Exemplo n.º 1
0
 def __init__(self):
     self.download = htmlDownLoader()
     self.parser = htmlParser()
     self.urlManage = urlManeger()
     self.save = saveDatas()
     self.v9 = v9_news()
     self.v9_data = v9_news_data()
Exemplo n.º 2
0
def crawl(scheme, host, main_url, form, headers, delay, timeout):
    if form:  #这个form是一个表单,应该是从返回页面中提取出来的表单集合
        for each in form.values():
            url = each['action']
            url = main_url
            if url:
                # if url.startswith(main_url):
                #     pass
                # elif url.startswith('//') and url[2:].startswith(host):
                #     url=scheme+'://'+url[2:]
                # elif url.startswith('/'):
                #     url=scheme+'://'+host+url
                if url not in config.globalVariables['checkedForms']:
                    config.globalVariables['checkedForms'][url] = []
                method = each['method']
                GET = True if method == 'get' else False
                inputs = each['inputs']  #一个form表单中的input标签的集合
                Scan_area.insert(END, inputs)
                paramData = {}
                for one in inputs:
                    paramData[one['name']] = one['value']
                    for paramName in paramData.keys():
                        if paramName not in config.globalVariables[
                                'checkedForms'][url]:
                            config.globalVariables['checkedForms'][url].append(
                                paramName)
                            paramsCopy = copy.deepcopy(paramData)
                            paramsCopy[paramName] = xsschecker
                            response = requester(url, paramsCopy, headers, GET,
                                                 delay, timeout)  #发送GET请求
                            #Scan_area.insert(END,response.text)
                            occurences = htmlParser(
                                response, False)  #返回的是html网页中输出点的上下文信息
                            positions = occurences.keys()  #注入点位置
                            #模糊测试,判断xss漏洞的 匹配度??
                            efficiences = filterChecker(
                                url, paramsCopy, headers, GET, delay,
                                occurences, timeout, False)
                            vectors = generator(occurences,
                                                response.text)  #生成攻击向量??
                            #存储攻击向量的数据结构
                            payloads = []
                            if vectors:
                                for confidence, vects in vectors.items():
                                    try:
                                        payload = list(vects)[0]
                                        s = "this is payload area"
                                        #Scan_area.insert(END,s)
                                        Scan_area.insert(END, payload)
                                        Scan_area.insert(END, '\n')
                                        payloads.append(payload)
                                        break
                                    except IndexError:
                                        pass
Exemplo n.º 3
0
def scan(target, paramData, encoding, headers, delay, timeout, path, jsonData):
    GET, POST = (False, True) if paramData else (True, False)
    #如果用户输入的入口主URL不是以http/https开头,会进行处理
    if not target.startswith('http'):
        try:
            response = requester('https://' + target, {}, headers, GET, delay,
                                 timeout)
            target = 'https://' + target
        except:
            target = 'http://' + target
    response = requester(target, {}, headers, GET, delay, timeout, jsonData,
                         path).text  #得到入口target的response

    host = urlparse(target).netloc  #将host提取出来
    url = getUrl(target, GET)
    params = getParams(target, paramData, GET, jsonData,
                       path)  #将target中的参数提取出来
    # if find:
    #     params=get_forms(url,GET,headers,delay,timeout)

    for paraName in params.keys():
        paramsCopy = copy.deepcopy(params)

        if encoding:
            paramsCopy[paramName] = encoding(xsschecker)
        else:
            paramsCopy[parasName] = xsschecker
        response = requester(url, paramsCopy, headers, GET, delay, timeout,
                             jsonData, path)
        occurences = htmlParser(response, encoding)  #获得输出点得上下文环境
        positions = occurences.keys()

        if not occurences:
            print('No reflection found')
            continue
        else:
            print('Reflections found:%i' % len(occurences))

        #filterChecker函数检查每个输出位置是否过滤了> < " ' //这些特殊符号
        efficiencies = filterCheccker(url, paramsCopy, headers, GET, delay,
                                      occurences, timeout,
                                      encoding)  #对过滤字符的打分列表

        vectors = generator(occurences, response.text)  #生成payload
        total = 0
        for v in vectors.values():
            total += len(v)  #总共生成了多少条payload
        if total == 0:
            print('No vectors were crafted.')
            continue
        progress = 0
        for confidence, vects in vectors.items():
            for vect in vects:
                if config.globalVariables['path']:
                    vect = vect.replace('/', '%2F')  #如果用户设置在url路径中插入payload

                loggerVector = vect
                progress += 1

                if not GET:
                    vect = unquote(vect)
                efficiencies = checker(url, paramData, headers, GET, delay,
                                       vect, positions, timeout, encoding)
                if not efficiencies:
                    for i in range(len(occurences)):
                        efficiencies.append(0)
                        bestEfficiency = max(efficiencies)

                if bestEfficiency == 100 or (vect[0] == '||'
                                             and bestEfficiency >= 95):
                    print("Payload:%s" % loggerVector)
                    print("Efficiency:%s Confidence:%s" %
                          (bestEfficiency, confidence))
                elif bestEfficiency > minEfficiency:
                    print("Payload:%s" % loggerVector)
                    print("Efficiency:%s Confidence:%s" %
                          (bestEfficiency, confidence))
Exemplo n.º 4
0
    def guiresults(self):

        global q_String
        q_String = StringVar()
        graph = Graph()
        html_parse = htmlParser()
        

        def showGraph():        
            raws = StringVar()
            raws = self.result_label.get(1.0, END)
            
            graph.plot_word(raws)

        def showPos():
            raws = StringVar()
            raws = self.result_label.get(1.0, END)
            graph.plot_pos(raws)


        def clearBtn1():
            self.searchEntry1.delete(0,END)
            self.searchEntry1.focus_set()
            return
        start_time = time.time()
        self.masters = Tk()
        self.masters.geometry("1100x700+100+10")
        self.masters.title("WIReS - Web Information Retrieval System")
        self.masters.configure(background='white')
        self.masters.resizable(width=FALSE, height=FALSE)

        self.searchEntry1 = Entry(self.masters, width='50', relief='groove', borderwidth='5', font=('Calibri',15))
        self.searchButton = Button(self.masters, text="SEARCH!", width='25')
        self.clearButton1 = Button(self.masters, text="CLEAR FIELD", width='25',command = clearBtn1)
        self.labelss = Label(self.masters, text="SEARCH RESULTS:", bg ='#008080', fg='white', font=('arial',10))
        self.timeLabel = Label(self.masters, text="SEARCH COMPLETED AT ", font=('arial',8))
        self.resultframe = LabelFrame(self.masters,text="PAGE RESULT",height=520, width=990,relief = "groove", bg ="white")
        self.resultframe1 = LabelFrame(self.masters,height=540, width=990,relief = "groove", bg ="white")
        self.result_label = ScrolledText(self.resultframe,width = 120, height = 32,bg = 'white', undo = True)
        self.graphButton = Button(self.masters, text="WORD OCCURENCE(GRAPH)", width='25',command = showGraph)
        self.posButton = Button(self.masters, text="PART OF SPEECH(GRAPH)", width='25', command = showPos)

        #URL
        self.labelres1 = Label(self.resultframe1, text = title_url[0][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres1= Label(self.resultframe1, text = title_url[0][1], fg="blue", cursor="hand2", bg="white")
        self.labelres2 = Label(self.resultframe1, text = title_url[1][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres2 = Label(self.resultframe1, text = title_url[1][1], fg="blue", cursor="hand2", bg="white")
        self.labelres3 = Label(self.resultframe1, text = title_url[2][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres3 = Label(self.resultframe1, text = title_url[2][1], fg="blue", cursor="hand2", bg="white")
        self.labelres4 = Label(self.resultframe1, text = title_url[3][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres4 = Label(self.resultframe1, text = title_url[3][1], fg="blue", cursor="hand2", bg="white")
        self.labelres5 = Label(self.resultframe1, text = title_url[4][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres5 = Label(self.resultframe1, text = title_url[4][1], fg="blue", cursor="hand2", bg="white")
        self.labelres6 = Label(self.resultframe1, text = title_url[5][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres6 = Label(self.resultframe1, text = title_url[5][1], fg="blue", cursor="hand2", bg="white")
        self.labelres7 = Label(self.resultframe1, text = title_url[6][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres7 = Label(self.resultframe1, text = title_url[6][1], fg="blue", cursor="hand2", bg="white")
        self.labelres8 = Label(self.resultframe1, text = title_url[7][0], font=('arial 13 bold'), bg="white", cursor="hand2")
        self.linkres8 = Label(self.resultframe1, text = title_url[7][1], fg="blue", cursor="hand2", bg="white")

        #gui2 loc
        self.resultframe1.place(x=15,y=80)
        self.searchEntry1.place(x=15,y=15)
        self.searchButton.place(x=550,y=18)
        self.labelss.place(x=15,y=60)
        self.timeLabel.place(x=15,y=630)


        self.labelres1.place(x=1,y=30)
        self.linkres1.place(x=5,y=60)
        self.labelres2.place(x=1,y=90)
        self.linkres2.place(x=5,y=120)
        self.labelres3.place(x=1,y=150)
        self.linkres3.place(x=5,y=180)
        self.labelres4.place(x=1,y=210)
        self.linkres4.place(x=5,y=240)
        self.labelres5.place(x=1,y=270)
        self.linkres5.place(x=5,y=300)
        self.labelres6.place(x=1,y=330)
        self.linkres6.place(x=5,y=360)
        self.labelres7.place(x=1,y=390)
        self.linkres7.place(x=5,y=420)
        self.labelres8.place(x=1,y=450)
        self.linkres8.place(x=5,y=480)
        self.clearButton1.place(x=800,y=18)


        self.searchEntry1.insert(END,query)

        self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (xTime), font=('arial',8))
        self.timeLabelres.place(x=150,y=630)

        def graphloc():
            self.graphButton.place(x = 550, y=50)
            self.posButton.place(x = 800, y=50)








        #eventfunc
        def callback1(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[0][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()


        def callback2(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[1][1]))
            self.resultframe1.destroy()
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()


        def callback3(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[2][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()

        def callback4(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[3][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()

        def callback5(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[4][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()


        def callback6(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[5][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()


        def callback7(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[6][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()



        def callback8(event):
            start_time = time.time()
            raw = html_parse.clean_html(html_parse.url_opener(title_url[7][1]))
            self.resultframe1.destroy()
            self.resultframe.place(x=15,y=80)
            self.result_label.place(x = 1, y = 1)
            self.result_label.insert(END,raw)
            self.result_label.configure(state = 'disabled')
            self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (time.time() - start_time), font=('arial',8))
            self.timeLabelres.place(x=150,y=630)
            graphloc()


       

        def searchAction(event):
            try:
                global query
                global mTime
                mTime = StringVar(None)
                query = StringVar(None)
                search_ = Search()
                query = self.searchEntry1.get()

                if query not in (None, '', ' '):
                    start_time = time.time()
                    global title_url
                    title_url = [None]
                    raw = search_.fetch_url(query)
                    title_url = search_.process_url(raw)
                    self.masters.withdraw()
                    mTime = (time.time() - start_time)
                    self.guiresults()
                    self.timeLabelres = Label(self.masters, text="--- %s seconds ---" % (mTime), font=('arial',8))
                    self.timeLabelres.place(x=150,y=630)
                    
                else:
                    tkMessageBox.showinfo('Info', 'You must put a keyword')
            except Exception as e:
                    tkMessageBox.showinfo('Info', 'No Internet Connection Try Again Later')
                    exit()

        #eventlink

        self.searchButton.bind("<Button-1>",searchAction)
        self.searchEntry1.bind("<Return>",searchAction)
        self.linkres1.bind("<Button-1>", callback1)
        self.linkres2.bind("<Button-1>", callback2)
        self.linkres3.bind("<Button-1>", callback3)
        self.linkres4.bind("<Button-1>", callback4)
        self.linkres5.bind("<Button-1>", callback5)
        self.linkres6.bind("<Button-1>", callback6)
        self.linkres7.bind("<Button-1>", callback7)
        self.linkres8.bind("<Button-1>", callback8)
        self.labelres1.bind("<Button-1>", callback1)
        self.labelres2.bind("<Button-1>", callback2)
        self.labelres3.bind("<Button-1>", callback3)
        self.labelres4.bind("<Button-1>", callback4)
        self.labelres5.bind("<Button-1>", callback5)
        self.labelres6.bind("<Button-1>", callback6)
        self.labelres7.bind("<Button-1>", callback7)
        self.labelres8.bind("<Button-1>", callback8)
        self.searchEntry1.insert(END,'')