webgui.py 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659
  1. #!/usr/bin/python3
  2. # -*- coding: iso-8859-15 -*-
  3. """
  4. This file is part of the cintruder project, https://cintruder.03c8.net
  5. Copyright (c) 2012/2020 psy <epsylon@riseup.net>
  6. cintruder is free software; you can redistribute it and/or modify it under
  7. the terms of the GNU General Public License as published by the Free
  8. Software Foundation version 3 of the License.
  9. cintruder is distributed in the hope that it will be useful, but WITHOUT ANY
  10. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  12. details.
  13. You should have received a copy of the GNU General Public License along
  14. with cintruder; if not, write to the Free Software Foundation, Inc., 51
  15. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  16. """
  17. import socket, threading, re, base64, os, time
  18. import webbrowser, subprocess, json, sys
  19. try:
  20. from urlparse import urlparse
  21. except:
  22. import urllib.request, urllib.parse, urllib.error
  23. from .options import CIntruderOptions
  24. from pprint import pprint
  25. from shutil import copyfile
  26. host = "0.0.0.0"
  27. port = 9999
  28. class ClientThread(threading.Thread):
  29. def __init__(self, ip, port, socket):
  30. threading.Thread.__init__(self)
  31. self.ip = ip
  32. self.port = port
  33. self.socket = socket
  34. self.pages = Pages()
  35. def run(self):
  36. req = self.socket.recv(2048)
  37. res = self.pages.get(req)
  38. if res is None:
  39. self.socket.close()
  40. return
  41. out = "HTTP/1.0 %s\r\n" % res["code"]
  42. out += "Pragma: no-cache\n"
  43. out += "Expires: Fri, 30 Oct 1998 00:00:01 GMT\n"
  44. out += "Cache-Control: no-cache, must-revalidate\n"
  45. out += "Content-Type: %s\r\n\r\n" % res["ctype"]
  46. out += "%s" % res["html"]
  47. try:
  48. self.socket.send(out.encode('utf-8'))
  49. except:
  50. self.socket.send(out)
  51. self.socket.close()
  52. if "run" in res and len(res["run"]):
  53. subprocess.Popen(res["run"], shell=True)
  54. class Pages():
  55. def __init__(self):
  56. self.options = CIntruderOptions()
  57. self.pages = {}
  58. cintruder_img = open("core/images/cintruder.txt").read() #base64 logo
  59. if not os.path.exists("outputs/words/"):
  60. os.mkdir("outputs/words/")
  61. self.pages["/header"] = """
  62. <!DOCTYPE html><html>
  63. <head>
  64. <meta name="author" content="psy">
  65. <meta name="robots" content="noindex, nofollow">
  66. <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
  67. <title>CINTRUDER: OCR Bruteforcing Toolkit</title>
  68. <script type="text/javascript" src="/lib.js"></script>
  69. <script src="js/web.js" type="text/javascript"></script>
  70. <style>
  71. a:link {
  72. color: cyan;
  73. }
  74. a:visited {
  75. color: black;
  76. }
  77. </style>
  78. <style>
  79. input.button {
  80. width: 20em; height: 2em;
  81. }
  82. </style>
  83. """
  84. self.pages["/footer"] = """</body>
  85. </html>
  86. """
  87. self.pages["/"] = self.pages["/header"] + """
  88. <script>loadXMLDoc()</script></head><body bgcolor="blue" text="white" style="monospace;font-size:14px;" >
  89. <center>
  90. <table border="1" cellpadding="10" cellspacing="5" width="90%">
  91. <tr>
  92. <td bgcolor="white"><center><a href="https://cintruder.03c8.net" target="_blank"><img src='data:image/png;base64,"""+str(cintruder_img)+"""'></a></center></td>
  93. <td>
  94. <center><h3><a href="https://github.com/epsylon/cintruder" target="_blank">CINTRUDER</a> is an automatic pentesting tool to bypass <a href="https://en.wikipedia.org/wiki/CAPTCHA" target="_blank">captchas</a><br/><br/>
  95. Contact: psy (<a href="mailto:epsylon@riseup.net">epsylon@riseup.net</a>) - [<a href="https://03c8.net" target="_blank">03c8.net</a>]<br><br>
  96. License: <a href="https://www.gnu.org/licenses/quick-guide-gplv3.pdf" target="_blank">GPLv3</a> | Donate: <a href="https://blockchain.info/address/19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw" target="_blank">BTC</a></h3></center>
  97. </td>
  98. </tr></table><br/>
  99. <table cellpadding="10" cellspacing="5" width="90%">
  100. <tr>
  101. <td width="315px">
  102. <center>
  103. <table border="1" cellpadding="10" cellspacing="5">
  104. <tr>
  105. <td>
  106. Track: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="track"/ CHECKED>
  107. Train: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="train"/>
  108. Crack: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="crack"/>
  109. </td>
  110. </tr></table>
  111. </center>
  112. </td>
  113. <td><center>
  114. <div id="ifTrack" style="display:none">
  115. <table border="1" cellpadding="10" cellspacing="5">
  116. <tr>
  117. <td><center><input type="text" name="track_url" id="track_url" size="43" placeholder="Download captchas from url (to: 'inputs/')"></center></td>
  118. <td><center>Num: <input type="text" name="track_num" id="track_num" size="2" value="5"></center></td>
  119. <td><center>TOR: <input type="checkbox" id="tor" name="tor"></center></td>
  120. <td align="right">Debug: <input type="checkbox" name="verbose" id="verbose"></td>
  121. <td><center><input type="submit" value="Download!" onclick="TrackCaptchas()"></center></td>
  122. </tr></table>
  123. </div>
  124. <div id="ifTrain" style="display:none">
  125. <table border="1" cellpadding="5" cellspacing="5">
  126. <tr>
  127. <td><center>
  128. LOCAL: <input type="radio" onclick="javascript:TrainSourcesCheck();" name="training_sources" id="training_local"/ CHECKED>
  129. URL: <input type="radio" onclick="javascript:TrainSourcesCheck();" name="training_sources" id="training_url"/>
  130. <br><br><a href='javascript:runCommandX("cmd_tracklist");javascript:showResults()'>List Last Tracked</a><br><br>
  131. </center></td>
  132. <td>
  133. <div id="ifLocal" style="display:none">
  134. <center>
  135. <table cellpadding="5" cellspacing="5">
  136. <tr>
  137. <td><center><form action='' method='POST' enctype='multipart/form-data'>
  138. <input type='text' size="43" name='SourceFile' id='SourceFile' placeholder="Ex: inputs/test1.gif"></form></center></td>
  139. </tr></table>
  140. </center>
  141. </div>
  142. <div id="ifUrl" style="display:none">
  143. <table cellpadding="2" cellspacing="2">
  144. <tr>
  145. <td><center><input type="text" name="train_url" id="train_url" size="43" placeholder="Apply common OCR techniques to a remote captcha"></center></td>
  146. <td><center>TOR: <input type="checkbox" name="tor2" id="tor2"></center></td>
  147. </tr></table>
  148. </div>
  149. </td>
  150. </tr>
  151. <tr>
  152. <td align="right">Use Module: <input type="checkbox" onclick="javascript:SetTrainModule();" name="set_module" id="set_module"></td>
  153. <td>
  154. <table>
  155. <tr>
  156. <td align="center">
  157. <div id="ifMod_set" style="display:none">
  158. <table cellpadding="5" cellspacing="5">
  159. <tr>
  160. <td>Name: <input type="text" name="use_mod" id="use_mod" size="12" placeholder="Ex: 'easy'"></td>
  161. <td><a href='javascript:runCommandX("cmd_list");javascript:showResults()'>List Modules</a></td>
  162. </tr></table>
  163. </div>
  164. </td>
  165. </tr></table>
  166. </td>
  167. </tr>
  168. <tr>
  169. <td align="right">Advanced OCR: <input type="checkbox" onclick="javascript:SetColourID();" name="set_colour_id" id="set_colour_id"></td>
  170. <td align="center">
  171. <div id="ifMod_colour" style="display:none">
  172. <table cellpadding="5" cellspacing="5">
  173. <tr>
  174. <td>Set Colour ID: <input type="text" name="set_id" id="set_id" size="2" placeholder="Ex: 1"></td>
  175. </tr></table>
  176. </div>
  177. </td>
  178. </tr>
  179. <tr>
  180. <td align="right">Debug: <input type="checkbox" name="verbose2" id="verbose2"></td>
  181. <td><center><input type="submit" class="button" value="Train!" onclick="TrainCaptchas()"></center></td>
  182. </tr>
  183. </table>
  184. </div>
  185. <div id="ifCrack" style="display:none">
  186. <table border="1" cellpadding="5" cellspacing="5">
  187. <tr>
  188. <td><center>
  189. LOCAL: <input type="radio" onclick="javascript:CrackingCheck();" name="cracking_sources" id="cracking_local"/ CHECKED>
  190. URL: <input type="radio" onclick="javascript:CrackingCheck();" name="cracking_sources" id="cracking_url"/>
  191. <br><br><a href='javascript:runCommandX("cmd_tracklist");javascript:showResults()'>List Last Tracked</a><br><br>
  192. </center></td>
  193. <td>
  194. <div id="ifCrackLocal" style="display:none">
  195. <center>
  196. <table cellpadding="5" cellspacing="5">
  197. <tr>
  198. <td><center><form action='' method='POST' enctype='multipart/form-data'>
  199. <input type='text' size="43" name='SourceFile2' id='SourceFile2' placeholder="Ex: inputs/test1.gif"></form></center></td>
  200. </tr>
  201. </table>
  202. </center>
  203. </div>
  204. <div id="ifCrackUrl" style="display:none">
  205. <table cellpadding="5" cellspacing="5">
  206. <tr>
  207. <td><center><input type="text" name="crack_url" id="crack_url" size="43" placeholder="Brute force using local dictionary (from: 'dictionary/')"></center></td>
  208. <td><center>TOR: <input type="checkbox" name="tor3" id="tor3"></center></td>
  209. </tr>
  210. </table>
  211. </div>
  212. </td>
  213. </tr>
  214. <tr>
  215. <td align="right">Use Module: <input type="checkbox" onclick="javascript:SetCrackModule();" name="set_module_crack" id="set_module_crack"></td>
  216. <td>
  217. <table>
  218. <tr>
  219. <td align="center">
  220. <div id="ifMod_set_crack" style="display:none">
  221. <table cellpadding="5" cellspacing="5">
  222. <tr>
  223. <td>Name: <input type="text" name="use_mod_crack" id="use_mod_crack" size="12" placeholder="Ex: 'easy'"></td>
  224. <td><a href='javascript:runCommandX("cmd_list");javascript:showResults()'>List Modules</a></td>
  225. </tr></table>
  226. </div>
  227. </td>
  228. </tr></table>
  229. </td>
  230. </tr>
  231. <tr>
  232. <td align="right">Advanced OCR: <input type="checkbox" onclick="javascript:SetColourID();" name="set_colour_id3" id="set_colour_id3"></td>
  233. <td align="center">
  234. <div id="ifMod_colour2" style="display:none">
  235. <table cellpadding="5" cellspacing="5">
  236. <tr>
  237. <td>Set Colour ID: <input type="text" name="set_id3" id="set_id3" size="2" placeholder="Ex: 1"></td>
  238. </tr></table>
  239. </div>
  240. </td>
  241. </tr>
  242. <tr>
  243. <td align="right">Export to XML: <input type="checkbox" onclick="javascript:SetXML();" name="set_xml" id="set_xml"></td>
  244. <td align="center">
  245. <div id="ifMod_xml" style="display:none">
  246. <table cellpadding="5" cellspacing="5">
  247. <tr>
  248. <td>Filename: <input type="text" name="set_xml_file" id="set_xml_file" size="16" placeholder="Ex: php-captcha.xml"></td>
  249. </tr></table>
  250. </div>
  251. </td>
  252. </tr>
  253. <tr>
  254. <td align="right">Debug: <input type="checkbox" name="verbose3" id="verbose3"></td>
  255. <td><center><input type="submit" class="button" value="Crack it!" onclick="CrackCaptchas()"></center></td>
  256. </tr>
  257. </table>
  258. </div>
  259. </center></td>
  260. </tr>
  261. </table>
  262. <table cellpadding="5" cellspacing="5">
  263. <tr>
  264. <td>
  265. <div id="Results" style="display:none"><table width="100%" border="1" cellpadding="5" cellspacing="5"><th>Shell Info:<tr><td><div id="cmdOut"></div></td></tr></table></div>
  266. </td>
  267. </tr>
  268. <tr>
  269. <td align="center">
  270. <div id="Captcha-IN" style="display:none"><table border="1" width="100%" cellpadding="5" cellspacing="5"><th>Captcha Preview:<tr><td><center><img id="target_captcha_img_path" name="target_captcha_img_path" src=''></center></td></tr></table></div>
  271. </td>
  272. </tr>
  273. <tr>
  274. <td>
  275. <div id="OCR-out" style="display:none">
  276. <table width="100%" height="100%" border="1"><th>OCR Output:<tr>
  277. <td><iframe frameborder="0" id="directory-words" name="directory-words" width="800px" height="300px" src="directory-words"></iframe></td>
  278. </tr></table>
  279. </div>
  280. </td>
  281. </tr>
  282. </table>
  283. </center>
  284. <br /><br/>
  285. """ + self.pages["/footer"]
  286. self.pages["/directory-words"] ="""<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html;charset=UTF-8"><script type="text/javascript" src="/lib.js"></script>
  287. <script language="javascript">
  288. function AddAll(){
  289. var inputs = document.getElementsByClassName('word'),
  290. ws = [].map.call(inputs, function( input ) {
  291. return input.id;
  292. }).join("-");
  293. var array = ws.split('-');
  294. var arrayLength = array.length;
  295. for (var i = 0; i < arrayLength; i++) {
  296. word = array[i];
  297. letter = document.getElementById(word).value;
  298. if(letter == ""){
  299. window.alert("You need to enter ALL dictionary symbols");
  300. return
  301. }
  302. if(word == ""){
  303. word = "off";
  304. }else{
  305. var w = word.substring(word.lastIndexOf('_')+1);
  306. w = "images/previews/ocr/" + w;
  307. params="symbol="+escape(w)+"&letter="+escape(letter);
  308. }
  309. runCommandX("cmd_move_ocr",params);
  310. var s = word.substring(word.lastIndexOf('_')+1);
  311. document.getElementById(s).style.display = "none";
  312. }
  313. document.getElementById("adding").style.display = "none";
  314. document.getElementById("AddAll").style.display = "none";
  315. }
  316. function Reload(word){
  317. var w = word.substring(word.lastIndexOf('/')+1);
  318. document.getElementById(w).style.display = "none";
  319. document.getElementById("discarding").style.display = "none";
  320. }
  321. function Reload_Added(word){
  322. var w = word.substring(word.lastIndexOf('/')+1);
  323. document.getElementById(w).style.display = "none";
  324. document.getElementById("adding").style.display = "none";
  325. }
  326. function MoveOCR(word) {
  327. var w = word.substring(word.lastIndexOf('/')+1);
  328. symbol = "letter_" + w
  329. letter = document.getElementById(symbol).value;
  330. if(letter == ""){
  331. window.alert("You need to enter a valid dictionary symbol (Ex: p)");
  332. return
  333. }
  334. if(word == ""){
  335. word = "off";
  336. }else{
  337. params="symbol="+escape(word)+"&letter="+escape(letter);
  338. }
  339. runCommandX("cmd_move_ocr",params);
  340. setTimeout(function() { Reload_Added(word) }, 2000); // delay 2
  341. }
  342. function RemoveOCR(word) {
  343. if(word == ""){
  344. word = "off";
  345. }else{
  346. params="symbol="+escape(word);
  347. }
  348. runCommandX("cmd_remove_ocr",params);
  349. setTimeout(function() { Reload(word) }, 2000); // delay 2
  350. }
  351. </script>
  352. <script language="javascript">function ViewWord(word) {window.open(word,"_blank","fulscreen=no, titlebar=yes, top=180, left=320, width=720, height=460, resizable=yes", false);}</script></head><body><table width='100%'><tr><td align='center'><font color='white'><div id="cmdOut"></div></font></td></tr><tr><td><br><center><a href='javascript:runCommandX("cmd_dict");'><font color="cyan"><u>View Dictionary Info</u></font></a></center></td></tr><tr><td>"""+str("".join(self.list_words()))+"""</td></tr></table><br><div align='center' style='display:block;' id='AddAll'> <button onclick='AddAll()'>ADD ALL!</button></div></body></html>"""
  353. self.pages["/lib.js"] = """function loadXMLDoc() {
  354. var xmlhttp;
  355. if (window.XMLHttpRequest) {
  356. // code for IE7+, Firefox, Chrome, Opera, Safari
  357. xmlhttp = new XMLHttpRequest();
  358. } else {
  359. // code for IE6, IE5
  360. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  361. }
  362. xmlhttp.onreadystatechange = function() {
  363. if (xmlhttp.readyState == 4 ) {
  364. if(xmlhttp.status == 200){
  365. document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
  366. setTimeout("loadXMLDoc()", 3000);
  367. }
  368. }
  369. }
  370. xmlhttp.send();
  371. }
  372. function runCommandX(cmd,params) {
  373. var xmlhttp;
  374. if (window.XMLHttpRequest) {
  375. // code for IE7+, Firefox, Chrome, Opera, Safari
  376. xmlhttp = new XMLHttpRequest();
  377. } else {
  378. // code for IE6, IE5
  379. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  380. }
  381. xmlhttp.onreadystatechange = function() {
  382. if (xmlhttp.readyState == 4 ) {
  383. if(xmlhttp.status == 200){
  384. if(cmd.indexOf("?")!=-1){
  385. s=cmd.split("?")
  386. cmd=s[0]
  387. params=s[1]
  388. }
  389. document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
  390. //document.getElementById("cmdOut").scrollIntoView();
  391. newcmd=cmd
  392. if(newcmd=="cmd_remove_ocr" || newcmd=="cmd_move_ocr" || newcmd=="cmd_dict"){ //do not refresh
  393. return;
  394. } else {
  395. if(newcmd=="cmd_list" || newcmd=="cmd_track" || newcmd == "cmd_tracklist" || newcmd=="cmd_crack" || newcmd=="cmd_train") newcmd=newcmd+"_update"
  396. //do not refresh if certain text on response is found
  397. if(newcmd.match(/update/) &&
  398. (
  399. xmlhttp.responseText.match(/Number of tracked captchas/) ||
  400. xmlhttp.responseText.match(/to the correct folder/) ||
  401. xmlhttp.responseText.match(/by the moment/) ||
  402. xmlhttp.responseText.match(/Is that captcha supported?/) ||
  403. xmlhttp.responseText.match(/module not found/) ||
  404. xmlhttp.responseText.match(/No idea/) ||
  405. xmlhttp.responseText.match(/Possible Solution/) ||
  406. xmlhttp.responseText.match(/Internal problems/) ||
  407. xmlhttp.responseText.match(/List end/)
  408. )
  409. ) return;
  410. setTimeout(function(){runCommandX(newcmd,params)}, 3000);
  411. return;}
  412. }
  413. }
  414. }
  415. if(typeof params != "undefined") cmd=cmd+"?"+params
  416. xmlhttp.open("GET", cmd, true);
  417. xmlhttp.send();
  418. }
  419. """
  420. def list_words(self):
  421. m = []
  422. t = os.listdir("outputs/words")
  423. for f in t:
  424. try:
  425. with open("core/images/previews/ocr/"+f,'rb') as img_f:
  426. img = "data:image/gif;base64,"+base64.b64encode(img_f.read()).decode('utf-8')
  427. except:
  428. img = ""
  429. ocr_preview = "<br><table style='display:block;' id='"+f+"' name='"+f+"' border='1' width='100%' cellpadding='5' cellspacing='5'><tr><td align='left' width='100%'><font color='cyan'><u><a onclick=javascript:ViewWord('"+img+"');return false;>"+f+"</a></u></td><td align='center'><a onclick=javascript:ViewWord('"+img+"');return false;><img border='1' style='border-color:red;' src='"+img+"'></a></font></td><td align='center'><input type='text' class='word' name='letter_"+f+"' id='letter_"+f+"' size='2'></td><td align='center'><input type='submit' class='button' value='ADD!' onclick=javascript:MoveOCR('images/previews/ocr/"+f+"');return false;></td><td align='center'><input type='submit' class='button' value='Discard...' onclick=javascript:RemoveOCR('images/previews/ocr/"+f+"');return false;></td></tr></table>"
  430. m.append(ocr_preview)
  431. return m
  432. def convert_size(self, size):
  433. import math
  434. if (size == 0):
  435. return '0B'
  436. size_name = ("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
  437. i = int(math.floor(math.log(size,1024)))
  438. p = math.pow(1024,i)
  439. s = round(size/p,2)
  440. return '%s %s' % (s,size_name[i])
  441. def buildGetParams(self, request):
  442. params = {}
  443. try:
  444. path = re.findall("^GET ([^\s]+)", request)
  445. except:
  446. path = re.findall("^GET ([^\s]+)", request.decode('utf-8'))
  447. if path:
  448. path = path[0]
  449. start = path.find("?")
  450. if start != -1:
  451. for param in path[start+1:].split("&"):
  452. f = param.split("=")
  453. if len(f) == 2:
  454. var = f[0]
  455. value = f[1]
  456. value = value.replace("+", " ")
  457. value = urllib.parse.unquote(value)
  458. params[var] = value
  459. return params
  460. def get(self, request):
  461. cmd_options = ""
  462. runcmd = ""
  463. try:
  464. res = re.findall("^GET ([^\s]+)", request)
  465. except:
  466. res = re.findall("^GET ([^\s]+)", request.decode('utf-8'))
  467. if res is None:
  468. return
  469. pGet = {}
  470. try:
  471. page = res[0]
  472. except:
  473. return
  474. paramStart = page.find("?")
  475. if paramStart != -1:
  476. page = page[:paramStart]
  477. pGet = self.buildGetParams(request)
  478. if page.startswith("/images/") or page.startswith("/js/") or page.startswith("/inputs/"):
  479. if os.path.exists("core/"+page[1:]):
  480. try:
  481. f=open("core/"+page[1:],'r',encoding="utf-8")
  482. data = f.read()
  483. except:
  484. try:
  485. with open("core/"+page[1:],'rb') as img_f:
  486. data = base64.b64encode(img_f.read()).decode('utf-8')
  487. except:
  488. data = ""
  489. self.pages[page]=data
  490. if page == "/cmd_dict": # view dictionary info
  491. path, dirs, files = next(os.walk("dictionary/"))
  492. total_dirs = len(dirs)
  493. total_files = len(files)
  494. size = 0
  495. for d in dirs:
  496. path, dirs, files = next(os.walk("dictionary/"+d))
  497. total_files = total_files + len(files)
  498. for f in files:
  499. size += os.path.getsize("dictionary/"+d+"/"+f)
  500. size = self.convert_size(size)
  501. last_update = time.ctime(os.path.getctime("dictionary/"))
  502. self.pages["/cmd_dict"] = "<table align='center' border='1' cellspacing='5' cellpadding='5'><tr><td><u>Creation Date:</u></td><td><u>Size:</u></td><td><u>Total Words:</u></td><td><u>Total Symbols:</u></td></tr><tr><td align='center'>"+str(last_update)+"</td><td align='center'>"+str(size)+"</td><td align='center'>"+str(total_dirs)+"</td><td align='center'>"+str(total_files)+"</td></tr></table>"
  503. if page == "/cmd_remove_ocr": # remove ocr image from previews
  504. if not pGet["symbol"]=="off":
  505. self.pages["/cmd_remove_ocr"] = "<div style='display:block' id='discarding' name='discarding'><pre>[Info] Discarding image from previews...</pre></div>"
  506. symbol = pGet["symbol"]
  507. try:
  508. os.remove("core/" + symbol)
  509. except:
  510. pass
  511. if page == "/cmd_move_ocr": # move ocr image from previews to dictionary
  512. if not pGet["symbol"]=="off":
  513. self.pages["/cmd_move_ocr"] = "<div style='display:block' id='adding' name='adding'><pre>[Info] Adding image from previews to dictionary...</pre></div>"
  514. symbol = pGet["symbol"]
  515. letter = pGet["letter"]
  516. o = "core/" + symbol
  517. d = "dictionary/" + letter
  518. try:
  519. if not os.path.exists(d):
  520. os.makedirs(d)
  521. head, tail = os.path.split(symbol)
  522. final = d + "/" + tail
  523. copyfile(o, final) # copy file to letter on dictionary
  524. os.remove(o) # purge from previews
  525. except:
  526. pass
  527. if page == "/cmd_list": # list mods
  528. self.pages["/cmd_list"] = "<pre>Waiting for a list of available modules...</pre>"
  529. runcmd = "(python -i cintruder --mods-list "+ "|tee /tmp/out) &"
  530. if page == "/cmd_list_update":
  531. if not os.path.exists('/tmp/out'):
  532. open('/tmp/out', 'w').close()
  533. with open('/tmp/out', 'r') as f:
  534. self.pages["/cmd_list_update"] = "<pre>"+f.read()+"<pre>"
  535. if page == "/cmd_track": # tracking
  536. self.pages["/cmd_track"] = "<pre>Waiting for tracking results...</pre>"
  537. if pGet["tor"]=="on":
  538. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  539. if pGet["verbose"]=="on":
  540. cmd_options = cmd_options + "--verbose "
  541. runcmd = "(python -i cintruder --track '"+pGet["tracking_source"]+"' --track-num '"+pGet["tracking_num"]+"' " + cmd_options + "|tee /tmp/out) &"
  542. if page == "/cmd_track_update":
  543. if not os.path.exists('/tmp/out'):
  544. open('/tmp/out', 'w').close()
  545. with open('/tmp/out', 'r') as f:
  546. self.pages["/cmd_track_update"] = "<pre>"+f.read()+"<pre>"
  547. if page == "/cmd_tracklist": # list last tracks
  548. self.pages["/cmd_tracklist"] = "<pre>Waiting for a list of last tracks...</pre>"
  549. runcmd = "(python -i cintruder --tracked-list "+ "|tee /tmp/out) &"
  550. if page == "/cmd_tracklist_update":
  551. if not os.path.exists('/tmp/out'):
  552. open('/tmp/out', 'w').close()
  553. with open('/tmp/out', 'r') as f:
  554. self.pages["/cmd_tracklist_update"] = "<pre>"+f.read()+"<pre>"
  555. if page == "/cmd_train": # training
  556. self.pages["/cmd_train"] = "<pre>Waiting for training results...</pre>"
  557. if pGet["tor"]=="on":
  558. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  559. if pGet["verbose"]=="on":
  560. cmd_options = cmd_options + "--verbose "
  561. if not pGet["colourID"]=="off":
  562. cmd_options = cmd_options + "--set-id='" + pGet["colourID"] + "' "
  563. if not pGet["module"]=="off":
  564. cmd_options = cmd_options + "--mod='" + pGet["module"] + "' "
  565. if pGet["source_file"]=="off": # from remote url source
  566. runcmd = "(python -i cintruder --train '"+pGet["train_url"]+"' " + cmd_options + "|tee /tmp/out) &"
  567. else: # from local source
  568. source_file = pGet["source_file"]
  569. runcmd = "(python -i cintruder --train '"+source_file+"' " + cmd_options + "|tee /tmp/out) &"
  570. if page == "/cmd_train_update":
  571. if not os.path.exists('/tmp/out'):
  572. open('/tmp/out', 'w').close()
  573. with open('/tmp/out', 'r') as f:
  574. self.pages["/cmd_train_update"] = "<pre>"+f.read()+"<pre>"
  575. if page == "/cmd_crack": # cracking
  576. self.pages["/cmd_crack"] = "<pre>Waiting for cracking (bruteforcing) results...</pre>"
  577. if pGet["tor"]=="on":
  578. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  579. if pGet["verbose"]=="on":
  580. cmd_options = cmd_options + "--verbose "
  581. if not pGet["colourID"]=="off":
  582. cmd_options = cmd_options + "--set-id='" + pGet["colourID"] + "' "
  583. if not pGet["module"]=="off":
  584. cmd_options = cmd_options + "--mod='" + pGet["module"] + "' "
  585. if not pGet["xml"]=="off":
  586. cmd_options = cmd_options + "--xml='" + pGet["xml"] + "' "
  587. if pGet["source_file"]=="off": # from remote url source
  588. runcmd = "(python -i cintruder --crack '"+pGet["crack_url"]+"' " + cmd_options + "|tee /tmp/out) &"
  589. else: # from local source
  590. source_file = pGet["source_file"]
  591. runcmd = "(python -i cintruder --crack '"+source_file+"' " + cmd_options + "|tee /tmp/out) &"
  592. if page == "/cmd_crack_update":
  593. if not os.path.exists('/tmp/out'):
  594. open('/tmp/out', 'w').close()
  595. with open('/tmp/out', 'r') as f:
  596. self.pages["/cmd_crack_update"] = "<pre>"+f.read()+"<pre>"
  597. ctype = "text/html"
  598. if page.find(".js") != -1:
  599. ctype = "text/javascript"
  600. elif page.find(".txt") != -1:
  601. ctype = "text/plain"
  602. elif page.find(".ico") != -1:
  603. ctype = "image/x-icon"
  604. elif page.find(".png") != -1:
  605. ctype = "image/png"
  606. elif page.find(".jpeg") != -1:
  607. ctype = "image/jpeg"
  608. elif page.find(".jpg") != -1:
  609. ctype = "image/jpeg"
  610. elif page.find(".gif") != -1:
  611. ctype = "image/gif"
  612. if page in self.pages:
  613. return dict(run=runcmd, code="200 OK", html=self.pages[page], ctype=ctype)
  614. return dict(run=runcmd, code="404 Error", html="404 Error<br><br>Page not found...", ctype=ctype)
  615. class Command(object):
  616. def __init__(self, cmd):
  617. self.cmd = cmd
  618. self.process = None
  619. def run(self, timeout):
  620. def target():
  621. self.process = subprocess.Popen(self.cmd, shell=True)
  622. thread = threading.Thread(target=target)
  623. thread.start()
  624. thread.join(timeout)
  625. if thread.is_alive():
  626. self.process.terminate()
  627. thread.join()
  628. if __name__ == "__main__":
  629. webbrowser.open('http://127.0.0.1:9999', new=1)
  630. tcpsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  631. tcpsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  632. tcpsock.bind((host, port))
  633. while True:
  634. tcpsock.listen(4)
  635. (clientsock, (ip, c_port)) = tcpsock.accept()
  636. newthread = ClientThread(ip, c_port, clientsock)
  637. newthread.start()