log_view_buffer missd %s

Author: needle-wang

.gitignore

@@ -20,6 +20,8 @@ parts/
 sdist/
 var/
 wheels/
+pip-wheel-metadata/
+share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
@@ -38,12 +40,14 @@ pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
+.nox/
 .coverage
 .coverage.*
 .cache
 nosetests.xml
 coverage.xml
 *.cover
+*.py,cover
 .hypothesis/
 .pytest_cache/
 
@@ -55,6 +59,7 @@ coverage.xml
 *.log
 local_settings.py
 db.sqlite3
+db.sqlite3-journal
 
 # Flask stuff:
 instance/
@@ -72,11 +77,26 @@ target/
 # Jupyter Notebook
 .ipynb_checkpoints
 
+# IPython
+profile_default/
+ipython_config.py
+
 # pyenv
 .python-version
 
-# celery beat schedule file
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
 celerybeat-schedule
+celerybeat.pid
 
 # SageMath parsed files
 *.sage.py
@@ -102,6 +122,11 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
 
 *.lprof
 *.tmp

handler_api.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-# encoding: utf-8
 #
 # 2019年 05月 14日 星期二 22:32:20 CST
 
@@ -41,7 +40,7 @@ def task_new(self, button):
 
   def admin_list(self, button):
     '''
-    @get("/admin/<taskid>/list") 查看所有任务，并显示运行状态
+    @get("/admin/<taskid>/list") 查看所有任务, 并显示运行状态
     '''
     _host = self.m._page4_api_server_entry.get_text().strip()
     _token = self.m._page4_admin_token_entry.get_text().strip()
@@ -226,7 +225,7 @@ def admin_flush(self, button):
         if _resp['success']:
           for _a_child in self.w._api_admin_list_rows.get_children():
             self.w._api_admin_list_rows.remove(_a_child)
-          self.task_view_append('清空全部任务: 成功')
+          self.task_view_append('清空全部任务: 成功.')
       except Exception as e:
         self.task_view_append(e)
 

handlers.py

@@ -4,7 +4,6 @@
 
 import time
 from os import environ, name as OS_NAME
-# python3.5+
 from pathlib import Path
 from urllib.parse import urlparse
 
@@ -14,7 +13,7 @@
 # logger = get_console_logger()
 
 IS_POSIX = True if OS_NAME == 'posix' else False
-QUOTE = "'%s'" if OS_NAME == 'posix' else '"%s"'  # dos下只能用双引号
+QUOTE = "'%s'" if OS_NAME == 'posix' else '"%s"'  # for win, legacy
 
 
 class Handler(object):
@@ -40,7 +39,7 @@ def build_all(self, button):
 
   def run_cmdline(self, button):
     '''
-    only for posix, won't work for win now.
+    won't work at win.
     '''
     sqlmap_path = self.get_sqlmap_path()
     _target = self._get_target()
@@ -50,7 +49,6 @@ def run_cmdline(self, button):
       self.w.main_notebook.next_page()
       _cmdline_str = '%s %s %s\n' % (sqlmap_path, _target, _sqlmap_opts)
       # print(_cmdline_str, len(_cmdline_str.encode('utf8')))
-      # self.m._page2_cmdline_str_label.set_text("running: " + _cmdline_str)
       if Vte.MAJOR_VERSION >= 0 and Vte.MINOR_VERSION > 52:
         self.m._page2_terminal.feed_child_binary(_cmdline_str.encode('utf8'))
       else:
@@ -88,13 +86,12 @@ def set_file_entry_text(self, button, data):
     '''
     data: [file_entry, 'title of chooser']
     '''
-    if len(data) > 1:   # 选择目录
+    if len(data) > 1:
       dialog = g.FileChooserDialog(data[1], self.w,
                                    g.FileChooserAction.SELECT_FOLDER,
                                    ('_Cancel', g.ResponseType.CANCEL,
                                     '_Select', g.ResponseType.OK))
     else:
-      # 点击左侧的 最近使用 可选择目录, 小问题, 不用管.
       dialog = g.FileChooserDialog("选择文件", self.w,
                                    g.FileChooserAction.OPEN,
                                    ('_Cancel', g.ResponseType.CANCEL,
@@ -131,7 +128,7 @@ def _get_url_dir(self):
   def _log_view_insert(self, file_path):
     '''
     file_path: pathlib.Path
-               sqlmap库中dataToOutFile默认utf8写入
+               dataToOutFile in sqlmap lib writes with utf8 (default)
     '''
     _log_view_textbuffer = self.m._page3_log_view.get_buffer()
 
@@ -145,7 +142,7 @@ def _log_view_insert(self, file_path):
           for _line_tmp in _line_list_tmp:
             _log_view_textbuffer.insert(_end, _line_tmp)
         else:
-          _log_view_textbuffer.insert(_end, ': 空文件' % str(file_path))
+          _log_view_textbuffer.insert(_end, '%s: 空文件' % str(file_path))
     except EnvironmentError as e:
       _log_view_textbuffer.insert(_end, str(e))
     finally:
@@ -758,7 +755,6 @@ def _get_http_proxy(self):
     return ''
 
   def _get_tampers(self):
-    ''' --tamper=TAMPER     Use given script(s) for tampering injection data '''
     _tamper_textbuffer = self.m._tamper_area_tamper_view.get_buffer()
     _tampers = ''
 

model.py

@@ -268,7 +268,7 @@ def __init__(self):
     self._file_read_area_file_read_ckbtn = cb('远程文件路径(--file-read=)')
     self._file_read_area_file_read_entry = et(text = '/etc/passwd')
     self._file_read_area_file_read_btn = btn.new_with_label('查看')
-    # 文件上传
+    # 上传本地文件
     self._file_write_area_udf_ckbtn = cb('注入UDF(仅限MySQL和PostgreSQL)')
     self._file_write_area_shared_lib_ckbtn = cb('本地共享库路径(--shared-lib=)')
     self._file_write_area_shared_lib_entry = FileEntry()
@@ -380,7 +380,6 @@ def __init__(self):
     self._page1_misc_results_file_entry = FileEntry()
     self._page1_misc_results_file_chooser = btn.new_with_label('打开')
   # 输出区(2)
-    # self._page2_cmdline_str_label = label.new('')
     self._page2_respwan_btn = btn.new_with_label('重开终端')
     self._page2_right_btn = btn.new_with_label('context menu')
     self._page2_terminal = Vte.Terminal.new()

opts_gtk.py

@@ -152,8 +152,7 @@ def _build_page1_setting_inject(self, m):
     _boxes[10].pack_start(m._inject_area_no_escape_ckbtn, False, True, 5)
 
     _invalid_label = label.new('对payload中无效值:')
-    _invalid_label.set_tooltip_text('默认情况下, 要使原参数值无效时会改成相反数\n'
-        '真: id=13 假: id=-13')
+    _invalid_label.set_tooltip_text('默认情况下:\n真: id=13, 假: id=-13')
 
     _boxes[11].pack_start(_invalid_label, False, True, 5)
     _boxes[11].pack_end(m._inject_area_invalid_logic_ckbtn, False, True, 5)
@@ -268,7 +267,7 @@ def _build_page1_setting_tamper(self, m):
     一直按回车出现滚动条后, 光标会下移 直到移出可见区, 原内容不会上移
     即内容的显示没有 下滑 滚轮的效果.
     '''
-    f = Frame.new('tamper脚本')
+    f = Frame.new('Tamper脚本')
 
     _scrolled = g.ScrolledWindow()
     _scrolled.set_size_request(300, -1)
@@ -672,15 +671,14 @@ def _build_page1_enumeration_limit(self, m):
   def _build_page1_enumeration_blind(self, m):
     f = Frame.new('盲注选项')
 
-    _boxes = [Box() for _ in range(3)]
+    _boxes = [Box() for _ in range(2)]
 
     _boxes[0].pack_start(m._blind_area_first_ckbtn, False, True, 5)
     _boxes[0].pack_start(m._blind_area_first_entry, False, True, 0)
     _boxes[0].pack_start(label.new('个字符'), False, True, 5)
     _boxes[1].pack_start(m._blind_area_last_ckbtn, False, True, 5)
     _boxes[1].pack_start(m._blind_area_last_entry, False, True, 0)
     _boxes[1].pack_start(label.new('个字符'), False, True, 5)
-    _boxes[2].pack_start(label.new('只适用于盲注,\n因为报错,union注入要求列数相同'), False, True, 5)
 
     _blind_area_opts = Box(orientation=VERTICAL)
     for _ in _boxes:
@@ -748,7 +746,6 @@ def _build_page1_enumeration_brute_force(self, m):
     _brute_force_area_opts = Box(orientation=VERTICAL)
 
     _row1 = Box()
-
     _row1.pack_start(label.new('检查是否存在:'), False, True, 10)
     _row1.pack_start(m._brute_force_area_common_tables_ckbtn, False, True, 0)
     _row1.pack_start(m._brute_force_area_common_columns_ckbtn, False, True, 5)
@@ -770,7 +767,7 @@ def _build_page1_file(self):
     # http://www.sqlinjection.net/stacked-queries/
     # https://www.cnblogs.com/hongfei/p/3895980.html
     _file_note.set_tooltip_text(
-        '堆查询: MySQL/PHP - 不支持(supported by MySQL for other API)\n'
+        '堆查询: MySQL/PHP - 不支持(but supported by MySQL with other API)\n'
         '        SQL Server/Any API - 支持\n'
         '        PostgreSQL/PHP - 支持\n'
         '        Oracle/Any API - 不支持')
@@ -810,7 +807,7 @@ def _build_page1_file_read(self, m):
     return f
 
   def _build_page1_file_write(self, m):
-    f = Frame.new('文件上传')
+    f = Frame.new('上传本地文件')
 
     _boxes = [Box() for _ in range(3)]
 

session.py

@@ -117,7 +117,7 @@ def _load_from_tmp_ckbtn(self):
         else:  # _checked = [''], 则使用默认值
           pass
     except KeyError as e:
-      # 如果没有checked项, 则pass
+      # if no checked button, then pass
       pass
 
 

sqlmap_gtk.py

@@ -3,7 +3,6 @@
 # 2018年 08月 26日 星期日 16:54:41 CST
 # required: python3.6+, python3-gi, sqlmap
 
-# python3.5+
 from pathlib import Path
 from subprocess import (Popen, PIPE, STDOUT)
 from threading import Thread
@@ -35,7 +34,6 @@ def __init__(self):
 
     self._handlers = Handler(self, m)
 
-    # g.Box默认的orientation是HORIZONTAL
     _main_box = Box(orientation=VERTICAL)
 
     self._target_notebook = g.Notebook()
@@ -72,13 +70,11 @@ def __init__(self):
     # 添加tooltips, placeholders等
     INIT_MESG(m)
 
-    # 读取 上次所有选项
     self.session = Session(m)
     self.session.load_from_tmp()
 
   def on_quit(self):
     try:
-      # 保存 此次所有选项
       self.session.save_to_tmp()
     except Exception as e:
       raise e
@@ -261,7 +257,7 @@ def _build_page1(self):
 
     _build_button = btn.new_with_mnemonic('A.收集选项(_A)')
     _build_button.connect('clicked', self._handlers.build_all)
-    # 用于改善ui的使用体验
+
     _unselect_all_btn = btn.new_with_mnemonic('反选所有复选框(_S)')
     _unselect_all_btn.connect('clicked', self.unselect_all_ckbtn)
     _clear_all_entry = btn.new_with_mnemonic('清空所有输入框(_D)')
@@ -287,14 +283,12 @@ def _build_page2(self):
     box.set_border_width(10)
 
     _row1 = Box(spacing = 6)
-    # m._page2_cmdline_str_label.set_alignment(0, 0.5)    # 怎么没有垂直居中?
     m._page2_respwan_btn.connect('clicked', self._handlers.respawn_terminal)
     m._page2_right_btn.connect("button-press-event", self.on_right_click)
     # can not disable
     # m._page2_right_btn.set_sensitive(False)
     self._build_page2_context()
 
-    # _row1.pack_start(m._page2_cmdline_str_label, True, True, 0)
     _row1.pack_start(m._page2_respwan_btn, False, True, 0)
     _row1.pack_start(m._page2_right_btn, False, True, 0)
 
@@ -375,7 +369,7 @@ def on_right_click_by_accel(self, widget, event):
 
   def on_clipboard_by_key(self, widget, event):
     _ctrl = event.state & d.ModifierType.CONTROL_MASK
-    keysym = event.keyval  # see: gdk/gdkkeysyms.h
+    keysym = event.keyval
 
     if _ctrl and keysym == d.KEY_C:
       return self._copy()
@@ -494,7 +488,7 @@ def _build_page4(self):
     _rbox.pack_start(_page4_option_set_view_tip, False, True, 2)
     _rbox.pack_start(_option_set_scrolled, True, True, 2)
 
-    # Warning: don't edit pack1(), pack2() again, or it would be strange.
+    # Warning: don't edit pack1(), pack2() again, otherwise it becomes strange.
     _paned.pack1(_lscrolled, False, False)
     _paned.pack2(_rbox, False, True)
     _row3.add(_paned)
@@ -565,8 +559,6 @@ def _set_manual_view(self, textbuffer, isClick):
       GLib.idle_add(self._get_sqlmap_path_btn.set_sensitive, False)
       GLib.idle_add(textbuffer.set_text, '')
 
-    # WIN下不能用此行
-    # _manual_hh = ['/usr/bin/env', 'sqlmap', '-hh']
     # _manual_hh = '/home/needle/bin/output_interval.sh'
     _manual_hh = [self._handlers.get_sqlmap_path(), '-hh']
     try: