优化描述, 修改bug

needle-wang · Oct 2, 2019 · c3a4bd1 · c3a4bd1
1 parent 032ea8a
commit c3a4bd1
Show file tree

Hide file tree

Showing 16 changed files with 334 additions and 174 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@ sqlmap GUI, using PyGObject(gtk+3)
 
 包含sqlmap所有选项(除了-d, 不定时更新sqlmap选项)  
 支持sqlmapapi客户端(API区)  
-内置终端!  
+内置终端  
 会话功能, 自动保存和载入上一次的选项  
 
 此GUI只能在linux下运行, 已在kali, debian系中测试通过.  
@@ -46,8 +46,8 @@ sqlmap已经移植到了python3!
 - 继续重构, 优化
 
 #### 关于
-1. V0.3.4  
-   2019-05-17 21:35  
+1. V0.3.4.1  
+   2019年10月02日 23:39:57  
    作者: needle wang ( [email protected] )  
 2. 使用PyGObject(Gtk+3: python3-gi)重写sqm.py  
 3. 感谢[sqm](https://github.com/kxcode/gui-for-sqlmap)带来的灵感, 其作者: [KINGX](https://github.com/kxcode) (sqm UI 使用的是python2 + tkinter)  

diff --git a/handler_api.py b/handler_api.py
@@ -6,7 +6,7 @@
 import ast
 import requests
 
-from widgets import g, GLib
+from widgets import (g, GLib)
 
 
 class Api(object):

diff --git a/handlers.py b/handlers.py
@@ -9,7 +9,7 @@
 from pathlib import Path
 from urllib.parse import urlparse
 
-from widgets import g, GLib, Vte
+from widgets import (g, GLib, Vte)
 from handler_api import Api
 # from basis_and_tool.logging_needle import get_console_logger
 # logger = get_console_logger()
@@ -31,25 +31,25 @@ def __init__(self, window, m):
     self.api = Api(window, m)
 
   def build_all(self, button):
-    _target = self._get_target()
     _opts_list = self._collect_opts()
 
-    _final_line = _target + ''.join(_opts_list)
-    # print(_final_line)
-    if _final_line is not None:
-      self.m._cmd_entry.set_text(_final_line.strip())
+    _opts_list = ''.join(_opts_list)
+    # print(_opts_list)
+    if _opts_list is not None:
+      self.m._cmd_entry.set_text(_opts_list.strip())
       # self.m._cmd_entry.grab_focus()
 
   def run_cmdline(self, button):
     '''
     only for posix, won't code it for win now.
     '''
     sqlmap_path = self.get_sqlmap_path()
+    _target = self._get_target()
     _sqlmap_opts = self.m._cmd_entry.get_text().strip()
 
     if IS_POSIX:
       self.w.main_notebook.next_page()
-      _cmdline_str = '%s %s\n' % (sqlmap_path, _sqlmap_opts)
+      _cmdline_str = '%s %s %s\n' % (sqlmap_path, _target, _sqlmap_opts)
       # print(_cmdline_str, len(_cmdline_str.encode('utf8')))
       # self.m._page2_cmdline_str_label.set_text("running: " + _cmdline_str)
       if Vte.MAJOR_VERSION >= 0 and Vte.MINOR_VERSION > 52:
@@ -584,7 +584,7 @@ def _collect_opts(self):
       self._get_text_from_entry("--skip=",
                                 m._inject_area_skip_ckbtn,
                                 m._inject_area_skip_entry),
-      self._get_text_from_entry("--para-exclude=",
+      self._get_text_from_entry("--param-exclude=",
                                 m._inject_area_param_exclude_ckbtn,
                                 m._inject_area_param_exclude_entry),
       self._get_text_from_entry("--dbms=",
@@ -638,8 +638,8 @@ def _collect_opts(self):
                                 m._tech_area_union_col_ckbtn,
                                 m._tech_area_union_col_entry, None),
       self._get_text_from_entry("--union-char=",
-                                m._tech_area_union_chr_ckbtn,
-                                m._tech_area_union_chr_entry),
+                                m._tech_area_union_char_ckbtn,
+                                m._tech_area_union_char_entry),
       self._get_text_from_entry("--union-from=",
                                 m._tech_area_union_from_ckbtn,
                                 m._tech_area_union_from_entry),

diff --git a/model.py b/model.py
@@ -2,8 +2,8 @@
 #
 # 2018年 11月 10日 星期六 07:16:38 CST
 
-from widgets import g, Vte, btn, cb, cbb, et, label, sl, sp, tv
-from widgets import FileEntry, NumberEntry
+from widgets import (g, Vte, btn, cb, cbb, et, label, sl, sp, tv)
+from widgets import (FileEntry, NumberEntry)
 from widgets import HORIZONTAL
 
 
@@ -29,28 +29,28 @@ def __init__(self):
     self._sqlmap_path_entry = FileEntry()
     self._sqlmap_path_chooser = btn.new_with_label('打开')
     # 注入选项
-    self._inject_area_param_ckbtn = cb('可测试的参数')
+    self._inject_area_param_ckbtn = cb('仅测参数')
     self._inject_area_param_entry = et()
-    self._inject_area_skip_static_ckbtn = cb('跳过无动态特性的参数')
+    self._inject_area_skip_static_ckbtn = cb('跳过不像是动态的参数')
     self._inject_area_prefix_ckbtn = cb('payload前缀')
     self._inject_area_prefix_entry = et()
     self._inject_area_suffix_ckbtn = cb('payload后缀')
     self._inject_area_suffix_entry = et()
-    self._inject_area_skip_ckbtn = cb('排除参数')
+    self._inject_area_skip_ckbtn = cb('忽略参数')
     self._inject_area_skip_entry = et()
-    self._inject_area_param_exclude_ckbtn = cb('排除参数(正则)')
+    self._inject_area_param_exclude_ckbtn = cb('忽略参数(正则)')
     self._inject_area_param_exclude_entry = et()
-    self._inject_area_dbms_ckbtn = cb('固定DB类型为')
+    self._inject_area_dbms_ckbtn = cb('固定DBMS为')
     self._inject_area_dbms_combobox = cbb()
     self._inject_area_dbms_cred_ckbtn = cb('DB认证')
     self._inject_area_dbms_cred_entry = et()
     self._inject_area_os_ckbtn = cb('固定OS为')
     self._inject_area_os_entry = et()
-    self._inject_area_no_cast_ckbtn = cb('关掉payload变形机制')
+    self._inject_area_no_cast_ckbtn = cb('关闭数据类型转换')
     self._inject_area_no_escape_ckbtn = cb('关掉string转义')
-    self._inject_area_invalid_logic_ckbtn = cb('使用逻辑运算符')
+    self._inject_area_invalid_logic_ckbtn = cb('使用布尔运算')
     self._inject_area_invalid_bignum_ckbtn = cb('使用大数')
-    self._inject_area_invalid_str_ckbtn = cb('使用随机字符串')
+    self._inject_area_invalid_str_ckbtn = cb('使用随机字符')
     # 探测选项
     self._detection_area_level_ckbtn = cb('探测等级(范围)')
     self._detection_area_level_scale = sl(HORIZONTAL, 1, 5, 1)
@@ -69,12 +69,12 @@ def __init__(self):
     # 各注入技术的选项
     self._tech_area_tech_ckbtn = cb('注入技术')
     self._tech_area_tech_entry = et()
-    self._tech_area_time_sec_ckbtn = cb('指定DB延迟多少秒响应')
+    self._tech_area_time_sec_ckbtn = cb('指定DB延迟几秒响应')
     self._tech_area_time_sec_entry = NumberEntry()
     self._tech_area_union_col_ckbtn = cb('指定最大union列数')
     self._tech_area_union_col_entry = NumberEntry()
-    self._tech_area_union_chr_ckbtn = cb('指定枚举列数时所用字符')
-    self._tech_area_union_chr_entry = et()
+    self._tech_area_union_char_ckbtn = cb('指定枚举列数时所用字符')
+    self._tech_area_union_char_entry = et()
     self._tech_area_union_from_ckbtn = cb('指定枚举列数时from的表名')
     self._tech_area_union_from_entry = et()
     self._tech_area_dns_ckbtn = cb('指定DNS')
@@ -89,15 +89,15 @@ def __init__(self):
     # 性能优化
     self._optimize_area_turn_all_ckbtn = cb('启用所有优化选项')
     self._optimize_area_thread_num_ckbtn = cb('使用线程数:')
-    self._optimize_area_thread_num_spinbtn = sp.new_with_range(2, 1000, 2)
+    self._optimize_area_thread_num_spinbtn = sp.new_with_range(2, 10, 1)
     self._optimize_area_predict_ckbtn = cb('预测通常的查询结果')
     self._optimize_area_keep_alive_ckbtn = cb('http连接使用keep-alive')
-    self._optimize_area_null_connect_ckbtn = cb('只用页面长度报头来比较, 不去获取实际的响应体')
+    self._optimize_area_null_connect_ckbtn = cb('只比较响应大小报头, 不获取响应主体')
     # 常用选项
     self._general_area_verbose_ckbtn = cb('输出详细程度')
     self._general_area_verbose_scale = sl(HORIZONTAL, 0, 6, 1)
-    self._general_area_finger_ckbtn = cb('执行宽泛的DB版本检测')
-    self._general_area_hex_ckbtn = cb('获取数据时使用hex转换')
+    self._general_area_finger_ckbtn = cb('精确检测DB等版本信息')
+    self._general_area_hex_ckbtn = cb('响应使用hex转换')
     self._general_area_batch_ckbtn = cb('非交互模式, 一切皆默认')
     self._page1_misc_wizard_ckbtn = cb('新手向导')
     # 隐藏选项
@@ -134,9 +134,9 @@ def __init__(self):
     self._request_area_headers_ckbtn = cb('额外的headers')
     self._request_area_headers_entry = et()
     # HTTP data
-    self._request_area_method_ckbtn = cb('HTTP请求方式')
+    self._request_area_method_ckbtn = cb('指定HTTP请求方式')
     self._request_area_method_entry = et()
-    self._request_area_param_del_ckbtn = cb('指定分隔data参数值的字符')
+    self._request_area_param_del_ckbtn = cb('指定--data=中的参数分隔符')
     self._request_area_param_del_entry = et()
     self._request_area_post_ckbtn = cb('通过POST提交data:')
     self._request_area_post_entry = et()
@@ -167,7 +167,7 @@ def __init__(self):
     self._request_area_skip_urlencode_ckbtn = cb('payload不使用url编码')
     self._request_area_force_ssl_ckbtn = cb('强制使用HTTPS')
     self._request_area_chunked_ckbtn = cb('"分块传输"发送POST请求')
-    self._request_area_hpp_ckbtn = cb('使用HTTP参数污染')
+    self._request_area_hpp_ckbtn = cb('HTTP参数污染')
     self._request_area_delay_ckbtn = cb('请求间隔(秒)')
     self._request_area_delay_entry = NumberEntry()
     self._request_area_timeout_ckbtn = cb('几秒超时')
@@ -227,10 +227,10 @@ def __init__(self):
     self._limit_area_stop_ckbtn = cb('止于第')
     self._limit_area_stop_entry = NumberEntry()
     # 盲注选项
-    self._blind_area_first_ckbtn = cb('首字符')
-    self._blind_area_first_entry = et()
-    self._blind_area_last_ckbtn = cb('末字符')
-    self._blind_area_last_entry = et()
+    self._blind_area_first_ckbtn = cb('从第')
+    self._blind_area_first_entry = NumberEntry()
+    self._blind_area_last_ckbtn = cb('到第')
+    self._blind_area_last_entry = NumberEntry()
     # 数据库名, 表名, 列名...
     self._meta_area_D_ckbtn = cb('指定库名')
     self._meta_area_D_entry = et()
@@ -262,7 +262,7 @@ def __init__(self):
     self._file_read_area_file_read_entry = et()
     self._file_read_area_file_read_btn = btn.new_with_label('查看')
     # 文件上传
-    self._file_write_area_udf_ckbtn = cb('注入(默认sqlmap自带的)用户定义函数')
+    self._file_write_area_udf_ckbtn = cb('注入UDF(仅限MySQL和PostgreSQL)')
     self._file_write_area_shared_lib_ckbtn = cb('本地共享库路径(--shared-lib=)')
     self._file_write_area_shared_lib_entry = FileEntry()
     self._file_write_area_shared_lib_chooser = btn.new_with_label('打开')
@@ -287,11 +287,11 @@ def __init__(self):
     # 访问WIN下注册表
     self._file_os_registry_reg_ckbtn = cb('键值操作:')
     self._file_os_registry_reg_combobox = g.ComboBoxText.new()
-    self._file_os_registry_reg_key_label = label.new('键')
+    self._file_os_registry_reg_key_label = label.new('键名路径')
     self._file_os_registry_reg_key_entry = et()
-    self._file_os_registry_reg_value_label = label.new('值')
+    self._file_os_registry_reg_value_label = label.new('键')
     self._file_os_registry_reg_value_entry = et()
-    self._file_os_registry_reg_data_label = label.new('数据')
+    self._file_os_registry_reg_data_label = label.new('值')
     self._file_os_registry_reg_data_entry = et()
     self._file_os_registry_reg_type_label = label.new('类型')
     self._file_os_registry_reg_type_entry = et()
@@ -301,11 +301,11 @@ def __init__(self):
     self._page1_general_fresh_queries_ckbtn = cb('刷新此次查询')
     self._page1_general_flush_session_ckbtn = cb('清空目标的会话文件')
     self._page1_general_eta_ckbtn = cb('显示剩余时间')
-    self._page1_general_binary_fields_ckbtn = cb('生成有二进制值的字段')
+    self._page1_general_binary_fields_ckbtn = cb('有二进制值的字段')
     self._page1_general_binary_fields_entry = et()
-    self._page1_general_forms_ckbtn = cb('解析和测试目标url内的表单')
-    self._page1_general_parse_errors_ckbtn = cb('解析并显示DB错误信息')
-    self._page1_misc_cleanup_ckbtn = cb('清理DBMS中sqlmap产生的UDF和表')
+    self._page1_general_forms_ckbtn = cb('获取form表单参数并测试')
+    self._page1_general_parse_errors_ckbtn = cb('解析并显示响应中的错误信息')
+    self._page1_misc_cleanup_ckbtn = cb('清理DBMS中的入侵痕迹!')
     self._page1_general_preprocess_ckbtn = cb('指定预处理响应数据的脚本')
     self._page1_general_preprocess_entry = et()
     self._page1_general_preprocess_chooser = btn.new_with_label('打开')
@@ -320,7 +320,7 @@ def __init__(self):
     self._page1_general_session_file_ckbtn = cb('载入会话文件')
     self._page1_general_session_file_entry = FileEntry()
     self._page1_general_session_file_chooser = btn.new_with_label('打开')
-    self._page1_general_output_dir_ckbtn = cb('输出的保存目录')
+    self._page1_general_output_dir_ckbtn = cb('指定output目录')
     self._page1_general_output_dir_entry = FileEntry()
     self._page1_general_output_dir_chooser = btn.new_with_label('打开')
     self._page1_general_dump_format_ckbtn = cb('dump结果的文件格式')
@@ -350,15 +350,15 @@ def __init__(self):
     self._page1_misc_tmp_dir_entry = FileEntry()
     self._page1_misc_tmp_dir_chooser = btn.new_with_label('打开')
     self._page1_misc_identify_waf_ckbtn = cb('鉴别WAF')
-    self._page1_misc_skip_waf_ckbtn = cb('跳过对WAF/IPS保护的启发式侦测')
-    self._page1_misc_smart_ckbtn = cb('只对明显注入点进行详细测试')
+    self._page1_misc_skip_waf_ckbtn = cb('跳过对WAF/IPS保护的侦测')
+    self._page1_misc_smart_ckbtn = cb('寻找明显目标并测试')
     self._page1_misc_list_tampers_ckbtn = cb('列出可用的tamper脚本')
     self._page1_misc_sqlmap_shell_ckbtn = cb('打开sqlmap交互shell')
     self._page1_misc_disable_color_ckbtn = cb('禁用终端输出的颜色')
-    self._page1_misc_offline_ckbtn = cb('离线模式(只使用保存的会话数据)')
+    self._page1_misc_offline_ckbtn = cb('离线模式(仅使用本地会话数据)')
     self._page1_misc_mobile_ckbtn = cb('模拟手机请求')
     self._page1_misc_beep_ckbtn = cb('响铃')
-    self._page1_misc_purge_ckbtn = cb('彻底清除所有记录')
+    self._page1_misc_purge_ckbtn = cb('抹掉本地所有记录')
     self._page1_misc_dependencies_ckbtn = cb('检查丢失的(非核心的)sqlmap依赖')
     self._page1_general_update_ckbtn = cb('更新sqlmap')
     self._page1_misc_answers_ckbtn = cb('设置交互时的问题答案:')