webgui.py 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578
  1. #!/usr/bin/python
  2. # -*- coding: iso-8859-15 -*-
  3. """
  4. This file is part of the cintruder project, http://cintruder.03c8.net
  5. Copyright (c) 2012/2016 psy <epsylon@riseup.net>
  6. cintruder is free software; you can redistribute it and/or modify it under
  7. the terms of the GNU General Public License as published by the Free
  8. Software Foundation version 3 of the License.
  9. cintruder is distributed in the hope that it will be useful, but WITHOUT ANY
  10. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  12. details.
  13. You should have received a copy of the GNU General Public License along
  14. with cintruder; if not, write to the Free Software Foundation, Inc., 51
  15. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  16. """
  17. import socket, threading, re, base64, os, time
  18. import webbrowser, subprocess, urllib, json, sys
  19. from options import CIntruderOptions
  20. from pprint import pprint
  21. from shutil import copyfile
  22. host = "0.0.0.0"
  23. port = 9999
  24. class ClientThread(threading.Thread):
  25. def __init__(self, ip, port, socket):
  26. threading.Thread.__init__(self)
  27. self.ip = ip
  28. self.port = port
  29. self.socket = socket
  30. self.pages = Pages()
  31. def run(self):
  32. req = self.socket.recv(2048)
  33. res = self.pages.get(req)
  34. out = "HTTP/1.0 %s\r\n" % res["code"]
  35. out += "Pragma: no-cache\n"
  36. out += "Expires: Fri, 30 Oct 1998 00:00:01 GMT\n"
  37. out += "Cache-Control: no-cache, must-revalidate\n"
  38. out += "Content-Type: %s\r\n\r\n" % res["ctype"]
  39. out += "%s" % res["html"]
  40. self.socket.send(out)
  41. self.socket.close()
  42. if "run" in res and len(res["run"]):
  43. subprocess.Popen(res["run"], shell=True)
  44. class Pages():
  45. def __init__(self):
  46. self.options = CIntruderOptions()
  47. self.pages = {}
  48. if not os.path.exists("outputs/words/"):
  49. os.mkdir("outputs/words/")
  50. self.pages["/header"] = """
  51. <!DOCTYPE html><html>
  52. <head>
  53. <meta name="author" content="psy">
  54. <meta name="robots" content="noindex, nofollow">
  55. <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
  56. <title>CINTRUDER: OCR Bruteforcing Toolkit</title>
  57. <script type="text/javascript" src="/lib.js"></script>
  58. <script src="js/web.js" type="text/javascript"></script>
  59. <style>
  60. a:link {
  61. color: cyan;
  62. }
  63. a:visited {
  64. color: black;
  65. }
  66. </style>
  67. <style>
  68. input.button {
  69. width: 20em; height: 2em;
  70. }
  71. </style>
  72. """
  73. self.pages["/footer"] = """</body>
  74. </html>
  75. """
  76. self.pages["/"] = self.pages["/header"] + """
  77. <script>loadXMLDoc()</script></head><body bgcolor="blue" text="white" style="monospace;font-size:14px;" >
  78. <center>
  79. <table border="1" cellpadding="10" cellspacing="5" width="90%">
  80. <tr>
  81. <td bgcolor="white"><center><a href="http://cintruder.03c8.net" target="_blank"><img src="images/cintruder.png"></a></center></td>
  82. <td>
  83. <center><h3><a href="https://github.com/epsylon/cintruder" target="_blank">CINTRUDER</a> is an automatic pentesting tool to bypass <a href="https://en.wikipedia.org/wiki/CAPTCHA" target="_blank">captchas</a><br/><br/>
  84. Contact: psy (<a href="mailto:epsylon@riseup.net">epsylon@riseup.net</a>) - [<a href="https://03c8.net" target="_blank">03c8.net</a>]<br><br>
  85. License: <a href="http://www.gnu.org/licenses/quick-guide-gplv3.pdf" target="_blank">GPLv3</a> | Donate: <a href="https://blockchain.info/address/19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw" target="_blank">BTC</a></h3></center>
  86. </td>
  87. </tr></table><br/>
  88. <table cellpadding="10" cellspacing="5" width="90%">
  89. <tr>
  90. <td width="315px">
  91. <center>
  92. <table border="1" cellpadding="10" cellspacing="5">
  93. <tr>
  94. <td>
  95. Track: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="track"/ CHECKED>
  96. Train: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="train"/>
  97. Crack: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="crack"/>
  98. </td>
  99. </tr></table>
  100. </center>
  101. </td>
  102. <td><center>
  103. <div id="ifTrack" style="display:none">
  104. <table border="1" cellpadding="10" cellspacing="5">
  105. <tr>
  106. <td><center><input type="text" name="track_url" id="track_url" size="43" placeholder="Download captchas from url (to: 'inputs/')"></center></td>
  107. <td><center>Num: <input type="text" name="track_num" id="track_num" size="2" value="5"></center></td>
  108. <td><center>TOR: <input type="checkbox" id="tor" name="tor"></center></td>
  109. <td align="right">Debug: <input type="checkbox" name="verbose" id="verbose"></td>
  110. <td><center><input type="submit" value="Download!" onclick="TrackCaptchas()"></center></td>
  111. </tr></table>
  112. </div>
  113. <div id="ifTrain" style="display:none">
  114. <table border="1" cellpadding="5" cellspacing="5">
  115. <tr>
  116. <td><center>
  117. LOCAL: <input type="radio" onclick="javascript:TrainSourcesCheck();" name="training_sources" id="training_local"/ CHECKED>
  118. URL: <input type="radio" onclick="javascript:TrainSourcesCheck();" name="training_sources" id="training_url"/>
  119. </center></td>
  120. <td>
  121. <div id="ifLocal" style="display:none">
  122. <center>
  123. <table cellpadding="5" cellspacing="5">
  124. <tr>
  125. <td><center><form action='' method='POST' enctype='multipart/form-data'>
  126. <input type='text' size="43" name='SourceFile' id='SourceFile' placeholder="Ex: inputs/test1.gif"></form></center></td>
  127. </tr></table>
  128. </center>
  129. </div>
  130. <div id="ifUrl" style="display:none">
  131. <table cellpadding="2" cellspacing="2">
  132. <tr>
  133. <td><center><input type="text" name="train_url" id="train_url" size="43" placeholder="Apply common OCR techniques to a remote captcha"></center></td>
  134. <td><center>TOR: <input type="checkbox" name="tor2" id="tor2"></center></td>
  135. </tr></table>
  136. </div>
  137. </td>
  138. </tr>
  139. <tr>
  140. <td align="right">Use Module: <input type="checkbox" onclick="javascript:SetTrainModule();" name="set_module" id="set_module"></td>
  141. <td>
  142. <table>
  143. <tr>
  144. <td align="center">
  145. <div id="ifMod_set" style="display:none">
  146. <table cellpadding="5" cellspacing="5">
  147. <tr>
  148. <td>Name: <input type="text" name="use_mod" id="use_mod" size="12" placeholder="Ex: 'easy'"></td>
  149. <td><a href='javascript:runCommandX("cmd_list");javascript:showResults()'>List Modules</a></td>
  150. </tr></table>
  151. </div>
  152. </td>
  153. </tr></table>
  154. </td>
  155. </tr>
  156. <tr>
  157. <td align="right">Advanced OCR: <input type="checkbox" onclick="javascript:SetColourID();" name="set_colour_id" id="set_colour_id"></td>
  158. <td align="center">
  159. <div id="ifMod_colour" style="display:none">
  160. <table cellpadding="5" cellspacing="5">
  161. <tr>
  162. <td>Set Colour ID: <input type="text" name="set_id" id="set_id" size="2" placeholder="Ex: 1"></td>
  163. </tr></table>
  164. </div>
  165. </td>
  166. </tr>
  167. <tr>
  168. <td align="right">Debug: <input type="checkbox" name="verbose2" id="verbose2"></td>
  169. <td><center><input type="submit" class="button" value="Train!" onclick="TrainCaptchas()"></center></td>
  170. </tr>
  171. </table>
  172. </div>
  173. <div id="ifCrack" style="display:none">
  174. <table border="1" cellpadding="5" cellspacing="5">
  175. <tr>
  176. <td><center>
  177. LOCAL: <input type="radio" onclick="javascript:CrackingCheck();" name="cracking_sources" id="cracking_local"/ CHECKED>
  178. URL: <input type="radio" onclick="javascript:CrackingCheck();" name="cracking_sources" id="cracking_url"/>
  179. </center></td>
  180. <td>
  181. <div id="ifCrackLocal" style="display:none">
  182. <center>
  183. <table cellpadding="5" cellspacing="5">
  184. <tr>
  185. <td><center><form action='' method='POST' enctype='multipart/form-data'>
  186. <input type='text' size="43" name='SourceFile2' id='SourceFile2' placeholder="Ex: inputs/test1.gif"></form></center></td>
  187. </tr>
  188. </table>
  189. </center>
  190. </div>
  191. <div id="ifCrackUrl" style="display:none">
  192. <table cellpadding="5" cellspacing="5">
  193. <tr>
  194. <td><center><input type="text" name="crack_url" id="crack_url" size="43" placeholder="Brute force using local dictionary (from: 'dictionary/')"></center></td>
  195. <td><center>TOR: <input type="checkbox" name="tor3" id="tor3"></center></td>
  196. </tr>
  197. </table>
  198. </div>
  199. </td>
  200. </tr>
  201. <tr>
  202. <td align="right">Use Module: <input type="checkbox" onclick="javascript:SetCrackModule();" name="set_module_crack" id="set_module_crack"></td>
  203. <td>
  204. <table>
  205. <tr>
  206. <td align="center">
  207. <div id="ifMod_set_crack" style="display:none">
  208. <table cellpadding="5" cellspacing="5">
  209. <tr>
  210. <td>Name: <input type="text" name="use_mod_crack" id="use_mod_crack" size="12" placeholder="Ex: 'easy'"></td>
  211. <td><a href='javascript:runCommandX("cmd_list");javascript:showResults()'>List Modules</a></td>
  212. </tr></table>
  213. </div>
  214. </td>
  215. </tr></table>
  216. </td>
  217. </tr>
  218. <tr>
  219. <td align="right">Export to XML: <input type="checkbox" onclick="javascript:SetXML();" name="set_xml" id="set_xml"></td>
  220. <td align="center">
  221. <div id="ifMod_xml" style="display:none">
  222. <table cellpadding="5" cellspacing="5">
  223. <tr>
  224. <td>Filename: <input type="text" name="set_xml_file" id="set_xml_file" size="16" placeholder="Ex: php-captcha.xml"></td>
  225. </tr></table>
  226. </div>
  227. </td>
  228. </tr>
  229. <tr>
  230. <td align="right">Debug: <input type="checkbox" name="verbose3" id="verbose3"></td>
  231. <td><center><input type="submit" class="button" value="Crack it!" onclick="CrackCaptchas()"></center></td>
  232. </tr>
  233. </table>
  234. </div>
  235. </center></td>
  236. </tr>
  237. </table>
  238. <table cellpadding="5" cellspacing="5">
  239. <tr>
  240. <td>
  241. <div id="Results" style="display:none"><table width="100%" border="1" cellpadding="5" cellspacing="5"><th>Shell Info:<tr><td><div id="cmdOut"></div></td></tr></table></div>
  242. </td>
  243. </tr>
  244. <tr>
  245. <td align="center">
  246. <div id="Captcha-IN" style="display:none"><table border="1" width="100%" cellpadding="5" cellspacing="5"><th>Captcha Preview:<tr><td><center><img id="target_captcha_img_path" name="target_captcha_img_path" src=''></center></td></tr></table></div>
  247. </td>
  248. </tr>
  249. <tr>
  250. <td>
  251. <div id="OCR-out" style="display:none">
  252. <table width="100%" height="100%" border="1"><th>OCR Output:<tr>
  253. <td><iframe frameborder="0" id="directory-words" name="directory-words" width="800px" height="300px" src="directory-words"></iframe></td>
  254. </tr></table>
  255. </div>
  256. </td>
  257. </tr>
  258. </table>
  259. </center>
  260. <br /><br/>
  261. """ + self.pages["/footer"]
  262. self.pages["/directory-words"] ="""<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html;charset=UTF-8"><script type="text/javascript" src="/lib.js"></script>
  263. <script language="javascript">
  264. function Reload(word){
  265. var w = word.substring(word.lastIndexOf('/')+1);
  266. document.getElementById(w).style.display = "none";
  267. document.getElementById("discarding").style.display = "none";
  268. }
  269. function Reload_Added(word){
  270. var w = word.substring(word.lastIndexOf('/')+1);
  271. document.getElementById(w).style.display = "none";
  272. document.getElementById("adding").style.display = "none";
  273. }
  274. function MoveOCR(word) {
  275. var w = word.substring(word.lastIndexOf('/')+1);
  276. symbol = "letter_" + w
  277. letter = document.getElementById(symbol).value;
  278. if(letter == ""){
  279. window.alert("You need to enter a valid dictionary symbol (Ex: p)");
  280. return
  281. }
  282. if(word == ""){
  283. word = "off";
  284. }else{
  285. params="symbol="+escape(word)+"&letter="+escape(letter);
  286. }
  287. runCommandX("cmd_move_ocr",params);
  288. setTimeout(function() { Reload_Added(word) }, 2000); // delay 2
  289. }
  290. function RemoveOCR(word) {
  291. if(word == ""){
  292. word = "off";
  293. }else{
  294. params="symbol="+escape(word);
  295. }
  296. runCommandX("cmd_remove_ocr",params);
  297. setTimeout(function() { Reload(word) }, 2000); // delay 2
  298. }
  299. </script>
  300. <script language="javascript">function ViewWord(word) {window.open(word,"_blank","fulscreen=no, titlebar=yes, top=180, left=320, width=720, height=460, resizable=yes", false);}</script></head><body><table width='100%'><tr><td align='center'><font color='white'><div id="cmdOut"></div></font></td></tr><tr><td><br><center><a href='javascript:runCommandX("cmd_dict");'><font color="cyan"><u>View Dictionary Info</u></font></a></center></td></tr><tr><td>"""+str("".join(self.list_words()))+"""</td></tr></table></body></html>"""
  301. self.pages["/lib.js"] = """function loadXMLDoc() {
  302. var xmlhttp;
  303. if (window.XMLHttpRequest) {
  304. // code for IE7+, Firefox, Chrome, Opera, Safari
  305. xmlhttp = new XMLHttpRequest();
  306. } else {
  307. // code for IE6, IE5
  308. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  309. }
  310. xmlhttp.onreadystatechange = function() {
  311. if (xmlhttp.readyState == 4 ) {
  312. if(xmlhttp.status == 200){
  313. document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
  314. setTimeout("loadXMLDoc()", 3000);
  315. }
  316. }
  317. }
  318. xmlhttp.send();
  319. }
  320. function runCommandX(cmd,params) {
  321. var xmlhttp;
  322. if (window.XMLHttpRequest) {
  323. // code for IE7+, Firefox, Chrome, Opera, Safari
  324. xmlhttp = new XMLHttpRequest();
  325. } else {
  326. // code for IE6, IE5
  327. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  328. }
  329. xmlhttp.onreadystatechange = function() {
  330. if (xmlhttp.readyState == 4 ) {
  331. if(xmlhttp.status == 200){
  332. if(cmd.indexOf("?")!=-1){
  333. s=cmd.split("?")
  334. cmd=s[0]
  335. params=s[1]
  336. }
  337. document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
  338. //document.getElementById("cmdOut").scrollIntoView();
  339. newcmd=cmd
  340. if(newcmd=="cmd_remove_ocr" || newcmd=="cmd_move_ocr" || newcmd=="cmd_dict"){ //do not refresh
  341. return;
  342. } else {
  343. if(newcmd=="cmd_list" || newcmd=="cmd_track" || newcmd=="cmd_crack" || newcmd=="cmd_train") newcmd=newcmd+"_update"
  344. //do not refresh if certain text on response is found
  345. if(newcmd.match(/update/) &&
  346. (
  347. xmlhttp.responseText.match(/Number of tracked captchas/) ||
  348. xmlhttp.responseText.match(/to the correct folder/) ||
  349. xmlhttp.responseText.match(/by the moment/) ||
  350. xmlhttp.responseText.match(/Is that captcha supported?/) ||
  351. xmlhttp.responseText.match(/module not found/) ||
  352. xmlhttp.responseText.match(/No idea/) ||
  353. xmlhttp.responseText.match(/Possible Solution/) ||
  354. xmlhttp.responseText.match(/Internal problems/) ||
  355. xmlhttp.responseText.match(/List end/)
  356. )
  357. ) return;
  358. setTimeout(function(){runCommandX(newcmd,params)}, 3000);
  359. return;}
  360. }
  361. }
  362. }
  363. if(typeof params != "undefined") cmd=cmd+"?"+params
  364. xmlhttp.open("GET", cmd, true);
  365. xmlhttp.send();
  366. }
  367. """
  368. def list_words(self):
  369. m = []
  370. t = os.listdir("outputs/words")
  371. for f in t:
  372. ocr_preview = "<br><table style='display:block;' id='"+f+"' name='"+f+"' border='1' width='100%' cellpadding='5' cellspacing='5'><tr><td align='left' width='100%'><font color='cyan'><u><a onclick=javascript:ViewWord('images/previews/ocr/"+f+"');return false;>"+f+"</a></u></td><td align='center'><a onclick=javascript:ViewWord('images/previews/ocr/"+f+"');return false;><img border='1' style='border-color:red;' src='images/previews/ocr/"+f+"'></a></font></td><td align='center'><input type='text' name='letter_"+f+"' id='letter_"+f+"' size='2'></td><td align='center'><input type='submit' class='button' value='ADD!' onclick=javascript:MoveOCR('images/previews/ocr/"+f+"');return false;></td><td align='center'><input type='submit' class='button' value='Discard...' onclick=javascript:RemoveOCR('images/previews/ocr/"+f+"');return false;></td></tr></table>"
  373. m.append(ocr_preview)
  374. return m
  375. def convert_size(self, size):
  376. import math
  377. if (size == 0):
  378. return '0B'
  379. size_name = ("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
  380. i = int(math.floor(math.log(size,1024)))
  381. p = math.pow(1024,i)
  382. s = round(size/p,2)
  383. return '%s %s' % (s,size_name[i])
  384. def buildGetParams(self, request):
  385. params = {}
  386. path = re.findall("^GET ([^\s]+)", request)
  387. if path:
  388. path = path[0]
  389. start = path.find("?")
  390. if start != -1:
  391. for param in path[start+1:].split("&"):
  392. f = param.split("=")
  393. if len(f) == 2:
  394. var = f[0]
  395. value = f[1]
  396. value = value.replace("+", " ")
  397. value = urllib.unquote(value)
  398. params[var] = value
  399. return params
  400. def get(self, request):
  401. cmd_options = ""
  402. runcmd = ""
  403. res = re.findall("^GET ([^\s]+)", request)
  404. if res is None:
  405. return
  406. pGet = {}
  407. page = res[0]
  408. paramStart = page.find("?")
  409. if paramStart != -1:
  410. page = page[:paramStart]
  411. pGet = self.buildGetParams(request)
  412. if page.startswith("/images/") or page.startswith("/js/") or page.startswith("/inputs/"):
  413. if os.path.exists("core/"+page[1:]):
  414. f=open("core/"+page[1:])
  415. self.pages[page]=f.read()
  416. if page == "/cmd_dict": # view dictionary info
  417. path, dirs, files = os.walk("dictionary/").next()
  418. total_dirs = len(dirs)
  419. total_files = len(files)
  420. size = 0
  421. for d in dirs:
  422. path, dirs, files = os.walk("dictionary/"+d).next()
  423. total_files = total_files + len(files)
  424. for f in files:
  425. size += os.path.getsize("dictionary/"+d+"/"+f)
  426. size = self.convert_size(size)
  427. last_update = time.ctime(os.path.getctime("dictionary/"))
  428. self.pages["/cmd_dict"] = "<table align='center' border='1' cellspacing='5' cellpadding='5'><tr><td><u>Creation Date:</u></td><td><u>Size:</u></td><td><u>Total Words:</u></td><td><u>Total Symbols:</u></td></tr><tr><td align='center'>"+str(last_update)+"</td><td align='center'>"+str(size)+"</td><td align='center'>"+str(total_dirs)+"</td><td align='center'>"+str(total_files)+"</td></tr></table>"
  429. if page == "/cmd_remove_ocr": # remove ocr image from previews
  430. if not pGet["symbol"]=="off":
  431. self.pages["/cmd_remove_ocr"] = "<div style='display:block' id='discarding' name='discarding'><pre>[Info] Discarding image from previews...</pre></div>"
  432. symbol = pGet["symbol"]
  433. try:
  434. os.remove("core/" + symbol)
  435. except:
  436. pass
  437. if page == "/cmd_move_ocr": # move ocr image from previews to dictionary
  438. if not pGet["symbol"]=="off":
  439. self.pages["/cmd_move_ocr"] = "<div style='display:block' id='adding' name='adding'><pre>[Info] Adding image from previews to dictionary...</pre></div>"
  440. symbol = pGet["symbol"]
  441. letter = pGet["letter"]
  442. o = "core/" + symbol
  443. d = "dictionary/" + letter
  444. try:
  445. if not os.path.exists(d):
  446. os.makedirs(d)
  447. head, tail = os.path.split(symbol)
  448. final = d + "/" + tail
  449. copyfile(o, final) # copy file to letter on dictionary
  450. os.remove(o) # purge from previews
  451. except:
  452. pass
  453. if page == "/cmd_list": # list mods
  454. self.pages["/cmd_list"] = "<pre>Waiting for a list of available modules...</pre>"
  455. runcmd = "(python -i cintruder --list "+ "|tee /tmp/out) &"
  456. if page == "/cmd_list_update":
  457. if not os.path.exists('/tmp/out'):
  458. open('/tmp/out', 'w').close()
  459. with open('/tmp/out', 'r') as f:
  460. self.pages["/cmd_list_update"] = "<pre>"+f.read()+"<pre>"
  461. if page == "/cmd_track": # tracking
  462. self.pages["/cmd_track"] = "<pre>Waiting for tracking results...</pre>"
  463. if pGet["tor"]=="on":
  464. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  465. if pGet["verbose"]=="on":
  466. cmd_options = cmd_options + "--verbose "
  467. runcmd = "(python -i cintruder --track '"+pGet["tracking_source"]+"' --track-num '"+pGet["tracking_num"]+"' " + cmd_options + "|tee /tmp/out) &"
  468. if page == "/cmd_track_update":
  469. if not os.path.exists('/tmp/out'):
  470. open('/tmp/out', 'w').close()
  471. with open('/tmp/out', 'r') as f:
  472. self.pages["/cmd_track_update"] = "<pre>"+f.read()+"<pre>"
  473. if page == "/cmd_train": # training
  474. self.pages["/cmd_train"] = "<pre>Waiting for training results...</pre>"
  475. if pGet["tor"]=="on":
  476. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  477. if pGet["verbose"]=="on":
  478. cmd_options = cmd_options + "--verbose "
  479. if not pGet["colourID"]=="off":
  480. cmd_options = cmd_options + "--set-id='" + pGet["colourID"] + "' "
  481. if not pGet["module"]=="off":
  482. cmd_options = cmd_options + "--mod='" + pGet["module"] + "' "
  483. if pGet["source_file"]=="off": # from remote url source
  484. runcmd = "(python -i cintruder --train '"+pGet["train_url"]+"' " + cmd_options + "|tee /tmp/out) &"
  485. else: # from local source
  486. source_file = pGet["source_file"]
  487. runcmd = "(python -i cintruder --train '"+source_file+"' " + cmd_options + "|tee /tmp/out) &"
  488. if page == "/cmd_train_update":
  489. if not os.path.exists('/tmp/out'):
  490. open('/tmp/out', 'w').close()
  491. with open('/tmp/out', 'r') as f:
  492. self.pages["/cmd_train_update"] = "<pre>"+f.read()+"<pre>"
  493. if page == "/cmd_crack": # cracking
  494. self.pages["/cmd_crack"] = "<pre>Waiting for cracking (bruteforcing) results...</pre>"
  495. if pGet["tor"]=="on":
  496. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  497. if pGet["verbose"]=="on":
  498. cmd_options = cmd_options + "--verbose "
  499. if not pGet["module"]=="off":
  500. cmd_options = cmd_options + "--mod='" + pGet["module"] + "' "
  501. if not pGet["xml"]=="off":
  502. cmd_options = cmd_options + "--xml='" + pGet["xml"] + "' "
  503. if pGet["source_file"]=="off": # from remote url source
  504. runcmd = "(python -i cintruder --crack '"+pGet["crack_url"]+"' " + cmd_options + "|tee /tmp/out) &"
  505. else: # from local source
  506. source_file = pGet["source_file"]
  507. runcmd = "(python -i cintruder --crack '"+source_file+"' " + cmd_options + "|tee /tmp/out) &"
  508. if page == "/cmd_crack_update":
  509. if not os.path.exists('/tmp/out'):
  510. open('/tmp/out', 'w').close()
  511. with open('/tmp/out', 'r') as f:
  512. self.pages["/cmd_crack_update"] = "<pre>"+f.read()+"<pre>"
  513. ctype = "text/html"
  514. if page.find(".js") != -1:
  515. ctype = "text/javascript"
  516. elif page.find(".txt") != -1:
  517. ctype = "text/plain"
  518. elif page.find(".ico") != -1:
  519. ctype = "image/x-icon"
  520. elif page.find(".png") != -1:
  521. ctype = "image/png"
  522. elif page.find(".jpeg") != -1:
  523. ctype = "image/jpeg"
  524. elif page.find(".jpg") != -1:
  525. ctype = "image/jpeg"
  526. elif page.find(".gif") != -1:
  527. ctype = "image/gif"
  528. if page in self.pages:
  529. return dict(run=runcmd, code="200 OK", html=self.pages[page], ctype=ctype)
  530. return dict(run=runcmd, code="404 Error", html="404 Error<br><br>Page not found...", ctype=ctype)
  531. class Command(object):
  532. def __init__(self, cmd):
  533. self.cmd = cmd
  534. self.process = None
  535. def run(self, timeout):
  536. def target():
  537. self.process = subprocess.Popen(self.cmd, shell=True)
  538. thread = threading.Thread(target=target)
  539. thread.start()
  540. thread.join(timeout)
  541. if thread.is_alive():
  542. self.process.terminate()
  543. thread.join()
  544. if __name__ == "__main__":
  545. webbrowser.open('http://127.0.0.1:9999', new=1)
  546. tcpsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  547. tcpsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  548. tcpsock.bind((host, port))
  549. while True:
  550. tcpsock.listen(4)
  551. (clientsock, (ip, c_port)) = tcpsock.accept()
  552. newthread = ClientThread(ip, c_port, clientsock)
  553. newthread.start()