webgui.py 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598
  1. #!/usr/bin/python
  2. # -*- coding: iso-8859-15 -*-
  3. """
  4. This file is part of the cintruder project, http://cintruder.03c8.net
  5. Copyright (c) 2012/2019 psy <epsylon@riseup.net>
  6. cintruder is free software; you can redistribute it and/or modify it under
  7. the terms of the GNU General Public License as published by the Free
  8. Software Foundation version 3 of the License.
  9. cintruder is distributed in the hope that it will be useful, but WITHOUT ANY
  10. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  12. details.
  13. You should have received a copy of the GNU General Public License along
  14. with cintruder; if not, write to the Free Software Foundation, Inc., 51
  15. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  16. """
  17. import socket, threading, re, base64, os, time
  18. import webbrowser, subprocess, urllib, json, sys
  19. from options import CIntruderOptions
  20. from pprint import pprint
  21. from shutil import copyfile
  22. host = "0.0.0.0"
  23. port = 9999
  24. class ClientThread(threading.Thread):
  25. def __init__(self, ip, port, socket):
  26. threading.Thread.__init__(self)
  27. self.ip = ip
  28. self.port = port
  29. self.socket = socket
  30. self.pages = Pages()
  31. def run(self):
  32. req = self.socket.recv(2048)
  33. res = self.pages.get(req)
  34. out = "HTTP/1.0 %s\r\n" % res["code"]
  35. out += "Pragma: no-cache\n"
  36. out += "Expires: Fri, 30 Oct 1998 00:00:01 GMT\n"
  37. out += "Cache-Control: no-cache, must-revalidate\n"
  38. out += "Content-Type: %s\r\n\r\n" % res["ctype"]
  39. out += "%s" % res["html"]
  40. self.socket.send(out)
  41. self.socket.close()
  42. if "run" in res and len(res["run"]):
  43. subprocess.Popen(res["run"], shell=True)
  44. class Pages():
  45. def __init__(self):
  46. self.options = CIntruderOptions()
  47. self.pages = {}
  48. if not os.path.exists("outputs/words/"):
  49. os.mkdir("outputs/words/")
  50. self.pages["/header"] = """
  51. <!DOCTYPE html><html>
  52. <head>
  53. <meta name="author" content="psy">
  54. <meta name="robots" content="noindex, nofollow">
  55. <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
  56. <title>CINTRUDER: OCR Bruteforcing Toolkit</title>
  57. <script type="text/javascript" src="/lib.js"></script>
  58. <script src="js/web.js" type="text/javascript"></script>
  59. <style>
  60. a:link {
  61. color: cyan;
  62. }
  63. a:visited {
  64. color: black;
  65. }
  66. </style>
  67. <style>
  68. input.button {
  69. width: 20em; height: 2em;
  70. }
  71. </style>
  72. """
  73. self.pages["/footer"] = """</body>
  74. </html>
  75. """
  76. self.pages["/"] = self.pages["/header"] + """
  77. <script>loadXMLDoc()</script></head><body bgcolor="blue" text="white" style="monospace;font-size:14px;" >
  78. <center>
  79. <table border="1" cellpadding="10" cellspacing="5" width="90%">
  80. <tr>
  81. <td bgcolor="white"><center><a href="http://cintruder.03c8.net" target="_blank"><img src="images/cintruder.png"></a></center></td>
  82. <td>
  83. <center><h3><a href="https://github.com/epsylon/cintruder" target="_blank">CINTRUDER</a> is an automatic pentesting tool to bypass <a href="https://en.wikipedia.org/wiki/CAPTCHA" target="_blank">captchas</a><br/><br/>
  84. Contact: psy (<a href="mailto:epsylon@riseup.net">epsylon@riseup.net</a>) - [<a href="https://03c8.net" target="_blank">03c8.net</a>]<br><br>
  85. License: <a href="http://www.gnu.org/licenses/quick-guide-gplv3.pdf" target="_blank">GPLv3</a> | Donate: <a href="https://blockchain.info/address/19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw" target="_blank">BTC</a></h3></center>
  86. </td>
  87. </tr></table><br/>
  88. <table cellpadding="10" cellspacing="5" width="90%">
  89. <tr>
  90. <td width="315px">
  91. <center>
  92. <table border="1" cellpadding="10" cellspacing="5">
  93. <tr>
  94. <td>
  95. Track: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="track"/ CHECKED>
  96. Train: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="train"/>
  97. Crack: <input type="radio" onclick="javascript:OptionsCheck();" name="options" id="crack"/>
  98. </td>
  99. </tr></table>
  100. </center>
  101. </td>
  102. <td><center>
  103. <div id="ifTrack" style="display:none">
  104. <table border="1" cellpadding="10" cellspacing="5">
  105. <tr>
  106. <td><center><input type="text" name="track_url" id="track_url" size="43" placeholder="Download captchas from url (to: 'inputs/')"></center></td>
  107. <td><center>Num: <input type="text" name="track_num" id="track_num" size="2" value="5"></center></td>
  108. <td><center>TOR: <input type="checkbox" id="tor" name="tor"></center></td>
  109. <td align="right">Debug: <input type="checkbox" name="verbose" id="verbose"></td>
  110. <td><center><input type="submit" value="Download!" onclick="TrackCaptchas()"></center></td>
  111. </tr></table>
  112. </div>
  113. <div id="ifTrain" style="display:none">
  114. <table border="1" cellpadding="5" cellspacing="5">
  115. <tr>
  116. <td><center>
  117. LOCAL: <input type="radio" onclick="javascript:TrainSourcesCheck();" name="training_sources" id="training_local"/ CHECKED>
  118. URL: <input type="radio" onclick="javascript:TrainSourcesCheck();" name="training_sources" id="training_url"/>
  119. <br><br><a href='javascript:runCommandX("cmd_tracklist");javascript:showResults()'>List Last Tracked</a><br><br>
  120. </center></td>
  121. <td>
  122. <div id="ifLocal" style="display:none">
  123. <center>
  124. <table cellpadding="5" cellspacing="5">
  125. <tr>
  126. <td><center><form action='' method='POST' enctype='multipart/form-data'>
  127. <input type='text' size="43" name='SourceFile' id='SourceFile' placeholder="Ex: inputs/test1.gif"></form></center></td>
  128. </tr></table>
  129. </center>
  130. </div>
  131. <div id="ifUrl" style="display:none">
  132. <table cellpadding="2" cellspacing="2">
  133. <tr>
  134. <td><center><input type="text" name="train_url" id="train_url" size="43" placeholder="Apply common OCR techniques to a remote captcha"></center></td>
  135. <td><center>TOR: <input type="checkbox" name="tor2" id="tor2"></center></td>
  136. </tr></table>
  137. </div>
  138. </td>
  139. </tr>
  140. <tr>
  141. <td align="right">Use Module: <input type="checkbox" onclick="javascript:SetTrainModule();" name="set_module" id="set_module"></td>
  142. <td>
  143. <table>
  144. <tr>
  145. <td align="center">
  146. <div id="ifMod_set" style="display:none">
  147. <table cellpadding="5" cellspacing="5">
  148. <tr>
  149. <td>Name: <input type="text" name="use_mod" id="use_mod" size="12" placeholder="Ex: 'easy'"></td>
  150. <td><a href='javascript:runCommandX("cmd_list");javascript:showResults()'>List Modules</a></td>
  151. </tr></table>
  152. </div>
  153. </td>
  154. </tr></table>
  155. </td>
  156. </tr>
  157. <tr>
  158. <td align="right">Advanced OCR: <input type="checkbox" onclick="javascript:SetColourID();" name="set_colour_id" id="set_colour_id"></td>
  159. <td align="center">
  160. <div id="ifMod_colour" style="display:none">
  161. <table cellpadding="5" cellspacing="5">
  162. <tr>
  163. <td>Set Colour ID: <input type="text" name="set_id" id="set_id" size="2" placeholder="Ex: 1"></td>
  164. </tr></table>
  165. </div>
  166. </td>
  167. </tr>
  168. <tr>
  169. <td align="right">Debug: <input type="checkbox" name="verbose2" id="verbose2"></td>
  170. <td><center><input type="submit" class="button" value="Train!" onclick="TrainCaptchas()"></center></td>
  171. </tr>
  172. </table>
  173. </div>
  174. <div id="ifCrack" style="display:none">
  175. <table border="1" cellpadding="5" cellspacing="5">
  176. <tr>
  177. <td><center>
  178. LOCAL: <input type="radio" onclick="javascript:CrackingCheck();" name="cracking_sources" id="cracking_local"/ CHECKED>
  179. URL: <input type="radio" onclick="javascript:CrackingCheck();" name="cracking_sources" id="cracking_url"/>
  180. <br><br><a href='javascript:runCommandX("cmd_tracklist");javascript:showResults()'>List Last Tracked</a><br><br>
  181. </center></td>
  182. <td>
  183. <div id="ifCrackLocal" style="display:none">
  184. <center>
  185. <table cellpadding="5" cellspacing="5">
  186. <tr>
  187. <td><center><form action='' method='POST' enctype='multipart/form-data'>
  188. <input type='text' size="43" name='SourceFile2' id='SourceFile2' placeholder="Ex: inputs/test1.gif"></form></center></td>
  189. </tr>
  190. </table>
  191. </center>
  192. </div>
  193. <div id="ifCrackUrl" style="display:none">
  194. <table cellpadding="5" cellspacing="5">
  195. <tr>
  196. <td><center><input type="text" name="crack_url" id="crack_url" size="43" placeholder="Brute force using local dictionary (from: 'dictionary/')"></center></td>
  197. <td><center>TOR: <input type="checkbox" name="tor3" id="tor3"></center></td>
  198. </tr>
  199. </table>
  200. </div>
  201. </td>
  202. </tr>
  203. <tr>
  204. <td align="right">Use Module: <input type="checkbox" onclick="javascript:SetCrackModule();" name="set_module_crack" id="set_module_crack"></td>
  205. <td>
  206. <table>
  207. <tr>
  208. <td align="center">
  209. <div id="ifMod_set_crack" style="display:none">
  210. <table cellpadding="5" cellspacing="5">
  211. <tr>
  212. <td>Name: <input type="text" name="use_mod_crack" id="use_mod_crack" size="12" placeholder="Ex: 'easy'"></td>
  213. <td><a href='javascript:runCommandX("cmd_list");javascript:showResults()'>List Modules</a></td>
  214. </tr></table>
  215. </div>
  216. </td>
  217. </tr></table>
  218. </td>
  219. </tr>
  220. <tr>
  221. <td align="right">Advanced OCR: <input type="checkbox" onclick="javascript:SetColourID();" name="set_colour_id3" id="set_colour_id3"></td>
  222. <td align="center">
  223. <div id="ifMod_colour2" style="display:none">
  224. <table cellpadding="5" cellspacing="5">
  225. <tr>
  226. <td>Set Colour ID: <input type="text" name="set_id3" id="set_id3" size="2" placeholder="Ex: 1"></td>
  227. </tr></table>
  228. </div>
  229. </td>
  230. </tr>
  231. <tr>
  232. <td align="right">Export to XML: <input type="checkbox" onclick="javascript:SetXML();" name="set_xml" id="set_xml"></td>
  233. <td align="center">
  234. <div id="ifMod_xml" style="display:none">
  235. <table cellpadding="5" cellspacing="5">
  236. <tr>
  237. <td>Filename: <input type="text" name="set_xml_file" id="set_xml_file" size="16" placeholder="Ex: php-captcha.xml"></td>
  238. </tr></table>
  239. </div>
  240. </td>
  241. </tr>
  242. <tr>
  243. <td align="right">Debug: <input type="checkbox" name="verbose3" id="verbose3"></td>
  244. <td><center><input type="submit" class="button" value="Crack it!" onclick="CrackCaptchas()"></center></td>
  245. </tr>
  246. </table>
  247. </div>
  248. </center></td>
  249. </tr>
  250. </table>
  251. <table cellpadding="5" cellspacing="5">
  252. <tr>
  253. <td>
  254. <div id="Results" style="display:none"><table width="100%" border="1" cellpadding="5" cellspacing="5"><th>Shell Info:<tr><td><div id="cmdOut"></div></td></tr></table></div>
  255. </td>
  256. </tr>
  257. <tr>
  258. <td align="center">
  259. <div id="Captcha-IN" style="display:none"><table border="1" width="100%" cellpadding="5" cellspacing="5"><th>Captcha Preview:<tr><td><center><img id="target_captcha_img_path" name="target_captcha_img_path" src=''></center></td></tr></table></div>
  260. </td>
  261. </tr>
  262. <tr>
  263. <td>
  264. <div id="OCR-out" style="display:none">
  265. <table width="100%" height="100%" border="1"><th>OCR Output:<tr>
  266. <td><iframe frameborder="0" id="directory-words" name="directory-words" width="800px" height="300px" src="directory-words"></iframe></td>
  267. </tr></table>
  268. </div>
  269. </td>
  270. </tr>
  271. </table>
  272. </center>
  273. <br /><br/>
  274. """ + self.pages["/footer"]
  275. self.pages["/directory-words"] ="""<!DOCTYPE html><html><head><meta http-equiv="Content-type" content="text/html;charset=UTF-8"><script type="text/javascript" src="/lib.js"></script>
  276. <script language="javascript">
  277. function Reload(word){
  278. var w = word.substring(word.lastIndexOf('/')+1);
  279. document.getElementById(w).style.display = "none";
  280. document.getElementById("discarding").style.display = "none";
  281. }
  282. function Reload_Added(word){
  283. var w = word.substring(word.lastIndexOf('/')+1);
  284. document.getElementById(w).style.display = "none";
  285. document.getElementById("adding").style.display = "none";
  286. }
  287. function MoveOCR(word) {
  288. var w = word.substring(word.lastIndexOf('/')+1);
  289. symbol = "letter_" + w
  290. letter = document.getElementById(symbol).value;
  291. if(letter == ""){
  292. window.alert("You need to enter a valid dictionary symbol (Ex: p)");
  293. return
  294. }
  295. if(word == ""){
  296. word = "off";
  297. }else{
  298. params="symbol="+escape(word)+"&letter="+escape(letter);
  299. }
  300. runCommandX("cmd_move_ocr",params);
  301. setTimeout(function() { Reload_Added(word) }, 2000); // delay 2
  302. }
  303. function RemoveOCR(word) {
  304. if(word == ""){
  305. word = "off";
  306. }else{
  307. params="symbol="+escape(word);
  308. }
  309. runCommandX("cmd_remove_ocr",params);
  310. setTimeout(function() { Reload(word) }, 2000); // delay 2
  311. }
  312. </script>
  313. <script language="javascript">function ViewWord(word) {window.open(word,"_blank","fulscreen=no, titlebar=yes, top=180, left=320, width=720, height=460, resizable=yes", false);}</script></head><body><table width='100%'><tr><td align='center'><font color='white'><div id="cmdOut"></div></font></td></tr><tr><td><br><center><a href='javascript:runCommandX("cmd_dict");'><font color="cyan"><u>View Dictionary Info</u></font></a></center></td></tr><tr><td>"""+str("".join(self.list_words()))+"""</td></tr></table></body></html>"""
  314. self.pages["/lib.js"] = """function loadXMLDoc() {
  315. var xmlhttp;
  316. if (window.XMLHttpRequest) {
  317. // code for IE7+, Firefox, Chrome, Opera, Safari
  318. xmlhttp = new XMLHttpRequest();
  319. } else {
  320. // code for IE6, IE5
  321. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  322. }
  323. xmlhttp.onreadystatechange = function() {
  324. if (xmlhttp.readyState == 4 ) {
  325. if(xmlhttp.status == 200){
  326. document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
  327. setTimeout("loadXMLDoc()", 3000);
  328. }
  329. }
  330. }
  331. xmlhttp.send();
  332. }
  333. function runCommandX(cmd,params) {
  334. var xmlhttp;
  335. if (window.XMLHttpRequest) {
  336. // code for IE7+, Firefox, Chrome, Opera, Safari
  337. xmlhttp = new XMLHttpRequest();
  338. } else {
  339. // code for IE6, IE5
  340. xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  341. }
  342. xmlhttp.onreadystatechange = function() {
  343. if (xmlhttp.readyState == 4 ) {
  344. if(xmlhttp.status == 200){
  345. if(cmd.indexOf("?")!=-1){
  346. s=cmd.split("?")
  347. cmd=s[0]
  348. params=s[1]
  349. }
  350. document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
  351. //document.getElementById("cmdOut").scrollIntoView();
  352. newcmd=cmd
  353. if(newcmd=="cmd_remove_ocr" || newcmd=="cmd_move_ocr" || newcmd=="cmd_dict"){ //do not refresh
  354. return;
  355. } else {
  356. if(newcmd=="cmd_list" || newcmd=="cmd_track" || newcmd == "cmd_tracklist" || newcmd=="cmd_crack" || newcmd=="cmd_train") newcmd=newcmd+"_update"
  357. //do not refresh if certain text on response is found
  358. if(newcmd.match(/update/) &&
  359. (
  360. xmlhttp.responseText.match(/Number of tracked captchas/) ||
  361. xmlhttp.responseText.match(/to the correct folder/) ||
  362. xmlhttp.responseText.match(/by the moment/) ||
  363. xmlhttp.responseText.match(/Is that captcha supported?/) ||
  364. xmlhttp.responseText.match(/module not found/) ||
  365. xmlhttp.responseText.match(/No idea/) ||
  366. xmlhttp.responseText.match(/Possible Solution/) ||
  367. xmlhttp.responseText.match(/Internal problems/) ||
  368. xmlhttp.responseText.match(/List end/)
  369. )
  370. ) return;
  371. setTimeout(function(){runCommandX(newcmd,params)}, 3000);
  372. return;}
  373. }
  374. }
  375. }
  376. if(typeof params != "undefined") cmd=cmd+"?"+params
  377. xmlhttp.open("GET", cmd, true);
  378. xmlhttp.send();
  379. }
  380. """
  381. def list_words(self):
  382. m = []
  383. t = os.listdir("outputs/words")
  384. for f in t:
  385. ocr_preview = "<br><table style='display:block;' id='"+f+"' name='"+f+"' border='1' width='100%' cellpadding='5' cellspacing='5'><tr><td align='left' width='100%'><font color='cyan'><u><a onclick=javascript:ViewWord('images/previews/ocr/"+f+"');return false;>"+f+"</a></u></td><td align='center'><a onclick=javascript:ViewWord('images/previews/ocr/"+f+"');return false;><img border='1' style='border-color:red;' src='images/previews/ocr/"+f+"'></a></font></td><td align='center'><input type='text' name='letter_"+f+"' id='letter_"+f+"' size='2'></td><td align='center'><input type='submit' class='button' value='ADD!' onclick=javascript:MoveOCR('images/previews/ocr/"+f+"');return false;></td><td align='center'><input type='submit' class='button' value='Discard...' onclick=javascript:RemoveOCR('images/previews/ocr/"+f+"');return false;></td></tr></table>"
  386. m.append(ocr_preview)
  387. return m
  388. def convert_size(self, size):
  389. import math
  390. if (size == 0):
  391. return '0B'
  392. size_name = ("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
  393. i = int(math.floor(math.log(size,1024)))
  394. p = math.pow(1024,i)
  395. s = round(size/p,2)
  396. return '%s %s' % (s,size_name[i])
  397. def buildGetParams(self, request):
  398. params = {}
  399. path = re.findall("^GET ([^\s]+)", request)
  400. if path:
  401. path = path[0]
  402. start = path.find("?")
  403. if start != -1:
  404. for param in path[start+1:].split("&"):
  405. f = param.split("=")
  406. if len(f) == 2:
  407. var = f[0]
  408. value = f[1]
  409. value = value.replace("+", " ")
  410. value = urllib.unquote(value)
  411. params[var] = value
  412. return params
  413. def get(self, request):
  414. cmd_options = ""
  415. runcmd = ""
  416. res = re.findall("^GET ([^\s]+)", request)
  417. if res is None:
  418. return
  419. pGet = {}
  420. page = res[0]
  421. paramStart = page.find("?")
  422. if paramStart != -1:
  423. page = page[:paramStart]
  424. pGet = self.buildGetParams(request)
  425. if page.startswith("/images/") or page.startswith("/js/") or page.startswith("/inputs/"):
  426. if os.path.exists("core/"+page[1:]):
  427. f=open("core/"+page[1:])
  428. self.pages[page]=f.read()
  429. if page == "/cmd_dict": # view dictionary info
  430. path, dirs, files = os.walk("dictionary/").next()
  431. total_dirs = len(dirs)
  432. total_files = len(files)
  433. size = 0
  434. for d in dirs:
  435. path, dirs, files = os.walk("dictionary/"+d).next()
  436. total_files = total_files + len(files)
  437. for f in files:
  438. size += os.path.getsize("dictionary/"+d+"/"+f)
  439. size = self.convert_size(size)
  440. last_update = time.ctime(os.path.getctime("dictionary/"))
  441. self.pages["/cmd_dict"] = "<table align='center' border='1' cellspacing='5' cellpadding='5'><tr><td><u>Creation Date:</u></td><td><u>Size:</u></td><td><u>Total Words:</u></td><td><u>Total Symbols:</u></td></tr><tr><td align='center'>"+str(last_update)+"</td><td align='center'>"+str(size)+"</td><td align='center'>"+str(total_dirs)+"</td><td align='center'>"+str(total_files)+"</td></tr></table>"
  442. if page == "/cmd_remove_ocr": # remove ocr image from previews
  443. if not pGet["symbol"]=="off":
  444. self.pages["/cmd_remove_ocr"] = "<div style='display:block' id='discarding' name='discarding'><pre>[Info] Discarding image from previews...</pre></div>"
  445. symbol = pGet["symbol"]
  446. try:
  447. os.remove("core/" + symbol)
  448. except:
  449. pass
  450. if page == "/cmd_move_ocr": # move ocr image from previews to dictionary
  451. if not pGet["symbol"]=="off":
  452. self.pages["/cmd_move_ocr"] = "<div style='display:block' id='adding' name='adding'><pre>[Info] Adding image from previews to dictionary...</pre></div>"
  453. symbol = pGet["symbol"]
  454. letter = pGet["letter"]
  455. o = "core/" + symbol
  456. d = "dictionary/" + letter
  457. try:
  458. if not os.path.exists(d):
  459. os.makedirs(d)
  460. head, tail = os.path.split(symbol)
  461. final = d + "/" + tail
  462. copyfile(o, final) # copy file to letter on dictionary
  463. os.remove(o) # purge from previews
  464. except:
  465. pass
  466. if page == "/cmd_list": # list mods
  467. self.pages["/cmd_list"] = "<pre>Waiting for a list of available modules...</pre>"
  468. runcmd = "(python -i cintruder --mods-list "+ "|tee /tmp/out) &"
  469. if page == "/cmd_list_update":
  470. if not os.path.exists('/tmp/out'):
  471. open('/tmp/out', 'w').close()
  472. with open('/tmp/out', 'r') as f:
  473. self.pages["/cmd_list_update"] = "<pre>"+f.read()+"<pre>"
  474. if page == "/cmd_track": # tracking
  475. self.pages["/cmd_track"] = "<pre>Waiting for tracking results...</pre>"
  476. if pGet["tor"]=="on":
  477. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  478. if pGet["verbose"]=="on":
  479. cmd_options = cmd_options + "--verbose "
  480. runcmd = "(python -i cintruder --track '"+pGet["tracking_source"]+"' --track-num '"+pGet["tracking_num"]+"' " + cmd_options + "|tee /tmp/out) &"
  481. if page == "/cmd_track_update":
  482. if not os.path.exists('/tmp/out'):
  483. open('/tmp/out', 'w').close()
  484. with open('/tmp/out', 'r') as f:
  485. self.pages["/cmd_track_update"] = "<pre>"+f.read()+"<pre>"
  486. if page == "/cmd_tracklist": # list last tracks
  487. self.pages["/cmd_tracklist"] = "<pre>Waiting for a list of last tracks...</pre>"
  488. runcmd = "(python -i cintruder --tracked-list "+ "|tee /tmp/out) &"
  489. if page == "/cmd_tracklist_update":
  490. if not os.path.exists('/tmp/out'):
  491. open('/tmp/out', 'w').close()
  492. with open('/tmp/out', 'r') as f:
  493. self.pages["/cmd_tracklist_update"] = "<pre>"+f.read()+"<pre>"
  494. if page == "/cmd_train": # training
  495. self.pages["/cmd_train"] = "<pre>Waiting for training results...</pre>"
  496. if pGet["tor"]=="on":
  497. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  498. if pGet["verbose"]=="on":
  499. cmd_options = cmd_options + "--verbose "
  500. if not pGet["colourID"]=="off":
  501. cmd_options = cmd_options + "--set-id='" + pGet["colourID"] + "' "
  502. if not pGet["module"]=="off":
  503. cmd_options = cmd_options + "--mod='" + pGet["module"] + "' "
  504. if pGet["source_file"]=="off": # from remote url source
  505. runcmd = "(python -i cintruder --train '"+pGet["train_url"]+"' " + cmd_options + "|tee /tmp/out) &"
  506. else: # from local source
  507. source_file = pGet["source_file"]
  508. runcmd = "(python -i cintruder --train '"+source_file+"' " + cmd_options + "|tee /tmp/out) &"
  509. if page == "/cmd_train_update":
  510. if not os.path.exists('/tmp/out'):
  511. open('/tmp/out', 'w').close()
  512. with open('/tmp/out', 'r') as f:
  513. self.pages["/cmd_train_update"] = "<pre>"+f.read()+"<pre>"
  514. if page == "/cmd_crack": # cracking
  515. self.pages["/cmd_crack"] = "<pre>Waiting for cracking (bruteforcing) results...</pre>"
  516. if pGet["tor"]=="on":
  517. cmd_options = cmd_options + "--proxy 'http://localhost:8118' "
  518. if pGet["verbose"]=="on":
  519. cmd_options = cmd_options + "--verbose "
  520. if not pGet["colourID"]=="off":
  521. cmd_options = cmd_options + "--set-id='" + pGet["colourID"] + "' "
  522. if not pGet["module"]=="off":
  523. cmd_options = cmd_options + "--mod='" + pGet["module"] + "' "
  524. if not pGet["xml"]=="off":
  525. cmd_options = cmd_options + "--xml='" + pGet["xml"] + "' "
  526. if pGet["source_file"]=="off": # from remote url source
  527. runcmd = "(python -i cintruder --crack '"+pGet["crack_url"]+"' " + cmd_options + "|tee /tmp/out) &"
  528. else: # from local source
  529. source_file = pGet["source_file"]
  530. runcmd = "(python -i cintruder --crack '"+source_file+"' " + cmd_options + "|tee /tmp/out) &"
  531. if page == "/cmd_crack_update":
  532. if not os.path.exists('/tmp/out'):
  533. open('/tmp/out', 'w').close()
  534. with open('/tmp/out', 'r') as f:
  535. self.pages["/cmd_crack_update"] = "<pre>"+f.read()+"<pre>"
  536. ctype = "text/html"
  537. if page.find(".js") != -1:
  538. ctype = "text/javascript"
  539. elif page.find(".txt") != -1:
  540. ctype = "text/plain"
  541. elif page.find(".ico") != -1:
  542. ctype = "image/x-icon"
  543. elif page.find(".png") != -1:
  544. ctype = "image/png"
  545. elif page.find(".jpeg") != -1:
  546. ctype = "image/jpeg"
  547. elif page.find(".jpg") != -1:
  548. ctype = "image/jpeg"
  549. elif page.find(".gif") != -1:
  550. ctype = "image/gif"
  551. if page in self.pages:
  552. return dict(run=runcmd, code="200 OK", html=self.pages[page], ctype=ctype)
  553. return dict(run=runcmd, code="404 Error", html="404 Error<br><br>Page not found...", ctype=ctype)
  554. class Command(object):
  555. def __init__(self, cmd):
  556. self.cmd = cmd
  557. self.process = None
  558. def run(self, timeout):
  559. def target():
  560. self.process = subprocess.Popen(self.cmd, shell=True)
  561. thread = threading.Thread(target=target)
  562. thread.start()
  563. thread.join(timeout)
  564. if thread.is_alive():
  565. self.process.terminate()
  566. thread.join()
  567. if __name__ == "__main__":
  568. webbrowser.open('http://127.0.0.1:9999', new=1)
  569. tcpsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  570. tcpsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
  571. tcpsock.bind((host, port))
  572. while True:
  573. tcpsock.listen(4)
  574. (clientsock, (ip, c_port)) = tcpsock.accept()
  575. newthread = ClientThread(ip, c_port, clientsock)
  576. newthread.start()