class MainWindows(QtWidgets.QMainWindow, Ui_MainWindow):
def __init__(self, parent=None):
super(MainWindows, self).__init__(parent)
self.Ui = Ui_MainWindow()
self.Ui.setupUi(self)
self.about_text = "\t\t\tAbout\n 此程序为CTF密码学辅助工具,可进行常见的编码、解码、加密、解密操作,请勿非法使用!\n\t\t\tPowered by qianxiao996"
self.author_text = "作者邮箱:[email protected]\n作者主页:https://blog.qianxiao996.cn\nGithub:https://github.com/qianxiao996"
self.setWindowTitle('CTF-Tools V 1.2.1 202000503 By qianxiao996 ')
self.setFixedSize(self.width(), self.height()) ##设置宽高不可变
self.setWindowIcon(QtGui.QIcon('./logo.ico'))
self.Ui.Source_clear_Button.clicked.connect(
lambda: self.Ui.Source_text.clear()) # clear_source
self.Ui.Result_clear_Button.clicked.connect(
lambda: self.Ui.Result_text.clear()) # clear_result
self.Ui.Source_Copy_Button.clicked.connect(
lambda: self.Copy_text('Source')) # copy_source
self.Ui.Result_Copy_Button.clicked.connect(
lambda: self.Copy_text('result')) # copy_result
self.Ui.Source_tihuan_Button.clicked.connect(
lambda: self.tihuan('Source')) # tihuan_source
self.Ui.Result_tihuan_Button.clicked.connect(
lambda: self.tihuan('result')) # tihuan_result
self.Ui.Source_Paste_Button.clicked.connect(
lambda: self.paste('Source')) # paste_Source
self.Ui.Result_Paste_Button.clicked.connect(
lambda: self.paste('result')) # paste_result
#encode
self.Ui.actionURL_UTF8_encode.triggered.connect(
lambda: self.encode(self.Ui.actionURL_UTF8_encode.text()))
self.Ui.actionURL_GB2312_encode.triggered.connect(
lambda: self.encode(self.Ui.actionURL_GB2312_encode.text()))
self.Ui.actionUnicode_encode.triggered.connect(
lambda: self.encode(self.Ui.actionUnicode_encode.text()))
self.Ui.actionEscape_U_encode.triggered.connect(
lambda: self.encode(self.Ui.actionEscape_U_encode.text()))
self.Ui.actionHtmlEncode_encode.triggered.connect(
lambda: self.encode(self.Ui.actionHtmlEncode_encode.text()))
self.Ui.actionASCII_encode.triggered.connect(
lambda: self.encode(self.Ui.actionASCII_encode.text()))
self.Ui.actionBase16_encode.triggered.connect(
lambda: self.encode(self.Ui.actionBase16_encode.text()))
self.Ui.actionBase32_encode.triggered.connect(
lambda: self.encode(self.Ui.actionBase32_encode.text()))
self.Ui.actionBase64_encode.triggered.connect(
lambda: self.encode(self.Ui.actionBase64_encode.text()))
self.Ui.actionStr_Hex_encode.triggered.connect(
lambda: self.encode(self.Ui.actionStr_Hex_encode.text()))
self.Ui.actionShellcode_encode.triggered.connect(
lambda: self.encode(self.Ui.actionShellcode_encode.text()))
self.Ui.actionQwerty_encode.triggered.connect(
lambda: self.encode(self.Ui.actionQwerty_encode.text()))
#decode
self.Ui.actionURL_UTF8_decode.triggered.connect(
lambda: self.decode(self.Ui.actionURL_UTF8_decode.text()))
self.Ui.actionURL_GB2312_decode.triggered.connect(
lambda: self.decode(self.Ui.actionURL_GB2312_decode.text()))
self.Ui.actionUnicode_decode.triggered.connect(
lambda: self.decode(self.Ui.actionUnicode_decode.text()))
self.Ui.actionEscape_U_decode.triggered.connect(
lambda: self.decode(self.Ui.actionEscape_U_decode.text()))
self.Ui.actionHtmlEncode_decode.triggered.connect(
lambda: self.decode(self.Ui.actionHtmlEncode_decode.text()))
self.Ui.actionASCII_decode.triggered.connect(
lambda: self.decode(self.Ui.actionASCII_decode.text()))
self.Ui.actionBase16_decode.triggered.connect(
lambda: self.decode(self.Ui.actionBase16_decode.text()))
self.Ui.actionBase32_decode.triggered.connect(
lambda: self.decode(self.Ui.actionBase32_decode.text()))
self.Ui.actionBase64_decode.triggered.connect(
lambda: self.decode(self.Ui.actionBase64_decode.text()))
self.Ui.actionHex_Str_decode.triggered.connect(
lambda: self.decode(self.Ui.actionHex_Str_decode.text()))
self.Ui.actionShellcode_decode.triggered.connect(
lambda: self.decode(self.Ui.actionShellcode_decode.text()))
self.Ui.actionQwerty_decode.triggered.connect(
lambda: self.decode(self.Ui.actionQwerty_decode.text()))
#encrypt
self.Ui.actionRot13_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.actionRot13_encrypt.text()))
self.Ui.action_kaisa_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_kaisa_encrypt.text()))
self.Ui.action_zhalan_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_zhalan_encrypt.text()))
self.Ui.action_peigen_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_peigen_encrypt.text()))
self.Ui.action_mosi_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_mosi_encrypt.text()))
self.Ui.action_yunying_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_yunying_encrypt.text()))
self.Ui.action_dangpu_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_dangpu_encrypt.text()))
self.Ui.action_sifang_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_sifang_encrypt.text()))
self.Ui.action_weinijiya_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_weinijiya_encrypt.text()))
self.Ui.action_Atbash_encrypt.triggered.connect(
lambda: self.encrypt(self.Ui.action_Atbash_encrypt.text()))
#decrypt
self.Ui.actionRot13_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.actionRot13_decrypt.text()))
self.Ui.action_kaisa_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_kaisa_decrypt.text()))
self.Ui.action_zhalan_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_zhalan_decrypt.text()))
self.Ui.action_peihen_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_peihen_decrypt.text()))
self.Ui.action_mosi_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_mosi_decrypt.text()))
self.Ui.action_yiwei_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_yiwei_decrypt.text()))
self.Ui.action_yunxing_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_yunxing_decrypt.text()))
self.Ui.action_dangpu_decry.triggered.connect(
lambda: self.decrypt(self.Ui.action_dangpu_decry.text()))
self.Ui.action_sifang_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_sifang_decrypt.text()))
self.Ui.action_weinijiya_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_weinijiya_decrypt.text()))
self.Ui.action_Atbash_decrypt.triggered.connect(
lambda: self.decrypt(self.Ui.action_Atbash_decrypt.text()))
#进制转换
self.Ui.action2_8.triggered.connect(
lambda: self.Binary(self.Ui.action2_8.text()))
self.Ui.action2_10.triggered.connect(
lambda: self.Binary(self.Ui.action2_10.text()))
self.Ui.action2_16.triggered.connect(
lambda: self.Binary(self.Ui.action2_16.text()))
self.Ui.action8_2.triggered.connect(
lambda: self.Binary(self.Ui.action8_2.text()))
self.Ui.action8_10.triggered.connect(
lambda: self.Binary(self.Ui.action8_10.text()))
self.Ui.action8_16.triggered.connect(
lambda: self.Binary(self.Ui.action8_16.text()))
self.Ui.action10_2.triggered.connect(
lambda: self.Binary(self.Ui.action10_2.text()))
self.Ui.action10_8.triggered.connect(
lambda: self.Binary(self.Ui.action10_8.text()))
self.Ui.action10_16.triggered.connect(
lambda: self.Binary(self.Ui.action10_16.text()))
self.Ui.action16_2.triggered.connect(
lambda: self.Binary(self.Ui.action16_2.text()))
self.Ui.action16_8.triggered.connect(
lambda: self.Binary(self.Ui.action16_8.text()))
self.Ui.action16_10.triggered.connect(
lambda: self.Binary(self.Ui.action16_10.text()))
self.Ui.action_others.triggered.connect(
lambda: self.Binary(self.Ui.action_others.text()))
self.Ui.actionAbout.triggered.connect(self.about)
self.Ui.actionAuthor.triggered.connect(self.author)
self.readfile()
#其他编码
Othersmenubar = self.menuBar() # 获取窗体的菜单栏
Others = Othersmenubar.addMenu("Others")
for i in json_data:
action = QAction(QIcon('exit.png'), i, self)
Others.addAction(action)
Others.triggered[QAction].connect(self.show_json)
def show_json(self, q):
# print(q.text())
self.data_form = Ui_data()
self.dialog = QtWidgets.QDialog(self)
self.data_form.setupUi(self.dialog)
self.data_form.textEdit.setText(json_data[q.text()])
self.data_form.textEdit.moveCursor(QTextCursor.Start)
self.data_form.textEdit.moveCursor(QtGui.QTextCursor.End,
QTextCursor.MoveAnchor) # 光标移动到最后
self.dialog.show()
def readfile(self):
try:
global json_data
f = open('data.json', 'r', encoding='utf-8')
json_data = json.load(f)
# print(json_data)
f.close()
except Exception as e:
QMessageBox.critical(self, 'Error', str(e))
#编码
def encode(self, encode_type):
try:
result_text = ''
# print(encode_type)
text = self.Ui.Source_text.toPlainText()
if text == '':
return 0
if encode_type == 'URL-UTF8':
text = text.encode('utf-8')
result_text = urllib.parse.quote(text)
if encode_type == 'URL-GB2312':
text = text.encode('gb2312')
result_text = urllib.parse.quote(text)
if encode_type == 'Unicode':
text = text.encode('unicode_escape')
result_text = str(text, encoding='utf-8')
if encode_type == 'Escape(%U)':
text = text.encode('unicode_escape')
result_text = str(text, encoding='utf-8').replace('\\u', '%u')
if encode_type == 'HtmlEncode':
result_text = html.escape(text)
if encode_type == 'ASCII':
result = ''
for i in text:
result = str(result) + str(ord(str(i))) + ' '
result_text = str(result)[:-1]
if encode_type == 'Base16':
text = base64.b16encode(text.encode("utf-8"))
result_text = str(text, encoding='utf-8')
if encode_type == 'Base32':
text = base64.b32encode(text.encode("utf-8"))
result_text = str(text, encoding='utf-8')
if encode_type == 'Base64':
text = base64.b64encode(text.encode("utf-8"))
result_text = str(text, encoding='utf-8')
if encode_type == 'Str-Hex':
result = ''
for i in text:
single = str(hex(ord(str(i))))
result = result + single
result_text = '0x' + (str(result)).replace('0x', '')
if encode_type == 'Shellcode':
result = ''
for i in text:
single = str(hex(ord(str(i))))
result = result + single
result_text = (str(result)).replace('0x', '\\x')
if encode_type == 'Qwerty':
str1 = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM"
str2 = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
result_text = ""
for s in text:
if s != ' ':
result_text = result_text + str1[str2.index(s)]
else:
result_text = result_text + ' '
self.Ui.Result_text.setText(str(result_text))
except Exception as e:
pass
#解码
def decode(self, decode_type):
try:
result_text = ''
# print(decode_type)
text = self.Ui.Source_text.toPlainText()
if text == '':
return 0
if decode_type == 'URL-UTF8':
result_text = str(urllib.parse.unquote(text))
if decode_type == 'URL-GB2312':
result_text = str(urllib.parse.unquote(text, 'gb2312'))
if decode_type == 'Unicode':
result_text = bytes(text,
encoding="utf8").decode('unicode_escape')
if decode_type == 'Escape(%U)':
text = text.replace('%u', '\\u').replace('%U', '\\u')
result_text = bytes(text,
encoding="utf8").decode('unicode_escape')
if decode_type == 'HtmlEncode':
result_text = html.unescape(text)
if decode_type == 'ASCII':
if ':' in text:
text = text.split(":")
if ' ' in text:
text = text.split(" ")
if ';' in text:
text = text.split(";")
if ',' in text:
text = text.split(",")
result = ''
for i in text:
if i != '':
# print(chr(int(i)))
result = result + chr(int(i))
result_text = result
if decode_type == 'Base16':
text = base64.b16decode(text.encode("utf-8"))
result_text = str(text, encoding='utf-8')
if decode_type == 'Base32':
text = base64.b32decode(text.encode("utf-8"))
result_text = str(text, encoding='utf-8')
if decode_type == 'Base64':
text = base64.b64decode(text.encode("utf-8"))
result_text = str(text, encoding='utf-8')
if decode_type == 'Hex-Str':
text = text.replace('0x', '').replace('0X', '')
result_text = str(bytes.fromhex(text), encoding="utf-8")
if decode_type == 'Shellcode':
result = ''
text = text.split('\\x')
for i in text:
single = str(bytes.fromhex(i), encoding="utf-8")
result = result + single
result_text = str(result)
if decode_type == 'Qwerty':
letter = {
'q': 'a',
'w': 'b',
'e': 'c',
'r': 'd',
't': 'e',
'y': 'f',
'u': 'g',
'i': 'h',
'o': 'i',
'p': 'j',
'a': 'k',
's': 'l',
'd': 'm',
'f': 'n',
'g': 'o',
'h': 'p',
'j': 'q',
'k': 'r',
'l': 's',
'z': 't',
'x': 'u',
'c': 'v',
'v': 'w',
'b': 'x',
'n': 'y',
'm': 'z',
'Q': 'A',
'W': 'B',
'E': 'C',
'R': 'D',
'T': 'E',
'Y': 'F',
'U': 'G',
'I': 'H',
'O': 'I',
'P': 'J',
'A': 'K',
'S': 'L',
'D': 'M',
'F': 'N',
'G': 'O',
'H': 'P',
'J': 'Q',
'K': 'R',
'L': 'S',
'Z': 'T',
'X': 'U',
'C': 'V',
'V': 'W',
'B': 'X',
'N': 'Y',
'M': 'Z',
}
result_text = ''
for i in range(0, len(text)):
if text[i] != ' ':
result_text = result_text + letter.get(text[i])
else:
result_text = result_text + ' '
self.Ui.Result_text.setText(str(result_text))
except Exception as e:
# print(e)
pass
#encrypt
def encrypt(self, encrypt_type):
try:
result_text = ''
# print(encrypt_type)
text = self.Ui.Source_text.toPlainText()
if text == '':
return 0
if encrypt_type == 'Rot13':
d = {
chr(i + c): chr((i + 13) % 26 + c)
for i in range(26) for c in (65, 97)
}
result_text = ''.join([d.get(c, c) for c in text])
if encrypt_type == '凯撒密码':
t = ""
for c in text:
if 'a' <= c <= 'z': # str是可以直接比较的
t += chr(ord('a') + ((ord(c) - ord('a')) + 3) % 26)
elif 'A' <= c <= 'Z':
t += chr(ord('A') + ((ord(c) - ord('A')) + 3) % 26)
else:
t += c
result_text = t
if encrypt_type == '栅栏密码':
self.WChild_zhalan = Ui_Form()
self.dialog = QtWidgets.QDialog(self)
self.WChild_zhalan.setupUi(self.dialog)
self.dialog.show()
self.WChild_zhalan.keyenter.clicked.connect(
self.zhalanEncrypto)
if encrypt_type == '培根密码':
CODE_TABLE = { # 培根字典
'aaaaa': 'a',
'aaaab': 'b',
'aaaba': 'c',
'aaabb': 'd',
'aabaa': 'e',
'aabab': 'f',
'aabba': 'g',
'aabbb': 'h',
'abaaa': 'i',
'abaab': 'j',
'ababa': 'k',
'ababb': 'l',
'abbaa': 'm',
'abbab': 'n',
'abbba': 'o',
'abbbb': 'p',
'baaaa': 'q',
'baaab': 'r',
'baaba': 's',
'baabb': 't',
'babaa': 'u',
'babab': 'v',
'babba': 'w',
'babbb': 'x',
'bbaaa': 'y',
'bbaab': 'z'
}
str = text.lower()
listStr = ''
for i in str:
if i in CODE_TABLE.values():
# 将键、值各化为一个列表,取出i在value的位置后根据下标找到对应的键
listStr += list(CODE_TABLE.keys())[list(
CODE_TABLE.values()).index(i)]
result_text = listStr.upper() # 大写输出
if encrypt_type == '摩斯密码':
CODE = {
'A': '.-',
'B': '-...',
'C': '-.-.',
'D': '-..',
'E': '.',
'F': '..-.',
'G': '--.',
'H': '....',
'I': '..',
'J': '.---',
'K': '-.-',
'L': '.-..',
'M': '--',
'N': '-.',
'O': '---',
'P': '.--.',
'Q': '--.-',
'R': '.-.',
'S': '...',
'T': '-',
'U': '..-',
'V': '...-',
'W': '.--',
'X': '-..-',
'Y': '-.--',
'Z': '--..',
'0': '-----',
'1': '.----',
'2': '..---',
'3': '...--',
'4': '....-',
'5': '.....',
'6': '-....',
'7': '--...',
'8': '---..',
'9': '----.',
'?': '..--..',
'/': '-..-.',
'()': '-.--.-',
'-': '-....-',
'.': '.-.-.-'
}
msg = ''
for char in text:
if char == ' ':
pass
else:
msg += (CODE[char.upper()] + ' ')
result_text = msg
if encrypt_type == '云影密码':
charList = [chr(i) for i in range(ord('A'), ord('Z') + 1)]
cipher = [i for i in text]
tmp = []
ret = []
for i in range(len(cipher)):
for j in range(len(charList)):
if charList[j] == cipher[i]:
tmp.append(j + 1)
for i in tmp:
res = ''
if i >= 8:
for j in range(0, int(i / 8)):
res += '8'
if i % 8 >= 4:
for j in range(0, int(i % 8 / 4)):
res += '4'
if i % 4 >= 2:
for j in range(0, int(i % 4 / 2)):
res += '2'
if i % 2 >= 1:
for j in range(0, int(i % 2 / 1)):
res += '1'
ret.append(res + '0')
result_text = ''.join(ret)[:-1]
# print(result_text)
if encrypt_type == '四方密码':
self.WChild = Ui_KEY()
self.dialog = QtWidgets.QDialog(self)
self.WChild.setupUi(self.dialog)
self.dialog.show()
self.WChild.enter.clicked.connect(self.sifang_encrypt)
if encrypt_type == '当铺密码':
try:
mapping_data = [[], [], [], [], [], [], [], [], [], []]
with open('dangpu.data', 'r', encoding='UTF-8') as f:
for line in f:
ss = line.strip('\n').split(' ')
mapping_data[int(ss[1]) - 1].append(ss[0])
except Exception as e:
QMessageBox.critical(self, 'Error', 'dangpu.data加载错误!')
result = []
for c in text:
c_list = mapping_data[int(c)]
c_index = random.randint(0, len(c_list) - 1)
result.append(c_list[c_index])
result_text = ''.join(result)
if encrypt_type == '维吉尼亚密码':
self.WChild = Ui_Form()
self.dialog = QtWidgets.QDialog(self)
self.WChild.setupUi(self.dialog)
self.dialog.show()
self.WChild.keyenter.clicked.connect(self.VigenereEncrypto)
if encrypt_type == '埃特巴什码':
str1 = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
str2 = "zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"
result_text = ""
for s in text:
if s != ' ':
result_text = result_text + str2[str1.index(s)]
else:
result_text = result_text + ' '
self.Ui.Result_text.setText(result_text)
except Exception as e:
# QMessageBox.critical(self,'Error',str(e))
print(str(e))
pass
def VigenereEncrypto(self):
self.dialog.close()
text = self.Ui.Source_text.toPlainText()
key = self.WChild.key.text()
ptLen = len(text)
keyLen = len(key)
quotient = ptLen // keyLen #商
remainder = ptLen % keyLen #余
out = ""
for i in range(0, quotient):
for j in range(0, keyLen):
c = int((ord(text[i * keyLen + j]) - ord('a') + ord(key[j]) -
ord('a')) % 26 + ord('a'))
#global output
out += chr(c)
for i in range(0, remainder):
c = int((ord(text[quotient * keyLen + i]) - ord('a') +
ord(key[i]) - ord('a')) % 26 + ord('a'))
#global output
out += chr(c)
self.Ui.Result_text.setText(out)
def sifang_encrypt(self):
self.dialog.close()
try:
text = self.Ui.Source_text.toPlainText()
key1 = self.WChild.Key1.text().upper()
key2 = self.WChild.Key2.text().upper()
matrix = "ABCDEFGHIJKLMNOPRSTUVWXYZ"
pla = "abcdefghijklmnoprstuvwxyz"
key1 = '[' + key1 + "]"
key2 = '[' + key2 + "]"
key1 = ''.join(collections.OrderedDict.fromkeys(key1))
key2 = ''.join(collections.OrderedDict.fromkeys(key2))
matrix1 = re.sub('[\[\]]', '', key1) + re.sub(key1, '', matrix)
matrix2 = re.sub('[\[\]]', '', key2) + re.sub(key2, '', matrix)
matrix_list1 = []
matrix_list2 = []
pla_list = []
for i in range(0, len(matrix1), 5):
matrix_list1.append(list(matrix1[i:i + 5]))
for i in range(0, len(matrix2), 5):
matrix_list2.append(list(matrix2[i:i + 5]))
for i in range(0, len(pla), 5):
pla_list.append(list(pla[i:i + 5]))
pla = text.replace(' ', '')
if len(pla) % 2 != 0:
pla += 'x'
cip = ""
for i in range(0, len(pla), 2):
data = pla[i:i + 2]
# 两个子母中第一个字母位置
first = self.find_index(data[0], pla_list)
# 两个子母中第二个字母位置
second = self.find_index(data[1], pla_list)
return_cip = ""
return_cip += matrix_list1[first[0]][second[1]]
return_cip += matrix_list2[second[0]][first[1]]
cip += return_cip
self.Ui.Result_text.setText(cip)
except Exception as e:
print(str(e))
pass
# 查询明文字母位置
def find_index(self, x, pla_list):
for i in range(len(pla_list)):
for j in range(len(pla_list[i])):
if pla_list[i][j] == x:
return i, j
def zhalanEncrypto(self):
self.dialog.close()
plain = self.Ui.Source_text.toPlainText()
n = int(self.WChild_zhalan.key.text())
ans = ''
for i in range(n):
for j in range(int(plain.__len__() / n + 0.5)):
try:
ans += plain[j * n + i]
except:
pass
self.Ui.Result_text.setText(ans)
#decrypt
def decrypt(self, decrypt_type):
try:
result_text = ''
# print(decrypt_type)
text = self.Ui.Source_text.toPlainText()
if text == '':
return 0
if decrypt_type == 'Rot13':
PAIRS = {
"a": "n",
"b": "o",
"c": "p",
"d": "q",
"e": "r",
"f": "s",
"g": "t",
"h": "u",
"i": "v",
"j": "w",
"k": "x",
"l": "y",
"m": "z",
"n": "a",
"o": "b",
"p": "c",
"q": "d",
"r": "e",
"s": "f",
"t": "g",
"u": "h",
"v": "i",
"w": "j",
"x": "k",
"y": "l",
"z": "m",
"A": "N",
"B": "O",
"C": "P",
"D": "Q",
"E": "R",
"F": "S",
"G": "T",
"H": "U",
"I": "V",
"J": "W",
"K": "X",
"L": "Y",
"M": "Z",
"N": "A",
"O": "B",
"P": "C",
"Q": "D",
"R": "E",
"S": "F",
"T": "G",
"U": "H",
"V": "I",
"W": "J",
"X": "K",
"Y": "L",
"Z": "M"
}
result_text = "".join(PAIRS.get(c, c) for c in text)
if decrypt_type == '凯撒密码':
t = ""
for c in text:
if 'a' <= c <= 'z': # str是可以直接比较的
t += chr(ord('a') + ((ord(c) - ord('a')) - 3) % 26)
elif 'A' <= c <= 'Z':
t += chr(ord('A') + ((ord(c) - ord('A')) - 3) % 26)
else:
t += c
result_text = t
if decrypt_type == '栅栏密码':
for n in range(2, text.__len__() - 1):
ans = ''
for i in range(n):
for j in range(int(text.__len__() / n + 0.5)):
try:
ans += text[j * n + i]
except:
pass
result_text += "分为%s栏,解密结果为:%s\n" % (n, ans)
if decrypt_type == '培根密码':
return_str = ''
dicts = {
'aabbb': 'H',
'aabba': 'G',
'baaab': 'R',
'baaaa': 'Q',
'bbaab': 'Z',
'bbaaa': 'Y',
'abbab': 'N',
'abbaa': 'M',
'babaa': 'U',
'babab': 'V',
'abaaa': 'I',
'abaab': 'J',
'aabab': 'F',
'aabaa': 'E',
'aaaaa': 'A',
'aaaab': 'B',
'baabb': 'T',
'baaba': 'S',
'aaaba': 'C',
'aaabb': 'D',
'abbbb': 'P',
'abbba': 'O',
'ababa': 'K',
'ababb': 'L',
'babba': 'W',
'babbb': 'X'
}
sums = len(text)
j = 5 ##每5个为一组
for i in range(int(sums / j)):
result = text[j * i:j * (i + 1)].lower()
return_str += str(dicts[result], )
result_text = return_str
if decrypt_type == '摩斯密码':
dict = {
'.-': 'A',
'-...': 'B',
'-.-.': 'C',
'-..': 'D',
'.': 'E',
'..-.': 'F',
'--.': 'G',
'....': 'H',
'..': 'I',
'.---': 'J',
'-.-': 'K',
'.-..': 'L',
'--': 'M',
'-.': 'N',
'---': 'O',
'.--.': 'P',
'--.-': 'Q',
'.-.': 'R',
'...': 'S',
'-': 'T',
'..-': 'U',
'...-': 'V',
'.--': 'W',
'-..-': 'X',
'-.--': 'Y',
'--..': 'Z',
'.----': '1',
'..---': '2',
'...--': '3',
'....-': '4',
'.....': '5',
'-....': '6',
'--...': '7',
'---..': '8',
'----.': '9',
'-----': '0',
'..--..': '?',
'-..-.': '/',
'-.--.-': '()',
'-....-': '-',
'.-.-.-': '.'
}
msg = ''
s = text.split(' ')
for item in s:
if item != '' and item != ' ':
msg += (dict[item])
result_text = msg
if decrypt_type == '移位密码':
inputStr = text
#
result = ''
for j in range(26):
result_list = []
for i, num in zip(inputStr, range(len(inputStr))):
#print(i)
if i.islower:
caseS1 = string.ascii_lowercase * 2
if i in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
caseS1 = string.ascii_uppercase * 2
status = caseS1.find(i)
if status != -1:
result_list.append(caseS1[status + j])
else:
result_list.append(inputStr[num])
text2 = ("".join(result_list), "向右偏移了{}位".format(j))
result += text2[0] + ' ' + text2[1] + '\n'
result_text = result
if decrypt_type == '云影密码':
charList = [chr(i) for i in range(ord('A'), ord('Z') + 1)]
ret = []
plaintext = [i for i in text.split('0')]
for i in plaintext:
tmp = 0
for j in range(len(i)):
tmp += int(i[j])
ret.append(charList[tmp - 1])
result_text = ''.join(ret)
if decrypt_type == '当铺密码':
try:
mapping_data = {}
with open('dangpu.data', 'r', encoding='UTF-8') as f:
for line in f:
ss = line.strip('\n').split(' ')
mapping_data[ss[0]] = int(ss[1])
except Exception as e:
QMessageBox.critical(self, 'Error', 'dangpu.data加载错误!')
result_text = ''.join(
map(lambda x: str(mapping_data[x] - 1), text))
if decrypt_type == '四方密码':
self.WChild = Ui_KEY()
self.dialog = QtWidgets.QDialog(self)
self.WChild.setupUi(self.dialog)
self.dialog.show()
self.WChild.enter.clicked.connect(self.sifang_decrypt)
if decrypt_type == '维吉尼亚密码':
self.WChild = Ui_Form()
self.dialog = QtWidgets.QDialog(self)
self.WChild.setupUi(self.dialog)
self.dialog.show()
self.WChild.keyenter.clicked.connect(self.VigenereDecrypto)
if decrypt_type == '埃特巴什码':
str1 = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
str2 = "zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA"
result_text = ""
for s in text:
if s != ' ':
result_text = result_text + str1[str2.index(s)]
else:
result_text = result_text + ' '
self.Ui.Result_text.setText(result_text)
except Exception as e:
# QMessageBox.critical(self,'Error',str(e))
pass
# print(str(e))
def VigenereDecrypto(self):
self.dialog.close()
letter_list = string.ascii_uppercase
letter_list2 = string.ascii_lowercase
message = self.Ui.Source_text.toPlainText()
key = self.WChild.key.text()
key_list = []
for i in key:
key_list.append(ord(i.upper()) - 65)
plaintext = ""
flag = 0
for cipher in message:
if flag % len(key_list) == 0:
flag = 0
if cipher.isalpha():
if cipher.isupper():
plaintext += letter_list[(ord(cipher) - 65 -
key_list[flag]) % 26]
flag += 1
if cipher.islower():
plaintext += letter_list2[(ord(cipher) - 97 -
key_list[flag]) % 26]
flag += 1
else:
plaintext += cipher
self.Ui.Result_text.setText(plaintext)
def sifang_decrypt(self):
self.dialog.close()
try:
# print(1)
text = self.Ui.Source_text.toPlainText()
key1 = self.WChild.Key1.text().upper()
key2 = self.WChild.Key2.text().upper()
matrix = "ABCDEFGHIJKLMNOPRSTUVWXYZ"
pla = "abcdefghijklmnoprstuvwxyz"
key1 = '[' + key1 + "]"
key2 = '[' + key2 + "]"
key1 = ''.join(collections.OrderedDict.fromkeys(key1))
key2 = ''.join(collections.OrderedDict.fromkeys(key2))
matrix1 = re.sub('[\[\]]', '', key1) + re.sub(key1, '', matrix)
matrix2 = re.sub('[\[\]]', '', key2) + re.sub(key2, '', matrix)
matrix_list1 = []
matrix_list2 = []
pla_list = []
# print(matrix1)
for i in range(0, len(matrix1), 5):
matrix_list1.append(list(matrix1[i:i + 5]))
for i in range(0, len(matrix2), 5):
matrix_list2.append(list(matrix2[i:i + 5]))
for i in range(0, len(pla), 5):
pla_list.append(list(pla[i:i + 5]))
cip = text.replace(' ', '')
result = ''
for i in range(0, len(cip), 2):
letter = cip[i:i + 2]
# 两个子母中第一个字母位置
first = self.find_index1(letter[0], matrix_list1)
# 两个子母中第二个字母位置
second = self.find_index2(letter[1], matrix_list2)
return_pla = ""
return_pla += pla_list[first[0]][second[1]]
return_pla += pla_list[second[0]][first[1]]
result += return_pla
self.Ui.Result_text.setText(result)
except Exception as e:
print(str(e))
pass
# 查询两个密文字母位置
def find_index1(self, x, matrix_list1):
for i in range(len(matrix_list1)):
for j in range(len(matrix_list1[i])):
if matrix_list1[i][j] == x:
return i, j
def find_index2(self, y, matrix_list2):
for k in range(len(matrix_list2)):
for l in range(len(matrix_list2[k])):
if matrix_list2[k][l] == y:
return k, l
#Binary
def Binary(self, Binary_type):
try:
result_text = ''
# print(Binary_type)
text = self.Ui.Source_text.toPlainText()
if text == '':
return 0
if Binary_type == '2->8':
result = int(text, 2)
result_text = str(oct(result))
if Binary_type == '2->10':
result = int(text, 2)
result_text = str(result)
if Binary_type == '2->16':
result_text = str(hex(int(text, 2)))
if Binary_type == '8->2':
result = int(text, 8)
result_text = str(bin(result))
if Binary_type == '8->10':
result = int(text, 8)
result_text = str(result)
if Binary_type == '8->16':
result = int(text, 8)
result_text = str(hex(result))
if Binary_type == '10->2':
s = int(text)
result_text = str(bin(s))
if Binary_type == '10->8':
s = int(text)
result_text = str(oct(s))
if Binary_type == '10->16':
s = int(text)
result_text = str(hex(s))
if Binary_type == '16->2':
result_text = str(bin(int(text, 16)))
if Binary_type == '16->8':
result = int(text, 16)
result_text = str(oct(result))
if Binary_type == '16->10':
result = int(text, 16)
result_text = str(result)
if Binary_type == '自定义':
self.Binary_dialog = Ui_Binary()
self.dialog = QtWidgets.QDialog(self)
self.Binary_dialog.setupUi(self.dialog)
self.dialog.show()
self.Binary_dialog.enter.clicked.connect(
self.Binary_conversion)
result_text = str(result_text).replace('0o', '').replace(
'0x', '').replace('0b', '')
self.Ui.Result_text.setText(result_text)
except Exception as e:
pass
def Binary_conversion(self):
try:
return_Data = ''
self.dialog.close()
if self.Binary_dialog.Source.text(
) != '' and self.Binary_dialog.result.text() != '':
text = self.Ui.Source_text.toPlainText()
# print(text)
from_ = int(self.Binary_dialog.Source.text())
to_ = int(self.Binary_dialog.result.text())
#from_进制转换为十进制
ten_num = sum(
[int(i) * from_**n for n, i in enumerate(text[::-1])])
# print(ten_num)
#十进制转换为to_进制
a = [
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 'A', 'b', 'C', 'D', 'E', 'F'
]
b = []
while True:
s = ten_num // to_ # 商
y = ten_num % to_ # 余数
b = b + [y]
if s == 0:
break
ten_num = s
b.reverse()
for i in b:
return_Data += str(a[i])
self.Ui.Result_text.setText(return_Data)
except Exception as e:
pass
def Copy_text(self, text):
try:
if text == 'Source':
data = self.Ui.Source_text.toPlainText()
if text == 'result':
data = self.Ui.Result_text.toPlainText()
# 访问剪切板,存入值
wincld.OpenClipboard()
wincld.EmptyClipboard()
wincld.SetClipboardData(win32con.CF_UNICODETEXT, data)
wincld.CloseClipboard()
except Exception as e:
pass
def tihuan(self, text):
try:
if text == 'Source':
data = self.Ui.Source_text.toPlainText()
source_text = self.Ui.Source_tihuan_source.text()
result_text = self.Ui.Source_tihuan_result.text()
text = self.Ui.Source_text.toPlainText()
text = text.replace(source_text, result_text)
self.Ui.Source_text.setText(str(text))
if text == 'result':
data = self.Ui.Result_text.toPlainText()
source_text = self.Ui.Result_tihuan_source.text()
result_text = self.Ui.Result_tihuan_result.text()
text = self.Ui.Result_text.toPlainText()
text = text.replace(source_text, result_text)
self.Ui.Result_text.setText(str(text))
except Exception as e:
pass
def paste(self, text):
try:
wincld.OpenClipboard()
data = wincld.GetClipboardData(win32con.CF_UNICODETEXT)
wincld.CloseClipboard()
if text == 'Source':
# print(text)
source_text = self.Ui.Source_text.toPlainText() #
data = source_text + data
self.Ui.Source_text.setText(data)
if text == 'result':
result_text = self.Ui.Result_text.toPlainText() #
data = result_text + data
self.Ui.Result_text.setText(data)
except Exception as e:
# print(str(e))
pass
# 关于
def about(self):
box = QtWidgets.QMessageBox()
box.setIcon(1)
box.about(self, "About", self.about_text)
#作者
def author(self):
box = QtWidgets.QMessageBox()
box.setIcon(1)
box.about(self, "Author", self.author_text)
class MainWindow(QMainWindow):
''' '''
screenwidth = 0
screenheight = 0
view_w = 0
view_h = 0
gane_started = False
def __init__(self, screenwidth, screenheight):
''' Get log in detail before using app '''
self.screenwidth = screenwidth
self.screenheight = screenheight
# Set up user interface from ui_main.py file
QMainWindow.__init__(self)
self.ui = Ui_MainWindow()
self.ui.setupUi(self)
self.ui.label_high_scores.hide()
self.setStyleSheet(
'background-image:url(Images/prestige-COD.jpg); background-position: tiled;'
)
#self.ui.actionNew.triggered.connect(self.new_game)
self.ui.actionQuit.triggered.connect(self.exit_app)
size = self.ui.graphicsView.size()
self.view_w = size.width()
self.view_h = size.height()
self.ui.graphicsView.setRenderHint(QPainter.Antialiasing)
self.ui.graphicsView.setHorizontalScrollBarPolicy(
Qt.ScrollBarAlwaysOff)
self.ui.graphicsView.setVerticalScrollBarPolicy(Qt.ScrollBarAlwaysOff)
bg = QPixmap('Images/bg1.jpg')
bg = bg.scaled(size.width(), size.height())
self.ui.graphicsView.setBackgroundBrush(QBrush(bg))
self.ui.graphicsView.setCacheMode(QGraphicsView.CacheBackground)
self.ui.graphicsView.setViewportUpdateMode(
QGraphicsView.BoundingRectViewportUpdate)
self.ui.graphicsView.hide()
self.show()
def keyPressEvent(self, event):
if event.key() == Qt.Key_N:
self.new_game()
if event.key() == Qt.Key_Q:
self.exit_app()
def new_game(self):
''' '''
self.ui.graphicsView.show()
self.ui.graphicsView.setFocus(True)
self.gane_started = True
# add scene after window is displayed to get graphics view size
self.scene = Scene(self.view_w, self.view_h, self.ui)
#self.scene.setSceneRect(0, 0, self.view_w, self.view_h)
self.ui.graphicsView.setScene(self.scene)
self.ui.graphicsView.show()
def exit_app(self):
qApp.quit()
sys.exit(0)
class MainWindows(QtWidgets.QMainWindow, Ui_MainWindow): # 主窗口
def __init__(self, parent=None):
super(MainWindows, self).__init__(parent)
# self.setWindowFlags(Qt.FramelessWindowHint | Qt.WindowStaysOnTopHint) #去掉标题栏
self.Ui = Ui_MainWindow()
self.Ui.setupUi(self)
self.setWindowIcon(QtGui.QIcon('main.ico'))
# self.setFixedSize(self.width(), self.height()) # 设置宽高不可变
# self.Ui.exit.clicked.connect(QtCore.QCoreApplication.instance().quit) #退出
self.poc_cms_name_dict = {}
self.exp_cms_name_dict = {}
# 漏洞扫描
self.Ui.pushButton_vuln_file.clicked.connect(
self.vuln_import_file) # 导入地址
self.Ui.pushButton_vuln_start.clicked.connect(self.vuln_Start) # 开始扫描
self.Ui.action_vuln_expstart.triggered.connect(self.vuln_exp) # 一键利用
self.Ui.pushButton_vuln_expstart.clicked.connect(self.vuln_exp) # 一键利用
self.Ui.pushButton_vuln_all.clicked.connect(self.vuln_all) # 全选
self.Ui.pushButton_vuln_noall.clicked.connect(self.vuln_noall) # 反选
#插件管理
self.Ui.action_vuln_reload.triggered.connect(
self.vuln_reload_Plugins) # 重新加载插件
self.Ui.action_vuln_showplubins.triggered.connect(
self.vuln_ShowPlugins) # 查看插件
#选项
self.Ui.action_about_start.triggered.connect(self.about) # 关于
self.Ui.action_update_start.triggered.connect(
self.version_update) # 更新
self.Ui.action_ideas_start.triggered.connect(self.ideas) # 意见反馈
#漏洞利用
self.Ui.vuln_exp_button_cmd.clicked.connect(
lambda: self.exp_send('cmd'))
self.Ui.vuln_exp_button_shell.clicked.connect(
lambda: self.exp_send('shell'))
self.Ui.vuln_type.activated[str].connect(self.change_exp_list)
self.Ui.vuln_name.activated[str].connect(self.change_exp_name_change)
# 漏洞扫描右键菜单
self.Ui.tableWidget_vuln.setContextMenuPolicy(
QtCore.Qt.CustomContextMenu)
self.Ui.tableWidget_vuln.customContextMenuRequested['QPoint'].connect(
self.createtableWidget_vulnMenu)
#初始化加载插件
self.loadplugins()
self.url_list = []
self.load_config()
# 设置漏洞扫描表格属性 列宽度
self.Ui.tableWidget_vuln.setColumnWidth(0, 200)
self.Ui.tableWidget_vuln.setColumnWidth(1, 200)
self.Ui.tableWidget_vuln.setColumnWidth(2, 300)
self.Ui.tableWidget_vuln.setColumnWidth(3, 80)
#选项
othersmenubar = self.menuBar() # 获取窗体的菜单栏
others = othersmenubar.addMenu("选项")
for i in ["关于", '更新', '意见反馈']:
sub_action = QAction(QIcon(''), i, self)
others.addAction(sub_action)
impMenu = QMenu("皮肤风格", self)
# print(type(config_setup))
for z in config_setup.options('QSS_List'):
sub_action = QAction(QIcon(''), z, self)
impMenu.addAction(sub_action)
#漏洞利用
for z in config_setup.options('Shell'):
self.Ui.comboBox_type.addItem(z)
others.addMenu(impMenu)
others.triggered[QAction].connect(self.show_others)
def load_config(self):
try:
global config_setup
# 实例化configParser对象
config_setup = configparser.ConfigParser()
# -read读取ini文件
config_setup.read('config.ini', encoding='utf-8')
if 'QSS_Setup' not in config_setup: # 如果分组type不存在则插入type分组
config_setup.add_section('QSS_Setup')
config_setup.set("QSS_Setup", "QSS", 'default.qss')
config_setup.write(open('config.ini', "r+",
encoding="utf-8")) # r+模式
qss_Setup = 'default.qss'
else:
qss_Setup = config_setup.get('QSS_Setup', 'QSS')
with open("QSS/" + qss_Setup, 'r', encoding='utf-8') as f:
qss_style = f.read()
f.close()
MainWindows.setStyleSheet(self, qss_style)
f.close()
except Exception as e:
QMessageBox.critical(self, 'Error', str(e))
pass
def createtableWidget_vulnMenu(self):
'''''
创建右键菜单
'''
# 必须将ContextMenuPolicy设置为Qt.CustomContextMenu
# 否则无法使用customContextMenuRequested信号
self.Ui.tableWidget_vuln.setContextMenuPolicy(
QtCore.Qt.CustomContextMenu)
self.Ui.tableWidget_vuln.customContextMenuRequested.connect(
self.showContextMenu)
# 创建QMenu
self.contextMenu = QtWidgets.QMenu(self)
self.daochu = self.contextMenu.addAction(u'导出')
self.second = self.contextMenu.addMenu(u'复制')
self.copy_url = self.second.addAction(u'URL')
self.copy_vuln_name = self.second.addAction(u'漏洞名称')
self.copy_path = self.second.addAction(u'脚本路径')
self.copy_payload = self.second.addAction(u'Payload')
self.copy_all = self.second.addAction(u'全部')
self.delete_textEdit = self.contextMenu.addAction(u'删除')
self.clear_textEdit = self.contextMenu.addAction(u'清空')
# 将动作与处理函数相关联
# 这里为了简单,将所有action与同一个处理函数相关联,
# 当然也可以将他们分别与不同函数关联,实现不同的功能
self.daochu.triggered.connect(self.vuln_export_file)
self.copy_url.triggered.connect(
lambda: self.Copy_tableWidget_vuln('url'))
self.copy_vuln_name.triggered.connect(
lambda: self.Copy_tableWidget_vuln('vuln_name'))
self.copy_path.triggered.connect(
lambda: self.Copy_tableWidget_vuln('vuln_path'))
self.copy_payload.triggered.connect(
lambda: self.Copy_tableWidget_vuln('payload'))
self.copy_all.triggered.connect(
lambda: self.Copy_tableWidget_vuln('all'))
self.clear_textEdit.triggered.connect(self.Clear_tableWidget_vuln)
self.delete_textEdit.triggered.connect(self.Delete_tableWidget_vuln)
# 右键点击时调用的函数,移动鼠标位置
def showContextMenu(self, pos):
# 菜单显示前,将它移动到鼠标点击的位置
self.contextMenu.move(QtGui.QCursor.pos())
self.contextMenu.show()
def Copy_tableWidget_vuln(self, type):
try:
data = ''
if type == 'url':
data = self.Ui.tableWidget_vuln.selectedItems()[0].text()
if type == 'vuln_name':
data = self.Ui.tableWidget_vuln.selectedItems()[1].text()
if type == 'vuln_path':
data = self.Ui.tableWidget_vuln.selectedItems()[2].text()
if type == 'payload':
data = self.Ui.tableWidget_vuln.selectedItems()[4].text()
if type == 'all':
# data = self.Ui.tableWidget_vuln.selectedItems()
for i in self.Ui.tableWidget_vuln.selectedItems():
data += str(i.text()) + ' '
# 访问剪切板,存入值
wincld.OpenClipboard()
wincld.EmptyClipboard()
wincld.SetClipboardData(win32con.CF_UNICODETEXT, data)
wincld.CloseClipboard()
except:
pass
def Clear_tableWidget_vuln(self):
for i in range(0, self.Ui.tableWidget_vuln.rowCount()): # 循环行
self.Ui.tableWidget_vuln.removeRow(0)
def Delete_tableWidget_vuln(self):
self.Ui.tableWidget_vuln.removeRow(
self.Ui.tableWidget_vuln.currentRow()) #删除选中的行
# 得到选中的方法
def get_methods(self):
all_data = []
item = QtWidgets.QTreeWidgetItemIterator(self.Ui.treeWidget_Plugins)
# 该类的value()即为QTreeWidgetItem
while item.value():
if not item.value().parent(): # 判断有没有父节点
pass
else: # 输出所有子节点
if item.value().checkState(0) == QtCore.Qt.Checked:
# print(item.value().text(0))
for cms in self.poc_cms_name_dict:
for poc in self.poc_cms_name_dict[cms]:
if poc['pocname'] == item.value().text(0):
poc['pocmethods'] = poc['pocfilename'].replace(
'.py', '')
all_data.append(poc)
item = item.__iadd__(1)
# print(all_data)
#返回所有选中的数据
return all_data
# 开始扫描
def vuln_Start(self):
threadnum = int(self.Ui.threadsnum.currentText())
self.Ui.textEdit_log.clear()
target = [] # 存放扫描的URL
if self.url_list:
target = self.url_list
else:
url = self.Ui.lineEdit_vuln_url.text()
if 'http://' in url or 'https://' in url:
target.append(url.strip())
if not target:
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:未获取到URL地址。</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
return 0
poc_data = self.get_methods() #得到选中的数据
# print(poc_data)
if not poc_data:
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:未选择插件。</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
return 0
else:
self.Ui.textEdit_log.append("[%s]Info:共加载%s个插件。" % ((time.strftime(
'%H:%M:%S', time.localtime(time.time()))), len(poc_data)))
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:共获取到%s个URL地址。</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), len(target)))
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:正在创建队列...</p>" %
((time.strftime('%H:%M:%S', time.localtime(time.time())))))
thread = threading.Thread(target=self.add_queue,
args=(target, poc_data, threadnum))
thread.setDaemon(True) # 设置为后台线程,这里默认是False,设置为True之后则主线程不用等待子线程
thread.start()
def add_queue(self, target, poc_data, threadnum):
# print(poc_data)
portQueue = queue.Queue() # 待检测端口队列,会在《Python常用操作》一文中更新用法
num = 0
if self.Ui.jump_url.checkState() != Qt.Checked:
num = len(target)
for u in target:
for xuanzhong_data in poc_data:
# print(poc_data)
filename = plugins_dir_name + '/' + xuanzhong_data[
'cmsname'] + '/' + xuanzhong_data['pocmethods'] + '.py'
poc_methods = plugins_dir_name + '/' + xuanzhong_data[
'cmsname'] + '/' + xuanzhong_data['pocmethods']
portQueue.put(u + '$$$' + filename + '$$$' + poc_methods +
'$$$' + xuanzhong_data['pocname'])
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:共请求%s个URL地址。</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), num))
if self.Ui.jump_url.checkState() == Qt.Checked:
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:正在进行地址存活检测...</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
false_url = []
for u in target:
headers = {
'content-type':
'application/json',
'User-Agent':
'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0'
}
try:
if u not in false_url:
time22 = int(self.Ui.comboBox_timeout.currentText())
dara = requests.get(u,
timeout=time22,
headers=headers,
verify=False)
else:
continue
except Exception as e:
false_url.append(u)
row = self.Ui.tableWidget_vuln.rowCount() # 获取行数
self.Ui.tableWidget_vuln.setRowCount(row + 1)
urlItem = QTableWidgetItem(u)
resultItem = QTableWidgetItem('无法访问')
self.Ui.tableWidget_vuln.setItem(row, 0, urlItem)
self.Ui.tableWidget_vuln.setItem(row, 3, resultItem)
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:%s----无法访问。</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), u))
continue
else:
for xuanzhong_data in poc_data:
# print(poc_data)
filename = plugins_dir_name + '/' + xuanzhong_data[
'cmsname'] + '/' + xuanzhong_data[
'pocmethods'] + '.py'
poc_methods = plugins_dir_name + '/' + xuanzhong_data[
'cmsname'] + '/' + xuanzhong_data['pocmethods']
portQueue.put(u + '$$$' + filename + '$$$' +
poc_methods + '$$$' +
xuanzhong_data['pocname'])
num += 1
# 限制线程数小于队列大小
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:共获取到%s个有效URL地址。</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), num))
if threadnum > portQueue.qsize():
threadnum = portQueue.qsize()
# print(portQueue.qsize())
if num == 0:
self.Ui.textEdit_log.append(
"[%s]End:扫描结束。" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
return
else:
self.Ui.textEdit_log.append(
"[%s]Start:扫描开始..." %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
self.Ui.action_vuln_import.setEnabled(False)
self.Ui.pushButton_vuln_file.setEnabled(False)
self.Ui.action_vuln_start.setEnabled(False)
self.Ui.pushButton_vuln_start.setEnabled(False)
for i in range(threadnum):
thread = threading.Thread(target=self.vuln_scan,
args=(portQueue, threadnum))
thread.setDaemon(
True) # 设置为后台线程,这里默认是False,设置为True之后则主线程不用等待子线程
thread.start()
# 调用脚本
def vuln_scan(self, portQueue, threadnum):
# print(portQueue.queue) #输出所有队列
while 1:
try:
if portQueue.empty(): # 队列空就结束
time.sleep(int(self.Ui.comboBox_timeout.currentText()))
self.Ui.pushButton_vuln_file.setEnabled(True)
self.Ui.pushButton_vuln_start.setEnabled(True)
return
else:
all = portQueue.get().split(
'$$$'
) # 从队列中取出 #0 url 1 filename 2 pocmethods 3 pocname
url = all[0]
filename = all[1]
poc_methods = all[2]
# nnnnnnnnnnnn1 = importlib.import_module(poc_methods)
eventlet.monkey_patch(thread=False)
#超时限制
try:
timeout = int(self.Ui.comboBox_timeout.currentText())
with eventlet.Timeout(timeout, True):
# print(timeout)
# time.sleep(6)
try:
nnnnnnnnnnnn1 = importlib.machinery.SourceFileLoader(
poc_methods, filename).load_module()
nnnnnnnnnnnn1.run(self, url, all)
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:%s脚本执行错误!<br>[Exception]:<br>%s</p>"
% ((time.strftime(
'%H:%M:%S', time.localtime(
time.time()))), filename, e))
continue
except:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:%s----%s----%s。</p>"
% ((time.strftime(
'%H:%M:%S', time.localtime(
time.time()))), url, all[3], '脚本运行超时'))
self.Ui.pushButton_vuln_file.setEnabled(True)
self.Ui.pushButton_vuln_start.setEnabled(True)
pass
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:%s脚本执行错误!<br>[Exception]:<br>%s</p>"
% ((time.strftime('%H:%M:%S', time.localtime(
time.time()))), filename, e))
pass
# 初始化加载插件
def loadplugins(self):
if not os.path.isfile(DB_NAME):
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "数据文件不存在,正在重新加载数据库!")
self.vuln_reload_Plugins()
return 0
#加载漏洞扫描模块
try:
# 列出所有数据
sql_poc = "SELECT cmsname,pocname,pocfilename from POC where pocfilename !=''"
poc_dict = self.sql_search(sql_poc, 'dict')
# print(self.poc_dict)
sql_exp = "SELECT cmsname,pocname,pocfilename,expdescription from POC where expfilename !=''"
exp_dict = self.sql_search(sql_exp, 'dict')
# print(values)
except Exception as e:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "数据文件错误:\n%s" % e)
return 0
# 将查询的值组合为字典包含列表的形式
self.poc_cms_name_dict = {}
for cms in poc_dict:
self.poc_cms_name_dict[cms['cmsname']] = []
# print(cms_name)
for cms in poc_dict:
# print(cms['cmsname'] )
# if cms['cmsname'] in cms_name.keys():
poc_cms_sing = {}
poc_cms_sing['cmsname'] = cms['cmsname']
poc_cms_sing['pocname'] = cms['pocname']
poc_cms_sing['pocfilename'] = cms['pocfilename']
self.poc_cms_name_dict[cms['cmsname']].append(poc_cms_sing)
for cms in self.poc_cms_name_dict:
# 设置root为self.treeWidget_Plugins的子树,故root是根节点
root = QTreeWidgetItem(self.Ui.treeWidget_Plugins)
root.setText(0, cms) # 设置根节点的名称
root.setCheckState(0, Qt.Unchecked) # 开启复选框
# print(cms_name[cms])
for cms_single in self.poc_cms_name_dict[cms]:
# 为root节点设置子结点
child1 = QTreeWidgetItem(root)
child1.setText(0, cms_single['pocname'])
child1.setCheckState(0, Qt.Unchecked)
self.Ui.treeWidget_Plugins.itemChanged.connect(self.handleChanged)
self.Ui.treeWidget_Plugins.doubleClicked.connect(
self.Show_Plugins_info)
self.Ui.textEdit_log.append(
"<p style=\"color:green\">[%s]Success:插件加载完成,共%s个。</p>" %
(time.strftime('%H:%M:%S', time.localtime(
time.time())), len(poc_dict)))
#加载exp
# print(self.exp_dict)
# 将查询的值组合为字典包含列表的形式
self.exp_cms_name_dict = {}
for cms in exp_dict:
self.exp_cms_name_dict[cms['cmsname']] = []
# print(exp_cms_name_dict)
for exp_cms in exp_dict:
# print(cms['cmsname'] )
# if cms['cmsname'] in cms_name.keys():
exp_cms_sing = {}
exp_cms_sing['cmsname'] = exp_cms['cmsname']
exp_cms_sing['pocname'] = exp_cms['pocname']
exp_cms_sing['pocfilename'] = exp_cms['pocfilename']
exp_cms_sing['expdescription'] = exp_cms['expdescription']
self.exp_cms_name_dict[exp_cms['cmsname']].append(exp_cms_sing)
# print(exp_cms_name_dict)
self.Ui.vuln_name.clear()
self.Ui.vuln_type.clear()
for cms in self.exp_cms_name_dict:
self.Ui.vuln_type.addItem(cms)
for exp_methods in list(self.exp_cms_name_dict.values())[0]:
# print(exp_methods)
self.Ui.vuln_name.addItem(exp_methods['pocname'])
self.Ui.vuln_exp_textEdit_info.setText(
exp_methods['expdescription'])
def Show_Plugins_info(self):
poc_name = self.Ui.treeWidget_Plugins.currentItem().text(0)
# 列出所有数据
sql = "SELECT * from POC where pocname='%s'" % poc_name
values = self.sql_search(sql)
# print(values)
try:
self.dialog.close()
except:
pass
if len(values) != 0:
self.WChild_info = Ui_Plugins_information()
self.dialog = QtWidgets.QDialog(self)
self.WChild_info.setupUi(self.dialog)
self.dialog.show()
# print(values)
self.WChild_info.vuln_name.setText(values[0][4])
self.WChild_info.cms_name.setText(values[0][1])
self.WChild_info.poc_file_path.setText("Plugins/" + values[0][1] +
'/' + values[0][2])
if values[0][3] == '':
self.WChild_info.exp_file_path.setText("暂无EXP")
else:
self.WChild_info.exp_file_path.setText("Plugins/" +
values[0][1] + '/' +
values[0][3])
self.WChild_info.vuln_url.setText('<a href="' + values[0][5] +
'">' + values[0][5] + '</a>')
self.WChild_info.vuln_miaoshu.setText(values[0][6])
return 0
else:
return
# 父节点关联子节点
def handleChanged(self, item, column):
count = item.childCount()
# print dir(item)
if item.checkState(column) == Qt.Checked:
# print "checked", item, item.text(column)
for f in range(count):
item.child(f).setCheckState(0, Qt.Checked)
if item.checkState(column) == Qt.Unchecked:
# print "unchecked", item, item.text(column)
for f in range(count):
item.child(f).setCheckState(0, Qt.Unchecked)
# self.Ui.treeWidget_Plugins.setSelectionMode(QAbstractItemView.ExtendedSelection) # 设置item可以多选
# self.tree.itemChanged.connect(self.handleChanged)
# self.Ui.treeWidget_Plugins.addTopLevelItem(root)
# 导入文件列表
def vuln_import_file(self):
self.url_list = []
filename = self.file_open(r"Text Files (*.txt);;All files(*.*)")
try:
if os.path.isfile(filename):
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:正在从文件中读取URL...</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
f = open(filename, 'r', encoding='utf-8')
for line in f.readlines():
if 'http' in line:
line = line.replace('\n', '').strip()
self.url_list.append(line)
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:读取完成,共加载%s条。</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), len(self.url_list)))
self.Ui.lineEdit_vuln_url.setText(filename)
except:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:文件打开失败!</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
pass
# 导出扫描结果
def vuln_export_file(self):
data = []
comdata = []
for i in range(0, self.Ui.tableWidget_vuln.rowCount()): # 循环行
for j in range(0, self.Ui.tableWidget_vuln.columnCount()): # 循环列
if self.Ui.tableWidget_vuln.item(i, j) != None: # 有数据
data.append(self.Ui.tableWidget_vuln.item(
i, j).text()) # 空格分隔
comdata.append(list(data))
data = []
if len(comdata) > 0:
path = (time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) +
'.csv').replace(' ', '-').replace('-',
'').replace(':', '')
# print(path)
file_name = self.file_save(path)
if file_name != "":
with open(file_name, 'w', newline='') as f:
writer = csv.writer(f)
for row in comdata:
writer.writerow(row)
f.close()
box = QtWidgets.QMessageBox()
box.information(self, "Success", "导出成功!\n文件位置:" + file_name)
else:
# box2= QtWidgets.QMessageBox()
# box2.warning(self, "Error", "保存失败!文件名错误!" )
pass
else:
self.Ui.textEdit_log.append(
"[%s]Faile:没有扫描结果!" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
# 显示插件
def vuln_ShowPlugins(self):
self.widget = Ui_Form()
self.dialog = QtWidgets.QDialog(self)
self.widget.setupUi(self.dialog)
self.dialog.setFixedSize(self.dialog.width(),
self.dialog.height()) # 设置宽高不可变
# 设置查看插件表格属性 列宽度
self.widget.show_Plugins.setColumnWidth(0, 120)
self.widget.show_Plugins.setColumnWidth(1, 200)
self.widget.show_Plugins.setColumnWidth(2, 320)
self.widget.show_Plugins.setColumnWidth(3, 360)
self.widget.show_Plugins.setColumnWidth(4, 218)
self.widget.show_Plugins.setColumnWidth(5, 218)
sql = "SELECT * from POC"
values = self.sql_search(sql)
i = 0
self.widget.show_Plugins.setRowCount(len(values))
sql2 = "SELECT distinct cmsname from POC"
cms_name_data = self.sql_search(sql2)
# 添加查询列表
for cms_name in cms_name_data:
self.widget.show_Plugins_comboBox.addItem(cms_name[0])
# print(cms_name[0])
for single in values:
# print(single)
cms_name = QTableWidgetItem(str(single[1]))
poc_file_name = QTableWidgetItem(str(single[2]))
exp_file_name = QTableWidgetItem(str(single[3]))
poc_name = QTableWidgetItem(str(single[4]))
poc_referer = QTableWidgetItem(str(single[5]))
poc_descr = QTableWidgetItem(str(single[6]))
self.widget.show_Plugins.setItem(i, 0, cms_name)
self.widget.show_Plugins.setItem(i, 1, poc_name)
self.widget.show_Plugins.setItem(i, 2, poc_referer)
self.widget.show_Plugins.setItem(i, 3, poc_descr)
self.widget.show_Plugins.setItem(i, 4, poc_file_name)
self.widget.show_Plugins.setItem(i, 5, exp_file_name)
i = i + 1
self.dialog.show()
self.widget.show_Plugins_comboBox.currentIndexChanged.connect(
self.show_plugins_go) # comboBox事件选中触发刷新
# 单击列表刷新显示控件
def show_plugins_go(self):
self.widget.show_Plugins.clearContents()
cms_name = self.widget.show_Plugins_comboBox.currentText() # 获取文本
if cms_name == "ALL":
sql = "SELECT * from POC "
else:
sql = "SELECT * from POC where cmsname = '%s'" % cms_name
cms_data = self.sql_search(sql)
i = 0
self.widget.show_Plugins.setRowCount(len(cms_data))
for single in cms_data:
cms_name = QTableWidgetItem(str(single[1]))
poc_file_name = QTableWidgetItem(str(single[2]))
exp_file_name = QTableWidgetItem(str(single[3]))
poc_name = QTableWidgetItem(str(single[4]))
poc_referer = QTableWidgetItem(str(single[5]))
poc_descr = QTableWidgetItem(str(single[6]))
self.widget.show_Plugins.setItem(i, 0, cms_name)
self.widget.show_Plugins.setItem(i, 1, poc_name)
self.widget.show_Plugins.setItem(i, 2, poc_referer)
self.widget.show_Plugins.setItem(i, 3, poc_descr)
self.widget.show_Plugins.setItem(i, 4, poc_file_name)
self.widget.show_Plugins.setItem(i, 5, exp_file_name)
i = i + 1
# 重新加载插件
def vuln_reload_Plugins(self):
self.Ui.treeWidget_Plugins.clear()
self.Ui.textEdit_log.setText(
"[%s]Start:正在重新加载插件..." %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
# 删除数据库,重新建立
if os.path.isfile(DB_NAME):
try:
os.remove(DB_NAME)
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:数据库文件删除失败!<br>[Exception]:<br>%s</p>"
% ((time.strftime('%H:%M:%S', time.localtime(
time.time()))), e))
return 0
self.Ui.textEdit_log.append(
"<p style=\"color:green\">[%s]Success:删除数据库完成!</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
else:
self.Ui.textEdit_log.append(
"<p style=\"color:black\">[%s]Info:数据库文件不存在,尝试创建数据库!</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
try:
# 连接数据库。如果数据库不存在的话,将会自动创建一个 数据库
conn = sqlite3.connect(DB_NAME)
# 创建一个游标 curson
cursor = conn.cursor()
# 执行一条语句,创建 user表 如不存在创建
sql = "create table IF NOT EXISTS POC (id integer primary key autoincrement , cmsname varchar(30),pocfilename varchar(50),expfilename varchar(50),pocname varchar(30),pocreferer varchar(50),pocdescription varchar(200),expdescription varchar(9000))"
cursor.execute(sql)
self.Ui.textEdit_log.append(
"<p style=\"color:green\">[%s]Success:创建数据库完成!</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:数据框创建失败!<br>[Exception]:<br>%s</p>"
% (time.strftime('%H:%M:%S', time.localtime(time.time())), e))
return 0
try:
plugins_path = "Plugins"
plugins_path = plugins_path.replace("\\", "/")
for cms_name in os.listdir(plugins_path): # 遍历目录名
cms_path = os.path.join(plugins_path,
cms_name).replace("\\", "/")
for poc_file_dir, poc_dirs_list, poc_file_name_list in os.walk(
cms_path): # 遍历poc文件,得到方法名称
# print(path,dirs,poc_methos_list)
# print(poc_file_name_list)
for poc_file_name in poc_file_name_list:
poc_name_path = poc_file_dir + "\\" + poc_file_name
poc_name_path = poc_name_path.replace("\\", "/")
# 判断是py文件在打开 文件存在
if os.path.isfile(
poc_name_path) and poc_file_name.endswith(
'.py') and poc_file_name[-7:] == '_poc.py':
# print(poc_name_path)
try:
nnnnnnnnnnnn1 = importlib.machinery.SourceFileLoader(
poc_name_path[:-3],
poc_name_path).load_module()
vuln_info = nnnnnnnnnnnn1.vuln_info()
# 将数据插入到表中
cursor.execute(
'insert into POC (cmsname, pocname,pocfilename,expfilename,pocreferer,pocdescription,expdescription) values ("%s","%s","%s","%s","%s","%s","%s")'
% (cms_name, vuln_info['name'],
poc_file_name, '', vuln_info['referer'],
vuln_info['description'], ''))
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:%s脚本执行错误!<br>[Exception]:<br>%s</p>"
% ((time.strftime(
'%H:%M:%S', time.localtime(
time.time()))), poc_file_name, e))
continue
conn.commit() # 提交
for poc_file_name in poc_file_name_list:
poc_name_path = poc_file_dir + "\\" + poc_file_name
poc_name_path = poc_name_path.replace("\\", "/")
if os.path.isfile(
poc_name_path) and poc_file_name.endswith(
'.py') and poc_file_name[-7:] == '_exp.py':
try:
nnnnnnnnnnnn1 = importlib.machinery.SourceFileLoader(
poc_name_path[:-3],
poc_name_path).load_module()
exp_info = nnnnnnnnnnnn1.vuln_info()
# print(exp_info)
# 将数据插入到表中
sql = "select * from POC where pocname='%s'" % (
exp_info['name'])
# print(sql)
# 判断是否已有poc 有则修改 无则添加
exp_result = self.sql_search(sql)
if exp_result:
cursor.execute(
"UPDATE POC SET expfilename='%s' ,expdescription='%s' where pocname='%s'"
% (poc_file_name,
exp_info['description'],
exp_info['name']))
else:
cursor.execute(
'insert into POC (cmsname, pocname,pocfilename,expfilename,pocreferer,pocdescription,expdescription) values ("%s","%s","%s","%s","%s","%s","%s")'
% (cms_name, exp_info['name'], '',
poc_file_name, exp_info['referer'],
'', exp_info['description']))
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:%s脚本执行错误!<br>[Exception]:<br>%s</p>"
% ((time.strftime(
'%H:%M:%S', time.localtime(
time.time()))), poc_file_name, e))
continue
else:
pass
conn.commit() # 提交
# print(result)
cursor.execute("select count(*) from POC where pocfilename !=''")
poc_num = cursor.fetchall()
cursor.execute(
"select count(expfilename) from POC where expfilename !=''")
exp_num = cursor.fetchall()
conn.close()
self.Ui.textEdit_log.append(
"<p style=\"color:green\">[%s]Success:共写入%s个POC</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), poc_num[0][0]))
self.Ui.textEdit_log.append(
"<p style=\"color:green\">[%s]Success:共写入%s个EXP</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), exp_num[0][0]))
self.loadplugins() # 调用加载插件
box = QtWidgets.QMessageBox()
box.information(
self, "Load Plugins",
"数据更新完成!\nPOC数量:%s\nEXP数量:%s" % (poc_num[0][0], exp_num[0][0]))
# reboot = sys.executable
# os.execl(reboot, reboot, *sys.argv)
except Exception as e:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:数据写入失败!\n[Exception]:\n%s</p>"
%
((time.strftime('%H:%M:%S', time.localtime(time.time()))), e))
return 0
def show_others(self, q):
if q.text() == "关于":
self.about()
return
if q.text() == "更新":
self.version_update()
return
if q.text() == "意见反馈":
self.ideas()
return
else:
try:
filename = config_setup.get('QSS_List', q.text())
# print(filename)
config_setup.set("QSS_Setup", "QSS", filename)
config_setup.write(open('config.ini', "r+",
encoding="utf-8")) # r+模式
with open('QSS/' + filename, 'r', encoding='utf-8') as f:
qss_style = f.read()
f.close()
MainWindows.setStyleSheet(self, qss_style)
# python = sys.executable
# os.execl(python, python, *sys.argv)
except Exception as e:
QMessageBox.critical(self, 'Error', str(e))
pass
def vuln_exp(self):
if self.Ui.tableWidget_vuln.selectedItems():
url = self.Ui.tableWidget_vuln.selectedItems()[0].text()
poc_name = self.Ui.tableWidget_vuln.selectedItems()[1].text()
sql = "select * from POC where pocname='%s'" % (poc_name)
exp_data = self.sql_search(sql, 'dict')
#print(exp_data)
if len(exp_data):
# 根据文本查找索引设置选中
cms_index = self.Ui.vuln_type.findText(
exp_data[0]['cmsname'], QtCore.Qt.MatchFixedString)
if cms_index >= 0:
# print(2)
self.Ui.vuln_type.setCurrentIndex(cms_index)
self.change_exp_list(exp_data[0]['cmsname'])
exp_index = self.Ui.vuln_name.findText(
exp_data[0]['pocname'], QtCore.Qt.MatchFixedString)
if cms_index >= 0:
self.Ui.vuln_name.setCurrentIndex(exp_index)
else:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "该漏洞暂时没有利用工具!")
else:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "该漏洞暂时没有利用工具!")
self.Ui.tabWidget.setCurrentIndex(1)
self.Ui.vuln_lineEdit_url.setText(url)
else:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "该漏洞暂时没有利用工具!")
else:
self.Ui.textEdit_log.append(
"<p style=\"color:red\">[%s]Error:请选择一个结果!</p>" %
(time.strftime('%H:%M:%S', time.localtime(time.time()))))
def exp_send(self, exp_type):
url = self.Ui.vuln_lineEdit_url.text()
if not url:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "目标地址不能为空!")
return
cms_name = self.Ui.vuln_type.currentText()
exp_name = self.Ui.vuln_name.currentText()
exp_file_name = self.sql_search(
"select expfilename from POC where pocname='%s' and cmsname='%s'" %
(exp_name, cms_name))
# print(exp_file_name)
exp_path = plugins_dir_name + '/' + cms_name + '/' + exp_file_name[0][0]
cookie = self.Ui.vuln_lineEdit_cookie.text()
heads = self.Ui.plainTextEdit_heads.toPlainText()
heads_dict = {}
heads = heads.split('\n')
for head in heads:
head = head.split(':')
heads_dict[head[0].strip()] = head[1].strip()
if exp_type == 'cmd':
cmd = self.Ui.vuln_exp_input_cmd.text()
self.Ui.vuln_exp_textEdit_log.append("[%s]命令执行:%s" % (
(time.strftime('%H:%M:%S', time.localtime(time.time()))), cmd))
try:
nnnnnnnnnnnn1 = importlib.machinery.SourceFileLoader(
exp_path[:-3], exp_path).load_module()
nnnnnnnnnnnn1.run(self, url, heads_dict, cookie, cmd)
except Exception as e:
self.Ui.textEdit_result.append(
"[%s]Error:%s脚本执行错误!\n[Exception]:\n%s" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), exp_path, e))
return
if exp_type == 'shell':
ip = self.Ui.vuln_exp_input_ip.text()
port = self.Ui.vuln_exp_input_port.text()
shelltype = self.Ui.comboBox_type.currentText()
shellcmd = config_setup.get('Shell', shelltype)
shellcmd = shellcmd.replace('127.0.0.1', ip).replace('8888', port)
if not re.match(
r"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",
ip):
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "请输入合法的IP地址!")
return
try:
if port == '' or int(port) not in range(1, 65535):
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "请输入合法的端口!")
return
except:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "请输入合法的端口!")
return
try:
self.Ui.vuln_exp_textEdit_log.append(
"[%s]反弹Shell:%s:%s %s" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), ip, port, shelltype))
nnnnnnnnnnnn1 = importlib.machinery.SourceFileLoader(
exp_path[:-3], exp_path).load_module()
nnnnnnnnnnnn1.run(self, url, heads_dict, cookie, shellcmd, ip,
int(port))
except Exception as e:
self.Ui.textEdit_result.append(
"[%s]Error:%s脚本执行错误!\n[Exception]:\n%s" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), exp_path, e))
return
# 关于
def about(self):
box = QtWidgets.QMessageBox()
box.setIcon(1)
box.about(
self, "About",
"\t\t\tAbout\n 此程序为一款CMS扫描利用工具,可自行选择插件进行漏洞检查或利用,请勿非法使用!\n\t\t\t Powered by qianxiao996"
)
# 更新
def version_update(self):
webbrowser.open(
"https://github.com/qianxiao996/FrameScan-GUI/releases")
# 意见反馈
def ideas(self):
box = QtWidgets.QMessageBox()
box.setIcon(1)
box.about(self, "意见反馈",
"作者邮箱:[email protected]\n作者主页:http://blog.qianxiao996.cn")
# 全选
def vuln_all(self):
item = QtWidgets.QTreeWidgetItemIterator(self.Ui.treeWidget_Plugins)
# 该类的value()即为QTreeWidgetItem
while item.value():
if item.value().checkState(0) != QtCore.Qt.Checked:
item.value().setCheckState(0, Qt.Checked)
item = item.__iadd__(1)
# 反选
def vuln_noall(self):
item = QtWidgets.QTreeWidgetItemIterator(self.Ui.treeWidget_Plugins)
# 该类的value()即为QTreeWidgetItem
while item.value():
if item.value().checkState(0) == QtCore.Qt.Checked:
item.value().setCheckState(0, Qt.Unchecked)
item = item.__iadd__(1)
# 文件打开对话框
def file_open(self, type):
fileName, selectedFilter = QFileDialog.getOpenFileName(
self, (r"上传文件"), '', type)
return (fileName) # 返回文件路径
# 保存文件对话框
def file_save(self, filename):
fileName, filetype = QFileDialog.getSaveFileName(
self, (r"保存文件"), (filename), r"All files(*.*)")
return fileName
def vuln_scanner_log(self,
type,
text='',
payload='',
all=['', '', '', ''],
color='black'):
# print(type,text)
if type == "Debug" and self.Ui.vuln_scanner_debug.checkState(
) == Qt.Checked:
self.Ui.textEdit_log.append(
"<p style=\"color:blue\">[%s]Debug:%s。</p>" %
(time.strftime('%H:%M:%S'), text))
if type == 'result':
url = all[0]
filename = all[1]
pocmethods = all[2]
poc_name = all[3]
self.Ui.textEdit_log.append(
"<p style=\"color:green\">[%s]Result:%s----%s----%s。</p>" %
((time.strftime('%H:%M:%S', time.localtime(
time.time()))), url, poc_name, text))
if text != '不存在' and text != '':
row = self.Ui.tableWidget_vuln.rowCount() # 获取行数
self.Ui.tableWidget_vuln.setRowCount(row + 1)
urlItem = QTableWidgetItem(url)
nameItem = QTableWidgetItem(poc_name)
payloadItem = QTableWidgetItem(payload)
resultItem = QTableWidgetItem(text)
filenameItem = QTableWidgetItem(filename)
self.Ui.tableWidget_vuln.setItem(row, 0, urlItem)
self.Ui.tableWidget_vuln.setItem(row, 1, nameItem)
self.Ui.tableWidget_vuln.setItem(row, 3, resultItem)
self.Ui.tableWidget_vuln.setItem(row, 2, filenameItem)
self.Ui.tableWidget_vuln.setItem(row, 4, payloadItem)
if type != "Debug" and type != 'result':
self.Ui.textEdit_log.append(
"<p style=\"color:%s\">[%s]%s:%s。</p>" %
(color, time.strftime('%H:%M:%S'), type, text))
def vuln_exp_log(self, type, text='', color='black'):
if type == 'result':
self.Ui.textEdit_result.setText(text)
self.Ui.vuln_exp_textEdit_log.append(
"[%s]执行结果:%s" % (time.strftime('%H:%M:%S'), text))
else:
self.Ui.vuln_exp_textEdit_log.append(
"<p style=\"color:%s\">[%s]%s:%s。</p>" %
(color, time.strftime('%H:%M:%S'), type, text))
def sql_search(self, sql, type='list'):
if type == 'dict':
conn = sqlite3.connect(DB_NAME)
conn.row_factory = self.dict_factory
else:
conn = sqlite3.connect(DB_NAME)
# 创建一个游标 curson
cursor = conn.cursor()
# self.Ui.textEdit_log.append("[%s]Info:正在查询数据..."%(time.strftime('%H:%M:%S', time.localtime(time.time()))))
# 列出所有数据
cursor.execute(sql)
values = cursor.fetchall()
return values
#sql查询返回字典
def dict_factory(self, cursor, row):
d = {}
for idx, col in enumerate(cursor.description):
d[col[0]] = row[idx]
return d
def change_exp_list(self, exp_cms_name):
self.Ui.vuln_name.clear()
for exp_methods in self.exp_cms_name_dict[exp_cms_name]:
# print(exp_methods)
self.Ui.vuln_name.addItem(exp_methods['pocname'])
self.change_exp_name_change()
# print(exp_cms_name)
#vuln_name 改变调用函数
def change_exp_name_change(self):
self.Ui.exp_tabWidget.setCurrentIndex(0)
vuln_name_text = self.Ui.vuln_name.currentText()
sql = "select expdescription from POC where pocname='%s'" % vuln_name_text
expdescription = self.sql_search(sql)
# print(expdescription[0][0])
# pass
if expdescription:
self.Ui.vuln_exp_textEdit_info.setText(expdescription[0][0])
else:
box = QtWidgets.QMessageBox()
box.warning(self, "提示", "该EXP暂无描述信息!")