Skip to content
Permalink
Browse files
first commit
  • Loading branch information
luoq10 committed Apr 30, 2021
0 parents commit fa2cf9e23c83d9ee26440db0e47e66f71c40cb84
Show file tree
Hide file tree
Showing 77 changed files with 210,609 additions and 0 deletions.
BIN +10 KB .DS_Store
Binary file not shown.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

Some generated files are not rendered by default. Learn more.

182 Flower.ui
@@ -0,0 +1,182 @@
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>MainWindow</class>
<widget class="QMainWindow" name="MainWindow">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>1181</width>
<height>610</height>
</rect>
</property>
<property name="windowTitle">
<string>MainWindow</string>
</property>
<widget class="QWidget" name="centralwidget">
<layout class="QGridLayout" name="gridLayout">
<item row="1" column="0">
<widget class="QLabel" name="label_2">
<property name="font">
<font>
<family>Arial</family>
<pointsize>14</pointsize>
</font>
</property>
<property name="text">
<string>URL</string>
</property>
</widget>
</item>
<item row="8" column="0">
<widget class="QLabel" name="label_3">
<property name="font">
<font>
<family>Arial</family>
<pointsize>14</pointsize>
</font>
</property>
<property name="text">
<string>header</string>
</property>
</widget>
</item>
<item row="14" column="0" colspan="4">
<widget class="QPushButton" name="pushButton">
<property name="font">
<font>
<family>Comic Sans MS</family>
<pointsize>16</pointsize>
<italic>true</italic>
</font>
</property>
<property name="text">
<string>ATTACK</string>
</property>
</widget>
</item>
<item row="9" column="0" colspan="4">
<widget class="QTextEdit" name="textEdit_2"/>
</item>
<item row="0" column="4" rowspan="15">
<widget class="QTextBrowser" name="textBrowser"/>
</item>
<item row="11" column="0" colspan="4">
<widget class="QTextEdit" name="textEdit_3"/>
</item>
<item row="4" column="1">
<widget class="QRadioButton" name="radioButton_4">
<property name="text">
<string>GET</string>
</property>
<attribute name="buttonGroup">
<string notr="true">buttonGroup</string>
</attribute>
</widget>
</item>
<item row="0" column="0" colspan="3">
<widget class="QLabel" name="label">
<property name="font">
<font>
<family>Arial</family>
<pointsize>14</pointsize>
</font>
</property>
<property name="text">
<string>CTF TOOL</string>
</property>
</widget>
</item>
<item row="10" column="0">
<widget class="QLabel" name="label_4">
<property name="font">
<font>
<family>Arial</family>
<pointsize>14</pointsize>
</font>
</property>
<property name="text">
<string>cookie</string>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QRadioButton" name="radioButton_5">
<property name="text">
<string>POST</string>
</property>
<attribute name="buttonGroup">
<string notr="true">buttonGroup</string>
</attribute>
</widget>
</item>
<item row="12" column="0">
<widget class="QLabel" name="label_5">
<property name="font">
<font>
<family>Arial</family>
<pointsize>14</pointsize>
</font>
</property>
<property name="text">
<string>WeakPasswordPara</string>
</property>
</widget>
</item>
<item row="2" column="0" colspan="4">
<widget class="QTextEdit" name="textEdit"/>
</item>
<item row="13" column="0" colspan="4">
<widget class="QTextEdit" name="textEdit_4"/>
</item>
<item row="3" column="1">
<widget class="QRadioButton" name="radioButton_3">
<property name="text">
<string>WeakPasswordScan</string>
</property>
<attribute name="buttonGroup">
<string notr="true">buttonGroup_2</string>
</attribute>
</widget>
</item>
<item row="3" column="0">
<widget class="QRadioButton" name="radioButton_2">
<property name="text">
<string>SqlScan</string>
</property>
<attribute name="buttonGroup">
<string notr="true">buttonGroup_2</string>
</attribute>
</widget>
</item>
<item row="4" column="0">
<widget class="QRadioButton" name="radioButton">
<property name="text">
<string>XssScan</string>
</property>
<attribute name="buttonGroup">
<string notr="true">buttonGroup_2</string>
</attribute>
</widget>
</item>
</layout>
</widget>
<widget class="QMenuBar" name="menubar">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>1181</width>
<height>22</height>
</rect>
</property>
</widget>
<widget class="QStatusBar" name="statusbar"/>
</widget>
<resources/>
<connections/>
<buttongroups>
<buttongroup name="buttonGroup"/>
<buttongroup name="buttonGroup_2"/>
</buttongroups>
</ui>
@@ -0,0 +1,125 @@
import json
import xssDetect
import weakPasswordDetect
import scan
import argparse
import config
import os

# for FlowerPlay:
# localStorage = {}
# localStorage['vuex'] = '{"user":{"userInfo":{"username":"test","IsAdmin":false,"uuid":"d3fdc539-a242-441a-91c0-e1b59bcd4e38","email":"a@a.wwa"},"token":"asdasdasd","expiresAt":"2020/10/16"}}'

parser = argparse.ArgumentParser()
parser.add_argument('-u', '--url', dest="url")
parser.add_argument('--header', dest="header", action="store_true")
parser.add_argument('--cookie', dest="cookie", action="store_true")
parser.add_argument('-t', '--threads', dest="threadsCount")
parser.add_argument('--timeout', dest="timeout")
parser.add_argument('-A', '--all', dest="All", action="store_true")
parser.add_argument('-o', '--output', dest="output")
parser.add_argument('--GET', dest="GET", action="store_true")
parser.add_argument('--POST', dest="POST", action="store_true")
parser.add_argument('--vue', dest="vue", action="store_true")

args = parser.parse_args()

Url = args.url
threadsCount = args.threadsCount
timeout = args.timeout
All = args.All
output = args.output
GET = args.GET
POST = args.POST
cookie = args.cookie
header = args.header
vue = args.vue


f = open("database\\logo.txt", 'r')
logo = f.read()
f.close()



config.menu += logo
config.menu += '''
1. XssScan
2. SqlScan
3. WeakPasswordScan
4. Exit
> '''

if GET:
GET = True
POST = False
else:
GET = False
POST = True

if type(header) == str:
with open(header, 'r') as h:
config.headers = h.read()

cookies = {}
if cookie:
try:
with open("database\\cookie.txt", 'r') as f:
cookies = json.loads(f.read().replace('\'', '"'))

except Exception as e:
print("Cookie Error:" + e)
exit(-1)

with open("database\\payloads.txt", 'r') as f:
payloads = []

for eachline in f:
payloads.append(eachline[:-1])

os.system("chcp 65001")
os.system("cls")

while True:
print(config.menu, end='')
choose = input()
if choose == '1':
result = xssDetect.detect(Url, payloads, GET, cookies)
outStr = ""
for url in result.keys():
thisLine = "result of %s: \n" % url
for param in result[url].keys():
tmp = "\tParam %s: \n" % param
for eachPayload in result[url][param]:
tmp += "\t\t%s\n" % eachPayload

if len(tmp) != len("\tParam %s: \n" % param):
thisLine += tmp

if len(thisLine) != len("result of %s: \n" % url):
outStr += thisLine
outStr += "\n"
if len(outStr) != 0:
print(outStr)
else:
print("Seems no XSS here...")
print("XSS DETECT finished\n")
elif choose == '2':
if cookies:
command = "python ScanQLi\\scanqli.py -u %s -c %s" % (Url, json.dumps(cookies))
else:
command = "python ScanQLi\\scanqli.py -u %s" % Url

os.system(command)
elif choose == '3':
ans = weakPasswordDetect.detect(Url, GET)
if ans:
print("-----------------------------------------")
print("result:")
for each in ans:
print("Username: %s, Password: %s" % (each[0], each[1]))
print("-----------------------------------------")
elif choose == '4':
print("BYE")
exit(0)
BIN +6 KB ScanQLi/.DS_Store
Binary file not shown.

0 comments on commit fa2cf9e

Please sign in to comment.