version 1.0, now will save encoded payloads into a database for futur…

…e use, you can view the database by running -vC
Ekultek · Jan 16, 2019 · 63cba61 · 63cba61
1 parent 6e6684e
commit 63cba61
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 1 deletion.
diff --git a/lib/cmd.py b/lib/cmd.py
@@ -147,6 +147,8 @@ def cmd_parser():
         misc.add_argument("-W", "--determine-webserver", action="store_true", default=False, dest="determineWebServer",
                           help="Attempt to determine what web server is running on the backend "
                                "(IE Apache, Nginx, etc.. *default=False)")
+        misc.add_argument("-vC", "--view-cache", action="store_true", default=False, dest="viewCachedPayloads",
+                          help="View all payloads that have been cached inside of the database")
 
         hidden = parser.add_argument_group()
         hidden.add_argument("--clean", action="store_true", dest="cleanHomeFolder", help=SUPPRESS)

diff --git a/lib/database.py b/lib/database.py
@@ -0,0 +1,44 @@
+import os
+import sqlite3
+
+import lib.settings
+
+
+def initialize():
+    if not os.path.exists(lib.settings.DATABASE_FILENAME):
+        cursor = sqlite3.connect(lib.settings.DATABASE_FILENAME)
+        cursor.execute(
+            'CREATE TABLE "cached_payloads" ('
+            '`id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,'
+            '`payload` TEXT NOT NULL'
+            ')'
+        )
+    conn = sqlite3.connect(lib.settings.DATABASE_FILENAME, isolation_level=None, check_same_thread=False)
+    return conn.cursor()
+
+
+def fetch_payloads(cursor):
+    try:
+        cached_payloads = cursor.execute("SELECT * FROM cached_payloads")
+        return cached_payloads.fetchall()
+    except Exception as e:
+        print e
+        return []
+
+
+def insert_payload(payload, cursor):
+    try:
+        is_inserted = False
+        current_cache = fetch_payloads(cursor)
+        id_number = len(current_cache) + 1
+        for item in current_cache:
+            _, cache_payload = item
+            if cache_payload == payload:
+                is_inserted = True
+        if not is_inserted:
+            cursor.execute(
+                "INSERT INTO cached_payloads (id,payload) VALUES (?,?)", (id_number, payload)
+            )
+    except Exception:
+        return False
+    return True
diff --git a/lib/settings.py b/lib/settings.py
@@ -19,7 +19,7 @@
 import lib.formatter
 
 # version number <major>.<minor>.<commit>
-VERSION = "0.13"
+VERSION = "1.0"
 
 # version string
 VERSION_TYPE = "($dev)" if VERSION.count(".") > 1 else "($stable)"
@@ -83,6 +83,9 @@
 # request token path
 TOKEN_PATH = "{}/content/files/auth.key".format(CUR_DIR)
 
+# path to the database file
+DATABASE_FILENAME = "{}/whatwaf.sqlite".format(HOME)
+
 # default payloads path
 DEFAULT_PAYLOAD_PATH = "{}/content/files/default_payloads.lst".format(CUR_DIR)
 

diff --git a/whatwaf/main.py b/whatwaf/main.py
@@ -30,6 +30,11 @@
     warn,
     success
 )
+from lib.database import (
+   initialize,
+    insert_payload,
+    fetch_payloads
+)
 
 
 try:
@@ -72,6 +77,20 @@ def main():
             fatal("no home folder detected, already cleaned?")
         exit(0)
 
+    cursor = initialize()
+
+    if opt.viewCachedPayloads:
+        payloads = fetch_payloads(cursor)
+        if len(payloads) != 0:
+            info("total of {} payload(s) cached".format(len(payloads)))
+            for i, payload in enumerate(payloads, start=1):
+                if i % 200 == 0:
+                    raw_input("\npress enter to continue...\n")
+                print("#{}  {}".format(payload[0], payload[1]))
+        else:
+            warn("there appears to be no payloads stored in the database")
+        exit(0)
+
     if opt.encodePayload is not None:
         spacer = "-" * 30
         payload = opt.encodePayload[0]
@@ -87,6 +106,8 @@ def main():
                 spacer, payload, spacer
             )
         )
+        insert_payload(payload, cursor)
+        info("payload has been cached for future use")
         exit(0)
 
     if opt.encodePayloadList is not None:
@@ -107,10 +128,12 @@ def main():
                     success("payloads encoded successfully:")
                     print(spacer)
                     for i, item in enumerate(encoded, start=1):
+                        insert_payload(item, cursor)
                         print(
                             "#{} {}".format(i, item)
                         )
                     print(spacer)
+            info("payloads have been cached for future use")
         except IOError:
             fatal("provided file '{}' appears to not exist, check the path and try again".format(file_path))
         except (AttributeError, ImportError):