-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
127 lines (103 loc) · 3.73 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#!/usr/bin/env python3
from flask import Flask, request, render_template, redirect
from flask_bootstrap import Bootstrap
import os
import pickle
import base64
import time
import CXX
import PTP
import TNT
app = Flask(__name__)
Bootstrap(app)
app.secret_key = os.urandom(32)
app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 0
try:
FLAG = open('./flag.txt', 'r').read() # Flag is here!!
except:
FLAG = '[**FLAG**]'
INFO = ['name', 'userid', 'password']
@app.route('/', methods=['GET', 'POST'])
def main():
if request.method == "GET":
return render_template("index.html")
elif request.method == "POST":
return render_template("index.html")
@app.route('/dashboard', methods=['GET', 'POST'])
def dashboard():
if request.method == "GET":
return render_template("dashboard.html", posts=["data", "data2", "data3"])
elif request.method == "POST":
target_url_host = ""
target_url_full = ""
method = ""
host = ""
schema = ""
data = ""
_result = request.form
# invlaid check
for _rk, _rv in _result.items():
print(_rk, _rv)
# # result is set of value is method:, schema:, host:, data: check
if _rk == "method":
if (_rv).upper() != "POST" and (_rv).upper() != "GET":
return redirect(location='/')
else:
method = (_rv).upper()
elif _rk == "schema":
if (_rv).lower() != "http" and (_rv).lower() != "https":
return redirect(location='/')
else:
schema = (_rv).lower()
elif _rk == "host":
if (_rv) == "":
return redirect(location='/')
else:
host = (_rv)
elif _rk == "p_data":
if (_rv) == "":
return redirect(location='/')
else:
data = (_rv)
target_url_host = schema + "://" + host
target_url_full = target_url_host + "/" + data
# tor relay chain connection
tnt = TNT.TNT()
# tnt.relay()
time.sleep(0.5)
# assert tor_proc.is_alive(), "Tor is not running"
cxx = CXX.CXX(TARGET_URL=target_url_host, TARGET_METHOD=method)
if cxx is None:
return redirect(location='/')
cxx.get_all_url_parse()
cxx.cehck_method()
cxx.inner_script_gadget()
origin_url_list = (cxx.URL_TEXT).split("\n")
origin_url_source_list = (cxx.URL_SOURCE_TEXT).split("\n")
origin_url_ext_list = (cxx.URL_ASSET_TEXT).split("\n")
# SECURITY, ENV key parser URL_SECURITY_STRUCT
security_check = cxx.URL_SECURITY_STRUCT
# logical bug innerscript
logicalbug_inner_script = (cxx.URL_INNER_SCRIPT).split("[**]")
ptp = PTP.PTP(method, host, logicalbug_inner_script, security_check)
ptp.seed_pool()
ptp.mutation()
ptp.ptpfuzz()
crash = ptp.crash
# CSV file Write => COL (host, crash, logicalbug_inner_script, security_cehck, origin_url_list, origin_url_source_list, origin_url_ext_list)
_now = time.localtime()
output_path = f"{host}-{_now.tm_year}{_now.tm_mon}{_now.tm_mday}{_now.tm_sec}.csv"
# write
with open(f"db/{output_path}", "wa") as f:
f.write()
return render_template(
template_name_or_list="dashboard.html",
OnionTarget=host,
crash=crash,
lis=logicalbug_inner_script,
sec=security_check,
oul=origin_url_list,
ouls=origin_url_source_list,
oule=origin_url_ext_list
)
app.run(host='127.0.0.1', port=8000)