watobo 0.9.9.pre3 → 0.9.9
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +24 -0
- data/CHANGELOG +17 -7
- data/README +4 -60
- data/bin/nfq_server.rb +191 -0
- data/config/interceptor.yml +2 -6
- data/lib/watobo/adapters/data_store.rb +1 -1
- data/lib/watobo/adapters/file/file_store.rb +50 -33
- data/lib/watobo/ca.rb +22 -0
- data/lib/watobo/config.rb +6 -0
- data/lib/watobo/core/ca.rb +411 -0
- data/lib/watobo/core/cert_store.rb +56 -0
- data/lib/watobo/core/forwarding_proxy.rb +38 -0
- data/lib/watobo/core/http_socket.rb +18 -0
- data/lib/watobo/core/intercept_carver.rb +179 -0
- data/lib/watobo/core/intercept_filter.rb +257 -0
- data/lib/watobo/core/interceptor.rb +342 -79
- data/lib/watobo/core/netfilter_queue.rb +191 -0
- data/lib/watobo/core/project.rb +84 -138
- data/lib/watobo/core/proxy.rb +61 -0
- data/lib/watobo/core/request.rb +40 -0
- data/lib/watobo/core/response.rb +30 -0
- data/lib/watobo/core/scanner.rb +64 -58
- data/lib/watobo/core/session.rb +70 -77
- data/lib/watobo/core.rb +1 -1
- data/lib/watobo/framework/create_project.rb +25 -10
- data/lib/watobo/framework/init.rb +13 -0
- data/lib/watobo/gui/browser_preview.rb +5 -4
- data/lib/watobo/gui/checks_policy_frame.rb +1 -0
- data/lib/watobo/gui/client_cert_dialog.rb +11 -6
- data/lib/watobo/gui/conversation_table.rb +7 -4
- data/lib/watobo/gui/fuzzer_gui.rb +9 -11
- data/lib/watobo/gui/intercept_filter_dialog.rb +210 -0
- data/lib/watobo/gui/interceptor_gui.rb +59 -21
- data/lib/watobo/gui/interceptor_settings_dialog.rb +39 -5
- data/lib/watobo/gui/list_box.rb +2 -1
- data/lib/watobo/gui/log_viewer.rb +79 -5
- data/lib/watobo/gui/main_window.rb +159 -113
- data/lib/watobo/gui/manual_request_editor.rb +11 -5
- data/lib/watobo/gui/mixins/subscriber.rb +47 -0
- data/lib/watobo/gui/project_wizzard.rb +3 -3
- data/lib/watobo/gui/proxy_dialog.rb +17 -18
- data/lib/watobo/gui/request_editor.rb +1 -1
- data/lib/watobo/gui/rewrite_filters_dialog.rb +416 -0
- data/lib/watobo/gui/rewrite_rules_dialog.rb +394 -0
- data/lib/watobo/gui/scanner_settings_dialog.rb +9 -6
- data/lib/watobo/gui/session_management_dialog.rb +33 -23
- data/lib/watobo/gui/sites_tree.rb +5 -6
- data/lib/watobo/gui/status_bar.rb +101 -49
- data/lib/watobo/gui/table_editor.rb +1 -1
- data/lib/watobo/gui/templates/plugin2.rb +23 -27
- data/lib/watobo/gui/utils/save_default_settings.rb +9 -9
- data/lib/watobo/gui/utils/save_proxy_settings.rb +25 -9
- data/lib/watobo/gui/utils/save_scanner_settings.rb +10 -7
- data/lib/watobo/gui/utils/session_history.rb +1 -1
- data/lib/watobo/gui/www_auth_dialog.rb +25 -21
- data/lib/watobo/gui.rb +3 -1
- data/lib/watobo/mixins/httpparser.rb +47 -40
- data/lib/watobo/mixins/request_parser.rb +126 -41
- data/lib/watobo/mixins/shapers.rb +124 -15
- data/lib/watobo/utils/hexprint.rb +31 -0
- data/lib/watobo/utils/load_chat.rb +2 -0
- data/lib/watobo/utils/response_builder.rb +111 -0
- data/lib/watobo.rb +4 -1
- data/modules/active/discovery/http_methods.rb +6 -4
- data/modules/active/fileinclusion/lfi_simple.rb +3 -3
- data/modules/active/sqlinjection/sqli_timing.rb +6 -6
- data/modules/passive/redirectionz.rb +5 -6
- data/plugins/catalog/catalog.rb +240 -56
- data/plugins/catalog/db_tests +1 -6483
- data/plugins/catalog/db_variables +2 -29
- data/plugins/crawler/gui/auth_frame.rb +15 -3
- data/plugins/crawler/gui/crawler_gui.rb +24 -0
- data/plugins/crawler/gui/hooks_frame.rb +7 -2
- data/plugins/crawler/gui/settings_tabbook.rb +4 -0
- data/plugins/crawler/gui.rb +3 -3
- data/plugins/crawler/lib/engine.rb +1 -1
- data/plugins/filefinder/filefinder.rb +21 -17
- data/plugins/sqlmap/bin/test.rb +100 -0
- data/plugins/sqlmap/gui/main.rb +227 -0
- data/plugins/sqlmap/gui/options_frame.rb +119 -0
- data/plugins/sqlmap/gui.rb +27 -0
- data/plugins/sqlmap/icons/sqlmap.ico +0 -0
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +116 -0
- data/plugins/sqlmap/sqlmap.rb +26 -0
- data/plugins/sslchecker/gui/gui.rb +45 -30
- metadata +32 -9
- data/certificates/cert.pem +0 -19
- data/certificates/privkey.pem +0 -15
- data/certificates/watobo_dh.key +0 -5
- data/lib/watobo/core/simple_ca.rb +0 -393
@@ -1,29 +1,2 @@
|
|
1
|
-
#
|
2
|
-
#
|
3
|
-
#######################################################################
|
4
|
-
# Source: http://cirt.net
|
5
|
-
# This file may only be distributed and used with the full Nikto package.
|
6
|
-
# This file may not be used with any software product without written permission from CIRT, Inc.
|
7
|
-
# (c) 2007 CIRT, Inc., All Rights Reserved.
|
8
|
-
#
|
9
|
-
# NOTE: By sending any database updates to CIRT, Inc., it is assumed that you
|
10
|
-
# grant CIRT, Inc., the unlimited, non-exclusive right to reuse, modify and relicense the changes.
|
11
|
-
#######################################################################
|
12
|
-
# Notes:
|
13
|
-
# Variables which will be used as replacements for values in the scan_database.db and user_scan_database.db files.
|
14
|
-
# Any values to be replaced must start with the @ character, such as: @CGIDIRS.
|
15
|
-
#
|
16
|
-
# User defined variables should be set in config.txt as this file may be over-written during updates.
|
17
|
-
#######################################################################
|
18
|
-
@CGIDIRS=/cgi.cgi/ /webcgi/ /cgi-914/ /cgi-915/ /bin/ /cgi/ /mpcgi/ /cgi-bin/ /ows-bin/ /cgi-sys/ /cgi-local/ /htbin/ /cgibin/ /cgis/ /scripts/ /cgi-win/ /fcgi-bin/ /cgi-exe/ /cgi-home/ /cgi-perl/ /scgi-bin/
|
19
|
-
@NUKE=/ /postnuke/ /postnuke/html/ /modules/ /phpBB/ /forum/
|
20
|
-
@MUTATEDIRS=/....../ /members/ /porn/ /restricted/ /xxx/
|
21
|
-
@MUTATEFILES=xxx.htm xxx.html porn.htm porn.html
|
22
|
-
@ADMIN=/admin/ /adm/ /administrator/
|
23
|
-
@USERS=adm bin daemon ftp guest listen lp mysql noaccess nobody nobody4 nuucp operator root smmsp smtp sshd sys test unknown uucp web www
|
24
|
-
@PASSWORDDIRS=/ /admin/ /clients/ /pass/ /password/ /passwords/ /store/ /users/ /access/ /members/ /private/ /ccbill/ /dmr/ /mastergate/ /dmr/ /epoch/ /netbilling/ /webcash/ /wwwjoin/ /etc/security/
|
25
|
-
@PASSWORDFILES=admins clients pass password passwords passwd passwd.adjunct store users .htpasswd .passwd
|
26
|
-
@PHPMYADMIN=/3rdparty/phpMyAdmin/ /phpMyAdmin/ /3rdparty/phpmyadmin/ /phpmyadmin/ /pma/
|
27
|
-
@HTTPFOUND=200 301 302 403
|
28
|
-
@FCKEDITOR=/FCKeditor/ /Script/fckeditor/ /sites/all/modules/fckeditor/fckeditor/ /modules/fckeditor/fckeditor/ /class/fckeditor/ /inc/fckeditor/ /sites/all/libraries/fckeditor/
|
29
|
-
@CRYSTALREPORTS=/ /CrystalReports/ /crystal/ /businessobjects/ /crystal/enterprise10/ /crystal/Enterprise10/ePortfolio/en/
|
1
|
+
# You can define some global variables here
|
2
|
+
# e.g., @php_extension = php php4 php5
|
@@ -123,7 +123,8 @@ module Watobo
|
|
123
123
|
{
|
124
124
|
:auth_type => :basic,
|
125
125
|
:username => @basic_auth_user_txt.text,
|
126
|
-
:password => @basic_auth_passwd_txt.text
|
126
|
+
:password => @basic_auth_passwd_txt.text,
|
127
|
+
:retype => @basic_auth_retype_txt.text
|
127
128
|
# :uri => URI.parse
|
128
129
|
}
|
129
130
|
when 2
|
@@ -180,9 +181,9 @@ module Watobo
|
|
180
181
|
FXLabel.new(frame, "Username:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
181
182
|
@basic_auth_user_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
182
183
|
FXLabel.new(frame, "Password:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
183
|
-
@basic_auth_passwd_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
184
|
+
@basic_auth_passwd_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
184
185
|
FXLabel.new(frame, "Retype:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
185
|
-
@basic_auth_retype_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT)
|
186
|
+
@basic_auth_retype_txt = FXTextField.new(frame, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|TEXTFIELD_PASSWD)
|
186
187
|
|
187
188
|
form_auth_frame = FXVerticalFrame.new(@switcher, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_NONE)
|
188
189
|
frame = FXHorizontalFrame.new(form_auth_frame, :opts => LAYOUT_FILL_X|FRAME_NONE)
|
@@ -202,6 +203,9 @@ module Watobo
|
|
202
203
|
@no_auth_rb.handle(self, FXSEL(SEL_UPDATE, 0), nil)
|
203
204
|
@switcher.current = @auth_type_dt.value
|
204
205
|
}
|
206
|
+
|
207
|
+
@basic_auth_passwd_txt.connect(SEL_CHANGED){ password_check }
|
208
|
+
@basic_auth_retype_txt.connect(SEL_CHANGED){ password_check }
|
205
209
|
|
206
210
|
@fetch_button.connect(SEL_COMMAND){
|
207
211
|
begin
|
@@ -248,6 +252,14 @@ module Watobo
|
|
248
252
|
end
|
249
253
|
|
250
254
|
private
|
255
|
+
|
256
|
+
def password_check
|
257
|
+
unless @basic_auth_passwd_txt.text == @basic_auth_retype_txt.text
|
258
|
+
@basic_auth_retype_txt.backColor = FXColor::Red
|
259
|
+
else
|
260
|
+
@basic_auth_retype_txt.backColor = FXColor::Green
|
261
|
+
end
|
262
|
+
end
|
251
263
|
|
252
264
|
def notify(event, *args)
|
253
265
|
if @event_dispatcher_listeners[event]
|
@@ -22,6 +22,8 @@
|
|
22
22
|
module Watobo
|
23
23
|
module Plugin
|
24
24
|
module Crawler
|
25
|
+
|
26
|
+
|
25
27
|
def self.start_url
|
26
28
|
@start_url ||= nil
|
27
29
|
end
|
@@ -44,6 +46,10 @@ module Watobo
|
|
44
46
|
end
|
45
47
|
|
46
48
|
class Gui < Watobo::Plugin2
|
49
|
+
|
50
|
+
class PasswordMatchError < StandardError; end
|
51
|
+
class UsernameError < StandardError; end
|
52
|
+
|
47
53
|
icon_file "crawler.ico"
|
48
54
|
|
49
55
|
include Watobo::Constants
|
@@ -188,6 +194,12 @@ module Watobo
|
|
188
194
|
case auth[:auth_type]
|
189
195
|
when :basic
|
190
196
|
auth[:auth_uri] = start_url
|
197
|
+
unless auth[:password] == auth[:retype]
|
198
|
+
raise PasswordMatchError, "Passwords Don't Match!"
|
199
|
+
end
|
200
|
+
if auth[:username].empty?
|
201
|
+
raise UsernameError, "Username is empty!"
|
202
|
+
end
|
191
203
|
when :form
|
192
204
|
if auth.has_key? :form
|
193
205
|
begin
|
@@ -242,6 +254,8 @@ module Watobo
|
|
242
254
|
|
243
255
|
def start
|
244
256
|
return false unless url_valid?
|
257
|
+
|
258
|
+
begin
|
245
259
|
|
246
260
|
prefs ={}
|
247
261
|
prefs.update auth_settings
|
@@ -258,6 +272,16 @@ module Watobo
|
|
258
272
|
|
259
273
|
@start_button.text = 'Cancel'
|
260
274
|
add_update_timer()
|
275
|
+
|
276
|
+
rescue PasswordMatchError
|
277
|
+
#puts "Passwords Don't Match!"
|
278
|
+
FXMessageBox.information(self,MBOX_OK,"Password Error", "The provided passwords don't match!")
|
279
|
+
rescue UsernameError
|
280
|
+
#puts "Passwords Don't Match!"
|
281
|
+
FXMessageBox.information(self,MBOX_OK,"Username Error", "Need a valid username.")
|
282
|
+
rescue => bang
|
283
|
+
puts bang
|
284
|
+
end
|
261
285
|
end
|
262
286
|
|
263
287
|
end
|
@@ -38,6 +38,10 @@ module Watobo
|
|
38
38
|
|
39
39
|
hook
|
40
40
|
end
|
41
|
+
|
42
|
+
def selected
|
43
|
+
@pre_txt.setFocus()
|
44
|
+
end
|
41
45
|
|
42
46
|
def pre_conn_valid?
|
43
47
|
return false if pre_conn_code.empty?
|
@@ -86,8 +90,9 @@ module Watobo
|
|
86
90
|
@pre_txt = FXText.new(txt_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_WORDWRAP)
|
87
91
|
FXLabel.new(frame, "}")
|
88
92
|
@pre_txt.setText("")
|
89
|
-
|
90
|
-
|
93
|
+
# cannot set the focus here because of a crash on ubuntu systems
|
94
|
+
# https://bugs.launchpad.net/ubuntu/+source/fox1.6/+bug/887038
|
95
|
+
# @pre_txt.setFocus()
|
91
96
|
end
|
92
97
|
|
93
98
|
end
|
@@ -48,6 +48,10 @@ module Watobo
|
|
48
48
|
FXTabItem.new(self, "Log", nil)
|
49
49
|
frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_THICK|FRAME_RAISED)
|
50
50
|
@log_viewer = Watobo::Gui::LogViewer.new(frame, :append, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN)
|
51
|
+
|
52
|
+
self.connect(SEL_COMMAND){
|
53
|
+
@hooks.selected if self.current == 3
|
54
|
+
}
|
51
55
|
end
|
52
56
|
end
|
53
57
|
end
|
data/plugins/crawler/gui.rb
CHANGED
@@ -35,7 +35,7 @@ if $0 == __FILE__
|
|
35
35
|
%w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
|
36
36
|
f = File.join("watobo","gui","utils", l)
|
37
37
|
require f
|
38
|
-
puts "Loading #{f}"
|
38
|
+
#puts "Loading #{f}"
|
39
39
|
end
|
40
40
|
|
41
41
|
require 'watobo/gui/utils/init_icons'
|
@@ -54,7 +54,7 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "crawler")
|
|
54
54
|
gui_path = File.join(File.expand_path(File.dirname(__FILE__)), "gui")
|
55
55
|
|
56
56
|
%w( crawler_gui settings_tabbook general_settings_frame status_frame hooks_frame auth_frame scope_frame ).each do |l|
|
57
|
-
puts "Loading >> #{l}"
|
57
|
+
#puts "Loading >> #{l}"
|
58
58
|
require File.join(gui_path, l + ".rb")
|
59
59
|
end
|
60
60
|
|
@@ -107,7 +107,7 @@ require File.join(File.expand_path(File.dirname(__FILE__)), "crawler")
|
|
107
107
|
|
108
108
|
gui_path = File.join(File.expand_path(File.dirname(__FILE__)), "gui")
|
109
109
|
%w( crawler_gui settings_tabbook general_settings_frame status_frame hooks_frame auth_frame scope_frame ).each do |l|
|
110
|
-
puts "Loading >> #{l}"
|
110
|
+
#puts "Loading >> #{l}"
|
111
111
|
require File.join(gui_path, l + ".rb")
|
112
112
|
end
|
113
113
|
|
@@ -40,7 +40,7 @@ module Watobo
|
|
40
40
|
user = opts[:username]
|
41
41
|
pw = opts[:password]
|
42
42
|
uri = opts[:auth_uri]
|
43
|
-
|
43
|
+
# puts "Got Credentials for #{uri}: #{user} / #{pw}"
|
44
44
|
self.add_auth(uri, user , pw )
|
45
45
|
# TODO: remove this workaround for a Mechanize Bug (#243)
|
46
46
|
p = self.get uri
|
@@ -139,13 +139,15 @@ module Watobo
|
|
139
139
|
|
140
140
|
if @project then
|
141
141
|
@sites_combo.appendItem("no site selected", nil)
|
142
|
-
@project.listSites(:in_scope =>
|
142
|
+
@project.listSites(:in_scope => Watobo.project.has_scope? ).each do |site|
|
143
143
|
#puts "Site: #{site}"
|
144
144
|
@sites_combo.appendItem(site.slice(0..35), site)
|
145
145
|
end
|
146
146
|
@sites_combo.setCurrentItem(0) if @sites_combo.numItems > 0
|
147
147
|
ci = @sites_combo.currentItem
|
148
148
|
site = ( ci >= 0 ) ? @sites_combo.getItemData(ci) : nil
|
149
|
+
@sites_combo.numVisible = @sites_combo.numItems
|
150
|
+
@sites_combo.numColumns = 35
|
149
151
|
|
150
152
|
if site
|
151
153
|
@dir_combo.enable
|
@@ -216,9 +218,9 @@ module Watobo
|
|
216
218
|
log_text_frame = FXVerticalFrame.new(result_frame, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_THICK, :padding=>0)
|
217
219
|
@request_editor = RequestEditor.new(log_text_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
218
220
|
|
219
|
-
|
220
|
-
|
221
|
-
|
221
|
+
# @scope_only_cb = FXCheckButton.new(@settings_frame, "target scope only", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
|
222
|
+
# @scope_only_cb.setCheck(false)
|
223
|
+
# @scope_only_cb.connect(SEL_COMMAND) { updateView() }
|
222
224
|
|
223
225
|
FXLabel.new(@settings_frame, "Select Site:")
|
224
226
|
@sites_combo = FXComboBox.new(@settings_frame, 5, nil, 0,
|
@@ -278,7 +280,17 @@ module Watobo
|
|
278
280
|
|
279
281
|
# @run_passive_checks = FXCheckButton.new(@settings_frame, "run passive checks", nil, 0, ICON_BEFORE_TEXT|LAYOUT_SIDE_LEFT)
|
280
282
|
# @run_passive_checks.setCheck(false)
|
283
|
+
gbox = FXGroupBox.new(@settings_frame, "Extensions", LAYOUT_SIDE_LEFT|FRAME_GROOVE|LAYOUT_FILL_X|LAYOUT_FILL_Y, 0, 0, 0, 150)
|
284
|
+
gbframe = FXVerticalFrame.new(gbox, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_THICK, :padding => 0)
|
285
|
+
@extensions_text = FXText.new(gbframe, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_WORDWRAP)
|
286
|
+
ext = "bak;php;asp;aspx;tgz;tar.gz;gz;tmp;temp;old;_"
|
287
|
+
# fxtext.backColor = fxtext.parent.backColor
|
288
|
+
# fxtext.disable
|
289
|
+
# text = "FileFinder allows you to search easily for specific files, e.g. files you have uploaded.\nIf you want to search for multiple files you can also use a db-file, "
|
290
|
+
# text << "which is a plain text file - each filename on one line."
|
281
291
|
|
292
|
+
@extensions_text.setText(ext)
|
293
|
+
|
282
294
|
|
283
295
|
@pbar = FXProgressBar.new(@settings_frame, nil, 0, LAYOUT_FILL_X|FRAME_SUNKEN|FRAME_THICK|PROGRESSBAR_HORIZONTAL)
|
284
296
|
@pbar.progress = 0
|
@@ -293,17 +305,7 @@ module Watobo
|
|
293
305
|
@start_button.disable
|
294
306
|
|
295
307
|
|
296
|
-
|
297
|
-
gbframe = FXVerticalFrame.new(gbox, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
|
298
|
-
@extensions_text = FXText.new(gbframe, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_WORDWRAP)
|
299
|
-
ext = "bak;php;asp;aspx;tgz;tar.gz;gz;tmp;temp;old;_"
|
300
|
-
# fxtext.backColor = fxtext.parent.backColor
|
301
|
-
# fxtext.disable
|
302
|
-
# text = "FileFinder allows you to search easily for specific files, e.g. files you have uploaded.\nIf you want to search for multiple files you can also use a db-file, "
|
303
|
-
# text << "which is a plain text file - each filename on one line."
|
304
|
-
|
305
|
-
@extensions_text.setText(ext)
|
306
|
-
|
308
|
+
|
307
309
|
|
308
310
|
|
309
311
|
log_frame_header = FXHorizontalFrame.new(log_frame, :opts => LAYOUT_FILL_X)
|
@@ -322,11 +324,13 @@ module Watobo
|
|
322
324
|
end
|
323
325
|
|
324
326
|
def create
|
325
|
-
|
327
|
+
super
|
328
|
+
|
329
|
+
@log_viewer.purge_logs
|
326
330
|
@request_editor.setText('')
|
327
331
|
@requestCombo.clearItems()
|
328
332
|
@start_button.text = "Start"
|
329
|
-
|
333
|
+
# Create the windows
|
330
334
|
show(PLACEMENT_SCREEN) # Make the main window appear
|
331
335
|
disableOptions()
|
332
336
|
end
|
@@ -0,0 +1,100 @@
|
|
1
|
+
# .
|
2
|
+
# test.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "..","..", "lib"))
|
23
|
+
$: << inc_path
|
24
|
+
|
25
|
+
require 'watobo'
|
26
|
+
require 'fox16'
|
27
|
+
|
28
|
+
include Fox
|
29
|
+
|
30
|
+
module Watobo
|
31
|
+
module Gui
|
32
|
+
@application = FXApp.new('SQLmap', 'Plugin Test')
|
33
|
+
|
34
|
+
%w( load_icons gui_utils load_plugins session_history save_default_settings master_password session_history save_project_settings save_proxy_settings ).each do |l|
|
35
|
+
f = File.join("watobo","gui","utils", l)
|
36
|
+
require f
|
37
|
+
puts "Loading #{f}"
|
38
|
+
end
|
39
|
+
|
40
|
+
require 'watobo/gui/utils/init_icons'
|
41
|
+
|
42
|
+
gui_path = File.expand_path(File.join(File.dirname(__FILE__),"..", "..", "..", "lib","watobo", "gui"))
|
43
|
+
|
44
|
+
Dir.glob("#{gui_path}/*.rb").each do |cf|
|
45
|
+
next if File.basename(cf) == 'main_window.rb' # skip main_window here, because it must be loaded last
|
46
|
+
f = File.join("watobo","gui", File.basename(cf))
|
47
|
+
puts "Loading >> #{f}"
|
48
|
+
require f
|
49
|
+
end
|
50
|
+
|
51
|
+
puts "Loading plugin templates ..."
|
52
|
+
require 'watobo/gui/templates/plugin'
|
53
|
+
require 'watobo/gui/templates/plugin2'
|
54
|
+
|
55
|
+
|
56
|
+
require File.join(File.expand_path(File.dirname(__FILE__)), "..","sqlmap")
|
57
|
+
|
58
|
+
gui_path = File.join(File.expand_path(File.dirname(__FILE__)),"..", "gui")
|
59
|
+
puts "="
|
60
|
+
|
61
|
+
%w( main options_frame).each do |l|
|
62
|
+
puts "Loading >> #{l}"
|
63
|
+
require File.join(gui_path, l + ".rb")
|
64
|
+
end
|
65
|
+
|
66
|
+
class TestGui < FXMainWindow
|
67
|
+
|
68
|
+
def initialize(app)
|
69
|
+
# Call base class initializer first
|
70
|
+
super(app, "Test Application", :width => 800, :height => 600)
|
71
|
+
frame = FXVerticalFrame.new(self, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
|
72
|
+
|
73
|
+
button = FXButton.new(frame, "Open Plugin",:opts => FRAME_THICK|FRAME_RAISED|LAYOUT_FILL_X|LAYOUT_TOP|LAYOUT_LEFT,:padLeft => 10, :padRight => 10, :padTop => 5, :padBottom => 5)
|
74
|
+
button.connect(SEL_COMMAND) {
|
75
|
+
dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
|
76
|
+
if dlg.execute != 0
|
77
|
+
puts dlg.to_h.to_yaml
|
78
|
+
end
|
79
|
+
}
|
80
|
+
end
|
81
|
+
# Create and show the main window
|
82
|
+
def create
|
83
|
+
super # Create the windows
|
84
|
+
show(PLACEMENT_SCREEN) # Make the main window appear
|
85
|
+
dlg = Watobo::Plugin::Sqlmap::Gui.new(self)
|
86
|
+
#dlg.set_tab_index 2
|
87
|
+
#prefs = { :form_auth_url => "http://www.google.com" }
|
88
|
+
#dlg.settings.auth.set prefs
|
89
|
+
|
90
|
+
if dlg.execute != 0
|
91
|
+
puts dlg.details.to_yaml
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
# application = FXApp.new('LayoutTester', 'FoxTest')
|
96
|
+
TestGui.new(@application)
|
97
|
+
@application.create
|
98
|
+
@application.run
|
99
|
+
end
|
100
|
+
end
|
@@ -0,0 +1,227 @@
|
|
1
|
+
# .
|
2
|
+
# main.rb
|
3
|
+
#
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
module Watobo
|
23
|
+
module Plugin
|
24
|
+
class Sqlmap
|
25
|
+
class SettingsTabBook < FXTabBook
|
26
|
+
attr :general
|
27
|
+
def initialize(owner)
|
28
|
+
#@tab = FXTabBook.new(self, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
|
29
|
+
super(owner, nil, 0, LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_RIGHT)
|
30
|
+
FXTabItem.new(self, "General", nil)
|
31
|
+
@general = OptionsFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
|
32
|
+
|
33
|
+
# FXTabItem.new(self, "Advanced", nil)
|
34
|
+
# frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_RAISED)
|
35
|
+
# FXTabItem.new(self, "Log", nil)
|
36
|
+
# frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_THICK|FRAME_RAISED)
|
37
|
+
# @log_viewer = Watobo::Gui::LogViewer.new(frame, :append, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
class Gui < Watobo::Plugin2
|
42
|
+
icon_file "sqlmap.ico"
|
43
|
+
|
44
|
+
include Watobo::Constants
|
45
|
+
include Responder
|
46
|
+
# include Watobo::Plugin::Crawler::Constants
|
47
|
+
def updateView
|
48
|
+
|
49
|
+
end
|
50
|
+
|
51
|
+
def initialize(owner, project=nil, chat=nil)
|
52
|
+
super(owner, "SQLMap", project, :opts => DECOR_ALL, :width=>800, :height=>600)
|
53
|
+
@plugin_name = "SQLMap"
|
54
|
+
|
55
|
+
FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
|
56
|
+
|
57
|
+
main = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
58
|
+
matrix = FXMatrix.new(main, 3, :opts => MATRIX_BY_COLUMNS|LAYOUT_FILL_X)
|
59
|
+
FXLabel.new(matrix, "sqlmap path:")
|
60
|
+
# frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
|
61
|
+
# FXLabel.new(frame, "http://")
|
62
|
+
@binary_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
|
63
|
+
bin_path = Watobo::Plugin::Sqlmap.binary_path
|
64
|
+
bin_path ="not defined" if bin_path.empty?
|
65
|
+
@binary_path_txt.text = bin_path
|
66
|
+
|
67
|
+
@change_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
|
68
|
+
@change_btn.enable
|
69
|
+
|
70
|
+
@change_btn.connect(SEL_COMMAND){
|
71
|
+
@bin_path = nil
|
72
|
+
bin_path = FXFileDialog.getOpenFilename(self, "Select SQLmap Path", @bin_path)
|
73
|
+
unless bin_path.empty?
|
74
|
+
@binary_path_txt.text = bin_path
|
75
|
+
Watobo::Plugin::Sqlmap.set_binary_path bin_path
|
76
|
+
@accept_btn.enable
|
77
|
+
else
|
78
|
+
@accept_btn.disable
|
79
|
+
@binary_path_txt.text = "not defined"
|
80
|
+
end
|
81
|
+
}
|
82
|
+
|
83
|
+
FXLabel.new(matrix, "temp directory:")
|
84
|
+
# frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
|
85
|
+
# FXLabel.new(frame, "http://")
|
86
|
+
@output_path_txt = FXTextField.new(matrix, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
|
87
|
+
@output_path_txt.text = Watobo::Plugin::Sqlmap.tmp_dir
|
88
|
+
|
89
|
+
@output_path_btn = FXButton.new(matrix, "...", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
|
90
|
+
@output_path_btn.enable
|
91
|
+
|
92
|
+
@output_path_btn.connect(SEL_COMMAND){
|
93
|
+
output_path = FXFileDialog.getOpenDirectory(self, "Select Temp Directory", Watobo::Plugin::Sqlmap.tmp_dir)
|
94
|
+
|
95
|
+
#puts ">> #{output_path}"
|
96
|
+
unless output_path.empty?
|
97
|
+
@output_path_txt.text = output_path
|
98
|
+
Watobo::Plugin::Sqlmap.set_tmp_dir output_path
|
99
|
+
end
|
100
|
+
}
|
101
|
+
|
102
|
+
@settings_tab = SettingsTabBook.new(main)
|
103
|
+
|
104
|
+
unless chat.nil?
|
105
|
+
@settings_tab.general.request = chat.request
|
106
|
+
end
|
107
|
+
|
108
|
+
# @log_viewer = @settings_tabbook.log_viewer
|
109
|
+
|
110
|
+
buttons = FXHorizontalFrame.new(main, :opts => LAYOUT_SIDE_BOTTOM|LAYOUT_FILL_X|PACK_UNIFORM_WIDTH,
|
111
|
+
:padLeft => 40, :padRight => 40, :padTop => 20, :padBottom => 20)
|
112
|
+
@accept_btn = FXButton.new(buttons, "&Start", nil, self, ID_ACCEPT,
|
113
|
+
FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
|
114
|
+
@accept_btn.disable
|
115
|
+
@accept_btn.enable unless Watobo::Plugin::Sqlmap.binary_path.empty?
|
116
|
+
# Cancel
|
117
|
+
FXButton.new(buttons, "&Cancel", nil, self, ID_CANCEL,
|
118
|
+
FRAME_RAISED|FRAME_THICK|LAYOUT_RIGHT|LAYOUT_CENTER_Y)
|
119
|
+
# Configuration Categories
|
120
|
+
# =
|
121
|
+
# Request
|
122
|
+
# Optimization
|
123
|
+
# Detection
|
124
|
+
# Techniques
|
125
|
+
# Fingerprint
|
126
|
+
# Enumeration
|
127
|
+
|
128
|
+
|
129
|
+
|
130
|
+
@accept_btn.disable if @settings_tab.general.request.empty?
|
131
|
+
@settings_tab.general.subscribe(:request_changed){
|
132
|
+
if @settings_tab.general.request.empty?
|
133
|
+
@accept_btn.disable
|
134
|
+
else
|
135
|
+
@accept_btn.enable
|
136
|
+
end
|
137
|
+
}
|
138
|
+
end
|
139
|
+
|
140
|
+
private
|
141
|
+
|
142
|
+
def create_request_file
|
143
|
+
fname = "sqlmap_" + Time.now.to_i.to_s + ".req"
|
144
|
+
begin
|
145
|
+
file = File.join(@output_path_txt.text, fname)
|
146
|
+
File.open(file, "w"){ |fh|
|
147
|
+
fh.puts @settings_tab.general.request
|
148
|
+
}
|
149
|
+
return file
|
150
|
+
rescue => bang
|
151
|
+
puts bang
|
152
|
+
puts bang.backtrace
|
153
|
+
return nil
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
def sqlmap_command(file)
|
158
|
+
sqlmap = []
|
159
|
+
|
160
|
+
sqlmap << @binary_path_txt.text
|
161
|
+
sqlmap << "-r #{file}"
|
162
|
+
sqlmap << "--level #{@settings_tab.general.level}"
|
163
|
+
sqlmap << "--risk #{@settings_tab.general.risk}"
|
164
|
+
sqlmap << "--technique #{@settings_tab.general.technique}"
|
165
|
+
sqlmap << @settings_tab.general.manual_options
|
166
|
+
|
167
|
+
sqlmap_cmd = sqlmap.join(" ")
|
168
|
+
end
|
169
|
+
|
170
|
+
def linux_command(file)
|
171
|
+
# /usr/bin/xterm -hold -e "script -c \"ls -alh\" test234.out"
|
172
|
+
xterm_bin = "/usr/bin/xterm"
|
173
|
+
return false unless File.exist? xterm_bin
|
174
|
+
command = "cd #{@output_path_txt.text} && #{xterm_bin} -hold -e \""
|
175
|
+
script_cmd = "#{sqlmap_command(file)}"
|
176
|
+
command << script_cmd
|
177
|
+
command << '"'
|
178
|
+
puts command
|
179
|
+
command
|
180
|
+
end
|
181
|
+
|
182
|
+
def win_command(file)
|
183
|
+
# start "sqlmap" /WAIT /D c:\tools dir
|
184
|
+
command = ""
|
185
|
+
|
186
|
+
out_file = file.gsub(/\.req/, ".out")
|
187
|
+
start_path = "#{@output_path_txt.text}"
|
188
|
+
start_path.gsub!(/\//,'\\')
|
189
|
+
|
190
|
+
script_cmd = "start \"SQLmap\" /D #{start_path} /WAIT cmd.exe /k \"#{sqlmap_command(file)}\""
|
191
|
+
command << script_cmd
|
192
|
+
command << '"'
|
193
|
+
puts command
|
194
|
+
command
|
195
|
+
end
|
196
|
+
|
197
|
+
def run_sqlmap(file)
|
198
|
+
command = case RUBY_PLATFORM
|
199
|
+
when /linux|bsd|solaris|hpux|darwin/
|
200
|
+
linux_command file
|
201
|
+
when /mswin|mingw|bccwin/
|
202
|
+
win_command file
|
203
|
+
end
|
204
|
+
Thread.new(command){ |cmd|
|
205
|
+
system(cmd)
|
206
|
+
}
|
207
|
+
|
208
|
+
end
|
209
|
+
|
210
|
+
def onAccept(sender, sel, event)
|
211
|
+
if @settings_tab.general.request.empty?
|
212
|
+
puts "No Request Defined!"
|
213
|
+
end
|
214
|
+
|
215
|
+
rf = create_request_file
|
216
|
+
puts "Start SQLMap with file #{rf}"
|
217
|
+
run_sqlmap(rf)
|
218
|
+
#getApp().stopModal(self, 1)
|
219
|
+
#self.hide()
|
220
|
+
#return 1
|
221
|
+
|
222
|
+
end
|
223
|
+
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
end
|