def __init__(self, appinfo, parent = None):
QWidget.__init__(self, parent)
self.appinfo = appinfo
self.current_selection = None
width = self.width()
self.domainIcon = QIcon(probe_icon(None, None, 'domain'))
self.graphview = GraphView(self.appinfo)
QObject.connect(self.graphview, SIGNAL('updateDetailsNodePan'), self.fillInformationPan_Slot)
self.infodisplay = InfoDisplay(self.appinfo)
QObject.connect(self.infodisplay.dropDownDomain, SIGNAL('currentIndexChanged(const QString&)'), self.selectedDomain_Slot)
QObject.connect(self.infodisplay.availableRequestDropDown, SIGNAL('currentIndexChanged(const QString&)'), self.selectedRequestID_Slot)
QObject.connect(self.infodisplay.save_screen, SIGNAL('triggered()'), self.saveGraphView_Slot)
QObject.connect(self.infodisplay.clear_screen, SIGNAL('triggered()'), self.clearGraphView_Slot)
QObject.connect(self.infodisplay.redraw_screen, SIGNAL('triggered()'), self.redrawGraphView_Slot)
#QObject.connect(self.infodisplay.apply_heuristic, SIGNAL('toggled()'), self.graphview.executeHeuristic)
QObject.connect(self.infodisplay.filter, SIGNAL('returnPressed()'), self.processFilter_Slot)
self.splitter = QSplitter(parent)
self.splitter.addWidget(self.graphview)
self.splitter.addWidget(self.infodisplay)
layout = QHBoxLayout()
layout.addWidget(self.splitter)
self.setLayout(layout)
def __init__(self, findingdb, netmanager, parent = None):
QWidget.__init__(self, parent)
self.findingdb = findingdb
self.netmanager = netmanager
self.current_findingid = None
self.classification_name = QComboBox()
self.rebuildClassificationDropDown()
self.findingid = QLineEdit()
self.findingid.setEnabled(False)
self.domain_icon = QIcon(probe_icon(None, None, 'domain'))
self.domain = QLineEdit()
self.typefinding = QLineEdit()
self.qurlstr = QLineEdit()
self.severity = QLineEdit()
self.impact = QLineEdit()
self.trace = QTreeWidget()
self.trace.setColumnCount(7)
self.trace.setRootIsDecorated(False)
self.trace.setAlternatingRowColors(True)
self.trace.setSortingEnabled(False)
self.trace.setEditTriggers(QAbstractItemView.DoubleClicked)
self.trace.setWordWrap(True)
self.trace.setHeaderLabels(["Request ID", "HTTP Method", "URL", "Parameter", "Payload", "Description", "User Information"])
self.trace.setUniformRowHeights(True)
self.trace.resizeColumnToContents(0)
self.description = QTextEdit()
self.description.setAcceptRichText(False)
self.description.setAutoFormatting(QTextEdit.AutoNone)
self.reference = QTextEdit()
self.reference.setAcceptRichText(False)
self.reference.setAutoFormatting(QTextEdit.AutoNone)
self.refresh_button = QPushButton("Refresh Finding Content")
self.update_button = QPushButton("Persist Content")
self.add_button = QPushButton("Add Finding")
QObject.connect(self.add_button, SIGNAL("pressed()"), self.addFinding_Slot)
QObject.connect(self.refresh_button, SIGNAL("pressed()"), self.refreshFinding_Slot)
QObject.connect(self.update_button, SIGNAL("pressed()"), self.persistFinding_Slot)
glayout = QGridLayout()
glayout.addWidget(QLabel("Category name:"), 0, 0)
glayout.addWidget(self.classification_name, 0, 1)
glayout.addWidget(QLabel("Finding ID:"), 0, 2)
glayout.addWidget(self.findingid, 0, 3)
glayout.addWidget(QLabel("Domain:"), 1, 0)
glayout.addWidget(self.domain, 1, 1)
glayout.addWidget(QLabel("Type of finding:"), 2, 0)
glayout.addWidget(self.typefinding, 2, 1)
glayout.addWidget(QLabel("Severity:"), 3, 0)
glayout.addWidget(self.severity, 3, 1)
glayout.addWidget(QLabel("Impact:"), 3, 2)
glayout.addWidget(self.impact, 3, 3)
ilayout = QGridLayout()
ilayout.addWidget(QLabel("URL:"), 0, 0)
ilayout.addWidget(self.qurlstr, 0, 1)
ilayout.addWidget(QLabel("Trace:"), 1, 0)
ilayout.addWidget(self.trace, 1, 1)
ilayout.addWidget(QLabel("Description:"), 2, 0)
ilayout.addWidget(self.description, 2, 1)
ilayout.addWidget(QLabel("Reference:"), 3, 0)
ilayout.addWidget(self.reference, 3, 1)
ilayout.setAlignment(Qt.AlignTop)
button_layout = QHBoxLayout()
#button_layout.addWidget(self.add_button)
button_layout.addWidget(self.refresh_button)
button_layout.addWidget(self.update_button)
ilayout.addLayout(button_layout, 4, 1)
layout = QVBoxLayout()
layout.addLayout(glayout)
layout.addSpacing(20)
layout.addLayout(ilayout)
self.setLayout(layout)
def __init__(self, netmanager, parent=None):
QDialog.__init__(self, parent)
self.netmanager = netmanager
self.urlrewritestore = self.netmanager.urlrewriting
self.domainIcon = QIcon(probe_icon(None, None, 'domain'))
self.enable_urlrewriting = QCheckBox("Enable URL rewriting handling")
self.enable_urlrewriting.setChecked(False)
QObject.connect(self.enable_urlrewriting, SIGNAL('stateChanged(int)'),
self.enableURLRewrite_Slot)
# QTree widget to represent the different editable information
self.tree = QTreeWidget()
self.tree.setRootIsDecorated(False)
self.tree.setAlternatingRowColors(True)
self.tree.setSortingEnabled(False)
self.tree.setEditTriggers(QAbstractItemView.DoubleClicked)
self.tree.setHeaderLabels(
['URL match', 'URL replace', 'Active', 'Unique ID'])
self.tree.setColumnHidden(3, True)
self.tree.setColumnWidth(2, 40)
self.tree.resizeColumnToContents(0)
self.tree.resizeColumnToContents(1)
self.tree.setWordWrap(True)
QObject.connect(self.tree,
SIGNAL("itemClicked(QTreeWidgetItem *, int)"),
self.clickedIndex_Slot)
self.gbox = QGroupBox("URL Rewrite Rule")
self.urlr_id = -1
self.domain_edit = QLineEdit()
self.activated_rule = QCheckBox("Active")
self.match_path = QLineEdit()
self.replace = QLineEdit()
self.close_dialog = QPushButton("&Close")
QObject.connect(self.close_dialog, SIGNAL('pressed()'),
self.cancel_Slot)
self.add_button = QPushButton("Add rule")
self.upd_button = QPushButton("Update rule")
self.del_button = QPushButton("Delete rule")
QObject.connect(self.add_button, SIGNAL('pressed()'),
self.addRule_Slot)
QObject.connect(self.upd_button, SIGNAL('pressed()'),
self.updateRule_Slot)
QObject.connect(self.del_button, SIGNAL('pressed()'),
self.deleteRule_Slot)
domain_active = QHBoxLayout()
domain_active.addWidget(self.domain_edit)
domain_active.addWidget(self.activated_rule)
gridlayout = QGridLayout()
gridlayout.addWidget(QLabel("Domain:"), 0, 0)
gridlayout.addLayout(domain_active, 0, 1)
gridlayout.addWidget(self.add_button, 0, 2)
gridlayout.addWidget(QLabel("Match:"), 1, 0)
gridlayout.addWidget(self.match_path, 1, 1)
gridlayout.addWidget(self.upd_button, 1, 2)
gridlayout.addWidget(QLabel("Replace:"), 2, 0)
gridlayout.addWidget(self.replace, 2, 1)
gridlayout.addWidget(self.del_button, 2, 2)
self.gbox.setLayout(gridlayout)
blayout = QGridLayout()
blayout.addWidget(self.close_dialog, 0, 2)
layout = QVBoxLayout()
layout.addWidget(self.enable_urlrewriting)
layout.addWidget(self.tree)
layout.addWidget(self.gbox)
layout.addLayout(blayout)
self.setModal(False)
self.setLayout(layout)
# fill the data
self.updateListRules()
self.setMinimumSize(520, 700)
def __init__(self, netmanager, parent = None):
QDialog.__init__(self, parent)
self.netmanager = netmanager
self.urlrewritestore = self.netmanager.urlrewriting
self.domainIcon = QIcon(probe_icon(None, None, 'domain'))
self.enable_urlrewriting = QCheckBox("Enable URL rewriting handling")
self.enable_urlrewriting.setChecked(False)
QObject.connect(self.enable_urlrewriting, SIGNAL('stateChanged(int)'), self.enableURLRewrite_Slot)
# QTree widget to represent the different editable information
self.tree = QTreeWidget()
self.tree.setRootIsDecorated(False)
self.tree.setAlternatingRowColors(True)
self.tree.setSortingEnabled(False)
self.tree.setEditTriggers(QAbstractItemView.DoubleClicked)
self.tree.setHeaderLabels(['URL match', 'URL replace', 'Active', 'Unique ID'])
self.tree.setColumnHidden(3, True)
self.tree.setColumnWidth (2, 40)
self.tree.resizeColumnToContents(0)
self.tree.resizeColumnToContents(1)
self.tree.setWordWrap(True)
QObject.connect(self.tree, SIGNAL("itemClicked(QTreeWidgetItem *, int)"), self.clickedIndex_Slot)
self.gbox = QGroupBox("URL Rewrite Rule")
self.urlr_id = -1
self.domain_edit = QLineEdit()
self.activated_rule = QCheckBox("Active")
self.match_path = QLineEdit()
self.replace = QLineEdit()
self.close_dialog = QPushButton("&Close")
QObject.connect(self.close_dialog, SIGNAL('pressed()'), self.cancel_Slot)
self.add_button = QPushButton("Add rule")
self.upd_button = QPushButton("Update rule")
self.del_button = QPushButton("Delete rule")
QObject.connect(self.add_button, SIGNAL('pressed()'), self.addRule_Slot)
QObject.connect(self.upd_button, SIGNAL('pressed()'), self.updateRule_Slot)
QObject.connect(self.del_button, SIGNAL('pressed()'), self.deleteRule_Slot)
domain_active = QHBoxLayout()
domain_active.addWidget(self.domain_edit)
domain_active.addWidget(self.activated_rule)
gridlayout = QGridLayout()
gridlayout.addWidget(QLabel("Domain:"), 0, 0)
gridlayout.addLayout(domain_active, 0, 1)
gridlayout.addWidget(self.add_button, 0, 2)
gridlayout.addWidget(QLabel("Match:"), 1, 0)
gridlayout.addWidget(self.match_path, 1, 1)
gridlayout.addWidget(self.upd_button, 1, 2)
gridlayout.addWidget(QLabel("Replace:"), 2, 0)
gridlayout.addWidget(self.replace, 2, 1)
gridlayout.addWidget(self.del_button, 2, 2)
self.gbox.setLayout(gridlayout)
blayout = QGridLayout()
blayout.addWidget(self.close_dialog, 0, 2)
layout = QVBoxLayout()
layout.addWidget(self.enable_urlrewriting)
layout.addWidget(self.tree)
layout.addWidget(self.gbox)
layout.addLayout(blayout)
self.setModal(False)
self.setLayout(layout)
# fill the data
self.updateListRules()
self.setMinimumSize(520,700)
def __init__(self, findingdb, netmanager, parent=None):
QWidget.__init__(self, parent)
self.findingdb = findingdb
self.netmanager = netmanager
self.current_findingid = None
self.classification_name = QComboBox()
self.rebuildClassificationDropDown()
self.findingid = QLineEdit()
self.findingid.setEnabled(False)
self.domain_icon = QIcon(probe_icon(None, None, 'domain'))
self.domain = QLineEdit()
self.typefinding = QLineEdit()
self.qurlstr = QLineEdit()
self.severity = QLineEdit()
self.impact = QLineEdit()
self.trace = QTreeWidget()
self.trace.setColumnCount(7)
self.trace.setRootIsDecorated(False)
self.trace.setAlternatingRowColors(True)
self.trace.setSortingEnabled(False)
self.trace.setEditTriggers(QAbstractItemView.DoubleClicked)
self.trace.setWordWrap(True)
self.trace.setHeaderLabels([
"Request ID", "HTTP Method", "URL", "Parameter", "Payload",
"Description", "User Information"
])
self.trace.setUniformRowHeights(True)
self.trace.resizeColumnToContents(0)
self.description = QTextEdit()
self.description.setAcceptRichText(False)
self.description.setAutoFormatting(QTextEdit.AutoNone)
self.reference = QTextEdit()
self.reference.setAcceptRichText(False)
self.reference.setAutoFormatting(QTextEdit.AutoNone)
self.refresh_button = QPushButton("Refresh Finding Content")
self.update_button = QPushButton("Persist Content")
self.add_button = QPushButton("Add Finding")
QObject.connect(self.add_button, SIGNAL("pressed()"),
self.addFinding_Slot)
QObject.connect(self.refresh_button, SIGNAL("pressed()"),
self.refreshFinding_Slot)
QObject.connect(self.update_button, SIGNAL("pressed()"),
self.persistFinding_Slot)
glayout = QGridLayout()
glayout.addWidget(QLabel("Category name:"), 0, 0)
glayout.addWidget(self.classification_name, 0, 1)
glayout.addWidget(QLabel("Finding ID:"), 0, 2)
glayout.addWidget(self.findingid, 0, 3)
glayout.addWidget(QLabel("Domain:"), 1, 0)
glayout.addWidget(self.domain, 1, 1)
glayout.addWidget(QLabel("Type of finding:"), 2, 0)
glayout.addWidget(self.typefinding, 2, 1)
glayout.addWidget(QLabel("Severity:"), 3, 0)
glayout.addWidget(self.severity, 3, 1)
glayout.addWidget(QLabel("Impact:"), 3, 2)
glayout.addWidget(self.impact, 3, 3)
ilayout = QGridLayout()
ilayout.addWidget(QLabel("URL:"), 0, 0)
ilayout.addWidget(self.qurlstr, 0, 1)
ilayout.addWidget(QLabel("Trace:"), 1, 0)
ilayout.addWidget(self.trace, 1, 1)
ilayout.addWidget(QLabel("Description:"), 2, 0)
ilayout.addWidget(self.description, 2, 1)
ilayout.addWidget(QLabel("Reference:"), 3, 0)
ilayout.addWidget(self.reference, 3, 1)
ilayout.setAlignment(Qt.AlignTop)
button_layout = QHBoxLayout()
#button_layout.addWidget(self.add_button)
button_layout.addWidget(self.refresh_button)
button_layout.addWidget(self.update_button)
ilayout.addLayout(button_layout, 4, 1)
layout = QVBoxLayout()
layout.addLayout(glayout)
layout.addSpacing(20)
layout.addLayout(ilayout)
self.setLayout(layout)
def fillInformationPan_Slot(self, tpl):
self.current_selection = tpl
domain = tpl[0]
qurlstr = tpl[1]
info = self.appinfo.getInfo(domain, qurlstr)
if not info:
return
# domain {
# url-string {
# 'method' : []
# 'request_id' : []
# 'original' : True if user clicked on link or if link was directly requested
# False if it's a subsequent request
# 'tampered' : True if user tampered this request once... will help to extract
# the coverage of pen-test
# 'spidered' : True if spider discovered the link
# 'content-type' : [image, xml, html, js, css, flash, binary, etc.]
# 'get' : { '$PARAMETER_NAME$' : []}
# 'post' : { '$PARAMETER_NAME$' : []}
# 'headers' : { '$PARAMETER_NAME$' : []}
# 'cookies' : { '$PARAMETER_NAME$' : [('value', 'raw')]}
# 'fragment' : []
# } }
# load request ID to the drop down
self.infodisplay.availableRequestDropDown.clear()
self.infodisplay.availableRequestDropDown.addItem(QString("List of existing requests:"))
for request_id in info['request_id']:
self.infodisplay.availableRequestDropDown.addItem(QString("request - %d" % request_id))
self.infodisplay.tree.setUpdatesEnabled(False)
self.infodisplay.tree.clear()
root = self.infodisplay.tree.invisibleRootItem()
item = QTreeWidgetItem()
item.setText(0, domain)
item.setIcon(0, self.domainIcon)
item.setIcon(0, QIcon(probe_icon(None, None, 'domain')))
item.setText(1, QUrl(qurlstr).path())
item.setFlags(item.flags() | Qt.ItemIsEditable)
root.addChild(item)
root.addChild(SiteInfo.__create_treeitem("Nb Requests", str(len(info['request_id']))))
root.addChild(SiteInfo.__create_treeitem("Clicked by user", "true" if info['original'] else "false"))
root.addChild(SiteInfo.__create_treeitem("Tampered by user", "true" if info['tampered'] else "false"))
root.addChild(SiteInfo.__create_treeitem("Spidered", "true" if info['spidered'] else "false"))
root.addChild(SiteInfo.__create_treeitem("Content types", ", ".join(info['content-type'])))
for item in ('headers', 'get', 'post', 'cookies'):
category = SiteInfo.__create_treeseparator(string.capitalize(item))
root.addChild(category)
for variable in info[item]:
values = [unicode(v) for v in info[item][variable]]
category.addChild(SiteInfo.__create_treeitem(variable, ", ".join(values)))
if 0 < len(info['fragment']):
category = SiteInfo.__create_treeseparator("Fragments")
root.addChild(category)
values = [unicode(v) for v in info['fragment']]
category.addChild(SiteInfo.__create_treeitem(", ".join(values), ""))
self.infodisplay.tree.expandAll()
self.infodisplay.tree.resizeColumnToContents(0)
self.infodisplay.tree.setUpdatesEnabled(True)