add: -d --base64 --base64-safe --proxy-freq

needle-wang · needle-wang · commit 26586b4f1d4d · 2021-01-03T22:57:57.000+08:00
diff --git a/README.md b/README.md
@@ -23,11 +23,11 @@ don't use python2 any more please.
   - `./sqlmap_gtk.py`
 
 #### FUNCTION
-- sqlmap(1.3.12.1#dev) all options(except -d)
+- all sqlmap(1.4.12.45#dev) options(except --all)
 - sqlmapapi client
 - built-in terminal
 - session: autosave current options before quit, autoload last used options
-- language switch: english, chinese
+- language switch(see `ABOUT` page): English, Chinese
 
 #### ABOUT
 - v0.3.5  
diff --git a/handlers.py b/handlers.py
@@ -192,7 +192,8 @@ def _get_target(self):
                     ("-r ", m._request_file.get_text),
                     ("-m ", m._bulkfile.get_text),
                     ("-c ", m._configfile.get_text),
-                    ("-g ", m._google_dork.get_text)]
+                    ("-g ", m._google_dork.get_text),
+                    ("-d ", m._direct_connect.get_text)]
 
     _target_tmp = _target_list[_current_pagenum][1]().strip()
     if _target_tmp:
@@ -214,6 +215,11 @@ def _collect_opts(self):
                                 m._page1_general_parse_errors_ckbtn),
       self._get_text_only_ckbtn("--cleanup",
                                 m._page1_misc_cleanup_ckbtn),
+      self._get_text_from_entry("--base64=",
+                                m._page1_general_base64_ckbtn,
+                                m._page1_general_base64_entry),
+      self._get_text_only_ckbtn("--base64-safe",
+                                m._page1_general_base64_safe_ckbtn),
       self._get_text_from_entry("--table-prefix=",
                                 m._page1_general_table_prefix_ckbtn,
                                 m._page1_general_table_prefix_entry),
@@ -569,6 +575,9 @@ def _collect_opts(self):
                                 m._request_area_ignore_proxy_ckbtn),
       self._get_http_proxy(),
       self._get_http_proxy_cred(),
+      self._get_text_from_entry("--proxy-freq=",
+                                m._request_area_proxy_freq_ckbtn,
+                                m._request_area_proxy_freq_entry),
       self._get_text_from_entry("--proxy-file=",
                                 m._request_area_proxy_file_ckbtn,
                                 m._request_area_proxy_file_entry),
@@ -695,8 +704,6 @@ def _collect_opts(self):
       self._get_text_only_ckbtn("--wizard",
                                 m._page1_misc_wizard_ckbtn),
       self._get_tampers(),
-      self._get_text_only_ckbtn("--base64",
-                                m._hidden_area_base64_ckbtn),
       self._get_text_only_ckbtn("--crack",
                                 m._hidden_area_crack_ckbtn),
       self._get_text_only_ckbtn("--debug",
diff --git a/locale_text.py b/locale_text.py
@@ -75,7 +75,7 @@ def __init__(self, language = 'en'):
     self.text_dict['General'] = '通用项'
     self.text_dict['Misc'] = '杂项'
 
-    self.text_dict['check if exists:'] = '检查是否存在:'
+    self.text_dict['check existence of:'] = '检查是否存在:'
     self.text_dict['cat'] = '查看'
     self.text_dict['with Meterpreter(TCP connect):'] = 'Meterpreter相关(TCP连接):'
     self.text_dict['operate:'] = '操作:'
diff --git a/model.py b/model.py
@@ -26,6 +26,7 @@ def __init__(self, language):
     self._configfile = FileEntry()
     self._configfile_chooser = btn.new_with_label(_('open'))
     self._google_dork = et()
+    self._direct_connect = et()
   # OPTIONS(1)
   # collected options:
     self._cmd_entry = et()
@@ -119,7 +120,6 @@ def __init__(self, language):
     self._page1_misc_wizard_ckbtn = cb(_('--wizard'))
     # Hidden
     self._hidden_frame = Frame.new(_('Hidden'))
-    self._hidden_area_base64_ckbtn = cb(_('--base64'))
     self._hidden_area_crack_ckbtn = cb(_('--crack'))
     self._hidden_area_debug_ckbtn = cb(_('--debug'))
     self._hidden_area_profile_ckbtn = cb(_('--profile'))
@@ -219,10 +219,12 @@ def __init__(self, language):
     self._request_area_safe_freq_ckbtn = cb(_('--safe-freq'))
     self._request_area_safe_freq_entry = et(width_chars = 10)
     self._request_area_ignore_proxy_ckbtn = cb(_('--ignore-proxy'))
-    self._request_area_proxy_ckbtn = cb(_('--proxy'))
+    self._request_area_proxy_freq_ckbtn = cb(_('--proxy-freq'))
+    self._request_area_proxy_freq_entry = NumberEntry()
     self._request_area_proxy_file_ckbtn = cb(_('--proxy-file'))
     self._request_area_proxy_file_entry = FileEntry()
     self._request_area_proxy_file_chooser = btn.new_with_label(_('open'))
+    self._request_area_proxy_ckbtn = cb(_('--proxy'))
     self._request_area_proxy_ip_label = label.new('IP:')
     self._request_area_proxy_ip_entry = et()
     self._request_area_proxy_port_label = label.new('PORT:')
@@ -345,6 +347,9 @@ def __init__(self, language):
     self._page1_general_forms_ckbtn = cb(_('--forms'))
     self._page1_general_parse_errors_ckbtn = cb(_('--parse-errors'))
     self._page1_misc_cleanup_ckbtn = cb(_('--cleanup'))
+    self._page1_general_base64_ckbtn = cb(_('--base64'))
+    self._page1_general_base64_entry = et()
+    self._page1_general_base64_safe_ckbtn = cb(_('--base64-safe'))
     self._page1_general_table_prefix_ckbtn = cb(_('--table-prefix'))
     self._page1_general_table_prefix_entry = et(width_chars = 15)
     self._page1_general_binary_fields_ckbtn = cb(_('--binary-fields'))
diff --git a/opts_gtk.py b/opts_gtk.py
@@ -328,7 +328,6 @@ def _build_page1_setting_general(self, m):
   def _build_page1_setting_hidden(self, m):
     _boxes = [Box() for _ in range(6)]
 
-    _boxes[0].pack_start(m._hidden_area_base64_ckbtn, False, True, 5)
     _boxes[0].pack_start(m._hidden_area_crack_ckbtn, False, True, 5)
     _boxes[0].pack_start(m._hidden_area_debug_ckbtn, False, True, 5)
     _boxes[0].pack_start(m._hidden_area_profile_ckbtn, False, True, 5)
@@ -541,14 +540,17 @@ def _build_page1_request_proxy(self, m):
       [m._request_area_proxy_file_entry]
     )
 
+    m._request_area_proxy_freq_entry.set_width_chars(10)
     m._request_area_proxy_port_entry.set_width_chars(10)
     m._request_area_tor_port_entry.set_width_chars(10)
 
     _boxes[3].pack_start(m._request_area_ignore_proxy_ckbtn, False, True, 5)
-    _boxes[3].pack_start(m._request_area_proxy_ckbtn, False, True, 5)
+    _boxes[3].pack_start(m._request_area_proxy_freq_ckbtn, False, True, 5)
+    _boxes[3].pack_start(m._request_area_proxy_freq_entry, False, True, 5)
     _boxes[3].pack_start(m._request_area_proxy_file_ckbtn, False, True, 5)
     _boxes[3].pack_start(m._request_area_proxy_file_entry, True, True, 0)
     _boxes[3].pack_start(m._request_area_proxy_file_chooser, False, True, 5)
+    _boxes[4].pack_start(m._request_area_proxy_ckbtn, False, True, 5)
     _boxes[4].pack_start(m._request_area_proxy_ip_label, False, True, 5)
     _boxes[4].pack_start(m._request_area_proxy_ip_entry, True, True, 5)
     _boxes[4].pack_start(m._request_area_proxy_port_label, False, True, 5)
@@ -725,7 +727,7 @@ def _build_page1_enumeration_brute_force(self, m):
     _brute_force_area_opts = Box(orientation=VERTICAL)
 
     _row1 = Box()
-    _row1.pack_start(label.new(m.text.gettext('check if exists:')), False, True, 10)
+    _row1.pack_start(label.new(m.text.gettext('check existence of:')), False, True, 10)
     _row1.pack_start(m._brute_force_area_common_tables_ckbtn, False, True, 0)
     _row1.pack_start(m._brute_force_area_common_columns_ckbtn, False, True, 5)
     _row1.pack_start(m._brute_force_area_common_files_ckbtn, False, True, 0)
@@ -910,6 +912,9 @@ def _build_page1_other_general(self, m):
     _boxes[i].pack_start(m._page1_general_forms_ckbtn, False, True, 5)
     _boxes[i].pack_start(m._page1_general_parse_errors_ckbtn, False, True, 5)
     _boxes[i].pack_start(m._page1_misc_cleanup_ckbtn, False, True, 5)
+    _boxes[i].pack_start(m._page1_general_base64_ckbtn, False, True, 5)
+    _boxes[i].pack_start(m._page1_general_base64_entry, False, True, 5)
+    _boxes[i].pack_start(m._page1_general_base64_safe_ckbtn, False, True, 5)
 
     m._page1_general_preprocess_chooser.connect(
       'clicked',
diff --git a/sqlmap_gtk.py b/sqlmap_gtk.py
@@ -225,13 +225,19 @@ def _build_target_notebook(self, target_nb):
     _google_dork_area = Box()
     _google_dork_area.pack_start(m._google_dork, True, True, 0)
 
+    _direct_connect_area = Box()
+    m._direct_connect.set_text('mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME or '
+                               'access://DATABASE_FILEPATH')
+    _direct_connect_area.pack_start(m._direct_connect, True, True, 0)
+
     _ = m.text.gettext
     target_nb.append_page(_url_area, label.new(_('-u URL')))
     target_nb.append_page(_burp_area, label.new(_('-l LOGFILE')))
     target_nb.append_page(_request_area, label.new(_('-r REQUESTFILE')))
     target_nb.append_page(_bulkfile_area, label.new(_('-m BULKFILE')))
     target_nb.append_page(_configfile_area, label.new(_('-c CONFIGFILE')))
     target_nb.append_page(_google_dork_area, label.new(_('-g GOOGLEDORK')))
+    target_nb.append_page(_direct_connect_area, label.new(_('-d DIRECT')))
 
   def _build_page1(self):
     box = Box(orientation=VERTICAL, spacing=6)
diff --git a/tooltips.py b/tooltips.py
@@ -25,6 +25,8 @@ def set_all_placeholders(self, m):
                           m._configfile)
     self._set_placeholder('-g: Process Google dork results as target URLs',
                           m._google_dork)
+    self._set_placeholder('-d: DIRECT Connection string for direct database connection',
+                          m._direct_connect)
     # OPTIONS(page1)
     # 1.Inject(Q)
     self._set_placeholder('id,user-agent',
@@ -179,7 +181,7 @@ def set_all_tooltips(self, m):
     self._set_tooltip('--no-cast Turn off payload casting mechanism\n'
         'When retrieving results, all entries would be casted to string type\n'
         'and replaced with a whitespace character in case of NULL values.\n'
-        'if in trouble(e.g. older versions of MySQL), check it.',
+        'if got problem(e.g. older versions of MySQL), check it.',
                       m._inject_area_no_cast_ckbtn)
     self._set_tooltip('--no-escape\n'
         'unchecked: select \'foobar\' become select char(102)+char(111)...\n'
@@ -195,7 +197,7 @@ def set_all_tooltips(self, m):
         'True: id=13, False: id=akewmc',
                       m._inject_area_invalid_string_ckbtn)
     self._set_tooltip('--text-only\n'
-        'In cases with lot of resource(e.g. js, embeds) in some HTTP responses\' body'
+        'In cases with lots of resource(e.g. js, embeds) in some HTTP responses\' body'
         'check it so that sqlmap focus on textual content\n'
         'to know the distinction of a True query from a False one',
                       m._detection_area_text_only_ckbtn)
@@ -271,7 +273,7 @@ def set_all_tooltips(self, m):
         'combining with -b would be more accurate.',
                       m._general_area_finger_ckbtn)
     self._set_tooltip('--hex\n'
-        'In lost of cases retrieval of non-ASCII data requires special needs.'
+        'In lost of cases retrieval of non-ASCII data requires special needs.\n'
         'checked: data is encoded to hexadecimal form before being retrieved and afterwards unencoded.\n',
                       m._general_area_hex_ckbtn)
     self._set_tooltip('--wizard vector mode for beginner.',
@@ -338,9 +340,19 @@ def set_all_tooltips(self, m):
         'Load and use safe HTTP request from a file.',
                       m._request_area_safe_req_ckbtn,
                       m._request_area_safe_req_entry)
-    self._set_tooltip('--safe-freq=SAFE..  Test requests between two visits to a given safe URL',
+    self._set_tooltip('--safe-freq=SAFE.. Test requests between two visits to a given safe URL',
                       m._request_area_safe_freq_ckbtn,
                       m._request_area_safe_freq_entry)
+    self._set_tooltip('--ignore-proxy Ignore system default proxy settings',
+                      m._request_area_ignore_proxy_ckbtn)
+    self._set_tooltip('--proxy-freq=PRO.. Requests between change of proxy from a given list',
+                      m._request_area_proxy_freq_ckbtn,
+                      m._request_area_proxy_freq_entry)
+    self._set_tooltip('--proxy-cred=PRO.. Proxy authentication credentials (name:password)',
+                      m._request_area_proxy_username_label,
+                      m._request_area_proxy_username_entry,
+                      m._request_area_proxy_password_label,
+                      m._request_area_proxy_password_entry)
     # 3.Enumerate(E)
     self._set_tooltip('-b get DB banner: version()/@@version',
                       m._enum_area_opts_ckbtns[0][0])
@@ -419,7 +431,7 @@ def set_all_tooltips(self, m):
         '         2.the session user has the needed privileges',
                       m._file_read_area_file_read_ckbtn,
                       m._file_read_area_file_read_entry)
-    self._set_tooltip('just view the file that has downloaded.',
+    self._set_tooltip('just view the downloaded file.',
                       m._file_read_area_file_read_btn)
     self._set_tooltip('--udf-inject\n'
         'UDF: user-defined function, only for MySQL or PostgreSQL.\n',
@@ -551,7 +563,7 @@ def set_all_tooltips(self, m):
         'level': 1, 'risk': 1,
       }
       5. click "set:" to send the dict
-      6. click start after sending the dict
+      6. click "start" after sending the dict
       Note: 1. click "view tasks" to recheck tasks' status.
             2. sqlmapapi's options are not the same with sqlmap;
                sqlmapapi accept options, but won't verify it!
diff --git a/tooltips_zh.py b/tooltips_zh.py
@@ -25,6 +25,8 @@ def set_all_placeholders(self, m):
                           m._configfile)
     self._set_placeholder('-g: 将google dork的结果作为目标url',
                           m._google_dork)
+    self._set_placeholder('-d: 直接连接远程DB的连接字符串',
+                          m._direct_connect)
     # 选项区(page1)
     # 1.测试页面(Q)
     self._set_placeholder('id,user-agent',
@@ -404,21 +406,24 @@ def set_all_tooltips(self, m):
     self._set_tooltip('--safe-req=',
                       m._request_area_safe_req_ckbtn,
                       m._request_area_safe_req_entry)
-    self._set_tooltip('--safe-freq=SAFE..  Test requests between two visits to a given safe URL',
+    self._set_tooltip('--safe-freq=SAFE.. Test requests between two visits to a given safe URL',
                       m._request_area_safe_freq_ckbtn,
                       m._request_area_safe_freq_entry)
-    self._set_tooltip('--ignore-proxy',
+    self._set_tooltip('--ignore-proxy Ignore system default proxy settings',
                       m._request_area_ignore_proxy_ckbtn)
+    self._set_tooltip('--proxy-freq=PRO.. Requests between change of proxy from a given list',
+                      m._request_area_proxy_freq_ckbtn,
+                      m._request_area_proxy_freq_entry)
+    self._set_tooltip('--proxy-file=',
+                      m._request_area_proxy_file_ckbtn,
+                      m._request_area_proxy_file_entry)
     self._set_tooltip('--proxy=',
                       m._request_area_proxy_ckbtn,
                       m._request_area_proxy_ip_label,
                       m._request_area_proxy_ip_entry,
                       m._request_area_proxy_port_label,
                       m._request_area_proxy_port_entry)
-    self._set_tooltip('--proxy-file=',
-                      m._request_area_proxy_file_ckbtn,
-                      m._request_area_proxy_file_entry)
-    self._set_tooltip('--proxy-cred=',
+    self._set_tooltip('--proxy-cred=PRO.. Proxy authentication credentials (name:password)',
                       m._request_area_proxy_username_label,
                       m._request_area_proxy_username_entry,
                       m._request_area_proxy_password_label,
