def task_target(*arguments):
result = None
if self.tasks_type == MultiTask.MULTI_PROCESSING:
curr_task = multiprocessing.process.current_process()
Log.info(self.tag + 'started (PID=' + str(curr_task.pid) + ')')
else:
curr_task = threading.current_thread()
Log.info(self.tag + 'started')
if target is not None:
result = target(*arguments)
if result is not None:
Log.success("Result: " + str(result))
# Scrivo il risultato nel file
Log.info('Writing result in ' + str(self.resfile))
storage.overwrite_file(str(result), self.resfile)
# Termino tutti gli altri threads/processi
if self.tasks_type == MultiTask.MULTI_PROCESSING:
Log.info('Killing other processes')
running_pids = storage.read_file(self.pidfile).split(', ')
for pid in running_pids:
pid = int(pid)
if pid == curr_task.pid:
continue
try:
os.kill(pid, signal.SIGKILL)
Log.info('Process ' + str(pid) + ' killed!')
except Exception as e:
Log.error(str(e))
Log.info(self.tag + 'end')
else:
Log.info('Ignoring other threads')
# Killa se stesso
pid = multiprocessing.process.current_process().pid
Log.info(self.tag + 'end')
os.kill(pid, signal.SIGKILL)
def __init__(self, host='0.0.0.0', port=8775):
self.host = host
self.port = port
# Start the sqlmap-api server in a parallel thread
Log.info("Starting sqlmap-api server in a parallel thread")
multithread(sqlmap_server, (self.host, self.port), True, 1)
Log.success("Sqlmap-api server started!")
def inject_form(url=None, html=None):
"""
Search a form in the page returned by url (or inside the html).
:param url: str The url to visit (or None)
:param html: str the html code to analyze (or None)
:return A list of parsed forms like [ form_1, form_2 ]
"""
parsed_forms = dict()
parsed_forms[url], cookies = form_parse(url, html)
Log.success('Html parsed! Found '+str(len(parsed_forms[url]))+' forms')
SqlmapClient.try_inject(parsed_forms, cookies)
def deep_inject_form(url, max_depth):
"""
Search a form in the page returned by url.
If it doesn't find a form, or the injection can't be done, it visit the website in search for other forms
:param url: str The url to visit
:param max_depth: int The max depth during the visit
:return A dictionary of parsed forms like { '<visited_url>': [ form_1, form_2, ... }
"""
base_url = urlparse(url).netloc
parsed_forms = dict()
out_file = APP_STORAGE_OUT + '/' + now() + '_DEEP_FORMS_' + base_url + '.json'
def _deep_inject_form(href, depth=1):
# Check the domain
if href in parsed_forms or urlparse(href).netloc != base_url or (max_depth is not None and depth > max_depth):
return ''
# Visit the current href
parsed_relevant, request_cookies = relevant_parse(href)
parsed_forms[href] = find_forms(parsed_relevant, href)
# Find adjacent links
links = find_links(parsed_relevant)
if len(parsed_forms) % 10 == 0:
Log.info('Writing result in ' + out_file + '...')
set_json(parsed_forms, out_file)
# Visit adjacent links
for link in links:
# print('link: '+link)
child_request_cookies = _deep_inject_form(link, depth+1)
if len(child_request_cookies) > len(request_cookies):
request_cookies = child_request_cookies
return request_cookies
cookies = _deep_inject_form(url)
Log.info('Writing result in ' + out_file + '...')
set_json(parsed_forms, out_file)
Log.success('Result wrote in ' + out_file)
Log.success('Website crawled! Found '+str(len(parsed_forms))+' pages')
SqlmapClient.try_inject(parsed_forms, cookies)
return parsed_forms
def start(self, target, args, asynchronous, cpu):
self.tasks = []
def task_target(*arguments):
result = None
if self.tasks_type == MultiTask.MULTI_PROCESSING:
curr_task = multiprocessing.process.current_process()
Log.info(self.tag + 'started (PID=' + str(curr_task.pid) + ')')
else:
curr_task = threading.current_thread()
Log.info(self.tag + 'started')
if target is not None:
result = target(*arguments)
if result is not None:
Log.success("Result: " + str(result))
# Scrivo il risultato nel file
Log.info('Writing result in ' + str(self.resfile))
storage.overwrite_file(str(result), self.resfile)
# Termino tutti gli altri threads/processi
if self.tasks_type == MultiTask.MULTI_PROCESSING:
Log.info('Killing other processes')
running_pids = storage.read_file(self.pidfile).split(', ')
for pid in running_pids:
pid = int(pid)
if pid == curr_task.pid:
continue
try:
os.kill(pid, signal.SIGKILL)
Log.info('Process ' + str(pid) + ' killed!')
except Exception as e:
Log.error(str(e))
Log.info(self.tag + 'end')
else:
Log.info('Ignoring other threads')
# Killa se stesso
pid = multiprocessing.process.current_process().pid
Log.info(self.tag + 'end')
os.kill(pid, signal.SIGKILL)
for i in range(0, cpu):
task_args = ()
for arg in args:
Log.info('Argument type: ' + str(type(arg)))
if is_listable(arg):
# Divido gli elementi in 1/cpu parti
p_list_len = (len(arg) / cpu) + (len(arg) % cpu)
if type(arg) == dict:
iterator = iter(arg.items())
task_args += (
dict(itertools.islice(iterator, int((i * p_list_len)), int((i + 1) * p_list_len))),
)
else:
task_args += (arg[int((i * p_list_len)):int(((i + 1) * p_list_len))],)
else:
task_args += (arg,)
task = self.Multitask(target=task_target, args=task_args)
self.tasks.append(task)
if self.tasks_type == MultiTask.MULTI_PROCESSING:
pids = []
for task in self.tasks:
task.start()
# noinspection PyUnresolvedReferences
pids.append(task.pid)
storage.overwrite_file(str(pids).strip('[]'), self.pidfile)
else:
for task in self.tasks:
task.start()
if not asynchronous:
# Attende la fine dell'esecuzione di tutti i tasks
for task in self.tasks:
task.join()
Log.info('Task ' + str(task.name) + ' joined')
Log.info('Reading result in ' + str(self.resfile))
# Prendo il risultato dal file
res = storage.read_file(self.resfile)
# Elimino l'eventuale file con i pid
storage.delete(self.pidfile)
# Elimino il file con il risultato
storage.delete(self.resfile)
Log.success('MultiTask -> result: ' + str(res))
return res
return None