def team_player(ip):
if APP_DEBUG:
Log.info('CALLED: Add.team_player(' + str(ip) + ')')
if not validators.is_ip(ip):
Log.error(str(ip) + ' is not a valid ip address')
return False
return Add.__add__(keys.TEAM_PLAYER, ip)
def submit_url(url):
if APP_DEBUG:
Log.info('CALLED: Set.submit_url(' + str(url) + ')')
if not validators.is_url(url):
Log.error(str(url) + ' is not a valid url')
return False
return Set.__set__(keys.SUBMIT_URL, url)
def team_player(ip='*'):
if APP_DEBUG:
Log.info('CALLED: Remove.team_player(' + str(ip) + ')')
if ip != '*' and not validators.is_ip(ip):
Log.error(str(ip) + ' is not a valid ip address')
return False
return Remove.__remove__(keys.TEAM_PLAYER, ip)
def game_server(ip):
if APP_DEBUG:
Log.info('CALLED: Set.game_server(' + str(ip) + ')')
if not validators.is_ip(ip):
Log.error(str(ip) + ' is not a valid ip address')
return False
return Set.__set__(keys.GAME_SERVER, ip)
def my_ip(ip):
if APP_DEBUG:
Log.info('CALLED: Set.my_ip(' + str(ip) + ')')
if not validators.is_ip(ip):
Log.error(str(ip) + ' is not a valid ip address')
return False
return Set.__set__(keys.MY_IP, ip)
def _deep_inject_form(href, depth=1):
# Check the domain
if href in parsed_forms or \
urlparse(href).netloc != base_url or \
(max_depth is not None and depth > max_depth):
return ''
# Visit the current href
parsed_relevant, request_cookies = HtmlParser.relevant_parse(href)
parsed_forms[href] = HtmlParser.find_forms(parsed_relevant, href)
# Find adjacent links
links = HtmlParser.find_links(parsed_relevant)
if len(parsed_forms) % 10 == 0:
Log.info('Writing result in ' + out_file + '...')
JsonSerializer.set_dictionary(parsed_forms, out_file)
# Visit adjacent links
for link in links:
# print('link: '+link)
child_request_cookies = _deep_inject_form(link, depth + 1)
if len(child_request_cookies) > len(request_cookies):
request_cookies = child_request_cookies
return request_cookies
def multi_sequential_requests(urls: list,
request_type: str = Type.GET,
data=None,
json: dict or list = None,
headers: dict = None) -> dict:
"""
Make multiple sequential requests
:param urls: The list of target urls
:param request_type: get|post|put|patch|delete
:param data: (optional) Dictionary, list of tuples, bytes, or file-like
object to send in the body of the :class:`Request`
:param json: (optional) json data to send in the body of the :class:`Request`
:param headers: The headers to send
:return A dictionary of responses like {'url_1': <response>, 'url_2': <response>, ...}
"""
if APP_DEBUG:
Log.info('CALLED: multi_request(' + str(urls) + ', ' +
str(request_type) + ', ' + str(data) + ')')
request_type = request_type.lower()
response_dict = dict()
for url in urls:
response = HttpRequest.request(url, request_type, data, json,
headers)
if response is None:
continue
response_dict[url] = response
if APP_DEBUG:
try:
print(response.json())
except (JSONDecodeError, SimpleJSONDecodeError):
print(response.text)
return response_dict
def server_to_defend(ip):
if APP_DEBUG:
Log.info('CALLED: Add.server_to_defend(' + str(ip) + ')')
if not validators.is_ip(ip):
Log.error(str(ip) + ' is not a valid ip address')
return False
return Add.__add__(keys.SERVER_TO_DEFEND, ip)
def server_to_defend(ip='*'):
if APP_DEBUG:
Log.info('CALLED: Remove.server_to_defend(' + str(ip) + ')')
if ip != '*' and not validators.is_ip(ip):
Log.error(str(ip) + ' is not a valid ip address')
return False
return Remove.__remove__(keys.SERVER_TO_DEFEND, ip)
def try_inject_forms(forms: dict,
cookies: str = '',
delay: int = 1,
random_agent: bool = False) -> dict:
"""
Try injection with all provided forms
:param forms: dict A dictionary of { "<url>": [ <parsed_form_1>, <parsed_form_2>, ... ], ... }
:param cookies: str the request cookies
:param delay: int The delay on each request
:param random_agent: True if set a random agent for each sqlmap request
:rtype: dict
"""
sqlmap_tasks = dict()
Log.info('Trying injection with cookies: ' + str(cookies))
for url, page_forms in forms.items():
page_forms: list # The forms in page returned by url
for page_form in page_forms:
page_form: dict # The attributes and inputs of form
action: str = page_form.get('action')
inputs: dict = page_form.get('inputs')
method: str = page_form.get('method')
if random_agent:
agent = None
else:
agent = HttpRequest.default_agent()
task_options = {
'dbms': 'MySQL',
'cookie': cookies,
'agent': agent,
'referer': url,
'delay': delay,
'randomAgent': random_agent,
'method': method,
'url': action,
'data': SqlmapClient.__get_data(inputs)
}
csrf_token = SqlmapClient.__get_csrf_token(inputs)
if csrf_token is not None:
csrf_token_name = csrf_token.get('name')
task_options.update({
'csrfUrl': url,
'csrfMethod': HttpRequest.Type.GET,
'csrfToken': csrf_token_name,
})
# for key, value in task_options.items():
# print('---------- ' + key + ': ----------')
# print(value)
sqlmap_task = SqlmapClient._task_new()
sqlmap_task.option_set(task_options)
sqlmap_tasks[sqlmap_task.id] = sqlmap_task
sqlmap_task.scan_start()
return sqlmap_tasks
def browser_target():
"""
The function that launch the browser
"""
set_owner_process(user)
Log.info('Launching browser with User: '******'Web browser opened')
def django_gui():
sys.path.insert(0, os.path.dirname(__file__))
bind_host = _get_bind_socket()
Log.info("Starting " + str(APP_NAME) + ' GUI')
sys.argv = [sys.argv[0], 'web.wsgi', '-b', bind_host]
django_cmd(['migrate'])
_launch_browser(bind_host)
gunicorn_run()
def get(self, request, *args, **kwargs):
"""
:type request: django.core.handlers.wsgi.WSGIRequest
:return: django.http.HttpResponse
"""
request_params: dict = request.GET.dict()
job_id = request_params.get('job_id')
Log.info("Showing job #" + str(job_id))
return render(request, self.template_name)
def kill(self, sig: int):
"""
Send a signal to process which is running this job
:param sig: The signal as integer (eg. 9 for SIGKILL)
"""
Log.info("Sending signal " + str(sig) + " to job #" + str(self.id) + ' (' + str(self.pid) + ')')
self.status = sig
os.kill(self.pid, sig)
self.save()
Log.success("Signal " + str(sig) + " sent to job #" + str(self.id) + ' (' + str(self.pid) + ')')
def deep_inject_form(url, max_depth, listen: bool = False) -> dict:
"""
Search a form in the page returned by url.
If it doesn't find a form, or the injection can't be done, it visit the website in search for other forms
:param listen: True if this method should listen and print the SQL tasks, otherwise False
:param url: str The url to visit
:param max_depth: int The max depth during the visit
:return A dictionary of SQL injection tasks
"""
base_url = urlparse(url).netloc
parsed_forms = dict()
out_file = APP_STORAGE_OUT + '/' + now(
) + '_DEEP_FORMS_' + base_url + '.json'
def _deep_inject_form(href, depth=1):
# Check the domain
if href in parsed_forms or \
urlparse(href).netloc != base_url or \
(max_depth is not None and depth > max_depth):
return ''
# Visit the current href
parsed_relevant, request_cookies = HtmlParser.relevant_parse(href)
# Find forms in page
parsed_forms[href] = HtmlParser.find_forms(parsed_relevant, href)
# Find adjacent links
links = HtmlParser.find_links(parsed_relevant)
if len(parsed_forms) % 10 == 0:
Log.info('Writing result in ' + out_file + '...')
JsonSerializer.set_dictionary(parsed_forms, out_file)
# Visit adjacent links
for link in links:
# print('link: '+link)
child_request_cookies = _deep_inject_form(link, depth + 1)
if len(child_request_cookies) > len(request_cookies):
request_cookies = child_request_cookies
return request_cookies
cookies = _deep_inject_form(url)
Log.info('Writing result in ' + out_file + '...')
JsonSerializer.set_dictionary(parsed_forms, out_file)
Log.success('Result wrote in ' + out_file)
Log.success('Website crawled! Found ' + str(len(parsed_forms)) +
' pages')
tasks = SqlmapClient.try_inject_forms(parsed_forms, cookies)
if listen:
SqlInjection.__listen_tasks(tasks)
return tasks
def __init__(self, host: str = DEFAULT_HOST, port: int = DEFAULT_PORT):
"""
:param host: The host
:param port: The port
"""
self.host = host
self.port = port
self.base_url = 'http://' + self.host + ':' + str(port)
# Start the sqlmap-api server in a parallel thread
Log.info("Starting sqlmap-api server in a parallel thread")
MultiTask.multithread(sqlmap_server, (self.host, self.port), True, 1)
while not check_socket(self.host, self.port):
# Wait sqlmap-api server
sleep(0.1)
Log.success("Sqlmap-api server started!")
def request(url: str,
request_type: str = HttpRequest.Type.GET,
json: dict or list = None) -> dict:
"""
Send a request to sqlmap-api server and then load the data json as dict
:param url: The sqlmap-api url (eg. "http://127.0.0.1:8775/task/new")
:param request_type: get|post|put|patch|delete
:param json: The json to send
:rtype: dict
"""
response = HttpRequest.request(url, request_type, json=json)
r_data = JsonSerializer.load_json(response.text)
Log.info('Response data of ' + url + ': ' + str(r_data))
if not r_data['success']:
Log.error('Response data of ' + url + ' has { success: False }')
raise requests.RequestException('Request to ' + url + ' failed')
return r_data
def kill(self, sig: int):
"""
Send a signal to process which is running this job
:param sig: The signal as integer (eg. 9 for SIGKILL)
"""
if self.status == sig:
return
Log.info("Sending signal " + str(sig) + " to job #" + str(self.id) +
' (' + str(self.pid) + ')')
self.status = sig
try:
os.kill(self.pid, sig)
except ProcessLookupError:
# Process does not exists
pass
self.save()
Log.success("Signal " + str(sig) + " sent to job #" + str(self.id) +
' (' + str(self.pid) + ')')
def get(self, request, *args, **kwargs):
"""
:type request: django.core.handlers.wsgi.WSGIRequest
:return: django.http.HttpResponse
"""
if not util.is_root():
return render(request,
self.error_templates.get('root_required'))
request_params: dict = request.GET.dict()
try:
sniffing_job_id = int(request_params.get('id'))
except (ValueError, TypeError):
return redirect('/sniffing')
Log.info("Showing job #" + str(sniffing_job_id))
try:
sniffing_job = SniffingJobModel.objects.get(id=sniffing_job_id)
except ObjectDoesNotExist:
return redirect('/sniffing')
return render(request, self.template_name, {'job': sniffing_job})
def try_inject(forms: dict,
cookies: str = '',
delay: int = 0,
random_agent: bool = False) -> dict:
"""
Try injection with all provided forms
:param forms: dict A dictionary of { "<url>": [ <parsed_form_1>, <parsed_form_2>, ... ], ... }
:param cookies: str the request cookies
:param delay: int The delay on each request
:param random_agent: True if set a random agent for each sqlmap request
:rtype: dict
"""
sqlmap_tasks = dict()
Log.info('Trying injection with cookies: ' + str(cookies))
for url, page_forms in forms.items():
page_forms: list # The forms in page returned by url
for page_form in page_forms:
page_form: dict # The attributes and inputs of form
action = page_form.get('action')
inputs = page_form.get('inputs')
method = page_form.get('method')
# Foreach form, will created a new SqlmapTask
pprint(inputs)
sqlmap_task = SqlmapClient._task_new()
sqlmap_task.option_set({
'cookie': cookies,
'agent': HttpRequest.default_agent(),
'referer': url,
'delay': delay,
'randomAgent': random_agent,
'method': method,
'url': action
})
sqlmap_task.option_get([
'referer', 'agent', 'referer', 'delay', 'randomAgent',
'method', 'url'
])
sqlmap_tasks[sqlmap_task.id] = sqlmap_task
return sqlmap_tasks
def _get_job(self, request, redirect_url: str):
"""
Show the requested job
:type request: django.core.handlers.wsgi.WSGIRequest
:param redirect_url: The url to redirect the request in case of errors
:return: django.http.HttpResponse
"""
request_params: dict = request.GET.dict()
try:
job_id = int(request_params.get('id'))
except (ValueError, TypeError) as e:
Log.error(str(e))
return redirect(redirect_url)
Log.info("Showing job #" + str(job_id))
try:
job = self.model_class.objects.get(id=job_id)
except ObjectDoesNotExist:
return redirect(redirect_url)
return render(request, self.template_name, {'job': job})
def __init__(
self,
filters: str = None,
src_file: str = None,
dest_file: str = None,
interfaces: list = None,
limit_length: int = None,
pkt_count: int = None,
callback=None
):
"""
Packet capture method
:param filters: https://wiki.wireshark.org/DisplayFilters
:param src_file: Il file .pcap da cui leggere i pacchetti ascoltati (o None, per Live sniffing)
:param dest_file: Il file in cui scrivere il .pcap dei pacchetti ascoltati (o None)
:param interfaces: The list of interfaces to sniff (or None, to sniff all interfaces)
:param limit_length: The limit length of each packet field (they will be truncated), or None
:param pkt_count: Max packets to sniff, or None
:param callback: The callback method to call (or None) (@see PcapSniffer._user_callback_example)
"""
root_required()
self.count = 0 # Sniffed packets
self.max_count = pkt_count
# Prevents the mac manufacturer lookup sniffing
self.filters = PcapSniffer._get_filters(filters)
self.src_file = src_file
self.dest_file = dest_file
self.limit_length = limit_length
self.user_callback = callback
self.interfaces = interfaces
Log.info('Analyzing filters: ' + str(self.filters))
if self.src_file is not None:
Log.info('Analyzing file: ' + self.src_file)
self._capture = pyshark.FileCapture(
input_file=self.src_file,
display_filter=self.filters,
output_file=self.dest_file,
# include_raw=True,
# use_json=True
# debug=APP_DEBUG
)
else:
Log.info('Analyzing live traffic')
self._capture = pyshark.LiveCapture(
interface=self.interfaces,
display_filter=self.filters,
output_file=self.dest_file,
# include_raw=True,
# use_json=True
# debug=APP_DEBUG
)
def server_to_attack():
if APP_DEBUG:
Log.info('CALLED: Get.server_to_attack()')
return Get.__get__(keys.SERVER_TO_ATTACK)
def submit_url():
if APP_DEBUG:
Log.info('CALLED: Get.submit_url()')
return Get.__get__(keys.SUBMIT_URL)
def game_server():
if APP_DEBUG:
Log.info('CALLED: Get.game_server()')
return Get.__get__(keys.GAME_SERVER)
def flag_regex():
if APP_DEBUG:
Log.info('CALLED: Get.flag_regex()')
return Get.__get__(keys.FLAG_REGEX)
def print_response(response, limit=1000):
"""
:param response: The response to print
:param limit: The limit data length before truncate that
"""
Log.info(str(response.url))
Log.info(' |--- status_code: ' + str(response.status_code))
Log.info(' |--- encoding: ' + str(response.encoding))
Log.info(' |--- headers:')
for key, value in response.headers.items():
Log.info(' | |--- ' + str(key) + ': ' + str(value))
Log.info(' |')
try:
json_body = response.json()
Log.info(' |-- data: ' + str(json_body))
except ValueError:
data = str(response.text)
if len(data) > limit:
data = '[truncated]' + data[0:limit]
Log.info(' |-- data: ' + data)
def my_interface(interface):
if APP_DEBUG:
Log.info('CALLED: Set.my_interface(' + str(interface) + ')')
return Set.__set__(keys.MY_INTERFACE, interface)
def team_token(token):
if APP_DEBUG:
Log.info('CALLED: Set.team_token(' + str(token) + ')')
return Set.__set__(keys.TEAM_TOKEN, token)
def flag_regex(regex):
if APP_DEBUG:
Log.info('CALLED: Set.flag_regex(' + str(regex) + ')')
return Set.__set__(keys.FLAG_REGEX, regex)
