Skip to content

Commit c3a4bd1

Browse files
needle-wangneedle-wang
committed
优化描述, 修改bug
1 parent 032ea8a commit c3a4bd1

16 files changed

+334
-174
lines changed

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ sqlmap GUI, using PyGObject(gtk+3)
33

44
包含sqlmap所有选项(除了-d, 不定时更新sqlmap选项)
55
支持sqlmapapi客户端(API区)
6-
内置终端!
6+
内置终端
77
会话功能, 自动保存和载入上一次的选项
88

99
此GUI只能在linux下运行, 已在kali, debian系中测试通过.
@@ -46,8 +46,8 @@ sqlmap已经移植到了python3!
4646
- 继续重构, 优化
4747

4848
#### 关于
49-
1. V0.3.4
50-
2019-05-17 21:35
49+
1. V0.3.4.1
50+
2019年10月02日 23:39:57
5151
作者: needle wang ( [email protected] )
5252
2. 使用PyGObject(Gtk+3: python3-gi)重写sqm.py
5353
3. 感谢[sqm](https://github.com/kxcode/gui-for-sqlmap)带来的灵感, 其作者: [KINGX](https://github.com/kxcode) (sqm UI 使用的是python2 + tkinter)

handler_api.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
import ast
77
import requests
88

9-
from widgets import g, GLib
9+
from widgets import (g, GLib)
1010

1111

1212
class Api(object):

handlers.py

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
from pathlib import Path
1010
from urllib.parse import urlparse
1111

12-
from widgets import g, GLib, Vte
12+
from widgets import (g, GLib, Vte)
1313
from handler_api import Api
1414
# from basis_and_tool.logging_needle import get_console_logger
1515
# logger = get_console_logger()
@@ -31,25 +31,25 @@ def __init__(self, window, m):
3131
self.api = Api(window, m)
3232

3333
def build_all(self, button):
34-
_target = self._get_target()
3534
_opts_list = self._collect_opts()
3635

37-
_final_line = _target + ''.join(_opts_list)
38-
# print(_final_line)
39-
if _final_line is not None:
40-
self.m._cmd_entry.set_text(_final_line.strip())
36+
_opts_list = ''.join(_opts_list)
37+
# print(_opts_list)
38+
if _opts_list is not None:
39+
self.m._cmd_entry.set_text(_opts_list.strip())
4140
# self.m._cmd_entry.grab_focus()
4241

4342
def run_cmdline(self, button):
4443
'''
4544
only for posix, won't code it for win now.
4645
'''
4746
sqlmap_path = self.get_sqlmap_path()
47+
_target = self._get_target()
4848
_sqlmap_opts = self.m._cmd_entry.get_text().strip()
4949

5050
if IS_POSIX:
5151
self.w.main_notebook.next_page()
52-
_cmdline_str = '%s %s\n' % (sqlmap_path, _sqlmap_opts)
52+
_cmdline_str = '%s %s %s\n' % (sqlmap_path, _target, _sqlmap_opts)
5353
# print(_cmdline_str, len(_cmdline_str.encode('utf8')))
5454
# self.m._page2_cmdline_str_label.set_text("running: " + _cmdline_str)
5555
if Vte.MAJOR_VERSION >= 0 and Vte.MINOR_VERSION > 52:
@@ -584,7 +584,7 @@ def _collect_opts(self):
584584
self._get_text_from_entry("--skip=",
585585
m._inject_area_skip_ckbtn,
586586
m._inject_area_skip_entry),
587-
self._get_text_from_entry("--para-exclude=",
587+
self._get_text_from_entry("--param-exclude=",
588588
m._inject_area_param_exclude_ckbtn,
589589
m._inject_area_param_exclude_entry),
590590
self._get_text_from_entry("--dbms=",
@@ -638,8 +638,8 @@ def _collect_opts(self):
638638
m._tech_area_union_col_ckbtn,
639639
m._tech_area_union_col_entry, None),
640640
self._get_text_from_entry("--union-char=",
641-
m._tech_area_union_chr_ckbtn,
642-
m._tech_area_union_chr_entry),
641+
m._tech_area_union_char_ckbtn,
642+
m._tech_area_union_char_entry),
643643
self._get_text_from_entry("--union-from=",
644644
m._tech_area_union_from_ckbtn,
645645
m._tech_area_union_from_entry),

model.py

Lines changed: 37 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22
#
33
# 2018年 11月 10日 星期六 07:16:38 CST
44

5-
from widgets import g, Vte, btn, cb, cbb, et, label, sl, sp, tv
6-
from widgets import FileEntry, NumberEntry
5+
from widgets import (g, Vte, btn, cb, cbb, et, label, sl, sp, tv)
6+
from widgets import (FileEntry, NumberEntry)
77
from widgets import HORIZONTAL
88

99

@@ -29,28 +29,28 @@ def __init__(self):
2929
self._sqlmap_path_entry = FileEntry()
3030
self._sqlmap_path_chooser = btn.new_with_label('打开')
3131
# 注入选项
32-
self._inject_area_param_ckbtn = cb('可测试的参数')
32+
self._inject_area_param_ckbtn = cb('仅测参数')
3333
self._inject_area_param_entry = et()
34-
self._inject_area_skip_static_ckbtn = cb('跳过无动态特性的参数')
34+
self._inject_area_skip_static_ckbtn = cb('跳过不像是动态的参数')
3535
self._inject_area_prefix_ckbtn = cb('payload前缀')
3636
self._inject_area_prefix_entry = et()
3737
self._inject_area_suffix_ckbtn = cb('payload后缀')
3838
self._inject_area_suffix_entry = et()
39-
self._inject_area_skip_ckbtn = cb('排除参数')
39+
self._inject_area_skip_ckbtn = cb('忽略参数')
4040
self._inject_area_skip_entry = et()
41-
self._inject_area_param_exclude_ckbtn = cb('排除参数(正则)')
41+
self._inject_area_param_exclude_ckbtn = cb('忽略参数(正则)')
4242
self._inject_area_param_exclude_entry = et()
43-
self._inject_area_dbms_ckbtn = cb('固定DB类型为')
43+
self._inject_area_dbms_ckbtn = cb('固定DBMS为')
4444
self._inject_area_dbms_combobox = cbb()
4545
self._inject_area_dbms_cred_ckbtn = cb('DB认证')
4646
self._inject_area_dbms_cred_entry = et()
4747
self._inject_area_os_ckbtn = cb('固定OS为')
4848
self._inject_area_os_entry = et()
49-
self._inject_area_no_cast_ckbtn = cb('关掉payload变形机制')
49+
self._inject_area_no_cast_ckbtn = cb('关闭数据类型转换')
5050
self._inject_area_no_escape_ckbtn = cb('关掉string转义')
51-
self._inject_area_invalid_logic_ckbtn = cb('使用逻辑运算符')
51+
self._inject_area_invalid_logic_ckbtn = cb('使用布尔运算')
5252
self._inject_area_invalid_bignum_ckbtn = cb('使用大数')
53-
self._inject_area_invalid_str_ckbtn = cb('使用随机字符串')
53+
self._inject_area_invalid_str_ckbtn = cb('使用随机字符')
5454
# 探测选项
5555
self._detection_area_level_ckbtn = cb('探测等级(范围)')
5656
self._detection_area_level_scale = sl(HORIZONTAL, 1, 5, 1)
@@ -69,12 +69,12 @@ def __init__(self):
6969
# 各注入技术的选项
7070
self._tech_area_tech_ckbtn = cb('注入技术')
7171
self._tech_area_tech_entry = et()
72-
self._tech_area_time_sec_ckbtn = cb('指定DB延迟多少秒响应')
72+
self._tech_area_time_sec_ckbtn = cb('指定DB延迟几秒响应')
7373
self._tech_area_time_sec_entry = NumberEntry()
7474
self._tech_area_union_col_ckbtn = cb('指定最大union列数')
7575
self._tech_area_union_col_entry = NumberEntry()
76-
self._tech_area_union_chr_ckbtn = cb('指定枚举列数时所用字符')
77-
self._tech_area_union_chr_entry = et()
76+
self._tech_area_union_char_ckbtn = cb('指定枚举列数时所用字符')
77+
self._tech_area_union_char_entry = et()
7878
self._tech_area_union_from_ckbtn = cb('指定枚举列数时from的表名')
7979
self._tech_area_union_from_entry = et()
8080
self._tech_area_dns_ckbtn = cb('指定DNS')
@@ -89,15 +89,15 @@ def __init__(self):
8989
# 性能优化
9090
self._optimize_area_turn_all_ckbtn = cb('启用所有优化选项')
9191
self._optimize_area_thread_num_ckbtn = cb('使用线程数:')
92-
self._optimize_area_thread_num_spinbtn = sp.new_with_range(2, 1000, 2)
92+
self._optimize_area_thread_num_spinbtn = sp.new_with_range(2, 10, 1)
9393
self._optimize_area_predict_ckbtn = cb('预测通常的查询结果')
9494
self._optimize_area_keep_alive_ckbtn = cb('http连接使用keep-alive')
95-
self._optimize_area_null_connect_ckbtn = cb('只用页面长度报头来比较, 不去获取实际的响应体')
95+
self._optimize_area_null_connect_ckbtn = cb('只比较响应大小报头, 不获取响应主体')
9696
# 常用选项
9797
self._general_area_verbose_ckbtn = cb('输出详细程度')
9898
self._general_area_verbose_scale = sl(HORIZONTAL, 0, 6, 1)
99-
self._general_area_finger_ckbtn = cb('执行宽泛的DB版本检测')
100-
self._general_area_hex_ckbtn = cb('获取数据时使用hex转换')
99+
self._general_area_finger_ckbtn = cb('精确检测DB等版本信息')
100+
self._general_area_hex_ckbtn = cb('响应使用hex转换')
101101
self._general_area_batch_ckbtn = cb('非交互模式, 一切皆默认')
102102
self._page1_misc_wizard_ckbtn = cb('新手向导')
103103
# 隐藏选项
@@ -134,9 +134,9 @@ def __init__(self):
134134
self._request_area_headers_ckbtn = cb('额外的headers')
135135
self._request_area_headers_entry = et()
136136
# HTTP data
137-
self._request_area_method_ckbtn = cb('HTTP请求方式')
137+
self._request_area_method_ckbtn = cb('指定HTTP请求方式')
138138
self._request_area_method_entry = et()
139-
self._request_area_param_del_ckbtn = cb('指定分隔data参数值的字符')
139+
self._request_area_param_del_ckbtn = cb('指定--data=中的参数分隔符')
140140
self._request_area_param_del_entry = et()
141141
self._request_area_post_ckbtn = cb('通过POST提交data:')
142142
self._request_area_post_entry = et()
@@ -167,7 +167,7 @@ def __init__(self):
167167
self._request_area_skip_urlencode_ckbtn = cb('payload不使用url编码')
168168
self._request_area_force_ssl_ckbtn = cb('强制使用HTTPS')
169169
self._request_area_chunked_ckbtn = cb('"分块传输"发送POST请求')
170-
self._request_area_hpp_ckbtn = cb('使用HTTP参数污染')
170+
self._request_area_hpp_ckbtn = cb('HTTP参数污染')
171171
self._request_area_delay_ckbtn = cb('请求间隔(秒)')
172172
self._request_area_delay_entry = NumberEntry()
173173
self._request_area_timeout_ckbtn = cb('几秒超时')
@@ -227,10 +227,10 @@ def __init__(self):
227227
self._limit_area_stop_ckbtn = cb('止于第')
228228
self._limit_area_stop_entry = NumberEntry()
229229
# 盲注选项
230-
self._blind_area_first_ckbtn = cb('首字符')
231-
self._blind_area_first_entry = et()
232-
self._blind_area_last_ckbtn = cb('末字符')
233-
self._blind_area_last_entry = et()
230+
self._blind_area_first_ckbtn = cb('从第')
231+
self._blind_area_first_entry = NumberEntry()
232+
self._blind_area_last_ckbtn = cb('到第')
233+
self._blind_area_last_entry = NumberEntry()
234234
# 数据库名, 表名, 列名...
235235
self._meta_area_D_ckbtn = cb('指定库名')
236236
self._meta_area_D_entry = et()
@@ -262,7 +262,7 @@ def __init__(self):
262262
self._file_read_area_file_read_entry = et()
263263
self._file_read_area_file_read_btn = btn.new_with_label('查看')
264264
# 文件上传
265-
self._file_write_area_udf_ckbtn = cb('注入(默认sqlmap自带的)用户定义函数')
265+
self._file_write_area_udf_ckbtn = cb('注入UDF(仅限MySQL和PostgreSQL)')
266266
self._file_write_area_shared_lib_ckbtn = cb('本地共享库路径(--shared-lib=)')
267267
self._file_write_area_shared_lib_entry = FileEntry()
268268
self._file_write_area_shared_lib_chooser = btn.new_with_label('打开')
@@ -287,11 +287,11 @@ def __init__(self):
287287
# 访问WIN下注册表
288288
self._file_os_registry_reg_ckbtn = cb('键值操作:')
289289
self._file_os_registry_reg_combobox = g.ComboBoxText.new()
290-
self._file_os_registry_reg_key_label = label.new('')
290+
self._file_os_registry_reg_key_label = label.new('键名路径')
291291
self._file_os_registry_reg_key_entry = et()
292-
self._file_os_registry_reg_value_label = label.new('')
292+
self._file_os_registry_reg_value_label = label.new('')
293293
self._file_os_registry_reg_value_entry = et()
294-
self._file_os_registry_reg_data_label = label.new('数据')
294+
self._file_os_registry_reg_data_label = label.new('')
295295
self._file_os_registry_reg_data_entry = et()
296296
self._file_os_registry_reg_type_label = label.new('类型')
297297
self._file_os_registry_reg_type_entry = et()
@@ -301,11 +301,11 @@ def __init__(self):
301301
self._page1_general_fresh_queries_ckbtn = cb('刷新此次查询')
302302
self._page1_general_flush_session_ckbtn = cb('清空目标的会话文件')
303303
self._page1_general_eta_ckbtn = cb('显示剩余时间')
304-
self._page1_general_binary_fields_ckbtn = cb('生成有二进制值的字段')
304+
self._page1_general_binary_fields_ckbtn = cb('有二进制值的字段')
305305
self._page1_general_binary_fields_entry = et()
306-
self._page1_general_forms_ckbtn = cb('解析和测试目标url内的表单')
307-
self._page1_general_parse_errors_ckbtn = cb('解析并显示DB错误信息')
308-
self._page1_misc_cleanup_ckbtn = cb('清理DBMS中sqlmap产生的UDF和表')
306+
self._page1_general_forms_ckbtn = cb('获取form表单参数并测试')
307+
self._page1_general_parse_errors_ckbtn = cb('解析并显示响应中的错误信息')
308+
self._page1_misc_cleanup_ckbtn = cb('清理DBMS中的入侵痕迹!')
309309
self._page1_general_preprocess_ckbtn = cb('指定预处理响应数据的脚本')
310310
self._page1_general_preprocess_entry = et()
311311
self._page1_general_preprocess_chooser = btn.new_with_label('打开')
@@ -320,7 +320,7 @@ def __init__(self):
320320
self._page1_general_session_file_ckbtn = cb('载入会话文件')
321321
self._page1_general_session_file_entry = FileEntry()
322322
self._page1_general_session_file_chooser = btn.new_with_label('打开')
323-
self._page1_general_output_dir_ckbtn = cb('输出的保存目录')
323+
self._page1_general_output_dir_ckbtn = cb('指定output目录')
324324
self._page1_general_output_dir_entry = FileEntry()
325325
self._page1_general_output_dir_chooser = btn.new_with_label('打开')
326326
self._page1_general_dump_format_ckbtn = cb('dump结果的文件格式')
@@ -350,15 +350,15 @@ def __init__(self):
350350
self._page1_misc_tmp_dir_entry = FileEntry()
351351
self._page1_misc_tmp_dir_chooser = btn.new_with_label('打开')
352352
self._page1_misc_identify_waf_ckbtn = cb('鉴别WAF')
353-
self._page1_misc_skip_waf_ckbtn = cb('跳过对WAF/IPS保护的启发式侦测')
354-
self._page1_misc_smart_ckbtn = cb('只对明显注入点进行详细测试')
353+
self._page1_misc_skip_waf_ckbtn = cb('跳过对WAF/IPS保护的侦测')
354+
self._page1_misc_smart_ckbtn = cb('寻找明显目标并测试')
355355
self._page1_misc_list_tampers_ckbtn = cb('列出可用的tamper脚本')
356356
self._page1_misc_sqlmap_shell_ckbtn = cb('打开sqlmap交互shell')
357357
self._page1_misc_disable_color_ckbtn = cb('禁用终端输出的颜色')
358-
self._page1_misc_offline_ckbtn = cb('离线模式(只使用保存的会话数据)')
358+
self._page1_misc_offline_ckbtn = cb('离线模式(仅使用本地会话数据)')
359359
self._page1_misc_mobile_ckbtn = cb('模拟手机请求')
360360
self._page1_misc_beep_ckbtn = cb('响铃')
361-
self._page1_misc_purge_ckbtn = cb('彻底清除所有记录')
361+
self._page1_misc_purge_ckbtn = cb('抹掉本地所有记录')
362362
self._page1_misc_dependencies_ckbtn = cb('检查丢失的(非核心的)sqlmap依赖')
363363
self._page1_general_update_ckbtn = cb('更新sqlmap')
364364
self._page1_misc_answers_ckbtn = cb('设置交互时的问题答案:')

0 commit comments

Comments
 (0)