def display(self):
key = self.index[self.cursor] # show record at index cursor
self.keytext.set(key) # change key in main box
record = self.table[key] # in dict, dbm, shelf, class
if self.sameKeys(record):
self.currform.title('PyForm - Key=' + repr(key))
for (field, text) in self.currslots:
text.set(repr(record[field])) # same fields? reuse form
else: # repr(x) works like 2.X `x`
if self.currform:
self.currform.destroy() # different fields?
new = Toplevel() # replace current box
new.title('PyForm - Key=' + repr(key)) # new resizable window
new.iconname('pform')
left = frame(new, LEFT)
right = frame(new, RIGHT)
self.currslots = [] # list of (field, entry)
for field in record.keys():
label(left, TOP, repr(field)) # key,value to strings
text = StringVar() # we could sort keys here
text.set(repr(record[field]))
entry(right, TOP, text, width=40)
self.currslots.append((field, text))
self.currform = new
new.protocol('WM_DELETE_WINDOW', lambda: 0) # ignore destroy's
self.selectlist() # update listbox
def makeWidgets(self):
widgets.label(self,
TOP,
text='Hellow maker world!',
width=40,
height=10,
relief=SUNKEN,
cursor='pencil',
bg='white')
def makeWidgets(self, *args):
label(self, TOP, 'PyCalc Plus - Subclass')
CalcGui.makeWidgets(self, *args)
frm = frame(self, BOTTOM)
extras = [('sqrt', 'sqrt(%s)'),
('x^2 ', '(%s)**2'),
('x^3 ', '(%s)**3'),
('1/x ', '1.0/(%s)')]
for (lab, expr) in extras:
button(frm, LEFT, lab, (lambda expr=expr: self.onExtra(expr)))
button(frm, LEFT, ' pi ', self.onPi)
def onMakeCmdline(self):
new = Toplevel() # new top-level window
new.title('PyCalc command line') # arbitrary Python code
frm = frame(new, TOP) # only the Entry expands
label(frm, LEFT, '>>>').pack(expand=NO)
var = StringVar()
ent = entry(frm, LEFT, var, width=40)
onButton = (lambda: self.onCmdline(var, ent))
onReturn = (lambda event: self.onCmdline(var, ent))
button(frm, RIGHT, 'Run', onButton).pack(expand=NO)
ent.bind('<Return>', onReturn)
var.set(self.text.get())
def __init__(self, **args):
Toplevel.__init__(self)
label(self, TOP, 'PyCalc Plus - Container')
self.calc = CalcGui(self, **args)
frm = frame(self, BOTTOM)
extras = [('sqrt', 'sqrt(%s)'),
('x^2 ', '(%s)**2'),
('x^3 ', '(%s)**3'),
('1/x ', '1.0/(%s)')]
for (lab, expr) in extras:
button(frm, LEFT, lab, (lambda expr=expr: self.onExtra(expr)))
button(frm, LEFT, ' pi ', self.onPi)
def _build_page1_setting_detection(self, m):
f = Frame.new('探测选项')
_boxes = [Box() for _ in range(9)]
m._detection_area_level_ckbtn.connect('clicked', self.cb_single,
m._inject_area_param_ckbtn)
_boxes[0].pack_start(m._detection_area_level_ckbtn, False, True, 5)
_boxes[0].pack_start(m._detection_area_level_scale, True, True, 5)
_boxes[1].pack_start(m._detection_area_risk_ckbtn, False, True, 5)
_boxes[1].pack_start(m._detection_area_risk_scale, True, True, 10)
_boxes[2].pack_start(m._detection_area_str_ckbtn, False, True, 5)
_boxes[2].pack_end(m._detection_area_str_entry, True, True, 5)
_boxes[3].pack_start(m._detection_area_not_str_ckbtn, False, True, 5)
_boxes[3].pack_end(m._detection_area_not_str_entry, True, True, 5)
_boxes[4].pack_start(m._detection_area_re_ckbtn, False, True, 5)
_boxes[4].pack_end(m._detection_area_re_entry, True, True, 5)
_boxes[5].pack_start(m._detection_area_code_ckbtn, False, True, 5)
_boxes[5].pack_start(m._detection_area_code_entry, False, True, 5)
m._detection_area_text_only_ckbtn.connect(
'clicked', self.cb_single, m._optimize_area_null_connect_ckbtn)
m._detection_area_text_only_ckbtn.connect(
'clicked', self.cb_single, m._detection_area_titles_ckbtn)
m._detection_area_titles_ckbtn.connect(
'clicked', self.cb_single, m._detection_area_text_only_ckbtn)
_boxes[6].pack_start(m._detection_area_text_only_ckbtn, False, True, 5)
_boxes[6].pack_start(m._detection_area_titles_ckbtn, True, False, 5)
_boxes[6].pack_start(m._detection_area_smart_ckbtn, False, True, 5)
_boxes[7].pack_start(g.Separator.new(HORIZONTAL), True, True, 5)
_boxes[8].set_spacing(6)
_level_note = label(label='Level 1(默认): 所有GET, POST参数\n'
'Level 2 追加: Cookie\n'
'Level 3 追加: User-Agent/Referer\n'
'Level 4 追加: 啥?\n'
'Level 5 追加: Host报头',
halign=g.Align.START)
_risk_note = label(label='Risk 1(默认): 基本无风险\n'
'Risk 2 追加: 大量时间型盲注\n'
'Risk 3 追加: OR型布尔盲注',
halign=g.Align.START)
# _risk_note.override_background_color(g.StateFlags.NORMAL, d.RGBA(255, 0, 0, 1))
_boxes[8].pack_start(_level_note, True, True, 5)
_boxes[8].pack_start(_risk_note, True, True, 5)
_detection_area_opts = Box(orientation=VERTICAL, spacing=3)
for _ in _boxes:
_detection_area_opts.add(_)
f.add(_detection_area_opts)
return f
def makeWidgets(self):
'''
make 'middle' part last, so menu/toolbar
is always on top/bottom and clipped last;
for grid: grid middle part in a packed frame
'''
widgets.label(self,
TOP,
self.__class__.__name__,
width=40,
height=10,
relief=SUNKEN,
bg='white',
cursor='crosshair')
def doUI(self): self.label_status = label(self,[0,0],[self.status_length,self.line_height],"","Status of the connection to LabRAD") self.setStatus(self.default_status) self.label_host = label(self, [0,self.line_height*1],[self.label_length,self.line_height],"host", "Host IP for LabRAD connection") self.label_password = label(self, [0,self.line_height*2],[self.label_length,self.line_height],"Password","Password for LabRAD connection") self.input_host = stringInput(self, [self.label_length,self.line_height*1],[self.input_length,self.line_height],self.default_host, "Enter host", "Host IP for LabRAD connection") self.input_password = stringInput(self, [self.label_length,self.line_height*2],[self.input_length,self.line_height],self.default_password,"Enter LabRAD Password","Password for LabRAD connection") self.button_connect = simpleButton(self,[self.label_length+self.input_length,self.line_height*1],[self.button_length,self.line_height],"connect",self.connect,"Attempt to connect to LabRAD") self.button_reset = simpleButton(self,[self.label_length+self.input_length,self.line_height*2],[self.button_length,self.line_height],"reset", self.reset ,"Reset IP & Host inputs to default values.\nNote: Does not terminate LabRAD connection if one has been made.") self.label_console = label(self,[0,self.line_height*3],[self.status_length,self.line_height],"","This box will print the result of an attempted LabRAD connection.") self.setFixedSize(max([self.status_length,self.button_length+self.label_length+self.input_length]),self.line_height*4) self.move(self.position[0],self.position[1])
def build_page1_file_os_access(self, m):
_f = Frame.new(m._('Access to the OS behind the DBMS'))
_boxes = [Box() for _ in range(3)]
_boxes[0].pack_start(m._os_access_area_os_cmd_ckbtn, False, True, 5)
_boxes[0].pack_start(m._os_access_area_os_cmd_entry, True, True, 5)
_for_msf_label = label(label = m._('with Meterpreter(TCP connect):'),
margin_start = 50)
_boxes[1].pack_start(m._os_access_area_os_shell_ckbtn, False, True, 5)
_boxes[1].pack_start(_for_msf_label, False, True, 5)
_boxes[1].pack_start(m._os_access_area_os_pwn_ckbtn, False, True, 5)
_boxes[1].pack_start(m._os_access_area_os_smbrelay_ckbtn, False, True, 5)
_boxes[1].pack_start(m._os_access_area_os_bof_ckbtn, False, True, 5)
_boxes[1].pack_start(m._os_access_area_priv_esc_ckbtn, False, True, 5)
m._os_access_area_msf_path_chooser.connect(
'clicked',
self._handlers.set_file_entry_text,
[m._os_access_area_msf_path_entry, 'choose local Metasploit install path']
)
_boxes[2].pack_start(m._os_access_area_msf_path_ckbtn, False, True, 5)
_boxes[2].pack_start(m._os_access_area_msf_path_entry, True, True, 0)
_boxes[2].pack_start(m._os_access_area_msf_path_chooser, False, True, 5)
_boxes[2].pack_start(m._os_access_area_tmp_path_ckbtn, False, True, 5)
_boxes[2].pack_start(m._os_access_area_tmp_path_entry, True, True, 5)
_os_access_area_opts = Box(orientation=VERTICAL, spacing=6)
for _ in _boxes:
_os_access_area_opts.add(_)
_f.add(_os_access_area_opts)
return _f
def build_page1_file(self):
box = Box(orientation=VERTICAL, spacing=6)
_file_note = label(
label = 'Note: only if stacked query(堆查询注入) worked, '
'these functions below can be used except udf!',
halign = g.Align.START,
margin_start = 16)
# http://www.sqlinjection.net/stacked-queries/
# https://www.cnblogs.com/hongfei/p/3895980.html
_file_note.set_tooltip_text(
'stacked query: MySQL/PHP - no(but supported by MySQL with other API)\n'
' SQL Server/Any API - yes\n'
' PostgreSQL/PHP - yes\n'
' Oracle/Any API - no')
_boxes = [Box(margin_top = 10, margin_start = 10, margin_end = 10) for _ in range(4)]
_file_read_area = self.build_page1_file_read(self.m)
_file_write_area = self.build_page1_file_write(self.m)
_os_access_area = self.build_page1_file_os_access(self.m)
_registry_area = self.build_page1_file_os_registry(self.m)
_boxes[0].pack_start(_file_read_area, True, True, 6)
_boxes[1].pack_start(_file_write_area, True, True, 6)
_boxes[2].pack_start(_os_access_area, True, True, 6)
_boxes[3].pack_start(_registry_area, True, True, 6)
box.add(_file_note)
for _ in _boxes:
box.add(_)
return box
def _build_page1_file_os_access(self, m):
f = Frame.new('访问后端OS')
_boxes = [Box() for _ in range(3)]
_boxes[0].pack_start(m._file_os_access_os_cmd_ckbtn, False, True, 5)
_boxes[0].pack_start(m._file_os_access_os_cmd_entry, True, True, 5)
_for_msf_label = label(label='Meterpreter相关(TCP连接):', margin_start=50)
_boxes[1].pack_start(m._file_os_access_os_shell_ckbtn, False, True, 5)
_boxes[1].pack_start(_for_msf_label, False, True, 5)
_boxes[1].pack_start(m._file_os_access_os_pwn_ckbtn, False, True, 5)
_boxes[1].pack_start(m._file_os_access_os_smbrelay_ckbtn, False, True,
5)
_boxes[1].pack_start(m._file_os_access_os_bof_ckbtn, False, True, 5)
_boxes[1].pack_start(m._file_os_access_priv_esc_ckbtn, False, True, 5)
m._file_os_access_msf_path_chooser.connect(
'clicked', self._handlers.set_file_entry_text,
[m._file_os_access_msf_path_entry, '选择 本地Metasploit安装目录'])
_boxes[2].pack_start(m._file_os_access_msf_path_ckbtn, False, True, 5)
_boxes[2].pack_start(m._file_os_access_msf_path_entry, True, True, 0)
_boxes[2].pack_start(m._file_os_access_msf_path_chooser, False, True,
5)
_boxes[2].pack_start(m._file_os_access_tmp_path_ckbtn, False, True, 5)
_boxes[2].pack_start(m._file_os_access_tmp_path_entry, True, True, 5)
_file_os_access_opts = Box(orientation=VERTICAL, spacing=6)
for _ in _boxes:
_file_os_access_opts.add(_)
f.add(_file_os_access_opts)
return f
def _build_page1_file(self):
box = Box(orientation=VERTICAL, spacing=6)
_file_note = label(label='注: 存在Stacked queries(堆查询注入)时, '
'才能使用该标签下的功能(udf功能除外)!',
halign=g.Align.START,
margin_start=16)
# http://www.sqlinjection.net/stacked-queries/
# https://www.cnblogs.com/hongfei/p/3895980.html
_file_note.set_tooltip_text(
'堆查询: MySQL/PHP - 不支持(supported by MySQL for other API)\n'
' SQL Server/Any API - 支持\n'
' PostgreSQL/PHP - 支持\n'
' Oracle/Any API - 不支持')
_boxes = [
Box(margin_top=10, margin_start=10, margin_end=10)
for _ in range(4)
]
_file_read_area = self._build_page1_file_read(self.m)
_file_write_area = self._build_page1_file_write(self.m)
_file_os_access_area = self._build_page1_file_os_access(self.m)
_file_os_registry_area = self._build_page1_file_os_registry(self.m)
_boxes[0].pack_start(_file_read_area, True, True, 6)
_boxes[1].pack_start(_file_write_area, True, True, 6)
_boxes[2].pack_start(_file_os_access_area, True, True, 6)
_boxes[3].pack_start(_file_os_registry_area, True, True, 6)
box.add(_file_note)
for _ in _boxes:
box.add(_)
return box
def makeMainBox(self):
frm = frame(self, TOP)
frm.config(bd=2)
button(frm, LEFT, 'next', self.onNext) # next in list
button(frm, LEFT, 'prev', self.onPrev) # backup in list
button(frm, LEFT, 'find', self.onFind) # find from key
frm = frame(self, TOP)
self.keytext = StringVar() # current record's key
label(frm, LEFT, 'KEY=>') # change before 'find'
entry(frm, LEFT, self.keytext)
frm = frame(self, TOP)
frm.config(bd=2)
button(frm, LEFT, 'store', self.onStore) # updated entry data
button(frm, LEFT, 'new', self.onNew) # clear fields
button(frm, LEFT, 'index', self.onMakeList) # show key list
button(frm, LEFT, 'delete', self.onDelete) # show key list
button(self, BOTTOM, 'quit', self.quit) # from guimixin
def doUI(self):
self.label_status = label(self, [0,0], [self.length,self.line_height],"","Status of connection to Data Vault")
self.setStatus("LabRAD not connected")
self.list_folders = simpleList(self,[0,self.line_height*1],[self.length,self.line_height*3],[],"List of folders in current directory")
self.list_files = simpleList(self,[0,self.line_height*5],[self.length,self.line_height*4],[],"List of files in current directory")
self.button_open = simpleButton(self,[self.length-self.button_length,self.line_height*4],[self.button_length,self.line_height],"select file",self.dvOpen,"Open the currently selected file")
self.button_home = simpleButton(self,[0 ,self.line_height*4],[self.button_length,self.line_height],"home" ,self.dvHome,"Return to the root directory")
self.button_up = simpleButton(self,[self.button_length ,self.line_height*4],[self.button_length,self.line_height],"up" ,self.dvUp ,"Go up one folder from the current directory")
self.text_details = textBox(self,[0,self.line_height*9],[self.length,self.line_height*4],"",tooltip="Details of currently selected dataset (file)")
self.list_folders.itemActivated.connect(self.dvSelectFolder)
self.list_files.itemActivated.connect(self.dvOpen)
self.list_files.currentItemChanged.connect(self.dvUpdateDetails)
self.setFixedSize(self.length,self.line_height*13)
self.move(self.position[0],self.position[1])
def __init__(self, language):
mo_filename = "sqlmap_gtk"
mo_base_folder = os.path.abspath("static/locale")
try:
if language == 'zh':
_zh = gettext.translation(mo_filename,
mo_base_folder,
languages = ["zh_CN"])
self._ = _zh.gettext
except FileNotFoundError as e:
print(e)
_ = self._
# 1. %s;(\('.*'\);(_(\1);g
# 2. fix _enum_area_opts_ckbtns
# TARGET
self._url_combobox = cbb()
self._burp_logfile = FileEntry()
self._burp_logfile_chooser = btn.new_with_label(_('open'))
self._request_file = FileEntry()
self._request_file_chooser = btn.new_with_label(_('open'))
self._bulkfile = FileEntry()
self._bulkfile_chooser = btn.new_with_label(_('open'))
self._configfile = FileEntry()
self._configfile_chooser = btn.new_with_label(_('open'))
self._google_dork = et()
self._direct_connect = et()
# OPTIONS(1)
# collected options:
self._cmd_entry = et()
# Inject(Q)
self._sqlmap_path_entry = FileEntry()
self._sqlmap_path_chooser = btn.new_with_label(_('open'))
# Injection
self._inject_area_param_ckbtn = cb(_('-p'))
self._inject_area_param_entry = et()
self._inject_area_param_filter_ckbtn = cb(_('--param-filter'))
self._inject_area_param_filter_combobox = cbb()
self._inject_area_skip_static_ckbtn = cb(_('--skip-static'))
self._inject_area_skip_ckbtn = cb(_('--skip'))
self._inject_area_skip_entry = et()
self._inject_area_param_exclude_ckbtn = cb(_('--param-exclude'))
self._inject_area_param_exclude_entry = et()
self._inject_area_prefix_ckbtn = cb(_('--prefix'))
self._inject_area_prefix_entry = et()
self._inject_area_suffix_ckbtn = cb(_('--suffix'))
self._inject_area_suffix_entry = et()
self._inject_area_dbms_ckbtn = cb(_('--dbms'))
self._inject_area_dbms_combobox = cbb()
self._inject_area_dbms_cred_ckbtn = cb(_('--dbms-cred'))
self._inject_area_dbms_cred_entry = et()
self._inject_area_os_ckbtn = cb(_('--os'))
self._inject_area_os_entry = et()
self._inject_area_no_cast_ckbtn = cb(_('--no-cast'))
self._inject_area_no_escape_ckbtn = cb(_('--no-escape'))
self._inject_area_invalid_bignum_ckbtn = cb(_('--invalid-bignum'))
self._inject_area_invalid_logical_ckbtn = cb(_('--invalid-logical'))
self._inject_area_invalid_string_ckbtn = cb(_('--invalid-string'))
# Detection
self._detection_area_level_ckbtn = cb(_('--level'))
self._detection_area_level_scale = sl(HORIZONTAL, 1, 5, 1)
self._detection_area_risk_ckbtn = cb(_('--risk'))
self._detection_area_risk_scale = sl(HORIZONTAL, 1, 3, 1)
self._detection_area_str_ckbtn = cb(_('--string'))
self._detection_area_str_entry = et()
self._detection_area_not_str_ckbtn = cb(_('--not-string'))
self._detection_area_not_str_entry = et()
self._detection_area_re_ckbtn = cb(_('--regexp'))
self._detection_area_re_entry = et()
self._detection_area_code_ckbtn = cb(_('--code'))
self._detection_area_code_entry = NumberEntry()
self._detection_area_text_only_ckbtn = cb(_('--text-only'))
self._detection_area_titles_ckbtn = cb(_('--titles'))
self._detection_area_smart_ckbtn = cb(_('--smart'))
self._detection_area_level_note = label(label = _("Level 1(default): all GET, POST fields\n"
"Level 2 append: Cookie\n"
"Level 3 append: User-Agent/Referer\n"
"Level 4 append: ?\n"
"Level 5 append: Host header"),
halign = g.Align.START)
self._detection_area_risk_note = label(label = _("Risk 1(default): no risk\n"
"Risk 2 append: Time-Based Blind\n"
"Risk 3 append: \"OR\"-Based Blind"),
halign = g.Align.START)
# Technique
self._tech_area_tech_ckbtn = cb(_('--technique'))
self._tech_area_tech_entry = et()
self._tech_area_time_sec_ckbtn = cb(_('--time-sec'))
self._tech_area_time_sec_entry = NumberEntry()
self._tech_area_union_col_ckbtn = cb(_('--union-cols'))
self._tech_area_union_col_entry = NumberEntry()
self._tech_area_union_char_ckbtn = cb(_('--union-char'))
self._tech_area_union_char_entry = et()
self._tech_area_union_from_ckbtn = cb(_('--union-from'))
self._tech_area_union_from_entry = et()
self._tech_area_dns_ckbtn = cb(_('--dns-domain'))
self._tech_area_dns_entry = et()
self._tech_area_second_url_ckbtn = cb(_('--second-url'))
self._tech_area_second_url_entry = et()
self._tech_area_second_req_ckbtn = cb('%s:' % _('--second-req'))
self._tech_area_second_req_entry = FileEntry()
self._tech_area_second_req_chooser = btn.new_with_label(_('open'))
# Tamper
# self._tamper_frame = Frame.new(_('--tamper'))
# self._tamper_area_tamper_view = tv(wrap_mode = g.WrapMode.CHAR)
# Optimize
self._optimize_area_turn_all_ckbtn = cb(_('-o'))
self._optimize_area_thread_num_ckbtn = cb(_('--threads'))
self._optimize_area_thread_num_spinbtn = sp.new_with_range(2, 10, 1)
self._optimize_area_predict_ckbtn = cb(_('--predict-output'))
self._optimize_area_keep_alive_ckbtn = cb(_('--keep-alive'))
self._optimize_area_null_connect_ckbtn = cb(_('--null-connection'))
# Offen
self._general_area_verbose_ckbtn = cb(_('-v'))
self._general_area_verbose_scale = sl(HORIZONTAL, 0, 6, 1)
self._general_area_finger_ckbtn = cb(_('--fingerprint'))
self._general_area_hex_ckbtn = cb(_('--hex'))
self._general_area_batch_ckbtn = cb(_('--batch'))
self._misc_area_wizard_ckbtn = cb(_('--wizard'))
# Hidden
self._hidden_area_crack_ckbtn = cb(_('--crack'))
self._hidden_area_debug_ckbtn = cb(_('--debug'))
self._hidden_area_profile_ckbtn = cb(_('--profile'))
self._hidden_area_disable_precon_ckbtn = cb(_('--disable-precon'))
self._hidden_area_disable_stats_ckbtn = cb(_('--disable-stats'))
self._hidden_area_force_dbms_ckbtn = cb(_('--force-dbms'))
self._hidden_area_force_dns_ckbtn = cb(_('--force-dns'))
self._hidden_area_force_pivoting_ckbtn = cb(_('--force-pivoting'))
self._hidden_area_smoke_test_ckbtn = cb(_('--smoke-test'))
self._hidden_area_live_test_ckbtn = cb(_('--live-test'))
self._hidden_area_vuln_test_ckbtn = cb(_('--vuln-test'))
self._hidden_area_murphy_rate_ckbtn = cb(_('--murphy-rate'))
self._hidden_area_stop_fail_ckbtn = cb(_('--stop-fail'))
self._hidden_area_run_case_ckbtn = cb(_('--run-case'))
self._hidden_area_dummy_ckbtn = cb(_('--dummy'))
self._hidden_area_api_ckbtn = cb(_('--api'))
self._hidden_area_taskid_ckbtn = cb(_('--taskid'))
self._hidden_area_database_ckbtn = cb(_('--database'))
# Request(W)
# HTTP header
self._request_area_random_agent_ckbtn = cb(_('--random-agent'))
self._request_area_mobile_ckbtn = cb(_('--mobile'))
self._request_area_user_agent_ckbtn = cb(_('--user-agent'))
self._request_area_user_agent_entry = et()
self._request_area_host_ckbtn = cb(_('--host'))
self._request_area_host_entry = et()
self._request_area_referer_ckbtn = cb(_('--referer'))
self._request_area_referer_entry = et()
self._request_area_header_ckbtn = cb(_('--header(-H)'))
self._request_area_header_entry = et()
self._request_area_headers_ckbtn = cb(_('--headers'))
self._request_area_headers_entry = et()
# HTTP data
self._request_area_method_ckbtn = cb(_('--method'))
self._request_area_method_entry = et(width_chars = 10)
self._request_area_param_del_ckbtn = cb(_('--param-del'))
self._request_area_param_del_entry = et(max_length = 1, width_chars = 5)
self._request_area_chunked_ckbtn = cb(_('--chunked'))
self._request_area_post_ckbtn = cb(_('--data'))
self._request_area_post_entry = et()
self._request_area_cookie_ckbtn = cb(_('--cookie'))
self._request_area_cookie_entry = et()
self._request_area_cookie_del_ckbtn = cb(_('--cookie-del'))
self._request_area_cookie_del_entry = et(width_chars = 5)
self._request_area_drop_set_cookie_ckbtn = cb(_('--drop-set-cookie'))
self._request_area_live_cookies_ckbtn = cb(_('--live-cookies'))
self._request_area_live_cookies_entry = FileEntry()
self._request_area_live_cookies_chooser = btn.new_with_label(_('open'))
self._request_area_load_cookies_ckbtn = cb(_('--load-cookies'))
self._request_area_load_cookies_entry = FileEntry()
self._request_area_load_cookies_chooser = btn.new_with_label(_('open'))
self._request_area_auth_type_ckbtn = cb(_('--auth-type'))
self._request_area_auth_type_entry = et()
self._request_area_auth_cred_ckbtn = cb(_('--auth-cred'))
self._request_area_auth_cred_entry = et()
self._request_area_auth_file_ckbtn = cb(_('--auth-file'))
self._request_area_auth_file_entry = FileEntry()
self._request_area_auth_file_chooser = btn.new_with_label(_('open'))
self._request_area_csrf_method_ckbtn = cb(_('--csrf-method'))
self._request_area_csrf_method_entry = et(width_chars = 10)
self._request_area_csrf_retries_ckbtn = cb(_('--csrf-retries'))
self._request_area_csrf_retries_entry = NumberEntry()
self._request_area_csrf_token_ckbtn = cb(_('--csrf-token'))
self._request_area_csrf_token_entry = et()
self._request_area_csrf_url_ckbtn = cb(_('--csrf-url'))
self._request_area_csrf_url_entry = et()
# Request custom
self._request_area_ignore_timeouts_ckbtn = cb(_('--ignore-timeouts'))
self._request_area_ignore_redirects_ckbtn = cb(_('--ignore-redirects'))
self._request_area_ignore_code_ckbtn = cb(_('--ignore-code'))
self._request_area_ignore_code_entry = et(text = '401', width_chars = 30)
self._request_area_skip_urlencode_ckbtn = cb(_('--skip-urlencode'))
self._request_area_force_ssl_ckbtn = cb(_('--force-ssl'))
self._request_area_hpp_ckbtn = cb(_('--hpp'))
self._request_area_delay_ckbtn = cb(_('--delay'))
self._request_area_delay_entry = NumberEntry()
self._request_area_timeout_ckbtn = cb(_('--timeout'))
self._request_area_timeout_entry = NumberEntry()
self._request_area_retries_ckbtn = cb(_('--retries'))
self._request_area_retries_entry = NumberEntry()
self._request_area_randomize_ckbtn = cb(_('--randomize'))
self._request_area_randomize_entry = et()
self._request_area_eval_ckbtn = cb(_('--eval'))
self._request_area_eval_entry = et()
# Anonymous/Proxy
self._request_area_safe_url_ckbtn = cb(_('--safe-url'))
self._request_area_safe_url_entry = et()
self._request_area_safe_post_ckbtn = cb(_('--safe-post'))
self._request_area_safe_post_entry = et()
self._request_area_safe_req_ckbtn = cb(_('--safe-req'))
self._request_area_safe_req_entry = FileEntry()
self._request_area_safe_req_chooser = btn.new_with_label(_('open'))
self._request_area_safe_freq_ckbtn = cb(_('--safe-freq'))
self._request_area_safe_freq_entry = et(width_chars = 10)
self._request_area_ignore_proxy_ckbtn = cb(_('--ignore-proxy'))
self._request_area_proxy_freq_ckbtn = cb(_('--proxy-freq'))
self._request_area_proxy_freq_entry = NumberEntry()
self._request_area_proxy_file_ckbtn = cb(_('--proxy-file'))
self._request_area_proxy_file_entry = FileEntry()
self._request_area_proxy_file_chooser = btn.new_with_label(_('open'))
self._request_area_proxy_ckbtn = cb(_('--proxy'))
self._request_area_proxy_ip_label = label.new('IP:')
self._request_area_proxy_ip_entry = et()
self._request_area_proxy_port_label = label.new('PORT:')
self._request_area_proxy_port_entry = NumberEntry()
self._request_area_proxy_username_label = label.new(_('username:'******'passwd:'))
self._request_area_proxy_password_entry = et()
self._request_area_tor_ckbtn = cb(_('--tor'))
self._request_area_tor_port_ckbtn = cb(_('--tor-port'))
self._request_area_tor_port_entry = NumberEntry()
self._request_area_tor_type_ckbtn = cb(_('--tor-type'))
self._request_area_tor_type_entry = et()
self._request_area_check_tor_ckbtn = cb(_('--check-tor'))
# Enumerate(E)
# Enumeration
self._init_enum_area_opts(_)
# Dump
self._dump_area_dump_ckbtn = cb(_('--dump'))
self._dump_area_repair_ckbtn = cb(_('--repair'))
self._dump_area_statements_ckbtn = cb(_('--statements'))
self._dump_area_search_ckbtn = cb(_('--search'))
self._dump_area_no_sys_db_ckbtn = cb(_('--exclude-sysdbs'))
self._dump_area_dump_all_ckbtn = cb(_('--dump-all'))
# Limit(when dump)
self._limit_area_start_ckbtn = cb(_('--start'))
self._limit_area_start_entry = NumberEntry()
self._limit_area_stop_ckbtn = cb(_('--stop'))
self._limit_area_stop_entry = NumberEntry()
# Blind inject options
self._blind_area_first_ckbtn = cb(_('--first'))
self._blind_area_first_entry = NumberEntry()
self._blind_area_last_ckbtn = cb(_('--last'))
self._blind_area_last_entry = NumberEntry()
# DB, Table, Column name...
self._meta_area_D_ckbtn = cb(_('-D'))
self._meta_area_D_entry = et()
self._meta_area_T_ckbtn = cb(_('-T'))
self._meta_area_T_entry = et()
self._meta_area_C_ckbtn = cb(_('-C'))
self._meta_area_C_entry = et()
self._meta_area_U_ckbtn = cb(_('-U'))
self._meta_area_U_entry = et()
self._meta_area_X_ckbtn = cb(_('-X'))
self._meta_area_X_entry = et()
self._meta_area_pivot_ckbtn = cb(_('--pivot-column'))
self._meta_area_pivot_entry = et()
self._meta_area_where_ckbtn = cb(_('--where'))
self._meta_area_where_entry = et()
# Execute SQL
self._runsql_area_sql_query_ckbtn = cb(_('--sql-query'))
self._runsql_area_sql_query_entry = et()
self._runsql_area_sql_shell_ckbtn = cb(_('--sql-shell'))
self._runsql_area_sql_file_ckbtn = cb(_('--sql-file'))
self._runsql_area_sql_file_entry = FileEntry()
self._runsql_area_sql_file_chooser = btn.new_with_label(_('open'))
# Brute force
self._brute_force_area_common_tables_ckbtn = cb(_('--common-tables'))
self._brute_force_area_common_columns_ckbtn = cb(_('--common-columns'))
self._brute_force_area_common_files_ckbtn = cb(_('--common-files'))
# File(R)
# Read remote file
self._file_read_area_file_read_ckbtn = cb(_('--file-read'))
self._file_read_area_file_read_entry = et(text = '/etc/passwd')
self._file_read_area_file_read_btn = btn.new_with_label(_('cat'))
# Upload local file
self._file_write_area_udf_ckbtn = cb(_('--udf-inject'))
self._file_write_area_shared_lib_ckbtn = cb(_('--shared-lib'))
self._file_write_area_shared_lib_entry = FileEntry()
self._file_write_area_shared_lib_chooser = btn.new_with_label(_('open'))
self._file_write_area_file_write_ckbtn = cb(_('--file-write'))
self._file_write_area_file_write_entry = FileEntry()
self._file_write_area_file_write_chooser = btn.new_with_label(_('open'))
self._file_write_area_file_dest_ckbtn = cb(_('--file-dest'))
self._file_write_area_file_dest_entry = et()
# Access to the OS behind the DBMS
self._os_access_area_os_cmd_ckbtn = cb(_('--os-cmd'))
self._os_access_area_os_cmd_entry = et()
self._os_access_area_os_shell_ckbtn = cb(_('--os-shell'))
self._os_access_area_os_pwn_ckbtn = cb('--os-pwn')
self._os_access_area_os_smbrelay_ckbtn = cb('--os-smbrelay')
self._os_access_area_os_bof_ckbtn = cb('--os-bof')
self._os_access_area_priv_esc_ckbtn = cb('--priv-esc')
self._os_access_area_msf_path_ckbtn = cb(_('--msf-path'))
self._os_access_area_msf_path_entry = FileEntry()
self._os_access_area_msf_path_chooser = btn.new_with_label(_('open'))
self._os_access_area_tmp_path_ckbtn = cb(_('--tmp-path'))
self._os_access_area_tmp_path_entry = et()
# Access to register in remote WIN
self._registry_area_reg_ckbtn = cb(_('operate:'))
self._registry_area_reg_combobox = g.ComboBoxText.new()
self._registry_area_reg_key_label = label.new(_('--reg-key'))
self._registry_area_reg_key_entry = et()
self._registry_area_reg_value_label = label.new(_('--reg-value'))
self._registry_area_reg_value_entry = et()
self._registry_area_reg_data_label = label.new(_('--reg-data'))
self._registry_area_reg_data_entry = et()
self._registry_area_reg_type_label = label.new(_('--reg-type'))
self._registry_area_reg_type_entry = et()
# Other(T)
# General
self._general_area_check_internet_ckbtn = cb(_('--check-internet'))
self._general_area_fresh_queries_ckbtn = cb(_('--fresh-queries'))
self._general_area_forms_ckbtn = cb(_('--forms'))
self._general_area_parse_errors_ckbtn = cb(_('--parse-errors'))
self._misc_area_cleanup_ckbtn = cb(_('--cleanup'))
self._general_area_base64_ckbtn = cb(_('--base64'))
self._general_area_base64_entry = et()
self._general_area_base64_safe_ckbtn = cb(_('--base64-safe'))
self._general_area_table_prefix_ckbtn = cb(_('--table-prefix'))
self._general_area_table_prefix_entry = et(width_chars = 15)
self._general_area_binary_fields_ckbtn = cb(_('--binary-fields'))
self._general_area_binary_fields_entry = et()
self._general_area_preprocess_ckbtn = cb(_('--preprocess'))
self._general_area_preprocess_entry = et()
self._general_area_preprocess_chooser = btn.new_with_label(_('open'))
self._general_area_postprocess_ckbtn = cb(_('--postprocess'))
self._general_area_postprocess_entry = et()
self._general_area_postprocess_chooser = btn.new_with_label(_('open'))
self._general_area_charset_ckbtn = cb(_('--charset'))
self._general_area_charset_entry = et(text = '0123456789abcdef')
self._general_area_encoding_ckbtn = cb(_('--encoding'))
self._general_area_encoding_entry = et(text = 'GBK', width_chars = 10)
self._general_area_web_root_ckbtn = cb(_('--web-root'))
self._general_area_web_root_entry = et()
self._general_area_scope_ckbtn = cb(_('--scope'))
self._general_area_scope_entry = FileEntry()
self._general_area_scope_chooser = btn.new_with_label(_('open'))
self._general_area_test_filter_ckbtn = cb(_('--test-filter'))
self._general_area_test_filter_entry = et()
self._general_area_test_skip_ckbtn = cb(_('--test-skip'))
self._general_area_test_skip_entry = et()
self._general_area_crawl_ckbtn = cb(_('--crawl'))
self._general_area_crawl_entry = NumberEntry()
self._general_area_crawl_exclude_ckbtn = cb(_('--crawl-exclude'))
self._general_area_crawl_exclude_entry = et()
self._general_area_traffic_file_ckbtn = cb(_('-t'))
self._general_area_traffic_file_entry = FileEntry()
self._general_area_traffic_file_chooser = btn.new_with_label(_('open'))
self._general_area_har_ckbtn = cb(_('--har'))
self._general_area_har_entry = FileEntry()
self._general_area_har_chooser = btn.new_with_label(_('open'))
self._general_area_flush_session_ckbtn = cb("<b>%s</b>" % '--flush-session')
self._general_area_dump_format_ckbtn = cb(_('--dump-format'))
self._general_area_dump_format_entry = et(width_chars = 6)
self._general_area_csv_del_ckbtn = cb(_('--csv-del'))
self._general_area_csv_del_entry = et(text = ',', max_length = 1, width_chars = 5)
self._general_area_save_ckbtn = cb(_('--save'))
self._general_area_save_entry = FileEntry()
self._general_area_save_chooser = btn.new_with_label(_('open'))
self._general_area_session_file_ckbtn = cb(_('-s'))
self._general_area_session_file_entry = FileEntry()
self._general_area_session_file_chooser = btn.new_with_label(_('open'))
self._general_area_output_dir_ckbtn = cb(_('--output-dir'))
self._general_area_output_dir_entry = FileEntry()
self._general_area_output_dir_chooser = btn.new_with_label(_('open'))
# Misc
self._misc_area_skip_heuristics_ckbtn = cb(_('--skip-heuristics'))
self._misc_area_skip_waf_ckbtn = cb(_('--skip-waf'))
self._misc_area_unstable_ckbtn = cb(_('--unstable'))
self._misc_area_list_tampers_ckbtn = cb(_('--list-tampers'))
self._misc_area_sqlmap_shell_ckbtn = cb(_('--sqlmap-shell'))
self._misc_area_disable_color_ckbtn = cb(_('--disable-coloring'))
self._general_area_eta_ckbtn = cb(_('--eta'))
self._misc_area_gpage_ckbtn = cb(_('--gpage'))
self._misc_area_gpage_spinbtn = sp.new_with_range(1, 100, 1)
self._misc_area_beep_ckbtn = cb(_('--beep'))
self._misc_area_offline_ckbtn = cb(_('--offline'))
self._misc_area_purge_ckbtn = cb("<b>%s</b>" % '--purge')
self._misc_area_dependencies_ckbtn = cb(_('--dependencies'))
self._misc_area_update_ckbtn = cb(_('--update'))
self._misc_area_alert_ckbtn = cb(_('--alert'))
self._misc_area_alert_entry = et()
self._misc_area_tmp_dir_ckbtn = cb(_('--tmp-dir'))
self._misc_area_tmp_dir_entry = FileEntry()
self._misc_area_tmp_dir_chooser = btn.new_with_label(_('open'))
self._misc_area_answers_ckbtn = cb(_('--answers'))
self._misc_area_answers_entry = et(text = 'quit=N,follow=N')
self._misc_area_z_ckbtn = cb(_('-z'))
self._misc_area_z_entry = et(text = 'flu,bat,ban,tec=EU...')
self._misc_area_results_file_ckbtn = cb(_('--results-file'))
self._misc_area_results_file_entry = FileEntry()
self._misc_area_results_file_chooser = btn.new_with_label(_('open'))
# Tamper
self._init_tampers()
# EXECUTION(2)
self._page2_respwan_btn = btn.new_with_label(_('reopen'))
self._page2_right_btn = btn.new_with_label(_('context menu'))
self._page2_terminal = Vte.Terminal.new()
# LOG(3)
self._page3_log_view = tv(editable = False, wrap_mode = g.WrapMode.WORD)
self._page3_read_target_btn = btn.new_with_label(_('view target file'))
self._page3_clear_btn = btn.new_with_mnemonic(_('clear buffer(_C)'))
self._page3_read_log_btn = btn.new_with_label(_('view log file'))
# SQLMAPAPI(4)
self._page4_api_server_label = label.new('REST-JSON API server:')
self._page4_api_server_entry = et(text = '127.0.0.1:8775')
self._page4_admin_token_label = label.new('Admin (secret) token:')
self._page4_admin_token_entry = et(max_length = 32)
self._page4_task_new_btn = btn.new_with_label(_('create task'))
self._page4_admin_list_btn = btn.new_with_label(_('view tasks'))
self._page4_admin_flush_btn = btn.new_with_label(_('delete all tasks'))
self._page4_clear_task_view_btn = btn.new_with_label(_('clear view'))
self._page4_username_label = label.new(_('username:'******'passwd:'))
self._page4_password_entry = et()
self._page4_option_get_entry = et(text = 'url risk level')
self._page4_option_set_view = tv(wrap_mode = g.WrapMode.CHAR)
self._page4_task_view = tv(editable = False, wrap_mode = g.WrapMode.WORD)
# HELP(H)
self._page5_manual_view = tv(editable = False, wrap_mode = g.WrapMode.WORD)
# ABOUT
self._page6_lang_en_radio = g.RadioButton.new_with_label_from_widget(None, 'en')
self._page6_lang_zh_radio = g.RadioButton.new_from_widget(self._page6_lang_en_radio)
self._page6_lang_zh_radio.set_label('zh')
self._page6_tooltips_en_radio = g.RadioButton.new_with_label_from_widget(None, 'en')
self._page6_tooltips_zh_radio = g.RadioButton.new_from_widget(self._page6_tooltips_en_radio)
self._page6_tooltips_zh_radio.set_label('zh')
def build_page4(self):
box = Box(orientation=VERTICAL)
box.set_border_width(10)
_row1 = Box(spacing=6)
_row1.pack_start(m._page4_api_server_label, False, True, 0)
_row1.pack_start(m._page4_api_server_entry, True, True, 0)
_row1.pack_start(m._page4_admin_token_label, False, True, 0)
_row1.pack_start(m._page4_admin_token_entry, True, True, 0)
_row2 = Box(spacing=6)
_arrow_down = g.Image.new_from_icon_name('pan-down-symbolic', 1)
m._page4_admin_list_btn.set_image(_arrow_down)
m._page4_admin_list_btn.set_image_position(g.PositionType.RIGHT)
m._page4_admin_list_btn.set_always_show_image(True)
m._page4_task_new_btn.connect('clicked', self._handlers.api.task_new)
m._page4_admin_list_btn.connect('clicked',
self._handlers.api.admin_list)
m._page4_admin_flush_btn.connect('clicked',
self._handlers.api.admin_flush)
m._page4_clear_task_view_btn.connect(
'clicked', self._handlers.clear_task_view_buffer)
_row2.pack_start(m._page4_task_new_btn, False, True, 0)
_row2.pack_start(m._page4_admin_list_btn, False, True, 0)
_row2.pack_start(m._page4_admin_flush_btn, False, True, 0)
_row2.pack_start(m._page4_clear_task_view_btn, False, True, 0)
_row2.pack_end(m._page4_password_entry, False, True, 0)
_row2.pack_end(m._page4_password_label, False, True, 0)
_row2.pack_end(m._page4_username_entry, False, True, 0)
_row2.pack_end(m._page4_username_label, False, True, 0)
_row3 = Frame()
_paned = g.Paned()
self._api_admin_list_rows = g.ListBox.new()
self._api_admin_list_rows.set_selection_mode(g.SelectionMode.NONE)
_lscrolled = g.ScrolledWindow()
_lscrolled.set_size_request(400, -1)
_lscrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_lscrolled.add(self._api_admin_list_rows)
_rbox = Box(orientation=VERTICAL)
_page4_option_set_view_tip = label(
label='check optiondict.py of sqlmap about options.',
halign=g.Align.START)
_option_set_view_textbuffer = m._page4_option_set_view.get_buffer()
_options_example = ("{\n"
" 'url': 'http://www.site.com/vuln.php?id=1',\n"
" 'level': 1, 'risk': 1,\n\n"
"}\n")
_option_set_view_textbuffer.set_text(
_options_example, len(_options_example.encode('utf8')))
# 貌似scrollwindow要直接包含textview,
# 不然一直回车后, 页面不会向上滚
_option_set_scrolled = g.ScrolledWindow()
_option_set_scrolled.set_size_request(400, -1)
_option_set_scrolled.set_policy(g.PolicyType.NEVER,
g.PolicyType.ALWAYS)
_option_set_scrolled.add(m._page4_option_set_view)
_rbox.pack_start(m._page4_option_get_entry, False, True, 2)
_rbox.pack_start(_page4_option_set_view_tip, False, True, 2)
_rbox.pack_start(_option_set_scrolled, True, True, 2)
# Warning: don't edit pack1(), pack2() again, otherwise it becomes strange.
_paned.pack1(_lscrolled, False, False)
_paned.pack2(_rbox, False, True)
_row3.add(_paned)
_row4 = Frame()
_task_view_textbuffer = m._page4_task_view.get_buffer()
_end = _task_view_textbuffer.get_end_iter()
_task_view_textbuffer.create_mark('end', _end, False)
self._handlers.api.task_view_append('response result:')
_scrolled = g.ScrolledWindow()
_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_scrolled.add(m._page4_task_view)
_row4.add(_scrolled)
box.pack_start(_row1, False, True, 5)
box.pack_start(_row2, False, True, 5)
box.pack_start(_row3, True, True, 5)
box.pack_start(_row4, True, True, 5)
return box