def initUI(self):
p = Panel(self)
self._target_notebook = nb(p)
self.build_target_notebook(self._target_notebook)
self.main_notebook = nb(p)
page1 = self.build_page1(self.main_notebook)
page2 = self.build_page2(self.main_notebook)
page3 = self.build_page3(self.main_notebook)
page4 = self.build_page4(self.main_notebook)
page5 = self.build_page5(self.main_notebook)
page6 = self.build_page6(self.main_notebook)
self.main_notebook.AddPage(page1, '选项区(1)')
self.main_notebook.AddPage(page2, '输出区(2)')
self.main_notebook.AddPage(page3, '日志区(3)')
self.main_notebook.AddPage(page4, 'API区(4)')
self.main_notebook.AddPage(page5, '帮助(H)')
self.main_notebook.AddPage(page6, '关于')
vbox = BoxSizer(VERTICAL)
vbox.Add(self._target_notebook, flag = EXPAND)
vbox.Add(self.main_notebook, proportion = 1, flag = EXPAND)
p.SetSizer(vbox)
_frame_sz = BoxSizer()
_frame_sz.Add(p, proportion = 1, flag = EXPAND)
# 使用SetSizerAndFit方法使frame拥有最小size
self.SetSizerAndFit(_frame_sz)
def build_page1_other(self, layout):
p = Panel(self)
# p = Scroll(self) # 总有一个标签会被掩盖widget, 只能使用_dummy
m = self.m
self.build_page1_other_general(p, m)
self.build_page1_other_misc(p, m)
vbox = layout.other_sizer()
# p.SetSizerAndFit(vbox), 没用~, 最后一个widget还是会被掩盖
p.SetSizer(vbox)
# p.SetupScrolling(scroll_x = False)
return p
def build_page1_file(self, layout):
p = Panel(self)
m = self.m
self._page1_file_note_label = st(p,
label='注: 存在Stacked queries(堆查询注入)时, '
'才能使用该标签下的功能(udf功能除外)!')
self.build_page1_file_read(p, m)
self.build_page1_file_write(p, m)
self.build_page1_file_os_access(p, m)
self.build_page1_file_os_registry(p, m)
vbox = layout.file_sizer()
p.SetSizer(vbox)
return p
def build_page1_enumeration(self, layout):
p = Panel(self)
m = self.m
self.build_page1_enumeration_enum(p, m)
self.build_page1_enumeration_dump(p, m)
self.build_page1_enumeration_limit(p, m)
self.build_page1_enumeration_blind(p, m)
self.build_page1_enumeration_meta(p, m)
self.build_page1_enumeration_runsql(p, m)
self.build_page1_enumeration_brute_force(p, m)
vbox = layout.enumeration_sizer()
p.SetSizer(vbox)
return p
def build_page1_file(self, layout):
p = Panel(self)
m = self.m
self._page1_file_note_label = st(p,
label = 'Note: only if stacked query(堆查询注入) worked, '
'these functions below can be used except udf!')
self.build_page1_file_read(p, m)
self.build_page1_file_write(p, m)
self.build_page1_file_os_access(p, m)
self.build_page1_file_registry(p, m)
vbox = layout.file_sizer()
p.SetSizer(vbox)
return p
def build_page4(self, parent):
p = Panel(parent)
m = self.m
border = SizerFlags().Border(LEFT | RIGHT, 5).Align(ALIGN_CENTER)
proportion_border = SizerFlags(1).Border(LEFT | RIGHT, 5).Align(ALIGN_CENTER)
row1, row2 = (BoxSizer() for _ in range(2))
m._page4_api_server_label.Create(p, label = 'REST-JSON API server:')
m._page4_api_server_entry.Create(p, value = '127.0.0.1:8775')
m._page4_admin_token_label.Create(p, label = 'Admin (secret) token:')
m._page4_admin_token_entry.Create(p)
m._page4_admin_token_entry.SetMaxLength(32)
row1.Add(m._page4_api_server_label, border)
row1.Add(m._page4_api_server_entry, proportion_border)
row1.Add(m._page4_admin_token_label, border)
row1.Add(m._page4_admin_token_entry, proportion_border)
m._page4_task_new_btn.Create(p, label = '创建任务')
m._page4_admin_list_btn.Create(p, label = '显示任务')
m._page4_admin_flush_btn.Create(p, label = '删除所有任务')
m._page4_clear_task_view_btn.Create(p, label = '清空反馈的结果')
m._page4_username_label.Create(p, label = '用户名:')
m._page4_username_entry.Create(p)
m._page4_password_label.Create(p, label = '密码:')
m._page4_password_entry.Create(p)
_arrow_down = wx.ArtProvider.GetBitmap(wx.ART_GO_DOWN, wx.ART_BUTTON)
m._page4_admin_list_btn.SetBitmap(_arrow_down, dir = RIGHT)
m._page4_task_new_btn.Bind(EVT_BUTTON, self._handlers.api.task_new)
m._page4_admin_list_btn.Bind(EVT_BUTTON, self._handlers.api.admin_list)
m._page4_admin_flush_btn.Bind(EVT_BUTTON, self._handlers.api.admin_flush)
m._page4_clear_task_view_btn.Bind(EVT_BUTTON, self._handlers.clear_task_view_buffer)
row2.Add(m._page4_task_new_btn, border)
row2.Add(m._page4_admin_list_btn, border)
row2.Add(m._page4_admin_flush_btn, border)
row2.Add(m._page4_clear_task_view_btn, border)
row2.Add(m._page4_username_label, flag = ALIGN_CENTER | LEFT, border = 200)
row2.Add(m._page4_username_entry, proportion_border)
row2.Add(m._page4_password_label, border)
row2.Add(m._page4_password_entry, proportion_border)
row3 = SplitterWindow(p, style = wx.SP_LIVE_UPDATE | wx.BORDER_SUNKEN)
# 不能放在SplitVertically后面, 不然gravity会无效
# row3.SetSashGravity(0.5)
row3.SetMinimumPaneSize(400)
lpane = Scroll(row3)
self._api_admin_list_rows = lpane
lpane.SetSizer(BoxSizer(VERTICAL))
rpane = Panel(row3)
_rbox = BoxSizer(VERTICAL)
m._page4_option_get_entry.Create(rpane, value = 'url risk level')
_page4_option_set_view_tip = st(rpane, label = '所有选项见sqlmap目录中的optiondict.py')
_options_example = ("{\n"
" 'url': 'http://www.site.com/vuln.php?id=1',\n"
" 'level': 1, 'risk': 1,\n\n"
"}\n")
m._page4_option_set_view.Create(rpane,
value = _options_example,
style = wx.TE_MULTILINE)
_rbox.Add(m._page4_option_get_entry, flag = EXPAND | ALL, border = 2)
_rbox.Add(_page4_option_set_view_tip, flag = ALL, border = 2)
_rbox.Add(m._page4_option_set_view, proportion = 1, flag = EXPAND | ALL, border = 2)
rpane.SetSizer(_rbox)
row3.SplitVertically(lpane, rpane)
# win下, lpane是灰色的, 将row3设下颜色, 又是兼容代码...
row3.SetBackgroundColour(m._page4_option_set_view.GetBackgroundColour())
row3.SetSashPosition(lpane.GetMinWidth())
m._page4_task_view.Create(p, value = '此处显示反馈的结果:\n', style = wx.TE_MULTILINE | wx.TE_READONLY)
vbox = BoxSizer(VERTICAL)
vbox.Add(row1, flag = EXPAND | ALL, border = 5)
vbox.Add(row2, flag = EXPAND | ALL, border = 5)
vbox.Add(row3, proportion = 1, flag = EXPAND | LEFT | RIGHT, border = 10)
vbox.Add(m._page4_task_view, proportion = 1, flag = EXPAND | ALL, border = 10)
p.SetSizerAndFit(vbox)
return p
def build_target_notebook(self, parent):
m = self.m
m._url_combobox.Create(parent, choices = ['http://www.site.com/vuln.php?id=1']) # style = wx.CB_DROPDOWN
p2 = Panel(parent)
hbox2 = BoxSizer()
m._burp_logfile.Create(p2)
m._burp_logfile_chooser.Create(p2, label = '打开')
m._burp_logfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._burp_logfile]:
self._handlers.set_file_entry_text(evt, data))
hbox2.Add(m._burp_logfile, proportion = 1, flag = EXPAND)
hbox2.Add(m._burp_logfile_chooser, flag = EXPAND)
p2.SetSizer(hbox2)
p3 = Panel(parent)
hbox3 = BoxSizer()
m._request_file.Create(p3)
m._request_file_chooser.Create(p3, label = '打开')
m._request_file_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._request_file]:
self._handlers.set_file_entry_text(evt, data))
hbox3.Add(m._request_file, proportion = 1, flag = EXPAND)
hbox3.Add(m._request_file_chooser, flag = EXPAND)
p3.SetSizer(hbox3)
p4 = Panel(parent)
hbox4 = BoxSizer()
m._bulkfile.Create(p4)
m._bulkfile_chooser.Create(p4, label = '打开')
m._bulkfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._bulkfile]:
self._handlers.set_file_entry_text(evt, data))
hbox4.Add(m._bulkfile, proportion = 1, flag = EXPAND)
hbox4.Add(m._bulkfile_chooser, flag = EXPAND)
p4.SetSizer(hbox4)
p5 = Panel(parent)
hbox5 = BoxSizer()
m._configfile.Create(p5)
m._configfile_chooser.Create(p5, label = '打开')
m._configfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._configfile]:
self._handlers.set_file_entry_text(evt, data))
hbox5.Add(m._configfile, proportion = 1, flag = EXPAND)
hbox5.Add(m._configfile_chooser, flag = EXPAND)
p5.SetSizer(hbox5)
m._sitemap_url.Create(parent)
m._google_dork.Create(parent)
parent.AddPage(m._url_combobox, '目标url')
parent.AddPage(p2, 'burp日志')
parent.AddPage(p3, 'HTTP请求')
parent.AddPage(p4, 'BULKFILE')
parent.AddPage(p5, 'ini文件')
parent.AddPage(m._sitemap_url, 'xml_url')
parent.AddPage(m._google_dork, 'GOOGLEDORK')
def build_target_notebook(self, parent):
m = self.m
m._url_combobox.Create(parent, choices = ['http://www.site.com/vuln.php?id=1']) # style = wx.CB_DROPDOWN
p2 = Panel(parent)
hbox2 = BoxSizer()
m._burp_logfile.Create(p2)
m._burp_logfile_chooser.Create(p2, label = '打开')
m._burp_logfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._burp_logfile]:
self._handlers.set_file_entry_text(evt, data))
hbox2.Add(m._burp_logfile, proportion = 1, flag = EXPAND)
hbox2.Add(m._burp_logfile_chooser, flag = EXPAND)
p2.SetSizer(hbox2)
p3 = Panel(parent)
hbox3 = BoxSizer()
m._request_file.Create(p3)
m._request_file_chooser.Create(p3, label = '打开')
m._request_file_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._request_file]:
self._handlers.set_file_entry_text(evt, data))
hbox3.Add(m._request_file, proportion = 1, flag = EXPAND)
hbox3.Add(m._request_file_chooser, flag = EXPAND)
p3.SetSizer(hbox3)
p4 = Panel(parent)
hbox4 = BoxSizer()
m._bulkfile.Create(p4)
m._bulkfile_chooser.Create(p4, label = '打开')
m._bulkfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._bulkfile]:
self._handlers.set_file_entry_text(evt, data))
hbox4.Add(m._bulkfile, proportion = 1, flag = EXPAND)
hbox4.Add(m._bulkfile_chooser, flag = EXPAND)
p4.SetSizer(hbox4)
p5 = Panel(parent)
hbox5 = BoxSizer()
m._configfile.Create(p5)
m._configfile_chooser.Create(p5, label = '打开')
m._configfile_chooser.Bind(
EVT_BUTTON,
lambda evt, data = [m._configfile]:
self._handlers.set_file_entry_text(evt, data))
hbox5.Add(m._configfile, proportion = 1, flag = EXPAND)
hbox5.Add(m._configfile_chooser, flag = EXPAND)
p5.SetSizer(hbox5)
m._google_dork.Create(parent)
m._direct_connect.Create(parent,
value = 'mysql://*****:*****@DBMS_IP:DBMS_PORT/DATABASE_NAME or '
'access://DATABASE_FILEPATH')
parent.AddPage(m._url_combobox, '目标url')
parent.AddPage(p2, 'burp日志')
parent.AddPage(p3, 'HTTP请求')
parent.AddPage(p4, 'BULKFILE')
parent.AddPage(p5, 'ini文件')
parent.AddPage(m._google_dork, 'GOOGLEDORK')
parent.AddPage(m._direct_connect, '-d DIRECT')