePressed)
self.tree.cellRenderer = BrowserCellRenderer()
self.panel = JScrollPane(self.tree)
def set_tree(self):
self.tree = JTree(self.checklist_tree)
self.tree.getSelectionModel().setSelectionMode(
TreeSelectionModel.SINGLE_TREE_SELECTION)
class View:
def __init__(self):
self.data = Data()
self.checklist = self.data.get_checklist()
self.issues = self.data.get_issues()
self.set_checklist_tree()
self.set_tree()
self.set_pane()
self.set_tabbed_panes()
self.set_settings()
self.set_tsl()
def set_checklist(self, file_name):
self.data.set_checklist(file_name)
self.checklist = self.data.get_checklist()
def get_checklist(self):
return self.checklist
def get_issues(self):
return self.issues
# TODO: Create the checklist dynamically for all nodes based on JSON structure
# Creates a DefaultMutableTreeNode using the JSON file data
def set_checklist_tree(self):
self.checklist_tree = DefaultMutableTreeNode("HUNT - Methodology")
for item in self.checklist:
node = DefaultMutableTreeNode(item)
self.checklist_tree.add(node)
is_functionality = node.toString() == "Functionality"
if is_functionality:
functionality_node = node
functionality = self.checklist["Functionality"]
# TODO: Sort the functionality by name and by test name
for functionality_name in functionality:
tests = functionality[functionality_name]["tests"]
node = DefaultMutableTreeNode(functionality_name)
for test_name in tests:
node.add(DefaultMutableTreeNode(test_name))
functionality_node.add(node)
def get_checklist_tree(self):
return self.checklist_tree
# Creates a JTree object from the checklist
def set_tree(self):
self.tree = JTree(self.checklist_tree)
self.tree.getSelectionModel().setSelectionMode(
TreeSelectionModel.SINGLE_TREE_SELECTION)
def get_tree(self):
return self.tree
# TODO: Change to briefcase icon for brief, P1-P5 icons for vulns,
# bullseye icon for Targets, etc
# Create a JSplitPlane with a JTree to the left and JTabbedPane to right
def set_pane(self):
status = JTextArea()
status.setLineWrap(True)
status.setText("Nothing selected")
self.status = status
self.pane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT,
JScrollPane(self.tree), JTabbedPane())
self.pane.setDividerLocation(310)
self.pane.getLeftComponent().setMinimumSize(Dimension(310, 300))
def get_pane(self):
return self.pane
# Creates the tabs dynamically using data from the JSON file
def set_tabbed_panes(self):
functionality = self.checklist["Functionality"]
self.tabbed_panes = {}
for functionality_name in functionality:
tests = functionality[functionality_name]["tests"]
for test_name in tests:
key = functionality_name + "." + test_name
tabbed_pane = self.set_tabbed_pane(functionality_name,
test_name)
self.tabbed_panes[key] = self.tabbed_pane
def get_tabbed_panes(self):
return self.tabbed_panes
# Creates a JTabbedPane for each vulnerability per functionality
def set_tabbed_pane(self, functionality_name, test_name):
description_tab = self.set_description_tab(functionality_name,
test_name)
bugs_tab = self.set_bugs_tab()
resources_tab = self.set_resource_tab(functionality_name, test_name)
notes_tab = self.set_notes_tab()
self.tabbed_pane = JTabbedPane()
self.tabbed_pane.add("Description", description_tab)
self.tabbed_pane.add("Bugs", bugs_tab)
self.tabbed_pane.add("Resources", resources_tab)
self.tabbed_pane.add("Notes", notes_tab)
# Creates the description panel
def set_description_tab(self, fn, vn):
description_text = str(
self.checklist["Functionality"][fn]["tests"][vn]["description"])
description_textarea = JTextArea()
description_textarea.setLineWrap(True)
description_textarea.setText(description_text)
description_panel = JScrollPane(description_textarea)
return description_panel
# TODO: Add functionality to remove tabs
# Creates the bugs panel
def set_bugs_tab(self):
bugs_tab = JTabbedPane()
return bugs_tab
# Creates the resources panel
def set_resource_tab(self, fn, vn):
resource_urls = self.checklist["Functionality"][fn]["tests"][vn][
"resources"]
resource_text = ""
for url in resource_urls:
resource_text = resource_text + str(url) + "\n"
resource_textarea = JTextArea()
resource_textarea.setLineWrap(True)
resource_textarea.setWrapStyleWord(True)
resource_textarea.setText(resource_text)
resources_panel = JScrollPane(resource_textarea)
return resources_panel
def set_notes_tab(self):
notes_textarea = JTextArea()
return notes_textarea
def set_tsl(self):
self.tsl = TSL(self)
self.tree.addTreeSelectionListener(self.tsl)
return
def get_tsl(self):
return self.tsl
def set_settings(self):
self.settings = JPanel()
layout = GroupLayout(self.settings)
self.settings.setLayout(layout)
layout.setAutoCreateGaps(True)
load_file_button = JButton("Load JSON File")
load_file_button.setActionCommand("load")
load_file_button.addActionListener(
SettingsAction(self, load_file_button, None))
save_file_button = JButton("Save JSON File")
save_file_button.setActionCommand("save")
save_file_button.addActionListener(
SettingsAction(None, save_file_button, self.tabbed_panes))
horizontal_group1 = layout.createParallelGroup(
GroupLayout.Alignment.LEADING)
horizontal_group1.addComponent(load_file_button)
horizontal_group1.addComponent(save_file_button)
horizontal_group = layout.createSequentialGroup()
horizontal_group.addGroup(horizontal_group1)
layout.setHorizontalGroup(horizontal_group)
vertical_group1 = layout.createParallelGroup(
GroupLayout.Alignment.BASELINE)
vertical_group1.addComponent(load_file_button)
vertical_group2 = layout.createParallelGroup(
GroupLayout.Alignment.BASELINE)
vertical_group2.addComponent(save_file_button)
vertical_group = layout.createSequentialGroup()
vertical_group.addGroup(vertical_group1)
vertical_group.addGroup(vertical_group2)
layout.setVerticalGroup(vertical_group)
def get_settings(self):
return self.settings
def set_request_tab_pane(self, request_response):
raw_request = request_response.getRequest()
request_body = StringUtil.fromBytes(raw_request)
request_body = request_body.encode("utf-8")
request_tab_textarea = JTextArea(request_body)
request_tab_textarea.setLineWrap(True)
return JScrollPane(request_tab_textarea)
def set_response_tab_pane(self, request_response):
raw_response = request_response.getResponse()
response_body = StringUtil.fromBytes(raw_response)
response_body = response_body.encode("utf-8")
response_tab_textarea = JTextArea(response_body)
response_tab_textarea.setLineWrap(True)
return JScrollPane(response_tab_textarea)
def set_bugs_tabbed_pane(self, request_tab, response_tab):
bugs_tabbed_pane = JTabbedPane()
bugs_tabbed_pane.add("Request", request_tab)
bugs_tabbed_pane.add("Response", response_tab)
return bugs_tabbed_pane
def __init__(self):
self.setName('Jython Explorer')
self.setLayout(BorderLayout())
self.add(JScrollPane(JTree()),
BorderLayout.CENTER)
def __init__(self, value=None):
if value != None:
JTree.__init__(self, value)
else:
JTree.__init__(self)
self.initialize()
class View:
def __init__(self, issues):
self.json = issues.get_json()
self.issues_object = issues
self.issues = issues.get_issues()
self.scanner_issues = issues.get_scanner_issues()
self.scanner_panes = {}
self.scanner_tables = {}
self.is_scanner_panes = []
self.set_vuln_tree()
self.set_tree()
self.set_scanner_panes()
self.set_pane()
self.set_tsl()
def set_callbacks(self, callbacks):
self.callbacks = callbacks
def set_helpers(self, helpers):
self.helpers = helpers
def get_helpers(self):
return self.helpers
def get_issues(self):
return self.issues
def get_scanner_issues(self):
return self.scanner_issues
def set_scanner_count(self, is_checked, issue_name, issue_param):
self.issues_object.set_scanner_count(self, is_checked, issue_name, issue_param)
def set_is_scanner_pane(self, scanner_pane):
self.is_scanner_panes.append(scanner_pane)
def get_is_scanner_pane(self, scanner_pane):
for pane in self.get_is_scanner_panes():
if pane == scanner_pane:
return True
return False
def get_is_scanner_panes(self):
return self.is_scanner_panes
def set_vuln_tree(self):
self.vuln_tree = DefaultMutableTreeNode("Vulnerability Classes")
vulns = self.json["issues"]
# TODO: Sort the functionality by name and by vuln class
for vuln_name in vulns:
vuln = DefaultMutableTreeNode(vuln_name)
self.vuln_tree.add(vuln)
parameters = self.json["issues"][vuln_name]["params"]
for parameter in parameters:
param_node = DefaultMutableTreeNode(parameter)
vuln.add(param_node)
# Creates a JTree object from the checklist
def set_tree(self):
self.tree = JTree(self.vuln_tree)
self.tree.getSelectionModel().setSelectionMode(
TreeSelectionModel.SINGLE_TREE_SELECTION
)
def get_tree(self):
return self.tree
# Creates the tabs dynamically using data from the JSON file
def set_scanner_panes(self):
issues = self.issues
for issue in issues:
issue_name = issue["name"]
issue_param = issue["param"]
key = issue_name + "." + issue_param
top_pane = self.create_request_list_pane(issue_name)
bottom_pane = self.create_tabbed_pane()
scanner_pane = JSplitPane(JSplitPane.VERTICAL_SPLIT, top_pane, bottom_pane)
self.scanner_panes[key] = scanner_pane
def get_scanner_panes(self):
return self.scanner_panes
def create_request_list_pane(self, issue_name):
request_list_pane = JScrollPane()
return request_list_pane
# Creates a JTabbedPane for each vulnerability per functionality
def create_tabbed_pane(self):
tabbed_pane = JTabbedPane()
tabbed_pane.add("Advisory", JScrollPane())
tabbed_pane.add("Request", JScrollPane())
tabbed_pane.add("Response", JScrollPane())
self.tabbed_pane = tabbed_pane
return tabbed_pane
def set_tsl(self):
tsl = TSL(self)
self.tree.addTreeSelectionListener(tsl)
return
def set_pane(self):
status = JTextArea()
status.setLineWrap(True)
status.setText("Nothing selected")
self.status = status
request_list_pane = JScrollPane()
scanner_pane = JSplitPane(JSplitPane.VERTICAL_SPLIT,
request_list_pane,
self.tabbed_pane
)
self.pane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT,
JScrollPane(self.tree),
scanner_pane
)
self.pane.setDividerLocation(310)
self.pane.getLeftComponent().setMinimumSize(Dimension(310, 300))
def get_pane(self):
return self.pane
def set_scanner_table(self, scanner_pane, scanner_table):
self.scanner_tables[scanner_pane] = scanner_table
def get_scanner_table(self, scanner_pane):
return self.scanner_tables[scanner_pane]
def set_scanner_pane(self, scanner_pane):
request_table_pane = scanner_pane.getTopComponent()
scanner_table = self.get_scanner_table(scanner_pane)
request_table_pane.getViewport().setView(scanner_table)
request_table_pane.revalidate()
request_table_pane.repaint()
def create_scanner_pane(self, scanner_pane, issue_name, issue_param):
scanner_issues = self.get_scanner_issues()
request_table_pane = scanner_pane.getTopComponent()
scanner_table_model = ScannerTableModel()
scanner_table_model.addColumn("Checked")
scanner_table_model.addColumn("Host")
scanner_table_model.addColumn("Path")
# Search all issues for the correct issue. Once found, add it into
# the scanner table model to be showed in the UI.
for scanner_issue in scanner_issues:
is_same_name = scanner_issue.getIssueName() == issue_name
is_same_param = scanner_issue.getParameter() == issue_param
is_same_issue = is_same_name and is_same_param
if is_same_issue:
scanner_table_model.addRow([
False,
scanner_issue.getHttpService().getHost(),
scanner_issue.getUrl()
])
scanner_table = JTable(scanner_table_model)
scanner_table.getColumnModel().getColumn(0).setCellEditor(DefaultCellEditor(JCheckBox()))
scanner_table.putClientProperty("terminateEditOnFocusLost", True)
scanner_table_listener = ScannerTableListener(self, scanner_table, issue_name, issue_param)
scanner_table_model.addTableModelListener(scanner_table_listener)
scanner_table_list_listener = IssueListener(self, scanner_table, scanner_pane, issue_name, issue_param)
scanner_table.getSelectionModel().addListSelectionListener(scanner_table_list_listener)
self.set_scanner_table(scanner_pane, scanner_table)
request_table_pane.getViewport().setView(scanner_table)
request_table_pane.revalidate()
request_table_pane.repaint()
def set_tabbed_pane(self, scanner_pane, request_list, issue_url, issue_name, issue_param):
tabbed_pane = scanner_pane.getBottomComponent()
scanner_issues = self.get_scanner_issues()
for scanner_issue in scanner_issues:
is_same_url = scanner_issue.getUrl() == issue_url
is_same_name = scanner_issue.getIssueName() == issue_name
is_same_param = scanner_issue.getParameter() == issue_param
is_same_issue = is_same_url and is_same_name and is_same_param
if is_same_issue:
current_issue = scanner_issue
self.set_context_menu(request_list, scanner_issue)
break
advisory_tab_pane = self.set_advisory_tab_pane(current_issue)
tabbed_pane.setComponentAt(0, advisory_tab_pane)
request_tab_pane = self.set_request_tab_pane(current_issue)
tabbed_pane.setComponentAt(1, request_tab_pane)
response_tab_pane = self.set_response_tab_pane(current_issue)
tabbed_pane.setComponentAt(2, response_tab_pane)
def set_advisory_tab_pane(self, scanner_issue):
advisory_pane = JEditorPane()
advisory_pane.setEditable(False)
advisory_pane.setEnabled(True)
advisory_pane.setContentType("text/html")
link_listener = LinkListener()
advisory_pane.addHyperlinkListener(link_listener)
advisory_pane.setText("<html>" +
"<b>Location</b>: " + scanner_issue.getUrl() + "<br><br>" +
scanner_issue.getIssueDetail() + "</html>"
)
# Set a context menu
self.set_context_menu(advisory_pane, scanner_issue)
return JScrollPane(advisory_pane)
def set_request_tab_pane(self, scanner_issue):
raw_request = scanner_issue.getRequestResponse().getRequest()
request_body = StringUtil.fromBytes(raw_request)
request_body = request_body.encode("utf-8")
request_tab_textarea = JTextArea(request_body)
request_tab_textarea.setLineWrap(True)
# Set a context menu
self.set_context_menu(request_tab_textarea, scanner_issue)
return JScrollPane(request_tab_textarea)
def set_response_tab_pane(self, scanner_issue):
raw_response = scanner_issue.getRequestResponse().getResponse()
response_body = StringUtil.fromBytes(raw_response)
response_body = response_body.encode("utf-8")
response_tab_textarea = JTextArea(response_body)
response_tab_textarea.setLineWrap(True)
# Set a context menu
self.set_context_menu(response_tab_textarea, scanner_issue)
return JScrollPane(response_tab_textarea)
# Pass scanner_issue as argument
def set_context_menu(self, component, scanner_issue):
self.context_menu = JPopupMenu()
repeater = JMenuItem("Send to Repeater")
repeater.addActionListener(PopupListener(scanner_issue, self.callbacks))
intruder = JMenuItem("Send to Intruder")
intruder.addActionListener(PopupListener(scanner_issue, self.callbacks))
hunt = JMenuItem("Send to HUNT")
self.context_menu.add(repeater)
self.context_menu.add(intruder)
context_menu_listener = ContextMenuListener(component, self.context_menu)
component.addMouseListener(context_menu_listener)
def get_context_menu(self):
return self.context_menu
def cellTree(self, data):
#-----------------------------------------------------------------------
# Use the cellName as the tree root node
#-----------------------------------------------------------------------
cell = AdminConfig.list('Cell')
cellName = self.getName(cell)
#-----------------------------------------------------------------------
# Note: data is the one and only instance of the inner cellInfo class
#-----------------------------------------------------------------------
data.addInfoValue(
cellName, CELLINFO %
(cellName, WAShome(cell), WASversion(cell), WASprofileName(cell)))
root = DefaultMutableTreeNode(cellName)
#-----------------------------------------------------------------------
# Build an item name to configId dictionary
#-----------------------------------------------------------------------
result = {cellName: cell}
#-----------------------------------------------------------------------
# Use the node name for the branches
#-----------------------------------------------------------------------
for node in AdminConfig.list('Node').splitlines():
nodeName = self.getName(node)
here = DefaultMutableTreeNode(nodeName)
#-------------------------------------------------------------------
# Add this node to the dictionary
#-------------------------------------------------------------------
result[nodeName] = node
#-------------------------------------------------------------------
# and the server name for each leaf
#-------------------------------------------------------------------
servers = AdminConfig.list('Server', node)
for server in servers.splitlines():
servName = self.getName(server)
leaf = DefaultMutableTreeNode(servName)
#---------------------------------------------------------------
# Add this server to the dictionary
# Note: Server names are not guaranteed to be unique in the cell
#---------------------------------------------------------------
result[(nodeName, servName)] = server
here.add(leaf)
hostnames = getHostnames(nodeName, servName)
ipaddr = getIPaddresses(hostnames)
data.addInfoValue(
nodeName,
NODEINFO % (cellName, nodeName, WAShome(node),
WASversion(node), WASprofileName(node),
', '.join(hostnames), ', '.join(ipaddr)))
PortLookupTask(nodeName, servName, data).execute()
root.add(here)
#-----------------------------------------------------------------------
# Note: data is the one and only instance of the inner cellInfo class
#-----------------------------------------------------------------------
data.setNames(result)
return JTree(root)
def __init__(self,value=None):
if value != None:
JTree.__init__(self,value)
else:
JTree.__init__(self)
self.initialize()
class View:
def __init__(self, issues):
self.json = issues.get_json()
self.issues_object = issues
self.issues = issues.get_issues()
self.scanner_issues = issues.get_scanner_issues()
self.scanner_panes = {}
self.scanner_table_models = {}
self.scanner_tables = {}
self.is_scanner_panes = []
self.set_vuln_tree()
self.set_tree()
self.set_scanner_table_models()
self.set_scanner_panes()
self.set_pane()
self.set_settings()
self.set_tsl()
def get_issues_object(self):
return self.issues_object
def set_callbacks(self, callbacks):
self.callbacks = callbacks
def set_helpers(self, helpers):
self.helpers = helpers
def get_helpers(self):
return self.helpers
def get_issues(self):
return self.issues
def get_scanner_issues(self):
return self.scanner_issues
def set_is_scanner_pane(self, scanner_pane):
self.is_scanner_panes.append(scanner_pane)
def get_is_scanner_pane(self, scanner_pane):
for pane in self.get_is_scanner_panes():
if pane == scanner_pane:
return True
return False
def get_is_scanner_panes(self):
return self.is_scanner_panes
def set_vuln_tree(self):
self.vuln_tree = DefaultMutableTreeNode("HUNT Scanner")
vulns = self.json["issues"]
# TODO: Sort the functionality by name and by vuln class
for vuln_name in sorted(vulns):
vuln = DefaultMutableTreeNode(vuln_name)
self.vuln_tree.add(vuln)
parameters = self.json["issues"][vuln_name]["params"]
for parameter in sorted(parameters):
param_node = DefaultMutableTreeNode(parameter)
vuln.add(param_node)
self.vuln_tree.add(DefaultMutableTreeNode("Settings"))
# Creates a JTree object from the checklist
def set_tree(self):
self.tree = JTree(self.vuln_tree)
self.tree.getSelectionModel().setSelectionMode(
TreeSelectionModel.SINGLE_TREE_SELECTION)
def get_tree(self):
return self.tree
def set_scanner_table_models(self):
issues = self.issues
for issue in issues:
issue_name = issue["name"]
issue_param = issue["param"]
self.create_scanner_table_model(issue_name, issue_param)
# Creates the tabs dynamically using data from the JSON file
def set_scanner_panes(self):
for issue in self.issues:
issue_name = issue["name"]
issue_param = issue["param"]
key = issue_name + "." + issue_param
top_pane = self.create_request_list_pane(issue_name)
bottom_pane = self.create_tabbed_pane()
scanner_pane = JSplitPane(JSplitPane.VERTICAL_SPLIT, top_pane,
bottom_pane)
self.scanner_panes[key] = scanner_pane
def get_scanner_panes(self):
return self.scanner_panes
def create_request_list_pane(self, issue_name):
request_list_pane = JScrollPane()
return request_list_pane
# Creates a JTabbedPane for each vulnerability per functionality
def create_tabbed_pane(self):
tabbed_pane = JTabbedPane()
tabbed_pane.add("Advisory", JScrollPane())
tabbed_pane.add("Request", JScrollPane())
tabbed_pane.add("Response", JScrollPane())
self.tabbed_pane = tabbed_pane
return tabbed_pane
def get_settings(self):
return self.settings
def set_settings(self):
self.settings = JPanel()
layout = GroupLayout(self.settings)
self.settings.setLayout(layout)
layout.setAutoCreateGaps(True)
load_file_button = JButton("Load JSON File")
load_file_button.setActionCommand("load")
load_file_button.addActionListener(
SettingsAction(self, load_file_button, None))
save_file_button = JButton("Save JSON File")
save_file_button.setActionCommand("save")
save_file_button.addActionListener(
SettingsAction(self, save_file_button, self.scanner_panes))
horizontal_group1 = layout.createParallelGroup(
GroupLayout.Alignment.LEADING)
horizontal_group1.addComponent(load_file_button)
horizontal_group1.addComponent(save_file_button)
horizontal_group = layout.createSequentialGroup()
horizontal_group.addGroup(horizontal_group1)
layout.setHorizontalGroup(horizontal_group)
vertical_group1 = layout.createParallelGroup(
GroupLayout.Alignment.BASELINE)
vertical_group1.addComponent(load_file_button)
vertical_group2 = layout.createParallelGroup(
GroupLayout.Alignment.BASELINE)
vertical_group2.addComponent(save_file_button)
vertical_group = layout.createSequentialGroup()
vertical_group.addGroup(vertical_group1)
vertical_group.addGroup(vertical_group2)
layout.setVerticalGroup(vertical_group)
def set_tsl(self):
tsl = TSL(self)
self.tree.addTreeSelectionListener(tsl)
return
def set_pane(self):
status = JTextArea()
status.setLineWrap(True)
status.setText("Nothing selected")
self.status = status
request_list_pane = JScrollPane()
scanner_pane = JSplitPane(JSplitPane.VERTICAL_SPLIT, request_list_pane,
self.tabbed_pane)
self.pane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT,
JScrollPane(self.tree), scanner_pane)
self.pane.setDividerLocation(310)
self.pane.getLeftComponent().setMinimumSize(Dimension(310, 300))
def get_pane(self):
return self.pane
# TODO: Move all scanner table functions into its own ScannerTable class
# as well as ScannerTableModel for all scanner table model functions
def create_scanner_table_model(self, issue_name, issue_param):
key = issue_name + "." + issue_param
is_model_exists = key in self.scanner_table_models
if is_model_exists:
return
scanner_table_model = ScannerTableModel()
scanner_table_model.addColumn("")
scanner_table_model.addColumn("Parameter")
scanner_table_model.addColumn("Host")
scanner_table_model.addColumn("Path")
scanner_table_model.addColumn("ID")
self.scanner_table_models[key] = scanner_table_model
def set_scanner_table_model(self, scanner_issue, issue_name, issue_param,
vuln_param):
key = issue_name + "." + vuln_param
scanner_issue_id = str(
scanner_issue.getRequestResponse()).split("@")[1]
scanner_table_model = self.scanner_table_models[key]
# Using the addRow() method requires that the data type being passed to be of type
# Vector() or Object(). Passing a Python object of type list in addRow causes a type
# conversion error of sorts which presents as an ArrayOutOfBoundsException. Therefore,
# row is an instantiation of Object() to avoid this error.
row = Object()
row = [
False, issue_param,
scanner_issue.getHttpService().getHost(),
scanner_issue.getPath(), scanner_issue_id
]
scanner_table_model.addRow(row)
# Wait for ScannerTableModel to update as to not get an ArrayOutOfBoundsException.
Thread.sleep(500)
scanner_table_model.fireTableDataChanged()
scanner_table_model.fireTableStructureChanged()
def get_scanner_table_model(self, issue_name, issue_param):
key = issue_name + "." + issue_param
return self.scanner_table_models[key]
def set_scanner_pane(self, scanner_pane, issue_name, issue_param):
key = issue_name + "." + issue_param
request_table_pane = scanner_pane.getTopComponent()
if key in self.scanner_tables:
scanner_table = self.scanner_tables[key]
else:
scanner_table = self.create_scanner_table(scanner_pane, issue_name,
issue_param)
self.scanner_tables[key] = scanner_table
request_table_pane.getViewport().setView(scanner_table)
request_table_pane.revalidate()
request_table_pane.repaint()
def create_scanner_table(self, scanner_pane, issue_name, issue_param):
scanner_table_model = self.get_scanner_table_model(
issue_name, issue_param)
scanner_table = JTable(scanner_table_model)
scanner_table.getColumnModel().getColumn(0).setMaxWidth(10)
scanner_table.putClientProperty("terminateEditOnFocusLost", True)
scanner_table_listener = ScannerTableListener(self, scanner_table,
issue_name, issue_param)
scanner_table_model.addTableModelListener(scanner_table_listener)
scanner_table_list_listener = IssueListener(self, scanner_table,
scanner_pane, issue_name,
issue_param)
scanner_table.getSelectionModel().addListSelectionListener(
scanner_table_list_listener)
return scanner_table
# Takes into account if there are more than one scanner issues that share the same hostname, path, name, param, and id
def set_tabbed_pane(self, scanner_pane, request_list, issue_hostname,
issue_path, issue_name, issue_param, scanner_issue_id):
tabbed_pane = scanner_pane.getBottomComponent()
scanner_issues = self.get_scanner_issues()
current_issue = self.set_current_issue(scanner_issues, issue_hostname,
issue_path, issue_name,
issue_param, scanner_issue_id)
advisory_tab_pane = self.set_advisory_tab_pane(current_issue)
tabbed_pane.setComponentAt(0, advisory_tab_pane)
request_tab_pane = self.set_request_tab_pane(current_issue)
tabbed_pane.setComponentAt(1, request_tab_pane)
response_tab_pane = self.set_response_tab_pane(current_issue)
tabbed_pane.setComponentAt(2, response_tab_pane)
def set_current_issue(self, scanner_issues, issue_hostname, issue_path,
issue_name, issue_param, scanner_issue_id):
for scanner_issue in scanner_issues:
is_same_hostname = scanner_issue.getHostname() == issue_hostname
is_same_path = scanner_issue.getPath() == issue_path
is_same_name = scanner_issue.getIssueName() == issue_name
is_same_param = scanner_issue.getParameter() == issue_param
is_same_id = str(scanner_issue.getRequestResponse()).split(
"@")[1] == scanner_issue_id
is_same_issue = is_same_hostname and is_same_path and is_same_name and is_same_param and is_same_id
if is_same_issue:
return scanner_issue
def set_advisory_tab_pane(self, scanner_issue):
advisory_pane = JEditorPane()
advisory_pane.setEditable(False)
advisory_pane.setEnabled(True)
advisory_pane.setContentType("text/html")
link_listener = LinkListener()
advisory_pane.addHyperlinkListener(link_listener)
advisory = "<html><b>Location</b>: {}<br><br>{}</html>"
advisory_pane.setText(
advisory.format(scanner_issue.getUrl().encode("utf-8"),
scanner_issue.getIssueDetail()))
return JScrollPane(advisory_pane)
def set_request_tab_pane(self, scanner_issue):
request_response = scanner_issue.getRequestResponse()
controller = MessageController(request_response)
message_editor = self.callbacks.createMessageEditor(controller, True)
message_editor.setMessage(request_response.getRequest(), True)
component = message_editor.getComponent()
return component
def set_response_tab_pane(self, scanner_issue):
request_response = scanner_issue.getRequestResponse()
controller = MessageController(request_response)
message_editor = self.callbacks.createMessageEditor(controller, True)
message_editor.setMessage(request_response.getResponse(), False)
component = message_editor.getComponent()
return component
def traverse_tree(self, tree, model, issue_name, issue_param, issue_count,
total_count):
root = model.getRoot()
count = int(root.getChildCount())
traverse = {}
for i in range(count):
node = model.getChild(root, i)
traverse["node"] = node
tree_issue_name = node.toString()
is_issue_name = re.search(issue_name, tree_issue_name)
if is_issue_name:
child_count = node.getChildCount()
for j in range(child_count):
child = node.getChildAt(j)
traverse["child"] = child
tree_param_name = child.toString()
is_param_name = re.search(issue_param, tree_param_name)
if is_param_name:
traverse["param_text"] = issue_param + " (" + str(
issue_count) + ")"
break
traverse["issue_text"] = issue_name + " (" + str(
total_count) + ")"
break
return traverse
def set_scanner_count(self, issue_name, issue_param, issue_count,
total_count):
tree = self.get_tree()
model = tree.getModel()
traverse = self.traverse_tree(tree, model, issue_name, issue_param,
issue_count, total_count)
node = traverse["node"]
child = traverse["child"]
child.setUserObject(traverse["param_text"])
model.nodeChanged(child)
model.reload(node)
node.setUserObject(traverse["issue_text"])
model.nodeChanged(node)
model.reload(node)
class InfoFrame(JFrame):
def __init__(self, title=""):
JFrame.__init__(self, title)
self.size = 400,500
self.windowClosing = self.closing
label = JLabel(text="Class Name:")
label.horizontalAlignment = JLabel.RIGHT
tpanel = JPanel(layout = awt.FlowLayout())
self.text = JTextField(20, actionPerformed = self.entered)
btn = JButton("Enter", actionPerformed = self.entered)
tpanel.add(label)
tpanel.add(self.text)
tpanel.add(btn)
bpanel = JPanel()
self.tree = JTree(default_tree())
scrollpane = JScrollPane(self.tree)
scrollpane.setMinimumSize(awt.Dimension(200,200))
scrollpane.setPreferredSize(awt.Dimension(350,400))
bpanel.add(scrollpane)
bag = GridBag(self.contentPane)
bag.addRow(tpanel, fill='HORIZONTAL', weightx=1.0, weighty=0.5)
bag.addRow(bpanel, fill='BOTH', weightx=0.5, weighty=1.0)
def closing(self, event):
self.hide()
self.dispose()
def entered(self, event):
name = self.text.getText()
try:
mod = __import__(name)
components = name.split('.')
for comp in components[1:]:
mod = getattr(mod, comp)
except ImportError:
mod = None
self.setupTree("Invalid Class", {})
return None
edict, pdict, mdict = getBeanInfo(mod)
pedict = parseEventDict(edict)
ppdict = parsePropDict(pdict)
pmdict = parseMethDict(mdict)
self.setupTree(mod.__name__, pedict, ppdict, pmdict)
def setupTree(self, top, pedict, ppdict, pmdict):
tree_model = SampleModel(top)
events = tree_model.addNode("Events",["<<Events of the class and its ancestors>>"])
props = tree_model.addNode("Properties",["<<Properties of the class and its ancestors>>"])
meths = tree_model.addNode("Methods",["<<Methods of the class and its ancestors>>"])
for key in pedict.keys():
tree_model.addNode(key, pedict[key], parent=events)
for key in ppdict.keys():
tree_model.addNode(key, ppdict[key], parent=props)
for key in pmdict.keys():
tree_model.addNode(key, pmdict[key], parent=meths)
self.tree.setModel(tree_model)
class InfoFrame(JFrame):
def __init__(self, title=""):
JFrame.__init__(self, title)
self.size = 400, 500
self.windowClosing = self.closing
label = JLabel(text="Class Name:")
label.horizontalAlignment = JLabel.RIGHT
tpanel = JPanel(layout=awt.FlowLayout())
self.text = JTextField(20, actionPerformed=self.entered)
btn = JButton("Enter", actionPerformed=self.entered)
tpanel.add(label)
tpanel.add(self.text)
tpanel.add(btn)
bpanel = JPanel()
self.tree = JTree(default_tree())
scrollpane = JScrollPane(self.tree)
scrollpane.setMinimumSize(awt.Dimension(200, 200))
scrollpane.setPreferredSize(awt.Dimension(350, 400))
bpanel.add(scrollpane)
bag = GridBag(self.contentPane)
bag.addRow(tpanel, fill='HORIZONTAL', weightx=1.0, weighty=0.5)
bag.addRow(bpanel, fill='BOTH', weightx=0.5, weighty=1.0)
def closing(self, event):
self.hide()
self.dispose()
def entered(self, event):
name = self.text.getText()
try:
mod = __import__(name)
components = name.split('.')
for comp in components[1:]:
mod = getattr(mod, comp)
except ImportError:
mod = None
self.setupTree("Invalid Class", {})
return None
edict, pdict, mdict = getBeanInfo(mod)
pedict = parseEventDict(edict)
ppdict = parsePropDict(pdict)
pmdict = parseMethDict(mdict)
self.setupTree(mod.__name__, pedict, ppdict, pmdict)
def setupTree(self, top, pedict, ppdict, pmdict):
tree_model = SampleModel(top)
events = tree_model.addNode(
"Events", ["<<Events of the class and its ancestors>>"])
props = tree_model.addNode(
"Properties", ["<<Properties of the class and its ancestors>>"])
meths = tree_model.addNode(
"Methods", ["<<Methods of the class and its ancestors>>"])
for key in pedict.keys():
tree_model.addNode(key, pedict[key], parent=events)
for key in ppdict.keys():
tree_model.addNode(key, ppdict[key], parent=props)
for key in pmdict.keys():
tree_model.addNode(key, pmdict[key], parent=meths)
self.tree.setModel(tree_model)
def main(*args):
model = createNewModel()
jtree = JTree(model)
l = Tabed1(model)
l.showTool("JTREE")
class TestSuitePanel(JPanel, Dockable, GraphMouseListener):
''' Show an expandable list of the test entites {suites,cases,methods} '''
#
# Constructor
#
def __init__(self):
self.myParent = None
#com.hp.hpl.guess.ui.GraphEvents.getGraphEvents().addGraphMouseListener(self)
self.__initTree()
self.setBounds(self.getDefaultFrameBounds())
ui.dock(self)
#
# JTree Setup
#
def __initTree(self):
''' construct the suite tree '''
top = DefaultMutableTreeNode("RootSuite")
self.__createNodes(top)
self.tree = JTree(top)
self.__setupRenderer()
self.scrollpane = JScrollPane(self.tree)
self.add(self.scrollpane,self.__setupLayout())
self.tree.addTreeSelectionListener(NodeHighlighter())
self.tree.addMouseListener(TreeMouseListener())
def __setupRenderer(self):
renderer = DefaultTreeCellRenderer()
renderer.setOpenIcon(None)
renderer.setClosedIcon(None)
renderer.setLeafIcon(None)
self.tree.setCellRenderer(renderer);
def __setupLayout(self):
self.setLayout(GridBagLayout())
constr = GridBagConstraints()
constr.weighty = 1
constr.weightx = 1
constr.gridx = 0
constr.gridy = 1
constr.fill = GridBagConstraints.BOTH
return constr
def __createNodes(self, top):
''' build the tree, by adding packages, testcases and commands '''
for pkg in (entity == 'package'):
pkgNode = DefaultMutableTreeNode(pkg.name)
top.add(pkgNode)
self.__appendCases(pkg, pkgNode)
#
# Node builders
#
def __appendCases(self, pkg, pkgNode):
''' append the test cases of a single package to the tree '''
testcases = [edge.getNode2() for edge in (pkg->g.nodes)]
testcases.sort(cmpTc)
for tc in testcases:
tcNode = DefaultMutableTreeNode(tc.label.split('::')[-1])
pkgNode.add(tcNode)
self.__appendCommands(tc, tcNode)
self.__appendFixture(tc, tcNode)
self.__appendHelpers(tc, tcNode)
def __appendCaseMethodsHelper(self, case, caseNode, metaName, entityName):
''' helper for appendCommands, appendFixture & appendHelpers '''
mtdMeta = DefaultMutableTreeNode(metaName)
caseNode.add(mtdMeta)
mtds = [edge.getNode2() for edge in case->(entity == entityName)]
mtds.sort(cmpTc)
for mtd in mtds:
mtdNode = DefaultMutableTreeNode(mtd.label)
mtdMeta.add(mtdNode)
def __appendCommands(self, case, caseNode):
''' append the test commands of a single testcase to the tree '''
self.__appendCaseMethodsHelper(case, caseNode, "commands", "testcommand")
def __appendFixture(self, case, caseNode):
''' append the test fixture methods of a single testcase to the tree'''
self.__appendCaseMethodsHelper(case, caseNode, "fixture", "testfixture")
def __appendHelpers(self, case, caseNode):
#''' append the test helper methods of a single testcase to the tree'''
self.__appendCaseMethodsHelper(case, caseNode, "helpers", "testhelper")
#
# Implementation of Dockable interface
#
def getDefaultFrameBounds(self):
return Rectangle(50, 50, 300, 600)
def getPreferredSize(self):
return Dimension(200,600)
def getDirectionPreference(self):
return 2 # vertical
def opening(self, state):
self.visible = state
def attaching(self, state):
pass
def getTitle(self):
return("testcases")
def getWindow(self):
return self.myParent
def setWindow(self,gjf):
self.myParent = gjf
class BurpExtender(IBurpExtender, ITab, IHttpListener, IMessageEditorController, AbstractTableModel, IContextMenuFactory, IHttpRequestResponseWithMarkers, ITextEditor):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
#Initialize callbacks to be used later
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Trishul")
self._log = ArrayList()
#_log used to store our outputs for a URL, which is retrieved later by the tool
self._lock = Lock()
#Lock is used for locking threads while updating logs in order such that no multiple updates happen at once
self.intercept = 0
self.FOUND = "Found"
self.CHECK = "Possible! Check Manually"
self.NOT_FOUND = "Not Found"
#Static Values for output
#Initialize GUI
self.issuesTab()
self.advisoryReqResp()
self.configTab()
self.tabsInit()
self.definecallbacks()
print("Thank You for Installing Trishul")
return
#
#Initialize Issues Tab displaying the JTree
#
def issuesTab(self):
self.root = DefaultMutableTreeNode('Issues')
frame = JFrame("Issues Tree")
self.tree = JTree(self.root)
self.rowSelected = ''
self.tree.addMouseListener(mouseclick(self))
self.issuepanel = JScrollPane()
self.issuepanel.setPreferredSize(Dimension(300,450))
self.issuepanel.getViewport().setView((self.tree))
frame.add(self.issuepanel,BorderLayout.CENTER)
#
#Adding Issues to Issues TreePath
#
def addIssues(self, branch, branchData=None):
if branchData == None:
branch.add(DefaultMutableTreeNode('No valid data'))
else:
for item in branchData:
branch.add(DefaultMutableTreeNode(item))
#
#Initialize the Config Tab to modify tool settings
#
def configTab(self):
Config = JLabel("Config")
self.startButton = JToggleButton("Intercept Off", actionPerformed=self.startOrStop)
self.startButton.setBounds(40, 30, 200, 30)
self.autoScroll = JCheckBox("Auto Scroll")
self.autoScroll.setBounds(40, 80, 200, 30)
self.xsscheck = JCheckBox("Detect XSS")
self.xsscheck.setSelected(True)
self.xsscheck.setBounds(40, 110, 200, 30)
self.sqlicheck = JCheckBox("Detect SQLi")
self.sqlicheck.setSelected(True)
self.sqlicheck.setBounds(40, 140, 200, 30)
self.ssticheck = JCheckBox("Detect SSTI")
self.ssticheck.setSelected(True)
self.ssticheck.setBounds(40, 170, 200, 30)
self.blindxss = JCheckBox("Blind XSS")
self.blindxss.setBounds(40, 200, 200, 30)
self.BlindXSSText = JTextArea("", 5, 30)
scrollbxssText = JScrollPane(self.BlindXSSText)
scrollbxssText.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
scrollbxssText.setBounds(40, 250, 400, 110)
self.configtab = JPanel()
self.configtab.setLayout(None)
self.configtab.setBounds(0, 0, 300, 300)
self.configtab.add(Config)
self.configtab.add(self.startButton)
self.configtab.add(self.autoScroll)
self.configtab.add(self.xsscheck)
self.configtab.add(self.sqlicheck)
self.configtab.add(self.ssticheck)
self.configtab.add(self.blindxss)
self.configtab.add(scrollbxssText)
#
#Turn Intercept from Proxy on or off
#
def startOrStop(self, event):
if self.startButton.getText() == "Intercept Off":
self.startButton.setText("Intercept On")
self.startButton.setSelected(True)
self.intercept = 1
else:
self.startButton.setText("Intercept Off")
self.startButton.setSelected(False)
self.intercept = 0
#
#Intialize the Advisory, Request and Response Tabs
#
def advisoryReqResp(self):
self.textfield = JEditorPane("text/html", "")
self.kit = HTMLEditorKit()
self.textfield.setEditorKit(self.kit)
self.doc = self.textfield.getDocument()
self.textfield.setEditable(0)
self.advisorypanel = JScrollPane()
self.advisorypanel.getVerticalScrollBar()
self.advisorypanel.setPreferredSize(Dimension(300,450))
self.advisorypanel.getViewport().setView((self.textfield))
self.selectedreq = []
self._requestViewer = self._callbacks.createMessageEditor(self, False)
self._responseViewer = self._callbacks.createMessageEditor(self, False)
self._texteditor = self._callbacks.createTextEditor()
self._texteditor.setEditable(False)
#
#Initialize Trishul Tabs
#
def tabsInit(self):
self.logTable = Table(self)
tableWidth = self.logTable.getPreferredSize().width
self.logTable.getColumn("#").setPreferredWidth(Math.round(tableWidth / 50 * 0.1))
self.logTable.getColumn("Method").setPreferredWidth(Math.round(tableWidth / 50 * 3))
self.logTable.getColumn("URL").setPreferredWidth(Math.round(tableWidth / 50 * 40))
self.logTable.getColumn("Parameters").setPreferredWidth(Math.round(tableWidth / 50 * 1))
self.logTable.getColumn("XSS").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("SQLi").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("SSTI").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.logTable.getColumn("Request Time").setPreferredWidth(Math.round(tableWidth / 50 * 4))
self.tableSorter = TableRowSorter(self)
self.logTable.setRowSorter(self.tableSorter)
self._bottomsplit = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
self._bottomsplit.setDividerLocation(500)
self.issuetab = JTabbedPane()
self.issuetab.addTab("Config",self.configtab)
self.issuetab.addTab("Issues",self.issuepanel)
self._bottomsplit.setLeftComponent(self.issuetab)
self.tabs = JTabbedPane()
self.tabs.addTab("Advisory",self.advisorypanel)
self.tabs.addTab("Request", self._requestViewer.getComponent())
self.tabs.addTab("Response", self._responseViewer.getComponent())
self.tabs.addTab("Highlighted Response", self._texteditor.getComponent())
self._bottomsplit.setRightComponent(self.tabs)
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._splitpane.setDividerLocation(450)
self._splitpane.setResizeWeight(1)
self.scrollPane = JScrollPane(self.logTable)
self._splitpane.setLeftComponent(self.scrollPane)
self.scrollPane.getVerticalScrollBar().addAdjustmentListener(autoScrollListener(self))
self._splitpane.setRightComponent(self._bottomsplit)
#
#Initialize burp callbacks
#
def definecallbacks(self):
self._callbacks.registerHttpListener(self)
self._callbacks.customizeUiComponent(self._splitpane)
self._callbacks.customizeUiComponent(self.logTable)
self._callbacks.customizeUiComponent(self.scrollPane)
self._callbacks.customizeUiComponent(self._bottomsplit)
self._callbacks.registerContextMenuFactory(self)
self._callbacks.addSuiteTab(self)
#
#Menu Item to send Request to Trishul
#
def createMenuItems(self, invocation):
responses = invocation.getSelectedMessages()
if responses > 0:
ret = LinkedList()
requestMenuItem = JMenuItem("Send request to Trishul")
for response in responses:
requestMenuItem.addActionListener(handleMenuItems(self,response, "request"))
ret.add(requestMenuItem)
return ret
return None
#
#Highlighting Response
#
def markHttpMessage( self, requestResponse, responseMarkString ):
responseMarkers = None
if responseMarkString:
response = requestResponse.getResponse()
responseMarkBytes = self._helpers.stringToBytes( responseMarkString )
start = self._helpers.indexOf( response, responseMarkBytes, False, 0, len( response ) )
if -1 < start:
responseMarkers = [ array( 'i',[ start, start + len( responseMarkBytes ) ] ) ]
requestHighlights = [array( 'i',[ 0, 5 ] )]
return self._callbacks.applyMarkers( requestResponse, requestHighlights, responseMarkers )
def getTabCaption(self):
return "Trishul"
def getUiComponent(self):
return self._splitpane
#
#Table Model to display URL's and results based on the log size
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 8
def getColumnName(self, columnIndex):
data = ['#','Method', 'URL', 'Parameters', 'XSS', 'SQLi', "SSTI", "Request Time"]
try:
return data[columnIndex]
except IndexError:
return ""
def getColumnClass(self, columnIndex):
data = [Integer, String, String, Integer, String, String, String, String]
try:
return data[columnIndex]
except IndexError:
return ""
#Get Data stored in log and display in the respective columns
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return rowIndex+1
if columnIndex == 1:
return logEntry._method
if columnIndex == 2:
return logEntry._url.toString()
if columnIndex == 3:
return len(logEntry._parameter)
if columnIndex == 4:
return logEntry._XSSStatus
if columnIndex == 5:
return logEntry._SQLiStatus
if columnIndex == 6:
return logEntry._SSTIStatus
if columnIndex == 7:
return logEntry._req_time
return ""
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
#For Intercepted requests perform tests in scope
def processHttpMessage(self, toolFlag, messageIsRequest, messageInf):
if self.intercept == 1:
if toolFlag == self._callbacks.TOOL_PROXY:
if not messageIsRequest:
requestInfo = self._helpers.analyzeRequest(messageInf)
requeststr = requestInfo.getUrl()
parameters = requestInfo.getParameters()
param_new = [p for p in parameters if p.getType() != 2]
if len(param_new) != 0:
if self._callbacks.isInScope(URL(str(requeststr))):
start_new_thread(self.sendRequestToTrishul,(messageInf,))
return
#
#Main processing of Trishul
#
def sendRequestToTrishul(self,messageInfo):
request = messageInfo.getRequest()
req_time = datetime.datetime.today()
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
messageInfo = self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), request)
resp_time = datetime.datetime.today()
time_taken = (resp_time - req_time).total_seconds()
response = messageInfo.getResponse()
#initialozations of default value
SQLiimp = self.NOT_FOUND
SSTIimp = self.NOT_FOUND
XSSimp = self.NOT_FOUND
Comp_req = messageInfo
requestInfo = self._helpers.analyzeRequest(messageInfo)
self.content_resp = self._helpers.analyzeResponse(response)
requestURL = requestInfo.getUrl()
parameters = requestInfo.getParameters()
requeststring = self._helpers.bytesToString(request)
headers = requestInfo.getHeaders()
#Used to obtain GET, POST and JSON parameters from burp api
param_new = [p for p in parameters if p.getType() == 0 or p.getType() == 1 or p.getType() == 6]
i = 0
xssflag=0
sqliflag=0
sstiflag=0
resultxss = []
resultsqli = []
resultssti = []
xssreqresp = []
sqlireqresp = []
sstireqresp = []
ssti_description = []
sqli_description = []
xss_description = []
for i in range(len(param_new)):
name = param_new[i].getName()
ptype = param_new[i].getType()
param_value = param_new[i].getValue()
#check XSS if ticked
if self.xsscheck.isSelected():
score = 0
flag1 = 0
XSSimp = self.NOT_FOUND
payload_array = ["<", ">", "\\\\'asd", "\\\\\"asd", "\\", "'\""]
json_payload_array = ["<", ">", "\\\\'asd", "\\\"asd", "\\", "\'\\\""]
payload_all = ""
json_payload = ""
rand_str = "testtest"
for payload in payload_array:
payload_all = payload_all+rand_str+payload
payload_all = URLEncoder.encode(payload_all, "UTF-8")
for payload in json_payload_array:
json_payload = json_payload+rand_str+payload
json_payload = URLEncoder.encode(json_payload, "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
response = attack.getResponse()
response_str = self._helpers.bytesToString(response)
xssreqresp.append(attack)
if_found_payload = ""
non_encoded_symbols = ""
for check_payload in payload_array:
if_found_payload = rand_str+check_payload
if if_found_payload in response_str:
non_encoded_symbols = non_encoded_symbols+"<br>"+check_payload.replace('<', '<')
score = score+1
flag1 = 1
if score > 2: XSSimp = self.CHECK
if score > 3: XSSimp = self.FOUND
xssflag = self.checkBetterScore(score,xssflag)
if non_encoded_symbols == " \\\\'asd":
XSSimp = self.NOT_FOUND
if non_encoded_symbols != '':
xss_description.append("The Payload <b>" + payload_all.replace('<', '<') + "</b> was passed in the request for the paramater <b>" + self._helpers.urlDecode(name) + "</b>. Some Tags were observed in the output unfiltered. A payload can be generated with the observed tags.<br>Symbols not encoded for parameter <b>" + name + "</b>: " + non_encoded_symbols)
else:
xss_description.append("")
else:
XSSimp = "Disabled"
resultxss.append(XSSimp)
if self.sqlicheck.isSelected():
SQLiimp = self.NOT_FOUND
score = 0
value = "%27and%28select%2afrom%28select%28sleep%285%29%29%29a%29--"
orig_time = datetime.datetime.today()
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, value, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+value)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+value+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack1 = self.makeRequest(Comp_req, updated_request)
response1 = attack1.getResponse()
new_time = datetime.datetime.today()
response_str1 = self._helpers.bytesToString(response1)
sqlireqresp.append(attack1)
diff = (new_time - orig_time).total_seconds()
if (diff - time_taken) > 3:
score = 4
self.error_array = ["check the manual that corresponds to your", "You have an error", "syntax error", "SQL syntax", "SQL statement", "ERROR:", "Error:", "MySQL","Warning:","mysql_fetch_array()"]
found_text = ""
for error in self.error_array:
if error in response_str1:
found_text = found_text + error
score = score + 1
if score > 1: SQLiimp = self.CHECK
if score > 2: SQLiimp = self.FOUND
sqliflag = self.checkBetterScore(score,sqliflag)
if found_text != '':
sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. Some errors were generated in the response which confirms that there is an Error based SQLi. Please check the request and response for this parameter")
elif (diff - time_taken) > 3:
sqli_description.append("The payload <b>"+self._helpers.urlDecode(value)+"</b> was passed in the request for parameter <b>"+self._helpers.urlDecode(name)+"</b>. The response was in a delay of <b>"+str(diff)+"</b> seconds as compared to original <b>"+str(time_taken)+"</b> seconds. This indicates that there is a time based SQLi. Please check the request and response for this parameter")
else:
sqli_description.append("")
else:
SQLiimp = "Disabled"
resultsqli.append(SQLiimp)
if self.ssticheck.isSelected():
score = 0
SSTIimp = self.NOT_FOUND
payload_array = ["${123*456}", "<%=123*567%>", "{{123*678}}"]
json_payload_array = ["$\{123*456\}", "<%=123*567%>", "\{\{123*678\}\}"]
payload_all = ""
rand_str = "jjjjjjj"
json_payload = ""
for payload in payload_array:
payload_all = payload_all+rand_str+payload
for payload in json_payload_array:
json_payload = json_payload+rand_str+payload
payload_all = URLEncoder.encode(payload_all, "UTF-8")
json_payload = URLEncoder.encode(json_payload, "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, payload_all, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_payload)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_payload+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
response = attack.getResponse()
response_str = self._helpers.bytesToString(response)
self.expected_output = ["56088","69741","83394","3885","777777777777777"]
for output in self.expected_output:
if_found_payload = rand_str+output
if if_found_payload in response_str:
if output == self.expected_output[0]:
sstireqresp.append(attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Java</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>56088</b>")
score = 2
if output == self.expected_output[1]:
sstireqresp.append(attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Ruby</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>69741</b>")
score = 2
if output == self.expected_output[2]:
payload_new = "{{5*'777'}}"
json_payload_ssti = "\{\{5*'777'\}\}"
payload = URLEncoder.encode("{{5*'777'}}", "UTF-8")
json_ssti = URLEncoder.encode("\{\{5*'777'\}\}", "UTF-8")
if ptype == 0 or ptype == 1:
new_paramters = self._helpers.buildParameter(name, payload, ptype)
ssti_updated_request = self._helpers.updateParameter(request, new_paramters)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+json_ssti)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+json_ssti+"\"")
ssti_updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
self.ssti_attack = self.makeRequest(Comp_req, ssti_updated_request)
ssti_response = self.ssti_attack.getResponse()
ssti_response_str = self._helpers.bytesToString(ssti_response)
if self.expected_output[3] in ssti_response_str:
sstireqresp.append(self.ssti_attack)
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Twig</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>3885</b>")
score = 2
elif self.expected_output[4] in ssti_response_str:
sstireqresp.append(self.ssti_attack)
self.responseMarkString = "777777777777777"
ssti_description.append("Parameter <b>" + self._helpers.urlDecode(name) + "</b> is using <b>Jinja2</b> Template<br>The value <b>" + payload_new + "</b> was passed which gave result as <b>777777777777777</b>")
score = 2
if score > 0: SSTIimp = self.CHECK
if score > 1: SSTIimp = self.FOUND
sstiflag = self.checkBetterScore(score,sstiflag)
else:
SSTIimp = "Disabled"
resultssti.append(SSTIimp)
if self.blindxss.isSelected():
blindxss_value = self.BlindXSSText.getText()
if ptype == 0 or ptype == 1:
new_paramters_value = self._helpers.buildParameter(name, blindxss_value, ptype)
updated_request = self._helpers.updateParameter(request, new_paramters_value)
else:
jsonreq = re.search(r"\s([{\[].*?[}\]])$", requeststring).group(1)
new = jsonreq.split(name+"\":",1)[1]
if new.startswith('\"'):
newjsonreq = jsonreq.replace(name+"\":\""+param_value,name+"\":\""+blindxss_value)
else:
newjsonreq = jsonreq.replace(name+"\":"+param_value,name+"\":\""+blindxss_value+"\"")
updated_request = self._helpers.buildHttpMessage(headers, newjsonreq)
attack = self.makeRequest(Comp_req, updated_request)
if XSSimp != "Disabled":
if xssflag > 3: XSSimp = self.FOUND
elif xssflag > 2: XSSimp = self.CHECK
else: XSSimp = self.NOT_FOUND
if SSTIimp != "Disabled":
if sstiflag > 1: SSTIimp = self.FOUND
elif sstiflag > 0: SSTIimp = self.CHECK
else: SSTIimp = self.NOT_FOUND
if SQLiimp != "Disabled":
if sqliflag > 3: SQLiimp = self.FOUND
elif sqliflag > 2: SQLiimp = self.CHECK
else: SQLiimp = self.NOT_FOUND
self.addToLog(messageInfo, XSSimp, SQLiimp, SSTIimp, param_new, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp , xss_description, sqli_description, ssti_description, req_time.strftime('%H:%M:%S %m/%d/%y'))
#
#Function used to check if the score originally and mentioned is better
#
def checkBetterScore(self, score, ogscore):
if score > ogscore:
ogscore = score
return ogscore
def makeRequest(self, messageInfo, message):
request = messageInfo.getRequest()
requestURL = self._helpers.analyzeRequest(messageInfo).getUrl()
return self._callbacks.makeHttpRequest(self._helpers.buildHttpService(str(requestURL.getHost()), int(requestURL.getPort()), requestURL.getProtocol() == "https"), message)
def addToLog(self, messageInfo, XSSimp, SQLiimp, SSTIimp, parameters, resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description, req_time):
requestInfo = self._helpers.analyzeRequest(messageInfo)
method = requestInfo.getMethod()
self._lock.acquire()
row = self._log.size()
self._log.add(LogEntry(self._callbacks.saveBuffersToTempFiles(messageInfo), requestInfo.getUrl(),method,XSSimp,SQLiimp,SSTIimp,req_time, parameters,resultxss, resultsqli, resultssti, xssreqresp, sqlireqresp, sstireqresp, xss_description, sqli_description, ssti_description)) # same requests not include again.
SwingUtilities.invokeLater(UpdateTableEDT(self,"insert",row,row))
self._lock.release()
