gtkcontroller.py 80 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. # vim: set expandtab tabstop=4 shiftwidth=4:
  4. """
  5. This file is part of the XSSer project, https://xsser.03c8.net
  6. Copyright (c) 2010/2019 | psy <epsylon@riseup.net>
  7. xsser is free software; you can redistribute it and/or modify it under
  8. the terms of the GNU General Public License as published by the Free
  9. Software Foundation version 3 of the License.
  10. xsser is distributed in the hope that it will be useful, but WITHOUT ANY
  11. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12. FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  13. details.
  14. You should have received a copy of the GNU General Public License along
  15. with xsser; if not, write to the Free Software Foundation, Inc., 51
  16. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  17. """
  18. import sys
  19. import os, datetime
  20. import math
  21. import socket
  22. import webbrowser
  23. import threading
  24. import gi
  25. gi.require_version('Gtk', '3.0')
  26. gi.require_version('Gdk', '3.0')
  27. from gi.repository import Gtk as gtk
  28. from gi.repository import Gdk as gdk
  29. from gi.repository import GLib as gobject
  30. from threading import Thread
  31. from xml.dom import minidom
  32. gdk.threads_init()
  33. use_twisted = False
  34. if use_twisted:
  35. from twisted.internet import gtk2reactor
  36. gtk2reactor.install()
  37. from twisted.internet import reactor
  38. else:
  39. reactor = None
  40. from core.main import xsser
  41. from core.globalmap import GlobalMap
  42. from core.reporter import XSSerReporter
  43. from core.mozchecker import MozChecker
  44. class Controller(XSSerReporter):
  45. def __init__(self, uifile, mothership, window='window1'):
  46. wTree = gtk.Builder()
  47. self.xsser = xsser()
  48. self.mothership = mothership
  49. self._flying = None
  50. self._quitting = False
  51. self.map = None
  52. self.wTree = wTree
  53. path = self.mothership.get_gtk_directory()
  54. wTree.add_from_file(os.path.join(path, uifile))
  55. self.fill_combos()
  56. wTree.connect_signals(self)
  57. window = wTree.get_object(window)
  58. window.set_size_request(800, 600)
  59. window.maximize()
  60. window.show()
  61. self._window = window
  62. self.output = wTree.get_object('textview_main')
  63. self.status = wTree.get_object('status_bar')
  64. self.output_wizard = wTree.get_object('textview_w_start')
  65. self._wizard_buffer = self.output_wizard.get_buffer()
  66. self.counters_label = wTree.get_object('counters_label')
  67. self._report_vulnerables = wTree.get_object('report_vulnerables').get_buffer()
  68. self._report_success = wTree.get_object('report_success').get_buffer()
  69. self._report_failed = wTree.get_object('report_failed').get_buffer()
  70. self._report_errors = wTree.get_object('report_errors').get_buffer()
  71. self._report_crawling = wTree.get_object('report_crawling').get_buffer()
  72. # GUI spinner inits
  73. threads_spin = self.wTree.get_object('threads')
  74. threads_spin.set_range(0,100)
  75. threads_spin.set_value(5)
  76. threads_spin.set_increments(1, 1)
  77. timeout_spin = self.wTree.get_object('timeout')
  78. timeout_spin.set_range(0,100)
  79. timeout_spin.set_value(30)
  80. timeout_spin.set_increments(1, 1)
  81. retries_spin = self.wTree.get_object('retries')
  82. retries_spin.set_range(0,10)
  83. retries_spin.set_value(1)
  84. retries_spin.set_increments(1, 1)
  85. delay_spin = self.wTree.get_object('delay')
  86. delay_spin.set_range(0,100)
  87. delay_spin.set_value(0)
  88. delay_spin.set_increments(1, 1)
  89. follow_spin = self.wTree.get_object('follow-limit')
  90. follow_spin.set_range(0,100)
  91. follow_spin.set_value(0)
  92. follow_spin.set_increments(1, 1)
  93. alive_spin = self.wTree.get_object('alive-limit')
  94. alive_spin.set_range(0,100)
  95. alive_spin.set_value(0)
  96. alive_spin.set_increments(1, 1)
  97. crawler2_spin = self.wTree.get_object('combobox5')
  98. crawler2_spin.set_range(1, 99999)
  99. crawler2_spin.set_value(50)
  100. crawler2_spin.set_increments(1, 1)
  101. window.connect("destroy", self.on_quit)
  102. # geoip + geomap inits
  103. self.domaintarget = ""
  104. # wizard options inits
  105. self.text_ascii = ""
  106. # step 1
  107. self.target_option = ""
  108. self.dork_option = ""
  109. self.dorkengine_option = ""
  110. self.combo_step1_choose = ""
  111. # step 2
  112. self.payload_option = ""
  113. self.combo_step2_choose = ""
  114. # step 3
  115. self.combo_step3_choose = ""
  116. self.proxy_option = ""
  117. self.useragent_option = ""
  118. self.referer_option = ""
  119. # step 4
  120. self.combo_step4_choose = ""
  121. self.cem_option = ""
  122. # step 5
  123. self.combo_step5_choose = ""
  124. self.scripts_option = ""
  125. self.mothership.add_reporter(self)
  126. # text buffered on wizard startup
  127. wizard_output = wTree.get_object('textview_w_start')
  128. buffer_wizard = wizard_output.get_buffer()
  129. file = self.open_wizard_file("wizard0")
  130. self.text_ascii = file.read()
  131. file.close()
  132. buffer_wizard.set_text(self.text_ascii)
  133. # text buffered on wizard1
  134. wizard1_output = wTree.get_object('textview_w_1')
  135. buffer = wizard1_output.get_buffer()
  136. file = self.open_wizard_file("wizard1")
  137. text_ascii = file.read()
  138. file.close()
  139. buffer.set_text(text_ascii)
  140. # text buffered on wizard2
  141. wizard2_output = wTree.get_object('textview_w_2')
  142. buffer = wizard2_output.get_buffer()
  143. file = self.open_wizard_file("wizard2")
  144. text_ascii = file.read()
  145. file.close()
  146. buffer.set_text(text_ascii)
  147. # text buffered on wizard3
  148. wizard3_output = wTree.get_object('textview_w_3')
  149. buffer = wizard3_output.get_buffer()
  150. file = self.open_wizard_file("wizard3")
  151. text_ascii = file.read()
  152. file.close()
  153. buffer.set_text(text_ascii)
  154. # text buffered on wizard4
  155. wizard4_output = wTree.get_object('textview_w_4')
  156. buffer = wizard4_output.get_buffer()
  157. file = self.open_wizard_file("wizard4")
  158. text_ascii = file.read()
  159. file.close()
  160. buffer.set_text(text_ascii)
  161. # text buffered on wizard5
  162. wizard5_output = wTree.get_object('textview_w_5')
  163. buffer = wizard5_output.get_buffer()
  164. file = self.open_wizard_file("wizard5")
  165. text_ascii = file.read()
  166. file.close()
  167. buffer.set_text(text_ascii)
  168. # text buffered on wizard end
  169. wizard_end_output = wTree.get_object('textview_w_end')
  170. buffer = wizard_end_output.get_buffer()
  171. file = self.open_wizard_file("wizard6")
  172. text_ascii = file.read()
  173. file.close()
  174. buffer.set_text(text_ascii)
  175. # text buffered on wizard about
  176. index_output = wTree.get_object('textview_about')
  177. buffer = index_output.get_buffer()
  178. file = self.open_wizard_file("about")
  179. text_ascii = file.read()
  180. file.close()
  181. buffer.set_text(text_ascii)
  182. self.setup_mozembed()
  183. def open_wizard_file(self, name):
  184. path = self.mothership.get_gtk_directory()
  185. file = open(os.path.join(path, 'docs', name+'.txt'), 'r')
  186. return file
  187. def fill_with_options(self, combobox, options):
  188. model = gtk.ListStore(str)
  189. for option in options:
  190. model.append([option])
  191. combobox.set_active(0)
  192. combobox.set_model(model)
  193. cell = gtk.CellRendererText()
  194. combobox.pack_start(cell, True)
  195. combobox.add_attribute(cell, 'text', 0)
  196. def start_crawl(self, dest_url):
  197. gdk.threads_enter()
  198. self.status.set_text("scanning")
  199. self.status.pulse()
  200. gdk.threads_leave()
  201. self.add_report_text(self._report_crawling, dest_url)
  202. def add_checked(self, dest_url):
  203. self.add_report_text(self._report_success, dest_url)
  204. def add_success(self, dest_url):
  205. self.add_report_text(self._report_vulnerables, dest_url)
  206. totalhits = self.wTree.get_object('totalhits')
  207. totalhits.set_property("label", str(int(totalhits.get_property("label"))+1))
  208. successhits = self.wTree.get_object('successhits')
  209. successhits.set_property("label", str(int(successhits.get_property("label"))+1))
  210. def report_error(self, error_msg):
  211. self.add_report_text(self._report_failed, error_msg)
  212. def mosquito_crashed(self, dest_url, reason):
  213. self.add_report_text(self._report_errors, dest_url+" ["+reason+"]")
  214. def add_failure(self, dest_url):
  215. self.add_report_text(self._report_failed, dest_url)
  216. totalhits = self.wTree.get_object('totalhits')
  217. totalhits.set_property("label", str(int(totalhits.get_property("label"))+1))
  218. failedhits = self.wTree.get_object('failedhits')
  219. failedhits.set_property("label", str(int(failedhits.get_property("label"))+1))
  220. def add_report_text(self, gtkbuffer, text):
  221. gdk.threads_enter()
  222. iter = gtkbuffer.get_end_iter()
  223. gtkbuffer.insert(iter, text+'\n')
  224. gdk.threads_leave()
  225. def setup_mozembed(self):
  226. self.moz = MozChecker(self)
  227. self.mothership.set_webbrowser(self.moz)
  228. def fill_combos(self):
  229. # ui comboboxes
  230. dorker2_options_w = self.wTree.get_object('combobox4')
  231. dorker3_options_w = self.wTree.get_object('combobox6')
  232. crawlerdeep_options_w = self.wTree.get_object('combobox_deep1')
  233. connect_geomap_w = self.wTree.get_object('combobox7')
  234. checkmethod_options_w = self.wTree.get_object('combobox1')
  235. # wizard steps comboboxes
  236. step1_options_w = self.wTree.get_object('combobox_step1')
  237. step2_options_w = self.wTree.get_object('combobox_step2')
  238. step3_options_w = self.wTree.get_object('combobox_step3')
  239. step4_options_w = self.wTree.get_object('combobox_step4')
  240. step5_options_w = self.wTree.get_object('combobox_step5')
  241. # ui comboboxes content
  242. dorker_options = [ 'duck', 'startpage', 'yahoo', 'bing']
  243. crawlerdeep_options = ['1', '2', '3', '4', '5']
  244. checkmethod_options = ['GET', 'POST']
  245. connect_geomap = ['OFF', 'ON']
  246. # wizard comboboxes content
  247. step1_options = ['0', '1', '2']
  248. step2_options = ['0', '1', '2', '3', '4']
  249. step3_options = ['0', '1', '2', '3', '4']
  250. step4_options = ['0', '1', '2', '3', '4', '5']
  251. step5_options = ['0', '1', '2', '3']
  252. # all comboboxes handlered
  253. self.fill_with_options(dorker2_options_w, dorker_options)
  254. self.fill_with_options(dorker3_options_w, dorker_options)
  255. self.fill_with_options(crawlerdeep_options_w, crawlerdeep_options)
  256. self.fill_with_options(connect_geomap_w, connect_geomap)
  257. self.fill_with_options(checkmethod_options_w, checkmethod_options)
  258. self.fill_with_options(step1_options_w, step1_options)
  259. self.fill_with_options(step2_options_w, step2_options)
  260. self.fill_with_options(step3_options_w, step3_options)
  261. self.fill_with_options(step4_options_w, step4_options)
  262. self.fill_with_options(step5_options_w, step5_options)
  263. def on_set_clicked(self, widget):
  264. """
  265. Set your mosquito(s) options
  266. """
  267. # control authmode
  268. auth_none = self.wTree.get_object('auth_none')
  269. auth_cred = self.wTree.get_object('auth_cred')
  270. if auth_cred.get_property('text') == "":
  271. auth_none.set_property('active', True)
  272. commandsenter = self.wTree.get_object('commandsenter')
  273. targetenter = self.wTree.get_object('targetenter')
  274. explorer_enter = self.wTree.get_object('explorer_enter')
  275. if targetenter.get_text() == "" and explorer_enter.get_text() == "":
  276. pass
  277. else:
  278. cmd = self.generate_command()
  279. commandsenter.set_property("text"," ".join(cmd))
  280. app = xsser()
  281. options = app.create_options(cmd)
  282. app.set_options(options)
  283. app.set_reporter(self)
  284. pass
  285. # set visor counters to zero
  286. totalhits = self.wTree.get_object('totalhits')
  287. totalhits.set_property("label", "0")
  288. failedhits = self.wTree.get_object('failedhits')
  289. failedhits.set_property("label", "0")
  290. successhits = self.wTree.get_object('successhits')
  291. successhits.set_property("label", "0")
  292. def end_attack(self):
  293. gdk.threads_enter()
  294. self.status.set_text("idle")
  295. self.status.set_fraction(0.0)
  296. fly_button = self.wTree.get_object('fly')
  297. fly_button.set_label('FLY!!!')
  298. fly_button.set_sensitive(True)
  299. if self._quitting:
  300. pass
  301. else:
  302. gobject.timeout_add(0, self.park_mosquito)
  303. gdk.threads_leave()
  304. def park_mosquito(self):
  305. self._flying.join()
  306. self._flying = None
  307. def on_stop_attack(self):
  308. if self._flying:
  309. self._flying.app.land()
  310. def on_quit(self, widget, data=None):
  311. """
  312. Callback called when the window is destroyed (close button clicked)
  313. """
  314. if self._flying:
  315. print("[Info] Exiting... please wait until all mosquitoes return to mothership!\n")
  316. self._quitting = True
  317. self.on_stop_attack()
  318. self.do_quit()
  319. else:
  320. print("byezZZZzzzz!\n")
  321. self.do_quit()
  322. def do_quit(self):
  323. self.mothership.land(True)
  324. #if self.moz:
  325. # self.moz.shutdown()
  326. if reactor:
  327. threadpool = reactor.getThreadPool()
  328. threadpool.stop()
  329. reactor.stop()
  330. else:
  331. # doing it here doesnt seem to give time to
  332. # the mothership to land but should be ok
  333. gtk.main_quit()
  334. def start_token_check(self, dest_url):
  335. self.update_counters_label()
  336. def update_counters_label(self):
  337. rem = str(self.moz.remaining())
  338. th_count = str(threading.activeCount()-1)
  339. if self._flying:
  340. work_count = str(len(self._flying.app.pool.workRequests))
  341. app = self._flying.app
  342. crawled = str(len(app.crawled_urls))+"/"+str(app.options.crawling)
  343. else:
  344. work_count = ""
  345. crawled = "X"
  346. pars = [crawled, rem, th_count, work_count]
  347. gdk.threads_enter()
  348. self.counters_label.set_text(" ".join(pars))
  349. if pars[3]:
  350. pars[3] = "\nworks in queue: %s"%(pars[3],)
  351. self.counters_label.set_tooltip_text('crawled during last attack: %s\nremaining checks: %s\nalive threads: %s %s' % tuple(pars))
  352. gdk.threads_leave()
  353. def report_state(self, state, val=-1):
  354. if not gtk:
  355. # exiting..
  356. return
  357. gdk.threads_enter()
  358. self.status.set_text(state)
  359. if val == -1:
  360. self.status.pulse()
  361. else:
  362. self.status.set_fraction(val)
  363. gdk.threads_leave()
  364. self.update_counters_label()
  365. def on_fly_clicked(self, widget):
  366. """
  367. Fly your mosquito(s)
  368. """
  369. fly_button = self.wTree.get_object('fly')
  370. if self._flying:
  371. self.on_stop_attack()
  372. fly_button.set_label('LANDING!!!')
  373. fly_button.set_sensitive(False)
  374. return
  375. self.output.get_buffer().set_property("text", "")
  376. auth_none = self.wTree.get_object('auth_none')
  377. auth_cred = self.wTree.get_object('auth_cred')
  378. if auth_cred.get_property('text') == "":
  379. auth_none.set_property('active', True)
  380. commandsenter = self.wTree.get_object('commandsenter')
  381. cmd = self.generate_command()
  382. commandsenter.set_property("text"," ".join(cmd))
  383. t = XSSerThread(cmd, self.mothership)
  384. t.daemon = True
  385. t.add_reporter(self)
  386. t.set_webbrowser(self.moz)
  387. if self.map:
  388. t.add_reporter(self.map)
  389. self.mothership.add_reporter(self.map)
  390. targetenter = self.wTree.get_object('targetenter')
  391. explorer_enter = self.wTree.get_object('explorer_enter')
  392. if t.app.options == None:
  393. pass
  394. elif targetenter.get_text() == "" and explorer_enter.get_text() == "":
  395. pass
  396. else:
  397. t.start()
  398. self._flying = t
  399. fly_button.set_label('LAND!!!')
  400. # set visor counters to zero
  401. totalhits = self.wTree.get_object('totalhits')
  402. totalhits.set_property("label", "0")
  403. failedhits = self.wTree.get_object('failedhits')
  404. failedhits.set_property("label", "0")
  405. successhits = self.wTree.get_object('successhits')
  406. successhits.set_property("label", "0")
  407. # control on/off 'sensitive' switches
  408. def on_intruder_toggled(self, widget):
  409. """
  410. Active intruder mode
  411. """
  412. intruder = self.wTree.get_object('intruder')
  413. targetenter = self.wTree.get_object('targetenter')
  414. targetall = self.wTree.get_object('targetall')
  415. explorer_enter = self.wTree.get_object('explorer_enter')
  416. combobox4 = self.wTree.get_object('combobox4')
  417. if intruder.get_property('active') == True:
  418. targetenter.set_property('visible', True)
  419. targetall.set_property('visible', True)
  420. explorer_enter.set_property('visible', False)
  421. combobox4.set_property('visible', False)
  422. else:
  423. targetenter.set_property("text", "")
  424. targetenter.set_property('visible', False)
  425. targetall.set_property('visible', False)
  426. explorer_enter.set_property('visible', True)
  427. combobox4.set_property('visible', True)
  428. def on_explorer_toggled(self, widget):
  429. """
  430. Toggle ON/OFF explorer entry
  431. """
  432. explorer = self.wTree.get_object('explorer')
  433. targetenter = self.wTree.get_object('targetenter')
  434. targetall = self.wTree.get_object('targetall')
  435. explorer_enter = self.wTree.get_object('explorer_enter')
  436. combobox4 = self.wTree.get_object('combobox4')
  437. if explorer.get_property('active') == True:
  438. explorer_enter.set_property('visible', True)
  439. targetenter.set_property('visible', False)
  440. targetall.set_property('visible', False)
  441. combobox4.set_property('visible', True)
  442. else:
  443. explorer_enter.set_property("text", "")
  444. explorer_enter.set_property("visible", False)
  445. targetenter.set_property('visible', True)
  446. targetall.set_property('visible', True)
  447. combobox4.set_property('visible', False)
  448. def on_targetall_toggled(self, widget):
  449. """
  450. Autoconfigure XSSer options to perform an automatic XSS pentesting
  451. """
  452. targetall = self.wTree.get_object('targetall')
  453. crawler = self.wTree.get_object('crawler')
  454. crawler2_spin = self.wTree.get_object('combobox5')
  455. localonly1 = self.wTree.get_object('localonly1')
  456. statistics = self.wTree.get_object('statistics')
  457. threads_spin = self.wTree.get_object('threads')
  458. timeout_spin = self.wTree.get_object('timeout')
  459. retries_spin = self.wTree.get_object('retries')
  460. delay_spin = self.wTree.get_object('delay')
  461. followredirects = self.wTree.get_object('followredirects')
  462. no_head = self.wTree.get_object('no-head')
  463. reverse_check = self.wTree.get_object('reverse-check')
  464. automatic_payload = self.wTree.get_object('automatic_payload')
  465. cookie_injection = self.wTree.get_object('cookie_injection')
  466. xas = self.wTree.get_object('xas')
  467. xsr = self.wTree.get_object('xsr')
  468. dom = self.wTree.get_object('dom')
  469. dcp = self.wTree.get_object('dcp')
  470. induced = self.wTree.get_object('induced')
  471. save = self.wTree.get_object('save')
  472. exportxml = self.wTree.get_object('exportxml')
  473. if targetall.get_property('active') == True:
  474. crawler.set_property("active", True)
  475. localonly1.set_property("active", True)
  476. crawler2_spin.set_value(99999)
  477. statistics.set_property("active", True)
  478. threads_spin.set_value(10)
  479. timeout_spin.set_value(60)
  480. retries_spin.set_value(2)
  481. delay_spin.set_value(5)
  482. followredirects.set_property("active", True)
  483. no_head.set_property("active", True)
  484. reverse_check.set_property("active", True)
  485. automatic_payload.set_property("active", True)
  486. cookie_injection.set_property("active", True)
  487. xas.set_property("active", True)
  488. xsr.set_property("active", True)
  489. dom.set_property("active", True)
  490. dcp.set_property("active", True)
  491. induced.set_property("active", True)
  492. save.set_property("active", True)
  493. exportxml.set_property("active", True)
  494. else:
  495. crawler.set_property("active", False)
  496. localonly1.set_property("active", True)
  497. crawler2_spin.set_value(50)
  498. statistics.set_property("active", True)
  499. threads_spin.set_value(5)
  500. timeout_spin.set_value(30)
  501. retries_spin.set_value(1)
  502. delay_spin.set_value(0)
  503. followredirects.set_property("active", False)
  504. no_head.set_property("active", False)
  505. reverse_check.set_property("active", False)
  506. automatic_payload.set_property("active", False)
  507. cookie_injection.set_property("active", False)
  508. xas.set_property("active", False)
  509. xsr.set_property("active", False)
  510. dom.set_property("active", False)
  511. dcp.set_property("active", False)
  512. induced.set_property("active", False)
  513. save.set_property("active", False)
  514. exportxml.set_property("active", False)
  515. def on_torproxy_toggled(self, widget):
  516. """
  517. Sync tor mode with expert visor
  518. """
  519. torproxy = self.wTree.get_object('torproxy')
  520. proxy = self.wTree.get_object('proxy')
  521. if torproxy.get_property('active') == True:
  522. proxy.set_property('text', 'http://127.0.0.1:8118')
  523. else:
  524. proxy.set_property('text', "")
  525. def on_automatic_toggled(self, widget):
  526. """
  527. Sync automatic mode with expert visor
  528. """
  529. automatic = self.wTree.get_object('automatic')
  530. automatic_payload = self.wTree.get_object('automatic_payload')
  531. if automatic.get_property('active') == True:
  532. automatic_payload.set_property('active', True)
  533. else:
  534. automatic_payload.set_property('active', False)
  535. def on_automatic_payload_toggled(self, widget):
  536. """
  537. Syn. automatic_payload mode with other automatic switches
  538. """
  539. automatic = self.wTree.get_object('automatic')
  540. automatic_payload = self.wTree.get_object('automatic_payload')
  541. if automatic_payload.get_property('active') == True:
  542. automatic.set_property('active', True)
  543. else:
  544. automatic.set_property('active', False)
  545. def on_crawler_toggled(self, widget):
  546. """
  547. Toggle ON/OFF crawling on main visor
  548. """
  549. crawler = self.wTree.get_object('crawler')
  550. combobox5 = self.wTree.get_object('combobox5')
  551. combobox_deep1 = self.wTree.get_object('combobox_deep1')
  552. localonly1 = self.wTree.get_object('localonly1')
  553. if crawler.get_property('active') == True:
  554. combobox5.set_property('visible', True)
  555. combobox_deep1.set_property('visible', True)
  556. localonly1.set_property('visible', True)
  557. else:
  558. connection_none = self.wTree.get_object('connection_none')
  559. connection_none.set_property('active', True)
  560. combobox5.set_property("visible", False)
  561. combobox_deep1.set_property('visible', False)
  562. localonly1.set_property('visible', False)
  563. def on_get_toggled(self, widget):
  564. """
  565. Toggle ON/OFF payloading entry for GET
  566. """
  567. get = self.wTree.get_object('get')
  568. hbox41 = self.wTree.get_object('hbox41')
  569. if get.get_property('active') == True:
  570. hbox41.set_property('visible', True)
  571. else:
  572. hbox41.set_property("visible", False)
  573. def on_post_toggled(self, widget):
  574. """
  575. Toggle ON/OFF payloading entry for POST
  576. """
  577. post = self.wTree.get_object('post')
  578. hbox41 = self.wTree.get_object('hbox41')
  579. if post.get_property('active') == True:
  580. hbox41.set_property('visible', True)
  581. else:
  582. hbox41.set_property('visible', False)
  583. def on_followredirects_toggled(self, widget):
  584. """
  585. Toggle ON/OFF follow redirects entry
  586. """
  587. followredirects = self.wTree.get_object('followredirects')
  588. follow_limit = self.wTree.get_object('follow-limit')
  589. hbox8 = self.wTree.get_object('hbox8')
  590. if followredirects.get_property('active') == True:
  591. hbox8.set_property('visible', True)
  592. follow_limit.set_value(50)
  593. else:
  594. hbox8.set_property('visible', False)
  595. follow_limit.set_value(0)
  596. def on_alive_toggled(self, widget):
  597. """
  598. Toggle ON/OFF alive checker
  599. """
  600. alive = self.wTree.get_object('alive')
  601. alive_limit = self.wTree.get_object('alive-limit')
  602. hbox58 = self.wTree.get_object('hbox58')
  603. hbox77 = self.wTree.get_object('hbox77')
  604. if alive.get_property('active') == True:
  605. hbox58.set_property('visible', True)
  606. hbox77.set_property('visible', False)
  607. alive_limit.set_value(5)
  608. else:
  609. hbox58.set_property('visible', False)
  610. hbox77.set_property('visible', True)
  611. alive_limit.set_value(0)
  612. def on_auth_none_toggled(self, widget):
  613. auth_cred = self.wTree.get_object('auth_cred')
  614. auth_cred.set_property('text', "")
  615. def on_auth_basic_toggled(self, widget):
  616. hbox17 = self.wTree.get_object('hbox17')
  617. auth_basic = self.wTree.get_object('auth_basic')
  618. if auth_basic.get_property('active') == True:
  619. hbox17.set_property('visible', True)
  620. else:
  621. hbox17.set_property('visible', False)
  622. def on_auth_digest_toggled(self, widget):
  623. hbox17 = self.wTree.get_object('hbox17')
  624. auth_digest = self.wTree.get_object('auth_digest')
  625. if auth_digest.get_property('active') == True:
  626. hbox17.set_property('visible', True)
  627. else:
  628. hbox17.set_property('visible', False)
  629. def on_auth_gss_toggled(self, widget):
  630. hbox17 = self.wTree.get_object('hbox17')
  631. auth_digest = self.wTree.get_object('auth_gss')
  632. if auth_digest.get_property('active') == True:
  633. hbox17.set_property('visible', True)
  634. else:
  635. hbox17.set_property('visible', False)
  636. def on_auth_ntlm_toggled(self, widget):
  637. hbox17 = self.wTree.get_object('hbox17')
  638. auth_digest = self.wTree.get_object('auth_ntlm')
  639. if auth_digest.get_property('active') == True:
  640. hbox17.set_property('visible', True)
  641. else:
  642. hbox17.set_property('visible', False)
  643. def on_finalnone_toggled(self, widget):
  644. payload_entry = self.wTree.get_object('payload_entry')
  645. payload_entry.set_property('text', "")
  646. def on_normalfinal_toggled(self, widget):
  647. hbox25 = self.wTree.get_object('hbox25')
  648. normalfinal = self.wTree.get_object('normalfinal')
  649. if normalfinal.get_property('active') == True:
  650. hbox25.set_property('visible', True)
  651. else:
  652. hbox25.set_property('visible', False)
  653. def on_remotefinal_toggled(self, widget):
  654. hbox25 = self.wTree.get_object('hbox25')
  655. remotefinal = self.wTree.get_object('remotefinal')
  656. if remotefinal.get_property('active') == True:
  657. hbox25.set_property('visible', True)
  658. else:
  659. hbox25.set_property('visible', False)
  660. # wizard helper buttons
  661. def on_startwizard_clicked(self, widget):
  662. self.output_wizard.set_buffer(self._wizard_buffer)
  663. step_view_start = self.wTree.get_object('vbox_start')
  664. step_view_start.set_property("visible", False)
  665. step_view1 = self.wTree.get_object('vbox_step1')
  666. step_view1.set_property("visible", True)
  667. commandsenter = self.wTree.get_object('commandsenter')
  668. commandsenter.set_property("text", "xsser")
  669. target_enter = self.wTree.get_object('targetenter')
  670. target_enter.set_property("text", "")
  671. explorer_enter = self.wTree.get_object('explorer_enter')
  672. explorer_enter.set_property("text", "")
  673. combo_choose1 = self.wTree.get_object('combobox_step1')
  674. combo_choose2 = self.wTree.get_object('combobox_step2')
  675. combo_choose3 = self.wTree.get_object('combobox_step3')
  676. combo_choose4 = self.wTree.get_object('combobox_step4')
  677. combo_choose5 = self.wTree.get_object('combobox_step5')
  678. #wizard auto-way options
  679. combo_choose1.set_active(2)
  680. combo_choose2.set_active(4)
  681. combo_choose3.set_active(3)
  682. combo_choose4.set_active(5)
  683. combo_choose5.set_active(3)
  684. combobox6 = self.wTree.get_object('combobox6')
  685. combobox6.set_active(0)
  686. combobox_deep1 = self.wTree.get_object('combobox_deep1')
  687. combobox_deep1.set_active(0)
  688. verbose = self.wTree.get_object('verbose')
  689. automatic = self.wTree.get_object('automatic')
  690. explorer = self.wTree.get_object('explorer')
  691. crawler = self.wTree.get_object('crawler')
  692. torproxy = self.wTree.get_object('torproxy')
  693. verbose.set_property("active", False)
  694. automatic.set_property("active", False)
  695. explorer.set_property("active", False)
  696. crawler.set_property("active", False)
  697. torproxy.set_property("active", False)
  698. self.target_option = ""
  699. self.file_option = None
  700. self.dork_option = ""
  701. self.dorkengine_option = ""
  702. def on_combobox_step1_changed(self, widget):
  703. combo_choose = self.wTree.get_object('combobox_step1')
  704. vbox_step = self.wTree.get_object('vbox_step')
  705. hboxurl = self.wTree.get_object('hboxurl')
  706. vboxdork = self.wTree.get_object('vboxdork')
  707. next1 = self.wTree.get_object('next1')
  708. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '0':
  709. vbox_step.set_property("visible", False)
  710. next1.set_property("visible", False)
  711. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1':
  712. vbox_step.set_property("visible", True)
  713. hboxurl.set_property("visible", True)
  714. vboxdork.set_property("visible", False)
  715. next1.set_property("visible", True)
  716. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  717. vbox_step.set_property("visible", True)
  718. hboxurl.set_property("visible", False)
  719. vboxdork.set_property("visible", True)
  720. next1.set_property("visible", True)
  721. def on_previous1_clicked(self, widget):
  722. step_view1 = self.wTree.get_object('vbox_step1')
  723. step_view1.set_property("visible", False)
  724. step_view_start = self.wTree.get_object('vbox_start')
  725. step_view_start.set_property("visible", True)
  726. alert_step1_url = self.wTree.get_object('alert_step1_url')
  727. alert_step1_url.set_property("visible", False)
  728. alert_step1_dork = self.wTree.get_object('alert_step1_dork')
  729. alert_step1_dork.set_property("visible", False)
  730. combo_choose = self.wTree.get_object('combobox_step1')
  731. step1_entry_url = self.wTree.get_object('step1_entry_url')
  732. step1_entry_dork = self.wTree.get_object('step1_entry_dork')
  733. step1_entry_url.set_property("text", "")
  734. step1_entry_dork.set_property("text", "")
  735. self.combo_step1_choose = ""
  736. self.target_option = ""
  737. self.dork_option = ""
  738. def on_next1_clicked(self, widget):
  739. step_view1 = self.wTree.get_object('vbox_step1')
  740. step_view2 = self.wTree.get_object('vbox_step2')
  741. combo_choose = self.wTree.get_object('combobox_step1')
  742. step1_entry_url = self.wTree.get_object('step1_entry_url')
  743. step1_entry_dork = self.wTree.get_object('step1_entry_dork')
  744. step1_entry_dorkengine = self.wTree.get_object('combobox6')
  745. alert_step1_url = self.wTree.get_object('alert_step1_url')
  746. alert_step1_dork = self.wTree.get_object('alert_step1_dork')
  747. if step1_entry_url.get_text() == '' and (combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1'):
  748. alert_step1_url.set_property("visible", True)
  749. step_view1.set_property("visible", True)
  750. step_view2.set_property("visible", False)
  751. elif step1_entry_dork.get_text() == '' and (combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2'):
  752. alert_step1_dork.set_property("visible", True)
  753. step_view1.set_property("visible", True)
  754. step_view2.set_property("visible", False)
  755. else:
  756. alert_step1_url.set_property("visible", False)
  757. alert_step1_dork.set_property("visible", False)
  758. step_view1.set_property("visible", False)
  759. step_view2.set_property("visible", True)
  760. self.combo_step1_choose = combo_choose.get_model().get_value(combo_choose.get_active_iter(),0)
  761. self.target_option = step1_entry_url.get_text()
  762. self.dork_option = step1_entry_dork.get_text()
  763. self.dorkengine_option = step1_entry_dorkengine.get_model().get_value(step1_entry_dorkengine.get_active_iter(),0)
  764. def on_combobox_step2_changed(self, widget):
  765. combo_choose = self.wTree.get_object('combobox_step2')
  766. vbox_step2 = self.wTree.get_object('vbox_step2_payload')
  767. step2_entry_payload = self.wTree.get_object('step2_entry_payload')
  768. alert_step2 = self.wTree.get_object('alert_step2')
  769. next2 = self.wTree.get_object('next2')
  770. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '0':
  771. vbox_step2.set_property("visible", False)
  772. alert_step2.set_property("visible", False)
  773. next2.set_property("visible", False)
  774. step2_entry_payload.set_property("text", "")
  775. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1':
  776. vbox_step2.set_property("visible", True)
  777. alert_step2.set_property("visible", False)
  778. next2.set_property("visible", True)
  779. step2_entry_payload.set_property("text", "")
  780. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  781. vbox_step2.set_property("visible", True)
  782. next2.set_property("visible", True)
  783. alert_step2.set_property("visible", False)
  784. step2_entry_payload.set_property("text", "")
  785. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '3':
  786. vbox_step2.set_property("visible", False)
  787. next2.set_property("visible", True)
  788. alert_step2.set_property("visible", False)
  789. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '4':
  790. vbox_step2.set_property("visible", False)
  791. next2.set_property("visible", True)
  792. alert_step2.set_property("visible", False)
  793. def on_previous2_clicked(self, widget):
  794. step_view2 = self.wTree.get_object('vbox_step2')
  795. step_view2.set_property("visible", False)
  796. step_view1 = self.wTree.get_object('vbox_step1')
  797. step_view1.set_property("visible", True)
  798. alert_step2 = self.wTree.get_object('alert_step2')
  799. alert_step2.set_property("visible", False)
  800. step1_entry_url = self.wTree.get_object('step1_entry_url')
  801. step1_entry_url.set_property("text", "")
  802. step1_entry_dork = self.wTree.get_object('step1_entry_dork')
  803. step1_entry_dork.set_property("text", "")
  804. self.combo_step2_choose = ""
  805. self.target_option = ""
  806. self.dork_option = ""
  807. combo_choose = self.wTree.get_object('combobox_step2')
  808. step2_entry_payload = self.wTree.get_object('step2_entry_payload')
  809. step2_entry_payload.set_property("text", "")
  810. self.combo_step2_choose = ""
  811. self.payload_option = ""
  812. def on_next2_clicked(self, widget):
  813. step_view2 = self.wTree.get_object('vbox_step2')
  814. step_view3 = self.wTree.get_object('vbox_step3')
  815. combo_choose = self.wTree.get_object('combobox_step2')
  816. step2_entry_payload = self.wTree.get_object('step2_entry_payload')
  817. alert_step2 = self.wTree.get_object('alert_step2')
  818. if step2_entry_payload.get_text() == '' and (combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1' or combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2') :
  819. alert_step2.set_property("visible", True)
  820. step_view2.set_property("visible", True)
  821. step_view3.set_property("visible", False)
  822. else:
  823. alert_step2.set_property("visible", False)
  824. step_view2.set_property("visible", False)
  825. step_view3.set_property("visible", True)
  826. self.combo_step2_choose = combo_choose.get_model().get_value(combo_choose.get_active_iter(),0)
  827. self.payload_option = step2_entry_payload.get_text()
  828. def on_combobox_step3_changed(self, widget):
  829. combo_choose = self.wTree.get_object('combobox_step3')
  830. vbox_step3 = self.wTree.get_object('vbox_st')
  831. step3_entry_proxy = self.wTree.get_object('step3_entry_proxy')
  832. alert_step3 = self.wTree.get_object('alert_step3')
  833. next3 = self.wTree.get_object('next3')
  834. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '0':
  835. vbox_step3.set_property("visible", False)
  836. alert_step3.set_property("visible", False)
  837. next3.set_property("visible", False)
  838. step3_entry_proxy.set_property("text", "")
  839. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1':
  840. vbox_step3.set_property("visible", True)
  841. alert_step3.set_property("visible", False)
  842. next3.set_property("visible", True)
  843. step3_entry_proxy.set_property("text", "")
  844. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  845. vbox_step3.set_property("visible", False)
  846. next3.set_property("visible", True)
  847. alert_step3.set_property("visible", False)
  848. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '3':
  849. vbox_step3.set_property("visible", False)
  850. next3.set_property("visible", True)
  851. alert_step3.set_property("visible", False)
  852. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '4':
  853. vbox_step3.set_property("visible", False)
  854. next3.set_property("visible", True)
  855. alert_step3.set_property("visible", False)
  856. def on_previous3_clicked(self, widget):
  857. step_view3 = self.wTree.get_object('vbox_step3')
  858. step_view3.set_property("visible", False)
  859. step_view2 = self.wTree.get_object('vbox_step2')
  860. step_view2.set_property("visible", True)
  861. alert_step3 = self.wTree.get_object('alert_step3')
  862. alert_step3.set_property("visible", False)
  863. combo_choose = self.wTree.get_object('combobox_step3')
  864. step3_entry_proxy = self.wTree.get_object('step3_entry_proxy')
  865. step3_entry_proxy.set_property("text", "")
  866. self.combo_step3_choose = ""
  867. self.proxy_option = ""
  868. self.useragent_option = ""
  869. self.referer_option = ""
  870. def on_next3_clicked(self, widget):
  871. step_view3 = self.wTree.get_object('vbox_step3')
  872. step_view4 = self.wTree.get_object('vbox_step4')
  873. combo_choose = self.wTree.get_object('combobox_step3')
  874. step3_entry_proxy = self.wTree.get_object('step3_entry_proxy')
  875. alert_step3 = self.wTree.get_object('alert_step3')
  876. if step3_entry_proxy.get_text() == '' and combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1':
  877. alert_step3.set_property("visible", True)
  878. step_view3.set_property("visible", True)
  879. step_view4.set_property("visible", False)
  880. else:
  881. alert_step3.set_property("visible", False)
  882. step_view3.set_property("visible", False)
  883. step_view4.set_property("visible", True)
  884. self.combo_step3_choose = combo_choose.get_model().get_value(combo_choose.get_active_iter(),0)
  885. self.proxy_option = step3_entry_proxy.get_text()
  886. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  887. self.proxy_option = "http://127.0.0.1:8118"
  888. def on_combobox_step4_changed(self, widget):
  889. combo_choose = self.wTree.get_object('combobox_step4')
  890. vbox_step4 = self.wTree.get_object('vboxstep4')
  891. step4_entry_cem = self.wTree.get_object('step4_entry_cem')
  892. alert_step4 = self.wTree.get_object('alert_step4')
  893. next4 = self.wTree.get_object('next4')
  894. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '0':
  895. vbox_step4.set_property("visible", False)
  896. alert_step4.set_property("visible", False)
  897. next4.set_property("visible", False)
  898. step4_entry_cem.set_property("text", "")
  899. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1':
  900. vbox_step4.set_property("visible", False)
  901. alert_step4.set_property("visible", False)
  902. next4.set_property("visible", True)
  903. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  904. vbox_step4.set_property("visible", False)
  905. alert_step4.set_property("visible", False)
  906. next4.set_property("visible", True)
  907. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '3':
  908. vbox_step4.set_property("visible", False)
  909. alert_step4.set_property("visible", False)
  910. next4.set_property("visible", True)
  911. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '4':
  912. vbox_step4.set_property("visible", True)
  913. next4.set_property("visible", True)
  914. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '5':
  915. vbox_step4.set_property("visible", False)
  916. next4.set_property("visible", True)
  917. alert_step4.set_property("visible", False)
  918. def on_previous4_clicked(self, widget):
  919. step_view4 = self.wTree.get_object('vbox_step4')
  920. step_view4.set_property("visible", False)
  921. step_view3 = self.wTree.get_object('vbox_step3')
  922. step_view3.set_property("visible", True)
  923. alert_step4 = self.wTree.get_object('alert_step4')
  924. alert_step4.set_property("visible", False)
  925. combo_choose = self.wTree.get_object('combobox_step4')
  926. step4_entry_cem = self.wTree.get_object('step4_entry_cem')
  927. step4_entry_cem.set_property("text", "")
  928. self.combo_step4_choose = ""
  929. self.cem_option = ""
  930. def on_next4_clicked(self, widget):
  931. step_view4 = self.wTree.get_object('vbox_step4')
  932. step_view5 = self.wTree.get_object('vbox_step5')
  933. combo_choose = self.wTree.get_object('combobox_step4')
  934. step4_entry_cem = self.wTree.get_object('step4_entry_cem')
  935. alert_step4 = self.wTree.get_object('alert_step4')
  936. if step4_entry_cem.get_text() == '' and combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '4':
  937. alert_step4.set_property("visible", True)
  938. step_view4.set_property("visible", True)
  939. step_view5.set_property("visible", False)
  940. else:
  941. alert_step4.set_property("visible", False)
  942. step_view4.set_property("visible", False)
  943. step_view5.set_property("visible", True)
  944. self.combo_step4_choose = combo_choose.get_model().get_value(combo_choose.get_active_iter(),0)
  945. self.cem_option = step4_entry_cem.get_text()
  946. def on_combobox_step5_changed(self, widget):
  947. combo_choose = self.wTree.get_object('combobox_step5')
  948. vbox_step5 = self.wTree.get_object('vboxstep5')
  949. step5_entry_scripts = self.wTree.get_object('step5_entry_scripts')
  950. alert_step5 = self.wTree.get_object('alert_step5')
  951. next5 = self.wTree.get_object('next5')
  952. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '0':
  953. vbox_step5.set_property("visible", False)
  954. alert_step5.set_property("visible", False)
  955. next5.set_property("visible", False)
  956. step5_entry_scripts.set_property("text", "")
  957. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '1':
  958. vbox_step5.set_property("visible", False)
  959. alert_step5.set_property("visible", False)
  960. next5.set_property("visible", True)
  961. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  962. vbox_step5.set_property("visible", True)
  963. alert_step5.set_property("visible", False)
  964. next5.set_property("visible", True)
  965. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '3':
  966. vbox_step5.set_property("visible", False)
  967. alert_step5.set_property("visible", False)
  968. next5.set_property("visible", True)
  969. def on_previous5_clicked(self, widget):
  970. step_view5 = self.wTree.get_object('vbox_step5')
  971. step_view5.set_property("visible", False)
  972. step_view4 = self.wTree.get_object('vbox_step4')
  973. step_view4.set_property("visible", True)
  974. alert_step5 = self.wTree.get_object('alert_step5')
  975. alert_step5.set_property("visible", False)
  976. combo_choose = self.wTree.get_object('combobox_step5')
  977. step5_entry_scripts = self.wTree.get_object('step5_entry_scripts')
  978. step5_entry_scripts.set_property("text", "")
  979. self.combo_step5_choose = ""
  980. self.scripts_option = ""
  981. def on_next5_clicked(self, widget):
  982. step_view5 = self.wTree.get_object('vbox_step5')
  983. step_view5.set_property("visible", False)
  984. step_view_end = self.wTree.get_object('vbox_end')
  985. step_view_end.set_property("visible", True)
  986. combo_choose = self.wTree.get_object('combobox_step5')
  987. step5_entry_scripts = self.wTree.get_object('step5_entry_scripts')
  988. alert_step5 = self.wTree.get_object('alert_step5')
  989. if step5_entry_scripts.get_text() == '' and combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == '2':
  990. alert_step5.set_property("visible", True)
  991. step_view5.set_property("visible", True)
  992. step_view_end.set_property("visible", False)
  993. else:
  994. alert_step5.set_property("visible", False)
  995. step_view5.set_property("visible", False)
  996. step_view_end.set_property("visible", True)
  997. self.combo_step5_choose = combo_choose.get_model().get_value(combo_choose.get_active_iter(),0)
  998. self.scripts_option = step5_entry_scripts.get_text()
  999. # building end form
  1000. end_entry_target = self.wTree.get_object('end_entry_target')
  1001. end_entry_shadow = self.wTree.get_object('end_entry_shadow')
  1002. end_entry_connection = self.wTree.get_object('end_entry_connection')
  1003. end_entry_bypasser = self.wTree.get_object('end_entry_bypasser')
  1004. end_entry_exploit = self.wTree.get_object('end_entry_exploit')
  1005. # step 1
  1006. if self.combo_step1_choose == "1":
  1007. end_entry_target.set_property("text", "URL: " + self.target_option)
  1008. if self.combo_step1_choose == "2":
  1009. end_entry_target.set_property("text", ("Dork: " + self.dork_option + " // Engine: " + self.dorkengine_option))
  1010. # step 2
  1011. if self.combo_step2_choose == "1":
  1012. end_entry_connection.set_property("text", ("Type: GET " + " // Payload: " + self.payload_option))
  1013. if self.combo_step2_choose == "2":
  1014. end_entry_connection.set_property("text", ("Type: POST " + " // Payload: " + self.payload_option))
  1015. if self.combo_step2_choose == "3":
  1016. end_entry_connection.set_property("text", "Type: Crawler")
  1017. if self.combo_step2_choose == "4":
  1018. end_entry_connection.set_property("text", "Type: AUTO")
  1019. # step 3
  1020. if self.combo_step3_choose == "1":
  1021. shadow_proxy = end_entry_shadow.set_property("text", self.proxy_option)
  1022. shadow_useragent = end_entry_shadow.set_property("text", self.useragent_option)
  1023. shadow_referer = end_entry_shadow.set_property("text", self.referer_option)
  1024. proxy = "PROXY listening on: " + self.proxy_option
  1025. end_entry_shadow.set_property("text", proxy)
  1026. if self.useragent_option != "":
  1027. end_entry_shadow.set_property("text", proxy + " + UA spoofing")
  1028. if self.referer_option != "":
  1029. end_entry_shadow.set_property("text", proxy + " + UA spoofing + RF spoofing")
  1030. else:
  1031. end_entry_shadow.set_property("text", proxy + " + UA spoofing(by default)")
  1032. if self.referer_option != "":
  1033. end_entry_shadow.set_property("text", proxy + " + UA spoofing(by default)+ RF spoofing")
  1034. if self.referer_option != "":
  1035. end_entry_shadow.set_property("text", proxy + " + RF spoofing")
  1036. if self.combo_step3_choose == "2":
  1037. proxy = "PROXY listening on: " + self.proxy_option
  1038. end_entry_shadow.set_property("text", proxy)
  1039. if self.combo_step3_choose == "3":
  1040. end_entry_shadow.set_property("text", "NO PROXY + UA spoofing(by default)")
  1041. if self.combo_step3_choose == "4":
  1042. end_entry_shadow.set_property("text", "DIRECT + UA spoofing(by default)")
  1043. # step 4
  1044. if self.combo_step4_choose == "1":
  1045. end_entry_bypasser.set_property("text", "Encode: Nothing")
  1046. if self.combo_step4_choose == "2":
  1047. end_entry_bypasser.set_property("text", "Encode: Hexadecimal")
  1048. if self.combo_step4_choose == "3":
  1049. end_entry_bypasser.set_property("text", "Encode: mix 'String.FromCharCode()' and 'Unescape()'")
  1050. if self.combo_step4_choose == "4":
  1051. end_entry_bypasser.set_property("text", self.cem_option)
  1052. if self.combo_step4_choose == "5":
  1053. end_entry_bypasser.set_property("text", "Encode: Nothing")
  1054. # step 5
  1055. if self.combo_step5_choose == "1":
  1056. end_entry_exploit.set_property("text", "Code: Classic 'XSS' alert box")
  1057. if self.combo_step5_choose == "2":
  1058. end_entry_exploit.set_property("text", self.scripts_option)
  1059. if self.combo_step5_choose == "3":
  1060. end_entry_exploit.set_property("text", "Code: Classic 'XSS' alert box")
  1061. def on_previous6_clicked(self, widget):
  1062. step_view_end = self.wTree.get_object('vbox_end')
  1063. step_view_end.set_property("visible", False)
  1064. step_view5 = self.wTree.get_object('vbox_step5')
  1065. step_view5.set_property("visible", True)
  1066. alert_step5 = self.wTree.get_object('alert_step5')
  1067. alert_step5.set_property("visible", False)
  1068. combo_choose = self.wTree.get_object('combobox_step5')
  1069. step5_entry_scripts = self.wTree.get_object('step5_entry_scripts')
  1070. step5_entry_scripts.set_property("text", "")
  1071. self.combo_step5_choose = ""
  1072. self.scripts_option = ""
  1073. def on_cancel_template_clicked(self, widget):
  1074. step_view_end = self.wTree.get_object('vbox_end')
  1075. step_view_end.set_property("visible", False)
  1076. step_view_start = self.wTree.get_object('vbox_start')
  1077. step1_entry_url = self.wTree.get_object('step1_entry_url')
  1078. step1_entry_dork = self.wTree.get_object('step1_entry_dork')
  1079. step2_entry_payload = self.wTree.get_object('step2_entry_payload')
  1080. step3_entry_proxy = self.wTree.get_object('step3_entry_proxy')
  1081. step4_entry_cem = self.wTree.get_object('step4_entry_cem')
  1082. step5_entry_scripts = self.wTree.get_object('step5_entry_scripts')
  1083. step_view_start.set_property("visible", True)
  1084. # reseting wizard options
  1085. # step 1
  1086. self.target_option = ""
  1087. self.dork_option = ""
  1088. self.dorkengine_option = ""
  1089. self.combo_step1_choose = ""
  1090. step1_entry_url.set_property("text", "")
  1091. step1_entry_dork.set_property("text", "")
  1092. # step 2
  1093. self.payload_option = ""
  1094. self.combo_step2_choose = ""
  1095. step2_entry_payload.set_property("text", "")
  1096. # step 3
  1097. self.combo_step3_choose = ""
  1098. self.proxy_option = ""
  1099. self.useragent_option = ""
  1100. self.referer_option = ""
  1101. step3_entry_proxy.set_property("text", "")
  1102. # step 4
  1103. self.combo_step4_choose = ""
  1104. self.cem_option = ""
  1105. step4_entry_cem.set_property("text", "")
  1106. # step 5
  1107. self.combo_step5_choose = ""
  1108. self.scripts_option = ""
  1109. step5_entry_scripts.set_property("text", "")
  1110. # remove parameters on autocompleter
  1111. commandsenter = self.wTree.get_object('commandsenter')
  1112. commandsenter.set_property("text", "xsser")
  1113. # clean all buffers
  1114. self.output_wizard.set_buffer(self._wizard_buffer)
  1115. def on_accept_template_clicked(self, widget):
  1116. """
  1117. Fly your mosquito(s) from wizard
  1118. """
  1119. # clean startup wizard buffer
  1120. step_view_end = self.wTree.get_object('vbox_end')
  1121. step_view_end.set_property("visible", False)
  1122. step_view_start = self.wTree.get_object('vbox_start')
  1123. step_view_start.set_property("visible", True)
  1124. fly_button = self.wTree.get_object('fly')
  1125. if self._flying:
  1126. self.on_stop_attack()
  1127. fly_button.set_label('LANDING!!!')
  1128. fly_button.set_sensitive(False)
  1129. return
  1130. self._report_errors.set_text('')
  1131. self._report_vulnerables.set_text('')
  1132. self._report_success.set_text('')
  1133. self._report_failed.set_text('')
  1134. self._report_crawling.set_text('')
  1135. self.output_wizard.set_buffer(self.output.get_buffer())
  1136. commandsenter = self.wTree.get_object('commandsenter')
  1137. cmd = self.generate_command()
  1138. commandsenter.set_property("text"," ".join(cmd))
  1139. t = XSSerThread(cmd, self.mothership)
  1140. t.add_reporter(self)
  1141. t.set_webbrowser(self.moz)
  1142. if self.map:
  1143. t.add_reporter(self.map)
  1144. self.mothership.add_reporter(self.map)
  1145. t.start()
  1146. self._flying = t
  1147. fly_button.set_label('LAND!!!')
  1148. step1_entry_url = self.wTree.get_object('step1_entry_url')
  1149. step1_entry_dork = self.wTree.get_object('step1_entry_dork')
  1150. step2_entry_payload = self.wTree.get_object('step2_entry_payload')
  1151. step3_entry_proxy = self.wTree.get_object('step3_entry_proxy')
  1152. step4_entry_cem = self.wTree.get_object('step4_entry_cem')
  1153. step5_entry_scripts = self.wTree.get_object('step5_entry_scripts')
  1154. step_view_start.set_property("visible", True)
  1155. # reseting wizard options
  1156. # step 1
  1157. self.target_option = ""
  1158. self.dork_option = ""
  1159. self.dorkengine_option = ""
  1160. self.combo_step1_choose = ""
  1161. step1_entry_url.set_property("text", "")
  1162. step1_entry_dork.set_property("text", "")
  1163. # step 2
  1164. self.payload_option = ""
  1165. self.combo_step2_choose = ""
  1166. step2_entry_payload.set_property("text", "")
  1167. # step 3
  1168. self.combo_step3_choose = ""
  1169. self.proxy_option = ""
  1170. self.useragent_option = ""
  1171. self.referer_option = ""
  1172. # step 4
  1173. self.combo_step4_choose = ""
  1174. self.cem_option = ""
  1175. step4_entry_cem.set_property("text", "")
  1176. # step 5
  1177. self.combo_step5_choose = ""
  1178. self.scripts_option = ""
  1179. step5_entry_scripts.set_property("text", "")
  1180. # remove parameters on autocompleter
  1181. commandsenter = self.wTree.get_object('commandsenter')
  1182. commandsenter.set_property("text", "xsser")
  1183. def on_combobox7_changed(self, widget):
  1184. """
  1185. Generate Geoip
  1186. """
  1187. combo_choose = self.wTree.get_object('combobox7')
  1188. image_geomap = self.wTree.get_object('image_geomap')
  1189. vbox9 = self.wTree.get_object('vbox9')
  1190. if combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == 'OFF':
  1191. self.map.set_property("visible", False)
  1192. vbox9.set_property("visible", False)
  1193. if self._flying:
  1194. self._flying.remove_reporter(self.map)
  1195. self.mothership.remove_reporter(self.map)
  1196. elif combo_choose.get_model().get_value(combo_choose.get_active_iter(),0) == 'ON':
  1197. vbox9.set_property("visible", True)
  1198. if not self.map:
  1199. image_geomap.realize()
  1200. drawarea = GlobalMap(self, image_geomap.get_pixbuf(), self._flying)
  1201. vbox = image_geomap.get_parent()
  1202. vbox.remove(image_geomap)
  1203. eventbox = gtk.EventBox()
  1204. eventbox.add(drawarea)
  1205. vbox.pack_end(eventbox, True, True, 0)
  1206. eventbox.show()
  1207. drawarea.show()
  1208. self.map = drawarea
  1209. if self._flying:
  1210. self.mothership.add_reporter(self.map)
  1211. self._flying.add_reporter(self.map)
  1212. self.map.set_property("visible", True)
  1213. def on_update_clicked(self, widget):
  1214. """
  1215. Search for latest XSSer version
  1216. """
  1217. webbrowser.open("https://github.com/epsylon/xsser")
  1218. def on_reportbug_clicked(self, widget):
  1219. """
  1220. Report bugs, ideas...
  1221. """
  1222. webbrowser.open("https://lists.sourceforge.net/lists/listinfo/xsser-users")
  1223. def on_donate_clicked(self, widget):
  1224. """
  1225. Donate something
  1226. """
  1227. webbrowser.open("https://03c8.net")
  1228. def generate_command(self):
  1229. command = ["xsser"]
  1230. # set automatic audit a entire target
  1231. # get target from url
  1232. target_all = self.wTree.get_object('targetall')
  1233. target_entry = self.wTree.get_object('targetenter')
  1234. if target_all.get_active() == False:
  1235. pass
  1236. else:
  1237. if target_entry.get_text() == "":
  1238. pass
  1239. else:
  1240. command.append("--all")
  1241. command.append(target_entry.get_text())
  1242. # get target from url
  1243. target_entry = self.wTree.get_object('targetenter')
  1244. if target_all.get_active() == True:
  1245. pass
  1246. else:
  1247. if target_entry.get_text() == "":
  1248. pass
  1249. else:
  1250. command.append("-u")
  1251. command.append(target_entry.get_text())
  1252. # get explorer test mode
  1253. explorer = self.wTree.get_object('explorer')
  1254. if explorer.get_active() == False:
  1255. pass
  1256. else:
  1257. explorer_enter = self.wTree.get_object('explorer_enter')
  1258. dork_engine = self.wTree.get_object('combobox4')
  1259. if explorer_enter.get_text() == "":
  1260. pass
  1261. else:
  1262. command.append("-d")
  1263. command.append(explorer_enter.get_text())
  1264. command.append("--De")
  1265. command.append(dork_engine.get_model().get_value(dork_engine.get_active_iter(),0))
  1266. # get crawler test mode (common crawling c=50 Cw=3)
  1267. crawler = self.wTree.get_object('crawler')
  1268. combobox5 = self.wTree.get_object('combobox5')
  1269. combobox_deep1 = self.wTree.get_object('combobox_deep1')
  1270. localonly1 = self.wTree.get_object('localonly1')
  1271. if crawler.get_active() == False:
  1272. pass
  1273. else:
  1274. command.append("-c")
  1275. command.append(str(int(combobox5.get_value())))
  1276. command.append("--Cw")
  1277. iter = combobox_deep1.get_active_iter()
  1278. command.append(combobox_deep1.get_model().get_value(iter, 0))
  1279. if localonly1.get_active() == True:
  1280. command.append("--Cl")
  1281. # get statistics
  1282. target_entry = self.wTree.get_object('statistics')
  1283. if target_entry.get_active() == False:
  1284. pass
  1285. else:
  1286. command.append("-s")
  1287. # get verbose
  1288. target_entry = self.wTree.get_object('verbose')
  1289. if target_entry.get_active() == False:
  1290. pass
  1291. else:
  1292. command.append("-v")
  1293. # use GET connections
  1294. target_entry = self.wTree.get_object('get')
  1295. if target_entry.get_active() == False:
  1296. pass
  1297. else:
  1298. target_entry = self.wTree.get_object('connection_parameters')
  1299. if target_entry.get_text() == "":
  1300. pass
  1301. else:
  1302. command.append("-g")
  1303. command.append(target_entry.get_text())
  1304. # use POST connections
  1305. target_entry = self.wTree.get_object('post')
  1306. if target_entry.get_active() == False:
  1307. pass
  1308. else:
  1309. target_entry = self.wTree.get_object('connection_parameters')
  1310. if target_entry.get_text() == "":
  1311. pass
  1312. else:
  1313. command.append("-p")
  1314. command.append(target_entry.get_text())
  1315. # use checker system HEAD
  1316. target_entry = self.wTree.get_object('no-head')
  1317. if target_entry.get_active() == False:
  1318. pass
  1319. else:
  1320. command.append("--head")
  1321. # use checker system HASH
  1322. target_entry = self.wTree.get_object('hashing')
  1323. if target_entry.get_active() == False:
  1324. pass
  1325. else:
  1326. command.append("--hash")
  1327. # use checker system HEURISTIC
  1328. target_entry = self.wTree.get_object('heuristic')
  1329. if target_entry.get_active() == False:
  1330. pass
  1331. else:
  1332. command.append("--heuristic")
  1333. # get USER-AGENT
  1334. target_entry = self.wTree.get_object('useragent')
  1335. command.append("--user-agent")
  1336. command.append(target_entry.get_text())
  1337. # get REFERER
  1338. target_entry = self.wTree.get_object('referer')
  1339. if target_entry.get_text() == "":
  1340. pass
  1341. else:
  1342. command.append("--referer")
  1343. command.append(target_entry.get_text())
  1344. # get COOKIE
  1345. target_entry = self.wTree.get_object('cookie')
  1346. if target_entry.get_text() == "":
  1347. pass
  1348. else:
  1349. command.append("--cookie")
  1350. command.append(target_entry.get_text())
  1351. # get Authentication BASIC
  1352. target_entry = self.wTree.get_object('auth_basic')
  1353. if target_entry.get_active() == False:
  1354. pass
  1355. else:
  1356. command.append("--auth-type")
  1357. command.append("basic")
  1358. # get Authentication DIGEST
  1359. target_entry = self.wTree.get_object('auth_digest')
  1360. if target_entry.get_active() == False:
  1361. pass
  1362. else:
  1363. command.append("--auth-type")
  1364. command.append("digest")
  1365. # get Authentication GSS
  1366. target_entry = self.wTree.get_object('auth_gss')
  1367. if target_entry.get_active() == False:
  1368. pass
  1369. else:
  1370. command.append("--auth-type")
  1371. command.append("gss")
  1372. # get Authentication NTLM
  1373. target_entry = self.wTree.get_object('auth_ntlm')
  1374. if target_entry.get_active() == False:
  1375. pass
  1376. else:
  1377. command.append("--auth-type")
  1378. command.append("ntlm")
  1379. # get Authentication Credentials
  1380. target_entry = self.wTree.get_object('auth_cred')
  1381. if target_entry.get_text() == "":
  1382. pass
  1383. else:
  1384. command.append("--auth-cred")
  1385. command.append(target_entry.get_text())
  1386. # get PROXY
  1387. proxy = self.wTree.get_object('proxy')
  1388. if proxy.get_text() == "":
  1389. pass
  1390. else:
  1391. command.append("--proxy")
  1392. command.append(proxy.get_text())
  1393. if proxy.get_text() == "http://127.0.0.1:8118":
  1394. torproxy = self.wTree.get_object('torproxy')
  1395. torproxy.set_property('active', True)
  1396. else:
  1397. torproxy.set_property('active', False)
  1398. # get IGNORE-PROXY
  1399. target_entry = self.wTree.get_object('ignore-proxy')
  1400. if target_entry.get_active() == False:
  1401. pass
  1402. else:
  1403. command.append("--ignore-proxy")
  1404. # get DROP-COOKIE
  1405. target_entry = self.wTree.get_object('drop-cookie')
  1406. if target_entry.get_active() == False:
  1407. pass
  1408. else:
  1409. command.append("--drop-cookie")
  1410. # get XFORW
  1411. target_entry = self.wTree.get_object('xforw')
  1412. if target_entry.get_active() == False:
  1413. pass
  1414. else:
  1415. command.append("--xforw")
  1416. # get XCLIENT
  1417. target_entry = self.wTree.get_object('xclient')
  1418. if target_entry.get_active() == False:
  1419. pass
  1420. else:
  1421. command.append("--xclient")
  1422. # get TCP-NODELAY
  1423. target_entry = self.wTree.get_object('tcp-nodelay')
  1424. if target_entry.get_active() == False:
  1425. pass
  1426. else:
  1427. command.append("--tcp-nodelay")
  1428. # get REVERSE-CHECK
  1429. target_entry = self.wTree.get_object('reverse-check')
  1430. if target_entry.get_active() == False:
  1431. pass
  1432. else:
  1433. command.append("--reverse-check")
  1434. # get DISCARD CODE
  1435. target_entry = self.wTree.get_object('discode')
  1436. if target_entry.get_text() == "":
  1437. pass
  1438. else:
  1439. command.append("--discode")
  1440. command.append(target_entry.get_text())
  1441. # get FOLLOWREDIRECTS
  1442. target_entry = self.wTree.get_object('followredirects')
  1443. if target_entry.get_active() == False:
  1444. pass
  1445. else:
  1446. command.append("--follow-redirects")
  1447. # get FOLLOW-LIMIT
  1448. target_entry = self.wTree.get_object('follow-limit')
  1449. if target_entry.get_value() == 0:
  1450. pass
  1451. else:
  1452. command.append("--follow-limit")
  1453. command.append(str(int(target_entry.get_value())))
  1454. # get ISALIVE
  1455. target_entry = self.wTree.get_object('alive-limit')
  1456. if target_entry.get_value() == 0:
  1457. pass
  1458. else:
  1459. command.append("--alive")
  1460. command.append(str(int(target_entry.get_value())))
  1461. # get CHECK-AT-URL
  1462. target_entry = self.wTree.get_object('checkaturl')
  1463. check_method = self.wTree.get_object('combobox1')
  1464. check_data = self.wTree.get_object('checkatdata')
  1465. if target_entry.get_text() == "":
  1466. pass
  1467. else:
  1468. command.append("--checkaturl")
  1469. command.append(target_entry.get_text())
  1470. command.append("--checkmethod")
  1471. command.append(check_method.get_model().get_value(checkmethod.get_active_iter(),0))
  1472. if check_data.get_text() == "":
  1473. pass
  1474. else:
  1475. command.append("--checkatdata")
  1476. command.append(check_data.get_text())
  1477. # get THREADS
  1478. target_entry = self.wTree.get_object('threads')
  1479. if target_entry.get_value() == 0:
  1480. pass
  1481. else:
  1482. command.append("--threads")
  1483. command.append(str(int(target_entry.get_value())))
  1484. # get TIMEOUT
  1485. target_entry = self.wTree.get_object('timeout')
  1486. command.append("--timeout")
  1487. command.append(str(int(target_entry.get_value())))
  1488. # get RETRIES
  1489. target_entry = self.wTree.get_object('retries')
  1490. command.append("--retries")
  1491. command.append(str(int(target_entry.get_value())))
  1492. # get DELAY
  1493. target_entry = self.wTree.get_object('delay')
  1494. command.append("--delay")
  1495. command.append(str(int(target_entry.get_value())))
  1496. # get Extra Headers
  1497. target_entry = self.wTree.get_object('extra_headers')
  1498. if target_entry.get_text() == "":
  1499. pass
  1500. else:
  1501. command.append("--headers")
  1502. command.append(target_entry.get_text())
  1503. # get Payload
  1504. target_entry = self.wTree.get_object('enterpayload')
  1505. if target_entry.get_text() == "":
  1506. pass
  1507. else:
  1508. command.append("--payload")
  1509. command.append(target_entry.get_text())
  1510. # get Automatic Payload test
  1511. target_entry = self.wTree.get_object('automatic_payload')
  1512. if target_entry.get_active() == False:
  1513. pass
  1514. else:
  1515. command.append("--auto")
  1516. # get Bypasser: StringFromCharCode()
  1517. target_entry = self.wTree.get_object('by_sfcc')
  1518. if target_entry.get_active() == False:
  1519. pass
  1520. else:
  1521. command.append("--Str")
  1522. # get Bypasser: Unescape()
  1523. target_entry = self.wTree.get_object('by_unescape')
  1524. if target_entry.get_active() == False:
  1525. pass
  1526. else:
  1527. command.append("--Une")
  1528. # get Bypasser: Hexadecimal
  1529. target_entry = self.wTree.get_object('by_hex')
  1530. if target_entry.get_active() == False:
  1531. pass
  1532. else:
  1533. command.append("--Hex")
  1534. # get Bypasser: Hexadecimal with semicolons
  1535. target_entry = self.wTree.get_object('by_hes')
  1536. if target_entry.get_active() == False:
  1537. pass
  1538. else:
  1539. command.append("--Hes")
  1540. # get Bypasser: Dword
  1541. target_entry = self.wTree.get_object('by_dword')
  1542. if target_entry.get_active() == False:
  1543. pass
  1544. else:
  1545. command.append("--Dwo")
  1546. # get Bypasser: Octal
  1547. target_entry = self.wTree.get_object('by_octal')
  1548. if target_entry.get_active() == False:
  1549. pass
  1550. else:
  1551. command.append("--Doo")
  1552. # get Bypasser: Decimal
  1553. target_entry = self.wTree.get_object('by_decimal')
  1554. if target_entry.get_active() == False:
  1555. pass
  1556. else:
  1557. command.append("--Dec")
  1558. # get Bypasser: CEM
  1559. target_entry = self.wTree.get_object('enter_cem')
  1560. if target_entry.get_text() == "":
  1561. pass
  1562. else:
  1563. command.append("--Cem")
  1564. command.append(target_entry.get_text())
  1565. # get Technique: Cookie Injection
  1566. target_entry = self.wTree.get_object('cookie_injection')
  1567. if target_entry.get_active() == False:
  1568. pass
  1569. else:
  1570. command.append("--Coo")
  1571. # get Technique: Cross Site Agent Scripting
  1572. target_entry = self.wTree.get_object('xas')
  1573. if target_entry.get_active() == False:
  1574. pass
  1575. else:
  1576. command.append("--Xsa")
  1577. # get Technique: Cross Site Referer Scripting
  1578. target_entry = self.wTree.get_object('xsr')
  1579. if target_entry.get_active() == False:
  1580. pass
  1581. else:
  1582. command.append("--Xsr")
  1583. # get Technique: Document Object Model injections
  1584. target_entry = self.wTree.get_object('dom')
  1585. if target_entry.get_active() == False:
  1586. pass
  1587. else:
  1588. command.append("--Dom")
  1589. # get Technique: Data Control Protocol injections
  1590. target_entry = self.wTree.get_object('dcp')
  1591. if target_entry.get_active() == False:
  1592. pass
  1593. else:
  1594. command.append("--Dcp")
  1595. # get Technique: HTTP Response Splitting Induced code
  1596. target_entry = self.wTree.get_object('induced')
  1597. if target_entry.get_active() == False:
  1598. pass
  1599. else:
  1600. command.append("--Ind")
  1601. # get Technique: Use Anchor Stealth
  1602. target_entry = self.wTree.get_object('anchor')
  1603. if target_entry.get_active() == False:
  1604. pass
  1605. else:
  1606. command.append("--Anchor")
  1607. # get Technique: PHP IDS bug (0.6.5)
  1608. target_entry = self.wTree.get_object('phpids')
  1609. if target_entry.get_active() == False:
  1610. pass
  1611. else:
  1612. command.append("--Phpids0.6.5")
  1613. # get Technique: PHP IDS bug (0.7.0)
  1614. target_entry = self.wTree.get_object('phpids070')
  1615. if target_entry.get_active() == False:
  1616. pass
  1617. else:
  1618. command.append("--Phpids0.7")
  1619. # get Technique: Imperva
  1620. target_entry = self.wTree.get_object('imperva')
  1621. if target_entry.get_active() == False:
  1622. pass
  1623. else:
  1624. command.append("--Imperva")
  1625. # get Technique: WebKnight (4.1)
  1626. target_entry = self.wTree.get_object('webknight')
  1627. if target_entry.get_active() == False:
  1628. pass
  1629. else:
  1630. command.append("--Webknight")
  1631. # get Technique: F5 Big Ip
  1632. target_entry = self.wTree.get_object('f5bigip')
  1633. if target_entry.get_active() == False:
  1634. pass
  1635. else:
  1636. command.append("--F5bigip")
  1637. # get Technique: Barracuda
  1638. target_entry = self.wTree.get_object('barracuda')
  1639. if target_entry.get_active() == False:
  1640. pass
  1641. else:
  1642. command.append("--Barracuda")
  1643. # get Technique: Apache modsec
  1644. target_entry = self.wTree.get_object('modsec')
  1645. if target_entry.get_active() == False:
  1646. pass
  1647. else:
  1648. command.append("--Modsec")
  1649. # get Technique: QuickDefense
  1650. target_entry = self.wTree.get_object('quickdefense')
  1651. if target_entry.get_active() == False:
  1652. pass
  1653. else:
  1654. command.append("--Quickdefense")
  1655. # get Technique: Firefox
  1656. target_entry = self.wTree.get_object('firefox')
  1657. if target_entry.get_active() == False:
  1658. pass
  1659. else:
  1660. command.append("--Firefox")
  1661. # get Technique: Chrome
  1662. target_entry = self.wTree.get_object('chrome')
  1663. if target_entry.get_active() == False:
  1664. pass
  1665. else:
  1666. command.append("--Chrome")
  1667. # get Technique: IExplorer
  1668. target_entry = self.wTree.get_object('iexplorer')
  1669. if target_entry.get_active() == False:
  1670. pass
  1671. else:
  1672. command.append("--Iexplorer")
  1673. # get Technique: Opera
  1674. target_entry = self.wTree.get_object('opera')
  1675. if target_entry.get_active() == False:
  1676. pass
  1677. else:
  1678. command.append("--Opera")
  1679. # get Final code: Normal Payload
  1680. target_entry = self.wTree.get_object('normalfinal')
  1681. if target_entry.get_active() == False:
  1682. pass
  1683. else:
  1684. target_entry = self.wTree.get_object('payload_entry')
  1685. if target_entry.get_text() == "":
  1686. pass
  1687. else:
  1688. command.append("--Fp")
  1689. command.append(target_entry.get_text())
  1690. # get Final code: Remote Payload
  1691. target_entry = self.wTree.get_object('remotefinal')
  1692. if target_entry.get_active() == False:
  1693. pass
  1694. else:
  1695. target_entry = self.wTree.get_object('payload_entry')
  1696. if target_entry.get_text() == "":
  1697. pass
  1698. else:
  1699. command.append("--Fr")
  1700. command.append(target_entry.get_text())
  1701. # get Final code: DOS client side
  1702. target_entry = self.wTree.get_object('dosclient')
  1703. if target_entry.get_active() == False:
  1704. pass
  1705. else:
  1706. command.append("--Dos")
  1707. # get Final code: DOS Server side
  1708. target_entry = self.wTree.get_object('dosserver')
  1709. if target_entry.get_active() == False:
  1710. pass
  1711. else:
  1712. command.append("--Doss")
  1713. # get Final code: Base 64 POC
  1714. target_entry = self.wTree.get_object('b64')
  1715. if target_entry.get_active() == False:
  1716. pass
  1717. else:
  1718. command.append("--B64")
  1719. # get Final code: OnMouseMove event ()
  1720. target_entry = self.wTree.get_object('onmouse')
  1721. if target_entry.get_active() == False:
  1722. pass
  1723. else:
  1724. command.append("--Onm")
  1725. # get Final code: Iframe tag
  1726. target_entry = self.wTree.get_object('iframe')
  1727. if target_entry.get_active() == False:
  1728. pass
  1729. else:
  1730. command.append("--Ifr")
  1731. # get SAVE results option
  1732. target_entry = self.wTree.get_object('save')
  1733. if target_entry.get_active() == False:
  1734. pass
  1735. else:
  1736. command.append("--save")
  1737. # get Export xml option
  1738. target_entry = self.wTree.get_object('exportxml')
  1739. if target_entry.get_active() == False:
  1740. pass
  1741. else:
  1742. command.append("--xml")
  1743. command.append("xsser-test:" + str(datetime.datetime.now()) + ".xml")
  1744. # generate wizard commands
  1745. # step 1
  1746. if self.target_option != "":
  1747. command.append("-u")
  1748. command.append(self.target_option)
  1749. elif self.dork_option != "":
  1750. command.append("-d")
  1751. command.append(self.dork_option)
  1752. command.append("--De")
  1753. command.append(self.dorkengine_option)
  1754. # step 2
  1755. if self.combo_step2_choose == "1":
  1756. if self.payload_option != "":
  1757. command.append("-g")
  1758. command.append(self.payload_option)
  1759. elif self.combo_step2_choose == "2":
  1760. if self.payload_option != "":
  1761. command.append("-p")
  1762. command.append(self.payload_option)
  1763. elif self.combo_step2_choose == "3":
  1764. command.append("-c")
  1765. command.append("50")
  1766. command.append("--Cw")
  1767. command.append("3")
  1768. elif self.combo_step2_choose == "4":
  1769. command.append("-c")
  1770. command.append("20")
  1771. command.append("--Cw")
  1772. command.append("2")
  1773. command.append("--auto")
  1774. command.append("--Cl")
  1775. # step 3
  1776. step3_entry_proxy = self.wTree.get_object('step3_entry_proxy')
  1777. useragent = self.wTree.get_object('useragent')
  1778. if self.combo_step3_choose == "1":
  1779. command.append("--proxy")
  1780. command.append(step3_entry_proxy.get_text())
  1781. if useragent.get_text() == "Googlebot/2.1 (+http://www.google.com/bot.html)":
  1782. pass
  1783. else:
  1784. command.append("--user-agent")
  1785. command.append("Googlebot/2.1 (+http://www.google.com/bot.html)")
  1786. command.append("--referer")
  1787. command.append("http://127.0.0.1")
  1788. if self.combo_step3_choose == "2":
  1789. command.append("--proxy")
  1790. command.append("http://127.0.0.1:8118")
  1791. if self.combo_step3_choose == "3":
  1792. if useragent.get_text() == "Googlebot/2.1 (+http://www.google.com/bot.html)":
  1793. pass
  1794. else:
  1795. command.append("--user-agent")
  1796. command.append("Googlebot/2.1 (+http://www.google.com/bot.html)")
  1797. command.append("--referer")
  1798. command.append("http://127.0.0.1")
  1799. if self.combo_step3_choose == "4":
  1800. pass
  1801. # step 4
  1802. if self.combo_step4_choose == "1":
  1803. pass
  1804. if self.combo_step4_choose == "2":
  1805. command.append("--Hex")
  1806. if self.combo_step4_choose == "3":
  1807. command.append("--Mix")
  1808. if self.combo_step4_choose == "4":
  1809. command.append("--Cem")
  1810. command.append(self.cem_option)
  1811. if self.combo_step4_choose == "5":
  1812. command.append("--Str")
  1813. # step 5
  1814. if self.combo_step5_choose == "1":
  1815. pass
  1816. if self.combo_step5_choose == "2":
  1817. command.append("--payload")
  1818. command.append(self.scripts_option)
  1819. if self.combo_step5_choose == "3":
  1820. pass
  1821. # propagate the silent flag
  1822. if '--silent' in sys.argv:
  1823. command.append('--silent')
  1824. return command
  1825. def post(self, msg):
  1826. """
  1827. Callback called by xsser when it has output for the user
  1828. """
  1829. gdk.threads_enter()
  1830. self.post_ui(msg)
  1831. gdk.threads_leave()
  1832. def post_ui(self, msg):
  1833. """
  1834. Post a message to the interface in the interface thread
  1835. """
  1836. buffer = self.output.get_buffer()
  1837. iter = buffer.get_end_iter()
  1838. buffer.insert(iter, msg+'\n')
  1839. class XSSerThread(Thread):
  1840. def __init__ (self, cmd, mothership):
  1841. Thread.__init__(self)
  1842. self.app = xsser(mothership)
  1843. self._cmd = cmd
  1844. options = self.app.create_options(cmd)
  1845. self.app.set_options(options)
  1846. def set_webbrowser(self, browser):
  1847. self.app.set_webbrowser(browser)
  1848. def remove_reporter(self, reporter):
  1849. self.app.remove_reporter(reporter)
  1850. def add_reporter(self, reporter):
  1851. self.app.add_reporter(reporter)
  1852. def run(self):
  1853. self.app.run(self._cmd[1:])
  1854. if __name__ == "__main__":
  1855. uifile = "xsser.ui"
  1856. controller = Controller(uifile)
  1857. reactor.run()