Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
300COM-10703337/flower.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
334 lines (299 sloc)
14.4 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
# Form implementation generated from reading ui file '.\Flower.ui' | |
# | |
# Created by: PyQt5 UI code generator 5.15.2 | |
# | |
# WARNING: Any manual changes made to this file will be lost when pyuic5 is | |
# run again. Do not edit this file unless you know what you are doing. | |
from PyQt5 import QtCore, QtGui, QtWidgets | |
import json | |
import xssDetect | |
import weakPasswordDetect | |
import scan | |
import argparse | |
import config | |
import os | |
class Ui_MainWindow(object): | |
def print_to(self, mystr): | |
self.textBrowser.append(mystr) | |
self.cursor = self.textBrowser.textCursor() | |
self.textBrowser.moveCursor(self.cursor.End) | |
QtWidgets.QApplication.processEvents() | |
def print_to_2(self, mystr): | |
self.textBrowser_2.append(mystr) | |
self.cursor = self.textBrowser_2.textCursor() | |
self.textBrowser_2.moveCursor(self.cursor.End) | |
QtWidgets.QApplication.processEvents() | |
def distinguish_way(self): | |
flag = 0 | |
if (self.radioButton_2.isChecked()): | |
flag = 2 | |
if (self.radioButton.isChecked()): | |
flag = 1 | |
if (self.radioButton_3.isChecked()): | |
flag = 3 | |
return flag | |
def distinguish_method(self): | |
method = "" | |
if (self.radioButton_4.isChecked()): | |
method = "GET" | |
if (self.radioButton_5.isChecked()): | |
method = "POST" | |
return method | |
def xss_learning(self): | |
ctf_wiki = "https://ctf-wiki.org/en/" | |
xss_wiki = "https://en.wikipedia.org/wiki/Cross-site_scripting" | |
xss_example1 = "alert(1);" | |
xss_example_site1 = "https://www.acunetix.com/websitesecurity/cross-site-scripting/" | |
xss_example_site2 = "https://pentest-tools.com/blog/xss-attacks-practical-scenarios/" | |
self.print_to_2("Maybe you could learn something about XSS attacks") | |
self.print_to_2(ctf_wiki) | |
self.print_to_2(xss_wiki) | |
self.print_to_2("You can try the following example to see if there is an XSS attack") | |
self.print_to_2(xss_example1) | |
self.print_to_2("Open these pages to learn more about XSS") | |
self.print_to_2(xss_example_site1) | |
self.print_to_2(xss_example_site2) | |
def sql_learning(self): | |
ctf_wiki = "https://ctf-wiki.org/en/" | |
sql_wiki = "https://en.wikipedia.org/wiki/SQL_injection" | |
sql_example1 = "' OR '1'='1' --" | |
sql_example2 = "' OR '1'='1' #" | |
sql_example_site1 = "https://www.acunetix.com/websitesecurity/sql-injection/" | |
sql_example_site2 = "https://owasp.org/www-community/attacks/SQL_Injection" | |
sql_example_site3 = "https://www.guru99.com/learn-sql-injection-with-practical-example.html" | |
self.print_to_2("Maybe you could learn something about SQL injection attack") | |
self.print_to_2(ctf_wiki) | |
self.print_to_2(sql_wiki) | |
self.print_to_2("You can try the following example to see if there is an SQL injection attack") | |
self.print_to_2("-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite --") | |
self.print_to_2(sql_example1) | |
self.print_to_2(sql_example2) | |
self.print_to_2("Open these pages to learn more about SQL injection attack") | |
self.print_to_2(sql_example_site1) | |
self.print_to_2(sql_example_site2) | |
self.print_to_2(sql_example_site3) | |
def weak_learning(self): | |
ctf_wiki = "https://ctf-wiki.org/en/" | |
weak_example_site1 = "https://solutionsreview.com/identity-management/the-top-7-password-attack-methods-and-how-to-prevent-them/" | |
weak_example_site2 = "https://threatmodeler.com/top-5-password-attack-types-and-how-to-prevent-them/" | |
weak_example_site3 = "https://www.onelogin.com/learn/6-types-password-attacks" | |
weak_example_site4 = "https://www.sciencedirect.com/topics/computer-science/weak-password" | |
weak_example_site5 = "https://www.nopsec.com/weak-passwords-exploit/" | |
self.print_to_2("Maybe you could learn something about Weak Password Detect") | |
self.print_to_2(ctf_wiki) | |
self.print_to_2("Open these pages to learn more about Weak Password Detect") | |
self.print_to_2(weak_example_site1) | |
self.print_to_2(weak_example_site2) | |
self.print_to_2(weak_example_site3) | |
self.print_to_2(weak_example_site4) | |
self.print_to_2(weak_example_site5) | |
def xss_attack(self): | |
GET = True | |
Url = self.textEdit.toPlainText() | |
cookies = {} | |
if (self.textEdit_3.toPlainText()): | |
try: | |
with open("database\\cookie.txt", 'r') as f: | |
cookies = json.loads(f.read().replace('\'', '"')) | |
except Exception as e: | |
self.print_to("Cookie Error:" + e) | |
exit(-1) | |
with open("database\\payloads.txt", 'r') as f: | |
payloads = [] | |
for eachline in f: | |
payloads.append(eachline[:-1]) | |
f.close() | |
result = xssDetect.detect(Url, payloads, GET, cookies) | |
outStr = "" | |
for url in result.keys(): | |
thisLine = "result of %s: \n" % url | |
for param in result[url].keys(): | |
tmp = "\tParam %s: \n" % param | |
for eachPayload in result[url][param]: | |
tmp += "\t\t%s\n" % eachPayload | |
if len(tmp) != len("\tParam %s: \n" % param): | |
thisLine += tmp | |
if len(thisLine) != len("result of %s: \n" % url): | |
outStr += thisLine | |
outStr += "\n" | |
if len(outStr) != 0: | |
self.print_to(outStr) | |
else: | |
self.print_to("Seems no XSS here...") | |
self.print_to("XSS DETECT finished\n") | |
def sql_attack(self): | |
Url = self.textEdit.toPlainText() | |
cookies = {} | |
if (self.textEdit_3.toPlainText()): | |
try: | |
with open("database\\cookie.txt", 'r') as f: | |
cookies = json.loads(f.read().replace('\'', '"')) | |
except Exception as e: | |
self.print_to("Cookie Error:" + e) | |
exit(-1) | |
with open("database\\payloads.txt", 'r') as f: | |
payloads = [] | |
for eachline in f: | |
payloads.append(eachline[:-1]) | |
f.close() | |
if cookies: | |
command = "python ScanQLi\\scanqli.py -u %s -c %s" % (Url, json.dumps(cookies)) | |
else: | |
command = "python ScanQLi\\scanqli.py -u %s" % Url | |
content = os.popen(command).read() | |
self.print_to(content) | |
def weak_attack(self): | |
Url = self.textEdit.toPlainText() | |
GET = True | |
para = self.textEdit_4.toPlainText() | |
para_list = para.split() | |
if (len(para_list) == 2): | |
ans = weakPasswordDetect.detect(Url, para_list, GET) | |
else: | |
ans = weakPasswordDetect.detect(Url, para_list, GET) | |
if ans: | |
self.print_to("-----------------------------------------") | |
self.print_to("result:") | |
for each in ans: | |
self.print_to("Username: %s, Password: %s" % (each[0], each[1])) | |
self.print_to("-----------------------------------------") | |
else: | |
self.print_to("-----------------------------------------") | |
self.print_to("result:") | |
self.print_to("Weak Password Detector: Seems no more weak password here...") | |
self.print_to("-----------------------------------------") | |
def start_attack(self): | |
flag = self.distinguish_way() | |
if (flag==1): | |
self.xss_attack() | |
self.xss_learning() | |
if (flag==2): | |
self.sql_attack() | |
self.sql_learning() | |
if (flag==3): | |
self.weak_attack() | |
self.weak_learning() | |
def test(self): | |
self.print_to("hello") | |
def setupUi(self, MainWindow): | |
MainWindow.setObjectName("MainWindow") | |
MainWindow.resize(2100, 591) | |
self.centralwidget = QtWidgets.QWidget(MainWindow) | |
self.centralwidget.setObjectName("centralwidget") | |
self.gridLayout = QtWidgets.QGridLayout(self.centralwidget) | |
self.gridLayout.setObjectName("gridLayout") | |
self.pushButton = QtWidgets.QPushButton(self.centralwidget) | |
font = QtGui.QFont() | |
font.setFamily("Comic Sans MS") | |
font.setPointSize(16) | |
font.setItalic(True) | |
self.pushButton.setFont(font) | |
self.pushButton.setObjectName("pushButton") | |
self.gridLayout.addWidget(self.pushButton, 15, 0, 1, 4) | |
self.label_4 = QtWidgets.QLabel(self.centralwidget) | |
font = QtGui.QFont() | |
font.setFamily("Arial") | |
font.setPointSize(10) | |
self.label_4.setFont(font) | |
self.label_4.setObjectName("label_4") | |
self.gridLayout.addWidget(self.label_4, 11, 0, 1, 1) | |
self.textEdit = QtWidgets.QTextEdit(self.centralwidget) | |
self.textEdit.setObjectName("textEdit") | |
self.gridLayout.addWidget(self.textEdit, 2, 0, 1, 4) | |
self.radioButton = QtWidgets.QRadioButton(self.centralwidget) | |
self.radioButton.setObjectName("radioButton") | |
self.buttonGroup_2 = QtWidgets.QButtonGroup(MainWindow) | |
self.buttonGroup_2.setObjectName("buttonGroup_2") | |
self.buttonGroup_2.addButton(self.radioButton) | |
self.gridLayout.addWidget(self.radioButton, 5, 0, 1, 1) | |
self.label = QtWidgets.QLabel(self.centralwidget) | |
font = QtGui.QFont() | |
font.setFamily("Arial") | |
font.setPointSize(14) | |
self.label.setFont(font) | |
self.label.setObjectName("label") | |
self.gridLayout.addWidget(self.label, 0, 0, 1, 3) | |
self.label_3 = QtWidgets.QLabel(self.centralwidget) | |
font = QtGui.QFont() | |
font.setFamily("Arial") | |
font.setPointSize(10) | |
self.label_3.setFont(font) | |
self.label_3.setObjectName("label_3") | |
self.gridLayout.addWidget(self.label_3, 9, 0, 1, 1) | |
self.textEdit_3 = QtWidgets.QTextEdit(self.centralwidget) | |
self.textEdit_3.setObjectName("textEdit_3") | |
self.gridLayout.addWidget(self.textEdit_3, 12, 0, 1, 4) | |
self.radioButton_2 = QtWidgets.QRadioButton(self.centralwidget) | |
self.radioButton_2.setObjectName("radioButton_2") | |
self.buttonGroup_2.addButton(self.radioButton_2) | |
self.gridLayout.addWidget(self.radioButton_2, 3, 0, 1, 1) | |
self.textEdit_2 = QtWidgets.QTextEdit(self.centralwidget) | |
self.textEdit_2.setObjectName("textEdit_2") | |
self.gridLayout.addWidget(self.textEdit_2, 10, 0, 1, 4) | |
self.label_2 = QtWidgets.QLabel(self.centralwidget) | |
font = QtGui.QFont() | |
font.setFamily("Arial") | |
font.setPointSize(14) | |
self.label_2.setFont(font) | |
self.label_2.setObjectName("label_2") | |
self.gridLayout.addWidget(self.label_2, 1, 0, 1, 1) | |
self.label_5 = QtWidgets.QLabel(self.centralwidget) | |
font = QtGui.QFont() | |
font.setFamily("Arial") | |
font.setPointSize(10) | |
self.label_5.setFont(font) | |
self.label_5.setObjectName("label_5") | |
self.gridLayout.addWidget(self.label_5, 13, 0, 1, 1) | |
self.radioButton_3 = QtWidgets.QRadioButton(self.centralwidget) | |
self.radioButton_3.setObjectName("radioButton_3") | |
self.buttonGroup_2.addButton(self.radioButton_3) | |
self.gridLayout.addWidget(self.radioButton_3, 3, 1, 1, 1) | |
self.textEdit_4 = QtWidgets.QTextEdit(self.centralwidget) | |
self.textEdit_4.setObjectName("textEdit_4") | |
self.gridLayout.addWidget(self.textEdit_4, 14, 0, 1, 4) | |
self.radioButton_5 = QtWidgets.QRadioButton(self.centralwidget) | |
self.radioButton_5.setObjectName("radioButton_5") | |
self.buttonGroup = QtWidgets.QButtonGroup(MainWindow) | |
self.buttonGroup.setObjectName("buttonGroup") | |
self.buttonGroup.addButton(self.radioButton_5) | |
self.gridLayout.addWidget(self.radioButton_5, 6, 1, 1, 1) | |
self.radioButton_4 = QtWidgets.QRadioButton(self.centralwidget) | |
self.radioButton_4.setObjectName("radioButton_4") | |
self.buttonGroup.addButton(self.radioButton_4) | |
self.gridLayout.addWidget(self.radioButton_4, 5, 1, 1, 1) | |
self.textBrowser = QtWidgets.QTextBrowser(self.centralwidget) | |
self.textBrowser.setObjectName("textBrowser") | |
self.gridLayout.addWidget(self.textBrowser, 0, 4, 13, 1) | |
self.textBrowser_2 = QtWidgets.QTextBrowser(self.centralwidget) | |
self.textBrowser_2.setObjectName("textBrowser_2") | |
self.gridLayout.addWidget(self.textBrowser_2, 13, 4, 3, 1) | |
MainWindow.setCentralWidget(self.centralwidget) | |
self.menubar = QtWidgets.QMenuBar(MainWindow) | |
self.menubar.setGeometry(QtCore.QRect(0, 0, 812, 22)) | |
self.menubar.setObjectName("menubar") | |
MainWindow.setMenuBar(self.menubar) | |
self.statusbar = QtWidgets.QStatusBar(MainWindow) | |
self.statusbar.setObjectName("statusbar") | |
MainWindow.setStatusBar(self.statusbar) | |
# self.pushButton.clicked.connect(self.test) | |
# self.pushButton.clicked.connect(self.xss_attack) | |
# self.pushButton.clicked.connect(self.sql_attack) | |
#self.pushButton.clicked.connect(self.weak_attack) | |
self.pushButton.clicked.connect(self.start_attack) | |
self.retranslateUi(MainWindow) | |
QtCore.QMetaObject.connectSlotsByName(MainWindow) | |
def retranslateUi(self, MainWindow): | |
_translate = QtCore.QCoreApplication.translate | |
MainWindow.setWindowTitle(_translate("MainWindow", "CTFTOOL")) | |
self.pushButton.setText(_translate("MainWindow", "ATTACK")) | |
self.label_4.setText(_translate("MainWindow", "cookie(json type)")) | |
self.radioButton.setText(_translate("MainWindow", "XssScan")) | |
self.label.setText(_translate("MainWindow", "CTF TOOL")) | |
self.label_3.setText(_translate("MainWindow", "header")) | |
self.radioButton_2.setText(_translate("MainWindow", "SqlScan")) | |
self.label_2.setText(_translate("MainWindow", "URL")) | |
self.label_5.setText(_translate("MainWindow", "WeakPasswordParam(eg user password admin)")) | |
self.radioButton_3.setText(_translate("MainWindow", "WeakPasswordScan")) | |
self.radioButton_5.setText(_translate("MainWindow", "POST")) | |
self.radioButton_4.setText(_translate("MainWindow", "GET")) |