Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
77 changed files
with
210,609 additions
and
0 deletions.
There are no files selected for viewing
BIN
+10 KB
.DS_Store
Binary file not shown.
Some generated files are not rendered by default. Learn more.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more.
Oops, something went wrong.
182
Flower.ui
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,182 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<ui version="4.0"> | ||
<class>MainWindow</class> | ||
<widget class="QMainWindow" name="MainWindow"> | ||
<property name="geometry"> | ||
<rect> | ||
<x>0</x> | ||
<y>0</y> | ||
<width>1181</width> | ||
<height>610</height> | ||
</rect> | ||
</property> | ||
<property name="windowTitle"> | ||
<string>MainWindow</string> | ||
</property> | ||
<widget class="QWidget" name="centralwidget"> | ||
<layout class="QGridLayout" name="gridLayout"> | ||
<item row="1" column="0"> | ||
<widget class="QLabel" name="label_2"> | ||
<property name="font"> | ||
<font> | ||
<family>Arial</family> | ||
<pointsize>14</pointsize> | ||
</font> | ||
</property> | ||
<property name="text"> | ||
<string>URL</string> | ||
</property> | ||
</widget> | ||
</item> | ||
<item row="8" column="0"> | ||
<widget class="QLabel" name="label_3"> | ||
<property name="font"> | ||
<font> | ||
<family>Arial</family> | ||
<pointsize>14</pointsize> | ||
</font> | ||
</property> | ||
<property name="text"> | ||
<string>header</string> | ||
</property> | ||
</widget> | ||
</item> | ||
<item row="14" column="0" colspan="4"> | ||
<widget class="QPushButton" name="pushButton"> | ||
<property name="font"> | ||
<font> | ||
<family>Comic Sans MS</family> | ||
<pointsize>16</pointsize> | ||
<italic>true</italic> | ||
</font> | ||
</property> | ||
<property name="text"> | ||
<string>ATTACK</string> | ||
</property> | ||
</widget> | ||
</item> | ||
<item row="9" column="0" colspan="4"> | ||
<widget class="QTextEdit" name="textEdit_2"/> | ||
</item> | ||
<item row="0" column="4" rowspan="15"> | ||
<widget class="QTextBrowser" name="textBrowser"/> | ||
</item> | ||
<item row="11" column="0" colspan="4"> | ||
<widget class="QTextEdit" name="textEdit_3"/> | ||
</item> | ||
<item row="4" column="1"> | ||
<widget class="QRadioButton" name="radioButton_4"> | ||
<property name="text"> | ||
<string>GET</string> | ||
</property> | ||
<attribute name="buttonGroup"> | ||
<string notr="true">buttonGroup</string> | ||
</attribute> | ||
</widget> | ||
</item> | ||
<item row="0" column="0" colspan="3"> | ||
<widget class="QLabel" name="label"> | ||
<property name="font"> | ||
<font> | ||
<family>Arial</family> | ||
<pointsize>14</pointsize> | ||
</font> | ||
</property> | ||
<property name="text"> | ||
<string>CTF TOOL</string> | ||
</property> | ||
</widget> | ||
</item> | ||
<item row="10" column="0"> | ||
<widget class="QLabel" name="label_4"> | ||
<property name="font"> | ||
<font> | ||
<family>Arial</family> | ||
<pointsize>14</pointsize> | ||
</font> | ||
</property> | ||
<property name="text"> | ||
<string>cookie</string> | ||
</property> | ||
</widget> | ||
</item> | ||
<item row="5" column="1"> | ||
<widget class="QRadioButton" name="radioButton_5"> | ||
<property name="text"> | ||
<string>POST</string> | ||
</property> | ||
<attribute name="buttonGroup"> | ||
<string notr="true">buttonGroup</string> | ||
</attribute> | ||
</widget> | ||
</item> | ||
<item row="12" column="0"> | ||
<widget class="QLabel" name="label_5"> | ||
<property name="font"> | ||
<font> | ||
<family>Arial</family> | ||
<pointsize>14</pointsize> | ||
</font> | ||
</property> | ||
<property name="text"> | ||
<string>WeakPasswordPara</string> | ||
</property> | ||
</widget> | ||
</item> | ||
<item row="2" column="0" colspan="4"> | ||
<widget class="QTextEdit" name="textEdit"/> | ||
</item> | ||
<item row="13" column="0" colspan="4"> | ||
<widget class="QTextEdit" name="textEdit_4"/> | ||
</item> | ||
<item row="3" column="1"> | ||
<widget class="QRadioButton" name="radioButton_3"> | ||
<property name="text"> | ||
<string>WeakPasswordScan</string> | ||
</property> | ||
<attribute name="buttonGroup"> | ||
<string notr="true">buttonGroup_2</string> | ||
</attribute> | ||
</widget> | ||
</item> | ||
<item row="3" column="0"> | ||
<widget class="QRadioButton" name="radioButton_2"> | ||
<property name="text"> | ||
<string>SqlScan</string> | ||
</property> | ||
<attribute name="buttonGroup"> | ||
<string notr="true">buttonGroup_2</string> | ||
</attribute> | ||
</widget> | ||
</item> | ||
<item row="4" column="0"> | ||
<widget class="QRadioButton" name="radioButton"> | ||
<property name="text"> | ||
<string>XssScan</string> | ||
</property> | ||
<attribute name="buttonGroup"> | ||
<string notr="true">buttonGroup_2</string> | ||
</attribute> | ||
</widget> | ||
</item> | ||
</layout> | ||
</widget> | ||
<widget class="QMenuBar" name="menubar"> | ||
<property name="geometry"> | ||
<rect> | ||
<x>0</x> | ||
<y>0</y> | ||
<width>1181</width> | ||
<height>22</height> | ||
</rect> | ||
</property> | ||
</widget> | ||
<widget class="QStatusBar" name="statusbar"/> | ||
</widget> | ||
<resources/> | ||
<connections/> | ||
<buttongroups> | ||
<buttongroup name="buttonGroup"/> | ||
<buttongroup name="buttonGroup_2"/> | ||
</buttongroups> | ||
</ui> |
125
FlowerScanner.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
import json | ||
import xssDetect | ||
import weakPasswordDetect | ||
import scan | ||
import argparse | ||
import config | ||
import os | ||
|
||
# for FlowerPlay: | ||
# localStorage = {} | ||
# localStorage['vuex'] = '{"user":{"userInfo":{"username":"test","IsAdmin":false,"uuid":"d3fdc539-a242-441a-91c0-e1b59bcd4e38","email":"a@a.wwa"},"token":"asdasdasd","expiresAt":"2020/10/16"}}' | ||
|
||
parser = argparse.ArgumentParser() | ||
parser.add_argument('-u', '--url', dest="url") | ||
parser.add_argument('--header', dest="header", action="store_true") | ||
parser.add_argument('--cookie', dest="cookie", action="store_true") | ||
parser.add_argument('-t', '--threads', dest="threadsCount") | ||
parser.add_argument('--timeout', dest="timeout") | ||
parser.add_argument('-A', '--all', dest="All", action="store_true") | ||
parser.add_argument('-o', '--output', dest="output") | ||
parser.add_argument('--GET', dest="GET", action="store_true") | ||
parser.add_argument('--POST', dest="POST", action="store_true") | ||
parser.add_argument('--vue', dest="vue", action="store_true") | ||
|
||
args = parser.parse_args() | ||
|
||
Url = args.url | ||
threadsCount = args.threadsCount | ||
timeout = args.timeout | ||
All = args.All | ||
output = args.output | ||
GET = args.GET | ||
POST = args.POST | ||
cookie = args.cookie | ||
header = args.header | ||
vue = args.vue | ||
|
||
|
||
f = open("database\\logo.txt", 'r') | ||
logo = f.read() | ||
f.close() | ||
|
||
|
||
|
||
config.menu += logo | ||
config.menu += ''' | ||
1. XssScan | ||
2. SqlScan | ||
3. WeakPasswordScan | ||
4. Exit | ||
> ''' | ||
|
||
if GET: | ||
GET = True | ||
POST = False | ||
else: | ||
GET = False | ||
POST = True | ||
|
||
if type(header) == str: | ||
with open(header, 'r') as h: | ||
config.headers = h.read() | ||
|
||
cookies = {} | ||
if cookie: | ||
try: | ||
with open("database\\cookie.txt", 'r') as f: | ||
cookies = json.loads(f.read().replace('\'', '"')) | ||
|
||
except Exception as e: | ||
print("Cookie Error:" + e) | ||
exit(-1) | ||
|
||
with open("database\\payloads.txt", 'r') as f: | ||
payloads = [] | ||
|
||
for eachline in f: | ||
payloads.append(eachline[:-1]) | ||
|
||
os.system("chcp 65001") | ||
os.system("cls") | ||
|
||
while True: | ||
print(config.menu, end='') | ||
choose = input() | ||
if choose == '1': | ||
result = xssDetect.detect(Url, payloads, GET, cookies) | ||
outStr = "" | ||
for url in result.keys(): | ||
thisLine = "result of %s: \n" % url | ||
for param in result[url].keys(): | ||
tmp = "\tParam %s: \n" % param | ||
for eachPayload in result[url][param]: | ||
tmp += "\t\t%s\n" % eachPayload | ||
|
||
if len(tmp) != len("\tParam %s: \n" % param): | ||
thisLine += tmp | ||
|
||
if len(thisLine) != len("result of %s: \n" % url): | ||
outStr += thisLine | ||
outStr += "\n" | ||
if len(outStr) != 0: | ||
print(outStr) | ||
else: | ||
print("Seems no XSS here...") | ||
print("XSS DETECT finished\n") | ||
elif choose == '2': | ||
if cookies: | ||
command = "python ScanQLi\\scanqli.py -u %s -c %s" % (Url, json.dumps(cookies)) | ||
else: | ||
command = "python ScanQLi\\scanqli.py -u %s" % Url | ||
|
||
os.system(command) | ||
elif choose == '3': | ||
ans = weakPasswordDetect.detect(Url, GET) | ||
if ans: | ||
print("-----------------------------------------") | ||
print("result:") | ||
for each in ans: | ||
print("Username: %s, Password: %s" % (each[0], each[1])) | ||
print("-----------------------------------------") | ||
elif choose == '4': | ||
print("BYE") | ||
exit(0) |
BIN
+6 KB
ScanQLi/.DS_Store
Binary file not shown.
Oops, something went wrong.