diff --git a/lib/cmd.py b/lib/cmd.py index d1073ec..877c13a 100644 --- a/lib/cmd.py +++ b/lib/cmd.py @@ -147,6 +147,8 @@ def cmd_parser(): misc.add_argument("-W", "--determine-webserver", action="store_true", default=False, dest="determineWebServer", help="Attempt to determine what web server is running on the backend " "(IE Apache, Nginx, etc.. *default=False)") + misc.add_argument("-vC", "--view-cache", action="store_true", default=False, dest="viewCachedPayloads", + help="View all payloads that have been cached inside of the database") hidden = parser.add_argument_group() hidden.add_argument("--clean", action="store_true", dest="cleanHomeFolder", help=SUPPRESS) diff --git a/lib/database.py b/lib/database.py new file mode 100644 index 0000000..dca7fde --- /dev/null +++ b/lib/database.py @@ -0,0 +1,44 @@ +import os +import sqlite3 + +import lib.settings + + +def initialize(): + if not os.path.exists(lib.settings.DATABASE_FILENAME): + cursor = sqlite3.connect(lib.settings.DATABASE_FILENAME) + cursor.execute( + 'CREATE TABLE "cached_payloads" (' + '`id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,' + '`payload` TEXT NOT NULL' + ')' + ) + conn = sqlite3.connect(lib.settings.DATABASE_FILENAME, isolation_level=None, check_same_thread=False) + return conn.cursor() + + +def fetch_payloads(cursor): + try: + cached_payloads = cursor.execute("SELECT * FROM cached_payloads") + return cached_payloads.fetchall() + except Exception as e: + print e + return [] + + +def insert_payload(payload, cursor): + try: + is_inserted = False + current_cache = fetch_payloads(cursor) + id_number = len(current_cache) + 1 + for item in current_cache: + _, cache_payload = item + if cache_payload == payload: + is_inserted = True + if not is_inserted: + cursor.execute( + "INSERT INTO cached_payloads (id,payload) VALUES (?,?)", (id_number, payload) + ) + except Exception: + return False + return True \ No newline at end of file diff --git a/lib/settings.py b/lib/settings.py index ce0fddc..29396c1 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -19,7 +19,7 @@ import lib.formatter # version number .. -VERSION = "0.13" +VERSION = "1.0" # version string VERSION_TYPE = "($dev)" if VERSION.count(".") > 1 else "($stable)" @@ -83,6 +83,9 @@ # request token path TOKEN_PATH = "{}/content/files/auth.key".format(CUR_DIR) +# path to the database file +DATABASE_FILENAME = "{}/whatwaf.sqlite".format(HOME) + # default payloads path DEFAULT_PAYLOAD_PATH = "{}/content/files/default_payloads.lst".format(CUR_DIR) diff --git a/whatwaf/main.py b/whatwaf/main.py index 9d3b6ae..55f1366 100644 --- a/whatwaf/main.py +++ b/whatwaf/main.py @@ -30,6 +30,11 @@ warn, success ) +from lib.database import ( + initialize, + insert_payload, + fetch_payloads +) try: @@ -72,6 +77,20 @@ def main(): fatal("no home folder detected, already cleaned?") exit(0) + cursor = initialize() + + if opt.viewCachedPayloads: + payloads = fetch_payloads(cursor) + if len(payloads) != 0: + info("total of {} payload(s) cached".format(len(payloads))) + for i, payload in enumerate(payloads, start=1): + if i % 200 == 0: + raw_input("\npress enter to continue...\n") + print("#{} {}".format(payload[0], payload[1])) + else: + warn("there appears to be no payloads stored in the database") + exit(0) + if opt.encodePayload is not None: spacer = "-" * 30 payload = opt.encodePayload[0] @@ -87,6 +106,8 @@ def main(): spacer, payload, spacer ) ) + insert_payload(payload, cursor) + info("payload has been cached for future use") exit(0) if opt.encodePayloadList is not None: @@ -107,10 +128,12 @@ def main(): success("payloads encoded successfully:") print(spacer) for i, item in enumerate(encoded, start=1): + insert_payload(item, cursor) print( "#{} {}".format(i, item) ) print(spacer) + info("payloads have been cached for future use") except IOError: fatal("provided file '{}' appears to not exist, check the path and try again".format(file_path)) except (AttributeError, ImportError):