watobo 0.9.9.pre3 → 0.9.9

data/plugins/catalog/db_variables

@@ -1,29 +1,2 @@
-#VERSION,2.004
-# $Id: db_variables 660 2011-06-14 13:19:52Z sullo $ 
-#######################################################################
-# Source: http://cirt.net
-# This file may only be distributed and used with the full Nikto package.
-# This file may not be used with any software product without written permission from CIRT, Inc.
-# (c) 2007 CIRT, Inc., All Rights Reserved.
-#
-# NOTE: By sending any database updates to CIRT, Inc., it is assumed that you
-# grant CIRT, Inc., the unlimited, non-exclusive right to reuse, modify and relicense the changes.
-#######################################################################
-# Notes:
-# Variables which will be used as replacements for values in the scan_database.db and user_scan_database.db files. 
-# Any values to be replaced must start with the @ character, such as: @CGIDIRS.
-# 
-# User defined variables should be set in config.txt as this file may be over-written during updates.
-#######################################################################
-@CGIDIRS=/cgi.cgi/ /webcgi/ /cgi-914/ /cgi-915/ /bin/ /cgi/ /mpcgi/ /cgi-bin/ /ows-bin/ /cgi-sys/ /cgi-local/ /htbin/ /cgibin/ /cgis/ /scripts/ /cgi-win/ /fcgi-bin/ /cgi-exe/ /cgi-home/ /cgi-perl/ /scgi-bin/
-@NUKE=/ /postnuke/ /postnuke/html/ /modules/ /phpBB/ /forum/
-@MUTATEDIRS=/....../ /members/ /porn/ /restricted/ /xxx/
-@MUTATEFILES=xxx.htm xxx.html porn.htm porn.html
-@ADMIN=/admin/ /adm/ /administrator/
-@USERS=adm bin daemon ftp guest listen lp mysql noaccess nobody nobody4 nuucp operator root smmsp smtp sshd sys test unknown uucp web www
-@PASSWORDDIRS=/ /admin/ /clients/ /pass/ /password/ /passwords/ /store/ /users/ /access/ /members/ /private/ /ccbill/ /dmr/ /mastergate/ /dmr/ /epoch/ /netbilling/ /webcash/ /wwwjoin/ /etc/security/
-@PASSWORDFILES=admins clients pass password passwords passwd passwd.adjunct store users .htpasswd .passwd
-@PHPMYADMIN=/3rdparty/phpMyAdmin/ /phpMyAdmin/ /3rdparty/phpmyadmin/ /phpmyadmin/ /pma/
-@HTTPFOUND=200 301 302 403
-@FCKEDITOR=/FCKeditor/ /Script/fckeditor/ /sites/all/modules/fckeditor/fckeditor/ /modules/fckeditor/fckeditor/ /class/fckeditor/ /inc/fckeditor/ /sites/all/libraries/fckeditor/
-@CRYSTALREPORTS=/ /CrystalReports/ /crystal/ /businessobjects/ /crystal/enterprise10/ /crystal/Enterprise10/ePortfolio/en/
+# You can define some global variables here
+# e.g., @php_extension = php php4 php5

data/plugins/crawler/gui/auth_frame.rb

@@ -123,7 +123,8 @@ module Watobo
               {
                 :auth_type => :basic,
                 :username => @basic_auth_user_txt.text,
-                :password => @basic_auth_passwd_txt.text
+                :password => @basic_auth_passwd_txt.text,
+                :retype => @basic_auth_retype_txt.text
                 #  :uri => URI.parse
               }
             when 2
@@ -180,9 +181,9 @@ module Watobo
             FXLabel.new(frame, "Username:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
             @basic_auth_user_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
             FXLabel.new(frame, "Password:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
-            @basic_auth_passwd_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
+            @basic_auth_passwd_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
             FXLabel.new(frame, "Retype:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
-            @basic_auth_retype_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
+            @basic_auth_retype_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
 
             form_auth_frame = FXVerticalFrame.new(@switcher, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_NONE)
             frame = FXHorizontalFrame.new(form_auth_frame, :opts => LAYOUT_FILL_X|FRAME_NONE)
@@ -202,6 +203,9 @@ module Watobo
               @no_auth_rb.handle(self, FXSEL(SEL_UPDATE, 0), nil)
               @switcher.current = @auth_type_dt.value
             }
+            
+            @basic_auth_passwd_txt.connect(SEL_CHANGED){ password_check }
+             @basic_auth_retype_txt.connect(SEL_CHANGED){ password_check }
 
             @fetch_button.connect(SEL_COMMAND){
               begin
@@ -248,6 +252,14 @@ module Watobo
           end
 
           private
+          
+          def password_check
+              unless @basic_auth_passwd_txt.text == @basic_auth_retype_txt.text
+              @basic_auth_retype_txt.backColor = FXColor::Red
+              else
+                @basic_auth_retype_txt.backColor = FXColor::Green
+            end
+          end
 
           def notify(event, *args)
             if @event_dispatcher_listeners[event]

data/plugins/crawler/gui/crawler_gui.rb

@@ -22,6 +22,8 @@
 module Watobo
   module Plugin
     module Crawler
+      
+      
       def self.start_url
         @start_url ||= nil
       end
@@ -44,6 +46,10 @@ module Watobo
       end
 
       class Gui < Watobo::Plugin2
+        
+        class PasswordMatchError < StandardError; end
+        class UsernameError < StandardError; end
+        
         icon_file "crawler.ico"
 
         include Watobo::Constants
@@ -188,6 +194,12 @@ module Watobo
           case auth[:auth_type]
           when :basic
             auth[:auth_uri] = start_url
+            unless auth[:password] == auth[:retype]
+               raise PasswordMatchError, "Passwords Don't Match!" 
+            end
+            if auth[:username].empty?
+              raise UsernameError, "Username is empty!"
+            end
           when :form
             if auth.has_key? :form
               begin
@@ -242,6 +254,8 @@ module Watobo
 
         def start
           return false unless url_valid?
+          
+          begin
 
           prefs ={}
           prefs.update auth_settings
@@ -258,6 +272,16 @@ module Watobo
 
           @start_button.text = 'Cancel'
           add_update_timer()
+          
+          rescue PasswordMatchError
+            #puts "Passwords Don't Match!"   
+            FXMessageBox.information(self,MBOX_OK,"Password Error", "The provided passwords don't match!")
+          rescue UsernameError
+            #puts "Passwords Don't Match!"   
+            FXMessageBox.information(self,MBOX_OK,"Username Error", "Need a valid username.")
+            rescue => bang
+            puts bang         
+          end
         end
 
       end

data/plugins/crawler/gui/hooks_frame.rb

@@ -38,6 +38,10 @@ module Watobo
            
             hook
           end
+          
+          def selected
+            @pre_txt.setFocus()
+          end
 
           def pre_conn_valid?
             return false if pre_conn_code.empty?
@@ -86,8 +90,9 @@ module Watobo
             @pre_txt = FXText.new(txt_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_WORDWRAP)
             FXLabel.new(frame, "}")
             @pre_txt.setText("")
-            @pre_txt.setFocus()
-           # @pre_txt.setDefault()
+            # cannot set the focus here because of a crash on ubuntu systems
+            # https://bugs.launchpad.net/ubuntu/+source/fox1.6/+bug/887038
+            #  @pre_txt.setFocus()
           end
 
         end

data/plugins/crawler/gui/settings_tabbook.rb

@@ -48,6 +48,10 @@ module Watobo
             FXTabItem.new(self, "Log", nil)
             frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_THICK|FRAME_RAISED)
             @log_viewer = Watobo::Gui::LogViewer.new(frame, :append, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN)
+            
+            self.connect(SEL_COMMAND){
+              @hooks.selected if self.current == 3
+            }
           end
         end
       end

data/plugins/crawler/gui.rb

@@ -35,7 +35,7 @@ if $0 == __FILE__
   %w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
   f = File.join("watobo","gui","utils", l)
   require f
-  puts "Loading #{f}"
+  #puts "Loading #{f}"
 end
 
 require 'watobo/gui/utils/init_icons'
@@ -54,7 +54,7 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "crawler")
 gui_path = File.join(File.expand_path(File.dirname(__FILE__)), "gui")
 
 %w( crawler_gui settings_tabbook general_settings_frame status_frame hooks_frame auth_frame scope_frame ).each do |l|
-  puts "Loading >> #{l}"
+  #puts "Loading >> #{l}"
   require File.join(gui_path, l + ".rb")
 end
  
@@ -107,7 +107,7 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "crawler")
 
 gui_path = File.join(File.expand_path(File.dirname(__FILE__)), "gui")
 %w( crawler_gui settings_tabbook general_settings_frame status_frame hooks_frame auth_frame scope_frame ).each do |l|
- puts "Loading >> #{l}"
+ #puts "Loading >> #{l}"
   require File.join(gui_path, l + ".rb")
 end
 

data/plugins/crawler/lib/engine.rb

@@ -40,7 +40,7 @@ module Watobo
              user = opts[:username]
              pw = opts[:password]
              uri = opts[:auth_uri]
-            #puts "Got Credentials for #{uri}: #{user} / #{pw}" 
+           # puts "Got Credentials for #{uri}: #{user} / #{pw}" 
             self.add_auth(uri, user , pw )
             # TODO: remove this workaround for a Mechanize Bug (#243)
             p = self.get uri

data/plugins/filefinder/filefinder.rb

@@ -139,13 +139,15 @@ module Watobo
           
           if @project then
             @sites_combo.appendItem("no site selected", nil)
-            @project.listSites(:in_scope => @scope_only_cb.checked? ).each do |site|
+            @project.listSites(:in_scope => Watobo.project.has_scope? ).each do |site|
               #puts "Site: #{site}"
               @sites_combo.appendItem(site.slice(0..35), site)
             end
             @sites_combo.setCurrentItem(0) if @sites_combo.numItems > 0
             ci = @sites_combo.currentItem
             site = ( ci >= 0 ) ? @sites_combo.getItemData(ci) : nil
+             @sites_combo.numVisible = @sites_combo.numItems
+            @sites_combo.numColumns = 35
             
             if site
               @dir_combo.enable
@@ -216,9 +218,9 @@ module Watobo
             log_text_frame = FXVerticalFrame.new(result_frame, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_THICK, :padding=>0)
             @request_editor = RequestEditor.new(log_text_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
             
-              @scope_only_cb = FXCheckButton.new(@settings_frame, "target scope only", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
-            @scope_only_cb.setCheck(false)
-            @scope_only_cb.connect(SEL_COMMAND) { updateView() }
+           #   @scope_only_cb = FXCheckButton.new(@settings_frame, "target scope only", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
+           # @scope_only_cb.setCheck(false)
+           # @scope_only_cb.connect(SEL_COMMAND) { updateView() }
             
             FXLabel.new(@settings_frame, "Select Site:")
             @sites_combo = FXComboBox.new(@settings_frame, 5, nil, 0,
@@ -278,7 +280,17 @@ module Watobo
             
             #   @run_passive_checks = FXCheckButton.new(@settings_frame, "run passive checks", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
             #   @run_passive_checks.setCheck(false)
+            gbox = FXGroupBox.new(@settings_frame, "Extensions", LAYOUT_SIDE_LEFT|FRAME_GROOVE|LAYOUT_FILL_X|LAYOUT_FILL_Y, 0, 0, 0, 150)
+            gbframe = FXVerticalFrame.new(gbox, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_THICK, :padding => 0)
+            @extensions_text = FXText.new(gbframe, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_WORDWRAP)
+            ext = "bak;php;asp;aspx;tgz;tar.gz;gz;tmp;temp;old;_"
+         #   fxtext.backColor = fxtext.parent.backColor
+         #   fxtext.disable
+         #   text = "FileFinder allows you to search easily for specific files, e.g. files you have uploaded.\nIf you want to search for multiple files you can also use a db-file, "
+         #   text << "which is a plain text file - each filename on one line."
             
+            @extensions_text.setText(ext)
+             
             
             @pbar = FXProgressBar.new(@settings_frame, nil, 0, LAYOUT_FILL_X|FRAME_SUNKEN|FRAME_THICK|PROGRESSBAR_HORIZONTAL)
             @pbar.progress = 0
@@ -293,17 +305,7 @@ module Watobo
             @start_button.disable
             
             
-            gbox = FXGroupBox.new(@settings_frame, "Extensions", LAYOUT_SIDE_LEFT|FRAME_GROOVE|LAYOUT_FILL_X|LAYOUT_FILL_Y, 0, 0, 0, 150)
-            gbframe = FXVerticalFrame.new(gbox, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
-            @extensions_text = FXText.new(gbframe, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_WORDWRAP)
-            ext = "bak;php;asp;aspx;tgz;tar.gz;gz;tmp;temp;old;_"
-         #   fxtext.backColor = fxtext.parent.backColor
-         #   fxtext.disable
-         #   text = "FileFinder allows you to search easily for specific files, e.g. files you have uploaded.\nIf you want to search for multiple files you can also use a db-file, "
-         #   text << "which is a plain text file - each filename on one line."
-            
-            @extensions_text.setText(ext)
-            
+           
             
             
             log_frame_header = FXHorizontalFrame.new(log_frame, :opts => LAYOUT_FILL_X)
@@ -322,11 +324,13 @@ module Watobo
         end
         
         def create
-          @log_viewer.purge
+          super
+          
+          @log_viewer.purge_logs
           @request_editor.setText('')
           @requestCombo.clearItems()
           @start_button.text = "Start"
-          super                  # Create the windows
+                   # Create the windows
           show(PLACEMENT_SCREEN) # Make the main window appear
           disableOptions()
         end

data/plugins/sqlmap/bin/test.rb

@@ -0,0 +1,100 @@
+# .
+# test.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+  inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..","..", "lib"))
+  $: << inc_path
+ 
+  require 'watobo'
+  require 'fox16'
+  
+  include Fox
+
+  module Watobo
+    module Gui
+    @application = FXApp.new('SQLmap', 'Plugin Test')  
+ 
+  %w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
+  f = File.join("watobo","gui","utils", l)
+  require f
+  puts "Loading #{f}"
+end
+
+require 'watobo/gui/utils/init_icons'
+
+gui_path = File.expand_path(File.join(File.dirname(__FILE__),"..", "..", "..", "lib","watobo", "gui"))
+
+Dir.glob("#{gui_path}/*.rb").each do |cf|
+  next if File.basename(cf) == 'main_window.rb' # skip main_window here, because it must be loaded last
+  f = File.join("watobo","gui", File.basename(cf))
+  puts "Loading >> #{f}"
+  require f
+end
+
+puts "Loading plugin templates ..."
+require 'watobo/gui/templates/plugin'
+require 'watobo/gui/templates/plugin2'
+
+
+require File.join(File.expand_path(File.dirname(__FILE__)), "..","sqlmap")
+
+gui_path = File.join(File.expand_path(File.dirname(__FILE__)),"..", "gui")
+puts "="
+
+%w( main options_frame).each do |l|
+  puts "Loading >> #{l}"
+  require File.join(gui_path, l + ".rb")
+end
+
+class TestGui < FXMainWindow
+    
+def initialize(app)
+# Call base class initializer first
+super(app, "Test Application", :width => 800, :height => 600)
+frame = FXVerticalFrame.new(self, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
+     
+button = FXButton.new(frame, "Open Plugin",:opts => FRAME_THICK|FRAME_RAISED|LAYOUT_FILL_X|LAYOUT_TOP|LAYOUT_LEFT,:padLeft => 10, :padRight => 10, :padTop => 5, :padBottom => 5)
+button.connect(SEL_COMMAND) {
+  dlg = Watobo::Plugin::Sqlmap::Gui.new(self)  
+  if dlg.execute != 0
+    puts dlg.to_h.to_yaml
+  end  
+}
+end
+    # Create and show the main window
+def create
+    super                  # Create the windows
+    show(PLACEMENT_SCREEN) # Make the main window appear
+    dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
+    #dlg.set_tab_index 2
+    #prefs = { :form_auth_url => "http://www.google.com" }
+    #dlg.settings.auth.set prefs
+      
+    if dlg.execute != 0
+        puts dlg.details.to_yaml
+    end  
+    end
+  end
+#  application = FXApp.new('LayoutTester', 'FoxTest')  
+  TestGui.new(@application)
+  @application.create
+  @application.run
+    end
+end 

data/plugins/sqlmap/gui/main.rb

@@ -0,0 +1,227 @@
+# .
+# main.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Plugin
+    class Sqlmap
+      class SettingsTabBook < FXTabBook
+        attr :general
+        def initialize(owner)
+          #@tab = FXTabBook.new(self, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
+          super(owner, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
+          FXTabItem.new(self, "General", nil)
+          @general = OptionsFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
+
+        #   FXTabItem.new(self, "Advanced", nil)
+        #   frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
+        #   FXTabItem.new(self, "Log", nil)
+        #   frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_THICK|FRAME_RAISED)
+        #   @log_viewer = Watobo::Gui::LogViewer.new(frame, :append, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN)
+        end
+      end
+
+      class Gui < Watobo::Plugin2
+        icon_file "sqlmap.ico"
+
+        include Watobo::Constants
+        include Responder
+        #  include Watobo::Plugin::Crawler::Constants
+        def updateView
+
+        end
+
+        def initialize(owner, project=nil, chat=nil)
+          super(owner, "SQLMap", project, :opts => DECOR_ALL, :width=>800, :height=>600)
+          @plugin_name = "SQLMap"
+
+          FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
+          
+          main = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
+          matrix = FXMatrix.new(main, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X)
+          FXLabel.new(matrix, "sqlmap path:")
+          # frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
+          #  FXLabel.new(frame, "http://")
+          @binary_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
+          bin_path = Watobo::Plugin::Sqlmap.binary_path
+          bin_path ="not defined" if bin_path.empty?
+          @binary_path_txt.text = bin_path
+
+          @change_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
+          @change_btn.enable
+
+          @change_btn.connect(SEL_COMMAND){
+            @bin_path = nil
+            bin_path = FXFileDialog.getOpenFilename(self, "Select SQLmap Path", @bin_path)
+            unless bin_path.empty?
+              @binary_path_txt.text = bin_path
+              Watobo::Plugin::Sqlmap.set_binary_path bin_path
+              @accept_btn.enable
+            else
+              @accept_btn.disable
+              @binary_path_txt.text = "not defined"
+            end
+          }
+
+          FXLabel.new(matrix, "temp directory:")
+          # frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
+          #  FXLabel.new(frame, "http://")
+          @output_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
+          @output_path_txt.text = Watobo::Plugin::Sqlmap.tmp_dir
+
+          @output_path_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
+          @output_path_btn.enable
+
+          @output_path_btn.connect(SEL_COMMAND){
+            output_path = FXFileDialog.getOpenDirectory(self, "Select Temp Directory", Watobo::Plugin::Sqlmap.tmp_dir)
+
+            #puts ">> #{output_path}"
+            unless output_path.empty?
+            @output_path_txt.text = output_path
+            Watobo::Plugin::Sqlmap.set_tmp_dir output_path
+            end
+          }
+
+          @settings_tab = SettingsTabBook.new(main)
+
+          unless chat.nil?
+          @settings_tab.general.request = chat.request
+          end
+
+          # @log_viewer = @settings_tabbook.log_viewer
+
+          buttons = FXHorizontalFrame.new(main, :opts => LAYOUT_SIDE_BOTTOM|LAYOUT_FILL_X|PACK_UNIFORM_WIDTH,
+          :padLeft => 40, :padRight => 40, :padTop => 20, :padBottom => 20)
+          @accept_btn = FXButton.new(buttons, "&Start", nil, self, ID_ACCEPT,
+          FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
+          @accept_btn.disable
+          @accept_btn.enable unless Watobo::Plugin::Sqlmap.binary_path.empty?
+          # Cancel
+          FXButton.new(buttons, "&Cancel", nil, self, ID_CANCEL,
+          FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
+        # Configuration Categories
+        # =
+        # Request
+        # Optimization
+        # Detection
+        # Techniques
+        # Fingerprint
+        # Enumeration
+        
+        
+            
+            @accept_btn.disable if @settings_tab.general.request.empty?
+            @settings_tab.general.subscribe(:request_changed){
+              if @settings_tab.general.request.empty?
+                @accept_btn.disable 
+              else
+                @accept_btn.enable
+              end
+            }
+        end
+
+        private
+
+        def create_request_file
+          fname = "sqlmap_" + Time.now.to_i.to_s + ".req"
+          begin
+            file = File.join(@output_path_txt.text, fname)
+            File.open(file, "w"){ |fh|
+              fh.puts @settings_tab.general.request
+            }
+            return file
+          rescue => bang
+            puts bang
+            puts bang.backtrace
+            return nil
+          end
+        end
+
+        def sqlmap_command(file)
+          sqlmap = []
+
+          sqlmap << @binary_path_txt.text
+          sqlmap << "-r #{file}"
+          sqlmap << "--level #{@settings_tab.general.level}"
+          sqlmap << "--risk #{@settings_tab.general.risk}"
+          sqlmap << "--technique #{@settings_tab.general.technique}"
+          sqlmap << @settings_tab.general.manual_options
+
+          sqlmap_cmd = sqlmap.join(" ")
+        end
+
+        def linux_command(file)
+          # /usr/bin/xterm -hold -e "script -c \"ls -alh\" test234.out"
+          xterm_bin = "/usr/bin/xterm"
+          return false unless File.exist? xterm_bin
+          command = "cd #{@output_path_txt.text} && #{xterm_bin} -hold -e \""
+          script_cmd = "#{sqlmap_command(file)}"
+          command << script_cmd
+          command << '"'
+          puts command
+          command
+        end
+        
+        def win_command(file)
+        # start "sqlmap" /WAIT /D c:\tools dir
+          command = ""
+
+          out_file = file.gsub(/\.req/, ".out")
+          start_path = "#{@output_path_txt.text}"
+          start_path.gsub!(/\//,'\\')
+          
+          script_cmd = "start \"SQLmap\" /D #{start_path} /WAIT cmd.exe /k \"#{sqlmap_command(file)}\""
+          command << script_cmd
+          command << '"'
+          puts command
+          command
+        end
+
+        def run_sqlmap(file)
+          command = case RUBY_PLATFORM
+          when /linux|bsd|solaris|hpux|darwin/
+            linux_command file
+          when /mswin|mingw|bccwin/
+            win_command file
+          end
+          Thread.new(command){ |cmd|
+            system(cmd)
+          }
+
+        end
+
+        def onAccept(sender, sel, event)
+          if @settings_tab.general.request.empty?
+            puts "No Request Defined!"
+          end
+
+          rf = create_request_file
+          puts "Start SQLMap with file #{rf}"
+          run_sqlmap(rf)
+        #getApp().stopModal(self, 1)
+        #self.hide()
+        #return 1
+
+        end
+
+      end
+    end
+  end
+end