def _build_page1_request(self):
box = Box(orientation=VERTICAL)
_boxes = [Box() for _ in range(4)]
_request_header_area = self._build_page1_request_header(self.m)
_boxes[0].pack_start(_request_header_area, True, True, 5)
_request_data_area = self._build_page1_request_data(self.m)
_boxes[1].pack_start(_request_data_area, True, True, 5)
_request_custom_area = self._build_page1_request_custom(self.m)
_boxes[2].pack_start(_request_custom_area, True, True, 5)
_request_proxy_area = self._build_page1_request_proxy(self.m)
_boxes[3].pack_start(_request_proxy_area, True, True, 5)
for _ in _boxes:
box.pack_start(_, False, True, 5)
scrolled = g.ScrolledWindow()
scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
scrolled.add(box)
return scrolled
def build_page1_enumeration_meta(self, m):
_f = Frame.new(m._('DB, Table, Column name...'))
_boxes = [Box() for _ in range(3)]
_boxes[0].pack_start(m._meta_area_D_ckbtn, False, True, 5)
_boxes[0].pack_start(m._meta_area_D_entry, True, True, 5)
_boxes[0].pack_start(m._meta_area_T_ckbtn, False, True, 5)
_boxes[0].pack_start(m._meta_area_T_entry, True, True, 5)
_boxes[0].pack_start(m._meta_area_C_ckbtn, False, True, 5)
_boxes[0].pack_start(m._meta_area_C_entry, True, True, 5)
_boxes[1].pack_start(m._meta_area_U_ckbtn, False, True, 5)
_boxes[1].pack_start(m._meta_area_U_entry, True, True, 5)
_boxes[1].pack_start(m._meta_area_X_ckbtn, False, True, 5)
_boxes[1].pack_start(m._meta_area_X_entry, True, True, 5)
_boxes[1].pack_start(m._meta_area_pivot_ckbtn, False, True, 5)
_boxes[1].pack_start(m._meta_area_pivot_entry, True, True, 5)
_boxes[2].pack_start(m._meta_area_where_ckbtn, False, True, 5)
_boxes[2].pack_start(m._meta_area_where_entry, True, True, 5)
_meta_area_opts = Box(orientation=VERTICAL)
for _ in _boxes:
_meta_area_opts.pack_start(_, False, True, 5)
_f.add(_meta_area_opts)
return _f
def _build_page1_enumeration_meta(self, m):
f = Frame.new('数据库名, 表名, 列名...')
_boxes = [Box() for _ in range(3)]
_boxes[0].pack_start(m._meta_area_D_ckbtn, False, True, 5)
_boxes[0].pack_start(m._meta_area_D_entry, True, True, 5)
_boxes[0].pack_start(m._meta_area_T_ckbtn, False, True, 5)
_boxes[0].pack_start(m._meta_area_T_entry, True, True, 5)
_boxes[0].pack_start(m._meta_area_C_ckbtn, False, True, 5)
_boxes[0].pack_start(m._meta_area_C_entry, True, True, 5)
_boxes[1].pack_start(m._meta_area_U_ckbtn, False, True, 5)
_boxes[1].pack_start(m._meta_area_U_entry, True, True, 5)
_boxes[1].pack_start(m._meta_area_X_ckbtn, False, True, 5)
_boxes[1].pack_start(m._meta_area_X_entry, True, True, 5)
_boxes[1].pack_start(m._meta_area_pivot_ckbtn, False, True, 5)
_boxes[1].pack_start(m._meta_area_pivot_entry, True, True, 5)
_boxes[2].pack_start(m._meta_area_where_ckbtn, False, True, 5)
_boxes[2].pack_start(m._meta_area_where_entry, True, True, 5)
_meta_area_opts = Box(orientation=VERTICAL)
for _ in _boxes:
_meta_area_opts.pack_start(_, False, True, 5)
f.add(_meta_area_opts)
return f
def build_page1_file_write(self, m):
_f = Frame.new(m._('Upload local file'))
_boxes = [Box() for _ in range(3)]
m._file_write_area_shared_lib_chooser.connect(
'clicked',
self._handlers.set_file_entry_text,
[m._file_write_area_shared_lib_entry]
)
_boxes[0].pack_start(m._file_write_area_udf_ckbtn, False, True, 5)
_boxes[0].pack_start(m._file_write_area_shared_lib_ckbtn, False, True, 5)
_boxes[0].pack_start(m._file_write_area_shared_lib_entry, True, True, 0)
_boxes[0].pack_start(m._file_write_area_shared_lib_chooser, False, True, 5)
m._file_write_area_file_write_chooser.connect(
'clicked',
self._handlers.set_file_entry_text,
[m._file_write_area_file_write_entry]
)
_boxes[1].pack_start(m._file_write_area_file_write_ckbtn, False, True, 5)
_boxes[1].pack_start(m._file_write_area_file_write_entry, True, True, 0)
_boxes[1].pack_start(m._file_write_area_file_write_chooser, False, True, 5)
_boxes[2].pack_start(m._file_write_area_file_dest_ckbtn, False, True, 5)
_boxes[2].pack_start(m._file_write_area_file_dest_entry, True, True, 5)
_file_write_area_opts = Box(orientation=VERTICAL, spacing=6)
for _ in _boxes:
_file_write_area_opts.pack_start(_, False, True, 5)
_f.add(_file_write_area_opts)
return _f
def __init__(self):
super().__init__(title='sqlmap-gtk')
self.connect('key_press_event', self.on_window_key_press_event)
self.set_icon_from_file("sqlmap_gtk.ico")
self._handlers = Handler(self, m)
# g.Box默认的orientation是HORIZONTAL
_main_box = Box(orientation=VERTICAL)
self._target_notebook = g.Notebook()
self._build_target_notebook(self._target_notebook)
_main_box.pack_start(self._target_notebook, False, True, 0)
self.main_notebook = g.Notebook()
self.main_notebook.add_events(d.EventMask.SCROLL_MASK
| d.EventMask.SMOOTH_SCROLL_MASK)
self.main_notebook.connect('scroll-event', self.scroll_page)
page1 = self._build_page1()
page2 = self._build_page2()
page3 = self._build_page3()
page4 = self._build_page4()
page5 = self._build_page5()
page6 = self._build_page6()
self.main_notebook.append_page(page1,
label.new_with_mnemonic('选项区(_1)'))
self.main_notebook.append_page(page2,
label.new_with_mnemonic('输出区(_2)'))
self.main_notebook.append_page(page3,
label.new_with_mnemonic('日志区(_3)'))
self.main_notebook.append_page(page4,
label.new_with_mnemonic('API区(_4)'))
self.main_notebook.append_page(page5,
label.new_with_mnemonic('帮助(_H)'))
self.main_notebook.append_page(page6, label.new('关于'))
_main_box.pack_start(self.main_notebook, True, True, 0)
self.add(_main_box)
# 初始化完后, 必须要有焦点, 不然按任何键都会报错, 直到操作一次UI:
# gtk_widget_event: assertion 'WIDGET_REALIZED_FOR_EVENT (widget, event)' failed`
# 获取焦点
# m._url_combobox.get_child().grab_focus()
self.set_focus(m._url_combobox.get_child())
# 添加tooltips, placeholders等
INIT_MESG(m)
# 读取 上次所有选项
self.session = Session(m)
self.session.load_from_tmp()
def __init__(self):
super().__init__(title='sqlmap-gtk')
self.connect('key_press_event', self.on_quit_by_key)
self.set_icon_from_file("static/title.ico")
self.clipboard = g.Clipboard.get(d.SELECTION_CLIPBOARD)
self._handlers = Handler(self, m)
_main_box = Box(orientation=VERTICAL)
self._target_notebook = g.Notebook()
self.build_target_notebook(self._target_notebook)
_main_box.pack_start(self._target_notebook, False, True, 0)
self.main_notebook = g.Notebook()
self.main_notebook.add_events(d.EventMask.SCROLL_MASK
| d.EventMask.SMOOTH_SCROLL_MASK)
self.main_notebook.connect('scroll-event', self.scroll_page)
page1 = self.build_page1()
page2 = self.build_page2()
page3 = self.build_page3()
page4 = self.build_page4()
page5 = self.build_page5()
page6 = self.build_page6()
_ = m._
self.main_notebook.append_page(
page1, label.new_with_mnemonic(_('OPTIONS(_1)')))
self.main_notebook.append_page(
page2, label.new_with_mnemonic(_('EXECUTION(_2)')))
self.main_notebook.append_page(page3,
label.new_with_mnemonic(_('LOG(_3)')))
self.main_notebook.append_page(
page4, label.new_with_mnemonic(_('SQLMAPAPI(_4)')))
self.main_notebook.append_page(page5,
label.new_with_mnemonic(_('HELP(_H)')))
self.main_notebook.append_page(page6, label.new(_('ABOUT')))
_main_box.pack_start(self.main_notebook, True, True, 0)
self.add(_main_box)
# 初始化完后, 必须要有焦点, 不然按任何键都会报错, 直到操作一次UI:
# gtk_widget_event: assertion 'WIDGET_REALIZED_FOR_EVENT (widget, event)' failed`
# m._url_combobox.get_child().grab_focus()
self.set_focus(m._url_combobox.get_child())
# add tooltips, placeholders
INIT_MESG(m)
self.session = Session(m)
self.session.load_from_tmp()
def build_page1_enumeration_brute_force(self, m):
_f = Frame.new(m._('Brute force'))
_brute_force_area_opts = Box(orientation=VERTICAL)
_row1 = Box()
_row1.pack_start(label.new(m._('check existence of:')), False, True, 10)
_row1.pack_start(m._brute_force_area_common_tables_ckbtn, False, True, 0)
_row1.pack_start(m._brute_force_area_common_columns_ckbtn, False, True, 5)
_row1.pack_start(m._brute_force_area_common_files_ckbtn, False, True, 0)
_brute_force_area_opts.pack_start(_row1, False, True, 5)
_f.add(_brute_force_area_opts)
return _f
def build_page3(self):
box = Box(orientation=VERTICAL, spacing=6)
box.set_border_width(10)
_row1 = Frame()
_log_view_textbuffer = m._page3_log_view.get_buffer()
self._handlers.clear_log_view_buffer(None)
_end = _log_view_textbuffer.get_end_iter()
_log_view_textbuffer.create_mark('end', _end, False)
_scrolled = g.ScrolledWindow()
_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_scrolled.add(m._page3_log_view)
_row1.add(_scrolled)
_row2 = Box()
m._page3_read_target_btn.connect('clicked',
self._handlers.read_target_file)
m._page3_clear_btn.connect('clicked',
self._handlers.clear_log_view_buffer)
m._page3_read_log_btn.connect('clicked', self._handlers.read_log_file)
_row2.pack_start(m._page3_read_target_btn, True, False, 0)
_row2.pack_start(m._page3_clear_btn, True, False, 0)
_row2.pack_start(m._page3_read_log_btn, True, False, 0)
box.pack_start(_row1, True, True, 5)
box.pack_end(_row2, False, True, 0)
return box
def _build_page6(self):
box = Box()
_about_str = '''
1. VERSION: 0.3.4.2
2019年10月10日 08:06:05
required: python3.5+, python3-gi, sqlmap
作者: needle wang ( [email protected] )
https://github.com/needle-wang/sqlmap-gtk\n
2. 使用PyGObject(Gtk+3: python3-gi)重写sqm.py\n
3. Gtk+3教程: https://python-gtk-3-tutorial.readthedocs.io/en/latest\n
4. Gtk+3 API: https://lazka.github.io/pgi-docs/Gtk-3.0/\n\n
5. 感谢sqm带来的灵感, 其作者: KINGX ( https://github.com/kxcode ), sqm UI 使用的是python2 + tkinter
'''
box.pack_start(label.new(_about_str), True, False, 0)
return box
def _build_page1(self):
box = Box(orientation=VERTICAL, spacing=6)
box.set_border_width(10)
# sqlmap命令语句
_cmd_area = Frame.new('A.收集选项 的结果显示在这:')
_cmd_area.add(m._cmd_entry)
box.pack_start(_cmd_area, False, True, 0)
# 主构造区
_notebook = Notebook(m, self._handlers)
m._page1_misc_purge_ckbtn.connect('toggled', self._show_warn,
'这将抹除所有本地记录!\n确定勾选?')
m._page1_general_flush_session_ckbtn.connect('toggled',
self._show_warn,
'这将清除本地缓存!\n确定勾选?')
_notebook.add_events(d.EventMask.SCROLL_MASK
| d.EventMask.SMOOTH_SCROLL_MASK)
_notebook.connect('scroll-event', self.scroll_page)
box.pack_start(_notebook, True, True, 0)
# 构造与执行
_exec_area = Box()
_build_button = btn.new_with_mnemonic('A.收集选项(_A)')
_build_button.connect('clicked', self._handlers.build_all)
# 用于改善ui的使用体验
_unselect_all_btn = btn.new_with_mnemonic('反选所有复选框(_S)')
_unselect_all_btn.connect('clicked', self.unselect_all_ckbtn)
_clear_all_entry = btn.new_with_mnemonic('清空所有输入框(_D)')
_clear_all_entry.connect('clicked', self.clear_all_entry)
_run_button = btn.new_with_mnemonic('B.开始(_F)')
_run_button.connect('clicked', self._handlers.run_cmdline)
_exec_area.pack_start(_build_button, False, True, 0)
_exec_area.pack_start(_unselect_all_btn, True, False, 0)
_exec_area.pack_start(_clear_all_entry, True, False, 0)
_exec_area.pack_end(_run_button, False, True, 0)
box.pack_end(_exec_area, False, True, 0)
return box
def build_page1_enumeration_limit(self, m):
_f = Frame.new(m._('Limit'))
_boxes = [Box() for _ in range(2)]
_boxes[0].pack_start(m._limit_area_start_ckbtn, False, True, 5)
_boxes[0].pack_end(m._limit_area_start_entry, False, True, 5)
# _boxes[0].pack_start(label.new('行'), False, True, 5)
_boxes[1].pack_start(m._limit_area_stop_ckbtn, False, True, 5)
_boxes[1].pack_end(m._limit_area_stop_entry, False, True, 5)
# _boxes[1].pack_start(label.new('行'), False, True, 5)
_limit_area_opts = Box(orientation=VERTICAL)
for _ in _boxes:
_limit_area_opts.pack_start(_, False, True, 10)
_f.add(_limit_area_opts)
return _f
def build_page1(self):
box = Box(orientation=VERTICAL, spacing=6)
box.set_border_width(10)
_ = m._
# sqlmap命令语句
_cmd_area = Frame.new(_('A.Options are collected here:'))
_cmd_area.add(m._cmd_entry)
# 主构造区
_notebook = Notebook(m, self._handlers)
m._general_area_flush_session_ckbtn.connect(
'toggled', self._show_warn, 'check --flush-session:\n\n'
'Flush session files for current target?')
m._misc_area_purge_ckbtn.connect(
'toggled', self._show_warn, 'check --purge:\n\n'
'Safely remove all content from sqlmap data directory?')
_notebook.add_events(d.EventMask.SCROLL_MASK
| d.EventMask.SMOOTH_SCROLL_MASK)
_notebook.connect('scroll-event', self.scroll_page)
# 构造与执行
_exec_area = Box()
_build_button = btn.new_with_mnemonic(_('A.collect(_A)'))
_build_button.connect('clicked', self._handlers.build_all)
_unselect_all_btn = btn.new_with_mnemonic(_('unselect(_S)'))
_unselect_all_btn.connect('clicked', self.unselect_all_ckbtn)
_clear_all_entry = btn.new_with_mnemonic(_('clear all inputs(_D)'))
_clear_all_entry.connect('clicked', self.clear_all_entry)
_run_button = btn.new_with_mnemonic(_('B.run(_F)'))
_run_button.connect('clicked', self._handlers.run_cmdline)
_exec_area.pack_start(_build_button, False, True, 0)
_exec_area.pack_start(_unselect_all_btn, True, False, 0)
_exec_area.pack_start(_clear_all_entry, True, False, 0)
_exec_area.pack_end(_run_button, False, True, 0)
box.pack_start(_cmd_area, False, True, 0)
box.pack_start(_notebook, True, True, 0)
box.pack_end(_exec_area, False, True, 0)
return box
def build_page1_enumeration_blind(self, m):
_f = Frame.new(m._('Blind inject options'))
_boxes = [Box() for _ in range(2)]
_boxes[0].pack_start(m._blind_area_first_ckbtn, False, True, 5)
_boxes[0].pack_end(m._blind_area_first_entry, False, True, 5)
# _boxes[0].pack_start(label.new('个字符'), False, True, 5)
_boxes[1].pack_start(m._blind_area_last_ckbtn, False, True, 5)
_boxes[1].pack_end(m._blind_area_last_entry, False, True, 5)
# _boxes[1].pack_start(label.new('个字符'), False, True, 5)
_blind_area_opts = Box(orientation=VERTICAL)
for _ in _boxes:
_blind_area_opts.pack_start(_, False, True, 10)
_f.add(_blind_area_opts)
return _f
def _build_page1_enumeration_enum(self, m):
f = Frame.new('枚举')
_enum_area_opts = Box(spacing=6)
_enu_area_opts_cols = [Box(orientation=VERTICAL) for _ in range(3)]
for _x in range(len(m._enum_area_opts_ckbtns)):
for _y in m._enum_area_opts_ckbtns[_x]:
# 每列, 至上往下add
_enu_area_opts_cols[_x].add(_y)
# 添加三列, 方便对齐...
_enum_area_opts.pack_start(_enu_area_opts_cols[_x], False, True,
10)
f.add(_enum_area_opts)
return f
def build_page6(self):
box = Box(orientation=VERTICAL, spacing=6)
box.set_border_width(10)
_boxes = [Box() for _ in range(3)]
_lang = label.new('language:')
_tooltip = label.new('tooltips:')
_boxes[0].pack_start(_lang, False, True, 10)
_boxes[0].pack_start(m._page6_lang_en_radio, False, True, 10)
_boxes[0].pack_start(m._page6_lang_zh_radio, False, True, 10)
_boxes[0].pack_start(
label.new(m._('Take effects after restarting GUI.')), False, True,
10)
_boxes[1].pack_start(_tooltip, False, True, 10)
_boxes[1].pack_start(m._page6_tooltips_en_radio, False, True, 10)
_boxes[1].pack_start(m._page6_tooltips_zh_radio, False, True, 10)
_version = '0.3.5.2'
_timestamp = '2021-01-29 04:04:35'
_url_self = 'https://github.com/needle-wang/sqlmap-gtk'
_url_tutorial = 'https://python-gtk-3-tutorial.readthedocs.io/en/latest'
_url_api = 'https://lazka.github.io/pgi-docs/Gtk-3.0/'
_url_idea = 'https://github.com/kxcode'
_about_str = f'''
1. <a href="{_url_self}" title = "{_url_self}">Website</a> VERSION: {_version}
{_timestamp}
required: python3.6+, gtk+3.20 above, python3-gi,
requests, sqlmap\n
2. use PyGObject(python3-gi + Gtk+3) to recode sqm.py
3. thanks to the idea from sqm, author: <a href="{_url_idea}" title="{_url_idea}">KINGX</a>. sqm UI with python2 + tkinter\n
4. Python GTK+3 Tutorial: <a href="{_url_tutorial}">{_url_tutorial}</a>
5. PyGObject-GTK 3.0 API: <a href="{_url_api}">{_url_api}</a>
'''
_ = label.new(_about_str)
_.set_use_markup(True)
# _.set_selectable(True)
_boxes[2].pack_start(_, False, True, 0)
box.pack_start(_boxes[0], False, True, 0)
box.pack_start(_boxes[1], False, True, 0)
box.pack_start(_boxes[2], False, True, 80)
return box
def _build_page1_enumeration_brute_force(self, m):
f = Frame.new('暴破表名/列名')
_brute_force_area_opts = Box(orientation=VERTICAL)
_row1 = Box()
_row1.pack_start(label.new('检查是否存在:'), False, True, 10)
_row1.pack_start(m._brute_force_area_common_tables_ckbtn, False, True,
0)
_row1.pack_start(m._brute_force_area_common_columns_ckbtn, False, True,
5)
_row1.pack_start(m._brute_force_area_common_files_ckbtn, False, True,
0)
_brute_force_area_opts.pack_start(_row1, False, True, 5)
f.add(_brute_force_area_opts)
return f
def _build_page1_enumeration_blind(self, m):
f = Frame.new('盲注选项')
_boxes = [Box() for _ in range(3)]
_boxes[0].pack_start(m._blind_area_first_ckbtn, False, True, 5)
_boxes[0].pack_start(m._blind_area_first_entry, False, True, 0)
_boxes[0].pack_start(label.new('个字符'), False, True, 5)
_boxes[1].pack_start(m._blind_area_last_ckbtn, False, True, 5)
_boxes[1].pack_start(m._blind_area_last_entry, False, True, 0)
_boxes[1].pack_start(label.new('个字符'), False, True, 5)
_boxes[2].pack_start(label.new('只适用于盲注,\n因为报错,union注入要求列数相同'), False,
True, 5)
_blind_area_opts = Box(orientation=VERTICAL)
for _ in _boxes:
_blind_area_opts.pack_start(_, False, True, 10)
f.add(_blind_area_opts)
return f
def build_page1_tamper(self, m):
grid = g.Grid(row_spacing = 6, margin = 15)
_i = 0 # row number
for a_tamper, discribe in m.tampers.items():
if _i % 2 != 0:
# stripe style for css
# a_tamper.set_name('stripe')
discribe.set_name('stripe')
grid.attach(a_tamper, 0, _i, 1, 1)
# grid.attach(discribe, 1, _i, 1, 1)
_ = Box() # resolve that label always be center align...
_.pack_start(discribe, False, True, 0)
grid.attach_next_to(_, a_tamper, g.PositionType.RIGHT, 1, 1)
_i += 1
scrolled = g.ScrolledWindow()
scrolled.set_policy(g.PolicyType.AUTOMATIC, g.PolicyType.ALWAYS)
scrolled.add(grid)
return scrolled
def build_page1_file_read(self, m):
_f = Frame.new(m._('Read remote file'))
_file_read_area_opts = Box(orientation=VERTICAL, spacing=6)
_row1 = Box()
m._file_read_area_file_read_btn.connect('clicked', self._handlers.read_dumped_file)
_row1.pack_start(m._file_read_area_file_read_ckbtn, False, True, 5)
_row1.pack_start(m._file_read_area_file_read_entry, True, True, 0)
_row1.pack_start(m._file_read_area_file_read_btn, False, True, 5)
_file_read_area_opts.pack_start(_row1, False, True, 5)
_f.add(_file_read_area_opts)
return _f
def _build_page1_other(self):
'''
最大的宽应该是由最长的 request定制的第一行 决定
如果所有标签页全用ScrolledWindow的话, UI的尺寸(size)会变得很小
以"其他"标签的height作为标准高,
高于此height的标签页使用ScrolledWindow, 显示滚动条
'''
box = Box(orientation=VERTICAL)
_row1 = Box()
_page1_other_general_area = self._build_page1_other_general(self.m)
_row1.pack_start(_page1_other_general_area, True, True, 5)
_row2 = Box()
_page1_other_misc_area = self._build_page1_other_misc(self.m)
_row2.pack_start(_page1_other_misc_area, True, True, 5)
box.add(_row1)
box.add(_row2)
return box
def _build_page1_enumeration_runsql(self, m):
f = Frame.new('执行SQL语句')
_boxes = [Box() for _ in range(2)]
_boxes[0].pack_start(m._runsql_area_sql_query_ckbtn, False, True, 10)
_boxes[0].pack_start(m._runsql_area_sql_query_entry, True, True, 10)
m._runsql_area_sql_file_chooser.connect(
'clicked', self._handlers.set_file_entry_text,
[m._runsql_area_sql_file_entry])
_boxes[1].pack_start(m._runsql_area_sql_shell_ckbtn, False, True, 10)
_boxes[1].pack_start(m._runsql_area_sql_file_ckbtn, False, True, 10)
_boxes[1].pack_start(m._runsql_area_sql_file_entry, True, True, 0)
_boxes[1].pack_start(m._runsql_area_sql_file_chooser, False, True, 10)
_runsql_area_opts = Box(orientation=VERTICAL)
for _ in _boxes:
_runsql_area_opts.pack_start(_, False, True, 5)
f.add(_runsql_area_opts)
return f
def _build_page2(self):
'''
用subprocess不可实现与sqlap的交互!
不管是多线程, 同步还是异步, 都不行, 只能使用pty
'''
box = Box(orientation=VERTICAL, spacing=6)
box.set_border_width(10)
_row1 = Box(spacing=6)
# m._page2_cmdline_str_label.set_alignment(0, 0.5) # 怎么没有垂直居中?
m._page2_respwan_btn.connect('clicked',
self._handlers.respawn_terminal)
# _row1.pack_start(m._page2_cmdline_str_label, True, True, 0)
_row1.pack_start(m._page2_respwan_btn, False, True, 0)
_row2 = Frame()
# 等价于_pty = m._page2_terminal.pty_new_sync(Vte.PtyFlags.DEFAULT)
_pty = Vte.Pty.new_sync(Vte.PtyFlags.DEFAULT)
m._page2_terminal.set_pty(_pty)
# https://stackoverflow.com/questions/55105447/virtual-python-shell-with-vte-pty-spawn-async
# https://gtk-d.dpldocs.info/vte.Pty.Pty.spawnAsync.html
# API手册上的该方法签名有问题, 与实际的对不上
# 最后一个参数为回调函数, 是必填项
_pty.spawn_async(str(Path.home()), [self._handlers.shell], None,
GLib.SpawnFlags.DO_NOT_REAP_CHILD, None, None, -1,
None, lambda pty, task: None)
_scrolled = g.ScrolledWindow()
_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_scrolled.add(m._page2_terminal)
_row2.add(_scrolled)
box.pack_start(_row1, False, True, 5)
box.pack_end(_row2, True, True, 0)
return box
def build_page2(self):
'''
用subprocess不可实现与sqlmap的交互!
不管是多线程, 同步还是异步, 都不行, 只能使用pty
'''
box = Box(orientation=VERTICAL, spacing=6)
box.set_border_width(10)
_row1 = Box(spacing=6)
m._page2_respwan_btn.connect('clicked',
self._handlers.respawn_terminal)
m._page2_right_btn.connect("button-press-event", self.on_right_click)
# can not disable
# m._page2_right_btn.set_sensitive(False)
self._build_page2_context()
_row1.pack_start(m._page2_respwan_btn, False, True, 0)
_row1.pack_start(m._page2_right_btn, False, True, 0)
_row2 = Frame()
# equals: _pty = m._page2_terminal.pty_new_sync(Vte.PtyFlags.DEFAULT)
_pty = Vte.Pty.new_sync(Vte.PtyFlags.DEFAULT)
m._page2_terminal.set_pty(_pty)
m._page2_terminal.connect('key_press_event', self.on_clipboard_by_key)
m._page2_terminal.connect("button-press-event", self.on_right_click,
m._page2_right_btn)
# https://stackoverflow.com/questions/55105447/virtual-python-shell-with-vte-pty-spawn-async
# https://gtk-d.dpldocs.info/vte.Pty.Pty.spawnAsync.html
# API手册上的该方法签名有问题, 与实际的对不上
# 最后一个参数为回调函数, 是必填项
_pty.spawn_async(str(Path.home()), [self._handlers.shell], None,
GLib.SpawnFlags.DO_NOT_REAP_CHILD, None, None, -1,
None, lambda pty, task: None)
_scrolled = g.ScrolledWindow()
_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_scrolled.add(m._page2_terminal)
_row2.add(_scrolled)
box.pack_start(_row1, False, True, 5)
box.pack_end(_row2, True, True, 0)
return box
def build_page1_enumeration_dump(self, m):
_f = Frame.new(m._('Dump'))
_dump_area_opts = Box(spacing=6)
# for padding in HORIZONTAL
_dump_area_opts_cols = Box(orientation=VERTICAL)
_dump_area_opts_cols.add(m._dump_area_dump_ckbtn)
_dump_area_opts_cols.add(m._dump_area_repair_ckbtn)
_dump_area_opts_cols.add(m._dump_area_statements_ckbtn)
_ = Box()
_.pack_start(m._dump_area_search_ckbtn, False, True, 0)
_.pack_start(m._dump_area_no_sys_db_ckbtn, True, False, 0)
_dump_area_opts_cols.add(_)
_dump_area_opts_cols.add(m._dump_area_dump_all_ckbtn)
_dump_area_opts.pack_start(_dump_area_opts_cols, False, True, 10)
_f.add(_dump_area_opts)
return _f
def _build_page1_enumeration_dump(self, m):
f = Frame.new('Dump(转储)')
_dump_area_opts = Box(spacing=6)
# 加这一层, 只是为了横向上有padding
_dump_area_opts_cols = Box(orientation=VERTICAL)
_dump_area_opts_cols.add(m._dump_area_dump_ckbtn)
_dump_area_opts_cols.add(m._dump_area_repair_ckbtn)
_dump_area_opts_cols.add(m._dump_area_statements_ckbtn)
_ = Box()
_.pack_start(m._dump_area_search_ckbtn, False, True, 0)
_.pack_start(m._dump_area_no_sys_db_ckbtn, True, False, 0)
_dump_area_opts_cols.add(_)
_dump_area_opts_cols.add(m._dump_area_dump_all_ckbtn)
_dump_area_opts.pack_start(_dump_area_opts_cols, False, True, 10)
f.add(_dump_area_opts)
return f
def build_page5(self):
box = Box(orientation=VERTICAL)
box.set_border_width(10)
_row1 = Box()
self._get_sqlmap_path_btn = btn.new_with_label('sqlmap -hh')
self._get_sqlmap_path_btn.set_sensitive(False)
self._get_sqlmap_path_btn.connect('clicked', self._make_help_thread)
_row1.pack_start(self._get_sqlmap_path_btn, False, True, 5)
_row2 = Frame()
self._make_help_thread(None)
_scrolled = g.ScrolledWindow()
_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_scrolled.add(m._page5_manual_view)
_row2.add(_scrolled)
box.pack_start(_row1, False, True, 5)
box.pack_start(_row2, True, True, 5)
return box
def _build_target_notebook(self, target_nb):
target_nb.add_events(d.EventMask.SCROLL_MASK
| d.EventMask.SMOOTH_SCROLL_MASK)
target_nb.connect('scroll-event', self.scroll_page)
# 目标url
name_store = g.ListStore(int, str)
name_store.append([1, "http://www.site.com/vuln.php?id=1"])
_url_area = Box()
m._url_combobox.set_model(name_store)
m._url_combobox.set_entry_text_column(1)
_url_area.pack_start(m._url_combobox, True, True, 0)
_burp_area = Box()
m._burp_logfile_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._burp_logfile])
_burp_area.pack_start(m._burp_logfile, True, True, 0)
_burp_area.pack_start(m._burp_logfile_chooser, False, True, 0)
_request_area = Box()
m._request_file_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._request_file])
_request_area.pack_start(m._request_file, True, True, 0)
_request_area.pack_start(m._request_file_chooser, False, True, 0)
_bulkfile_area = Box()
m._bulkfile_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._bulkfile])
_bulkfile_area.pack_start(m._bulkfile, True, True, 0)
_bulkfile_area.pack_start(m._bulkfile_chooser, False, True, 0)
_configfile_area = Box()
m._configfile_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._configfile])
_configfile_area.pack_start(m._configfile, True, True, 0)
_configfile_area.pack_start(m._configfile_chooser, False, True, 0)
_sitemap_url_area = Box()
_sitemap_url_area.pack_start(m._sitemap_url, True, True, 0)
_google_dork_area = Box()
_google_dork_area.pack_start(m._google_dork, True, True, 0)
target_nb.append_page(_url_area, label.new('目标url'))
target_nb.append_page(_burp_area, label.new('burp日志'))
target_nb.append_page(_request_area, label.new('HTTP请求'))
target_nb.append_page(_bulkfile_area, label.new('BULKFILE'))
target_nb.append_page(_configfile_area, label.new('ini文件'))
target_nb.append_page(_sitemap_url_area, label.new('xml_url'))
target_nb.append_page(_google_dork_area, label.new('GOOGLEDORK'))
def build_target_notebook(self, target_nb):
target_nb.add_events(d.EventMask.SCROLL_MASK
| d.EventMask.SMOOTH_SCROLL_MASK)
target_nb.connect('scroll-event', self.scroll_page)
# --url
name_store = g.ListStore(int, str)
name_store.append([1, "http://www.site.com/vuln.php?id=1"])
_url_area = Box()
m._url_combobox.set_model(name_store)
m._url_combobox.set_entry_text_column(1)
_url_area.pack_start(m._url_combobox, True, True, 0)
_burp_area = Box()
m._burp_logfile_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._burp_logfile])
_burp_area.pack_start(m._burp_logfile, True, True, 0)
_burp_area.pack_start(m._burp_logfile_chooser, False, True, 0)
_request_area = Box()
m._request_file_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._request_file])
_request_area.pack_start(m._request_file, True, True, 0)
_request_area.pack_start(m._request_file_chooser, False, True, 0)
_bulkfile_area = Box()
m._bulkfile_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._bulkfile])
_bulkfile_area.pack_start(m._bulkfile, True, True, 0)
_bulkfile_area.pack_start(m._bulkfile_chooser, False, True, 0)
_configfile_area = Box()
m._configfile_chooser.connect('clicked',
self._handlers.set_file_entry_text,
[m._configfile])
_configfile_area.pack_start(m._configfile, True, True, 0)
_configfile_area.pack_start(m._configfile_chooser, False, True, 0)
_google_dork_area = Box()
_google_dork_area.pack_start(m._google_dork, True, True, 0)
_direct_connect_area = Box()
m._direct_connect.set_text(
'mysql://*****:*****@DBMS_IP:DBMS_PORT/DATABASE_NAME or '
'access://DATABASE_FILEPATH')
_direct_connect_area.pack_start(m._direct_connect, True, True, 0)
_ = m._
target_nb.append_page(_url_area, label.new(_('-u URL')))
target_nb.append_page(_burp_area, label.new(_('-l LOGFILE')))
target_nb.append_page(_request_area, label.new(_('-r REQUESTFILE')))
target_nb.append_page(_bulkfile_area, label.new(_('-m BULKFILE')))
target_nb.append_page(_configfile_area, label.new(_('-c CONFIGFILE')))
target_nb.append_page(_google_dork_area, label.new(_('-g GOOGLEDORK')))
target_nb.append_page(_direct_connect_area, label.new(_('-d DIRECT')))
def build_page4(self):
box = Box(orientation=VERTICAL)
box.set_border_width(10)
_row1 = Box(spacing=6)
_row1.pack_start(m._page4_api_server_label, False, True, 0)
_row1.pack_start(m._page4_api_server_entry, True, True, 0)
_row1.pack_start(m._page4_admin_token_label, False, True, 0)
_row1.pack_start(m._page4_admin_token_entry, True, True, 0)
_row2 = Box(spacing=6)
_arrow_down = g.Image.new_from_icon_name('pan-down-symbolic', 1)
m._page4_admin_list_btn.set_image(_arrow_down)
m._page4_admin_list_btn.set_image_position(g.PositionType.RIGHT)
m._page4_admin_list_btn.set_always_show_image(True)
m._page4_task_new_btn.connect('clicked', self._handlers.api.task_new)
m._page4_admin_list_btn.connect('clicked',
self._handlers.api.admin_list)
m._page4_admin_flush_btn.connect('clicked',
self._handlers.api.admin_flush)
m._page4_clear_task_view_btn.connect(
'clicked', self._handlers.clear_task_view_buffer)
_row2.pack_start(m._page4_task_new_btn, False, True, 0)
_row2.pack_start(m._page4_admin_list_btn, False, True, 0)
_row2.pack_start(m._page4_admin_flush_btn, False, True, 0)
_row2.pack_start(m._page4_clear_task_view_btn, False, True, 0)
_row2.pack_end(m._page4_password_entry, False, True, 0)
_row2.pack_end(m._page4_password_label, False, True, 0)
_row2.pack_end(m._page4_username_entry, False, True, 0)
_row2.pack_end(m._page4_username_label, False, True, 0)
_row3 = Frame()
_paned = g.Paned()
self._api_admin_list_rows = g.ListBox.new()
self._api_admin_list_rows.set_selection_mode(g.SelectionMode.NONE)
_lscrolled = g.ScrolledWindow()
_lscrolled.set_size_request(400, -1)
_lscrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_lscrolled.add(self._api_admin_list_rows)
_rbox = Box(orientation=VERTICAL)
_page4_option_set_view_tip = label(
label='check optiondict.py of sqlmap about options.',
halign=g.Align.START)
_option_set_view_textbuffer = m._page4_option_set_view.get_buffer()
_options_example = ("{\n"
" 'url': 'http://www.site.com/vuln.php?id=1',\n"
" 'level': 1, 'risk': 1,\n\n"
"}\n")
_option_set_view_textbuffer.set_text(
_options_example, len(_options_example.encode('utf8')))
# 貌似scrollwindow要直接包含textview,
# 不然一直回车后, 页面不会向上滚
_option_set_scrolled = g.ScrolledWindow()
_option_set_scrolled.set_size_request(400, -1)
_option_set_scrolled.set_policy(g.PolicyType.NEVER,
g.PolicyType.ALWAYS)
_option_set_scrolled.add(m._page4_option_set_view)
_rbox.pack_start(m._page4_option_get_entry, False, True, 2)
_rbox.pack_start(_page4_option_set_view_tip, False, True, 2)
_rbox.pack_start(_option_set_scrolled, True, True, 2)
# Warning: don't edit pack1(), pack2() again, otherwise it becomes strange.
_paned.pack1(_lscrolled, False, False)
_paned.pack2(_rbox, False, True)
_row3.add(_paned)
_row4 = Frame()
_task_view_textbuffer = m._page4_task_view.get_buffer()
_end = _task_view_textbuffer.get_end_iter()
_task_view_textbuffer.create_mark('end', _end, False)
self._handlers.api.task_view_append('response result:')
_scrolled = g.ScrolledWindow()
_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
_scrolled.add(m._page4_task_view)
_row4.add(_scrolled)
box.pack_start(_row1, False, True, 5)
box.pack_start(_row2, False, True, 5)
box.pack_start(_row3, True, True, 5)
box.pack_start(_row4, True, True, 5)
return box
def build_page1_setting(self, m):
box = Box(orientation=VERTICAL)
_row0 = Box()
_sqlmap_path_label = label.new(m._('sqlmap path:'))
m._sqlmap_path_entry.set_text('sqlmap')
m._sqlmap_path_chooser.connect(
'clicked',
self._handlers.set_file_entry_text,
[m._sqlmap_path_entry]
)
_row0.pack_start(_sqlmap_path_label, False, True, 5)
_row0.pack_start(m._sqlmap_path_entry, True, True, 5)
_row0.pack_start(m._sqlmap_path_chooser, False, True, 5)
_row1 = Box()
_inject_area = self.build_page1_setting_inject(self.m)
_detection_area = self.build_page1_setting_detection(self.m)
_tech_area = self.build_page1_setting_tech(self.m)
_row1.pack_start(_inject_area, False, True, 5)
_row1.pack_start(_detection_area, True, True, 5)
_row1.pack_start(_tech_area, False, True, 5)
_row2 = Box()
# _tamper_area = self._build_page1_setting_tamper(self.m)
_optimize_area = self.build_page1_setting_optimize(self.m)
_offen_area = self.build_page1_setting_offen(self.m)
_hidden_area = self.build_page1_setting_hidden(self.m)
# _row2.pack_start(_tamper_area, False, True, 5)
_row2.pack_start(_optimize_area, False, True, 5)
_row2.pack_start(_offen_area, False, True, 5)
_row2.pack_start(_hidden_area, False, True, 5)
box.pack_start(_row0, False, True, 5)
box.pack_start(_row1, False, True, 0)
box.pack_start(_row2, False, True, 5)
scrolled = g.ScrolledWindow()
scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS)
scrolled.add(box)
return scrolled
