watobo 0.9.21 → 0.9.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (283) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +46 -1
  3. data/bin/nfq_server.rb +0 -9
  4. data/bin/watobo_gui.rb +3 -13
  5. data/custom-views/prettify-json.rb +9 -18
  6. data/icons/watobo.ico +0 -0
  7. data/icons/watobo.ico.old +0 -0
  8. data/lib/watobo.rb +10 -19
  9. data/lib/watobo/adapters.rb +5 -14
  10. data/lib/watobo/adapters/data_store.rb +50 -59
  11. data/lib/watobo/adapters/file/file_store.rb +287 -296
  12. data/lib/watobo/adapters/file/marshal_store.rb +293 -296
  13. data/lib/watobo/adapters/session_store.rb +5 -14
  14. data/lib/watobo/ca.rb +1 -10
  15. data/lib/watobo/config.rb +197 -206
  16. data/lib/watobo/constants.rb +0 -9
  17. data/lib/watobo/core.rb +3 -12
  18. data/lib/watobo/core/active_check.rb +72 -135
  19. data/lib/watobo/core/active_checks.rb +49 -58
  20. data/lib/watobo/core/ca.rb +369 -389
  21. data/lib/watobo/core/cert_store.rb +34 -43
  22. data/lib/watobo/core/chat.rb +92 -101
  23. data/lib/watobo/core/chats.rb +271 -280
  24. data/lib/watobo/core/client_cert_store.rb +106 -35
  25. data/lib/watobo/core/conversation.rb +48 -57
  26. data/lib/watobo/core/cookie.rb +23 -32
  27. data/lib/watobo/core/egress_handlers.rb +98 -0
  28. data/lib/watobo/core/finding.rb +66 -75
  29. data/lib/watobo/core/findings.rb +107 -114
  30. data/lib/watobo/core/forwarding_proxy.rb +13 -22
  31. data/lib/watobo/core/fuzz_gen.rb +0 -9
  32. data/lib/watobo/core/intercept_carver.rb +166 -177
  33. data/lib/watobo/core/intercept_filter.rb +235 -244
  34. data/lib/watobo/core/interceptor.rb +98 -107
  35. data/lib/watobo/core/min_class.rb +4 -13
  36. data/lib/watobo/core/netfilter_queue.rb +170 -179
  37. data/lib/watobo/core/ott_cache.rb +132 -141
  38. data/lib/watobo/core/parameter.rb +43 -52
  39. data/lib/watobo/core/passive_check.rb +103 -102
  40. data/lib/watobo/core/passive_checks.rb +48 -57
  41. data/lib/watobo/core/passive_scanner.rb +54 -55
  42. data/lib/watobo/core/plugin.rb +11 -20
  43. data/lib/watobo/core/project.rb +3 -9
  44. data/lib/watobo/core/proxy.rb +43 -52
  45. data/lib/watobo/core/request.rb +125 -123
  46. data/lib/watobo/core/response.rb +44 -53
  47. data/lib/watobo/core/scanner.rb +0 -9
  48. data/lib/watobo/core/scanner3.rb +405 -414
  49. data/lib/watobo/core/scope.rb +83 -92
  50. data/lib/watobo/core/session.rb +1043 -1026
  51. data/lib/watobo/core/sid_cache.rb +98 -107
  52. data/lib/watobo/core/subscriber.rb +25 -34
  53. data/lib/watobo/defaults.rb +21 -30
  54. data/lib/watobo/external/diff/lcs.rb +0 -9
  55. data/lib/watobo/external/diff/lcs/array.rb +0 -9
  56. data/lib/watobo/external/diff/lcs/block.rb +0 -9
  57. data/lib/watobo/external/diff/lcs/callbacks.rb +0 -9
  58. data/lib/watobo/external/diff/lcs/change.rb +0 -9
  59. data/lib/watobo/external/diff/lcs/hunk.rb +0 -9
  60. data/lib/watobo/external/diff/lcs/ldiff.rb +0 -9
  61. data/lib/watobo/external/diff/lcs/string.rb +0 -9
  62. data/lib/watobo/externals.rb +6 -15
  63. data/lib/watobo/framework.rb +4 -13
  64. data/lib/watobo/framework/create_project.rb +60 -69
  65. data/lib/watobo/framework/init.rb +0 -9
  66. data/lib/watobo/framework/init_modules.rb +0 -9
  67. data/lib/watobo/framework/license_text.rb +28 -37
  68. data/lib/watobo/framework/load_chat.rb +13 -22
  69. data/lib/watobo/gui.rb +132 -123
  70. data/lib/watobo/gui/about_watobo.rb +0 -9
  71. data/lib/watobo/gui/browser_preview.rb +0 -9
  72. data/lib/watobo/gui/certificate_dialog.rb +0 -9
  73. data/lib/watobo/gui/chat_diff.rb +0 -9
  74. data/lib/watobo/gui/chatviewer_frame.rb +73 -72
  75. data/lib/watobo/gui/checkboxtree.rb +0 -9
  76. data/lib/watobo/gui/checks_policy_frame.rb +0 -9
  77. data/lib/watobo/gui/client_cert_dialog.rb +96 -87
  78. data/lib/watobo/gui/confirm_scan_dialog.rb +0 -9
  79. data/lib/watobo/gui/conversation_table.rb +158 -164
  80. data/lib/watobo/gui/conversation_table_ctrl.rb +207 -216
  81. data/lib/watobo/gui/conversation_table_ctrl2.rb +373 -382
  82. data/lib/watobo/gui/csrf_token_dialog.rb +0 -9
  83. data/lib/watobo/gui/custom_viewer.rb +374 -383
  84. data/lib/watobo/gui/dashboard.rb +296 -303
  85. data/lib/watobo/gui/define_scope_frame.rb +0 -9
  86. data/lib/watobo/gui/differ_frame.rb +215 -224
  87. data/lib/watobo/gui/edit_comment.rb +0 -9
  88. data/lib/watobo/gui/edit_scope_dialog.rb +0 -9
  89. data/lib/watobo/gui/export_dialog.rb +104 -113
  90. data/lib/watobo/gui/finding_info.rb +0 -9
  91. data/lib/watobo/gui/findings_tree.rb +210 -217
  92. data/lib/watobo/gui/full_scan_dialog.rb +0 -9
  93. data/lib/watobo/gui/fuzzer_gui.rb +1295 -1313
  94. data/lib/watobo/gui/fxsave_thread.rb +14 -0
  95. data/lib/watobo/gui/goto_url_dialog.rb +70 -79
  96. data/lib/watobo/gui/hex_viewer.rb +0 -9
  97. data/lib/watobo/gui/html_viewer.rb +287 -296
  98. data/lib/watobo/gui/intercept_filter_dialog.rb +188 -197
  99. data/lib/watobo/gui/interceptor_gui.rb +1041 -1051
  100. data/lib/watobo/gui/interceptor_settings_dialog.rb +0 -9
  101. data/lib/watobo/gui/json_viewer.rb +287 -0
  102. data/lib/watobo/gui/list_box.rb +101 -110
  103. data/lib/watobo/gui/log_file_viewer.rb +32 -41
  104. data/lib/watobo/gui/log_viewer.rb +83 -88
  105. data/lib/watobo/gui/login_wizzard.rb +0 -9
  106. data/lib/watobo/gui/main_window.rb +587 -618
  107. data/lib/watobo/gui/manual_request_editor.rb +620 -565
  108. data/lib/watobo/gui/master_pw_dialog.rb +0 -9
  109. data/lib/watobo/gui/mixins/gui_settings.rb +29 -38
  110. data/lib/watobo/gui/page_tree.rb +217 -226
  111. data/lib/watobo/gui/password_policy_dialog.rb +0 -9
  112. data/lib/watobo/gui/plugin_board.rb +0 -9
  113. data/lib/watobo/gui/preferences_dialog.rb +0 -9
  114. data/lib/watobo/gui/progress_window.rb +17 -27
  115. data/lib/watobo/gui/project_wizzard.rb +0 -9
  116. data/lib/watobo/gui/proxy_dialog.rb +1 -10
  117. data/lib/watobo/gui/quick_scan_dialog.rb +0 -9
  118. data/lib/watobo/gui/request_builder_frame.rb +102 -111
  119. data/lib/watobo/gui/request_editor.rb +181 -137
  120. data/lib/watobo/gui/rewrite_filters_dialog.rb +394 -403
  121. data/lib/watobo/gui/rewrite_rules_dialog.rb +372 -381
  122. data/lib/watobo/gui/save_chat_dialog.rb +140 -149
  123. data/lib/watobo/gui/scanner_settings_dialog.rb +0 -9
  124. data/lib/watobo/gui/select_chat_dialog.rb +0 -9
  125. data/lib/watobo/gui/session_management_dialog.rb +0 -9
  126. data/lib/watobo/gui/sites_tree.rb +0 -9
  127. data/lib/watobo/gui/status_bar.rb +0 -9
  128. data/lib/watobo/gui/table_editor.rb +0 -9
  129. data/lib/watobo/gui/tagless_viewer.rb +0 -9
  130. data/lib/watobo/gui/templates/plugin.rb +0 -9
  131. data/lib/watobo/gui/templates/plugin2.rb +92 -100
  132. data/lib/watobo/gui/templates/plugin_base.rb +144 -153
  133. data/lib/watobo/gui/text_viewer.rb +0 -9
  134. data/lib/watobo/gui/transcoder_window.rb +0 -9
  135. data/lib/watobo/gui/utils/gui_utils.rb +0 -9
  136. data/lib/watobo/gui/utils/init_icons.rb +86 -95
  137. data/lib/watobo/gui/utils/load_icons.rb +33 -42
  138. data/lib/watobo/gui/utils/load_plugins.rb +116 -119
  139. data/lib/watobo/gui/utils/master_password.rb +68 -77
  140. data/lib/watobo/gui/utils/save_default_settings.rb +113 -122
  141. data/lib/watobo/gui/utils/save_project_settings.rb +0 -9
  142. data/lib/watobo/gui/utils/save_proxy_settings.rb +41 -50
  143. data/lib/watobo/gui/utils/save_scanner_settings.rb +18 -27
  144. data/lib/watobo/gui/utils/session_history.rb +112 -121
  145. data/lib/watobo/gui/workspace_dialog.rb +0 -9
  146. data/lib/watobo/gui/www_auth_dialog.rb +0 -9
  147. data/lib/watobo/gui/xml_viewer_frame.rb +0 -9
  148. data/lib/watobo/http.rb +4 -13
  149. data/lib/watobo/http/cookies/cookies.rb +26 -35
  150. data/lib/watobo/http/data/data.rb +45 -54
  151. data/lib/watobo/http/data/json.rb +47 -55
  152. data/lib/watobo/http/url/url.rb +38 -47
  153. data/lib/watobo/http/xml/xml.rb +124 -130
  154. data/lib/watobo/interceptor.rb +3 -12
  155. data/lib/watobo/interceptor/proxy.rb +742 -739
  156. data/lib/watobo/interceptor/transparent.rb +22 -24
  157. data/lib/watobo/mixins.rb +10 -19
  158. data/lib/watobo/mixins/check_info.rb +27 -36
  159. data/lib/watobo/mixins/httpparser.rb +613 -637
  160. data/lib/watobo/mixins/request_parser.rb +88 -97
  161. data/lib/watobo/mixins/shapers.rb +515 -529
  162. data/lib/watobo/mixins/transcoders.rb +3 -11
  163. data/lib/watobo/parser.rb +1 -10
  164. data/lib/watobo/parser/html.rb +83 -92
  165. data/lib/watobo/patch_fxruby_setfocus.rb +26 -0
  166. data/lib/watobo/sockets.rb +3 -12
  167. data/lib/watobo/sockets/agent.rb +828 -837
  168. data/lib/watobo/sockets/client_socket.rb +308 -312
  169. data/lib/watobo/sockets/connection.rb +401 -410
  170. data/lib/watobo/sockets/http_socket.rb +11 -13
  171. data/lib/watobo/sockets/ntlm_auth.rb +129 -138
  172. data/lib/watobo/utils.rb +10 -19
  173. data/lib/watobo/utils/check_regex.rb +0 -9
  174. data/lib/watobo/utils/copy_object.rb +0 -9
  175. data/lib/watobo/utils/crypto.rb +0 -9
  176. data/lib/watobo/utils/expand_range.rb +23 -32
  177. data/lib/watobo/utils/export_xml.rb +97 -106
  178. data/lib/watobo/utils/file_management.rb +9 -11
  179. data/lib/watobo/utils/hexprint.rb +9 -18
  180. data/lib/watobo/utils/load_chat.rb +0 -9
  181. data/lib/watobo/utils/load_icon.rb +0 -9
  182. data/lib/watobo/utils/ntlm.rb +866 -875
  183. data/lib/watobo/utils/print_debug.rb +12 -21
  184. data/lib/watobo/utils/response_builder.rb +90 -99
  185. data/lib/watobo/utils/response_hash.rb +0 -9
  186. data/lib/watobo/utils/secure_eval.rb +0 -9
  187. data/lib/watobo/utils/strings.rb +10 -19
  188. data/lib/watobo/utils/text2request.rb +0 -9
  189. data/lib/watobo/utils/url.rb +23 -32
  190. data/lib/watobo/utils/utf16.rb +11 -20
  191. data/modules/active/Apache/mod_status.rb +0 -9
  192. data/modules/active/Apache/multiview.rb +151 -160
  193. data/modules/active/Flash/crossdomain.rb +0 -9
  194. data/modules/active/JWT/jwt_oauth2_none.rb +111 -0
  195. data/modules/active/cq5/cq5_default_selectors.rb +106 -115
  196. data/modules/active/cq5/cqp_user_enumeration.rb +125 -134
  197. data/modules/active/directories/dirwalker.rb +0 -9
  198. data/modules/active/discovery/fileextensions.rb +0 -9
  199. data/modules/active/discovery/http_methods.rb +0 -9
  200. data/modules/active/discovery/jsmapfiles.rb +79 -0
  201. data/modules/active/domino/domino_db.rb +68 -76
  202. data/modules/active/dotNET/custom_errors.rb +102 -111
  203. data/modules/active/dotNET/dotnet_files.rb +90 -99
  204. data/modules/active/fileinclusion/lfi_simple.rb +0 -9
  205. data/modules/active/jboss/jboss_basic.rb +0 -9
  206. data/modules/active/sap/business_objects.rb +51 -60
  207. data/modules/active/sap/its_commands.rb +0 -9
  208. data/modules/active/sap/its_service_parameter.rb +0 -9
  209. data/modules/active/sap/its_services.rb +0 -9
  210. data/modules/active/sap/its_xss.rb +0 -9
  211. data/modules/active/shell_shock/shell_shock.rb +139 -148
  212. data/modules/active/siebel/siebel_apps.rb +160 -169
  213. data/modules/active/sqlinjection/sql_boolean.rb +0 -9
  214. data/modules/active/sqlinjection/sql_numerical.rb +198 -0
  215. data/modules/active/sqlinjection/sqli_error.rb +0 -9
  216. data/modules/active/sqlinjection/sqli_timing.rb +220 -229
  217. data/modules/active/struts2/default_handler_ognl.rb +106 -115
  218. data/modules/active/struts2/include_params_ognl.rb +105 -114
  219. data/modules/active/xml/xml_xxe.rb +112 -123
  220. data/modules/active/xss/xss_ng.rb +214 -223
  221. data/modules/active/xss/xss_simple.rb +0 -9
  222. data/modules/passive/ajax.rb +68 -77
  223. data/modules/passive/autocomplete.rb +56 -65
  224. data/modules/passive/cookie_options.rb +0 -9
  225. data/modules/passive/cookie_xss.rb +0 -9
  226. data/modules/passive/detect_code.rb +0 -9
  227. data/modules/passive/detect_fileupload.rb +0 -9
  228. data/modules/passive/detect_infrastructure.rb +0 -9
  229. data/modules/passive/detect_one_time_tokens.rb +0 -9
  230. data/modules/passive/dirindexing.rb +0 -9
  231. data/modules/passive/disclosure_domino.rb +55 -64
  232. data/modules/passive/disclosure_emails.rb +0 -9
  233. data/modules/passive/disclosure_ipaddr.rb +55 -53
  234. data/modules/passive/filename_as_parameter.rb +0 -9
  235. data/modules/passive/form_spotter.rb +0 -9
  236. data/modules/passive/hidden_fields.rb +50 -59
  237. data/modules/passive/hotspots.rb +0 -9
  238. data/modules/passive/in_script_parameter.rb +0 -9
  239. data/modules/passive/json_web_token.rb +93 -0
  240. data/modules/passive/multiple_server_headers.rb +0 -9
  241. data/modules/passive/possible_login.rb +0 -9
  242. data/modules/passive/redirect_url.rb +0 -9
  243. data/modules/passive/redirectionz.rb +0 -9
  244. data/modules/passive/sap-headers.rb +56 -65
  245. data/modules/passive/xss_dom.rb +0 -9
  246. data/plugins/aem/aem.rb +11 -20
  247. data/plugins/aem/gui/main.rb +118 -127
  248. data/plugins/aem/gui/tree_view.rb +171 -180
  249. data/plugins/aem/lib/agent.rb +130 -138
  250. data/plugins/aem/lib/dispatcher.rb +45 -51
  251. data/plugins/aem/lib/engine.rb +177 -186
  252. data/plugins/catalog/catalog.rb +345 -355
  253. data/plugins/crawler/crawler.rb +4 -13
  254. data/plugins/crawler/gui.rb +5 -14
  255. data/plugins/crawler/gui/auth_frame.rb +270 -279
  256. data/plugins/crawler/gui/crawler_gui.rb +271 -276
  257. data/plugins/crawler/gui/general_settings_frame.rb +96 -105
  258. data/plugins/crawler/gui/hooks_frame.rb +80 -89
  259. data/plugins/crawler/gui/scope_frame.rb +50 -59
  260. data/plugins/crawler/gui/settings_tabbook.rb +38 -47
  261. data/plugins/crawler/gui/status_frame.rb +59 -68
  262. data/plugins/crawler/lib/bags.rb +18 -27
  263. data/plugins/crawler/lib/constants.rb +11 -20
  264. data/plugins/crawler/lib/engine.rb +488 -497
  265. data/plugins/crawler/lib/grabber.rb +68 -77
  266. data/plugins/crawler/lib/status.rb +71 -80
  267. data/plugins/crawler/lib/uri_mp.rb +12 -21
  268. data/plugins/filefinder/filefinder.rb +326 -333
  269. data/plugins/sqlmap/bin/test.rb +78 -87
  270. data/plugins/sqlmap/gui.rb +4 -13
  271. data/plugins/sqlmap/gui/main.rb +218 -227
  272. data/plugins/sqlmap/gui/options_frame.rb +97 -106
  273. data/plugins/sqlmap/lib/sqlmap_ctrl.rb +90 -100
  274. data/plugins/sqlmap/sqlmap.rb +2 -11
  275. data/plugins/sslchecker/cli/sslchecker_cli.rb +0 -9
  276. data/plugins/sslchecker/gui/cipher_table.rb +246 -254
  277. data/plugins/sslchecker/gui/gui.rb +258 -264
  278. data/plugins/sslchecker/gui/sslchecker.rb +4 -13
  279. data/plugins/sslchecker/lib/check.rb +127 -133
  280. data/plugins/wshell/gui/main.rb +119 -117
  281. data/plugins/wshell/lib/core.rb +38 -88
  282. data/plugins/wshell/wshell.rb +11 -20
  283. metadata +170 -164
@@ -1,90 +1,81 @@
1
- #.
2
- # test.rb
3
- #.
4
- # Copyright 2014 by siberas, http://www.siberas.de
5
- # This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
6
- # WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
7
- # WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8
- # You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
1
+ inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..","..", "lib"))
2
+ $: << inc_path
3
+
4
+ require 'watobo'
5
+ require 'fox16'
6
+
7
+ include Fox
9
8
 
10
- inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..","..", "lib"))
11
- $: << inc_path
12
-
13
- require 'watobo'
14
- require 'fox16'
15
-
16
- include Fox
17
-
18
9
  # @private
19
- module Watobo#:nodoc: all
20
- module Gui
21
- @application = FXApp.new('SQLmap', 'Plugin Test')
22
-
23
- %w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
24
- f = File.join("watobo","gui","utils", l)
25
- puts "SQLMap >> Loading #{f}"
26
- require f
27
-
28
- end
29
-
30
- require 'watobo/gui/utils/init_icons'
31
-
32
- gui_path = File.expand_path(File.join(File.dirname(__FILE__),"..", "..", "..", "lib","watobo", "gui"))
33
-
34
- Dir.glob("#{gui_path}/*.rb").each do |cf|
35
- next if File.basename(cf) == 'main_window.rb' # skip main_window here, because it must be loaded last
36
- f = File.join("watobo","gui", File.basename(cf))
37
- puts "Loading >> #{f}"
38
- require f
39
- end
40
-
41
- puts "Loading plugin templates ..."
42
- require 'watobo/gui/templates/plugin'
43
- require 'watobo/gui/templates/plugin2'
44
-
45
-
46
- require File.join(File.expand_path(File.dirname(__FILE__)), "..","sqlmap")
47
-
48
- gui_path = File.join(File.expand_path(File.dirname(__FILE__)),"..", "gui")
49
- puts "="
50
-
51
- %w( main options_frame).each do |l|
52
- puts "Loading >> #{l}"
53
- require File.join(gui_path, l + ".rb")
54
- end
55
-
56
- class TestGui < FXMainWindow
57
-
58
- def initialize(app)
59
- # Call base class initializer first
60
- super(app, "Test Application", :width => 800, :height => 600)
61
- frame = FXVerticalFrame.new(self, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
62
-
63
- button = FXButton.new(frame, "Open Plugin",:opts => FRAME_THICK|FRAME_RAISED|LAYOUT_FILL_X|LAYOUT_TOP|LAYOUT_LEFT,:padLeft => 10, :padRight => 10, :padTop => 5, :padBottom => 5)
64
- button.connect(SEL_COMMAND) {
65
- dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
66
- if dlg.execute != 0
67
- puts dlg.to_h.to_yaml
68
- end
69
- }
70
- end
71
- # Create and show the main window
72
- def create
73
- super # Create the windows
74
- show(PLACEMENT_SCREEN) # Make the main window appear
75
- dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
76
- #dlg.set_tab_index 2
77
- #prefs = { :form_auth_url => "http://www.google.com" }
78
- #dlg.settings.auth.set prefs
79
-
80
- if dlg.execute != 0
81
- puts dlg.details.to_yaml
82
- end
83
- end
84
- end
85
- # application = FXApp.new('LayoutTester', 'FoxTest')
86
- TestGui.new(@application)
87
- @application.create
88
- @application.run
89
- end
10
+ module Watobo#:nodoc: all
11
+ module Gui
12
+ @application = FXApp.new('SQLmap', 'Plugin Test')
13
+
14
+ %w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
15
+ f = File.join("watobo","gui","utils", l)
16
+ puts "SQLMap >> Loading #{f}"
17
+ require f
18
+
19
+ end
20
+
21
+ require 'watobo/gui/utils/init_icons'
22
+
23
+ gui_path = File.expand_path(File.join(File.dirname(__FILE__),"..", "..", "..", "lib","watobo", "gui"))
24
+
25
+ Dir.glob("#{gui_path}/*.rb").each do |cf|
26
+ next if File.basename(cf) == 'main_window.rb' # skip main_window here, because it must be loaded last
27
+ f = File.join("watobo","gui", File.basename(cf))
28
+ puts "Loading >> #{f}"
29
+ require f
30
+ end
31
+
32
+ puts "Loading plugin templates ..."
33
+ require 'watobo/gui/templates/plugin'
34
+ require 'watobo/gui/templates/plugin2'
35
+
36
+
37
+ require File.join(File.expand_path(File.dirname(__FILE__)), "..","sqlmap")
38
+
39
+ gui_path = File.join(File.expand_path(File.dirname(__FILE__)),"..", "gui")
40
+ puts "="
41
+
42
+ %w( main options_frame).each do |l|
43
+ puts "Loading >> #{l}"
44
+ require File.join(gui_path, l + ".rb")
45
+ end
46
+
47
+ class TestGui < FXMainWindow
48
+
49
+ def initialize(app)
50
+ # Call base class initializer first
51
+ super(app, "Test Application", :width => 800, :height => 600)
52
+ frame = FXVerticalFrame.new(self, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
53
+
54
+ button = FXButton.new(frame, "Open Plugin",:opts => FRAME_THICK|FRAME_RAISED|LAYOUT_FILL_X|LAYOUT_TOP|LAYOUT_LEFT,:padLeft => 10, :padRight => 10, :padTop => 5, :padBottom => 5)
55
+ button.connect(SEL_COMMAND) {
56
+ dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
57
+ if dlg.execute != 0
58
+ puts dlg.to_h.to_yaml
59
+ end
60
+ }
61
+ end
62
+ # Create and show the main window
63
+ def create
64
+ super # Create the windows
65
+ show(PLACEMENT_SCREEN) # Make the main window appear
66
+ dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
67
+ #dlg.set_tab_index 2
68
+ #prefs = { :form_auth_url => "http://www.google.com" }
69
+ #dlg.settings.auth.set prefs
70
+
71
+ if dlg.execute != 0
72
+ puts dlg.details.to_yaml
73
+ end
74
+ end
75
+ end
76
+ # application = FXApp.new('LayoutTester', 'FoxTest')
77
+ TestGui.new(@application)
78
+ @application.create
79
+ @application.run
80
+ end
90
81
  end
@@ -1,14 +1,5 @@
1
- #.
2
- # gui.rb
3
- #.
4
- # Copyright 2014 by siberas, http://www.siberas.de
5
- # This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
6
- # WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
7
- # WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8
- # You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
1
+ require_relative 'sqlmap'
9
2
 
10
- require_relative 'sqlmap'
11
-
12
- %w( main options_frame ).each do |l|
13
- require_relative File.join('gui', l )
14
- end
3
+ %w( main options_frame ).each do |l|
4
+ require_relative File.join('gui', l )
5
+ end
@@ -1,228 +1,219 @@
1
- #.
2
- # main.rb
3
- #.
4
- # Copyright 2014 by siberas, http://www.siberas.de
5
- # This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
6
- # WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
7
- # WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
8
- # You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
9
-
10
1
  # @private
11
- module Watobo#:nodoc: all
12
- module Plugin
13
- class Sqlmap
14
- class SettingsTabBook < FXTabBook
15
- attr :general
16
- def initialize(owner)
17
- #@tab = FXTabBook.new(self, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
18
- super(owner, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
19
- FXTabItem.new(self, "General", nil)
20
- @general = OptionsFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
21
-
22
- # FXTabItem.new(self, "Advanced", nil)
23
- # frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
24
- # FXTabItem.new(self, "Log", nil)
25
- # frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_THICK|FRAME_RAISED)
26
- # @log_viewer = Watobo::Gui::LogViewer.new(frame, :append, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN)
27
- end
28
- end
29
-
30
- class Gui < Watobo::Plugin2
31
- icon_file "sqlmap.ico"
32
-
33
- include Watobo::Constants
34
- include Responder
35
- # include Watobo::Plugin::Crawler::Constants
36
- def updateView
37
-
38
- end
39
-
40
- def initialize(owner, project=nil, chat=nil)
41
- super(owner, "SQLMap", project, :opts => DECOR_ALL, :width=>800, :height=>600)
42
- @plugin_name = "SQLMap"
43
-
44
- FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
45
-
46
- main = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
47
- matrix = FXMatrix.new(main, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X)
48
- FXLabel.new(matrix, "sqlmap path:")
49
- # frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
50
- # FXLabel.new(frame, "http://")
51
- @binary_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
52
- bin_path = Watobo::Plugin::Sqlmap.binary_path
53
- bin_path ="not defined" if bin_path.empty?
54
- @binary_path_txt.text = bin_path
55
-
56
- @change_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
57
- @change_btn.enable
58
-
59
- @change_btn.connect(SEL_COMMAND){
60
- open_path = nil
61
- unless @binary_path_txt.text.empty?
62
- dir_name = File.dirname(@binary_path_txt.text)
63
- unless dir_name.empty?
64
- open_path = dir_name unless File.exist? dir_name
65
- end
66
- end
67
- bin_path_old = @binary_path_txt.text
68
- bin_path = FXFileDialog.getOpenFilename(self, "Select SQLmap Path", open_path)
69
- unless bin_path.empty?
70
- @binary_path_txt.text = bin_path
71
- else
72
- @binary_path_txt.text = bin_path_old
73
-
74
- end
75
- if File.exist? @binary_path_txt.text
76
- Watobo::Plugin::Sqlmap.set_binary_path bin_path
77
- @accept_btn.enable
78
- else
79
- Watobo::Plugin::Sqlmap.set_binary_path ''
80
- @accept_btn.disable
81
- end
82
- }
83
-
84
- FXLabel.new(matrix, "temp directory:")
85
- # frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
86
- # FXLabel.new(frame, "http://")
87
- @output_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
88
- @output_path_txt.text = Watobo::Plugin::Sqlmap.tmp_dir
89
-
90
- @output_path_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
91
- @output_path_btn.enable
92
-
93
- @output_path_btn.connect(SEL_COMMAND){
94
- output_path = FXFileDialog.getOpenDirectory(self, "Select Temp Directory", Watobo::Plugin::Sqlmap.tmp_dir)
95
-
96
- #puts ">> #{output_path}"
97
- unless output_path.empty?
98
- @output_path_txt.text = output_path
99
- Watobo::Plugin::Sqlmap.set_tmp_dir output_path
100
- end
101
- }
102
-
103
- @settings_tab = SettingsTabBook.new(main)
104
-
105
- unless chat.nil?
106
- @settings_tab.general.request = chat.request
107
- end
108
-
109
- # @log_viewer = @settings_tabbook.log_viewer
110
-
111
- buttons = FXHorizontalFrame.new(main, :opts => LAYOUT_SIDE_BOTTOM|LAYOUT_FILL_X|PACK_UNIFORM_WIDTH,
112
- :padLeft => 40, :padRight => 40, :padTop => 20, :padBottom => 20)
113
- @accept_btn = FXButton.new(buttons, "&Start", nil, self, ID_ACCEPT,
114
- FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
115
- @accept_btn.disable
116
- @accept_btn.enable unless Watobo::Plugin::Sqlmap.binary_path.empty?
117
- # Cancel
118
- FXButton.new(buttons, "&Cancel", nil, self, ID_CANCEL,
119
- FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
120
- # Configuration Categories
121
- # =
122
- # Request
123
- # Optimization
124
- # Detection
125
- # Techniques
126
- # Fingerprint
127
- # Enumeration
128
-
129
-
130
-
131
- @accept_btn.disable if @settings_tab.general.request.empty?
132
- @settings_tab.general.subscribe(:request_changed){
133
- if @settings_tab.general.request.empty?
134
- @accept_btn.disable
135
- else
136
- @accept_btn.enable
137
- end
138
- }
139
- end
140
-
141
- private
142
-
143
- def create_request_file
144
- fname = "sqlmap_" + Time.now.to_i.to_s + ".req"
145
- begin
146
- file = File.join(@output_path_txt.text, fname)
147
- File.open(file, "w"){ |fh|
148
- fh.puts @settings_tab.general.request
149
- }
150
- return file
151
- rescue => bang
152
- puts bang
153
- puts bang.backtrace
154
- return nil
155
- end
156
- end
157
-
158
- def sqlmap_command(file)
159
- sqlmap = []
160
-
161
- sqlmap << @binary_path_txt.text
162
- sqlmap << "-r #{file}"
163
- sqlmap << "--level #{@settings_tab.general.level}"
164
- sqlmap << "--risk #{@settings_tab.general.risk}"
165
- sqlmap << "--technique #{@settings_tab.general.technique}"
166
- sqlmap << @settings_tab.general.manual_options
167
-
168
- sqlmap_cmd = sqlmap.join(" ")
169
- end
170
-
171
- def linux_command(file)
172
- # /usr/bin/xterm -hold -e "script -c \"ls -alh\" test234.out"
173
- xterm_bin = "/usr/bin/xterm"
174
- return false unless File.exist? xterm_bin
175
- command = "cd #{@output_path_txt.text} && #{xterm_bin} -hold -e \""
176
- script_cmd = "#{sqlmap_command(file)}"
177
- command << script_cmd
178
- command << '"'
179
- puts command
180
- command
181
- end
182
-
183
- def win_command(file)
184
- # start "sqlmap" /WAIT /D c:\tools dir
185
- command = ""
186
-
187
- out_file = file.gsub(/\.req/, ".out")
188
- start_path = "#{@output_path_txt.text}"
189
- start_path.gsub!(/\//,'\\')
190
-
191
- script_cmd = "start \"SQLmap\" /D #{start_path} /WAIT cmd.exe /k \"#{sqlmap_command(file)}\""
192
- command << script_cmd
193
- command << '"'
194
- puts command
195
- command
196
- end
197
-
198
- def run_sqlmap(file)
199
- command = case RUBY_PLATFORM
200
- when /linux|bsd|solaris|hpux|darwin/
201
- linux_command file
202
- when /mswin|mingw|bccwin/
203
- win_command file
204
- end
205
- Thread.new(command){ |cmd|
206
- system(cmd)
207
- }
208
-
209
- end
210
-
211
- def onAccept(sender, sel, event)
212
- if @settings_tab.general.request.empty?
213
- puts "No Request Defined!"
214
- end
215
-
216
- rf = create_request_file
217
- puts "Start SQLMap with file #{rf}"
218
- run_sqlmap(rf)
219
- #getApp().stopModal(self, 1)
220
- #self.hide()
221
- #return 1
222
-
223
- end
224
-
225
- end
226
- end
227
- end
228
- end
2
+ module Watobo#:nodoc: all
3
+ module Plugin
4
+ class Sqlmap
5
+ class SettingsTabBook < FXTabBook
6
+ attr :general
7
+ def initialize(owner)
8
+ #@tab = FXTabBook.new(self, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
9
+ super(owner, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
10
+ FXTabItem.new(self, "General", nil)
11
+ @general = OptionsFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
12
+
13
+ # FXTabItem.new(self, "Advanced", nil)
14
+ # frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
15
+ # FXTabItem.new(self, "Log", nil)
16
+ # frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_THICK|FRAME_RAISED)
17
+ # @log_viewer = Watobo::Gui::LogViewer.new(frame, :append, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN)
18
+ end
19
+ end
20
+
21
+ class Gui < Watobo::Plugin2
22
+ icon_file "sqlmap.ico"
23
+
24
+ include Watobo::Constants
25
+ include Responder
26
+ # include Watobo::Plugin::Crawler::Constants
27
+ def updateView
28
+
29
+ end
30
+
31
+ def initialize(owner, project=nil, chat=nil)
32
+ super(owner, "SQLMap", project, :opts => DECOR_ALL, :width=>800, :height=>600)
33
+ @plugin_name = "SQLMap"
34
+
35
+ FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
36
+
37
+ main = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
38
+ matrix = FXMatrix.new(main, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X)
39
+ FXLabel.new(matrix, "sqlmap path:")
40
+ # frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
41
+ # FXLabel.new(frame, "http://")
42
+ @binary_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
43
+ bin_path = Watobo::Plugin::Sqlmap.binary_path
44
+ bin_path ="not defined" if bin_path.empty?
45
+ @binary_path_txt.text = bin_path
46
+
47
+ @change_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
48
+ @change_btn.enable
49
+
50
+ @change_btn.connect(SEL_COMMAND){
51
+ open_path = nil
52
+ unless @binary_path_txt.text.empty?
53
+ dir_name = File.dirname(@binary_path_txt.text)
54
+ unless dir_name.empty?
55
+ open_path = dir_name unless File.exist? dir_name
56
+ end
57
+ end
58
+ bin_path_old = @binary_path_txt.text
59
+ bin_path = FXFileDialog.getOpenFilename(self, "Select SQLmap Path", open_path)
60
+ unless bin_path.empty?
61
+ @binary_path_txt.text = bin_path
62
+ else
63
+ @binary_path_txt.text = bin_path_old
64
+
65
+ end
66
+ if File.exist? @binary_path_txt.text
67
+ Watobo::Plugin::Sqlmap.set_binary_path bin_path
68
+ @accept_btn.enable
69
+ else
70
+ Watobo::Plugin::Sqlmap.set_binary_path ''
71
+ @accept_btn.disable
72
+ end
73
+ }
74
+
75
+ FXLabel.new(matrix, "temp directory:")
76
+ # frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
77
+ # FXLabel.new(frame, "http://")
78
+ @output_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
79
+ @output_path_txt.text = Watobo::Plugin::Sqlmap.tmp_dir
80
+
81
+ @output_path_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
82
+ @output_path_btn.enable
83
+
84
+ @output_path_btn.connect(SEL_COMMAND){
85
+ output_path = FXFileDialog.getOpenDirectory(self, "Select Temp Directory", Watobo::Plugin::Sqlmap.tmp_dir)
86
+
87
+ #puts ">> #{output_path}"
88
+ unless output_path.empty?
89
+ @output_path_txt.text = output_path
90
+ Watobo::Plugin::Sqlmap.set_tmp_dir output_path
91
+ end
92
+ }
93
+
94
+ @settings_tab = SettingsTabBook.new(main)
95
+
96
+ unless chat.nil?
97
+ @settings_tab.general.request = chat.request
98
+ end
99
+
100
+ # @log_viewer = @settings_tabbook.log_viewer
101
+
102
+ buttons = FXHorizontalFrame.new(main, :opts => LAYOUT_SIDE_BOTTOM|LAYOUT_FILL_X|PACK_UNIFORM_WIDTH,
103
+ :padLeft => 40, :padRight => 40, :padTop => 20, :padBottom => 20)
104
+ @accept_btn = FXButton.new(buttons, "&Start", nil, self, ID_ACCEPT,
105
+ FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
106
+ @accept_btn.disable
107
+ @accept_btn.enable unless Watobo::Plugin::Sqlmap.binary_path.empty?
108
+ # Cancel
109
+ FXButton.new(buttons, "&Cancel", nil, self, ID_CANCEL,
110
+ FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
111
+ # Configuration Categories
112
+ # =
113
+ # Request
114
+ # Optimization
115
+ # Detection
116
+ # Techniques
117
+ # Fingerprint
118
+ # Enumeration
119
+
120
+
121
+
122
+ @accept_btn.disable if @settings_tab.general.request.empty?
123
+ @settings_tab.general.subscribe(:request_changed){
124
+ if @settings_tab.general.request.empty?
125
+ @accept_btn.disable
126
+ else
127
+ @accept_btn.enable
128
+ end
129
+ }
130
+ end
131
+
132
+ private
133
+
134
+ def create_request_file
135
+ fname = "sqlmap_" + Time.now.to_i.to_s + ".req"
136
+ begin
137
+ file = File.join(@output_path_txt.text, fname)
138
+ File.open(file, "w"){ |fh|
139
+ fh.puts @settings_tab.general.request
140
+ }
141
+ return file
142
+ rescue => bang
143
+ puts bang
144
+ puts bang.backtrace
145
+ return nil
146
+ end
147
+ end
148
+
149
+ def sqlmap_command(file)
150
+ sqlmap = []
151
+
152
+ sqlmap << @binary_path_txt.text
153
+ sqlmap << "-r #{file}"
154
+ sqlmap << "--level #{@settings_tab.general.level}"
155
+ sqlmap << "--risk #{@settings_tab.general.risk}"
156
+ sqlmap << "--technique #{@settings_tab.general.technique}"
157
+ sqlmap << @settings_tab.general.manual_options
158
+
159
+ sqlmap_cmd = sqlmap.join(" ")
160
+ end
161
+
162
+ def linux_command(file)
163
+ # /usr/bin/xterm -hold -e "script -c \"ls -alh\" test234.out"
164
+ xterm_bin = "/usr/bin/xterm"
165
+ return false unless File.exist? xterm_bin
166
+ command = "cd #{@output_path_txt.text} && #{xterm_bin} -hold -e \""
167
+ script_cmd = "#{sqlmap_command(file)}"
168
+ command << script_cmd
169
+ command << '"'
170
+ puts command
171
+ command
172
+ end
173
+
174
+ def win_command(file)
175
+ # start "sqlmap" /WAIT /D c:\tools dir
176
+ command = ""
177
+
178
+ out_file = file.gsub(/\.req/, ".out")
179
+ start_path = "#{@output_path_txt.text}"
180
+ start_path.gsub!(/\//,'\\')
181
+
182
+ script_cmd = "start \"SQLmap\" /D #{start_path} /WAIT cmd.exe /k \"#{sqlmap_command(file)}\""
183
+ command << script_cmd
184
+ command << '"'
185
+ puts command
186
+ command
187
+ end
188
+
189
+ def run_sqlmap(file)
190
+ command = case RUBY_PLATFORM
191
+ when /linux|bsd|solaris|hpux|darwin/
192
+ linux_command file
193
+ when /mswin|mingw|bccwin/
194
+ win_command file
195
+ end
196
+ Thread.new(command){ |cmd|
197
+ system(cmd)
198
+ }
199
+
200
+ end
201
+
202
+ def onAccept(sender, sel, event)
203
+ if @settings_tab.general.request.empty?
204
+ puts "No Request Defined!"
205
+ end
206
+
207
+ rf = create_request_file
208
+ puts "Start SQLMap with file #{rf}"
209
+ run_sqlmap(rf)
210
+ #getApp().stopModal(self, 1)
211
+ #self.hide()
212
+ #return 1
213
+
214
+ end
215
+
216
+ end
217
+ end
218
+ end
219
+ end