def display(self): key = self.index[self.cursor] # show record at index cursor self.keytext.set(key) # change key in main box record = self.table[key] # in dict, dbm, shelf, class if self.sameKeys(record): self.currform.title('PyForm - Key=' + repr(key)) for (field, text) in self.currslots: text.set(repr(record[field])) # same fields? reuse form else: # repr(x) works like 2.X `x` if self.currform: self.currform.destroy() # different fields? new = Toplevel() # replace current box new.title('PyForm - Key=' + repr(key)) # new resizable window new.iconname('pform') left = frame(new, LEFT) right = frame(new, RIGHT) self.currslots = [] # list of (field, entry) for field in record.keys(): label(left, TOP, repr(field)) # key,value to strings text = StringVar() # we could sort keys here text.set(repr(record[field])) entry(right, TOP, text, width=40) self.currslots.append((field, text)) self.currform = new new.protocol('WM_DELETE_WINDOW', lambda: 0) # ignore destroy's self.selectlist() # update listbox
def makeWidgets(self): widgets.label(self, TOP, text='Hellow maker world!', width=40, height=10, relief=SUNKEN, cursor='pencil', bg='white')
def makeWidgets(self, *args): label(self, TOP, 'PyCalc Plus - Subclass') CalcGui.makeWidgets(self, *args) frm = frame(self, BOTTOM) extras = [('sqrt', 'sqrt(%s)'), ('x^2 ', '(%s)**2'), ('x^3 ', '(%s)**3'), ('1/x ', '1.0/(%s)')] for (lab, expr) in extras: button(frm, LEFT, lab, (lambda expr=expr: self.onExtra(expr))) button(frm, LEFT, ' pi ', self.onPi)
def onMakeCmdline(self): new = Toplevel() # new top-level window new.title('PyCalc command line') # arbitrary Python code frm = frame(new, TOP) # only the Entry expands label(frm, LEFT, '>>>').pack(expand=NO) var = StringVar() ent = entry(frm, LEFT, var, width=40) onButton = (lambda: self.onCmdline(var, ent)) onReturn = (lambda event: self.onCmdline(var, ent)) button(frm, RIGHT, 'Run', onButton).pack(expand=NO) ent.bind('<Return>', onReturn) var.set(self.text.get())
def __init__(self, **args): Toplevel.__init__(self) label(self, TOP, 'PyCalc Plus - Container') self.calc = CalcGui(self, **args) frm = frame(self, BOTTOM) extras = [('sqrt', 'sqrt(%s)'), ('x^2 ', '(%s)**2'), ('x^3 ', '(%s)**3'), ('1/x ', '1.0/(%s)')] for (lab, expr) in extras: button(frm, LEFT, lab, (lambda expr=expr: self.onExtra(expr))) button(frm, LEFT, ' pi ', self.onPi)
def _build_page1_setting_detection(self, m): f = Frame.new('探测选项') _boxes = [Box() for _ in range(9)] m._detection_area_level_ckbtn.connect('clicked', self.cb_single, m._inject_area_param_ckbtn) _boxes[0].pack_start(m._detection_area_level_ckbtn, False, True, 5) _boxes[0].pack_start(m._detection_area_level_scale, True, True, 5) _boxes[1].pack_start(m._detection_area_risk_ckbtn, False, True, 5) _boxes[1].pack_start(m._detection_area_risk_scale, True, True, 10) _boxes[2].pack_start(m._detection_area_str_ckbtn, False, True, 5) _boxes[2].pack_end(m._detection_area_str_entry, True, True, 5) _boxes[3].pack_start(m._detection_area_not_str_ckbtn, False, True, 5) _boxes[3].pack_end(m._detection_area_not_str_entry, True, True, 5) _boxes[4].pack_start(m._detection_area_re_ckbtn, False, True, 5) _boxes[4].pack_end(m._detection_area_re_entry, True, True, 5) _boxes[5].pack_start(m._detection_area_code_ckbtn, False, True, 5) _boxes[5].pack_start(m._detection_area_code_entry, False, True, 5) m._detection_area_text_only_ckbtn.connect( 'clicked', self.cb_single, m._optimize_area_null_connect_ckbtn) m._detection_area_text_only_ckbtn.connect( 'clicked', self.cb_single, m._detection_area_titles_ckbtn) m._detection_area_titles_ckbtn.connect( 'clicked', self.cb_single, m._detection_area_text_only_ckbtn) _boxes[6].pack_start(m._detection_area_text_only_ckbtn, False, True, 5) _boxes[6].pack_start(m._detection_area_titles_ckbtn, True, False, 5) _boxes[6].pack_start(m._detection_area_smart_ckbtn, False, True, 5) _boxes[7].pack_start(g.Separator.new(HORIZONTAL), True, True, 5) _boxes[8].set_spacing(6) _level_note = label(label='Level 1(默认): 所有GET, POST参数\n' 'Level 2 追加: Cookie\n' 'Level 3 追加: User-Agent/Referer\n' 'Level 4 追加: 啥?\n' 'Level 5 追加: Host报头', halign=g.Align.START) _risk_note = label(label='Risk 1(默认): 基本无风险\n' 'Risk 2 追加: 大量时间型盲注\n' 'Risk 3 追加: OR型布尔盲注', halign=g.Align.START) # _risk_note.override_background_color(g.StateFlags.NORMAL, d.RGBA(255, 0, 0, 1)) _boxes[8].pack_start(_level_note, True, True, 5) _boxes[8].pack_start(_risk_note, True, True, 5) _detection_area_opts = Box(orientation=VERTICAL, spacing=3) for _ in _boxes: _detection_area_opts.add(_) f.add(_detection_area_opts) return f
def makeWidgets(self): ''' make 'middle' part last, so menu/toolbar is always on top/bottom and clipped last; for grid: grid middle part in a packed frame ''' widgets.label(self, TOP, self.__class__.__name__, width=40, height=10, relief=SUNKEN, bg='white', cursor='crosshair')
def doUI(self): self.label_status = label(self,[0,0],[self.status_length,self.line_height],"","Status of the connection to LabRAD") self.setStatus(self.default_status) self.label_host = label(self, [0,self.line_height*1],[self.label_length,self.line_height],"host", "Host IP for LabRAD connection") self.label_password = label(self, [0,self.line_height*2],[self.label_length,self.line_height],"Password","Password for LabRAD connection") self.input_host = stringInput(self, [self.label_length,self.line_height*1],[self.input_length,self.line_height],self.default_host, "Enter host", "Host IP for LabRAD connection") self.input_password = stringInput(self, [self.label_length,self.line_height*2],[self.input_length,self.line_height],self.default_password,"Enter LabRAD Password","Password for LabRAD connection") self.button_connect = simpleButton(self,[self.label_length+self.input_length,self.line_height*1],[self.button_length,self.line_height],"connect",self.connect,"Attempt to connect to LabRAD") self.button_reset = simpleButton(self,[self.label_length+self.input_length,self.line_height*2],[self.button_length,self.line_height],"reset", self.reset ,"Reset IP & Host inputs to default values.\nNote: Does not terminate LabRAD connection if one has been made.") self.label_console = label(self,[0,self.line_height*3],[self.status_length,self.line_height],"","This box will print the result of an attempted LabRAD connection.") self.setFixedSize(max([self.status_length,self.button_length+self.label_length+self.input_length]),self.line_height*4) self.move(self.position[0],self.position[1])
def build_page1_file_os_access(self, m): _f = Frame.new(m._('Access to the OS behind the DBMS')) _boxes = [Box() for _ in range(3)] _boxes[0].pack_start(m._os_access_area_os_cmd_ckbtn, False, True, 5) _boxes[0].pack_start(m._os_access_area_os_cmd_entry, True, True, 5) _for_msf_label = label(label = m._('with Meterpreter(TCP connect):'), margin_start = 50) _boxes[1].pack_start(m._os_access_area_os_shell_ckbtn, False, True, 5) _boxes[1].pack_start(_for_msf_label, False, True, 5) _boxes[1].pack_start(m._os_access_area_os_pwn_ckbtn, False, True, 5) _boxes[1].pack_start(m._os_access_area_os_smbrelay_ckbtn, False, True, 5) _boxes[1].pack_start(m._os_access_area_os_bof_ckbtn, False, True, 5) _boxes[1].pack_start(m._os_access_area_priv_esc_ckbtn, False, True, 5) m._os_access_area_msf_path_chooser.connect( 'clicked', self._handlers.set_file_entry_text, [m._os_access_area_msf_path_entry, 'choose local Metasploit install path'] ) _boxes[2].pack_start(m._os_access_area_msf_path_ckbtn, False, True, 5) _boxes[2].pack_start(m._os_access_area_msf_path_entry, True, True, 0) _boxes[2].pack_start(m._os_access_area_msf_path_chooser, False, True, 5) _boxes[2].pack_start(m._os_access_area_tmp_path_ckbtn, False, True, 5) _boxes[2].pack_start(m._os_access_area_tmp_path_entry, True, True, 5) _os_access_area_opts = Box(orientation=VERTICAL, spacing=6) for _ in _boxes: _os_access_area_opts.add(_) _f.add(_os_access_area_opts) return _f
def build_page1_file(self): box = Box(orientation=VERTICAL, spacing=6) _file_note = label( label = 'Note: only if stacked query(堆查询注入) worked, ' 'these functions below can be used except udf!', halign = g.Align.START, margin_start = 16) # http://www.sqlinjection.net/stacked-queries/ # https://www.cnblogs.com/hongfei/p/3895980.html _file_note.set_tooltip_text( 'stacked query: MySQL/PHP - no(but supported by MySQL with other API)\n' ' SQL Server/Any API - yes\n' ' PostgreSQL/PHP - yes\n' ' Oracle/Any API - no') _boxes = [Box(margin_top = 10, margin_start = 10, margin_end = 10) for _ in range(4)] _file_read_area = self.build_page1_file_read(self.m) _file_write_area = self.build_page1_file_write(self.m) _os_access_area = self.build_page1_file_os_access(self.m) _registry_area = self.build_page1_file_os_registry(self.m) _boxes[0].pack_start(_file_read_area, True, True, 6) _boxes[1].pack_start(_file_write_area, True, True, 6) _boxes[2].pack_start(_os_access_area, True, True, 6) _boxes[3].pack_start(_registry_area, True, True, 6) box.add(_file_note) for _ in _boxes: box.add(_) return box
def _build_page1_file_os_access(self, m): f = Frame.new('访问后端OS') _boxes = [Box() for _ in range(3)] _boxes[0].pack_start(m._file_os_access_os_cmd_ckbtn, False, True, 5) _boxes[0].pack_start(m._file_os_access_os_cmd_entry, True, True, 5) _for_msf_label = label(label='Meterpreter相关(TCP连接):', margin_start=50) _boxes[1].pack_start(m._file_os_access_os_shell_ckbtn, False, True, 5) _boxes[1].pack_start(_for_msf_label, False, True, 5) _boxes[1].pack_start(m._file_os_access_os_pwn_ckbtn, False, True, 5) _boxes[1].pack_start(m._file_os_access_os_smbrelay_ckbtn, False, True, 5) _boxes[1].pack_start(m._file_os_access_os_bof_ckbtn, False, True, 5) _boxes[1].pack_start(m._file_os_access_priv_esc_ckbtn, False, True, 5) m._file_os_access_msf_path_chooser.connect( 'clicked', self._handlers.set_file_entry_text, [m._file_os_access_msf_path_entry, '选择 本地Metasploit安装目录']) _boxes[2].pack_start(m._file_os_access_msf_path_ckbtn, False, True, 5) _boxes[2].pack_start(m._file_os_access_msf_path_entry, True, True, 0) _boxes[2].pack_start(m._file_os_access_msf_path_chooser, False, True, 5) _boxes[2].pack_start(m._file_os_access_tmp_path_ckbtn, False, True, 5) _boxes[2].pack_start(m._file_os_access_tmp_path_entry, True, True, 5) _file_os_access_opts = Box(orientation=VERTICAL, spacing=6) for _ in _boxes: _file_os_access_opts.add(_) f.add(_file_os_access_opts) return f
def _build_page1_file(self): box = Box(orientation=VERTICAL, spacing=6) _file_note = label(label='注: 存在Stacked queries(堆查询注入)时, ' '才能使用该标签下的功能(udf功能除外)!', halign=g.Align.START, margin_start=16) # http://www.sqlinjection.net/stacked-queries/ # https://www.cnblogs.com/hongfei/p/3895980.html _file_note.set_tooltip_text( '堆查询: MySQL/PHP - 不支持(supported by MySQL for other API)\n' ' SQL Server/Any API - 支持\n' ' PostgreSQL/PHP - 支持\n' ' Oracle/Any API - 不支持') _boxes = [ Box(margin_top=10, margin_start=10, margin_end=10) for _ in range(4) ] _file_read_area = self._build_page1_file_read(self.m) _file_write_area = self._build_page1_file_write(self.m) _file_os_access_area = self._build_page1_file_os_access(self.m) _file_os_registry_area = self._build_page1_file_os_registry(self.m) _boxes[0].pack_start(_file_read_area, True, True, 6) _boxes[1].pack_start(_file_write_area, True, True, 6) _boxes[2].pack_start(_file_os_access_area, True, True, 6) _boxes[3].pack_start(_file_os_registry_area, True, True, 6) box.add(_file_note) for _ in _boxes: box.add(_) return box
def makeMainBox(self): frm = frame(self, TOP) frm.config(bd=2) button(frm, LEFT, 'next', self.onNext) # next in list button(frm, LEFT, 'prev', self.onPrev) # backup in list button(frm, LEFT, 'find', self.onFind) # find from key frm = frame(self, TOP) self.keytext = StringVar() # current record's key label(frm, LEFT, 'KEY=>') # change before 'find' entry(frm, LEFT, self.keytext) frm = frame(self, TOP) frm.config(bd=2) button(frm, LEFT, 'store', self.onStore) # updated entry data button(frm, LEFT, 'new', self.onNew) # clear fields button(frm, LEFT, 'index', self.onMakeList) # show key list button(frm, LEFT, 'delete', self.onDelete) # show key list button(self, BOTTOM, 'quit', self.quit) # from guimixin
def doUI(self): self.label_status = label(self, [0,0], [self.length,self.line_height],"","Status of connection to Data Vault") self.setStatus("LabRAD not connected") self.list_folders = simpleList(self,[0,self.line_height*1],[self.length,self.line_height*3],[],"List of folders in current directory") self.list_files = simpleList(self,[0,self.line_height*5],[self.length,self.line_height*4],[],"List of files in current directory") self.button_open = simpleButton(self,[self.length-self.button_length,self.line_height*4],[self.button_length,self.line_height],"select file",self.dvOpen,"Open the currently selected file") self.button_home = simpleButton(self,[0 ,self.line_height*4],[self.button_length,self.line_height],"home" ,self.dvHome,"Return to the root directory") self.button_up = simpleButton(self,[self.button_length ,self.line_height*4],[self.button_length,self.line_height],"up" ,self.dvUp ,"Go up one folder from the current directory") self.text_details = textBox(self,[0,self.line_height*9],[self.length,self.line_height*4],"",tooltip="Details of currently selected dataset (file)") self.list_folders.itemActivated.connect(self.dvSelectFolder) self.list_files.itemActivated.connect(self.dvOpen) self.list_files.currentItemChanged.connect(self.dvUpdateDetails) self.setFixedSize(self.length,self.line_height*13) self.move(self.position[0],self.position[1])
def __init__(self, language): mo_filename = "sqlmap_gtk" mo_base_folder = os.path.abspath("static/locale") try: if language == 'zh': _zh = gettext.translation(mo_filename, mo_base_folder, languages = ["zh_CN"]) self._ = _zh.gettext except FileNotFoundError as e: print(e) _ = self._ # 1. %s;(\('.*'\);(_(\1);g # 2. fix _enum_area_opts_ckbtns # TARGET self._url_combobox = cbb() self._burp_logfile = FileEntry() self._burp_logfile_chooser = btn.new_with_label(_('open')) self._request_file = FileEntry() self._request_file_chooser = btn.new_with_label(_('open')) self._bulkfile = FileEntry() self._bulkfile_chooser = btn.new_with_label(_('open')) self._configfile = FileEntry() self._configfile_chooser = btn.new_with_label(_('open')) self._google_dork = et() self._direct_connect = et() # OPTIONS(1) # collected options: self._cmd_entry = et() # Inject(Q) self._sqlmap_path_entry = FileEntry() self._sqlmap_path_chooser = btn.new_with_label(_('open')) # Injection self._inject_area_param_ckbtn = cb(_('-p')) self._inject_area_param_entry = et() self._inject_area_param_filter_ckbtn = cb(_('--param-filter')) self._inject_area_param_filter_combobox = cbb() self._inject_area_skip_static_ckbtn = cb(_('--skip-static')) self._inject_area_skip_ckbtn = cb(_('--skip')) self._inject_area_skip_entry = et() self._inject_area_param_exclude_ckbtn = cb(_('--param-exclude')) self._inject_area_param_exclude_entry = et() self._inject_area_prefix_ckbtn = cb(_('--prefix')) self._inject_area_prefix_entry = et() self._inject_area_suffix_ckbtn = cb(_('--suffix')) self._inject_area_suffix_entry = et() self._inject_area_dbms_ckbtn = cb(_('--dbms')) self._inject_area_dbms_combobox = cbb() self._inject_area_dbms_cred_ckbtn = cb(_('--dbms-cred')) self._inject_area_dbms_cred_entry = et() self._inject_area_os_ckbtn = cb(_('--os')) self._inject_area_os_entry = et() self._inject_area_no_cast_ckbtn = cb(_('--no-cast')) self._inject_area_no_escape_ckbtn = cb(_('--no-escape')) self._inject_area_invalid_bignum_ckbtn = cb(_('--invalid-bignum')) self._inject_area_invalid_logical_ckbtn = cb(_('--invalid-logical')) self._inject_area_invalid_string_ckbtn = cb(_('--invalid-string')) # Detection self._detection_area_level_ckbtn = cb(_('--level')) self._detection_area_level_scale = sl(HORIZONTAL, 1, 5, 1) self._detection_area_risk_ckbtn = cb(_('--risk')) self._detection_area_risk_scale = sl(HORIZONTAL, 1, 3, 1) self._detection_area_str_ckbtn = cb(_('--string')) self._detection_area_str_entry = et() self._detection_area_not_str_ckbtn = cb(_('--not-string')) self._detection_area_not_str_entry = et() self._detection_area_re_ckbtn = cb(_('--regexp')) self._detection_area_re_entry = et() self._detection_area_code_ckbtn = cb(_('--code')) self._detection_area_code_entry = NumberEntry() self._detection_area_text_only_ckbtn = cb(_('--text-only')) self._detection_area_titles_ckbtn = cb(_('--titles')) self._detection_area_smart_ckbtn = cb(_('--smart')) self._detection_area_level_note = label(label = _("Level 1(default): all GET, POST fields\n" "Level 2 append: Cookie\n" "Level 3 append: User-Agent/Referer\n" "Level 4 append: ?\n" "Level 5 append: Host header"), halign = g.Align.START) self._detection_area_risk_note = label(label = _("Risk 1(default): no risk\n" "Risk 2 append: Time-Based Blind\n" "Risk 3 append: \"OR\"-Based Blind"), halign = g.Align.START) # Technique self._tech_area_tech_ckbtn = cb(_('--technique')) self._tech_area_tech_entry = et() self._tech_area_time_sec_ckbtn = cb(_('--time-sec')) self._tech_area_time_sec_entry = NumberEntry() self._tech_area_union_col_ckbtn = cb(_('--union-cols')) self._tech_area_union_col_entry = NumberEntry() self._tech_area_union_char_ckbtn = cb(_('--union-char')) self._tech_area_union_char_entry = et() self._tech_area_union_from_ckbtn = cb(_('--union-from')) self._tech_area_union_from_entry = et() self._tech_area_dns_ckbtn = cb(_('--dns-domain')) self._tech_area_dns_entry = et() self._tech_area_second_url_ckbtn = cb(_('--second-url')) self._tech_area_second_url_entry = et() self._tech_area_second_req_ckbtn = cb('%s:' % _('--second-req')) self._tech_area_second_req_entry = FileEntry() self._tech_area_second_req_chooser = btn.new_with_label(_('open')) # Tamper # self._tamper_frame = Frame.new(_('--tamper')) # self._tamper_area_tamper_view = tv(wrap_mode = g.WrapMode.CHAR) # Optimize self._optimize_area_turn_all_ckbtn = cb(_('-o')) self._optimize_area_thread_num_ckbtn = cb(_('--threads')) self._optimize_area_thread_num_spinbtn = sp.new_with_range(2, 10, 1) self._optimize_area_predict_ckbtn = cb(_('--predict-output')) self._optimize_area_keep_alive_ckbtn = cb(_('--keep-alive')) self._optimize_area_null_connect_ckbtn = cb(_('--null-connection')) # Offen self._general_area_verbose_ckbtn = cb(_('-v')) self._general_area_verbose_scale = sl(HORIZONTAL, 0, 6, 1) self._general_area_finger_ckbtn = cb(_('--fingerprint')) self._general_area_hex_ckbtn = cb(_('--hex')) self._general_area_batch_ckbtn = cb(_('--batch')) self._misc_area_wizard_ckbtn = cb(_('--wizard')) # Hidden self._hidden_area_crack_ckbtn = cb(_('--crack')) self._hidden_area_debug_ckbtn = cb(_('--debug')) self._hidden_area_profile_ckbtn = cb(_('--profile')) self._hidden_area_disable_precon_ckbtn = cb(_('--disable-precon')) self._hidden_area_disable_stats_ckbtn = cb(_('--disable-stats')) self._hidden_area_force_dbms_ckbtn = cb(_('--force-dbms')) self._hidden_area_force_dns_ckbtn = cb(_('--force-dns')) self._hidden_area_force_pivoting_ckbtn = cb(_('--force-pivoting')) self._hidden_area_smoke_test_ckbtn = cb(_('--smoke-test')) self._hidden_area_live_test_ckbtn = cb(_('--live-test')) self._hidden_area_vuln_test_ckbtn = cb(_('--vuln-test')) self._hidden_area_murphy_rate_ckbtn = cb(_('--murphy-rate')) self._hidden_area_stop_fail_ckbtn = cb(_('--stop-fail')) self._hidden_area_run_case_ckbtn = cb(_('--run-case')) self._hidden_area_dummy_ckbtn = cb(_('--dummy')) self._hidden_area_api_ckbtn = cb(_('--api')) self._hidden_area_taskid_ckbtn = cb(_('--taskid')) self._hidden_area_database_ckbtn = cb(_('--database')) # Request(W) # HTTP header self._request_area_random_agent_ckbtn = cb(_('--random-agent')) self._request_area_mobile_ckbtn = cb(_('--mobile')) self._request_area_user_agent_ckbtn = cb(_('--user-agent')) self._request_area_user_agent_entry = et() self._request_area_host_ckbtn = cb(_('--host')) self._request_area_host_entry = et() self._request_area_referer_ckbtn = cb(_('--referer')) self._request_area_referer_entry = et() self._request_area_header_ckbtn = cb(_('--header(-H)')) self._request_area_header_entry = et() self._request_area_headers_ckbtn = cb(_('--headers')) self._request_area_headers_entry = et() # HTTP data self._request_area_method_ckbtn = cb(_('--method')) self._request_area_method_entry = et(width_chars = 10) self._request_area_param_del_ckbtn = cb(_('--param-del')) self._request_area_param_del_entry = et(max_length = 1, width_chars = 5) self._request_area_chunked_ckbtn = cb(_('--chunked')) self._request_area_post_ckbtn = cb(_('--data')) self._request_area_post_entry = et() self._request_area_cookie_ckbtn = cb(_('--cookie')) self._request_area_cookie_entry = et() self._request_area_cookie_del_ckbtn = cb(_('--cookie-del')) self._request_area_cookie_del_entry = et(width_chars = 5) self._request_area_drop_set_cookie_ckbtn = cb(_('--drop-set-cookie')) self._request_area_live_cookies_ckbtn = cb(_('--live-cookies')) self._request_area_live_cookies_entry = FileEntry() self._request_area_live_cookies_chooser = btn.new_with_label(_('open')) self._request_area_load_cookies_ckbtn = cb(_('--load-cookies')) self._request_area_load_cookies_entry = FileEntry() self._request_area_load_cookies_chooser = btn.new_with_label(_('open')) self._request_area_auth_type_ckbtn = cb(_('--auth-type')) self._request_area_auth_type_entry = et() self._request_area_auth_cred_ckbtn = cb(_('--auth-cred')) self._request_area_auth_cred_entry = et() self._request_area_auth_file_ckbtn = cb(_('--auth-file')) self._request_area_auth_file_entry = FileEntry() self._request_area_auth_file_chooser = btn.new_with_label(_('open')) self._request_area_csrf_method_ckbtn = cb(_('--csrf-method')) self._request_area_csrf_method_entry = et(width_chars = 10) self._request_area_csrf_retries_ckbtn = cb(_('--csrf-retries')) self._request_area_csrf_retries_entry = NumberEntry() self._request_area_csrf_token_ckbtn = cb(_('--csrf-token')) self._request_area_csrf_token_entry = et() self._request_area_csrf_url_ckbtn = cb(_('--csrf-url')) self._request_area_csrf_url_entry = et() # Request custom self._request_area_ignore_timeouts_ckbtn = cb(_('--ignore-timeouts')) self._request_area_ignore_redirects_ckbtn = cb(_('--ignore-redirects')) self._request_area_ignore_code_ckbtn = cb(_('--ignore-code')) self._request_area_ignore_code_entry = et(text = '401', width_chars = 30) self._request_area_skip_urlencode_ckbtn = cb(_('--skip-urlencode')) self._request_area_force_ssl_ckbtn = cb(_('--force-ssl')) self._request_area_hpp_ckbtn = cb(_('--hpp')) self._request_area_delay_ckbtn = cb(_('--delay')) self._request_area_delay_entry = NumberEntry() self._request_area_timeout_ckbtn = cb(_('--timeout')) self._request_area_timeout_entry = NumberEntry() self._request_area_retries_ckbtn = cb(_('--retries')) self._request_area_retries_entry = NumberEntry() self._request_area_randomize_ckbtn = cb(_('--randomize')) self._request_area_randomize_entry = et() self._request_area_eval_ckbtn = cb(_('--eval')) self._request_area_eval_entry = et() # Anonymous/Proxy self._request_area_safe_url_ckbtn = cb(_('--safe-url')) self._request_area_safe_url_entry = et() self._request_area_safe_post_ckbtn = cb(_('--safe-post')) self._request_area_safe_post_entry = et() self._request_area_safe_req_ckbtn = cb(_('--safe-req')) self._request_area_safe_req_entry = FileEntry() self._request_area_safe_req_chooser = btn.new_with_label(_('open')) self._request_area_safe_freq_ckbtn = cb(_('--safe-freq')) self._request_area_safe_freq_entry = et(width_chars = 10) self._request_area_ignore_proxy_ckbtn = cb(_('--ignore-proxy')) self._request_area_proxy_freq_ckbtn = cb(_('--proxy-freq')) self._request_area_proxy_freq_entry = NumberEntry() self._request_area_proxy_file_ckbtn = cb(_('--proxy-file')) self._request_area_proxy_file_entry = FileEntry() self._request_area_proxy_file_chooser = btn.new_with_label(_('open')) self._request_area_proxy_ckbtn = cb(_('--proxy')) self._request_area_proxy_ip_label = label.new('IP:') self._request_area_proxy_ip_entry = et() self._request_area_proxy_port_label = label.new('PORT:') self._request_area_proxy_port_entry = NumberEntry() self._request_area_proxy_username_label = label.new(_('username:'******'passwd:')) self._request_area_proxy_password_entry = et() self._request_area_tor_ckbtn = cb(_('--tor')) self._request_area_tor_port_ckbtn = cb(_('--tor-port')) self._request_area_tor_port_entry = NumberEntry() self._request_area_tor_type_ckbtn = cb(_('--tor-type')) self._request_area_tor_type_entry = et() self._request_area_check_tor_ckbtn = cb(_('--check-tor')) # Enumerate(E) # Enumeration self._init_enum_area_opts(_) # Dump self._dump_area_dump_ckbtn = cb(_('--dump')) self._dump_area_repair_ckbtn = cb(_('--repair')) self._dump_area_statements_ckbtn = cb(_('--statements')) self._dump_area_search_ckbtn = cb(_('--search')) self._dump_area_no_sys_db_ckbtn = cb(_('--exclude-sysdbs')) self._dump_area_dump_all_ckbtn = cb(_('--dump-all')) # Limit(when dump) self._limit_area_start_ckbtn = cb(_('--start')) self._limit_area_start_entry = NumberEntry() self._limit_area_stop_ckbtn = cb(_('--stop')) self._limit_area_stop_entry = NumberEntry() # Blind inject options self._blind_area_first_ckbtn = cb(_('--first')) self._blind_area_first_entry = NumberEntry() self._blind_area_last_ckbtn = cb(_('--last')) self._blind_area_last_entry = NumberEntry() # DB, Table, Column name... self._meta_area_D_ckbtn = cb(_('-D')) self._meta_area_D_entry = et() self._meta_area_T_ckbtn = cb(_('-T')) self._meta_area_T_entry = et() self._meta_area_C_ckbtn = cb(_('-C')) self._meta_area_C_entry = et() self._meta_area_U_ckbtn = cb(_('-U')) self._meta_area_U_entry = et() self._meta_area_X_ckbtn = cb(_('-X')) self._meta_area_X_entry = et() self._meta_area_pivot_ckbtn = cb(_('--pivot-column')) self._meta_area_pivot_entry = et() self._meta_area_where_ckbtn = cb(_('--where')) self._meta_area_where_entry = et() # Execute SQL self._runsql_area_sql_query_ckbtn = cb(_('--sql-query')) self._runsql_area_sql_query_entry = et() self._runsql_area_sql_shell_ckbtn = cb(_('--sql-shell')) self._runsql_area_sql_file_ckbtn = cb(_('--sql-file')) self._runsql_area_sql_file_entry = FileEntry() self._runsql_area_sql_file_chooser = btn.new_with_label(_('open')) # Brute force self._brute_force_area_common_tables_ckbtn = cb(_('--common-tables')) self._brute_force_area_common_columns_ckbtn = cb(_('--common-columns')) self._brute_force_area_common_files_ckbtn = cb(_('--common-files')) # File(R) # Read remote file self._file_read_area_file_read_ckbtn = cb(_('--file-read')) self._file_read_area_file_read_entry = et(text = '/etc/passwd') self._file_read_area_file_read_btn = btn.new_with_label(_('cat')) # Upload local file self._file_write_area_udf_ckbtn = cb(_('--udf-inject')) self._file_write_area_shared_lib_ckbtn = cb(_('--shared-lib')) self._file_write_area_shared_lib_entry = FileEntry() self._file_write_area_shared_lib_chooser = btn.new_with_label(_('open')) self._file_write_area_file_write_ckbtn = cb(_('--file-write')) self._file_write_area_file_write_entry = FileEntry() self._file_write_area_file_write_chooser = btn.new_with_label(_('open')) self._file_write_area_file_dest_ckbtn = cb(_('--file-dest')) self._file_write_area_file_dest_entry = et() # Access to the OS behind the DBMS self._os_access_area_os_cmd_ckbtn = cb(_('--os-cmd')) self._os_access_area_os_cmd_entry = et() self._os_access_area_os_shell_ckbtn = cb(_('--os-shell')) self._os_access_area_os_pwn_ckbtn = cb('--os-pwn') self._os_access_area_os_smbrelay_ckbtn = cb('--os-smbrelay') self._os_access_area_os_bof_ckbtn = cb('--os-bof') self._os_access_area_priv_esc_ckbtn = cb('--priv-esc') self._os_access_area_msf_path_ckbtn = cb(_('--msf-path')) self._os_access_area_msf_path_entry = FileEntry() self._os_access_area_msf_path_chooser = btn.new_with_label(_('open')) self._os_access_area_tmp_path_ckbtn = cb(_('--tmp-path')) self._os_access_area_tmp_path_entry = et() # Access to register in remote WIN self._registry_area_reg_ckbtn = cb(_('operate:')) self._registry_area_reg_combobox = g.ComboBoxText.new() self._registry_area_reg_key_label = label.new(_('--reg-key')) self._registry_area_reg_key_entry = et() self._registry_area_reg_value_label = label.new(_('--reg-value')) self._registry_area_reg_value_entry = et() self._registry_area_reg_data_label = label.new(_('--reg-data')) self._registry_area_reg_data_entry = et() self._registry_area_reg_type_label = label.new(_('--reg-type')) self._registry_area_reg_type_entry = et() # Other(T) # General self._general_area_check_internet_ckbtn = cb(_('--check-internet')) self._general_area_fresh_queries_ckbtn = cb(_('--fresh-queries')) self._general_area_forms_ckbtn = cb(_('--forms')) self._general_area_parse_errors_ckbtn = cb(_('--parse-errors')) self._misc_area_cleanup_ckbtn = cb(_('--cleanup')) self._general_area_base64_ckbtn = cb(_('--base64')) self._general_area_base64_entry = et() self._general_area_base64_safe_ckbtn = cb(_('--base64-safe')) self._general_area_table_prefix_ckbtn = cb(_('--table-prefix')) self._general_area_table_prefix_entry = et(width_chars = 15) self._general_area_binary_fields_ckbtn = cb(_('--binary-fields')) self._general_area_binary_fields_entry = et() self._general_area_preprocess_ckbtn = cb(_('--preprocess')) self._general_area_preprocess_entry = et() self._general_area_preprocess_chooser = btn.new_with_label(_('open')) self._general_area_postprocess_ckbtn = cb(_('--postprocess')) self._general_area_postprocess_entry = et() self._general_area_postprocess_chooser = btn.new_with_label(_('open')) self._general_area_charset_ckbtn = cb(_('--charset')) self._general_area_charset_entry = et(text = '0123456789abcdef') self._general_area_encoding_ckbtn = cb(_('--encoding')) self._general_area_encoding_entry = et(text = 'GBK', width_chars = 10) self._general_area_web_root_ckbtn = cb(_('--web-root')) self._general_area_web_root_entry = et() self._general_area_scope_ckbtn = cb(_('--scope')) self._general_area_scope_entry = FileEntry() self._general_area_scope_chooser = btn.new_with_label(_('open')) self._general_area_test_filter_ckbtn = cb(_('--test-filter')) self._general_area_test_filter_entry = et() self._general_area_test_skip_ckbtn = cb(_('--test-skip')) self._general_area_test_skip_entry = et() self._general_area_crawl_ckbtn = cb(_('--crawl')) self._general_area_crawl_entry = NumberEntry() self._general_area_crawl_exclude_ckbtn = cb(_('--crawl-exclude')) self._general_area_crawl_exclude_entry = et() self._general_area_traffic_file_ckbtn = cb(_('-t')) self._general_area_traffic_file_entry = FileEntry() self._general_area_traffic_file_chooser = btn.new_with_label(_('open')) self._general_area_har_ckbtn = cb(_('--har')) self._general_area_har_entry = FileEntry() self._general_area_har_chooser = btn.new_with_label(_('open')) self._general_area_flush_session_ckbtn = cb("<b>%s</b>" % '--flush-session') self._general_area_dump_format_ckbtn = cb(_('--dump-format')) self._general_area_dump_format_entry = et(width_chars = 6) self._general_area_csv_del_ckbtn = cb(_('--csv-del')) self._general_area_csv_del_entry = et(text = ',', max_length = 1, width_chars = 5) self._general_area_save_ckbtn = cb(_('--save')) self._general_area_save_entry = FileEntry() self._general_area_save_chooser = btn.new_with_label(_('open')) self._general_area_session_file_ckbtn = cb(_('-s')) self._general_area_session_file_entry = FileEntry() self._general_area_session_file_chooser = btn.new_with_label(_('open')) self._general_area_output_dir_ckbtn = cb(_('--output-dir')) self._general_area_output_dir_entry = FileEntry() self._general_area_output_dir_chooser = btn.new_with_label(_('open')) # Misc self._misc_area_skip_heuristics_ckbtn = cb(_('--skip-heuristics')) self._misc_area_skip_waf_ckbtn = cb(_('--skip-waf')) self._misc_area_unstable_ckbtn = cb(_('--unstable')) self._misc_area_list_tampers_ckbtn = cb(_('--list-tampers')) self._misc_area_sqlmap_shell_ckbtn = cb(_('--sqlmap-shell')) self._misc_area_disable_color_ckbtn = cb(_('--disable-coloring')) self._general_area_eta_ckbtn = cb(_('--eta')) self._misc_area_gpage_ckbtn = cb(_('--gpage')) self._misc_area_gpage_spinbtn = sp.new_with_range(1, 100, 1) self._misc_area_beep_ckbtn = cb(_('--beep')) self._misc_area_offline_ckbtn = cb(_('--offline')) self._misc_area_purge_ckbtn = cb("<b>%s</b>" % '--purge') self._misc_area_dependencies_ckbtn = cb(_('--dependencies')) self._misc_area_update_ckbtn = cb(_('--update')) self._misc_area_alert_ckbtn = cb(_('--alert')) self._misc_area_alert_entry = et() self._misc_area_tmp_dir_ckbtn = cb(_('--tmp-dir')) self._misc_area_tmp_dir_entry = FileEntry() self._misc_area_tmp_dir_chooser = btn.new_with_label(_('open')) self._misc_area_answers_ckbtn = cb(_('--answers')) self._misc_area_answers_entry = et(text = 'quit=N,follow=N') self._misc_area_z_ckbtn = cb(_('-z')) self._misc_area_z_entry = et(text = 'flu,bat,ban,tec=EU...') self._misc_area_results_file_ckbtn = cb(_('--results-file')) self._misc_area_results_file_entry = FileEntry() self._misc_area_results_file_chooser = btn.new_with_label(_('open')) # Tamper self._init_tampers() # EXECUTION(2) self._page2_respwan_btn = btn.new_with_label(_('reopen')) self._page2_right_btn = btn.new_with_label(_('context menu')) self._page2_terminal = Vte.Terminal.new() # LOG(3) self._page3_log_view = tv(editable = False, wrap_mode = g.WrapMode.WORD) self._page3_read_target_btn = btn.new_with_label(_('view target file')) self._page3_clear_btn = btn.new_with_mnemonic(_('clear buffer(_C)')) self._page3_read_log_btn = btn.new_with_label(_('view log file')) # SQLMAPAPI(4) self._page4_api_server_label = label.new('REST-JSON API server:') self._page4_api_server_entry = et(text = '127.0.0.1:8775') self._page4_admin_token_label = label.new('Admin (secret) token:') self._page4_admin_token_entry = et(max_length = 32) self._page4_task_new_btn = btn.new_with_label(_('create task')) self._page4_admin_list_btn = btn.new_with_label(_('view tasks')) self._page4_admin_flush_btn = btn.new_with_label(_('delete all tasks')) self._page4_clear_task_view_btn = btn.new_with_label(_('clear view')) self._page4_username_label = label.new(_('username:'******'passwd:')) self._page4_password_entry = et() self._page4_option_get_entry = et(text = 'url risk level') self._page4_option_set_view = tv(wrap_mode = g.WrapMode.CHAR) self._page4_task_view = tv(editable = False, wrap_mode = g.WrapMode.WORD) # HELP(H) self._page5_manual_view = tv(editable = False, wrap_mode = g.WrapMode.WORD) # ABOUT self._page6_lang_en_radio = g.RadioButton.new_with_label_from_widget(None, 'en') self._page6_lang_zh_radio = g.RadioButton.new_from_widget(self._page6_lang_en_radio) self._page6_lang_zh_radio.set_label('zh') self._page6_tooltips_en_radio = g.RadioButton.new_with_label_from_widget(None, 'en') self._page6_tooltips_zh_radio = g.RadioButton.new_from_widget(self._page6_tooltips_en_radio) self._page6_tooltips_zh_radio.set_label('zh')
def build_page4(self): box = Box(orientation=VERTICAL) box.set_border_width(10) _row1 = Box(spacing=6) _row1.pack_start(m._page4_api_server_label, False, True, 0) _row1.pack_start(m._page4_api_server_entry, True, True, 0) _row1.pack_start(m._page4_admin_token_label, False, True, 0) _row1.pack_start(m._page4_admin_token_entry, True, True, 0) _row2 = Box(spacing=6) _arrow_down = g.Image.new_from_icon_name('pan-down-symbolic', 1) m._page4_admin_list_btn.set_image(_arrow_down) m._page4_admin_list_btn.set_image_position(g.PositionType.RIGHT) m._page4_admin_list_btn.set_always_show_image(True) m._page4_task_new_btn.connect('clicked', self._handlers.api.task_new) m._page4_admin_list_btn.connect('clicked', self._handlers.api.admin_list) m._page4_admin_flush_btn.connect('clicked', self._handlers.api.admin_flush) m._page4_clear_task_view_btn.connect( 'clicked', self._handlers.clear_task_view_buffer) _row2.pack_start(m._page4_task_new_btn, False, True, 0) _row2.pack_start(m._page4_admin_list_btn, False, True, 0) _row2.pack_start(m._page4_admin_flush_btn, False, True, 0) _row2.pack_start(m._page4_clear_task_view_btn, False, True, 0) _row2.pack_end(m._page4_password_entry, False, True, 0) _row2.pack_end(m._page4_password_label, False, True, 0) _row2.pack_end(m._page4_username_entry, False, True, 0) _row2.pack_end(m._page4_username_label, False, True, 0) _row3 = Frame() _paned = g.Paned() self._api_admin_list_rows = g.ListBox.new() self._api_admin_list_rows.set_selection_mode(g.SelectionMode.NONE) _lscrolled = g.ScrolledWindow() _lscrolled.set_size_request(400, -1) _lscrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS) _lscrolled.add(self._api_admin_list_rows) _rbox = Box(orientation=VERTICAL) _page4_option_set_view_tip = label( label='check optiondict.py of sqlmap about options.', halign=g.Align.START) _option_set_view_textbuffer = m._page4_option_set_view.get_buffer() _options_example = ("{\n" " 'url': 'http://www.site.com/vuln.php?id=1',\n" " 'level': 1, 'risk': 1,\n\n" "}\n") _option_set_view_textbuffer.set_text( _options_example, len(_options_example.encode('utf8'))) # 貌似scrollwindow要直接包含textview, # 不然一直回车后, 页面不会向上滚 _option_set_scrolled = g.ScrolledWindow() _option_set_scrolled.set_size_request(400, -1) _option_set_scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS) _option_set_scrolled.add(m._page4_option_set_view) _rbox.pack_start(m._page4_option_get_entry, False, True, 2) _rbox.pack_start(_page4_option_set_view_tip, False, True, 2) _rbox.pack_start(_option_set_scrolled, True, True, 2) # Warning: don't edit pack1(), pack2() again, otherwise it becomes strange. _paned.pack1(_lscrolled, False, False) _paned.pack2(_rbox, False, True) _row3.add(_paned) _row4 = Frame() _task_view_textbuffer = m._page4_task_view.get_buffer() _end = _task_view_textbuffer.get_end_iter() _task_view_textbuffer.create_mark('end', _end, False) self._handlers.api.task_view_append('response result:') _scrolled = g.ScrolledWindow() _scrolled.set_policy(g.PolicyType.NEVER, g.PolicyType.ALWAYS) _scrolled.add(m._page4_task_view) _row4.add(_scrolled) box.pack_start(_row1, False, True, 5) box.pack_start(_row2, False, True, 5) box.pack_start(_row3, True, True, 5) box.pack_start(_row4, True, True, 5) return box