def check_vulns(url, _):
"""Check vulns"""
from functools import partial
from concurrent.futures import ThreadPoolExecutor
urlen = len(url) + 1
for file, allow_html in FUZZ_FILES:
process(tim(), 'Fuzz', file)
with open(file) as f:
progress = Progress(sum(1 for _ in f))
f.seek(0)
ff = ('%s%s' % (url, ln.rstrip()) for ln in f)
check = partial(check_path, allow_html)
with ThreadPoolExecutor() as ex:
for r, rurl, cl in ex.map(check, ff):
path = rurl[urlen:]
if r:
print(end='\r')
found(tim(), '(%s)' % cl, path)
progress(path)
def check_bigfuzz(self):
'''Fuzz paths to find misconfigs'''
from concurrent.futures import ThreadPoolExecutor
from random import randrange
from lib.progress import Progress
# First, try to check if random path exists.
# If it is, we potentially cant find misconfigs,
# coz it is SPA
random_path = ''.join(
chr(randrange(ord('a'),
ord('z') + 1)) for _ in range(8))
ok, path, *_ = self._check_path(f'/{random_path}')
if ok:
info(path, 'possible SPA')
return False
paths = (self.DIR / 'data/fuzz_large.txt', )
status = False
for p in paths:
with p.open() as f:
progress = Progress(sum(1 for _ in f))
f.seek(0)
with ThreadPoolExecutor() as ex:
r = ex.map(self._check_path, f.read().splitlines())
for res, path, code, c_len in r:
if res:
print(end='\r')
found(f'[{code}] {path} ({c_len} B)')
status = True
progress(path)
return status
def decrypt_dir(target_path: Path, should_remove: bool, buffer_size: int):
password = get_password(DECRYPT_MODE)
print('\nDecrypting...\n')
ff = list_files(target_path,
DECRYPT_MODE) # List of files in the directory
if len(ff) == 0:
raise Exception(str(target_path) + ' is empty')
target_size = calc_total_size(ff)
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
progress = Progress()
progress.set_total_size(target_size)
for f in ff:
_, _ = lib.decryptor.decrypt(password, f, buffer_size)
if should_remove:
os.remove(f)
def pipeline(fd_in: BinaryIO, op1: Callable[[bytes], bytes],
op2: Callable[[bytes], bytes], fd_out: BinaryIO):
progress = Progress.get_instance()
for chunk in iter(partial(fd_in.read, buffer_size), b''):
progress.update(len(chunk))
chunk = op1(chunk)
chunk = op2(chunk)
fd_out.write(chunk)
progress.print()
def __init__(self, password, f_in_path):
self.__progress = Progress.get_instance()
self.__fd_in = open(f_in_path, 'rb')
meta = self.__read_meta()
key, _ = derive_key(password, meta['salt'])
self.__decryptor = self.__aes_decryptor(key, meta['iv'])
self.__f_out_ext = self.__decrypt_ext(meta['c_ext'])
self.__f_out_path = replace_file_ext(f_in_path, self.__f_out_ext)
def decrypt_file(target_path: Path, should_remove: bool, buffer_size: int):
if file_ext(target_path) != 'kpk':
raise Exception('can not decrypt ' + str(target_path))
target_size = os.stat(target_path).st_size
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
password = get_password(DECRYPT_MODE)
print('\nDecrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
f_out_path, f_out_ext = lib.decryptor.decrypt(password, target_path,
buffer_size)
if f_out_ext == TEMP_ZIP_EXT:
unzip_dir(f_out_path)
os.remove(f_out_path)
if should_remove:
os.remove(target_path)
def encrypt_file(target_path: Path, should_remove: bool, buffer_size: int):
if file_ext(target_path) == 'kpk':
raise Exception('can not encrypt ' + str(target_path))
f_out_name = replace_file_ext(target_path, 'kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(str(f_out_name) + ' already exists')
target_size = os.stat(target_path).st_size
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
password = get_password(ENCRYPT_MODE)
print('\nEncrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
key, salt = derive_key(password, None)
lib.encryptor.encrypt(key, salt, target_path, buffer_size)
if should_remove:
os.remove(target_path)
def _read_header(f_in_path: Path) -> Dict[str, bytes]:
header = b''
header_len = 48
with open(f_in_path, 'rb') as fd_in:
header = fd_in.read(header_len)
progress = Progress.get_instance()
progress.update(header_len)
return {
'iv': header[0:16],
'salt': header[16:32],
'cipher_ext': header[32:64]
}
def zip_dir_then_encrypt(target_path: Path, should_remove: bool,
buffer_size: int):
f_out_name = str(target_path) + '.kpk'
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name + ' already exists')
password = get_password(ENCRYPT_MODE)
print('\nZipping...')
zp = zip_dir(target_path) # Creates a temporary zip file
target_size = os.stat(zp).st_size
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
print('\nEncrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
key, salt = derive_key(password, None)
lib.encryptor.encrypt(key, salt, zp, buffer_size)
os.remove(zp)
if should_remove:
shutil.rmtree(target_path)
def encrypt_dir(target_path: Path, should_remove: bool, buffer_size: int):
password = get_password(ENCRYPT_MODE)
print('\nLooking for files in the directory...')
ff = list_files(target_path,
ENCRYPT_MODE) # List of files in the directory
if len(ff) == 0:
raise Exception(str(target_path) + ' is empty')
target_size = calc_total_size(ff)
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
print('\nEncrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
key, salt = derive_key(password, None)
for f in ff:
f_out_name = replace_file_ext(f, 'kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(str(f_out_name) + ' already exists')
lib.encryptor.encrypt(key, salt, f, buffer_size)
if should_remove:
os.remove(f)
def __init__(self, key, salt, f_in_path):
self.__f_in_path = f_in_path
iv = urandom(16) # Generate random iv per file
self.__encryptor = self.__aes_encryptor(key, iv)
meta = {'iv': None, 'salt': None, 'c_ext': None}
meta['salt'] = salt
meta['iv'] = iv
ext = file_ext(f_in_path)
meta['c_ext'] = self.__encrypt_ext(ext)
self.__fd_out = open(replace_file_ext(f_in_path, 'kpk'), 'wb')
self.__write_meta(meta)
self.__progress = Progress.get_instance()
def check_subdomains(self):
'''Fuzz paths to find misconfigs'''
from concurrent.futures import ThreadPoolExecutor
from lib.progress import Progress
paths = (self.DIR / 'data/fuzz_subdomain.txt', )
status = False
for p in paths:
with p.open() as f:
progress = Progress(sum(1 for _ in f))
f.seek(0)
with ThreadPoolExecutor() as ex:
r = ex.map(self._check_subdomain, f.read().splitlines())
for _, sd, code, c_len in r:
if code // 100 == 2:
print(end='\r')
found(f'[{code}] {sd} ({c_len} B)')
status = True
progress(sd)
return status
def __init__(self):
self.buffer_size = BUFFER_SIZE * 1024 * 1024
self.path = Path('')
self.progress = Progress(True)
self.progress.set_print_fn(self.js_show_progress)
class App():
def __init__(self):
self.buffer_size = BUFFER_SIZE * 1024 * 1024
self.path = Path('')
self.progress = Progress(True)
self.progress.set_print_fn(self.js_show_progress)
def open_file_dialog(self):
result = window.create_file_dialog()
self.path = Path(result[0])
return result[0]
def open_folder_dialog(self):
result = window.create_file_dialog(webview.FOLDER_DIALOG)
self.path = Path(result[0])
return result[0]
def js_enable_form(self):
window.evaluate_js(fr"enableForm()")
def js_reset_encrypt_form(self):
window.evaluate_js(fr"resetForm('form-encrypt')")
def js_reset_decrypt_form(self):
window.evaluate_js(fr"resetForm('form-decrypt')")
def js_log_msg(self, msg):
window.evaluate_js(fr"logMsg('{msg}')")
def js_log_error(self, err):
window.evaluate_js(fr"logError('{err}')")
def js_show_progress(self, percentage):
window.evaluate_js(fr"showProgress({percentage})")
def js_clear_logs(self):
window.evaluate_js(fr"clearLogs()")
def validate_entries(self, password):
if self.path == Path(''):
raise Exception('no file/folder chosen')
if not os.path.exists(self.path):
raise Exception('can not find ' + self.path.name)
if password == '' or len(password) < 3 or len(password) > 1024:
raise Exception('password should be at least 3 characters')
def encrypt_file(self, password, should_remove):
try:
self.validate_entries(password)
if file_ext(self.path) == 'kpk':
raise Exception('can not encrypt ' + self.path.name)
f_out_name = replace_file_ext(self.path, 'kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name.name + ' already exists')
target_size = os.stat(self.path).st_size
if target_size == 0:
raise Exception(self.path.name + ' is empty')
self.progress.set_total_size(target_size)
self.js_log_msg('Encrypting...')
key, salt = derive_key(password, None)
lib.encryptor.encrypt(key, salt, self.path, self.buffer_size)
if should_remove:
os.remove(self.path)
self.path = Path('')
self.js_reset_encrypt_form()
self.js_log_msg('Done')
except Exception as err:
self.js_clear_logs()
self.js_log_error(err.args[0])
finally:
self.progress.reset()
self.js_enable_form()
def zip_folder_then_encrypt(self, password, should_remove):
try:
self.validate_entries(password)
f_out_name = Path(str(self.path) + '.kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name.name + ' already exists')
self.js_log_msg('Zipping...')
zp = zip_dir(self.path) # Creates a temporary zip file
target_size = os.stat(zp).st_size
if target_size == 0:
raise Exception(self.path.name + ' is empty')
self.progress.set_total_size(target_size)
self.js_log_msg('Encrypting...')
key, salt = derive_key(password, None)
lib.encryptor.encrypt(key, salt, zp, self.buffer_size)
os.remove(zp)
if should_remove:
shutil.rmtree(self.path)
self.path = Path('')
self.js_reset_encrypt_form()
self.js_log_msg('Done')
except Exception as err:
self.js_clear_logs()
self.js_log_error(err.args[0])
finally:
self.progress.reset()
self.js_enable_form()
def encrypt_folder(self, password, should_remove):
try:
self.validate_entries(password)
self.js_log_msg('Looking for files in the directory...')
ff = list_files(self.path,
ENCRYPT_MODE) # List of files in the directory
if len(ff) == 0:
raise Exception(self.path.name + ' is empty')
target_size = calc_total_size(ff)
if target_size == 0:
raise Exception(self.path.name + ' is empty')
self.progress.set_total_size(target_size)
self.js_log_msg('Encrypting...')
key, salt = derive_key(password, None)
for f in ff:
f_out_name = replace_file_ext(f, 'kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name.name + ' already exists')
lib.encryptor.encrypt(key, salt, f, self.buffer_size)
if should_remove:
os.remove(f)
self.path = Path('')
self.js_reset_encrypt_form()
self.js_log_msg('Done')
except Exception as err:
self.js_clear_logs()
self.js_log_error(err.args[0])
finally:
self.progress.reset()
self.js_enable_form()
def decrypt_file(self, password, should_remove):
try:
self.validate_entries(password)
if file_ext(self.path) != 'kpk':
raise Exception('can not decrypt ' + self.path.name)
target_size = os.stat(self.path).st_size
if target_size == 0:
raise Exception(self.path.name + ' is empty')
self.progress.set_total_size(target_size)
self.js_log_msg('Decrypting...')
f_out_path, f_out_ext = lib.decryptor.decrypt(
password, self.path, self.buffer_size)
if f_out_ext == TEMP_ZIP_EXT:
unzip_dir(f_out_path)
os.remove(f_out_path)
if should_remove:
os.remove(self.path)
self.path = Path('')
self.js_reset_decrypt_form()
self.js_log_msg('Done')
except Exception as err:
self.js_clear_logs()
self.js_log_error(err.args[0])
finally:
self.progress.reset()
self.js_enable_form()
def decrypt_folder(self, password, should_remove):
try:
self.validate_entries(password)
self.js_log_msg('Decrypting...')
ff = list_files(self.path,
DECRYPT_MODE) # List of files in the directory
if len(ff) == 0:
raise Exception(self.path.name + ' is empty')
target_size = calc_total_size(ff)
if target_size == 0:
raise Exception(self.path.name + ' is empty')
self.progress.set_total_size(target_size)
for f in ff:
_, _ = lib.decryptor.decrypt(password, f, self.buffer_size)
if should_remove:
os.remove(f)
self.path = Path('')
self.js_reset_decrypt_form()
self.js_log_msg('Done')
except Exception as err:
self.js_clear_logs()
self.js_log_error(err.args[0])
finally:
self.progress.reset()
self.js_enable_form()
def execute(argv):
if len(argv) == 2 or argv[2] == '-h' or argv[2] == '--help':
print_help_encrypt()
return
should_remove = True if has_remove_flag(argv[2:]) else False
should_zip = True if has_zip_flag(argv[2:]) else False
target_path = get_path(argv[2:])
if target_path == None:
raise Exception('PATH is not specified')
if not os.path.exists(target_path):
raise Exception('can not find ' + str(target_path))
if os.path.isfile(target_path):
if file_ext(target_path) == 'kpk':
raise Exception('can not encrypt ' + str(target_path))
f_out_name = replace_file_ext(target_path, 'kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name + ' already exists')
target_size = os.stat(target_path).st_size
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
password = get_password(ENCRYPT_MODE)
print('\nEncrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
key, salt = derive_key(password, None)
encryptor = FileEncryptor(key, salt, target_path)
encryptor.encrypt()
if should_remove:
os.remove(target_path)
print('\r' + 20 * ' ' + '\r[■■■■■■■■■■] 100%\n'
) # TODO: This is a hack, should be fixed in lib/progress.py
return
if should_zip and os.path.isdir(target_path):
f_out_name = str(target_path) + '.kpk'
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name + ' already exists')
password = get_password(ENCRYPT_MODE)
print('\nZipping...')
zp = zip_dir(target_path) # Creates a temporary zip file
target_size = os.stat(zp).st_size
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
print('\nEncrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
key, salt = derive_key(password, None)
encryptor = FileEncryptor(key, salt, zp)
encryptor.encrypt()
os.remove(zp)
if should_remove:
shutil.rmtree(target_path)
return
if os.path.isdir(target_path):
password = get_password(ENCRYPT_MODE)
print('\nLooking for files in the directory...')
ff = list_files(target_path,
ENCRYPT_MODE) # List of files in the directory
if len(ff) == 0:
raise Exception(str(target_path) + ' is empty')
target_size = calc_total_size(ff)
if target_size == 0:
raise Exception(str(target_path) + ' is empty')
print('\nEncrypting...\n')
progress = Progress()
progress.set_total_size(target_size)
key, salt = derive_key(password, None)
for f in ff:
f_out_name = replace_file_ext(f, 'kpk')
if os.path.exists(f_out_name): # Overwrite error
raise Exception(f_out_name + ' already exists')
encryptor = FileEncryptor(key, salt, f)
encryptor.encrypt()
if should_remove:
os.remove(f)
print('\r' + 20 * ' ' + '\r[■■■■■■■■■■] 100%\n'
) # TODO: This is a hack, should be fixed in lib/progress.py