Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

300COM-10703337/flower.py

Go to file
 
 
Cannot retrieve contributors at this time
334 lines (299 sloc) 14.4 KB
Raw Blame
Open in GitHub Desktop
# -*- coding: utf-8 -*-
# Form implementation generated from reading ui file '.\Flower.ui'
#
# Created by: PyQt5 UI code generator 5.15.2
#
# WARNING: Any manual changes made to this file will be lost when pyuic5 is
# run again. Do not edit this file unless you know what you are doing.
from PyQt5 import QtCore, QtGui, QtWidgets
import json
import xssDetect
import weakPasswordDetect
import scan
import argparse
import config
import os
class Ui_MainWindow(object):
def print_to(self, mystr):
self.textBrowser.append(mystr)
self.cursor = self.textBrowser.textCursor()
self.textBrowser.moveCursor(self.cursor.End)
QtWidgets.QApplication.processEvents()
def print_to_2(self, mystr):
self.textBrowser_2.append(mystr)
self.cursor = self.textBrowser_2.textCursor()
self.textBrowser_2.moveCursor(self.cursor.End)
QtWidgets.QApplication.processEvents()
def distinguish_way(self):
flag = 0
if (self.radioButton_2.isChecked()):
flag = 2
if (self.radioButton.isChecked()):
flag = 1
if (self.radioButton_3.isChecked()):
flag = 3
return flag
def distinguish_method(self):
method = ""
if (self.radioButton_4.isChecked()):
method = "GET"
if (self.radioButton_5.isChecked()):
method = "POST"
return method
def xss_learning(self):
ctf_wiki = "https://ctf-wiki.org/en/"
xss_wiki = "https://en.wikipedia.org/wiki/Cross-site_scripting"
xss_example1 = "alert(1);"
xss_example_site1 = "https://www.acunetix.com/websitesecurity/cross-site-scripting/"
xss_example_site2 = "https://pentest-tools.com/blog/xss-attacks-practical-scenarios/"
self.print_to_2("Maybe you could learn something about XSS attacks")
self.print_to_2(ctf_wiki)
self.print_to_2(xss_wiki)
self.print_to_2("You can try the following example to see if there is an XSS attack")
self.print_to_2(xss_example1)
self.print_to_2("Open these pages to learn more about XSS")
self.print_to_2(xss_example_site1)
self.print_to_2(xss_example_site2)
def sql_learning(self):
ctf_wiki = "https://ctf-wiki.org/en/"
sql_wiki = "https://en.wikipedia.org/wiki/SQL_injection"
sql_example1 = "' OR '1'='1' --"
sql_example2 = "' OR '1'='1' #"
sql_example_site1 = "https://www.acunetix.com/websitesecurity/sql-injection/"
sql_example_site2 = "https://owasp.org/www-community/attacks/SQL_Injection"
sql_example_site3 = "https://www.guru99.com/learn-sql-injection-with-practical-example.html"
self.print_to_2("Maybe you could learn something about SQL injection attack")
self.print_to_2(ctf_wiki)
self.print_to_2(sql_wiki)
self.print_to_2("You can try the following example to see if there is an SQL injection attack")
self.print_to_2("-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite --")
self.print_to_2(sql_example1)
self.print_to_2(sql_example2)
self.print_to_2("Open these pages to learn more about SQL injection attack")
self.print_to_2(sql_example_site1)
self.print_to_2(sql_example_site2)
self.print_to_2(sql_example_site3)
def weak_learning(self):
ctf_wiki = "https://ctf-wiki.org/en/"
weak_example_site1 = "https://solutionsreview.com/identity-management/the-top-7-password-attack-methods-and-how-to-prevent-them/"
weak_example_site2 = "https://threatmodeler.com/top-5-password-attack-types-and-how-to-prevent-them/"
weak_example_site3 = "https://www.onelogin.com/learn/6-types-password-attacks"
weak_example_site4 = "https://www.sciencedirect.com/topics/computer-science/weak-password"
weak_example_site5 = "https://www.nopsec.com/weak-passwords-exploit/"
self.print_to_2("Maybe you could learn something about Weak Password Detect")
self.print_to_2(ctf_wiki)
self.print_to_2("Open these pages to learn more about Weak Password Detect")
self.print_to_2(weak_example_site1)
self.print_to_2(weak_example_site2)
self.print_to_2(weak_example_site3)
self.print_to_2(weak_example_site4)
self.print_to_2(weak_example_site5)
def xss_attack(self):
GET = True
Url = self.textEdit.toPlainText()
cookies = {}
if (self.textEdit_3.toPlainText()):
try:
with open("database\\cookie.txt", 'r') as f:
cookies = json.loads(f.read().replace('\'', '"'))
except Exception as e:
self.print_to("Cookie Error:" + e)
exit(-1)
with open("database\\payloads.txt", 'r') as f:
payloads = []
for eachline in f:
payloads.append(eachline[:-1])
f.close()
result = xssDetect.detect(Url, payloads, GET, cookies)
outStr = ""
for url in result.keys():
thisLine = "result of %s: \n" % url
for param in result[url].keys():
tmp = "\tParam %s: \n" % param
for eachPayload in result[url][param]:
tmp += "\t\t%s\n" % eachPayload
if len(tmp) != len("\tParam %s: \n" % param):
thisLine += tmp
if len(thisLine) != len("result of %s: \n" % url):
outStr += thisLine
outStr += "\n"
if len(outStr) != 0:
self.print_to(outStr)
else:
self.print_to("Seems no XSS here...")
self.print_to("XSS DETECT finished\n")
def sql_attack(self):
Url = self.textEdit.toPlainText()
cookies = {}
if (self.textEdit_3.toPlainText()):
try:
with open("database\\cookie.txt", 'r') as f:
cookies = json.loads(f.read().replace('\'', '"'))
except Exception as e:
self.print_to("Cookie Error:" + e)
exit(-1)
with open("database\\payloads.txt", 'r') as f:
payloads = []
for eachline in f:
payloads.append(eachline[:-1])
f.close()
if cookies:
command = "python ScanQLi\\scanqli.py -u %s -c %s" % (Url, json.dumps(cookies))
else:
command = "python ScanQLi\\scanqli.py -u %s" % Url
content = os.popen(command).read()
self.print_to(content)
def weak_attack(self):
Url = self.textEdit.toPlainText()
GET = True
para = self.textEdit_4.toPlainText()
para_list = para.split()
if (len(para_list) == 2):
ans = weakPasswordDetect.detect(Url, para_list, GET)
else:
ans = weakPasswordDetect.detect(Url, para_list, GET)
if ans:
self.print_to("-----------------------------------------")
self.print_to("result:")
for each in ans:
self.print_to("Username: %s, Password: %s" % (each[0], each[1]))
self.print_to("-----------------------------------------")
else:
self.print_to("-----------------------------------------")
self.print_to("result:")
self.print_to("Weak Password Detector: Seems no more weak password here...")
self.print_to("-----------------------------------------")
def start_attack(self):
flag = self.distinguish_way()
if (flag==1):
self.xss_attack()
self.xss_learning()
if (flag==2):
self.sql_attack()
self.sql_learning()
if (flag==3):
self.weak_attack()
self.weak_learning()
def test(self):
self.print_to("hello")
def setupUi(self, MainWindow):
MainWindow.setObjectName("MainWindow")
MainWindow.resize(2100, 591)
self.centralwidget = QtWidgets.QWidget(MainWindow)
self.centralwidget.setObjectName("centralwidget")
self.gridLayout = QtWidgets.QGridLayout(self.centralwidget)
self.gridLayout.setObjectName("gridLayout")
self.pushButton = QtWidgets.QPushButton(self.centralwidget)
font = QtGui.QFont()
font.setFamily("Comic Sans MS")
font.setPointSize(16)
font.setItalic(True)
self.pushButton.setFont(font)
self.pushButton.setObjectName("pushButton")
self.gridLayout.addWidget(self.pushButton, 15, 0, 1, 4)
self.label_4 = QtWidgets.QLabel(self.centralwidget)
font = QtGui.QFont()
font.setFamily("Arial")
font.setPointSize(10)
self.label_4.setFont(font)
self.label_4.setObjectName("label_4")
self.gridLayout.addWidget(self.label_4, 11, 0, 1, 1)
self.textEdit = QtWidgets.QTextEdit(self.centralwidget)
self.textEdit.setObjectName("textEdit")
self.gridLayout.addWidget(self.textEdit, 2, 0, 1, 4)
self.radioButton = QtWidgets.QRadioButton(self.centralwidget)
self.radioButton.setObjectName("radioButton")
self.buttonGroup_2 = QtWidgets.QButtonGroup(MainWindow)
self.buttonGroup_2.setObjectName("buttonGroup_2")
self.buttonGroup_2.addButton(self.radioButton)
self.gridLayout.addWidget(self.radioButton, 5, 0, 1, 1)
self.label = QtWidgets.QLabel(self.centralwidget)
font = QtGui.QFont()
font.setFamily("Arial")
font.setPointSize(14)
self.label.setFont(font)
self.label.setObjectName("label")
self.gridLayout.addWidget(self.label, 0, 0, 1, 3)
self.label_3 = QtWidgets.QLabel(self.centralwidget)
font = QtGui.QFont()
font.setFamily("Arial")
font.setPointSize(10)
self.label_3.setFont(font)
self.label_3.setObjectName("label_3")
self.gridLayout.addWidget(self.label_3, 9, 0, 1, 1)
self.textEdit_3 = QtWidgets.QTextEdit(self.centralwidget)
self.textEdit_3.setObjectName("textEdit_3")
self.gridLayout.addWidget(self.textEdit_3, 12, 0, 1, 4)
self.radioButton_2 = QtWidgets.QRadioButton(self.centralwidget)
self.radioButton_2.setObjectName("radioButton_2")
self.buttonGroup_2.addButton(self.radioButton_2)
self.gridLayout.addWidget(self.radioButton_2, 3, 0, 1, 1)
self.textEdit_2 = QtWidgets.QTextEdit(self.centralwidget)
self.textEdit_2.setObjectName("textEdit_2")
self.gridLayout.addWidget(self.textEdit_2, 10, 0, 1, 4)
self.label_2 = QtWidgets.QLabel(self.centralwidget)
font = QtGui.QFont()
font.setFamily("Arial")
font.setPointSize(14)
self.label_2.setFont(font)
self.label_2.setObjectName("label_2")
self.gridLayout.addWidget(self.label_2, 1, 0, 1, 1)
self.label_5 = QtWidgets.QLabel(self.centralwidget)
font = QtGui.QFont()
font.setFamily("Arial")
font.setPointSize(10)
self.label_5.setFont(font)
self.label_5.setObjectName("label_5")
self.gridLayout.addWidget(self.label_5, 13, 0, 1, 1)
self.radioButton_3 = QtWidgets.QRadioButton(self.centralwidget)
self.radioButton_3.setObjectName("radioButton_3")
self.buttonGroup_2.addButton(self.radioButton_3)
self.gridLayout.addWidget(self.radioButton_3, 3, 1, 1, 1)
self.textEdit_4 = QtWidgets.QTextEdit(self.centralwidget)
self.textEdit_4.setObjectName("textEdit_4")
self.gridLayout.addWidget(self.textEdit_4, 14, 0, 1, 4)
self.radioButton_5 = QtWidgets.QRadioButton(self.centralwidget)
self.radioButton_5.setObjectName("radioButton_5")
self.buttonGroup = QtWidgets.QButtonGroup(MainWindow)
self.buttonGroup.setObjectName("buttonGroup")
self.buttonGroup.addButton(self.radioButton_5)
self.gridLayout.addWidget(self.radioButton_5, 6, 1, 1, 1)
self.radioButton_4 = QtWidgets.QRadioButton(self.centralwidget)
self.radioButton_4.setObjectName("radioButton_4")
self.buttonGroup.addButton(self.radioButton_4)
self.gridLayout.addWidget(self.radioButton_4, 5, 1, 1, 1)
self.textBrowser = QtWidgets.QTextBrowser(self.centralwidget)
self.textBrowser.setObjectName("textBrowser")
self.gridLayout.addWidget(self.textBrowser, 0, 4, 13, 1)
self.textBrowser_2 = QtWidgets.QTextBrowser(self.centralwidget)
self.textBrowser_2.setObjectName("textBrowser_2")
self.gridLayout.addWidget(self.textBrowser_2, 13, 4, 3, 1)
MainWindow.setCentralWidget(self.centralwidget)
self.menubar = QtWidgets.QMenuBar(MainWindow)
self.menubar.setGeometry(QtCore.QRect(0, 0, 812, 22))
self.menubar.setObjectName("menubar")
MainWindow.setMenuBar(self.menubar)
self.statusbar = QtWidgets.QStatusBar(MainWindow)
self.statusbar.setObjectName("statusbar")
MainWindow.setStatusBar(self.statusbar)
# self.pushButton.clicked.connect(self.test)
# self.pushButton.clicked.connect(self.xss_attack)
# self.pushButton.clicked.connect(self.sql_attack)
#self.pushButton.clicked.connect(self.weak_attack)
self.pushButton.clicked.connect(self.start_attack)
self.retranslateUi(MainWindow)
QtCore.QMetaObject.connectSlotsByName(MainWindow)
def retranslateUi(self, MainWindow):
_translate = QtCore.QCoreApplication.translate
MainWindow.setWindowTitle(_translate("MainWindow", "CTFTOOL"))
self.pushButton.setText(_translate("MainWindow", "ATTACK"))
self.label_4.setText(_translate("MainWindow", "cookie(json type)"))
self.radioButton.setText(_translate("MainWindow", "XssScan"))
self.label.setText(_translate("MainWindow", "CTF TOOL"))
self.label_3.setText(_translate("MainWindow", "header"))
self.radioButton_2.setText(_translate("MainWindow", "SqlScan"))
self.label_2.setText(_translate("MainWindow", "URL"))
self.label_5.setText(_translate("MainWindow", "WeakPasswordParam(eg user password admin)"))
self.radioButton_3.setText(_translate("MainWindow", "WeakPasswordScan"))
self.radioButton_5.setText(_translate("MainWindow", "POST"))
self.radioButton_4.setText(_translate("MainWindow", "GET"))