def __init__(self):
self.download = htmlDownLoader()
self.parser = htmlParser()
self.urlManage = urlManeger()
self.save = saveDatas()
self.v9 = v9_news()
self.v9_data = v9_news_data()
def crawl(scheme, host, main_url, form, headers, delay, timeout):
if form: #这个form是一个表单,应该是从返回页面中提取出来的表单集合
for each in form.values():
url = each['action']
url = main_url
if url:
# if url.startswith(main_url):
# pass
# elif url.startswith('//') and url[2:].startswith(host):
# url=scheme+'://'+url[2:]
# elif url.startswith('/'):
# url=scheme+'://'+host+url
if url not in config.globalVariables['checkedForms']:
config.globalVariables['checkedForms'][url] = []
method = each['method']
GET = True if method == 'get' else False
inputs = each['inputs'] #一个form表单中的input标签的集合
Scan_area.insert(END, inputs)
paramData = {}
for one in inputs:
paramData[one['name']] = one['value']
for paramName in paramData.keys():
if paramName not in config.globalVariables[
'checkedForms'][url]:
config.globalVariables['checkedForms'][url].append(
paramName)
paramsCopy = copy.deepcopy(paramData)
paramsCopy[paramName] = xsschecker
response = requester(url, paramsCopy, headers, GET,
delay, timeout) #发送GET请求
#Scan_area.insert(END,response.text)
occurences = htmlParser(
response, False) #返回的是html网页中输出点的上下文信息
positions = occurences.keys() #注入点位置
#模糊测试,判断xss漏洞的 匹配度??
efficiences = filterChecker(
url, paramsCopy, headers, GET, delay,
occurences, timeout, False)
vectors = generator(occurences,
response.text) #生成攻击向量??
#存储攻击向量的数据结构
payloads = []
if vectors:
for confidence, vects in vectors.items():
try:
payload = list(vects)[0]
s = "this is payload area"
#Scan_area.insert(END,s)
Scan_area.insert(END, payload)
Scan_area.insert(END, '\n')
payloads.append(payload)
break
except IndexError:
pass
def scan(target, paramData, encoding, headers, delay, timeout, path, jsonData):
GET, POST = (False, True) if paramData else (True, False)
#如果用户输入的入口主URL不是以http/https开头,会进行处理
if not target.startswith('http'):
try:
response = requester('https://' + target, {}, headers, GET, delay,
timeout)
target = 'https://' + target
except:
target = 'http://' + target
response = requester(target, {}, headers, GET, delay, timeout, jsonData,
path).text #得到入口target的response
host = urlparse(target).netloc #将host提取出来
url = getUrl(target, GET)
params = getParams(target, paramData, GET, jsonData,
path) #将target中的参数提取出来
# if find:
# params=get_forms(url,GET,headers,delay,timeout)
for paraName in params.keys():
paramsCopy = copy.deepcopy(params)
if encoding:
paramsCopy[paramName] = encoding(xsschecker)
else:
paramsCopy[parasName] = xsschecker
response = requester(url, paramsCopy, headers, GET, delay, timeout,
jsonData, path)
occurences = htmlParser(response, encoding) #获得输出点得上下文环境
positions = occurences.keys()
if not occurences:
print('No reflection found')
continue
else:
print('Reflections found:%i' % len(occurences))
#filterChecker函数检查每个输出位置是否过滤了> < " ' //这些特殊符号
efficiencies = filterCheccker(url, paramsCopy, headers, GET, delay,
occurences, timeout,
encoding) #对过滤字符的打分列表
vectors = generator(occurences, response.text) #生成payload
total = 0
for v in vectors.values():
total += len(v) #总共生成了多少条payload
if total == 0:
print('No vectors were crafted.')
continue
progress = 0
for confidence, vects in vectors.items():
for vect in vects:
if config.globalVariables['path']:
vect = vect.replace('/', '%2F') #如果用户设置在url路径中插入payload
loggerVector = vect
progress += 1
if not GET:
vect = unquote(vect)
efficiencies = checker(url, paramData, headers, GET, delay,
vect, positions, timeout, encoding)
if not efficiencies:
for i in range(len(occurences)):
efficiencies.append(0)
bestEfficiency = max(efficiencies)
if bestEfficiency == 100 or (vect[0] == '||'
and bestEfficiency >= 95):
print("Payload:%s" % loggerVector)
print("Efficiency:%s Confidence:%s" %
(bestEfficiency, confidence))
elif bestEfficiency > minEfficiency:
print("Payload:%s" % loggerVector)
print("Efficiency:%s Confidence:%s" %
(bestEfficiency, confidence))
def guiresults(self):
global q_String
q_String = StringVar()
graph = Graph()
html_parse = htmlParser()
def showGraph():
raws = StringVar()
raws = self.result_label.get(1.0, END)
graph.plot_word(raws)
def showPos():
raws = StringVar()
raws = self.result_label.get(1.0, END)
graph.plot_pos(raws)
def clearBtn1():
self.searchEntry1.delete(0,END)
self.searchEntry1.focus_set()
return
start_time = time.time()
self.masters = Tk()
self.masters.geometry("1100x700+100+10")
self.masters.title("WIReS - Web Information Retrieval System")
self.masters.configure(background='white')
self.masters.resizable(width=FALSE, height=FALSE)
self.searchEntry1 = Entry(self.masters, width='50', relief='groove', borderwidth='5', font=('Calibri',15))
self.searchButton = Button(self.masters, text="SEARCH!", width='25')
self.clearButton1 = Button(self.masters, text="CLEAR FIELD", width='25',command = clearBtn1)
self.labelss = Label(self.masters, text="SEARCH RESULTS:", bg ='#008080', fg='white', font=('arial',10))
self.timeLabel = Label(self.masters, text="SEARCH COMPLETED AT ", font=('arial',8))
self.resultframe = LabelFrame(self.masters,text="PAGE RESULT",height=520, width=990,relief = "groove", bg ="white")
self.resultframe1 = LabelFrame(self.masters,height=540, width=990,relief = "groove", bg ="white")
self.result_label = ScrolledText(self.resultframe,width = 120, height = 32,bg = 'white', undo = True)
self.graphButton = Button(self.masters, text="WORD OCCURENCE(GRAPH)", width='25',command = showGraph)
self.posButton = Button(self.masters, text="PART OF SPEECH(GRAPH)", width='25', command = showPos)
#URL
self.labelres1 = Label(self.resultframe1, text = title_url[0][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres1= Label(self.resultframe1, text = title_url[0][1], fg="blue", cursor="hand2", bg="white")
self.labelres2 = Label(self.resultframe1, text = title_url[1][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres2 = Label(self.resultframe1, text = title_url[1][1], fg="blue", cursor="hand2", bg="white")
self.labelres3 = Label(self.resultframe1, text = title_url[2][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres3 = Label(self.resultframe1, text = title_url[2][1], fg="blue", cursor="hand2", bg="white")
self.labelres4 = Label(self.resultframe1, text = title_url[3][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres4 = Label(self.resultframe1, text = title_url[3][1], fg="blue", cursor="hand2", bg="white")
self.labelres5 = Label(self.resultframe1, text = title_url[4][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres5 = Label(self.resultframe1, text = title_url[4][1], fg="blue", cursor="hand2", bg="white")
self.labelres6 = Label(self.resultframe1, text = title_url[5][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres6 = Label(self.resultframe1, text = title_url[5][1], fg="blue", cursor="hand2", bg="white")
self.labelres7 = Label(self.resultframe1, text = title_url[6][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres7 = Label(self.resultframe1, text = title_url[6][1], fg="blue", cursor="hand2", bg="white")
self.labelres8 = Label(self.resultframe1, text = title_url[7][0], font=('arial 13 bold'), bg="white", cursor="hand2")
self.linkres8 = Label(self.resultframe1, text = title_url[7][1], fg="blue", cursor="hand2", bg="white")
#gui2 loc
self.resultframe1.place(x=15,y=80)
self.searchEntry1.place(x=15,y=15)
self.searchButton.place(x=550,y=18)
self.labelss.place(x=15,y=60)
self.timeLabel.place(x=15,y=630)
self.labelres1.place(x=1,y=30)
self.linkres1.place(x=5,y=60)
self.labelres2.place(x=1,y=90)
self.linkres2.place(x=5,y=120)
self.labelres3.place(x=1,y=150)
self.linkres3.place(x=5,y=180)
self.labelres4.place(x=1,y=210)
self.linkres4.place(x=5,y=240)
self.labelres5.place(x=1,y=270)
self.linkres5.place(x=5,y=300)
self.labelres6.place(x=1,y=330)
self.linkres6.place(x=5,y=360)
self.labelres7.place(x=1,y=390)
self.linkres7.place(x=5,y=420)
self.labelres8.place(x=1,y=450)
self.linkres8.place(x=5,y=480)
self.clearButton1.place(x=800,y=18)
self.searchEntry1.insert(END,query)
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (xTime), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
def graphloc():
self.graphButton.place(x = 550, y=50)
self.posButton.place(x = 800, y=50)
#eventfunc
def callback1(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[0][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback2(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[1][1]))
self.resultframe1.destroy()
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback3(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[2][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback4(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[3][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback5(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[4][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback6(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[5][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback7(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[6][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def callback8(event):
start_time = time.time()
raw = html_parse.clean_html(html_parse.url_opener(title_url[7][1]))
self.resultframe1.destroy()
self.resultframe.place(x=15,y=80)
self.result_label.place(x = 1, y = 1)
self.result_label.insert(END,raw)
self.result_label.configure(state = 'disabled')
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
graphloc()
def searchAction(event):
try:
global query
global mTime
mTime = StringVar(None)
query = StringVar(None)
search_ = Search()
query = self.searchEntry1.get()
if query not in (None, '', ' '):
start_time = time.time()
global title_url
title_url = [None]
raw = search_.fetch_url(query)
title_url = search_.process_url(raw)
self.masters.withdraw()
mTime = (time.time() - start_time)
self.guiresults()
self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (mTime), font=('arial',8))
self.timeLabelres.place(x=150,y=630)
else:
tkMessageBox.showinfo('Info', 'You must put a keyword')
except Exception as e:
tkMessageBox.showinfo('Info', 'No Internet Connection Try Again Later')
exit()
#eventlink
self.searchButton.bind("<Button-1>",searchAction)
self.searchEntry1.bind("<Return>",searchAction)
self.linkres1.bind("<Button-1>", callback1)
self.linkres2.bind("<Button-1>", callback2)
self.linkres3.bind("<Button-1>", callback3)
self.linkres4.bind("<Button-1>", callback4)
self.linkres5.bind("<Button-1>", callback5)
self.linkres6.bind("<Button-1>", callback6)
self.linkres7.bind("<Button-1>", callback7)
self.linkres8.bind("<Button-1>", callback8)
self.labelres1.bind("<Button-1>", callback1)
self.labelres2.bind("<Button-1>", callback2)
self.labelres3.bind("<Button-1>", callback3)
self.labelres4.bind("<Button-1>", callback4)
self.labelres5.bind("<Button-1>", callback5)
self.labelres6.bind("<Button-1>", callback6)
self.labelres7.bind("<Button-1>", callback7)
self.labelres8.bind("<Button-1>", callback8)
self.searchEntry1.insert(END,'')