class UsageCommand(Command): def __init__(self): self.params = None def initialize(self): if self.params is None: '[-] Error: chori is not a valid command' self.params = Parameter() for cmd in cmd_manager.cmds: self.params.add_parameter(cmd, Parameter(lambda __, _, cmd=cmd: output_manager.normal(' {0}'.format(cmd_manager.cmds[cmd].usage(cmd))).line_break())) def blah(self, data): output_manager.normal(' {0}'.format(data)).line_break() def execute(self, mole, params): self.initialize() self.params.execute(mole, params) def parameters(self, mole, current_params): self.initialize() return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <CMD_NAME>'
class UsageCommand(Command): def __init__(self): self.params = None def initialize(self): if self.params is None: '[-] Error: chori is not a valid command' self.params = Parameter() for cmd in cmd_manager.cmds: self.params.add_parameter( cmd, Parameter(lambda __, _, cmd=cmd: output_manager.normal( ' {0}'.format(cmd_manager.cmds[cmd].usage(cmd))). line_break())) def blah(self, data): output_manager.normal(' {0}'.format(data)).line_break() def execute(self, mole, params): self.initialize() self.params.execute(mole, params) def parameters(self, mole, current_params): self.initialize() return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <CMD_NAME>'
def generate_config_parameters(self, mole): ret = {} for i in mole.requester.query_filters.active_filters(): try: param = Parameter() subparams = mole.requester.query_filters.config_parameters(i) for subparam in subparams: param.add_parameter(subparam, subparams[subparam]) ret[i] = param except Exception as ex: print(ex) return ret
class BaseFilterCommand(Command): def __init__(self, functor): self.functor = functor self.params = Parameter(lambda mole, _: self.print_filters(mole)) add_param = Parameter() add_param.set_param_generator( lambda mole, _: self.generate_add_filters(mole)) del_param = Parameter() del_param.set_param_generator( lambda mole, _: self.generate_del_filters(mole)) self.params.add_parameter('add', add_param) self.params.add_parameter('del', del_param) def generate_add_filters(self, mole): ret = {} for i in self.functor(mole).available_filters(): ret[i] = Parameter( lambda mole, params, i=i: self.add_filter(mole, i, params)) return ret def generate_del_filters(self, mole): ret = {} for i in self.functor(mole).active_filters(): ret[i] = Parameter( lambda mole, params, i=i: self.functor(mole).remove_filter(i)) return ret def add_filter(self, mole, name, params): try: self.functor(mole).add_filter(name, params) except FilterCreationError as ex: raise CommandException( 'Filter {0} failed to initialize({1})'.format(name, str(ex))) def print_filters(self, mole): filters = self.functor(mole).active_filters_to_string() if len(filters) == 0: output_manager.normal('No filters added yet.').line_break() else: for i in filters: output_manager.normal(i).line_break() def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' [add|del|config] [FILTER_NAME [ARGS]]'
class QueryModeCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal(mole.mode).line_break()) self.params.add_parameter('union', Parameter(lambda mole, _: mole.set_mode('union'))) self.params.add_parameter('blind', Parameter(lambda mole, _: mole.set_mode('blind'))) def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <union|blind>'
class RequestSenderCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal(str(mole.requester.sender)).line_break()) self.params.add_parameter('headsender', Parameter(lambda mole, _: self.set_sender(mole, HttpHeadRequestSender))) self.params.add_parameter('httpsender', Parameter(lambda mole, _: self.set_sender(mole, HttpRequestSender))) def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def set_sender(self, mole, sender): mole.requester.sender = sender() mole.initialized = False mole.requester.encoding = None
class OutputCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal(output_manager.result_output).line_break()) self.params.add_parameter('pretty', Parameter(lambda mole, _: self.set_output('pretty'))) self.params.add_parameter('plain', Parameter(lambda mole, _: self.set_output('plain'))) def set_output(self, value): output_manager.result_output = value def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <pretty|plain>'
class VerboseCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal('on' if mole.verbose else 'off').line_break()) self.params.add_parameter('on', Parameter(lambda mole, _: self.set_verbose(mole, True))) self.params.add_parameter('off', Parameter(lambda mole, _: self.set_verbose(mole, False))) def set_verbose(self, mole, value): mole.verbose = value def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <on|off>'
class RedirectCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal('on' if mole.requester.sender.follow_redirects else 'off').line_break()) self.params.add_parameter('on', Parameter(lambda mole, _: self.set_follow_redirects(mole, True))) self.params.add_parameter('off', Parameter(lambda mole, _: self.set_follow_redirects(mole, False))) def set_follow_redirects(self, mole, value): mole.requester.sender.follow_redirects = value def execute(self, mole, params): self.params.execute(mole, params) def usage(self, cmd_name): return cmd_name + ' [on|off]' def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params)
class QueryModeCommand(Command): def __init__(self): self.params = Parameter( lambda mole, _: output_manager.normal(mole.mode).line_break()) self.params.add_parameter( 'union', Parameter(lambda mole, _: mole.set_mode('union'))) self.params.add_parameter( 'blind', Parameter(lambda mole, _: mole.set_mode('blind'))) def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <union|blind>'
class BaseFilterCommand(Command): def __init__(self, functor): self.functor = functor self.params = Parameter(lambda mole, _: self.print_filters(mole)) add_param = Parameter() add_param.set_param_generator(lambda mole, _: self.generate_add_filters(mole)) del_param = Parameter() del_param.set_param_generator(lambda mole, _: self.generate_del_filters(mole)) self.params.add_parameter('add', add_param) self.params.add_parameter('del', del_param) def generate_add_filters(self, mole): ret = {} for i in self.functor(mole).available_filters(): ret[i] = Parameter(lambda mole, params, i=i: self.add_filter(mole, i, params)) return ret def generate_del_filters(self, mole): ret = {} for i in self.functor(mole).active_filters(): ret[i] = Parameter(lambda mole, params, i=i: self.functor(mole).remove_filter(i)) return ret def add_filter(self, mole, name, params): try: self.functor(mole).add_filter(name, params) except FilterCreationError as ex: raise CommandException('Filter {0} failed to initialize({1})'.format(name, str(ex))) def print_filters(self, mole): filters = self.functor(mole).active_filters_to_string() if len(filters) == 0: output_manager.normal('No filters added yet.').line_break() else: for i in filters: output_manager.normal(i).line_break() def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' [add|del|config] [FILTER_NAME [ARGS]]'
class OutputCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal( output_manager.result_output).line_break()) self.params.add_parameter( 'pretty', Parameter(lambda mole, _: self.set_output('pretty'))) self.params.add_parameter( 'plain', Parameter(lambda mole, _: self.set_output('plain'))) def set_output(self, value): output_manager.result_output = value def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <pretty|plain>'
class VerboseCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal( 'on' if mole.verbose else 'off').line_break()) self.params.add_parameter( 'on', Parameter(lambda mole, _: self.set_verbose(mole, True))) self.params.add_parameter( 'off', Parameter(lambda mole, _: self.set_verbose(mole, False))) def set_verbose(self, mole, value): mole.verbose = value def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def usage(self, cmd_name): return cmd_name + ' <on|off>'
class RequestSenderCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal( str(mole.requester.sender)).line_break()) self.params.add_parameter( 'headsender', Parameter( lambda mole, _: self.set_sender(mole, HttpHeadRequestSender))) self.params.add_parameter( 'httpsender', Parameter( lambda mole, _: self.set_sender(mole, HttpRequestSender))) def execute(self, mole, params): self.params.execute(mole, params) def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params) def set_sender(self, mole, sender): mole.requester.sender = sender() mole.initialized = False mole.requester.encoding = None
class RedirectCommand(Command): def __init__(self): self.params = Parameter(lambda mole, _: output_manager.normal( 'on' if mole.requester.sender.follow_redirects else 'off').line_break()) self.params.add_parameter( 'on', Parameter(lambda mole, _: self.set_follow_redirects(mole, True))) self.params.add_parameter( 'off', Parameter(lambda mole, _: self.set_follow_redirects(mole, False))) def set_follow_redirects(self, mole, value): mole.requester.sender.follow_redirects = value def execute(self, mole, params): self.params.execute(mole, params) def usage(self, cmd_name): return cmd_name + ' [on|off]' def parameters(self, mole, current_params): return self.params.parameter_list(mole, current_params)
class SQLServerCollationFilter(BaseQueryFilter): def __init__(self, name, params): BaseQueryFilter.__init__(self, name, params) self.cast_match = re.compile('cast\([\w\d_\-@]+ as varchar\([\d]+\)\)') self.field_match = re.compile( 'cast\(([\w\d_\-@]+) as varchar\([\d]+\)\)') self.blacklist = [] self.collation = params[0] if len(params) == 1 else 'DATABASE_DEFAULT' self.blist_param = Parameter(lambda _, __: self.print_blacklist()) add_blist = Parameter(lambda _, params: self.blacklist_add(params)) del_blist = Parameter(no_args_str='Expected argument after "del"') self.blist_param.add_parameter('add', add_blist) del_blist.set_param_generator(lambda _, __: self.del_generator()) self.blist_param.add_parameter('del', del_blist) self.collation_param = Parameter( lambda _, params: self.exec_collation(params)) self.params = { 'blacklist': self.blist_param, 'collation': self.collation_param } def configuration_parameters(self): return self.params def exec_collation(self, params): if len(params) < 1: output_manager.normal(self.collation).line_break() else: self.collation = params[0] def blacklist_add(self, params): if len(params) == 0: output_manager.error('Expected argument after "add"').line_break() else: for i in params: self.blacklist.append(i) def del_generator(self): ret = {} for i in self.blacklist: ret[i] = Parameter(lambda _, __, i=i: self.blacklist.remove(i)) return ret def print_blacklist(self): if len(self.blacklist) == 0: output_manager.info('No fields in blacklist.').line_break() else: for i in self.blacklist: output_manager.normal(i).line_break() def filter_(self, query): try: matches = self.cast_match.findall(query) for i in matches: field = self.field_match.findall(i)[0] if not field in self.blacklist: replaced = i.replace( field, '(' + field + ' COLLATE ' + self.collation + ')') query = query.replace(i, replaced) except Exception as ex: output_manager.error('{0}'.format(ex)).line_break() return query def export_config(self): import copy blacklist_config = ['blacklist', 'add'] + copy.copy(self.blacklist) collation_config = ['collation', self.collation] return [blacklist_config, collation_config] def __str__(self): return self.name + ' ' + self.collation
class SQLServerCollationFilter(BaseQueryFilter): def __init__(self, name, params): BaseQueryFilter.__init__(self, name, params) self.cast_match = re.compile('cast\([\w\d_\-@]+ as varchar\([\d]+\)\)') self.field_match = re.compile('cast\(([\w\d_\-@]+) as varchar\([\d]+\)\)') self.blacklist = [] self.collation = params[0] if len(params) == 1 else 'DATABASE_DEFAULT' self.blist_param = Parameter(lambda _, __: self.print_blacklist()) add_blist = Parameter(lambda _, params: self.blacklist_add(params)) del_blist = Parameter(no_args_str='Expected argument after "del"') self.blist_param.add_parameter('add', add_blist) del_blist.set_param_generator(lambda _, __: self.del_generator()) self.blist_param.add_parameter('del', del_blist) self.collation_param = Parameter(lambda _, params: self.exec_collation(params)) self.params = { 'blacklist' : self.blist_param, 'collation' : self.collation_param } def configuration_parameters(self): return self.params def exec_collation(self, params): if len(params) < 1: output_manager.normal(self.collation).line_break() else: self.collation = params[0] def blacklist_add(self, params): if len(params) == 0: output_manager.error('Expected argument after "add"').line_break() else: for i in params: self.blacklist.append(i) def del_generator(self): ret = {} for i in self.blacklist: ret[i] = Parameter(lambda _, __, i=i: self.blacklist.remove(i)) return ret def print_blacklist(self): if len(self.blacklist) == 0: output_manager.info('No fields in blacklist.').line_break() else: for i in self.blacklist: output_manager.normal(i).line_break() def filter_(self, query): try: matches = self.cast_match.findall(query) for i in matches: field = self.field_match.findall(i)[0] if not field in self.blacklist: replaced = i.replace(field, '(' + field + ' COLLATE ' + self.collation + ')') query = query.replace(i, replaced) except Exception as ex: output_manager.error('{0}'.format(ex)).line_break() return query def export_config(self): import copy blacklist_config = ['blacklist', 'add'] + copy.copy(self.blacklist) collation_config = ['collation', self.collation] return [blacklist_config, collation_config] def __str__(self): return self.name + ' ' + self.collation