├── README.md ├── SQM ├── PATH_TRAVERSAL │ ├── cpanel.txt │ ├── path-traversal-windows.txt │ └── unix-httpd-log.txt └── SHELL │ └── mini.txt ├── sqm.pyw └── sqm_cn.pyw /README.md: -------------------------------------------------------------------------------- 1 | Desc 2 | --------------------------- 3 | This is backup and modified version for gui-for-sqlmap,cause the oringinal edition on Google Code is missing. 4 | 5 | Requirement 6 | --------------------------- 7 | - python 2.7+ 8 | - sqlmap 9 | - pyttk-0.3-py3k 10 | 11 | Usage 12 | --------------------------- 13 | Copy all files into sqlmap's root directory,and double click sqm.pyw to run it. 14 | 15 | 16 | Reference 17 | --------------------------- 18 | - https://github.com/sqlmapproject 19 | - http://code.google.com/p/gui-for-sqlmap/ -------------------------------------------------------------------------------- /SQM/PATH_TRAVERSAL/cpanel.txt: -------------------------------------------------------------------------------- 1 | *log 2 | /usr/local/cpanel/logs 3 | /usr/local/cpanel/logs/stats_log 4 | /usr/local/cpanel/logs/access_log 5 | /usr/local/cpanel/logs/error_log 6 | /usr/local/cpanel/logs/license_log 7 | /usr/local/cpanel/logs/login_log 8 | /usr/local/cpanel/logs/stats_log 9 | *conf 10 | /var/cpanel/cpanel.config -------------------------------------------------------------------------------- /SQM/PATH_TRAVERSAL/path-traversal-windows.txt: -------------------------------------------------------------------------------- 1 | C:/inetpub/wwwroot/global.asa 2 | C:\inetpub\wwwroot\global.asa 3 | C:/boot.ini 4 | C:\boot.ini 5 | D:\inetpub\wwwroot\global.asa 6 | D:/inetpub/wwwroot/global.asa 7 | -------------------------------------------------------------------------------- /SQM/PATH_TRAVERSAL/unix-httpd-log.txt: -------------------------------------------------------------------------------- 1 | # based on list by Joseph Giron 2 | /apache/logs/error.log 3 | /apache/logs/access.log 4 | /apache/logs/error.log 5 | /apache/logs/access.log 6 | /apache/logs/error.log 7 | /apache/logs/access.log 8 | /etc/httpd/logs/acces_log 9 | /etc/httpd/logs/acces.log 10 | /etc/httpd/logs/error_log 11 | /etc/httpd/logs/error.log 12 | /var/www/logs/access_log 13 | /var/www/logs/access.log 14 | /usr/local/apache/logs/access_log 15 | /usr/local/apache/logs/access.log 16 | /var/log/apache/access_log 17 | /var/log/apache2/access_log 18 | /var/log/apache/access.log 19 | /var/log/apache2/access.log 20 | /var/log/access_log 21 | /var/log/access.log 22 | /var/www/logs/error_log 23 | /var/www/logs/error.log 24 | /usr/local/apache/logs/error_log 25 | /usr/local/apache/logs/error.log 26 | /var/log/apache/error_log 27 | /var/log/apache2/error_log 28 | /var/log/apache/error.log 29 | /var/log/apache2/error.log 30 | /var/log/error_log 31 | /var/log/error.log 32 | -------------------------------------------------------------------------------- /SQM/SHELL/mini.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /sqm_cn.pyw: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2 2 | # -*- coding: utf-8 -*- 3 | 4 | ''' 5 | gui for SQLmap 6 | ''' 7 | from Tkinter import * 8 | import ttk 9 | import os 10 | import subprocess 11 | import re 12 | from urlparse import urlparse 13 | import tkFont, tkFileDialog 14 | 15 | 16 | class app(Frame): 17 | def __init__(self, mw): 18 | Frame.__init__(self, mw) 19 | self.grid( sticky='nswe' ) 20 | # Hot Keys: ###################################### 21 | mw.bind('',self.Help_F1) 22 | mw.bind('',self.alt_key_s) 23 | mw.bind('',self.alt_key_l) 24 | mw.bind('',self.alt_key_e) 25 | mw.bind('',self.commands) 26 | mw.bind('',self.injectIT) 27 | mw.bind('',self.rClicker, add='') 28 | mw.bind('',self.alt_key_1) 29 | mw.bind('',self.alt_key_2) 30 | mw.bind('',self.alt_key_3) 31 | mw.bind('',self.alt_key_4) 32 | mw.bind('',self.alt_key_5) 33 | # ################################################ 34 | self.rowconfigure( 0, weight=1 ) 35 | self.columnconfigure( 0, weight=1 ) 36 | self.nRoot = ttk.Notebook(self) 37 | BuilderFrame = ttk.Frame(self.nRoot) 38 | WatchLog = ttk.Frame(self.nRoot) 39 | Editor = ttk.Frame(self.nRoot) 40 | HelpMe = ttk.Frame(self.nRoot) 41 | self.nRoot.add(BuilderFrame, text=u'SQLmap 命令行构建') 42 | self.nRoot.add(WatchLog, text=u'Log 查看器') 43 | self.nRoot.add(Editor, text=u'编辑器') 44 | self.nRoot.add(HelpMe, text=u'帮助!') 45 | self.nRoot.rowconfigure( 0, weight=1 ) 46 | self.nRoot.columnconfigure( 0, weight=1 ) 47 | self.nRoot.grid(row=0, column=0, sticky='nswe',ipady=3,ipadx=3) 48 | BuilderFrame.rowconfigure( 0, weight=1 ) 49 | BuilderFrame.columnconfigure( 0, weight=1) 50 | Editor.rowconfigure( 0, weight=1 ) 51 | Editor.columnconfigure( 0, weight=1) 52 | HelpMe.rowconfigure( 0, weight=1 ) 53 | HelpMe.columnconfigure( 0, weight=1) 54 | # Help SqlMAP 55 | lfhelp = ttk.Labelframe(HelpMe) 56 | lfhelp.grid(sticky='nswe') 57 | scrolHelp = ttk.Scrollbar(lfhelp) 58 | scrolHelp.grid(row=0, column=1, sticky='ns') 59 | lfhelp.rowconfigure( 0, weight=1 ) 60 | lfhelp.columnconfigure( 0, weight=1) 61 | 62 | manual_sqlmap = 'python2 sqlmap.py -hh' 63 | process = subprocess.Popen(manual_sqlmap, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 64 | helpTXT = Text(lfhelp, yscrollcommand=scrolHelp.set, width = 73, 65 | height=24,bg='#002B36', fg='#93A1A1') 66 | helpTXT.insert('1.0', process.communicate()[0]) 67 | scrolHelp.config(command= helpTXT.yview) 68 | helpTXT.grid(row=0, column=0,ipadx=30,sticky='nswe') 69 | # EDITOR 70 | requestLF = ttk.Labelframe(Editor, text='') 71 | requestLF.grid(row = 0, column =0,sticky='nswe') 72 | requestLF.columnconfigure(0, weight=1) 73 | requestLF.rowconfigure(0, weight=1) 74 | #Open 75 | #Button Panel 76 | rbutPanel = ttk.Labelframe(Editor, text='') 77 | rbutPanel.grid(row=1, sticky='we',columnspan=2) 78 | rOpen = ttk.Button(rbutPanel, width=15) 79 | rOpen.config(text ="openReqFile", command=self.openReqF) 80 | rOpen.grid(row =1, column=0, sticky='w') 81 | cOpen = ttk.Button(rbutPanel, width=15) 82 | cOpen.config(text ="openConfFile", command=self.openIniF) 83 | cOpen.grid(row =1, column=1, sticky='w') 84 | rSave = ttk.Button(rbutPanel, width=15) 85 | rSave.config(text ="saveReqFile", command=self.saveReqF) 86 | rSave.grid(row =1, column=2, sticky='w') 87 | cSave = ttk.Button(rbutPanel, width=15) 88 | cSave.config(text ="saveConfFile", command=self.saveIniF) 89 | cSave.grid(row =1, column=3, sticky='w') 90 | self.file_request_save = save_request = {} 91 | save_request['defaultextension'] = '.txt' 92 | save_request['filetypes'] = [('all files', '.*')] 93 | save_request['initialdir'] = './SQM/REQUEST/' 94 | save_request['parent'] = Editor 95 | save_request['title'] = 'HTTP Requet FILE' 96 | self.file_ini = open_ini = {} 97 | open_ini['defaultextension'] = '.conf' 98 | open_ini['filetypes'] = [('all files', '.conf')] 99 | open_ini['initialdir'] = './SQM/CONFIGFILE/' 100 | open_ini['parent'] = Editor 101 | open_ini['title'] = 'CONFIGFILE' 102 | # 103 | reqFile_scr = ttk.Scrollbar(requestLF) 104 | reqFile_scr.grid(row=0, column=1, sticky='ns', columnspan=10) 105 | self.reqFile = Text(requestLF, yscrollcommand=reqFile_scr.set,undo=True, height=29, bg='#002B36', fg='#93A1A1') 106 | reqFile_scr.config(command= self.reqFile.yview) 107 | self.reqFile.grid(row=0, column=0,sticky='nswe') 108 | self.reqFile.columnconfigure(0, weight=1) 109 | self.reqFile.rowconfigure(0, weight=1) 110 | # Load Log... 111 | lfWatchLog = ttk.Labelframe(WatchLog, text='') 112 | WatchLog.rowconfigure( 0, weight=1 ) 113 | WatchLog.columnconfigure( 0, weight=1) 114 | lfWatchLog.grid(row = 0, column =0, sticky='nswe', columnspan=10) 115 | lfWatchLog.rowconfigure( 0, weight=1 ) 116 | lfWatchLog.columnconfigure( 0, weight=1) 117 | # 118 | scrolSes = ttk.Scrollbar(lfWatchLog) 119 | scrolSes.grid(row=0, column=1, sticky='ns') 120 | # 121 | self.sesTXT = Text(lfWatchLog, yscrollcommand=scrolSes.set, width = 73, 122 | height=32,bg='#002B36', fg='#93A1A1') 123 | scrolSes.config(command= self.sesTXT.yview) 124 | self.sesTXT.grid(row=0, column=0,ipadx=30,sticky='nswe') 125 | self.sesTXT.bind('',self.onFind) 126 | self.sesTXT.bind('',self.onFindAll) 127 | #Button Panel 128 | butPanel = ttk.Labelframe(WatchLog, text='') 129 | butPanel.grid(row=1, sticky='we',columnspan=2) 130 | logbut = ttk.Button(butPanel, width=3) 131 | logbut.config(text ="log", command=self.logs) 132 | logbut.grid(row =1, column=5, sticky='e') 133 | #full log 134 | self.chkLog = ttk.Checkbutton(butPanel) 135 | self.chkLog_var = StringVar() 136 | self.chkLog.config(text="full log", variable= self.chkLog_var, onvalue= "on" , 137 | offvalue = "off")#, command= self.chekLog) 138 | self.chkLog.grid(row=1,column = 4, sticky = 'e',padx=10) 139 | # 140 | sesbut = ttk.Button(butPanel, width=5) 141 | sesbut.config(text ="session", command=self.session) 142 | sesbut.grid(row =1, column=3,sticky='ws',ipadx=3) 143 | # 144 | self.search_var = StringVar() 145 | self.searchEdit = ttk.Entry(butPanel,width=30) 146 | self.searchEdit.config(text="", textvariable = self.search_var) 147 | self.searchEdit.grid(row=1, column=0, sticky = 'w', padx=3) 148 | self.search_var.set('HotKey: F3-find, F4-find all') 149 | self.searchEdit.bind('',self.onFind) 150 | self.searchEdit.bind('',self.onFindAll) 151 | self.sesTXT.bind('',self.logs) 152 | # 153 | sesFbut = ttk.Button(butPanel, width=10) 154 | sesFbut.config(text ="open session", command=self.fSes) 155 | sesFbut.grid(row =1, column=6,sticky='ws',ipadx=3) 156 | self.file_session = options_session = {} 157 | options_session['defaultextension'] = '' 158 | options_session['filetypes'] = [('all files', '.*')] 159 | options_session['initialdir'] = './SQM/SESSION/' 160 | options_session['parent'] = WatchLog 161 | options_session['title'] = 'Open Session FILE' 162 | # 163 | trafbut = ttk.Button(butPanel, width=15) 164 | trafbut.config(text ="open traffic", command=self.fTraf) 165 | trafbut.grid(row =1, column=7,sticky='ws') 166 | self.file_traf = options_traf = {} 167 | options_traf['defaultextension'] = '' 168 | options_traf['filetypes'] = [('all files', '.*')] 169 | options_traf['initialdir'] = './SQM/TRAFFIC/' 170 | options_traf['parent'] = WatchLog 171 | options_traf['title'] = 'Open Traffic FILE' 172 | # 173 | panedUrl = ttk.Panedwindow(BuilderFrame, orient=VERTICAL) 174 | panedUrl.columnconfigure( 0, weight=1 ) 175 | panedUrl.rowconfigure( 0, weight=1 ) 176 | #TARGETS: 177 | targetVariant = ttk.Labelframe(panedUrl, text='') 178 | targetVariant.columnconfigure( 0, weight=1) 179 | panedUrl.add(targetVariant) 180 | # 181 | urlLF = ttk.Labelframe(panedUrl, text=u'目标:') 182 | urlLF.columnconfigure( 0, weight=1) 183 | urlLF.columnconfigure( 0, weight=1 ) 184 | panedUrl.add(urlLF) 185 | # 186 | self.varTarget= StringVar() 187 | rbURL= ttk.Radiobutton(targetVariant,text='url',variable=self.varTarget,value="url", command=self.fTarget) 188 | rbLOG = ttk.Radiobutton(targetVariant,text='logFile',variable=self.varTarget,value="logFile", command=self.fTarget) 189 | rbBULKFILE =ttk.Radiobutton(targetVariant,text='bulkFile',variable=self.varTarget,value="bulkFile", command=self.fTarget) 190 | rbREQUEST =ttk.Radiobutton(targetVariant,text='请求文件',variable=self.varTarget,value="requestFile", command=self.fTarget) 191 | rbDork = ttk.Radiobutton(targetVariant,text='googleDork',variable=self.varTarget,value="googleDork", command=self.fTarget) 192 | rbDirect = ttk.Radiobutton(targetVariant,text='直接连接',variable=self.varTarget,value="direct", command=self.fTarget) 193 | rbConfig = ttk.Radiobutton(targetVariant,text='配置文件',variable=self.varTarget,value="configFile", command=self.fTarget) 194 | rbURL.grid(row=0, column=0,sticky='w') 195 | rbLOG.grid(row=0, column=1,sticky='w') 196 | rbBULKFILE.grid(row=0, column=2,sticky='w') 197 | rbREQUEST.grid(row=0, column=3,sticky='w') 198 | rbDork.grid(row=0, column=4,sticky='w') 199 | rbDirect.grid(row=0, column=5,sticky='w') 200 | rbConfig.grid(row=0, column=6,sticky='w') 201 | 202 | self.urlentry = ttk.Combobox(urlLF) 203 | self.urlentry.grid(row=1, column=0,sticky = 'we') 204 | texturl = open(r"./SQM/last.uri", 'a+').readlines() 205 | self.urlentry['values'] = texturl 206 | #query to sqlmap 207 | queryLF = ttk.Labelframe(panedUrl, text=u'sqlmap命令:') 208 | queryLF.columnconfigure( 0, weight=1 ) 209 | queryLF.rowconfigure( 0, weight=1 ) 210 | panedUrl.add(queryLF) 211 | self.sql_var = StringVar() 212 | self.sqlEdit = ttk.Entry(queryLF) 213 | self.sqlEdit.config(text="", textvariable = self.sql_var) 214 | self.sqlEdit.grid(sticky = 'we') 215 | self.sqlEdit.columnconfigure(0, weight=1) 216 | panedUrl.grid(row=0, column=0, sticky='nwe', rowspan =2) 217 | self.noBF = ttk.Notebook(BuilderFrame) 218 | setingsF = ttk.Frame(self.noBF) 219 | sDetTechF = ttk.Frame(self.noBF) 220 | requestF = ttk.Frame(self.noBF) 221 | enumerationF = ttk.Frame(self.noBF) 222 | fileF = ttk.Frame(self.noBF) 223 | self.noBF.add(setingsF, text='设置') 224 | self.noBF.add(sDetTechF, text='注入 | 探测 | 技术') 225 | self.noBF.add(requestF, text='Request') 226 | self.noBF.add(enumerationF, text='Enumeration') 227 | self.noBF.add(fileF, text='Access') 228 | self.noBF.columnconfigure(0, weight=1) 229 | self.noBF.grid(sticky = 'nswe',padx=3,pady=3) 230 | self.noBF.select(tab_id=1) 231 | 232 | setingsF.columnconfigure(0, weight=1) 233 | sDetTechF.columnconfigure(0, weight=1) 234 | requestF.columnconfigure(0, weight=1) 235 | fileF.columnconfigure(0, weight=1) 236 | # take query SqlMAP 237 | but = ttk.Button(BuilderFrame) 238 | but.config(text ="get query",width = 10, command=self.commands) 239 | # 240 | but.grid(row=3,column=0, sticky='nw') 241 | # 242 | butInj = ttk.Button(BuilderFrame) 243 | butInj.config(text ="start",width = 10, command=self.injectIT) 244 | butInj.grid(row=3,column=0, sticky='ne') 245 | #General: 246 | #These options can be used to set some general working parameters 247 | genOptLF = ttk.Labelframe(setingsF, text='General') 248 | genOptLF.grid(row=2, sticky='we',columnspan=2,pady=10) 249 | #--forms Parse and test forms on target url 250 | self.chkForms = ttk.Checkbutton(genOptLF) 251 | self.chkForms_var = StringVar() 252 | self.chkForms.config(text="forms", variable= self.chkForms_var, onvalue= "on" , 253 | offvalue = "off", command= self.fForms) 254 | self.chkForms.grid(row=0,column=0,sticky = 'w') 255 | #--fresh-queries Ignores query results stored in session file 256 | self.chkFresh = ttk.Checkbutton(genOptLF) 257 | self.chkFresh_var = StringVar() 258 | self.chkFresh.config(text="fresh-queries", variable= self.chkFresh_var, onvalue= "on" , 259 | offvalue = "off", command= self.fFresh) 260 | self.chkFresh.grid(row=1,column=0,sticky = 'w',ipadx=3) 261 | #--parse-errors Parse and display DBMS error messages from responses 262 | self.chkParseEr = ttk.Checkbutton(genOptLF) 263 | self.chkParseEr_var = StringVar() 264 | self.chkParseEr.config(text="parse-errors", variable= self.chkParseEr_var, onvalue= "on" , 265 | offvalue = "off", command= self.chkParseEr) 266 | self.chkParseEr.grid(row=2,column=0,sticky = 'w') 267 | #--flush-session Flush session file for current target 268 | self.chkFlush = ttk.Checkbutton(genOptLF) 269 | self.chkFlush_var = StringVar() 270 | self.chkFlush.config(text="flush-session", variable= self.chkFlush_var, onvalue= "on" , 271 | offvalue = "off", command= self.fFlush) 272 | self.chkFlush.grid(row=0,column=1,sticky = 'w',ipadx=3) 273 | #--replicate 274 | self.chkReplicate = ttk.Checkbutton(genOptLF) 275 | self.chkReplicate_var = StringVar() 276 | self.chkReplicate.config(text="replicate", variable= self.chkReplicate_var, onvalue= "on" , 277 | offvalue = "off", command= self.fReplicate) 278 | self.chkReplicate.grid(row=1,column = 1, sticky = 'w') 279 | #--eta Display for each output the estimated time of arrival 280 | self.chkEta = ttk.Checkbutton(genOptLF) 281 | self.chkEta_var = StringVar() 282 | self.chkEta.config(text="eta", variable= self.chkEta_var, onvalue= "on" , 283 | offvalue = "off", command= self.fEta) 284 | self.chkEta.grid(row=2,column=1,sticky = 'w') 285 | # Batch / Verbose OTHER 286 | self.chk_Batch = ttk.Checkbutton(genOptLF) 287 | self.chk_Batch_var = StringVar() 288 | self.chk_Batch.config(text="batch", variable= self.chk_Batch_var, onvalue= "on", 289 | offvalue = "off", command= self.chekBatch) 290 | self.chk_Batch.grid(row=0,column=3, sticky= 'w',ipadx=3) 291 | # --hex 292 | self.chk_Hex = ttk.Checkbutton(genOptLF) 293 | self.chk_Hex_var = StringVar() 294 | self.chk_Hex.config(text="hex", variable= self.chk_Hex_var, onvalue= "on", 295 | offvalue = "off", command= self.chekHex) 296 | self.chk_Hex.grid(row=1,column=3, sticky= 'w') 297 | #--save 298 | self.chk_Save = ttk.Checkbutton(genOptLF) 299 | self.chk_Save_var = StringVar() 300 | self.chk_Save.config(text="save", variable= self.chk_Save_var, onvalue= "on", 301 | offvalue = "off", command= self.fSave) 302 | self.chk_Save.grid(row=2,column=3, sticky= 'w') 303 | #--charset=CHARSET Force character encoding used for data retrieval 304 | self.chkCharset= ttk.Checkbutton(genOptLF) 305 | self.chkCharset_var = StringVar() 306 | self.chkCharset.config(text="charset", variable= self.chkCharset_var, onvalue= "on" , 307 | offvalue = "off", command= self.fCharset) 308 | self.chkCharset.grid(row=0,column=4,sticky = 'w') 309 | # 310 | self.eCharset = ttk.Entry(genOptLF,width=10) 311 | self.eCharset.grid(row=0,column=5, sticky='w',padx=3) 312 | #--crawl=CRAWLDEPTH Crawl the website starting from the target url 313 | self.chkCrawl = ttk.Checkbutton(genOptLF) 314 | self.chkCrawl_var = StringVar() 315 | self.chkCrawl.config(text="crawl", variable= self.chkCrawl_var, onvalue= "on" , 316 | offvalue = "off", command= self.fCrawl) 317 | self.chkCrawl.grid(row=1,column=4,sticky = 'w') 318 | # 319 | self.eCrawl = ttk.Entry(genOptLF,width=15) 320 | self.eCrawl.grid(row=1,column=5, sticky='w',padx=3) 321 | #--csv-del=CSVDEL 322 | self.eCsv= ttk.Entry(genOptLF, width=15) 323 | self.eCsv.config(text="" , textvariable="" ) 324 | self.eCsv.grid(row=2,column=5, sticky='w',padx=3) 325 | # 326 | self.chkCsv = ttk.Checkbutton(genOptLF) 327 | self.chkCsv_var = StringVar() 328 | self.chkCsv.config(text="csv-del", variable= self.chkCsv_var, onvalue= "on" , 329 | offvalue = "off", command= self.fCsv) 330 | self.chkCsv.grid(row=2,column = 4, sticky = 'w') 331 | # 332 | genFileLF = ttk.Labelframe(genOptLF, text='') 333 | genFileLF.grid(row=4, sticky='we',columnspan=10, rowspan=3) 334 | #-s SESSIONFILE Save and resume all data retrieved on a session file 335 | self.chkSesFile = ttk.Checkbutton(genFileLF) 336 | self.chkSesFile_var = StringVar() 337 | self.chkSesFile.config(text="s SESSIONFILE", variable= self.chkSesFile_var, onvalue= "on" , 338 | offvalue = "off", command= self.fSesFile) 339 | self.chkSesFile.grid(row=0,column=0,sticky = 'w',ipadx=15) 340 | # 341 | self.eSesFile = ttk.Entry(genFileLF,width=20) 342 | self.eSesFile.grid(row=0,column=1, sticky='we') 343 | #-t TRAFFICFILE Log all HTTP traffic into a textual file 344 | self.chkTrafFile = ttk.Checkbutton(genFileLF) 345 | self.chkTrafFile_var = StringVar() 346 | self.chkTrafFile.config(text="t TRAFFICFILE", variable= self.chkTrafFile_var, onvalue= "on" , 347 | offvalue = "off", command= self.fTrafFile) 348 | self.chkTrafFile.grid(row=1,column=0,sticky = 'w',ipadx=15) 349 | # 350 | self.eTrafFile = ttk.Entry(genFileLF,width=20) 351 | self.eTrafFile.grid(row=1,column=1, sticky='we') 352 | # 353 | #--output-dir= 354 | self.chkOutDir = ttk.Checkbutton(genFileLF) 355 | self.chkOutDir_var = StringVar() 356 | self.chkOutDir.config(text="output-dir", variable= self.chkOutDir_var, onvalue= "on" , 357 | offvalue = "off", command= self.fOutDir) 358 | self.chkOutDir.grid(row=0,column=3,sticky = 'w',ipadx=15) 359 | # 360 | self.eOutDir = ttk.Entry(genFileLF,width=20) 361 | self.eOutDir.grid(row=0,column=4, sticky='we') 362 | #--dbms-cred=DCRED 363 | self.chkDCRED = ttk.Checkbutton(genFileLF) 364 | self.chkDCRED_var = StringVar() 365 | self.chkDCRED.config(text="dbms-cred", variable= self.chkDCRED_var, onvalue= "on" , 366 | offvalue = "off", command= self.fDCRED) 367 | self.chkDCRED.grid(row=1,column=3,sticky = 'w',ipadx=15) 368 | # 369 | self.eDCRED = ttk.Entry(genFileLF,width=20) 370 | self.eDCRED.grid(row=1,column=4, sticky='we') 371 | # TOR 372 | #--check-tor Check to see if Tor is used properly 373 | self.chkTor = ttk.Checkbutton(genOptLF) 374 | self.chkTor_var = StringVar() 375 | self.chkTor.config(text = "check-tor", variable= self.chkTor_var, onvalue= "on" , 376 | offvalue = "off", command= self.fTor) 377 | self.chkTor.grid(row=0,column=6, sticky='w') 378 | #--tor Use Tor anonymity network 379 | self.chkTorUse = ttk.Checkbutton(genOptLF) 380 | self.chkTorUse_var = StringVar() 381 | self.chkTorUse.config(text = "use tor", variable= self.chkTorUse_var, onvalue= "on" , 382 | offvalue = "off", command= self.fTorUse) 383 | self.chkTorUse.grid(row=1,column=6,sticky='w') 384 | #--tor-port=TORPORT Set Tor proxy port other than default 385 | self.chkTorPort = ttk.Checkbutton(genOptLF) 386 | self.chkTorPort_var = StringVar() 387 | self.chkTorPort.config(text="tor-port", variable= self.chkTorPort_var, onvalue= "on" , 388 | offvalue = "off", command= self.fTorPort) 389 | self.chkTorPort.grid(row=0,column=7,sticky = 'w') 390 | # 391 | self.eTorPort = ttk.Entry(genOptLF,width=6) 392 | self.eTorPort.grid(row=0,column=8, sticky='w') 393 | #--tor-type=TORTYPE Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5) 394 | self.chkTorType = ttk.Checkbutton(genOptLF) 395 | self.chkTorType_var = StringVar() 396 | self.chkTorType.config(text="tor-type", variable= self.chkTorType_var, onvalue= "on" , 397 | offvalue = "off", command= self.fTorType) 398 | self.chkTorType.grid(row=1,column=7,sticky = 'w') 399 | # 400 | self.eTorType = ttk.Entry(genOptLF,width=6) 401 | self.eTorType.grid(row=1,column=8, sticky='w') 402 | #Miscellaneous: 403 | miscOptLF = ttk.Labelframe(setingsF, text='Miscellaneous') 404 | miscOptLF.grid(row=3, sticky='we',columnspan=2,pady=10) 405 | #--beep Sound alert when SQL injection found 406 | self.chkBeep = ttk.Checkbutton(miscOptLF) 407 | self.chkBeep_var = StringVar() 408 | self.chkBeep.config(text = "beep", variable= self.chkBeep_var, onvalue= "on" , 409 | offvalue = "off", command= self.fBeep) 410 | self.chkBeep.grid(row=0,column=0, sticky='w',ipadx=10) 411 | #--check-payload Offline WAF/IPS/IDS payload detection testing 412 | self.chkPayload = ttk.Checkbutton(miscOptLF) 413 | self.chkPayload_var = StringVar() 414 | self.chkPayload.config(text = "check-payload", variable= self.chkPayload_var, onvalue= "on" , 415 | offvalue = "off", command= self.fPayload) 416 | self.chkPayload.grid(row=1,column=0, sticky='w',ipadx=10) 417 | #--check-waf Check for existence of WAF/IPS/IDS protection 418 | self.chkWaf = ttk.Checkbutton(miscOptLF) 419 | self.chkWaf_var = StringVar() 420 | self.chkWaf.config(text = "check-waf", variable= self.chkWaf_var, onvalue= "on" , 421 | offvalue = "off", command= self.fWaf) 422 | self.chkWaf.grid(row=2,column=0, sticky='w') 423 | #--cleanup Clean up the DBMS by sqlmap specific UDF and tables 424 | self.chkCleanup = ttk.Checkbutton(miscOptLF) 425 | self.chkCleanup_var = StringVar() 426 | self.chkCleanup.config(text = "cleanup", variable= self.chkCleanup_var, onvalue= "on" , 427 | offvalue = "off", command= self.fCleanup) 428 | self.chkCleanup.grid(row=0,column=1, sticky='w') 429 | #--dependencies Check for missing sqlmap dependencies 430 | self.chkDependencies = ttk.Checkbutton(miscOptLF) 431 | self.chkDependencies_var = StringVar() 432 | self.chkDependencies.config(text = "dependencies", variable= self.chkDependencies_var, onvalue= "on" , 433 | offvalue = "off", command= self.fDependencies) 434 | self.chkDependencies.grid(row=1,column=1, sticky='w',ipadx=10) 435 | #--mobile Imitate smartphone through HTTP User-Agent header 436 | self.chkMobile = ttk.Checkbutton(miscOptLF) 437 | self.chkMobile_var = StringVar() 438 | self.chkMobile.config(text = "mobile", variable= self.chkMobile_var, onvalue= "on" , 439 | offvalue = "off", command= self.fMobile) 440 | self.chkMobile.grid(row=2,column=1, sticky='w') 441 | #--page-rank Display page rank (PR) for Google dork results 442 | self.chkRank = ttk.Checkbutton(miscOptLF) 443 | self.chkRank_var = StringVar() 444 | self.chkRank.config(text = "page-rank", variable= self.chkRank_var, onvalue= "on" , 445 | offvalue = "off", command= self.fRank) 446 | self.chkRank.grid(row=0,column=2, sticky='w') 447 | #--purge-output Safely remove all content from output directory 448 | self.chkPurge = ttk.Checkbutton(miscOptLF) 449 | self.chkPurge_var = StringVar() 450 | self.chkPurge.config(text = "purge-output", variable= self.chkPurge_var, onvalue= "on" , 451 | offvalue = "off", command= self.fPurge) 452 | self.chkPurge.grid(row=1,column=2, sticky='w',ipadx=10) 453 | #--smart Conduct through tests only if positive heuristic(s) 454 | self.chkSmart = ttk.Checkbutton(miscOptLF) 455 | self.chkSmart_var = StringVar() 456 | self.chkSmart.config(text = "smart", variable= self.chkSmart_var, onvalue= "on" , 457 | offvalue = "off", command= self.fSmart) 458 | self.chkSmart.grid(row=2,column=2, sticky='w') 459 | #--gpage=GOOGLEPAGE Use Google dork results from specified page number 460 | self.chkGpage = ttk.Checkbutton(miscOptLF) 461 | self.chkGpage_var = StringVar() 462 | self.chkGpage.config(text="gpage", variable= self.chkGpage_var, onvalue= "on" , 463 | offvalue = "off", command= self.fGpage) 464 | self.chkGpage.grid(row=0,column=3,sticky = 'w') 465 | # 466 | self.eGpage = ttk.Entry(miscOptLF,width=10) 467 | self.eGpage.grid(row=0,column=4, sticky='w', padx=5) 468 | # --test-filter=TSTF 469 | self.chkTSTF = ttk.Checkbutton(miscOptLF) 470 | self.chkTSTF_var = StringVar() 471 | self.chkTSTF.config(text="test-filter", variable= self.chkTSTF_var, onvalue= "on" , 472 | offvalue = "off", command= self.fTSTF) 473 | self.chkTSTF.grid(row=1,column=3,sticky = 'w') 474 | # 475 | self.eTSTF = ttk.Entry(miscOptLF,width=10) 476 | self.eTSTF.grid(row=1,column=4, sticky='w', padx=5) 477 | #--exact 478 | self.chkExact = ttk.Checkbutton(miscOptLF) 479 | self.chkExact_var = StringVar() 480 | self.chkExact.config(text = "exact", variable= self.chkExact_var, onvalue= "on" , 481 | offvalue = "off", command= self.fExact) 482 | self.chkExact.grid(row=2,column=3, sticky='w') 483 | #--disable-hash Disable password hash cracking mechanism 484 | self.chkDHash = ttk.Checkbutton(miscOptLF) 485 | self.chkDHash_var = StringVar() 486 | self.chkDHash.config(text = "disable-hash", variable= self.chkDHash_var, onvalue= "on" , 487 | offvalue = "off", command= self.fDHash) 488 | self.chkDHash.grid(row=0,column=5, sticky='w') 489 | #--disable-like Disable LIKE search of identificator names 490 | self.chkDLike = ttk.Checkbutton(miscOptLF) 491 | self.chkDLike_var = StringVar() 492 | self.chkDLike.config(text = "disable-like", variable= self.chkDLike_var, onvalue= "on" , 493 | offvalue = "off", command= self.fDLike) 494 | self.chkDLike.grid(row=1,column=5, sticky='w') 495 | # 496 | optimiz_LF = ttk.Labelframe(setingsF, text='Optimizations, Fingerprint, Verbose') 497 | optimiz_LF.grid(row=0, sticky='we', pady=10,columnspan=4) 498 | optimiz_LF.columnconfigure(0, weight=1) 499 | # 500 | self.chkOpt = ttk.Checkbutton(optimiz_LF) 501 | self.chkOpt_var = StringVar() 502 | self.chkOpt.config(text="o", variable= self.chkOpt_var, onvalue= "on" , 503 | offvalue = "off", command= self.chekOpt) 504 | self.chkOpt.grid(row=0,column = 0, sticky = 'wn', pady=1) 505 | #-ALL 506 | self.chkO = ttk.Checkbutton(optimiz_LF) 507 | self.chkO_var = StringVar() 508 | self.chkO.config(text="o", variable= self.chkO_var, onvalue= "on" , 509 | offvalue = "off", command= self.fO) 510 | self.chkO.grid(row=0,column = 0, sticky = 'w') 511 | #--predict-output Predict common queries output 512 | self.chkPred = ttk.Checkbutton(optimiz_LF) 513 | self.chkPred_var = StringVar() 514 | self.chkPred.config(text="predict-output", variable= self.chkPred_var, onvalue= "on" , 515 | offvalue = "off", command= self.chekPred) 516 | self.chkPred.grid(row=0,column = 1, sticky = 'w') 517 | #--keep-alive 518 | self.chkKeep = ttk.Checkbutton(optimiz_LF) 519 | self.chkKeep_var = StringVar() 520 | self.chkKeep.config(text="keep-alive", variable= self.chkKeep_var, onvalue= "on" , 521 | offvalue = "off", command= self.chekKeep) 522 | self.chkKeep.grid(row=0,column = 3, sticky = 'w') 523 | #--null-connection Retrieve page length without actual HTTP response body 524 | self.chkNull = ttk.Checkbutton(optimiz_LF) 525 | self.chkNull_var = StringVar() 526 | self.chkNull.config(text="null-connection", variable= self.chkNull_var, onvalue= "on" , 527 | offvalue = "off", command= self.chekNull) 528 | self.chkNull.grid(row=0,column = 4, sticky = 'w') 529 | #--threads=THREADS Max number of concurrent HTTP(s) requests (default 1) 530 | self.chk_thr = ttk.Checkbutton(optimiz_LF) 531 | self.chk_thr_var = StringVar() 532 | self.chk_thr.config(text="threads", variable= self.chk_thr_var, onvalue= "on", 533 | offvalue = "off", command= self.chek_thr) 534 | self.chk_thr.grid(row=0,column=5,sticky = 'w') 535 | self.thr = ttk.Combobox(optimiz_LF) 536 | self.thr_value = StringVar() 537 | self.thr.config(textvariable=self.thr_value, state='disable', width = 2) 538 | self.thr['values'] = ('1','2', '3','4','5','6','7','8','9','10') 539 | self.thr.current(0) 540 | self.thr.bind('<>', self.chek_thr) 541 | self.thr.grid(row=0,column=6,sticky ='w',padx=5) 542 | #-f, --fingerprint 543 | self.chk_fing = ttk.Checkbutton(optimiz_LF) 544 | self.chk_fing_var = StringVar() 545 | self.chk_fing.config(text="fingerprint", variable= self.chk_fing_var, onvalue= "on", 546 | offvalue = "off", command= self.chekFing) 547 | self.chk_fing.grid(row=0,column=7, sticky= 'w') 548 | # Verbose 549 | self.chk_verb = ttk.Checkbutton(optimiz_LF) 550 | self.chk_verb_var = StringVar() 551 | self.chk_verb.config(text="verbose", variable= self.chk_verb_var, onvalue= "on", 552 | offvalue = "off", command= self.chek_verb) 553 | self.chk_verb.grid(row=0,column=8, sticky='w') 554 | self.box_verb = ttk.Combobox(optimiz_LF) 555 | self.box_verb_value = StringVar() 556 | self.box_verb.config(textvariable=self.box_verb_value, state='disabled', width = 2) 557 | self.box_verb['values'] = ('0','1', '2', '3','4','5','6') 558 | self.box_verb.current(0) 559 | self.box_verb.bind('<>', self.chek_verb) 560 | self.box_verb.grid(row=0,column=9,sticky ='w') 561 | # Group (Injection, Detections,Techniques) 562 | panedITO = ttk.Panedwindow(sDetTechF, orient=HORIZONTAL) 563 | panedITO.rowconfigure( 0, weight=1 ) 564 | panedITO.columnconfigure( 0, weight=1 ) 565 | # 566 | injectionLF = ttk.Labelframe(panedITO, text='Injection') 567 | injectionLF.rowconfigure(0, weight=1 ) 568 | injectionLF.columnconfigure( 0, weight=1 ) 569 | # 570 | tampersLF = ttk.Labelframe(panedITO, text='Tampers') 571 | tampersLF.rowconfigure( 0, weight=1 ) 572 | tampersLF.columnconfigure( 0, weight=1 ) 573 | # 574 | panedITO.add(injectionLF) 575 | panedITO.add(tampersLF) 576 | panedITO.grid(row=0, column=0,pady=10, sticky='we') 577 | # 578 | #-p TESTPARAMETER Testable parameter(s) 579 | self.entryParam = ttk.Entry(injectionLF) 580 | self.entryParam.config(width=30) 581 | self.entryParam.grid(row=3,column=1, sticky='we',padx=3) 582 | # 583 | self.chkParam = ttk.Checkbutton(injectionLF) 584 | self.chkParam_var = StringVar() 585 | self.chkParam.config(text="parametr", variable= self.chkParam_var, onvalue= "on" , 586 | offvalue = "off", command= self.chekParam) 587 | self.chkParam.grid(row=3,column = 0, sticky = 'w') 588 | # Select database 589 | self.chk_dbms = ttk.Checkbutton(injectionLF) 590 | self.chk_dbms_var = StringVar() 591 | self.chk_dbms.config(text="dbms", variable= self.chk_dbms_var, onvalue= "on" , 592 | offvalue = "off", command= self.chek_dbms) 593 | self.chk_dbms.grid(row=0,column=0,sticky = 'sw') 594 | # 595 | self.box = ttk.Combobox(injectionLF) 596 | self.box_value = StringVar() 597 | self.box.config(textvariable=self.box_value, state='disabled', width = 30) 598 | self.box['values'] = ("access", "db2", "firebird", "maxdb", "mssqlserver", "mysql", "oracle", "postgresql", "sqlite", "sybase") 599 | self.box.current(0) 600 | self.box.bind('<>', self.chek_dbms) 601 | self.box.grid(row=0,column=1,sticky ='sw',padx=3) 602 | # Prefix: 603 | self.entryPrefix = ttk.Entry(injectionLF) 604 | self.entryPrefix.config(text="" , textvariable="", width = 30) 605 | self.entryPrefix.grid(row=4,column=1, sticky='we',padx=3) 606 | # 607 | self.chkPrefix = ttk.Checkbutton(injectionLF) 608 | self.chkPrefix_var = StringVar() 609 | self.chkPrefix.config(text="prefix", variable= self.chkPrefix_var, onvalue= "on" , 610 | offvalue = "off", command= self.chekPrefix) 611 | self.chkPrefix.grid(row=4,column = 0, sticky = W) 612 | # Suffix: 613 | self.entrySuffix = ttk.Entry(injectionLF) 614 | self.entrySuffix.config(text="" , textvariable="", width = 30) 615 | self.entrySuffix.grid(row=5,column=1, sticky='we',padx=3) 616 | # 617 | self.chkSuffix = ttk.Checkbutton(injectionLF) 618 | self.chkSuffix_var = StringVar() 619 | self.chkSuffix.config(text="suffix", variable= self.chkSuffix_var, onvalue= "on" , 620 | offvalue = "off", command= self.chekSuffix) 621 | self.chkSuffix.grid(row=5,column = 0, sticky = 'w') 622 | # --os 623 | self.entryOS = ttk.Entry(injectionLF) 624 | self.entryOS.config(text="" , textvariable="", width = 30) 625 | self.entryOS.grid(row=6,column=1, sticky='we',padx=3) 626 | # 627 | self.chkOS = ttk.Checkbutton(injectionLF) 628 | self.chkOS_var = StringVar() 629 | self.chkOS.config(text="OS", variable= self.chkOS_var, onvalue= "on" , 630 | offvalue = "off", command= self.chekOS) 631 | self.chkOS.grid(row=6,column = 0, sticky = 'w') 632 | #--skip 633 | self.entrySkip = ttk.Entry(injectionLF) 634 | self.entrySkip.config(text="" , textvariable="", width = 30) 635 | self.entrySkip.grid(row=7,column=1, sticky='we',padx=3) 636 | # 637 | self.chkSkip = ttk.Checkbutton(injectionLF) 638 | self.chkSkip_var = StringVar() 639 | self.chkSkip.config(text="skip", variable= self.chkSkip_var, onvalue= "on" , 640 | offvalue = "off", command= self.chekSkip) 641 | self.chkSkip.grid(row=7,column = 0, sticky = 'w') 642 | # 643 | panedInj = ttk.Panedwindow(injectionLF, orient=HORIZONTAL) 644 | panedInj.rowconfigure( 0, weight=1 ) 645 | panedInj.columnconfigure( 0, weight=1 ) 646 | #add: 647 | chkInjLF = ttk.Labelframe(panedInj, text='') 648 | chkInjLF.rowconfigure( 0, weight=1 ) 649 | chkInjLF.columnconfigure( 0, weight=1 ) 650 | # 651 | panedInj.add(chkInjLF) 652 | panedInj.grid(row=8, column=0,columnspan=2, sticky='we') 653 | #--invalid-logical 654 | self.chkLogical = ttk.Checkbutton(chkInjLF) 655 | self.chkLogical_var = StringVar() 656 | self.chkLogical.config(text="invalid-logical", variable= self.chkLogical_var, onvalue= "on" , 657 | offvalue = "off", command= self.chekLogical,width=14) 658 | self.chkLogical.grid(row=0,column=0,sticky = 'w') 659 | #--invalid-bignum 660 | self.chkBigNum = ttk.Checkbutton(chkInjLF) 661 | self.chkBigNum_var = StringVar() 662 | self.chkBigNum.config(text="invalid-bignum", variable= self.chkBigNum_var, onvalue= "on" , 663 | offvalue = "off", command= self.chekBigNum,width=14) 664 | self.chkBigNum.grid(row=0,column=1,sticky = 'w') 665 | #--no-cast 666 | self.chkCast = ttk.Checkbutton(chkInjLF) 667 | self.chkCast_var = StringVar() 668 | self.chkCast.config(text="no-cast", variable= self.chkCast_var, onvalue= "on" , 669 | offvalue = "off", command= self.chekCast) 670 | self.chkCast.grid(row=0,column=2,sticky = 'w') 671 | #-Tamper: 672 | self.Ltamper=Listbox(tampersLF,height=8,width=25,selectmode=EXTENDED) 673 | # *.py in listbox, exclude __init__.py 674 | files_tamper = os.listdir('./tamper') 675 | tampers = filter(lambda x: x.endswith('.py'), files_tamper) 676 | for tamp_list in sorted(tampers): 677 | if tamp_list not in "__init__.py": 678 | self.Ltamper.insert(END,tamp_list) 679 | self.Ltamper.rowconfigure( 0, weight=1 ) 680 | self.Ltamper.columnconfigure( 0, weight=1 ) 681 | self.Ltamper.grid(row =0, column = 0, padx=5, sticky='nswe') 682 | # Tamper Scroll 683 | scrollTamper = ttk.Scrollbar(tampersLF, orient=VERTICAL, command=self.Ltamper.yview) 684 | self.Ltamper['yscrollcommand'] = scrollTamper.set 685 | scrollTamper.grid(row=0,column=1, sticky='ns') 686 | # 687 | panedDTO = ttk.Panedwindow(sDetTechF, orient=HORIZONTAL) 688 | panedDTO.columnconfigure( 0, weight=1 ) 689 | # 690 | detectionLF = ttk.Labelframe(panedDTO, text='Detection') 691 | detectionLF.columnconfigure( 0, weight=1 ) 692 | # 693 | techniqueLF = ttk.Labelframe(panedDTO, text='Technique') 694 | techniqueLF.columnconfigure( 0, weight=1 ) 695 | # 696 | panedDTO.add(detectionLF) 697 | panedDTO.add(techniqueLF) 698 | panedDTO.grid(row=1, column=0, columnspan=2,sticky='we',ipady=0) 699 | # String: 700 | self.entryStr = ttk.Entry(detectionLF,width=30) 701 | self.entryStr.grid(row=0,column=1, sticky = 'e',padx=3) 702 | # 703 | self.chkStr = ttk.Checkbutton(detectionLF) 704 | self.chkStr_var = StringVar() 705 | self.chkStr.config(text="String", variable= self.chkStr_var, onvalue= "on" , 706 | offvalue = "off", command= self.chekStr) 707 | self.chkStr.grid(row=0,column = 0, sticky = 'sw',ipadx=16) 708 | #--regexp=REGEXP 709 | self.entryReg = ttk.Entry(detectionLF,width=30) 710 | self.entryReg.grid(row=1,column=1, sticky = 'we',padx=3) 711 | # 712 | self.chkReg = ttk.Checkbutton(detectionLF) 713 | self.chkReg_var = StringVar() 714 | self.chkReg.config(text="Regexp", variable= self.chkReg_var, onvalue= "on" , 715 | offvalue = "off", command= self.chekReg) 716 | self.chkReg.grid(row=1,column = 0, sticky = 'w') 717 | #--code=CODE 718 | self.chkCode = ttk.Checkbutton(detectionLF) 719 | self.chkCode_var = StringVar() 720 | self.chkCode.config(text="Code", variable= self.chkCode_var, onvalue= "on" , 721 | offvalue = "off", command= self.chekCode) 722 | self.chkCode.grid(row=3,column = 0, sticky = 'w') 723 | # 724 | self.entryCode = ttk.Entry(detectionLF,width=30) 725 | self.entryCode.grid(row=3,column=1, sticky = 'we',padx=3) 726 | #--level=LEVEL 727 | self.chk_level = ttk.Checkbutton(detectionLF) 728 | self.chk_level_var = StringVar() 729 | self.chk_level.config(text="level", variable= self.chk_level_var, onvalue= "on" , 730 | offvalue = "off", command= self.chek_level) 731 | self.chk_level.grid(row=4,column=0,sticky = 'w') 732 | # 733 | self.box_level = ttk.Combobox(detectionLF) 734 | self.box_level_value = StringVar() 735 | self.box_level.config(textvariable=self.box_level_value, state='disabled', width = 5) 736 | self.box_level['values'] = ('1', '2', '3','4','5') 737 | self.box_level.current(0) 738 | self.box_level.bind('<>', self.chek_level) 739 | self.box_level.grid(row=4,column=1,sticky = 'w',padx=3) 740 | #--risk=RISK 741 | self.chk_risk = ttk.Checkbutton(detectionLF) 742 | self.chk_risk_var = StringVar() 743 | self.chk_risk.config(text="risk", variable= self.chk_risk_var, onvalue= "on", 744 | offvalue = "off", command= self.chek_risk) 745 | self.chk_risk.grid(row=5,column=0,sticky = 'w') 746 | # 747 | self.box_risk = ttk.Combobox(detectionLF) 748 | self.box_risk_value = StringVar() 749 | self.box_risk.config(textvariable=self.box_risk_value, state='disabled', width = 5) 750 | self.box_risk['values'] = ('1', '2', '3') 751 | self.box_risk.current(0) 752 | self.box_risk.bind('<>', self.chek_risk) 753 | self.box_risk.grid(row=5,column=1,sticky = 'w',padx=3) 754 | #--text-only 755 | self.chkTxt = ttk.Checkbutton(detectionLF) 756 | self.chk_Txt_var = StringVar() 757 | self.chkTxt.config(text="text-only", variable= self.chk_Txt_var, onvalue= "on" , 758 | offvalue = "off", command= self.chekTxt) 759 | self.chkTxt.grid(row=6,column = 0, sticky = 'w') 760 | #--titles 761 | self.chkTit = ttk.Checkbutton(detectionLF) 762 | self.chk_Tit_var = StringVar() 763 | self.chkTit.config(text="titles", variable= self.chk_Tit_var, onvalue= "on" , 764 | offvalue = "off", command= self.chekTit) 765 | self.chkTit.grid(row=7,column = 0, sticky = 'w') 766 | #--technique=TECH 767 | self.chk_tech = ttk.Checkbutton(techniqueLF) 768 | self.chk_tech_var = StringVar() 769 | self.chk_tech.config(text="technique", variable= self.chk_tech_var, onvalue= "on", 770 | offvalue = "off", command= self.chek_tech) 771 | self.chk_tech.grid(row=0,column=0,sticky = 'nw') 772 | # 773 | self.boxInj = ttk.Combobox(techniqueLF) 774 | self.boxInj_value = StringVar() 775 | self.boxInj.config(textvariable=self.boxInj_value, state='disabled', width = 15) 776 | self.boxInj['values'] = ('B','E', 'U','S','T') 777 | self.boxInj.current(0) 778 | self.boxInj.bind('<>', self.chek_tech) 779 | self.boxInj.grid(row=0,column=1,sticky ='nwe',padx=3) 780 | # 781 | self.entryCol = ttk.Entry(techniqueLF) 782 | self.entryCol.config(text = "" , textvariable = "", width = 15) 783 | self.entryCol.grid(row = 1,column = 1, sticky='nwe',padx=3) 784 | # 785 | self.chkCol = ttk.Checkbutton(techniqueLF) 786 | self.chkCol_var = StringVar() 787 | self.chkCol.config(text="cols", variable= self.chkCol_var, onvalue= "on" , 788 | offvalue = "off", command= self.chekCol) 789 | self.chkCol.grid(row=1,column = 0, sticky = 'nw') 790 | #--union-char 791 | self.entryChar = ttk.Entry(techniqueLF) 792 | self.entryChar.config(text="" , textvariable="", width = 15) 793 | self.entryChar.grid(row=2,column=1, sticky='nwe',padx=3) 794 | # 795 | self.chkChar = ttk.Checkbutton(techniqueLF) 796 | self.chkChar_var = StringVar() 797 | self.chkChar.config(text="char", variable= self.chkChar_var, onvalue= "on" , 798 | offvalue = "off", command= self.chekChar) 799 | self.chkChar.grid(row=2,column = 0, sticky = 'nw') 800 | #--time-sec 801 | self.entrySec = ttk.Entry(techniqueLF) 802 | self.entrySec.config(text="" , textvariable="", width = 15) 803 | self.entrySec.grid(row=3,column=1, sticky='nwe',padx=3) 804 | # 805 | self.chkSec = ttk.Checkbutton(techniqueLF) 806 | self.chkSec_var = StringVar() 807 | self.chkSec.config(text="time-sec", variable= self.chkSec_var, onvalue= "on" , 808 | offvalue = "off", command= self.chekSec) 809 | self.chkSec.grid(row=3,column = 0, sticky = 'nw') 810 | # 811 | self.entryDNS = ttk.Entry(techniqueLF) 812 | self.entryDNS.config(text="" , textvariable="", width = 15) 813 | self.entryDNS.grid(row=4,column=1, sticky='nwe',padx=3) 814 | #--dns-domain 815 | self.chkDNS = ttk.Checkbutton(techniqueLF) 816 | self.chkDNS_var = StringVar() 817 | self.chkDNS.config(text="dns-domain", variable= self.chkDNS_var, onvalue= "on" , 818 | offvalue = "off", command= self.chekDNS) 819 | self.chkDNS.grid(row=4, column = 0, sticky = 'nw') 820 | sep = ttk.Separator(techniqueLF, orient=HORIZONTAL) 821 | sep.grid(row = 5, ipady=20, sticky='w') 822 | # data 823 | dataN = ttk.Notebook(requestF) 824 | data1 = ttk.Frame(dataN) 825 | dataN.add(data1, text=' 1 ') 826 | data1.columnconfigure(0, weight=1) 827 | data2 = ttk.Frame(dataN) 828 | dataN.add(data2, text=' 2 ') 829 | data2.columnconfigure(0, weight=1) 830 | dataN.columnconfigure(0, weight=1) 831 | dataN.grid(row=0,sticky = 'nswe',padx=5,pady=5) 832 | dataLF = ttk.Labelframe(data1, text='') 833 | dataLF.grid(row = 0, column =0,pady=10, sticky='we') 834 | #DATA 1 835 | #--random-agent 836 | self.chkRandomAg = ttk.Checkbutton(dataLF) 837 | self.chkRandomAg_var = StringVar() 838 | self.chkRandomAg.config(text = "random-agent", variable= self.chkRandomAg_var, onvalue= "on", offvalue = "off", command= self.fRandomAg) 839 | self.chkRandomAg.grid(row=0,column=0, sticky='w') 840 | #--data=DATA Data string to be sent through POST 841 | self.chkdata = ttk.Checkbutton(dataLF) 842 | self.chkdata_var = StringVar() 843 | self.chkdata.config(text = "data", variable= self.chkdata_var, onvalue= "on" , 844 | offvalue = "off", command= self.chekdata) 845 | self.chkdata.grid(row=1,column=0, sticky='w') 846 | # 847 | self.entryData = ttk.Entry(dataLF, width=60) 848 | self.entryData.grid(row =1,column=1, sticky='we',padx=3) 849 | self.entryData.columnconfigure(0, weight=1) 850 | #--param-del=PDEL 851 | self.chkPDEL = ttk.Checkbutton(dataLF) 852 | self.chkPDEL_var = StringVar() 853 | self.chkPDEL.config(text = "param-del", variable= self.chkPDEL_var, onvalue= "on" , 854 | offvalue = "off", command= self.fPDEL) 855 | self.chkPDEL.grid(row=2,column=0, sticky='w') 856 | # 857 | self.ePDEL = ttk.Entry(dataLF, width=60) 858 | self.ePDEL.grid(row =2,column=1, sticky='we',padx=3) 859 | self.ePDEL.columnconfigure(0, weight=1) 860 | #--cookie=COOKIE HTTP Cookie header 861 | self.chkCook = ttk.Checkbutton(dataLF) 862 | self.chkCook_var = StringVar() 863 | self.chkCook.config(text="cookie", variable= self.chkCook_var, onvalue= "on" , 864 | offvalue = "off", command= self.chekCook) 865 | self.chkCook.grid(row=3,column=0, sticky='w') 866 | self.entryCook = ttk.Entry(dataLF, width=60) 867 | self.entryCook.grid(row=3,column=1, sticky='we',padx=3) 868 | self.entryCook.columnconfigure(0, weight=1) 869 | #--load-cookies=LOC File containing cookies in Netscape/wget format 870 | self.chkLoadCookies = ttk.Checkbutton(dataLF) 871 | self.chkLoadCookies_var = StringVar() 872 | self.chkLoadCookies.config(text="load-cookies", variable= self.chkLoadCookies_var, onvalue= "on" , 873 | offvalue = "off", command= self.fLoadCookies) 874 | self.chkLoadCookies.grid(row=4,column=0, sticky='w') 875 | # 876 | self.varLoadCookies = StringVar() 877 | self.eLoadCookies = ttk.Entry(dataLF, width=60) 878 | self.eLoadCookies.config(text="", textvariable = self.varLoadCookies) 879 | self.eLoadCookies.grid(row=4,column=1, sticky='we',padx=3) 880 | self.eLoadCookies.columnconfigure(0, weight=1) 881 | #--cookie-urlencode URL Encode generated cookie injections 882 | self.chkCookieUrlencode = ttk.Checkbutton(dataLF) 883 | self.chkCookieUrlencode_var = StringVar() 884 | self.chkCookieUrlencode.config(text="cookie-urlencode", variable= self.chkCookieUrlencode_var, onvalue= "on" , 885 | offvalue = "off", command= self.fCookieUrlencode) 886 | self.chkCookieUrlencode.grid(row=5,column=0, sticky='w') 887 | #--drop-set-cookie 888 | self.chkDropSetCookie = ttk.Checkbutton(dataLF) 889 | self.chkDropSetCookie_var = StringVar() 890 | self.chkDropSetCookie.config(text="drop-set-cookie", variable= self.chkDropSetCookie_var, onvalue= "on" , 891 | offvalue = "off", command= self.fDropSetCookie) 892 | self.chkDropSetCookie.grid(row=6,column=0, sticky='w') 893 | #--user-agent=AGENT HTTP User-Agent header 894 | self.chkUA = ttk.Checkbutton(dataLF) 895 | self.chkUA_var = StringVar() 896 | self.chkUA.config(text="user-agent", variable= self.chkUA_var, onvalue= "on" , 897 | offvalue = "off", command= self.fUA) 898 | self.chkUA.grid(row=7,column=0, sticky='w') 899 | # 900 | self.eUA = ttk.Entry(dataLF, width=60) 901 | self.eUA.grid(row=7,column=1, sticky='we',padx=3) 902 | self.eUA.columnconfigure(0, weight=1) 903 | #--randomize=RPARAM Randomly change value for given parameter(s) 904 | self.chkRandomize = ttk.Checkbutton(dataLF) 905 | self.chkRandomize_var = StringVar() 906 | self.chkRandomize.config(text="randomize", variable= self.chkRandomize_var, onvalue= "on" , 907 | offvalue = "off", command= self.fRandomize) 908 | self.chkRandomize.grid(row=8,column=0, sticky='w') 909 | # 910 | self.eRandomize = ttk.Entry(dataLF, width=60) 911 | self.eRandomize.grid(row=8,column=1, sticky='we',padx=3) 912 | self.eRandomize.columnconfigure(0, weight=1) 913 | #--force-ssl Force usage of SSL/HTTPS requests 914 | self.chkForceSsl = ttk.Checkbutton(dataLF) 915 | self.chkForceSsl_var = StringVar() 916 | self.chkForceSsl.config(text="force-ssl", variable= self.chkForceSsl_var, onvalue= "on" , 917 | offvalue = "off", command= self.fForceSsl) 918 | self.chkForceSsl.grid(row=9,column=0, sticky='w') 919 | #--host=HOST HTTP Host header 920 | self.chkHOST = ttk.Checkbutton(dataLF) 921 | self.chkHOST_var = StringVar() 922 | self.chkHOST.config(text="host", variable= self.chkHOST_var, onvalue= "on" , 923 | offvalue = "off", command= self.fHost) 924 | self.chkHOST.grid(row=10,column=0, sticky='w') 925 | # 926 | self.eHOST = ttk.Entry(dataLF, width=60) 927 | self.eHOST.grid(row=10,column=1, sticky='we',padx=3) 928 | self.eHOST.columnconfigure(0, weight=1) 929 | #--referer=REFERER HTTP Referer header 930 | self.chkReferer = ttk.Checkbutton(dataLF) 931 | self.chkReferer_var = StringVar() 932 | self.chkReferer.config(text="referer", variable= self.chkReferer_var, onvalue= "on" , 933 | offvalue = "off", command= self.fReferer) 934 | self.chkReferer.grid(row=11,column=0, sticky='w') 935 | # 936 | self.eReferer = ttk.Entry(dataLF, width=60) 937 | self.eReferer.grid(row=11,column=1, sticky='we',padx=3) 938 | self.eReferer.columnconfigure(0, weight=1) 939 | # --headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") 940 | self.chkHeaders = ttk.Checkbutton(dataLF) 941 | self.chkHeaders_var = StringVar() 942 | self.chkHeaders.config(text="headers", variable= self.chkHeaders_var, onvalue= "on" , 943 | offvalue = "off", command= self.fHeaders) 944 | self.chkHeaders.grid(row=12,column=0, sticky='w') 945 | # 946 | self.eHeaders = ttk.Entry(dataLF, width=60) 947 | self.eHeaders.grid(row=12,column=1, sticky='we',padx=3) 948 | self.eHeaders.columnconfigure(0, weight=1) 949 | #--proxy=PROXY Use a HTTP proxy to connect to the target url 950 | self.chkPROXY = ttk.Checkbutton(dataLF) 951 | self.chkPROXY_var = StringVar() 952 | self.chkPROXY.config(text = "proxy", variable= self.chkPROXY_var, onvalue= "on" , 953 | offvalue = "off", command= self.fPROXY) 954 | self.chkPROXY.grid(row=13,column=0, sticky='w') 955 | # 956 | self.ePROXY = ttk.Entry(dataLF, width=60) 957 | self.ePROXY.grid(row =13,column=1, sticky='we',padx=3) 958 | self.ePROXY.columnconfigure(0, weight=1) 959 | #--proxy-cred=PCRED HTTP proxy authentication credentials (name:password) 960 | self.chkPCRED = ttk.Checkbutton(dataLF) 961 | self.chkPCRED_var = StringVar() 962 | self.chkPCRED.config(text = "proxy-cred", variable= self.chkPCRED_var, onvalue= "on" , 963 | offvalue = "off", command= self.fPCRED) 964 | self.chkPCRED.grid(row=14,column=0, sticky='w') 965 | # 966 | self.ePCRED = ttk.Entry(dataLF, width=60) 967 | self.ePCRED.grid(row =14,column=1, sticky='we',padx=3) 968 | self.ePCRED.columnconfigure(0, weight=1) 969 | #--ignore-proxy Ignore system default HTTP proxy 970 | self.chkPignore = ttk.Checkbutton(dataLF) 971 | self.chkPignore_var = StringVar() 972 | self.chkPignore.config(text = "ignore-proxy", variable= self.chkPignore_var, onvalue= "on" , 973 | offvalue = "off", command= self.fPignore) 974 | self.chkPignore.grid(row=15,column=0, sticky='w') 975 | #DATA2 # 976 | dataLF2 = ttk.Labelframe(data2, text='') 977 | dataLF2.grid(row = 0, column =0,pady=10,ipadx=3,ipady=3, sticky='we') 978 | #dataLF2.columnconfigure(0, weight=1) 979 | #--auth-type=ATYPE HTTP authentication type (Basic, Digest or NTLM) 980 | self.chkATYPE = ttk.Checkbutton(dataLF2) 981 | self.chkATYPE_var = StringVar() 982 | self.chkATYPE.config(text = "auth-type", variable= self.chkATYPE_var, onvalue= "on" , 983 | offvalue = "off", command= self.fATYPE) 984 | self.chkATYPE.grid(row=0,column=0, sticky='w') 985 | # 986 | self.eATYPE = ttk.Entry(dataLF2, width=60) 987 | self.eATYPE.grid(row =0,column=1, sticky='we',padx=3) 988 | self.eATYPE.columnconfigure(0, weight=1) 989 | #--auth-cred=ACRED HTTP authentication credentials (name:password) 990 | self.chkACRED = ttk.Checkbutton(dataLF2) 991 | self.chkACRED_var = StringVar() 992 | self.chkACRED.config(text = "auth-cred", variable= self.chkACRED_var, onvalue= "on" , 993 | offvalue = "off", command= self.fACRED) 994 | self.chkACRED.grid(row=1,column=0, sticky='w') 995 | # 996 | self.eACRED = ttk.Entry(dataLF2, width=60) 997 | self.eACRED.grid(row =1,column=1, sticky='we',padx=3) 998 | self.eACRED.columnconfigure(0, weight=1) 999 | #--auth-cert=ACERT HTTP authentication certificate (key_file,cert_file) 1000 | self.chkACERT = ttk.Checkbutton(dataLF2) 1001 | self.chkACERT_var = StringVar() 1002 | self.chkACERT.config(text = "auth-cert", variable= self.chkACERT_var, onvalue= "on" , 1003 | offvalue = "off", command= self.fACERT) 1004 | self.chkACERT.grid(row=2,column=0, sticky='w') 1005 | # 1006 | #self.varACERT = StringVar() 1007 | self.eACERT = ttk.Entry(dataLF2, width=60) 1008 | #self.eACERT.config(text="", textvariable = self.varACERT) 1009 | self.eACERT.grid(row =2,column=1, sticky='we',padx=3) 1010 | self.eACERT.columnconfigure(0, weight=1) 1011 | #--delay=DELAY Delay in seconds between each HTTP request 1012 | self.chkDELAY = ttk.Checkbutton(dataLF2) 1013 | self.chkDELAY_var = StringVar() 1014 | self.chkDELAY.config(text = "delay", variable= self.chkDELAY_var, onvalue= "on" , 1015 | offvalue = "off", command= self.fDELAY) 1016 | self.chkDELAY.grid(row=6,column=0, sticky='w') 1017 | # 1018 | self.eDELAY = ttk.Entry(dataLF2, width=60) 1019 | self.eDELAY.grid(row =6,column=1, sticky='we',padx=3) 1020 | self.eDELAY.columnconfigure(0, weight=1) 1021 | #--timeout=TIMEOUT Seconds to wait before timeout connection (default 30) 1022 | self.chkTIMEOUT = ttk.Checkbutton(dataLF2) 1023 | self.chkTIMEOUT_var = StringVar() 1024 | self.chkTIMEOUT.config(text = "timeout", variable= self.chkTIMEOUT_var, onvalue= "on" , 1025 | offvalue = "off", command= self.fTIMEOUT) 1026 | self.chkTIMEOUT.grid(row=7,column=0, sticky='w') 1027 | # 1028 | self.eTIMEOUT = ttk.Entry(dataLF2, width=60) 1029 | self.eTIMEOUT.grid(row =7,column=1, sticky='we',padx=3) 1030 | self.eTIMEOUT.columnconfigure(0, weight=1) 1031 | #--retries=RETRIES Retries when the connection timeouts (default 3) 1032 | self.chkRETRIES = ttk.Checkbutton(dataLF2) 1033 | self.chkRETRIES_var = StringVar() 1034 | self.chkRETRIES.config(text = "retries", variable= self.chkRETRIES_var, onvalue= "on" , 1035 | offvalue = "off", command= self.fRETRIES) 1036 | self.chkRETRIES.grid(row=8,column=0, sticky='w') 1037 | # 1038 | self.eRETRIES = ttk.Entry(dataLF2, width=60) 1039 | self.eRETRIES.grid(row =8,column=1, sticky='we',padx=3) 1040 | self.eRETRIES.columnconfigure(0, weight=1) 1041 | #--scope=SCOPE Regexp to filter targets from provided proxy log 1042 | self.chkSCOPE = ttk.Checkbutton(dataLF2) 1043 | self.chkSCOPE_var = StringVar() 1044 | self.chkSCOPE.config(text = "scope", variable= self.chkSCOPE_var, onvalue= "on" , 1045 | offvalue = "off", command= self.fSCOPE) 1046 | self.chkSCOPE.grid(row=9,column=0, sticky='w') 1047 | # 1048 | self.eSCOPE = ttk.Entry(dataLF2, width=60) 1049 | self.eSCOPE.grid(row =9,column=1, sticky='we',padx=3) 1050 | self.eSCOPE.columnconfigure(0, weight=1) 1051 | #--safe-url=SAFURL Url address to visit frequently during testing 1052 | self.chkSAFURL = ttk.Checkbutton(dataLF2) 1053 | self.chkSAFURL_var = StringVar() 1054 | self.chkSAFURL.config(text = "safe-url", variable= self.chkSAFURL_var, onvalue= "on" , 1055 | offvalue = "off", command= self.fSAFURL) 1056 | self.chkSAFURL.grid(row=10,column=0, sticky='w') 1057 | # 1058 | self.eSAFURL = ttk.Entry(dataLF2, width=60) 1059 | self.eSAFURL.grid(row =10,column=1, sticky='we',padx=3) 1060 | self.eSAFURL.columnconfigure(0, weight=1) 1061 | #--safe-freq=SAFREQ Test requests between two visits to a given safe url 1062 | self.chkSAFREQ = ttk.Checkbutton(dataLF2) 1063 | self.chkSAFREQ_var = StringVar() 1064 | self.chkSAFREQ.config(text = "safe-freq", variable= self.chkSAFREQ_var, onvalue= "on" , 1065 | offvalue = "off", command= self.fSAFREQ) 1066 | self.chkSAFREQ.grid(row=11,column=0, sticky='w') 1067 | # 1068 | self.eSAFREQ = ttk.Entry(dataLF2, width=60) 1069 | self.eSAFREQ.grid(row =11,column=1, sticky='we',padx=3) 1070 | self.eSAFREQ.columnconfigure(0, weight=1) 1071 | #--skip-urlencode Skip URL encoding of POST data 1072 | self.chkSkipUrlencode = ttk.Checkbutton(dataLF2) 1073 | self.chkSkipUrlencode_var = StringVar() 1074 | self.chkSkipUrlencode.config(text = "skip-urlencode", variable= self.chkSkipUrlencode_var, onvalue= "on" , 1075 | offvalue = "off", command= self.fSkipUrlencode) 1076 | self.chkSkipUrlencode.grid(row=12,column=0, sticky='w') 1077 | #--eval=EVALCODE Evaluate provided Python code before the request (e.g. 1078 | #"import hashlib;id2=hashlib.md5(id).hexdigest()") 1079 | self.chkEVALCODE = ttk.Checkbutton(dataLF2) 1080 | self.chkEVALCODE_var = StringVar() 1081 | self.chkEVALCODE.config(text = "eval", variable= self.chkEVALCODE_var, onvalue= "on" , 1082 | offvalue = "off", command= self.fEVALCODE) 1083 | self.chkEVALCODE.grid(row=13,column=0, sticky='w') 1084 | # 1085 | self.eEVALCODE = ttk.Entry(dataLF2, width=60) 1086 | self.eEVALCODE.grid(row =13,column=1, sticky='we',padx=3) 1087 | self.eEVALCODE.columnconfigure(0, weight=1) 1088 | # 1089 | enumerateLF = ttk.Labelframe(enumerationF, text='') 1090 | enumerateLF.grid(row = 0, column = 0, ipadx=3,padx=3, pady = 3, sticky='nw') 1091 | # Retrieve DBMS current user 1092 | self.chkCurrent_user = ttk.Checkbutton(enumerateLF) 1093 | self.chkCurrent_user_var = StringVar() 1094 | self.chkCurrent_user.config(text="current-user", variable= self.chkCurrent_user_var, onvalue= "on" , 1095 | offvalue = "off", command= self.chekCurrent_user) 1096 | self.chkCurrent_user.grid(row=0,column=0,sticky = 'w') 1097 | # Retrieve DBMS current database 1098 | self.chkCurrent_db = ttk.Checkbutton(enumerateLF) 1099 | self.chkCurrent_db_var = StringVar() 1100 | self.chkCurrent_db.config(text="current-db", variable= self.chkCurrent_db_var, onvalue= "on" , 1101 | offvalue = "off", command= self.chekCurrent_db) 1102 | self.chkCurrent_db.grid(row=1,column=0,sticky = 'w') 1103 | #--is-dba Detect if the DBMS current user is DBA 1104 | self.chk_is_dba = ttk.Checkbutton(enumerateLF) 1105 | self.chk_is_dba_var = StringVar() 1106 | self.chk_is_dba.config(text="is-dba", variable= self.chk_is_dba_var, onvalue= "on" , 1107 | offvalue = "off", command= self.chek_is_dba) 1108 | self.chk_is_dba.grid(row=2,column=0,sticky = 'w') 1109 | #--users Enumerate DBMS users 1110 | self.chk_users = ttk.Checkbutton(enumerateLF) 1111 | self.chk_users_var = StringVar() 1112 | self.chk_users.config(text="users", variable= self.chk_users_var, onvalue= "on" , 1113 | offvalue = "off", command= self.chek_users) 1114 | self.chk_users.grid(row=3,column=0,sticky = 'w') 1115 | #-passwords Enumerate DBMS users password hashes 1116 | self.chk_passwords = ttk.Checkbutton(enumerateLF) 1117 | self.chk_passwords_var = StringVar() 1118 | self.chk_passwords.config(text="passwords", variable= self.chk_passwords_var, onvalue= "on" , 1119 | offvalue = "off", command= self.chek_passwords) 1120 | self.chk_passwords.grid(row=0,column=1,sticky = 'w') 1121 | #--privileges Enumerate DBMS users privileges 1122 | self.chk_privileges = ttk.Checkbutton(enumerateLF) 1123 | self.chk_privileges_var = StringVar() 1124 | self.chk_privileges.config(text="privileges", variable= self.chk_privileges_var, onvalue= "on" , 1125 | offvalue = "off", command= self.chek_privileges) 1126 | self.chk_privileges.grid(row=1,column=1,sticky = 'w') 1127 | #--roles Enumerate DBMS users roles 1128 | self.chk_roles = ttk.Checkbutton(enumerateLF) 1129 | self.chk_roles_var = StringVar() 1130 | self.chk_roles .config(text="roles", variable= self.chk_roles_var, onvalue= "on" , 1131 | offvalue = "off", command= self.chek_roles) 1132 | self.chk_roles.grid(row=2,column=1,sticky = 'w') 1133 | #-dbs Enumerate DBMS databases 1134 | self.chk_dbs = ttk.Checkbutton(enumerateLF) 1135 | self.chk_dbs_var = StringVar() 1136 | self.chk_dbs.config(text="dbs", variable= self.chk_dbs_var, onvalue= "on" , 1137 | offvalue = "off", command= self.chek_dbs) 1138 | self.chk_dbs.grid(row=3,column=1,sticky = 'w') 1139 | #--tables Enumerate DBMS database tables 1140 | self.chk_tables = ttk.Checkbutton(enumerateLF) 1141 | self.chk_tables_var = StringVar() 1142 | self.chk_tables.config(text="tables", variable= self.chk_tables_var, onvalue= "on" , 1143 | offvalue = "off", command= self.chek_tables) 1144 | self.chk_tables.grid(row=0,column=2,sticky = 'w') 1145 | #--columns Enumerate DBMS database table columns 1146 | self.chk_columns = ttk.Checkbutton(enumerateLF) 1147 | self.chk_columns_var = StringVar() 1148 | self.chk_columns.config(text="columns", variable= self.chk_columns_var, onvalue= "on" , 1149 | offvalue = "off", command= self.chek_columns) 1150 | self.chk_columns.grid(row=1,column=2,sticky = 'w') 1151 | #--schema Enumerate DBMS schema 1152 | self.chk_schema = ttk.Checkbutton(enumerateLF) 1153 | self.chk_schema_var = StringVar() 1154 | self.chk_schema.config(text="schema", variable= self.chk_schema_var, onvalue= "on" , 1155 | offvalue = "off", command= self.chek_schema) 1156 | self.chk_schema.grid(row=2,column=2,sticky = 'w') 1157 | #--count Retrieve number of entries for table(s) 1158 | self.chk_count = ttk.Checkbutton(enumerateLF) 1159 | self.chk_count_var = StringVar() 1160 | self.chk_count.config(text="count", variable= self.chk_count_var, onvalue= "on" , 1161 | offvalue = "off", command= self.chek_count) 1162 | self.chk_count.grid(row=3,column=2,sticky = 'w') 1163 | #--dump Dump DBMS database table entries 1164 | dumpLF = ttk.Labelframe(enumerationF, text='') 1165 | dumpLF.grid(row = 0, column=1, ipadx=3,pady = 3, padx=3, sticky='nw') 1166 | # 1167 | # Banner 1168 | self.chk_Banner = ttk.Checkbutton(dumpLF) 1169 | self.chk_Banner_var = StringVar() 1170 | self.chk_Banner.config(text="banner", variable= self.chk_Banner_var, onvalue= "on", 1171 | offvalue = "off", command= self.chekBanner) 1172 | self.chk_Banner.grid(row=0,column=0, sticky= 'w') 1173 | # 1174 | self.chk_dump = ttk.Checkbutton(dumpLF) 1175 | self.chk_dump_var = StringVar() 1176 | self.chk_dump.config(text="dump", variable= self.chk_dump_var, onvalue= "on" , 1177 | offvalue = "off", command= self.chek_dump) 1178 | self.chk_dump.grid(row=1,column=0,sticky = 'w') 1179 | #--dump-all Dump all DBMS databases tables entries 1180 | self.chk_dump_all = ttk.Checkbutton(dumpLF) 1181 | self.chk_dump_all_var = StringVar() 1182 | self.chk_dump_all.config(text="dump-all", variable= self.chk_dump_all_var, onvalue= "on" , 1183 | offvalue = "off", command= self.chek_dump_all) 1184 | self.chk_dump_all.grid(row=2,column=0,sticky = 'w') 1185 | #--search Search column(s), table(s) and/or database name(s) 1186 | self.chk_search = ttk.Checkbutton(dumpLF) 1187 | self.chk_search_var = StringVar() 1188 | self.chk_search.config(text="search", variable= self.chk_search_var, onvalue= "on" , 1189 | offvalue = "off", command= self.chek_search) 1190 | self.chk_search.grid(row=3,column=0,sticky = 'w') 1191 | #--exclude-sysdbs Exclude DBMS system databases when enumerating tables 1192 | self.chk_exclude = ttk.Checkbutton(dumpLF) 1193 | self.chk_exclude_var = StringVar() 1194 | self.chk_exclude.config(text="exclude-sysdbs", variable= self.chk_exclude_var, onvalue= "on" , 1195 | offvalue = "off", command= self.chek_exclude) 1196 | self.chk_exclude.grid(row=0,column=1,sticky = 'w',padx=3) 1197 | #--first=FIRSTCHAR First query output word character to retrieve 1198 | self.chk_first = ttk.Checkbutton(dumpLF) 1199 | self.chk_first_var = StringVar() 1200 | self.chk_first.config(text="first CHAR", variable= self.chk_first_var, onvalue= "on" , 1201 | offvalue = "off", command= self.chek_first) 1202 | self.chk_first.grid(row=1,column = 1,sticky='w',padx=3) 1203 | # 1204 | self.entry_first= ttk.Entry(dumpLF) 1205 | self.entry_first.config(text="" , textvariable="", width = 3) 1206 | self.entry_first.grid(row=1,column=2,sticky='w') 1207 | #--last=LASTCHAR Last query output word character to retrieve 1208 | self.chk_last = ttk.Checkbutton(dumpLF) 1209 | self.chk_last_var = StringVar() 1210 | self.chk_last.config(text="last CHAR", variable= self.chk_last_var, onvalue= "on" , 1211 | offvalue = "off", command= self.chek_last) 1212 | self.chk_last.grid(row=2,column = 1,sticky='w',padx=3) 1213 | # 1214 | self.entry_last= ttk.Entry(dumpLF) 1215 | self.entry_last.config(text="" , textvariable="", width = 3) 1216 | self.entry_last.grid(row=2,column=2,sticky='w') 1217 | #-D DB DBMS database to enumerate 1218 | dtcLF = ttk.Labelframe(enumerationF, text='') 1219 | dtcLF.grid(row = 1, column=0, pady = 10, padx=5, sticky='we', columnspan=5) 1220 | dtcLF.columnconfigure(0, weight=1) 1221 | # 1222 | self.entryD = ttk.Entry(dtcLF,width=68) 1223 | self.entryD.config(text="" , textvariable="") 1224 | self.entryD.grid(row=0,column=1, sticky='e',padx=3) 1225 | # 1226 | self.chkD = ttk.Checkbutton(dtcLF) 1227 | self.chkD_var = StringVar() 1228 | self.chkD.config(text="DB", variable= self.chkD_var, onvalue= "on" , 1229 | offvalue = "off", command= self.chekD) 1230 | self.chkD.grid(row=0,column = 0, sticky = 'w') 1231 | #-T TBL DBMS database table to enumerate 1232 | self.entryT = ttk.Entry(dtcLF,width=68) 1233 | self.entryT.config(text="" , textvariable="") 1234 | self.entryT.grid(row=1,column=1, sticky='w',padx=3) 1235 | self.chkT = ttk.Checkbutton(dtcLF) 1236 | self.chkT_var = StringVar() 1237 | self.chkT.config(text="TBL", variable= self.chkT_var, onvalue= "on" , 1238 | offvalue = "off", command= self.chekT) 1239 | self.chkT.grid(row=1,column = 0, sticky = 'w') 1240 | #-C COL DBMS database table column to enumerate 1241 | self.entryC = ttk.Entry(dtcLF,width=68) 1242 | self.entryC.config(text="" , textvariable="") 1243 | self.entryC.grid(row=2,column=1, sticky='w',padx=3) 1244 | # 1245 | self.chkC = ttk.Checkbutton(dtcLF) 1246 | self.chkC_var = StringVar() 1247 | self.chkC.config(text="COL", variable= self.chkC_var, onvalue= "on" , 1248 | offvalue = "off", command= self.chekC) 1249 | self.chkC.grid(row=2,column = 0, sticky = 'w') 1250 | #-U USER 1251 | self.chkUSER = ttk.Checkbutton(dtcLF) 1252 | self.chkUSER_var = StringVar() 1253 | self.chkUSER.config(text="USER", variable= self.chkUSER_var, onvalue= "on" , 1254 | offvalue = "off", command= self.fUSER) 1255 | self.chkUSER.grid(row=3,column=0, sticky='w') 1256 | # 1257 | self.eUSER = ttk.Entry(dtcLF,width=68) 1258 | self.eUSER.config(text="" , textvariable="") 1259 | self.eUSER.grid(row=3,column=1, sticky='w',padx=3) 1260 | #LIMIT 1261 | self.chk_start = ttk.Checkbutton(dtcLF) 1262 | self.chk_start_var = StringVar() 1263 | self.chk_start.config(text="Limit", variable= self.chk_start_var, onvalue= "on" , 1264 | offvalue = "off", command= self.chek_start_stop) 1265 | self.chk_start.grid(row=4,column = 0, sticky = 'w') 1266 | # 1267 | self.varE_start = StringVar() 1268 | self.varE_start.set("star,stop") 1269 | self.entry_start= ttk.Entry(dtcLF,width=68) 1270 | self.entry_start.config(text="" , textvariable= self.varE_start) 1271 | self.entry_start.grid(row=4,column=1, sticky='w',padx=3) 1272 | # 1273 | sqlQueryLF = ttk.Labelframe(enumerationF, text='') 1274 | sqlQueryLF.grid(row = 2, column=0, pady = 10, padx=5, sticky='we', columnspan=5) 1275 | sqlQueryLF.columnconfigure(0, weight=1) 1276 | # --sql-query= 1277 | self.chkQuery = ttk.Checkbutton(sqlQueryLF) 1278 | self.chkQuery_var = StringVar() 1279 | self.chkQuery.config(text="sql-query", variable= self.chkQuery_var, onvalue= "on" , 1280 | offvalue = "off", command= self.chekQuery) 1281 | self.chkQuery.grid(row=0,column=0,sticky = 'w') 1282 | # 1283 | self.entryQuery = ttk.Entry(sqlQueryLF,width=68) 1284 | self.entryQuery.config(text="" , textvariable="") 1285 | self.entryQuery.grid(row=0,column=1, sticky='w',padx=3) 1286 | #--sql-shell 1287 | self.chkSqlShell = ttk.Checkbutton(sqlQueryLF) 1288 | self.chkSqlShell_var = StringVar() 1289 | self.chkSqlShell.config(text="sql-shell", variable= self.chkSqlShell_var, onvalue= "on" , 1290 | offvalue = "off", command= self.fSqlShell) 1291 | self.chkSqlShell.grid(row=1,column=0,sticky = 'w') 1292 | 1293 | #Brute force 1294 | charbfLF = ttk.Labelframe(enumerationF, text='Brute force') 1295 | charbfLF.grid(row = 0, column = 3,padx=3,pady=3, sticky='nw') 1296 | #--common-tables Check existence of common tables 1297 | self.chkBFt = ttk.Checkbutton(charbfLF) 1298 | self.chkBFt_var = StringVar() 1299 | self.chkBFt.config(text="common-tables", variable= self.chkBFt_var, onvalue= "on" , 1300 | offvalue = "off", command= self.chekBFt) 1301 | self.chkBFt.grid(row=0,column = 0,sticky = 'w') 1302 | #--common-columns Check existence of common columns 1303 | self.chkBFc = ttk.Checkbutton(charbfLF) 1304 | self.chkBFc_var = StringVar() 1305 | self.chkBFc.config(text="common-columns", variable= self.chkBFc_var, onvalue= "on" , 1306 | offvalue = "off", command= self.chekBFc) 1307 | self.chkBFc.grid(row=1,column = 0,sticky = 'w') 1308 | # Access 1309 | AccessF = ttk.Notebook(fileF) 1310 | fileAcc = ttk.Frame(AccessF) 1311 | OsAcc = ttk.Frame(AccessF) 1312 | WinRegAcc = ttk.Frame(AccessF) 1313 | AccessF.add(fileAcc, text='File system') 1314 | AccessF.add(OsAcc, text='Operating system') 1315 | AccessF.add(WinRegAcc, text='Windows registry') 1316 | AccessF.columnconfigure(0, weight=1) 1317 | AccessF.grid(sticky = 'nswe',pady=5,padx=5) 1318 | # 1319 | fileAcc.columnconfigure(0, weight=1) 1320 | #OsAcc.columnconfigure(0, weight=1) 1321 | #WinRegAcc.columnconfigure(0, weight=1) 1322 | # File system access: 1323 | filereadLF = ttk.Labelframe(fileAcc, text='') 1324 | filereadLF.grid(sticky='we', ipady=3) 1325 | #filereadLF.columnconfigure(0, weight=1) 1326 | #--file-read=RFILE Read a file from the back-end DBMS file system: 1327 | self.chkFile = ttk.Checkbutton(filereadLF) 1328 | self.chkFile_var = StringVar() 1329 | self.chkFile.config(text="file-read ", variable= self.chkFile_var, onvalue= "on" , 1330 | offvalue = "off", command= self.chekFile) 1331 | self.chkFile.grid(row=0,column=0,sticky = 'w') 1332 | # 1333 | self.entryFile = ttk.Entry(filereadLF,width=62) 1334 | self.entryFile.grid(row=0,column=1, sticky='w',padx=3) 1335 | #--file-write=WFILE Write a local file on the back-end DBMS file system 1336 | self.varWFILE = StringVar() 1337 | self.chkWFILE = ttk.Checkbutton(filereadLF) 1338 | self.chkWFILE.config(text="file-write", variable= self.varWFILE, onvalue= "on" , 1339 | offvalue = "off", command= self.fWFILE) 1340 | self.chkWFILE.grid(row=1,column=0,sticky = 'w') 1341 | # 1342 | self.eWFILE_var = StringVar() 1343 | self.eWFILE = ttk.Entry(filereadLF,width=62) 1344 | self.eWFILE.config(text="", textvariable=self.eWFILE_var) 1345 | self.eWFILE.grid(row=1,column=1, sticky='w',padx=3) 1346 | # 1347 | self.file_WFILE = options_WFILE = {} 1348 | options_WFILE['defaultextension'] = '' 1349 | options_WFILE['filetypes'] = [('all files', '.*')] 1350 | options_WFILE['initialdir'] = './SQM/SHELL/' 1351 | options_WFILE['parent'] = WatchLog 1352 | options_WFILE['title'] = 'Open WFILE' 1353 | #--file-dest=DFILE Back-end DBMS absolute filepath to write to: 1354 | self.chkDFILE = ttk.Checkbutton(filereadLF) 1355 | self.chkDFILE_var = StringVar() 1356 | self.chkDFILE.config(text="file-dest ", variable= self.chkDFILE_var, onvalue= "on" , 1357 | offvalue = "off")#, command= self.fDFILE) 1358 | self.chkDFILE.grid(row=2,column=0,sticky = 'w') 1359 | # 1360 | self.eDFILE = ttk.Entry(filereadLF,width=62) 1361 | self.eDFILE.grid(row=2,column=1, sticky='w',padx=3) 1362 | # BUTTON 1363 | self.viewfile = ttk.Button(filereadLF,width=7) 1364 | self.viewfile.config(text ="view log", command=self.vfile) 1365 | self.viewfile.grid(row =0, column=3,sticky='ne',rowspan=2) 1366 | #Default *log,*config 1367 | configDL = ttk.Panedwindow(fileAcc, orient=HORIZONTAL, width=100, height=240) 1368 | configDL.rowconfigure( 0, weight=1 ) 1369 | configDL.columnconfigure( 0, weight=1) 1370 | # 1371 | catLF = ttk.Labelframe(configDL, text='Category') 1372 | catLF.rowconfigure( 0, weight=1 ) 1373 | catLF.columnconfigure( 0, weight=1 ) 1374 | # 1375 | listLF = ttk.Labelframe(configDL, text='Default *log, *config') 1376 | listLF.rowconfigure( 0, weight=1 ) 1377 | listLF.columnconfigure( 0, weight=1 ) 1378 | # 1379 | configDL.add(catLF) 1380 | configDL.add(listLF) 1381 | configDL.grid(row=1,columnspan=2, sticky='we', pady=5) 1382 | #Category ./SQM/PATH_TRAVERSAL*.txt 1383 | self.Lcat = Listbox(catLF,height=100,width=20,selectmode=EXTENDED) 1384 | 1385 | files_cat = os.listdir('./SQM/PATH_TRAVERSAL') 1386 | cats = filter(lambda x: x.endswith('.txt'), files_cat) 1387 | for cat_list in cats: 1388 | cat_list = cat_list.replace('.txt', '') 1389 | self.Lcat.insert(END, cat_list) 1390 | self.Lcat.grid(row =0, column = 0,sticky='we') 1391 | self.Lcat.columnconfigure( 0, weight=1 ) 1392 | self.Lcat.bind("", self.show_def_log) 1393 | # Scroll 1394 | scrollcat = ttk.Scrollbar(catLF, orient=VERTICAL, command=self.Lcat.yview) 1395 | self.Lcat['yscrollcommand'] = scrollcat.set 1396 | scrollcat.grid(row=0,column=1, sticky='ns') 1397 | #Show Default *log, *config 1398 | s_def_log = ttk.Scrollbar(listLF) 1399 | s_def_log.grid(row=0, column=1, sticky='ns') 1400 | # 1401 | self.d_log_TXT = Text(listLF, yscrollcommand=s_def_log.set, width = 73, 1402 | height=50,bg='#002B36', fg='#93A1A1') 1403 | s_def_log.config(command= self.d_log_TXT.yview) 1404 | self.d_log_TXT.grid(row=0, column=0,ipadx=30,sticky='nswe') 1405 | #Operating system access: 1406 | OsAccLF = ttk.Labelframe(OsAcc, text='') 1407 | OsAccLF.grid(sticky='we', ipady=3) 1408 | OsAccLF.columnconfigure(0, weight=1) 1409 | #--os-cmd=OSCMD Execute an operating system command 1410 | self.chkOSCMD = ttk.Checkbutton(OsAccLF) 1411 | self.chkOSCMD_var = StringVar() 1412 | self.chkOSCMD.config(text="os-cmd", variable= self.chkOSCMD_var, onvalue= "on" , 1413 | offvalue = "off", command= self.fOSCMD) 1414 | self.chkOSCMD.grid(row=0,column=0,sticky = 'w') 1415 | # 1416 | self.eOSCMD = ttk.Entry(OsAccLF,width=68) 1417 | self.eOSCMD.grid(row=0,column=1, sticky='we',padx=3) 1418 | #--os-shell Prompt for an interactive operating system shell 1419 | self.chkShell = ttk.Checkbutton(OsAccLF) 1420 | self.chkShell_var = StringVar() 1421 | self.chkShell.config(text="os-shell", variable= self.chkShell_var, onvalue= "on" , 1422 | offvalue = "off", command= self.fShell) 1423 | self.chkShell.grid(row=1,column=0,sticky = 'w') 1424 | #--os-pwn Prompt for an out-of-band shell, meterpreter or VNC 1425 | self.chkPWN = ttk.Checkbutton(OsAccLF) 1426 | self.chkPWN_var = StringVar() 1427 | self.chkPWN.config(text="os-pwn", variable= self.chkPWN_var, onvalue= "on" , 1428 | offvalue = "off", command= self.fPWN) 1429 | self.chkPWN.grid(row=2,column=0,sticky = 'w') 1430 | #--os-smbrelay One click prompt for an OOB shell, meterpreter or VNC 1431 | self.chkSmbrelay = ttk.Checkbutton(OsAccLF) 1432 | self.chkSmbrelay_var = StringVar() 1433 | self.chkSmbrelay.config(text="os-smbrelay", variable= self.chkSmbrelay_var, onvalue= "on" , 1434 | offvalue = "off", command= self.fSmbrelay) 1435 | self.chkSmbrelay.grid(row=3,column=0,sticky = 'w') 1436 | #--os-bof Stored procedure buffer overflow exploitation 1437 | self.chkBOF = ttk.Checkbutton(OsAccLF) 1438 | self.chkBOF_var = StringVar() 1439 | self.chkBOF.config(text="os-bof", variable= self.chkBOF_var, onvalue= "on" , 1440 | offvalue = "off", command= self.fBOF) 1441 | self.chkBOF.grid(row=4,column=0,sticky = 'w') 1442 | #--priv-esc Database process' user privilege escalation 1443 | self.chkPrivEsc = ttk.Checkbutton(OsAccLF) 1444 | self.chkPrivEsc_var = StringVar() 1445 | self.chkPrivEsc.config(text="priv-esc", variable= self.chkPrivEsc_var, onvalue= "on" , 1446 | offvalue = "off", command= self.fPrivEsc) 1447 | self.chkPrivEsc.grid(row=5,column=0,sticky = 'w') 1448 | #--msf-path=MSFPATH Local path where Metasploit Framework is installed 1449 | self.chkMSFPATH = ttk.Checkbutton(OsAccLF) 1450 | self.chkMSFPATH_var = StringVar() 1451 | self.chkMSFPATH.config(text="msf-path", variable= self.chkMSFPATH_var, onvalue= "on" , 1452 | offvalue = "off", command= self.fMSFPATH) 1453 | self.chkMSFPATH.grid(row=6,column=0,sticky = 'w') 1454 | # 1455 | self.eMSFPATH_var = StringVar() 1456 | self.eMSFPATH = ttk.Entry(OsAccLF,width=68) 1457 | self.eMSFPATH.grid(row=6,column=1, sticky='we',padx=3) 1458 | self.eMSFPATH.config(text="",textvariable=self.eMSFPATH_var) 1459 | #--tmp-path=TMPPATH Remote absolute path of temporary files directory 1460 | self.chkTMPPATH = ttk.Checkbutton(OsAccLF) 1461 | self.chkTMPPATH_var = StringVar() 1462 | self.chkTMPPATH.config(text="tmp-path", variable= self.chkTMPPATH_var, onvalue= "on" , 1463 | offvalue = "off", command= self.fTMPPATH) 1464 | self.chkTMPPATH.grid(row=7,column=0,sticky = 'w') 1465 | # 1466 | self.eTMPPATH = ttk.Entry(OsAccLF,width=68) 1467 | self.eTMPPATH.grid(row=7,column=1, sticky='we',padx=3) 1468 | #Windows registry access: 1469 | WinRegAccLF = ttk.Labelframe(WinRegAcc, text='') 1470 | WinRegAccLF.grid(sticky='we', ipady=3) 1471 | WinRegAccLF.columnconfigure(0, weight=1) 1472 | #--reg-read Read a Windows registry key value 1473 | self.chkRegRead = ttk.Checkbutton(WinRegAccLF) 1474 | self.chkRegRead_var = StringVar() 1475 | self.chkRegRead.config(text="reg-read", variable= self.chkRegRead_var, onvalue= "on" , 1476 | offvalue = "off", command= self.fRegRead) 1477 | self.chkRegRead.grid(row=0,column=0,sticky = 'w') 1478 | #--reg-add Write a Windows registry key value data 1479 | self.chkRegAdd = ttk.Checkbutton(WinRegAccLF) 1480 | self.chkRegAdd_var = StringVar() 1481 | self.chkRegAdd.config(text="reg-add", variable= self.chkRegAdd_var, onvalue= "on" , 1482 | offvalue = "off", command= self.fRegAdd) 1483 | self.chkRegAdd.grid(row=1,column=0,sticky = 'w') 1484 | #--reg-del Delete a Windows registry key value 1485 | self.chkRegDel = ttk.Checkbutton(WinRegAccLF) 1486 | self.chkRegDel_var = StringVar() 1487 | self.chkRegDel.config(text="reg-del", variable= self.chkRegDel_var, onvalue= "on" , 1488 | offvalue = "off", command= self.fRegDel) 1489 | self.chkRegDel.grid(row=2,column=0,sticky = 'w') 1490 | #--reg-key=REGKEY Windows registry key 1491 | self.chkREGKEY = ttk.Checkbutton(WinRegAccLF) 1492 | self.chkREGKEY_var = StringVar() 1493 | self.chkREGKEY.config(text="reg-key", variable= self.chkREGKEY_var, onvalue= "on" , 1494 | offvalue = "off", command= self.fREGKEY) 1495 | self.chkREGKEY.grid(row=3,column=0,sticky = 'w') 1496 | # 1497 | self.eREGKEY = ttk.Entry(WinRegAccLF,width=68) 1498 | self.eREGKEY.grid(row=3,column=1, sticky='we',padx=3) 1499 | #--reg-value=REGVAL Windows registry key value 1500 | self.chkREGVAL = ttk.Checkbutton(WinRegAccLF) 1501 | self.chkREGVAL_var = StringVar() 1502 | self.chkREGVAL.config(text="reg-value", variable= self.chkREGVAL_var, onvalue= "on" , 1503 | offvalue = "off", command= self.fREGVAL) 1504 | self.chkREGVAL.grid(row=4,column=0,sticky = 'w') 1505 | # 1506 | self.eREGVAL = ttk.Entry(WinRegAccLF,width=68) 1507 | self.eREGVAL.grid(row=4,column=1, sticky='we',padx=3) 1508 | #--reg-data=REGDATA Windows registry key value data 1509 | self.chkREGDATA = ttk.Checkbutton(WinRegAccLF) 1510 | self.chkREGDATA_var = StringVar() 1511 | self.chkREGDATA.config(text="reg-data", variable= self.chkREGDATA_var, onvalue= "on" , 1512 | offvalue = "off", command= self.fREGDATA) 1513 | self.chkREGDATA.grid(row=5,column=0,sticky = 'w') 1514 | # 1515 | self.eREGDATA = ttk.Entry(WinRegAccLF,width=68) 1516 | self.eREGDATA.grid(row=5,column=1, sticky='we',padx=3) 1517 | #--reg-type=REGTYPE Windows registry key value type 1518 | self.chkREGTYPE = ttk.Checkbutton(WinRegAccLF) 1519 | self.chkREGTYPE_var = StringVar() 1520 | self.chkREGTYPE.config(text="reg-type", variable= self.chkREGTYPE_var, onvalue= "on" , 1521 | offvalue = "off", command= self.fREGTYPE) 1522 | self.chkREGTYPE.grid(row=6,column=0,sticky = 'w') 1523 | # 1524 | self.eREGTYPE = ttk.Entry(WinRegAccLF,width=68) 1525 | self.eREGTYPE.grid(row=6,column=1, sticky='we',padx=3) 1526 | # #################################################### 1527 | # Functions: # 1528 | # #################################################### 1529 | #Targets: 1530 | def fTarget(self): 1531 | try: 1532 | selection = self.varTarget.get() 1533 | if selection == "url": 1534 | pass 1535 | elif selection == "logFile": 1536 | filename = tkFileDialog.askopenfile(mode='r') 1537 | self.urlentry.set(filename.name) 1538 | elif selection == "bulkFile": 1539 | filename = tkFileDialog.askopenfile(mode='r') 1540 | self.urlentry.set(filename.name) 1541 | elif selection == "requestFile": 1542 | filename = tkFileDialog.askopenfile(mode='r', **self.file_request_save) 1543 | self.urlentry.set(filename.name) 1544 | elif selection == "googleDork": 1545 | pass 1546 | elif selection == "direct": 1547 | pass 1548 | elif selection == "configFile": 1549 | filename = tkFileDialog.askopenfile(mode='r', **self.file_ini) 1550 | self.urlentry.set(filename.name) 1551 | except: 1552 | pass 1553 | #--beep Sound alert when SQL injection found 1554 | def fBeep(self): 1555 | sqlBeep = self.chkBeep_var.get() 1556 | if sqlBeep == "on" : 1557 | Beep_sql= ' --beep' 1558 | else: 1559 | Beep_sql= "" 1560 | return Beep_sql 1561 | #--check-payload Offline WAF/IPS/IDS payload detection testing 1562 | def fPayload(self): 1563 | sqlPayload = self.chkPayload_var.get() 1564 | if sqlPayload == "on" : 1565 | Payload_sql= ' --check-payload' 1566 | else: 1567 | Payload_sql= "" 1568 | return Payload_sql 1569 | #--check-waf Check for existence of WAF/IPS/IDS protection 1570 | def fWaf(self): 1571 | sqlWaf = self.chkWaf_var.get() 1572 | if sqlWaf == "on" : 1573 | Waf_sql= ' --check-waf' 1574 | else: 1575 | Waf_sql= "" 1576 | return Waf_sql 1577 | #--cleanup Clean up the DBMS by sqlmap specific UDF and tables 1578 | def fCleanup(self): 1579 | sqlCleanup = self.chkCleanup_var.get() 1580 | if sqlCleanup == "on" : 1581 | Cleanup_sql= ' --cleanup' 1582 | else: 1583 | Cleanup_sql= "" 1584 | return Cleanup_sql 1585 | #--dependencies Check for missing sqlmap dependencies 1586 | def fDependencies(self): 1587 | sqlDependencies = self.chkDependencies_var.get() 1588 | if sqlDependencies == "on" : 1589 | Dependencies_sql= ' --dependencies' 1590 | else: 1591 | Dependencies_sql= "" 1592 | return Dependencies_sql 1593 | #--gpage=GOOGLEPAGE Use Google dork results from specified page number 1594 | def fGpage(self): 1595 | sqlGpage = self.chkGpage_var.get() 1596 | if sqlGpage == "on" : 1597 | Gpage_sql= ' --gpage=%s' % (self.eGpage.get()) 1598 | else: 1599 | Gpage_sql= "" 1600 | return Gpage_sql 1601 | #--disable-hash 1602 | def fDHash(self): 1603 | sqlDHash = self.chkDHash_var.get() 1604 | if sqlDHash == "on" : 1605 | DHash_sql= ' --disable-hash' 1606 | else: 1607 | DHash_sql= "" 1608 | return DHash_sql 1609 | #--disable-like 1610 | def fDLike(self): 1611 | sqlDLike = self.chkDLike_var.get() 1612 | if sqlDLike == "on" : 1613 | DLike_sql= ' --disable-like' 1614 | else: 1615 | DLike_sql= "" 1616 | return DLike_sql 1617 | #fTSTF 1618 | def fTSTF(self): 1619 | sqlTSTF = self.chkTSTF_var.get() 1620 | if sqlTSTF == "on" : 1621 | TSTF_sql= ' --test-filter=%s' % (self.eTSTF.get()) 1622 | else: 1623 | TSTF_sql= "" 1624 | return TSTF_sql 1625 | #--Exact 1626 | def fExact(self): 1627 | sqlExact = self.chkExact_var.get() 1628 | if sqlExact == "on" : 1629 | Exact_sql= ' --exact' 1630 | else: 1631 | Exact_sql= "" 1632 | return Exact_sql 1633 | #--mobile Imitate smartphone through HTTP User-Agent header 1634 | def fMobile(self): 1635 | sqlMobile = self.chkMobile_var.get() 1636 | if sqlMobile == "on" : 1637 | Mobile_sql= ' --mobile' 1638 | else: 1639 | Mobile_sql= "" 1640 | return Mobile_sql 1641 | #--page-rank Display page rank (PR) for Google dork results 1642 | def fRank(self): 1643 | sqlRank = self.chkRank_var.get() 1644 | if sqlRank == "on" : 1645 | Rank_sql= ' --page-rank' 1646 | else: 1647 | Rank_sql= "" 1648 | return Rank_sql 1649 | #--purge-output Safely remove all content from output directory 1650 | def fPurge(self): 1651 | sqlPurge = self.chkPurge_var.get() 1652 | if sqlPurge == "on" : 1653 | Purge_sql= ' --purge-output' 1654 | else: 1655 | Purge_sql= "" 1656 | return Purge_sql 1657 | #--smart Conduct through tests only if positive heuristic(s) 1658 | def fSmart(self): 1659 | sqlSmart = self.chkSmart_var.get() 1660 | if sqlSmart == "on" : 1661 | Smart_sql= ' --smart' 1662 | else: 1663 | Smart_sql= "" 1664 | return Smart_sql 1665 | #--wizard Simple wizard interface for beginner users 1666 | 1667 | #-s SESSIONFILE Save and resume all data retrieved on a session file 1668 | def fSesFile(self,*args): 1669 | sql_SesFile = self.chkSesFile_var.get() 1670 | if sql_SesFile == "on" : 1671 | SesFile_sql= ' -s ./SQM/SESSION/%s' % (self.eSesFile.get()) 1672 | else: 1673 | SesFile_sql= "" 1674 | return SesFile_sql 1675 | #-t TRAFFICFILE Log all HTTP traffic into a textual file 1676 | def fTrafFile(self,*args): 1677 | sql_TrafFile = self.chkTrafFile_var.get() 1678 | if sql_TrafFile == "on" : 1679 | TrafFile_sql= ' -t ./SQM/TRAFFIC/%s' % (self.eTrafFile.get()) 1680 | else: 1681 | TrafFile_sql= "" 1682 | return TrafFile_sql 1683 | 1684 | #Open Session FILE 1685 | def fSes(self): 1686 | sesfile = tkFileDialog.askopenfile(mode='r', **self.file_session) 1687 | if sesfile: 1688 | self.sesTXT.delete("1.0",END) 1689 | ses = sesfile.read() 1690 | self.sesTXT.insert(END, ses) 1691 | self.sesTXT.mark_set(INSERT, '1.0') 1692 | self.sesTXT.focus() 1693 | # Open Traffic FILE 1694 | def fTraf(self): 1695 | traffile = tkFileDialog.askopenfile(mode='r', **self.file_traf) 1696 | if traffile: 1697 | self.sesTXT.delete("1.0",END) 1698 | traf = traffile.read() 1699 | self.sesTXT.insert(END, traf) 1700 | self.sesTXT.mark_set(INSERT, '1.0') 1701 | self.sesTXT.focus() 1702 | #Req.File/Load/Save 1703 | def saveReqF(self): 1704 | filename = tkFileDialog.asksaveasfilename(**self.file_request_save) 1705 | if filename: 1706 | textoutput = self.reqFile.get(0.0, END) 1707 | open(filename, 'w').write(textoutput) 1708 | 1709 | def openReqF(self): 1710 | filename = tkFileDialog.askopenfile(mode='r', **self.file_request_save) 1711 | if filename: 1712 | self.reqFile.delete("1.0",END) 1713 | req = filename.read() 1714 | self.reqFile.insert(END, req) 1715 | self.reqFile.mark_set(INSERT, '1.0') 1716 | self.reqFile.focus() 1717 | # 1718 | def openIniF(self): 1719 | #self.file_ini 1720 | filename = tkFileDialog.askopenfile(mode='r', **self.file_ini) 1721 | if filename: 1722 | self.reqFile.delete("1.0",END) 1723 | req = filename.read() 1724 | self.reqFile.insert(END, req) 1725 | self.reqFile.mark_set(INSERT, '1.0') 1726 | self.reqFile.focus() 1727 | # 1728 | def saveIniF(self): 1729 | filename = tkFileDialog.asksaveasfilename(**self.file_ini) 1730 | if filename: 1731 | textoutput = self.reqFile.get(0.0, END) 1732 | open(filename, 'w').write(textoutput) 1733 | # 1734 | def show_def_log(self, *args): 1735 | load_d_log = self.Lcat.curselection() 1736 | self.d_log_TXT.delete("1.0",END) 1737 | if 1 == len(load_d_log): 1738 | file_d_log = ','.join([self.Lcat.get(ind) for ind in load_d_log]) 1739 | self.d_log_TXT.insert(END, open(r'./SQM/PATH_TRAVERSAL/'+file_d_log+'.txt', 'r').read()) 1740 | self.d_log_TXT.mark_set(INSERT, '1.0') 1741 | self.d_log_TXT.focus() 1742 | else: 1743 | self.d_log_TXT.insert(END, u"Default-Log-File-Empty.") 1744 | 1745 | def vfile(self): 1746 | load_file = self.entryFile.get() 1747 | self.sesTXT.delete("1.0",END) 1748 | load_file = load_file.replace("/", "_") 1749 | load_host = self.readHost() 1750 | try: 1751 | log_size = os.path.getsize("./output/"+load_host+"/files/"+load_file) 1752 | if log_size != 0: 1753 | self.sesTXT.insert(END, open(r"./output/"+load_host+"/files/"+load_file, 'r').read()) 1754 | self.sesTXT.mark_set(INSERT, '1.0') 1755 | self.sesTXT.focus() 1756 | else: 1757 | self.sesTXT.insert(END, u"File-Empty. ") 1758 | except (IOError,OSError): 1759 | self.sesTXT.insert(END, u"File-Not-Found.") 1760 | return self.nRoot.select(tab_id=1) 1761 | # file-read 1762 | def chekFile(self): 1763 | sqlFile = self.chkFile_var.get() 1764 | if sqlFile == "on" : 1765 | file_sql= ' --file-read=%s' % (self.entryFile.get()) 1766 | else: 1767 | file_sql= "" 1768 | return file_sql 1769 | # File write from: 1770 | def fWFILE(self): 1771 | sqlWFILE = self.varWFILE.get() 1772 | if sqlWFILE == "on": 1773 | filename = tkFileDialog.askopenfile(mode='r',**self.file_WFILE) 1774 | if filename: 1775 | self.eWFILE_var.set(filename.name) 1776 | elif sqlWFILE == "off": 1777 | self.eWFILE_var.set("") 1778 | return 1779 | def readWFILE(self): 1780 | WFILE = self.eWFILE_var.get() 1781 | if WFILE != "": 1782 | sql_WFILE = " --file-write=%s" % WFILE 1783 | else: 1784 | sql_WFILE = "" 1785 | return sql_WFILE 1786 | #File write to: 1787 | def fDFILE(self): 1788 | sqlDFILE = self.chkDFILE_var.get() 1789 | if sqlDFILE == "on" : 1790 | DFILE_sql= ' --file-dest=%s' % (self.eDFILE.get()) 1791 | else: 1792 | DFILE_sql= "" 1793 | return DFILE_sql 1794 | #--os-cmd=OSCMD Execute an operating system command 1795 | def fOSCMD(self): 1796 | sqlOSCMD = self.chkOSCMD_var.get() 1797 | if sqlOSCMD == "on" : 1798 | OSCMD_sql= ' --os-cmd=%s' % (self.eOSCMD.get()) 1799 | else: 1800 | OSCMD_sql= "" 1801 | return OSCMD_sql 1802 | #--os-shell Prompt for an interactive operating system shell 1803 | def fShell(self): 1804 | sqlShell = self.chkShell_var.get() 1805 | if sqlShell == "on" : 1806 | Shell_sql= ' --os-shell' 1807 | else: 1808 | Shell_sql= "" 1809 | return Shell_sql 1810 | #--os-pwn Prompt for an out-of-band shell, meterpreter or VNC 1811 | def fPWN(self): 1812 | sqlPWN = self.chkPWN_var.get() 1813 | if sqlPWN == "on" : 1814 | PWN_sql= ' --os-pwn' 1815 | else: 1816 | PWN_sql= "" 1817 | return PWN_sql 1818 | #--os-smbrelay One click prompt for an OOB shell, meterpreter or VNC 1819 | def fSmbrelay(self): 1820 | sqlSmbrelay = self.chkSmbrelay_var.get() 1821 | if sqlSmbrelay == "on" : 1822 | Smbrelay_sql= ' --os-smbrelay' 1823 | else: 1824 | Smbrelay_sql= "" 1825 | return Smbrelay_sql 1826 | #--os-bof Stored procedure buffer overflow exploitation 1827 | def fBOF(self): 1828 | sqlBOF = self.chkBOF_var.get() 1829 | if sqlBOF == "on" : 1830 | BOF_sql= ' --os-bof' 1831 | else: 1832 | BOF_sql= "" 1833 | return BOF_sql 1834 | #--priv-esc Database process' user privilege escalation 1835 | def fPrivEsc(self): 1836 | sqlPrivEsc = self.chkPrivEsc_var.get() 1837 | if sqlPrivEsc == "on" : 1838 | PrivEsc_sql= ' --priv-esc' 1839 | else: 1840 | PrivEsc_sql= "" 1841 | return PrivEsc_sql 1842 | #--msf-path=MSFPATH Local path where Metasploit Framework is installed 1843 | def fMSFPATH(self): 1844 | sqlMSFPATH = self.chkMSFPATH_var.get() 1845 | if sqlMSFPATH == "on": 1846 | MSFPATH = tkFileDialog.askdirectory() 1847 | if MSFPATH: 1848 | self.eMSFPATH_var.set(MSFPATH) 1849 | elif sqlMSFPATH == "off": 1850 | self.eMSFPATH_var.set("") 1851 | return 1852 | def rMSFPATH(self): 1853 | sqlMSFPATH = self.chkMSFPATH_var.get() 1854 | if sqlMSFPATH == "on" : 1855 | MSFPATH_sql= ' --msf-path=%s' % (self.eMSFPATH.get()) 1856 | else: 1857 | MSFPATH_sql= "" 1858 | return MSFPATH_sql 1859 | #--tmp-path=TMPPATH Remote absolute path of temporary files directory 1860 | def fTMPPATH(self): 1861 | sqlTMPPATH = self.chkTMPPATH_var.get() 1862 | if sqlTMPPATH == "on" : 1863 | TMPPATH_sql= ' --tmp-path=%s' % (self.eTMPPATH.get()) 1864 | else: 1865 | TMPPATH_sql= "" 1866 | return TMPPATH_sql 1867 | #--reg-read Read a Windows registry key value 1868 | def fRegRead(self): 1869 | sqlRegRead = self.chkRegRead_var.get() 1870 | if sqlRegRead == "on" : 1871 | RegRead_sql= ' --reg-read' 1872 | else: 1873 | RegRead_sql= "" 1874 | return RegRead_sql 1875 | #--reg-add Write a Windows registry key value data 1876 | def fRegAdd(self): 1877 | sqlRegAdd = self.chkRegAdd_var.get() 1878 | if sqlRegAdd == "on" : 1879 | RegAdd_sql= ' --reg-add' 1880 | else: 1881 | RegAdd_sql= "" 1882 | return RegAdd_sql 1883 | #--reg-del Delete a Windows registry key value 1884 | def fRegDel(self): 1885 | sqlRegDel = self.chkRegDel_var.get() 1886 | if sqlRegDel == "on" : 1887 | RegDel_sql= ' --reg-del' 1888 | else: 1889 | RegDel_sql= "" 1890 | return RegDel_sql 1891 | #--reg-key=REGKEY Windows registry key 1892 | def fREGKEY(self): 1893 | sqlREGKEY = self.chkREGKEY_var.get() 1894 | if sqlREGKEY == "on" : 1895 | REGKEY_sql= ' --reg-key=%s' % (self.eREGKEY.get()) 1896 | else: 1897 | REGKEY_sql= "" 1898 | return REGKEY_sql 1899 | #--reg-value=REGVAL Windows registry key value 1900 | def fREGVAL(self): 1901 | sqlREGVAL = self.chkREGVAL_var.get() 1902 | if sqlREGVAL == "on" : 1903 | REGVAL_sql= ' --reg-value=%s' % (self.eREGVAL.get()) 1904 | else: 1905 | REGVAL_sql= "" 1906 | return REGVAL_sql 1907 | #--reg-data=REGDATA Windows registry key value data 1908 | def fREGDATA(self): 1909 | sqlREGDATA = self.chkREGDATA_var.get() 1910 | if sqlREGDATA == "on" : 1911 | REGDATA_sql= ' --reg-data=%s' % (self.eREGDATA.get()) 1912 | else: 1913 | REGDATA_sql= "" 1914 | return REGDATA_sql 1915 | #--reg-type=REGTYPE Windows registry key value type 1916 | def fREGTYPE(self): 1917 | sqlREGTYPE = self.chkREGTYPE_var.get() 1918 | if sqlREGTYPE == "on" : 1919 | REGTYPE_sql= ' --reg-type=%s' % (self.eREGTYPE.get()) 1920 | else: 1921 | REGTYPE_sql= "" 1922 | return REGTYPE_sql 1923 | # sql-query 1924 | def chekQuery(self): 1925 | sqlQuery = self.chkQuery_var.get() 1926 | if sqlQuery == "on" : 1927 | query_sql= ' --sql-query=%s' % (self.entryQuery.get()) 1928 | else: 1929 | query_sql= "" 1930 | return query_sql 1931 | # - data 1932 | def chekdata(self): 1933 | sqlData = self.chkdata_var.get() 1934 | if sqlData == "on" : 1935 | data_sql= ' --data=%s' % (self.entryData.get()) 1936 | else: 1937 | data_sql= "" 1938 | return data_sql 1939 | #--param-del=PDEL 1940 | def fPDEL(self): 1941 | sqlPDEL = self.chkPDEL_var.get() 1942 | if sqlPDEL == "on" : 1943 | PDEL_sql= ' --param-del=%s' % (self.ePDEL.get()) 1944 | else: 1945 | PDEL_sql= "" 1946 | return PDEL_sql 1947 | # -Cookie: 1948 | def chekCook(self): 1949 | sqlCook = self.chkCook_var.get() 1950 | if sqlCook == "on" : 1951 | cook_sql= ' --cookie=%s' % (self.entryCook.get()) 1952 | else: 1953 | cook_sql= "" 1954 | return cook_sql 1955 | #--load-cookies=LOC 1956 | def fLoadCookies(self): 1957 | sqlLoadCookies = self.chkLoadCookies_var.get() 1958 | if sqlLoadCookies == "on": 1959 | filename = tkFileDialog.askopenfile(mode='r') 1960 | if filename: 1961 | self.varLoadCookies.set(filename.name) 1962 | elif sqlLoadCookies == "off": 1963 | self.varLoadCookies.set("") 1964 | return 1965 | def readLoadCookies(self): 1966 | LOC = self.varLoadCookies.get() 1967 | if LOC != "": 1968 | sql_LOC = " --load-cookies=%s" % LOC 1969 | else: 1970 | sql_LOC = "" 1971 | return sql_LOC 1972 | #--cookie-urlencode URL Encode generated cookie injections 1973 | def fCookieUrlencode(self): 1974 | sqlCookieUrlencode = self.chkCookieUrlencode_var.get() 1975 | if sqlCookieUrlencode == "on" : 1976 | CookieUrlencode_sql= ' --cookie-urlencode' 1977 | else: 1978 | CookieUrlencode_sql= "" 1979 | return CookieUrlencode_sql 1980 | #--drop-set-cookie 1981 | def fDropSetCookie(self): 1982 | sqlDropSetCookie = self.chkDropSetCookie_var.get() 1983 | if sqlDropSetCookie == "on" : 1984 | DropSetCookie_sql= ' --drop-set-cookie' 1985 | else: 1986 | DropSetCookie_sql= "" 1987 | return DropSetCookie_sql 1988 | #--user-agent=AGENT HTTP User-Agent header 1989 | def fUA(self): 1990 | sqlUA = self.chkUA_var.get() 1991 | if sqlUA == "on" : 1992 | UA_sql= ' --user-agent=%s' % (self.eUA.get()) 1993 | else: 1994 | UA_sql= "" 1995 | return UA_sql 1996 | #--randomize=RPARAM Randomly change value for given parameter(s) 1997 | def fRandomize(self): 1998 | sqlRandomize = self.chkRandomize_var.get() 1999 | if sqlRandomize == "on" : 2000 | Randomize_sql= ' --randomize=%s' % (self.eRandomize.get()) 2001 | else: 2002 | Randomize_sql= "" 2003 | return Randomize_sql 2004 | #--force-ssl Force usage of SSL/HTTPS requests 2005 | def fForceSsl(self): 2006 | sqlForceSsl = self.chkForceSsl_var.get() 2007 | if sqlForceSsl == "on" : 2008 | ForceSsl_sql= ' --force-ssl' 2009 | else: 2010 | ForceSsl_sql= "" 2011 | return ForceSsl_sql 2012 | #--random-agent 2013 | def fRandomAg(self): 2014 | sqlRandomAg = self.chkRandomAg_var.get() 2015 | if sqlRandomAg == "on" : 2016 | RandomAg_sql= ' --random-agent' 2017 | else: 2018 | RandomAg_sql= "" 2019 | return RandomAg_sql 2020 | 2021 | def fPROXY(self): 2022 | sqlPROXY = self.chkPROXY_var.get() 2023 | if sqlPROXY == "on" : 2024 | PROXY_sql= ' --proxy=%s' % (self.ePROXY.get()) 2025 | else: 2026 | PROXY_sql= "" 2027 | return PROXY_sql 2028 | 2029 | def fPCRED(self): 2030 | sqlPCRED = self.chkPCRED_var.get() 2031 | if sqlPCRED == "on" : 2032 | PCRED_sql= ' --proxy-cred=%s' % (self.ePCRED.get()) 2033 | else: 2034 | PCRED_sql= "" 2035 | return PCRED_sql 2036 | def fPignore(self): 2037 | sqlPignore = self.chkPignore_var.get() 2038 | if sqlPignore == "on" : 2039 | Pignore_sql= ' --ignore-proxy' 2040 | else: 2041 | Pignore_sql= "" 2042 | return Pignore_sql 2043 | #--host=HOST HTTP Host header 2044 | def fHost(self): 2045 | sqlHOST = self.chkHOST_var.get() 2046 | if sqlHOST == "on" : 2047 | HOST_sql= ' --host=%s' % (self.eHOST.get()) 2048 | else: 2049 | HOST_sql= "" 2050 | return HOST_sql 2051 | #--referer=REFERER HTTP Referer header 2052 | def fReferer(self): 2053 | sqlReferer = self.chkReferer_var.get() 2054 | if sqlReferer == "on" : 2055 | Referer_sql= ' --referer=%s' % (self.eReferer.get()) 2056 | else: 2057 | Referer_sql= "" 2058 | return Referer_sql 2059 | #--headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") 2060 | def fHeaders(self): 2061 | sqlHeaders = self.chkHeaders_var.get() 2062 | if sqlHeaders == "on" : 2063 | Headers_sql= ' --headers=%s' % (self.eHeaders.get()) 2064 | else: 2065 | Headers_sql= "" 2066 | return Headers_sql 2067 | #--auth-type=ATYPE HTTP authentication type (Basic, Digest or NTLM) 2068 | def fATYPE(self): 2069 | sqlATYPE = self.chkATYPE_var.get() 2070 | if sqlATYPE == "on" : 2071 | ATYPE_sql= ' --auth-type=%s' % (self.eATYPE.get()) 2072 | else: 2073 | ATYPE_sql= "" 2074 | return ATYPE_sql 2075 | #--auth-cred=ACRED HTTP authentication credentials (name:password) 2076 | def fACRED(self): 2077 | sqlACRED = self.chkACRED_var.get() 2078 | if sqlACRED == "on" : 2079 | ACRED_sql= ' --auth-cred=%s' % (self.eACRED.get()) 2080 | else: 2081 | ACRED_sql= "" 2082 | return ACRED_sql 2083 | #--auth-cert=ACERT HTTP authentication certificate (key_file,cert_file) 2084 | def fACERT(self): 2085 | sqlACERT = self.chkACERT_var.get() 2086 | if sqlACERT == "on" : 2087 | ACERT_sql= ' --auth-cert=%s' % (self.eACERT.get()) 2088 | else: 2089 | ACERT_sql= "" 2090 | return ACERT_sql 2091 | #--delay=DELAY Delay in seconds between each HTTP request 2092 | def fDELAY(self): 2093 | sqlDELAY = self.chkDELAY_var.get() 2094 | if sqlDELAY == "on" : 2095 | DELAY_sql= ' --delay=%s' % (self.eDELAY.get()) 2096 | else: 2097 | DELAY_sql= "" 2098 | return DELAY_sql 2099 | #--timeout=TIMEOUT Seconds to wait before timeout connection (default 30) 2100 | def fTIMEOUT(self): 2101 | sqlTIMEOUT = self.chkTIMEOUT_var.get() 2102 | if sqlTIMEOUT == "on" : 2103 | TIMEOUT_sql= ' --timeout=%s' % (self.eTIMEOUT.get()) 2104 | else: 2105 | TIMEOUT_sql= "" 2106 | return TIMEOUT_sql 2107 | #--retries=RETRIES Retries when the connection timeouts (default 3) 2108 | def fRETRIES(self): 2109 | sqlRETRIES = self.chkRETRIES_var.get() 2110 | if sqlRETRIES == "on" : 2111 | RETRIES_sql= ' --retries=%s' % (self.eRETRIES.get()) 2112 | else: 2113 | RETRIES_sql= "" 2114 | return RETRIES_sql 2115 | #--scope=SCOPE Regexp to filter targets from provided proxy log 2116 | def fSCOPE(self): 2117 | sqlSCOPE = self.chkSCOPE_var.get() 2118 | if sqlSCOPE == "on" : 2119 | SCOPE_sql= ' --scope=%s' % (self.eSCOPE.get()) 2120 | else: 2121 | SCOPE_sql= "" 2122 | return SCOPE_sql 2123 | #--safe-url=SAFURL Url address to visit frequently during testing 2124 | def fSAFURL(self): 2125 | sqlSAFURL = self.chkSAFURL_var.get() 2126 | if sqlSAFURL == "on" : 2127 | SAFURL_sql= ' --safe-url=%s' % (self.eSAFURL.get()) 2128 | else: 2129 | SAFURL_sql= "" 2130 | return SAFURL_sql 2131 | #--safe-freq=SAFREQ Test requests between two visits to a given safe url 2132 | def fSAFREQ(self): 2133 | sqlSAFREQ = self.chkSAFREQ_var.get() 2134 | if sqlSAFREQ == "on" : 2135 | SAFREQ_sql= ' --safe-freq=%s' % (self.eSAFREQ.get()) 2136 | else: 2137 | SAFREQ_sql= "" 2138 | return SAFREQ_sql 2139 | #--skip-urlencode 2140 | def fSkipUrlencode(self): 2141 | sqlSkipUrlencode = self.chkSkipUrlencode_var.get() 2142 | if sqlSkipUrlencode == "on" : 2143 | SkipUrlencode_sql= ' --skip-urlencode' 2144 | else: 2145 | SkipUrlencode_sql= "" 2146 | return SkipUrlencode_sql 2147 | #--eval=EVALCODE Evaluate provided Python code before the request (e.g. 2148 | #"import hashlib;id2=hashlib.md5(id).hexdigest()") 2149 | def fEVALCODE(self): 2150 | sqlEVALCODE = self.chkEVALCODE_var.get() 2151 | if sqlEVALCODE == "on" : 2152 | EVALCODE_sql= ' --eval=%s' % (self.eEVALCODE.get()) 2153 | else: 2154 | EVALCODE_sql= "" 2155 | return EVALCODE_sql 2156 | #-Prefix 2157 | def chekPrefix(self): 2158 | sqlPrefix = self.chkPrefix_var.get() 2159 | if sqlPrefix == "on" : 2160 | prefix_sql= ' --prefix=%s' % (self.entryPrefix.get()) 2161 | else: 2162 | prefix_sql= "" 2163 | return prefix_sql 2164 | #-Suffix 2165 | def chekSuffix(self): 2166 | sqlSuffix = self.chkSuffix_var.get() 2167 | if sqlSuffix == "on" : 2168 | suffix_sql= ' --suffix=%s' % (self.entrySuffix.get()) 2169 | else: 2170 | suffix_sql= "" 2171 | return suffix_sql 2172 | #--os 2173 | def chekOS(self): 2174 | sqlOS = self.chkOS_var.get() 2175 | if sqlOS == "on" : 2176 | os_sql= ' --os=%s' % (self.entryOS.get()) 2177 | else: 2178 | os_sql= "" 2179 | return os_sql 2180 | #--skip 2181 | def chekSkip(self): 2182 | sqlSkip = self.chkSkip_var.get() 2183 | if sqlSkip == "on" : 2184 | skip_sql= ' --skip=%s' % (self.entrySkip.get()) 2185 | else: 2186 | skip_sql= "" 2187 | return skip_sql 2188 | #--invalid-logical 2189 | def chekLogical(self): 2190 | sqlLogical = self.chkLogical_var.get() 2191 | if sqlLogical == "on" : 2192 | Logical_sql= " --invalid-logical" 2193 | else: 2194 | Logical_sql= "" 2195 | return Logical_sql 2196 | #--invalid-bignum 2197 | def chekBigNum(self): 2198 | sqlBigNum = self.chkBigNum_var.get() 2199 | if sqlBigNum == "on" : 2200 | BigNum_sql= " --invalid-bignum" 2201 | else: 2202 | BigNum_sql= "" 2203 | return BigNum_sql 2204 | 2205 | #--no-cast 2206 | def chekCast(self): 2207 | sqlCast = self.chkCast_var.get() 2208 | if sqlCast == "on" : 2209 | cast_sql= " --no-cast" 2210 | else: 2211 | cast_sql= "" 2212 | return cast_sql 2213 | # --string 2214 | def chekStr(self): 2215 | sqlStr = self.chkStr_var.get() 2216 | if sqlStr == "on" : 2217 | str_sql= ' --string=%s' % (self.entryStr.get()) 2218 | else: 2219 | str_sql= "" 2220 | return str_sql 2221 | # --regexp 2222 | def chekReg(self): 2223 | sqlReg = self.chkReg_var.get() 2224 | if sqlReg == "on" : 2225 | reg_sql= ' --regexp=%s' % (self.entryReg.get()) 2226 | else: 2227 | reg_sql= "" 2228 | return reg_sql 2229 | # -code 2230 | def chekCode(self): 2231 | sqlCode = self.chkCode_var.get() 2232 | if sqlCode == "on" : 2233 | code_sql= ' --code=%s' % (self.entryCode.get()) 2234 | else: 2235 | code_sql= "" 2236 | return code_sql 2237 | 2238 | # uCols 2239 | def chekCol(self): 2240 | sqlCol = self.chkCol_var.get() 2241 | if sqlCol == "on" : 2242 | col_sql= ' --union-cols=%s' % (self.entryCol.get()) 2243 | else: 2244 | col_sql= "" 2245 | return col_sql 2246 | # uChar 2247 | def chekChar(self): 2248 | sqlChar = self.chkChar_var.get() 2249 | if sqlChar == "on" : 2250 | char_sql= ' --union-char=%s' % (self.entryChar.get()) 2251 | else: 2252 | char_sql= "" 2253 | return char_sql 2254 | def chekSec(self): 2255 | sqlSec = self.chkSec_var.get() 2256 | if sqlSec == "on" : 2257 | sec_sql= ' --time-sec=%s' % (self.entrySec.get()) 2258 | else: 2259 | sec_sql= "" 2260 | return sec_sql 2261 | # -o 2262 | def chekOpt(self): 2263 | sqlOpt = self.chkOpt_var.get() 2264 | if sqlOpt == "on" : 2265 | opt_sql= " -o" 2266 | else: 2267 | opt_sql= "" 2268 | return opt_sql 2269 | #-o 2270 | def fO(self): 2271 | sqlO = self.chkO_var.get() 2272 | if sqlO == "on" : 2273 | O_sql= " -o" 2274 | else: 2275 | O_sql= "" 2276 | return O_sql 2277 | #--predict-output 2278 | def chekPred(self): 2279 | sqlPred = self.chkPred_var.get() 2280 | if sqlPred == "on" : 2281 | pred_sql= " --predict-output" 2282 | else: 2283 | pred_sql= "" 2284 | return pred_sql 2285 | #--keep-alive 2286 | def chekKeep(self): 2287 | sqlKeep = self.chkKeep_var.get() 2288 | if sqlKeep == "on" : 2289 | keep_sql= " --keep-alive" 2290 | else: 2291 | keep_sql= "" 2292 | return keep_sql 2293 | #--null-connection 2294 | def chekNull(self): 2295 | sqlNull = self.chkNull_var.get() 2296 | if sqlNull == "on" : 2297 | null_sql= " --null-connection" 2298 | else: 2299 | null_sql= "" 2300 | return null_sql 2301 | # text only 2302 | def chekTxt(self): 2303 | sqlTxt = self.chk_Txt_var.get() 2304 | if sqlTxt == "on" : 2305 | txt_sql= " --text-only" 2306 | else: 2307 | txt_sql= "" 2308 | return txt_sql 2309 | # -Title 2310 | def chekTit(self): 2311 | sqlTit = self.chk_Tit_var.get() 2312 | if sqlTit == "on" : 2313 | tit_sql= " --titles" 2314 | else: 2315 | tit_sql= "" 2316 | return tit_sql 2317 | # --batch 2318 | def chekBatch(self): 2319 | sqlBatch = self.chk_Batch_var.get() 2320 | if sqlBatch == "on" : 2321 | batch_sql= " --batch" 2322 | else: 2323 | batch_sql= "" 2324 | return batch_sql 2325 | #--HEX 2326 | def chekHex(self): 2327 | sqlHex = self.chk_Hex_var.get() 2328 | if sqlHex == "on" : 2329 | hex_sql= " --hex" 2330 | else: 2331 | hex_sql= "" 2332 | return hex_sql 2333 | #--save 2334 | def fSave(self): 2335 | sqlSave = self.chk_Save_var.get() 2336 | if sqlSave == "on" : 2337 | Save_sql= " --save" 2338 | else: 2339 | Save_sql= "" 2340 | return Save_sql 2341 | # -b --Banner 2342 | def chekBanner(self): 2343 | sqlBanner = self.chk_Banner_var.get() 2344 | if sqlBanner == "on" : 2345 | banner_sql= " --banner" 2346 | else: 2347 | banner_sql= "" 2348 | return banner_sql 2349 | 2350 | #-f, --fingerprint 2351 | def chekFing(self): 2352 | sqlFing = self.chk_fing_var.get() 2353 | if sqlFing == "on" : 2354 | fing_sql= " -f" 2355 | else: 2356 | fing_sql= "" 2357 | return fing_sql 2358 | # DBMS 2359 | def chek_dbms(self, *args): 2360 | sql_dbms = self.chk_dbms_var.get() 2361 | if sql_dbms == "on" : 2362 | self.box.config(state = 'readonly') 2363 | sqlDB = " --dbms=%s" % (self.box_value.get()) 2364 | else: 2365 | self.box.config(state = 'disabled') 2366 | sqlDB = "" 2367 | return sqlDB 2368 | #-p 2369 | def chekParam(self): 2370 | sqlParam = self.chkParam_var.get() 2371 | if sqlParam == "on" : 2372 | param_sql= ' -p %s' % (self.entryParam.get()) 2373 | else: 2374 | param_sql= "" 2375 | return param_sql 2376 | #Level 2377 | def chek_level(self, *args): 2378 | sql_level= self.chk_level_var.get() 2379 | if sql_level == "on" : 2380 | self.box_level.config(state = 'readonly') 2381 | level_sql = " --level=%s" % (self.box_level_value.get()) 2382 | else: 2383 | self.box_level.config(state = 'disabled') 2384 | level_sql = "" 2385 | return level_sql 2386 | # Risk 2387 | def chek_risk(self, *args): 2388 | sql_risk= self.chk_risk_var.get() 2389 | if sql_risk == "on" : 2390 | self.box_risk.config(state = 'readonly') 2391 | risk_sql = " --risk=%s" % (self.box_risk_value.get()) 2392 | else: 2393 | self.box_risk.config(state = 'disabled') 2394 | risk_sql = "" 2395 | return risk_sql 2396 | # VERBOSE LEVEL Func 2397 | def chek_verb(self, *args): 2398 | sql_verb= self.chk_verb_var.get() 2399 | if sql_verb == "on" : 2400 | self.box_verb.config(state = 'readonly') 2401 | verb_sql = " -v %s" % (self.box_verb_value.get()) 2402 | else: 2403 | self.box_verb.config(state = 'disabled') 2404 | verb_sql = "" 2405 | return verb_sql 2406 | # Threads chek_thr 2407 | def chek_thr(self, *args): 2408 | sql_thr= self.chk_thr_var.get() 2409 | if sql_thr == "on" : 2410 | self.thr.config(state = 'normal') 2411 | thr_sql = ' --threads=%s' % (self.thr_value.get()) 2412 | else: 2413 | self.thr.config(state = 'disabled') 2414 | thr_sql = "" 2415 | return thr_sql 2416 | # Tec 2417 | def chek_tech(self, *args): 2418 | sql_tech= self.chk_tech_var.get() 2419 | if sql_tech == "on" : 2420 | self.boxInj.config(state = 'normal') 2421 | tech_sql= " --technique=%s" % (self.boxInj_value.get()) 2422 | else: 2423 | self.boxInj.config(state = 'disabled') 2424 | tech_sql = "" 2425 | return tech_sql 2426 | #--dns-domain= 2427 | def chekDNS(self,*args): 2428 | sql_dns= self.chkDNS_var.get() 2429 | if sql_dns == "on" : 2430 | dns_sql= ' --dns-domain=%s' % (self.entryDNS.get()) 2431 | else: 2432 | dns_sql = "" 2433 | return dns_sql 2434 | 2435 | # tamper 2436 | def chek_tam(self, *args): 2437 | sel = self.Ltamper.curselection() 2438 | if 0 < len(sel): 2439 | tam_sql= " --tamper %s" % (",".join([self.Ltamper.get(x) for x in sel])) 2440 | else: 2441 | tam_sql = "" 2442 | return tam_sql 2443 | # 2444 | def readHost(self): 2445 | selection = self.varTarget.get() 2446 | fileR = self.urlentry.get() 2447 | if selection == "requestFile": 2448 | load_host = "" 2449 | text = [line.rstrip() for line in open(fileR) if len(line) > 2] 2450 | for x in text: 2451 | if "Host" in x: 2452 | load_host = x.replace("Host: ","") 2453 | if load_host == "": 2454 | load_host = "Invalid requestFile :(" 2455 | else: 2456 | load_url = self.urlentry.get() 2457 | load_host = urlparse(load_url).netloc 2458 | return load_host 2459 | # log viewer 2460 | def sqlmap(self, *args): 2461 | load_host = self.readHost() 2462 | #print load_host 2463 | text = open(r"./output/"+load_host+"/log", 'r').readlines() 2464 | pattern = re.compile(r'(?m)(^sqlmap(.*)|^---$|^Place:(.*)|^Parameter:(.*)|\s{4,}Type:(.*)|\s{4,}Title:(.*)|\s{4,}Payload:(.*)|\s{4,}Vector:(.*))$', re.DOTALL) 2465 | mode = os.O_CREAT | os.O_TRUNC 2466 | f = os.open(r"./output/"+load_host+"/gui_log", mode) 2467 | os.close(f) 2468 | for x in text: 2469 | qq = pattern.sub('', x).strip("\n") 2470 | if len(qq) > 4: 2471 | mode = os.O_WRONLY | os.O_APPEND 2472 | f = os.open(r"./output/"+load_host+"/gui_log", mode) 2473 | os.write(f,qq+'\n') 2474 | os.close(f) 2475 | # load log whitout query 2476 | #self.chkLog_var whith query 2477 | def logs(self, *args): 2478 | logfile = "" 2479 | if self.chkLog_var.get() == "on": 2480 | logfile = "log" 2481 | else: 2482 | logfile = "gui_log" 2483 | 2484 | load_host = self.readHost() 2485 | #print load_host 2486 | self.sesTXT.delete("1.0",END) 2487 | # highlight it 2488 | s = ['available databases', 'Database:', 'Table:', '[*]', 2489 | 'database management system users:','current user:', 2490 | 'database management system users', 'password hashes:', 2491 | 'password hash:','found databases','file saved to:', 2492 | ] 2493 | try: 2494 | log_size = os.path.getsize("./output/"+load_host+"/log") 2495 | if log_size != 0: 2496 | self.sqlmap() 2497 | # 2498 | self.sesTXT.insert(END,open(("./output/%s/%s" % (load_host,logfile)), 'r').read()) 2499 | self.sesTXT.mark_set(INSERT, '1.0') 2500 | for tagz in s: 2501 | idx = '1.0' 2502 | while 1: 2503 | idx = self.sesTXT.search(tagz, idx, nocase=1, stopindex=END) 2504 | if not idx: break 2505 | lastidx = '%s+%dc' % (idx, len(tagz)) 2506 | self.sesTXT.tag_add('found', idx, lastidx) 2507 | idx = lastidx 2508 | self.sesTXT.tag_config('found',font=('arial', 8,'bold')) 2509 | self.sesTXT.focus() 2510 | else: 2511 | self.sesTXT.insert(END, u"Log-Empty "+load_host+".") 2512 | except (IOError,OSError): 2513 | self.sesTXT.insert(END, u"Log-Not-Found "+load_host+".") 2514 | return 2515 | # Show current session 2516 | def session(self): 2517 | load_host = self.readHost() 2518 | self.sesTXT.delete("1.0",END) 2519 | try: 2520 | session_size = os.path.getsize("./output/"+load_host+"/session") 2521 | if session_size != 0: 2522 | self.sesTXT.insert(END, open(r"./output/"+load_host+"/session", 'r').read()) 2523 | self.sesTXT.mark_set(INSERT, '1.0') 2524 | self.sesTXT.focus() 2525 | else: 2526 | self.sesTXT.insert(END, u"Session-File-Empty "+load_host+".") 2527 | except (IOError,OSError): 2528 | self.sesTXT.insert(END, u"Session-File-Not-Found "+load_host+".") 2529 | return 2530 | # cur-t user 2531 | def chekCurrent_user(self): 2532 | sqlCurrent_user = self.chkCurrent_user_var.get() 2533 | if sqlCurrent_user == "on" : 2534 | current_user_sql= " --current-user" 2535 | else: 2536 | current_user_sql= "" 2537 | return current_user_sql 2538 | # cur-t db: 2539 | def chekCurrent_db(self): 2540 | sqlCurrent_db = self.chkCurrent_db_var.get() 2541 | if sqlCurrent_db == "on" : 2542 | current_db_sql= " --current-db" 2543 | else: 2544 | current_db_sql= "" 2545 | return current_db_sql 2546 | # dba 2547 | def chek_is_dba(self): 2548 | sql_is_dba = self.chk_is_dba_var.get() 2549 | if sql_is_dba == "on" : 2550 | is_dba_sql= " --is-dba" 2551 | else: 2552 | is_dba_sql= "" 2553 | return is_dba_sql 2554 | # users 2555 | def chek_users(self): 2556 | sql_users = self.chk_users_var.get() 2557 | if sql_users == "on" : 2558 | users_sql= " --users" 2559 | else: 2560 | users_sql= "" 2561 | return users_sql 2562 | # pas 2563 | def chek_passwords(self): 2564 | sql_passwords = self.chk_passwords_var.get() 2565 | if sql_passwords == "on" : 2566 | passwords_sql= " --passwords" 2567 | else: 2568 | passwords_sql= '' 2569 | return passwords_sql 2570 | # priv 2571 | def chek_privileges(self): 2572 | sql_privileges = self.chk_privileges_var.get() 2573 | if sql_privileges == "on" : 2574 | privileges_sql= " --privileges" 2575 | else: 2576 | privileges_sql= "" 2577 | return privileges_sql 2578 | # roles 2579 | def chek_roles(self): 2580 | sql_roles = self.chk_roles_var.get() 2581 | if sql_roles == "on" : 2582 | roles_sql= " --roles" 2583 | else: 2584 | roles_sql= "" 2585 | return roles_sql 2586 | #--common-tables Check existence of common tables 2587 | def chekBFt(self): 2588 | sql_BFt = self.chkBFt_var.get() 2589 | if sql_BFt == "on" : 2590 | BFt_sql= " --common-tables" 2591 | else: 2592 | BFt_sql= "" 2593 | return BFt_sql 2594 | #--common-columns Check existence of common columns 2595 | def chekBFc(self): 2596 | sql_BFc = self.chkBFc_var.get() 2597 | if sql_BFc == "on" : 2598 | BFc_sql= " --common-columns" 2599 | else: 2600 | BFc_sql= "" 2601 | return BFc_sql 2602 | # dbs 2603 | def chek_dbs(self): 2604 | sql_dbs = self.chk_dbs_var.get() 2605 | if sql_dbs == "on" : 2606 | dbs_sql= " --dbs" 2607 | else: 2608 | dbs_sql= "" 2609 | return dbs_sql 2610 | # tbl 2611 | def chek_tables(self): 2612 | sql_tables = self.chk_tables_var.get() 2613 | if sql_tables == "on" : 2614 | tables_sql= " --tables" 2615 | else: 2616 | tables_sql= "" 2617 | return tables_sql 2618 | # clmn 2619 | def chek_columns(self): 2620 | sql_columns = self.chk_columns_var.get() 2621 | if sql_columns == "on" : 2622 | columns_sql= " --columns" 2623 | else: 2624 | columns_sql= "" 2625 | return columns_sql 2626 | # schema 2627 | def chek_schema(self): 2628 | sql_schema = self.chk_schema_var.get() 2629 | if sql_schema == "on" : 2630 | schema_sql= " --schema" 2631 | else: 2632 | schema_sql= "" 2633 | return schema_sql 2634 | # count 2635 | def chek_count(self): 2636 | sql_count = self.chk_count_var.get() 2637 | if sql_count == "on" : 2638 | count_sql= " --count" 2639 | else: 2640 | count_sql= "" 2641 | return count_sql 2642 | # --dump 2643 | def chek_dump(self): 2644 | sql_dump = self.chk_dump_var.get() 2645 | if sql_dump == "on" : 2646 | dump_sql= " --dump" 2647 | else: 2648 | dump_sql= "" 2649 | return dump_sql 2650 | # --dump-all 2651 | def chek_dump_all(self): 2652 | sql_dump_all = self.chk_dump_all_var.get() 2653 | if sql_dump_all == "on" : 2654 | dump_all_sql= " --dump-all" 2655 | else: 2656 | dump_all_sql= "" 2657 | return dump_all_sql 2658 | # --dump-all 2659 | def chek_exclude(self): 2660 | sql_exclude = self.chk_exclude_var.get() 2661 | if sql_exclude == "on" : 2662 | exclude_sql= " --exclude-sysdbs" 2663 | else: 2664 | exclude_sql= "" 2665 | return exclude_sql 2666 | # --search 2667 | def chek_search(self): 2668 | sql_search = self.chk_search_var.get() 2669 | if sql_search == "on" : 2670 | search_sql= " --search" 2671 | else: 2672 | search_sql= "" 2673 | return search_sql 2674 | # -D 2675 | def chekD(self,*args): 2676 | sqlD = self.chkD_var.get() 2677 | if sqlD == "on" : 2678 | D_sql= ' -D %s' % (self.entryD.get()) 2679 | else: 2680 | D_sql= "" 2681 | return D_sql 2682 | #-T TBL 2683 | def chekT(self,*args): 2684 | sqlT = self.chkT_var.get() 2685 | if sqlT == "on" : 2686 | T_sql= ' -T %s' % (self.entryT.get()) 2687 | else: 2688 | T_sql= "" 2689 | return T_sql 2690 | #-C COL 2691 | def chekC(self,*args): 2692 | sqlC = self.chkC_var.get() 2693 | if sqlC == "on" : 2694 | C_sql= ' -C %s' % (self.entryC.get()) 2695 | else: 2696 | C_sql= "" 2697 | return C_sql 2698 | #-U USER 2699 | def fUSER(self): 2700 | sqlU = self.chkUSER_var.get() 2701 | if sqlU == "on" : 2702 | U_sql= ' -U %s' % (self.eUSER.get()) 2703 | else: 2704 | U_sql= "" 2705 | return U_sql 2706 | # --start --stop limit 2707 | def chek_start_stop(self,*args): 2708 | try: 2709 | sql_start = self.chk_start_var.get() 2710 | if sql_start == "on" : 2711 | param = self.entry_start.get() 2712 | start = param.split(',')[0] 2713 | stop = param.split(',')[1] 2714 | start_sql= ' --start=%s --stop=%s' % (start,stop) 2715 | else: 2716 | start_sql= "" 2717 | return start_sql 2718 | except: 2719 | pass 2720 | #--sql-shell 2721 | def fSqlShell(self): 2722 | SqlShell = self.chkSqlShell_var.get() 2723 | if SqlShell == "on" : 2724 | Sql_Shell= ' --sql-shell' 2725 | else: 2726 | Sql_Shell= "" 2727 | return Sql_Shell 2728 | # --first limit 2729 | def chek_first(self,*args): 2730 | sql_first= self.chk_first_var.get() 2731 | if sql_first == "on" : 2732 | first_sql= ' --first=%s' % (self.entry_first.get()) 2733 | else: 2734 | first_sql= "" 2735 | return first_sql 2736 | # --last limit 2737 | def chek_last(self,*args): 2738 | sql_last = self.chk_last_var.get() 2739 | if sql_last == "on" : 2740 | last_sql= ' --last=%s' % (self.entry_last.get()) 2741 | else: 2742 | last_sql= "" 2743 | return last_sql 2744 | #--check-tor 2745 | def fTor(self): 2746 | sql_Tor = self.chkTor_var.get() 2747 | if sql_Tor == "on" : 2748 | tor_sql= ' --check-tor' 2749 | else: 2750 | tor_sql= '' 2751 | return tor_sql 2752 | # --tor 2753 | def fTorUse(self): 2754 | sql_TorUse = self.chkTorUse_var.get() 2755 | if sql_TorUse == "on" : 2756 | TorUse_sql= ' --tor' 2757 | else: 2758 | TorUse_sql= '' 2759 | return TorUse_sql 2760 | # --tor-port=TORPORT Set Tor proxy port other than default 2761 | def fTorPort(self,*args): 2762 | sql_TorPort = self.chkTorPort_var.get() 2763 | if sql_TorPort == "on" : 2764 | TorPort_sql= ' --tor-port=%s' % (self.eTorPort.get()) 2765 | else: 2766 | TorPort_sql= "" 2767 | return TorPort_sql 2768 | #--tor-type=TORTYPE Set Tor proxy type (HTTP - default, SOCKS4 or SOCKS5) 2769 | def fTorType(self,*args): 2770 | sql_TorType = self.chkTorType_var.get() 2771 | if sql_TorType == "on" : 2772 | TorType_sql= ' --tor-type=%s' % (self.eTorType.get()) 2773 | else: 2774 | TorType_sql= "" 2775 | return TorType_sql 2776 | #--eta 2777 | def fEta(self): 2778 | sql_Eta = self.chkEta_var.get() 2779 | if sql_Eta == "on" : 2780 | Eta_sql= ' --eta' 2781 | else: 2782 | Eta_sql= '' 2783 | return Eta_sql 2784 | #--forms 2785 | def fForms(self): 2786 | sql_Forms = self.chkForms_var.get() 2787 | if sql_Forms == "on" : 2788 | Forms_sql= ' --forms' 2789 | else: 2790 | Forms_sql= '' 2791 | return Forms_sql 2792 | #--fresh-queries 2793 | def fFresh(self): 2794 | sql_Fresh = self.chkFresh_var.get() 2795 | if sql_Fresh == "on" : 2796 | Fresh_sql= ' --fresh-queries' 2797 | else: 2798 | Fresh_sql= '' 2799 | return Fresh_sql 2800 | #--parse-errors 2801 | def fParseEr(self): 2802 | sql_ParseEr = self.chkParseEr_var.get() 2803 | if sql_ParseEr == "on" : 2804 | ParseEr_sql= ' --parse-errors' 2805 | else: 2806 | ParseEr_sql= '' 2807 | return ParseEr_sql 2808 | #--flush-session 2809 | def fFlush(self): 2810 | sql_Flush = self.chkFlush_var.get() 2811 | if sql_Flush == "on" : 2812 | Flush_sql= ' --flush-session' 2813 | else: 2814 | Flush_sql= '' 2815 | return Flush_sql 2816 | #--charset=CHARSET Force character encoding used for data retrieval 2817 | def fCharset(self,*args): 2818 | sql_Charset = self.chkCharset_var.get() 2819 | if sql_Charset == "on" : 2820 | Charset_sql= ' --charset=%s' % (self.eCharset.get()) 2821 | else: 2822 | Charset_sql= "" 2823 | return Charset_sql 2824 | #--crawl=CRAWLDEPTH Crawl the website starting from the target url 2825 | def fCrawl(self,*args): 2826 | sql_Crawl = self.chkCrawl_var.get() 2827 | if sql_Crawl == "on" : 2828 | Crawl_sql= ' --crawl=%s' % (self.eCrawl.get()) 2829 | else: 2830 | Crawl_sql= "" 2831 | return Crawl_sql 2832 | #--csv-del=CSVDEL 2833 | def fCsv(self,*args): 2834 | sql_Csv = self.chkCsv_var.get() 2835 | if sql_Csv == "on" : 2836 | Csv_sql= ' --csv-del=%s' % (self.eCsv.get()) 2837 | else: 2838 | Csv_sql= "" 2839 | return Csv_sql 2840 | #--output-dir=ODIR 2841 | def fOutDir(self): 2842 | sql_OutDir = self.chkOutDir_var.get() 2843 | if sql_OutDir == "on" : 2844 | OutDir_sql= ' --output-dir=%s' % (self.eOutDir.get()) 2845 | else: 2846 | OutDir_sql= "" 2847 | return OutDir_sql 2848 | #--dbms-cred=DCRED 2849 | def fDCRED(self): 2850 | sql_DCRED = self.chkDCRED_var.get() 2851 | if sql_DCRED == "on" : 2852 | DCRED_sql= ' --dbms-cred=%s' % (self.eDCRED.get()) 2853 | else: 2854 | DCRED_sql= "" 2855 | return DCRED_sql 2856 | #--replicate 2857 | def fReplicate(self,*args): 2858 | sql_Replicate = self.chkReplicate_var.get() 2859 | if sql_Replicate == "on" : 2860 | Replicate_sql= ' --replicate' 2861 | else: 2862 | Replicate_sql= '' 2863 | return Replicate_sql 2864 | # sqlmap: 2865 | def commands(self,*args): 2866 | selection = self.varTarget.get() 2867 | tag = self.urlentry.get() 2868 | if selection == "url": 2869 | target = ' --url="%s"' % (tag) 2870 | elif selection == "logFile": 2871 | target = ' -l %s' % (tag) 2872 | elif selection == "bulkFile": 2873 | target = ' -m %s' % (tag) 2874 | elif selection == "requestFile": 2875 | target = ' -r %s' % (tag) 2876 | elif selection == "googleDork": 2877 | target = ' -g %s' % (tag) 2878 | z_param = "" 2879 | elif selection == "direct": 2880 | target = ' -d %s' % (tag) 2881 | elif selection == "configFile": 2882 | target = ' -c %s' % (tag) 2883 | # 2884 | try: 2885 | inject = target+self.chekParam()+self.chek_tam()+ \ 2886 | self.readWFILE()+self.fDFILE()+self.rMSFPATH()+ \ 2887 | self.fOSCMD()+self.fShell()+self.fPWN()+self.fSmbrelay()+self.fBOF()+ \ 2888 | self.fPrivEsc()+self.fTMPPATH()+self.chekFile()+self.fOutDir()+ \ 2889 | self.fRegRead()+self.fRegAdd()+self.fRegDel()+self.fREGKEY()+ \ 2890 | self.fREGVAL()+self.fREGDATA()+self.fREGTYPE()+self.chekQuery()+ \ 2891 | self.chekdata()+self.fPDEL()+self.fRandomAg()+self.fPROXY()+ \ 2892 | self.fPCRED()+self.fPignore()+self.chek_level()+self.chek_risk()+ \ 2893 | self.chekTit()+self.chekHex()+self.chekTxt()+self.chekCode()+ \ 2894 | self.chekReg()+self.chekStr()+self.chekSec()+self.chek_tech()+ \ 2895 | self.chekDNS()+self.chekOpt()+self.fO()+self.chekPred()+self.chekKeep()+ \ 2896 | self.chekNull()+self.chek_thr()+self.chek_dbms()+self.chekCol()+ \ 2897 | self.chekChar()+self.chekCook()+ self.readLoadCookies()+ \ 2898 | self.fCookieUrlencode()+self.fDropSetCookie()+self.chekPrefix()+ \ 2899 | self.fUA()+self.fRandomize()+self.fForceSsl()+self.fHost()+self.fReferer()+ \ 2900 | self.fHeaders()+self.fACERT()+self.fACRED()+self.fATYPE()+ \ 2901 | self.fDELAY()+self.fTIMEOUT()+self.fRETRIES()+self.fSCOPE()+ \ 2902 | self.fSAFURL()+self.fSAFREQ()+self.fSkipUrlencode()+self.fEVALCODE()+ \ 2903 | self.chekSuffix()+self.chekOS()+self.chekSkip()+self.chekBigNum()+self.chekLogical()+ \ 2904 | self.chekCast()+self.chekBatch()+self.chekCurrent_user()+self.chekCurrent_db()+ \ 2905 | self.chek_is_dba()+self.chek_users()+self.chek_passwords()+self.fDCRED()+ \ 2906 | self.chek_privileges()+self.chek_roles()+self.chek_dbs()+self.chekBFt()+self.chekBFc()+ \ 2907 | self.chek_tables()+self.chek_columns()+self.chek_schema()+ \ 2908 | self.chek_count()+self.chek_dump()+self.chek_dump_all()+ \ 2909 | self.chek_search()+self.chekD()+self.chekT()+self.chekC()+self.fUSER()+ \ 2910 | self.chek_exclude()+self.chek_start_stop()+self.chek_first()+ \ 2911 | self.chek_last()+self.chek_verb()+self.fSqlShell()+self.fDLike()+self.fDHash()+ \ 2912 | self.chekFing()+self.chekBanner()+self.fTor()+self.fTorUse()+ \ 2913 | self.fTorPort()+self.fTorType()+self.fEta()+self.fForms()+ \ 2914 | self.fFresh()+self.fParseEr()+self.fFlush()+self.fCharset()+ \ 2915 | self.fCrawl()+self.fCsv()+self.fReplicate()+ self.fTrafFile()+ \ 2916 | self.fSesFile()+self.fSave()+self.fBeep()+self.fPayload()+ \ 2917 | self.fWaf()+self.fCleanup()+self.fDependencies()+self.fGpage()+self.fTSTF()+ \ 2918 | self.fExact()+self.fMobile()+self.fRank()+self.fPurge()+self.fSmart() 2919 | except: 2920 | inject = "select target :)" 2921 | finally: 2922 | self.sql_var.set(inject) 2923 | # GOGO!!! 2924 | def injectIT(self,*args): 2925 | if (os.name == "posix"): 2926 | #cmd = "YourFavoriteTerminal -h -e python sqlmap.py %s" % (self.sqlEdit.get()) 2927 | cmd = "sakura -h -e python2 sqlmap.py %s" % (self.sqlEdit.get()) 2928 | else: 2929 | cmd = "start cmd /k python sqlmap.py %s" % (self.sqlEdit.get()) 2930 | #Write last target [last 50 test] 2931 | 2932 | mode = os.O_TRUNC | os.O_WRONLY 2933 | fwr = os.open(r"./SQM/last.uri", mode) 2934 | os.write(fwr,self.urlentry.get()) 2935 | os.close(fwr) 2936 | subprocess.Popen(cmd, shell = True) 2937 | # CopyPasteCut 2938 | def rClicker(self, e): 2939 | try: 2940 | def rClick_Copy(e, apnd=0): 2941 | e.widget.event_generate('') 2942 | 2943 | def rClick_Cut(e): 2944 | e.widget.event_generate('') 2945 | 2946 | def rClick_Paste(e): 2947 | e.widget.event_generate('') 2948 | 2949 | e.widget.focus() 2950 | nclst=[ 2951 | (' Cut', lambda e=e: rClick_Cut(e)), 2952 | (' Copy', lambda e=e: rClick_Copy(e)), 2953 | (' Paste', lambda e=e: rClick_Paste(e)), 2954 | ] 2955 | rmenu = Menu(None, tearoff=0, takefocus=0) 2956 | 2957 | for (txt, cmd) in nclst: 2958 | rmenu.add_command(label=txt, command=cmd) 2959 | 2960 | rmenu.tk_popup(e.x_root+40, e.y_root+10,entry="0") 2961 | except TclError: 2962 | pass 2963 | return "break" 2964 | 2965 | def rClickbinder(self): 2966 | try: 2967 | for b in [ 'Text', 'Entry', 'Listbox', 'Label']: 2968 | self.bind_class(b, sequence='', func = self.rClicker, add='') 2969 | except TclError: 2970 | pass 2971 | 2972 | def onFind(self,*args): 2973 | target = self.searchEdit.get() 2974 | if target: 2975 | where = self.sesTXT.search(target, INSERT, END) # from insert cursor 2976 | if where: # returns an index 2977 | pastit = where + ('+%dc' % len(target)) # index past target 2978 | self.sesTXT.tag_remove('foo', '1.0', END) # remove selection 2979 | self.sesTXT.tag_add('foo', where, pastit) # select found target 2980 | self.sesTXT.tag_config('foo', foreground='yellow', font=('arial', 8,'bold') ) 2981 | self.sesTXT.mark_set(INSERT, pastit) # set insert mark 2982 | self.sesTXT.see(INSERT) # scroll display 2983 | self.sesTXT.focus() # select text widget 2984 | else: 2985 | self.sesTXT.mark_set(INSERT, '1.0') 2986 | self.sesTXT.tag_remove('foo', '1.0', END) # remove selection 2987 | self.sesTXT.tag_config('foo', foreground='yellow') 2988 | self.sesTXT.focus() 2989 | 2990 | def onFindAll(self,*args): 2991 | target = self.searchEdit.get() 2992 | self.sesTXT.mark_set(INSERT, '1.0') 2993 | self.sesTXT.tag_remove('foo', '1.0', END) # remove selection 2994 | self.sesTXT.focus() 2995 | if target: 2996 | while 1: 2997 | where = self.sesTXT.search(target, INSERT, END) 2998 | 2999 | if where: 3000 | pastit = where + ('+%dc' % len(target)) 3001 | self.sesTXT.tag_add('foo', where, pastit) 3002 | self.sesTXT.tag_config('foo', foreground='yellow', font=('arial', 8,'bold')) 3003 | self.sesTXT.mark_set(INSERT, pastit) 3004 | self.sesTXT.see(INSERT) 3005 | self.sesTXT.focus() 3006 | else: 3007 | break 3008 | # Hotkey Alt + 1 2 3 4 5 3009 | def alt_key_1(self,*args): 3010 | return self.noBF.select(tab_id=0) 3011 | def alt_key_2(self,*args): 3012 | return self.noBF.select(tab_id=1) 3013 | def alt_key_3(self,*args): 3014 | return self.noBF.select(tab_id=2) 3015 | def alt_key_4(self,*args): 3016 | return self.noBF.select(tab_id=3) 3017 | def alt_key_5(self,*args): 3018 | return self.noBF.select(tab_id=4) 3019 | #s l e h 3020 | def alt_key_s(self,*args): 3021 | return self.nRoot.select(tab_id=0) 3022 | def alt_key_l(self,*args): 3023 | return self.nRoot.select(tab_id=1) 3024 | def alt_key_e(self,*args): 3025 | return self.nRoot.select(tab_id=2) 3026 | def Help_F1(self,*args): 3027 | return self.nRoot.select(tab_id=3) 3028 | #----------------------------------------- 3029 | def main(): 3030 | root = Tk() 3031 | f = tkFont.Font(family='Simsun', size= 10) 3032 | s = ttk.Style() 3033 | s.theme_use('clam') 3034 | s.configure('.', font=f) 3035 | root.title('SQLmap Command Builder') 3036 | root.columnconfigure(0, weight=1) 3037 | root.rowconfigure(0, weight=1) 3038 | root.resizable(True, True) 3039 | appl = app(mw=root) 3040 | appl.mainloop() 3041 | #----------------------------------------- 3042 | if __name__ == '__main__': 3043 | main() --------------------------------------------------------------------------------