Skip to content

Commit 14c1367

Browse files
needle-wangneedle-wang
committed
将_notebook和api方法剥离成独立文件, 重构
1 parent 00c2f08 commit 14c1367

17 files changed

+1334
-1204
lines changed

README.md

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ from sqlmap's FAQ:
1818
2. **GET**
1919
- `git clone https://github.com/needle-wang/sqlmap-ui.git`
2020
3. **RUN**
21-
- `./sqlmap_ui.py`
21+
- `./sqlmap_gtk.py`
2222

2323
#### TODO
2424
- ~~UI重新排版~~
@@ -36,9 +36,8 @@ from sqlmap's FAQ:
3636
- 继续重构, 优化
3737

3838
#### ABOUT
39-
1. update at update at 2019-05-12 16:55
40-
V0.3.2
41-
2019年 04月 29日 星期一 21:20:07 CST
39+
1. V0.3.3
40+
2019-05-14 23:56:35
4241
作者: needle wang ( [email protected] )
4342
2. 使用PyGObject(Gtk+3: python3-gi)重写sqm.py
4443
3. 感谢[sqm](https://github.com/kxcode/gui-for-sqlmap)带来的灵感, 其作者: [KINGX](https://github.com/kxcode) (sqm UI 使用的是python2 + tkinter)

handler_api.py

Lines changed: 330 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,330 @@
1+
#!/usr/bin/env python3
2+
# encoding: utf-8
3+
#
4+
# 2019年 05月 14日 星期二 22:32:20 CST
5+
6+
import ast
7+
import requests
8+
9+
from widgets import g, GLib
10+
11+
12+
class Api(object):
13+
def __init__(self, window, m):
14+
'''
15+
w: Gtk.Window
16+
m: model.Model
17+
'''
18+
self.w = window
19+
self.m = m
20+
21+
def task_new(self, button):
22+
'''
23+
rest api获取自: https://github.com/PyxYuYu/MyBlog/issues/69
24+
@get("/task/new") 创建新任务
25+
'''
26+
_host = self.m._page4_api_server_entry.get_text().strip()
27+
if _host:
28+
try:
29+
_resp = requests.get('http://%s/task/new' % _host)
30+
_resp = _resp.json()
31+
if _resp['success']:
32+
self.task_view_append('%s: 创建成功.' % _resp['taskid'])
33+
except Exception as e:
34+
self.task_view_append(e)
35+
36+
def admin_list(self, button):
37+
'''
38+
@get("/admin/<taskid>/list") 查看所有任务,并显示运行状态
39+
'''
40+
_host = self.m._page4_api_server_entry.get_text().strip()
41+
_token = self.m._page4_admin_token_entry.get_text().strip()
42+
if _host and _token:
43+
try:
44+
_resp = requests.get('http://%s/admin/%s/list' % (_host, _token))
45+
_resp = _resp.json()
46+
# print(_resp)
47+
if _resp['success']:
48+
# self.task_view_append('总任务数: %s' % _resp['tasks_num'])
49+
# 清空之前的任务列表
50+
for _a_child in self.w._api_admin_list_rows.get_children():
51+
# self.w._api_admin_list_rows.remove(_a_child)
52+
_a_child.destroy()
53+
# 填充任务列表
54+
_id = 0
55+
for _taskid, _status in _resp['tasks'].items():
56+
_a_task_row = g.ListBoxRow()
57+
_a_row_box_tmp = g.Box()
58+
_a_task_row.add(_a_row_box_tmp)
59+
60+
_task_del_btn = g.Button.new_with_label('删除')
61+
_task_del_btn.connect('clicked', self.task_delete, _a_task_row, _taskid)
62+
_scan_kill_btn = g.Button.new_with_label('杀死')
63+
_scan_kill_btn.connect('clicked', self.scan_kill, _taskid)
64+
_scan_stop_btn = g.Button.new_with_label('停止')
65+
_scan_stop_btn.connect('clicked', self.scan_stop, _taskid)
66+
_scan_start_btn = g.Button.new_with_label('启动')
67+
_scan_start_btn.connect('clicked', self.scan_start, _taskid)
68+
_scan_data_btn = g.Button.new_with_label('data')
69+
_scan_data_btn.connect('clicked', self.scan_data, _taskid)
70+
_scan_log_btn = g.Button.new_with_label('log')
71+
_scan_log_btn.connect('clicked', self.scan_log, _taskid)
72+
_option_list_btn = g.Button.new_with_label('所有选项')
73+
_option_list_btn.connect('clicked', self.option_list, _taskid)
74+
_option_get_btn = g.Button.new_with_label('选项:')
75+
_option_get_btn.connect('clicked', self.option_get, _taskid)
76+
_option_set_btn = g.Button.new_with_label('设置:')
77+
_option_set_btn.connect('clicked', self.option_set, _taskid)
78+
79+
_id += 1
80+
_a_row_box_tmp.pack_start(g.Label.new('%s. %s' % (_id, _taskid)), False, True, 5)
81+
_a_row_box_tmp.pack_start(g.Label.new('(%s)' % _status), False, True, 0)
82+
_a_row_box_tmp.pack_start(_task_del_btn, False, True, 1)
83+
_a_row_box_tmp.pack_start(_scan_kill_btn, False, True, 1)
84+
_a_row_box_tmp.pack_start(_scan_stop_btn, False, True, 1)
85+
_a_row_box_tmp.pack_start(_scan_start_btn, False, True, 1)
86+
_a_row_box_tmp.pack_start(g.Label.new('查看:('), False, True, 1)
87+
_a_row_box_tmp.pack_start(_scan_data_btn, False, True, 1)
88+
_a_row_box_tmp.pack_start(_scan_log_btn, False, True, 1)
89+
_a_row_box_tmp.pack_start(_option_list_btn, False, True, 1)
90+
_a_row_box_tmp.pack_start(_option_get_btn, False, True, 1)
91+
_a_row_box_tmp.pack_start(g.Label.new(')'), False, True, 1)
92+
_a_row_box_tmp.pack_start(_option_set_btn, False, True, 1)
93+
94+
self.w._api_admin_list_rows.add(_a_task_row)
95+
96+
self.w._api_admin_list_rows.show_all()
97+
except Exception as e:
98+
self.task_view_append(e)
99+
else:
100+
self.task_view_append('需要填写API server和admin token.')
101+
102+
def option_list(self, button, taskid):
103+
'''
104+
@get("/option/<taskid>/list") 获取指定任务的options
105+
'''
106+
_host = self.m._page4_api_server_entry.get_text().strip()
107+
if _host:
108+
try:
109+
_resp = requests.get('http://%s/option/%s/list' % (_host, taskid))
110+
_resp = _resp.json()
111+
if _resp['success']:
112+
for _key, _value in _resp['options'].items():
113+
if _value:
114+
self.task_view_append('%s: %s' % (_key, _value))
115+
except Exception as e:
116+
self.task_view_append(e)
117+
118+
def option_get(self, button, taskid):
119+
'''
120+
@post("/option/<taskid>/get") 获取指定任务的option(s)
121+
'''
122+
_host = self.m._page4_api_server_entry.get_text()
123+
_buffer_text = self.m._page4_option_get_entry.get_text()
124+
_options = {}
125+
for _tmp in _buffer_text.split():
126+
_options[_tmp] = None
127+
if _host and _options:
128+
_mesg = '%s:\n' % taskid
129+
try:
130+
_headers = {'Content-Type': 'application/json'}
131+
_resp = requests.post('http://%s/option/%s/get' % (_host, taskid),
132+
json = _options,
133+
headers = _headers)
134+
_resp = _resp.json()
135+
if _resp['success']:
136+
if _resp['options'].items():
137+
for _key, _value in _resp['options'].items():
138+
_mesg += '%s: %s, ' % (_key, _value)
139+
else:
140+
_mesg += 'None'
141+
else:
142+
_mesg += _resp['message']
143+
except Exception as e:
144+
_mesg += str(e)
145+
self.task_view_append(_mesg.strip())
146+
147+
def option_set(self, button, taskid):
148+
'''
149+
@post("/option/<taskid>/set") 设置指定任务的option(s)
150+
Warning: any option can be set, even a invalid option which
151+
is unable to remove, except deleting the task.
152+
'''
153+
_host = self.m._page4_api_server_entry.get_text()
154+
_buffer_text = self._get_buffer_text(self.m._page4_option_set_view)
155+
try:
156+
_json = ast.literal_eval(_buffer_text)
157+
except Exception as e:
158+
_json = str(e)
159+
160+
_mesg = '%s: ' % taskid
161+
if _json and isinstance(_json, dict):
162+
if _host:
163+
try:
164+
_headers = {'Content-Type': 'application/json'}
165+
_resp = requests.post('http://%s/option/%s/set' % (_host, taskid),
166+
json = _json,
167+
headers = _headers)
168+
_resp = _resp.json()
169+
if _resp['success']:
170+
_mesg += '设置成功'
171+
except Exception as e:
172+
_mesg += str(e)
173+
else:
174+
_mesg += '需要一个有效的python dict'
175+
176+
self.task_view_append(_mesg)
177+
178+
def admin_flush(self, button):
179+
'''
180+
@get("/admin/<taskid>/flush") 删除所有任务
181+
'''
182+
_host = self.m._page4_api_server_entry.get_text()
183+
_token = self.m._page4_admin_token_entry.get_text()
184+
if _host and _token:
185+
try:
186+
_resp = requests.get('http://%s/admin/%s/flush' % (_host, _token))
187+
_resp = _resp.json()
188+
if _resp['success']:
189+
for _a_child in self.w._api_admin_list_rows.get_children():
190+
self.w._api_admin_list_rows.remove(_a_child)
191+
self.task_view_append('清空全部任务: 成功')
192+
except Exception as e:
193+
self.task_view_append(e)
194+
195+
def task_delete(self, button, *data):
196+
'''
197+
@get("/task/<taskid>/delete") 删除指定任务
198+
'''
199+
_host = self.m._page4_api_server_entry.get_text().strip()
200+
if _host:
201+
try:
202+
_resp = requests.get('http://%s/task/%s/delete' % (_host, data[1]))
203+
_resp = _resp.json()
204+
if _resp['success']:
205+
self.w._api_admin_list_rows.remove(data[0])
206+
self.task_view_append('%s: 删除成功' % data[1])
207+
except Exception as e:
208+
self.task_view_append(e)
209+
210+
def scan_start(self, button, taskid):
211+
'''
212+
@post("/scan/<taskid>/start") 指定任务 开始扫描
213+
要求发送json, 会执行/option/<taskid>/set
214+
'''
215+
_host = self.m._page4_api_server_entry.get_text()
216+
if _host:
217+
_mesg = '%s: ' % taskid
218+
try:
219+
_headers = {'Content-Type': 'application/json'}
220+
_resp = requests.post('http://%s/scan/%s/start' % (_host, taskid),
221+
json = {},
222+
headers = _headers)
223+
_resp = _resp.json()
224+
if _resp['success']:
225+
_mesg = '%sengineid: %s' % (_mesg, _resp['engineid'])
226+
else:
227+
_mesg += _resp['message']
228+
except Exception as e:
229+
_mesg += str(e)
230+
231+
self.task_view_append(_mesg)
232+
233+
def scan_stop(self, button, taskid):
234+
'''
235+
@get("/scan/<taskid>/stop") 指定任务 停止扫描
236+
'''
237+
_host = self.m._page4_api_server_entry.get_text()
238+
if _host:
239+
_mesg = '%s: ' % taskid
240+
try:
241+
_resp = requests.get('http://%s/scan/%s/stop' % (_host, taskid))
242+
_resp = _resp.json()
243+
if _resp['success']:
244+
_mesg += 'ok, stoped.'
245+
else:
246+
_mesg += _resp['message']
247+
except Exception as e:
248+
_mesg += str(e)
249+
self.task_view_append(_mesg)
250+
251+
def scan_kill(self, button, taskid):
252+
'''
253+
@get("/scan/<taskid>/kill") kill -9 指定任务
254+
'''
255+
_host = self.m._page4_api_server_entry.get_text()
256+
if _host:
257+
_mesg = '%s: ' % taskid
258+
try:
259+
_resp = requests.get('http://%s/scan/%s/kill' % (_host, taskid))
260+
_resp = _resp.json()
261+
if _resp['success']:
262+
_mesg += 'ok, killed.'
263+
else:
264+
_mesg += _resp['message']
265+
except Exception as e:
266+
_mesg += str(e)
267+
self.task_view_append(_mesg)
268+
269+
def scan_data(self, button, taskid):
270+
'''
271+
@get("/scan/<taskid>/data") 查看指定任务的扫描数据,
272+
data若有内容说明存在注入
273+
'''
274+
_host = self.m._page4_api_server_entry.get_text()
275+
if _host:
276+
_mesg = '%s:\n' % taskid
277+
try:
278+
_resp = requests.get('http://%s/scan/%s/data' % (_host, taskid))
279+
_resp = _resp.json()
280+
# print(_resp) # _resp['data'], _resp['error'] are list
281+
if _resp['success']:
282+
del[_resp['success']]
283+
_mesg = '%s%s' % (_mesg, _resp)
284+
except Exception as e:
285+
_mesg += str(e)
286+
self.task_view_append(_mesg)
287+
288+
def scan_log(self, button, taskid):
289+
'''
290+
@get("/scan/<taskid>/log") 查看指定任务的扫描日志
291+
'''
292+
_host = self.m._page4_api_server_entry.get_text()
293+
if _host:
294+
_mesg = '%s:\n' % taskid
295+
try:
296+
_resp = requests.get('http://%s/scan/%s/log' % (_host, taskid))
297+
_resp = _resp.json()
298+
if _resp['success']:
299+
_logs = ''
300+
for _tmp in _resp['log']:
301+
_log = '%s %s: %s\n' % (_tmp['time'], _tmp['level'], _tmp['message'])
302+
_logs = ''.join((_logs, _log))
303+
if _logs:
304+
_mesg += _logs.strip()
305+
else:
306+
_mesg += "没有log."
307+
else:
308+
_mesg += _resp['message']
309+
except Exception as e:
310+
_mesg += str(e)
311+
self.task_view_append(_mesg)
312+
313+
def _get_buffer_text(self, textview):
314+
_buffer = textview.get_buffer()
315+
_start = _buffer.get_start_iter()
316+
_end = _buffer.get_end_iter()
317+
return _buffer.get_text(_start, _end, False).strip()
318+
319+
def task_view_append(self, output):
320+
_task_view_textbuffer = self.m._page4_task_view.get_buffer()
321+
322+
_mark = _task_view_textbuffer.get_mark('end')
323+
_end = _task_view_textbuffer.get_iter_at_mark(_mark)
324+
325+
_task_view_textbuffer.insert(_end, '%s\n' % output)
326+
327+
self.m._page4_task_view.grab_focus()
328+
# https://stackoverflow.com/questions/48934458/gtk-sourceview-scroll-to-mark-not-working
329+
GLib.idle_add(self.m._page4_task_view.scroll_mark_onscreen, _mark)
330+

0 commit comments

Comments
 (0)