void MainWindow::on_pushButton_3_clicked() //ler xml { QDomDocument documento; QFile ficheiro(QApplication::applicationDirPath() + "/nmap/scan.xml"); //QMessageBox::information(this,"teste", QApplication::applicationDirPath() + "/scan.xml"); if(!ficheiro.open(QIODevice::ReadOnly | QIODevice::Text)) { QMessageBox::critical(this,"Unable to read file","There was an error opening the XML file!"); } else { if(!documento.setContent(&ficheiro)) { QMessageBox::critical(this,"Parsing Error","Error while parsing the XML file information!"); } ficheiro.close(); } QDomElement raiz = documento.firstChildElement(); xmlRead(raiz,"port","portid",0); xmlRead(raiz,"service","name",1); xmlRead(raiz,"service","product",2); xmlRead(raiz,"service","version",3); exploit(); ui->tableWidget->resizeRowsToContents(); }
int main(int argc, char* argv[]){ int n = argc - 3, i; char* files[n]; if(argc < 4){ printf("Input invalido: Esperado \"tempo palavra file1 ... fileN\" \n"); return -1; } if( (tempo = parse_int(argv[1])) == LONG_MAX ) return -1; char* palavra = argv[2]; for(i = 0; i < n; i++){ if( checkFile(argv[i+3]) == -1 ) printf("O ficheiro %s nao existe \n", argv[i+3]); else{ files[num_pids] = argv[i+3]; num_pids++; } } if(num_pids == 0){ printf("Nao encontrado nenhum ficheiro \n"); return -1; } pids = malloc (sizeof(int) * num_pids); for (i = 0; i < num_pids; i++){ if( (*(pids + i) = fork()) == -1 ){ printf("Erro fork \n"); return -1; } if(*(pids + i) == 0 ) /* FILHO */ { ficheiro(files[i], palavra); exit(0); } } if( (pidCheck = fork()) == -1 ){ printf("Erro fork \n"); exit(1); } if( pidCheck == 0) checkFiles(pids, files, num_pids); signal(SIGALRM, alarmhandler); signal(SIGINT, inthandler); alarm(tempo); int status; for(i = 0; i < num_pids; i++) wait(&status); return 0; }
void MainWindow::on_pushButton_5_clicked() //sql tab { ui->progressBar->setValue(0); QString path = QCoreApplication::applicationDirPath() + "/"; QSettings settings(path+"settings.ini", QSettings::IniFormat); QString webhost = settings.value("host").toString(); QString webtoken = settings.value("token").toString(); if(!ui->lineEdit_4->text().contains("http")) { QMessageBox::critical(this,"Error","There are two possible reasons either you need to enter a valid url or the prefix 'http' is missing!"); }else if(ui->comboBox_3->currentIndex() == 1 && ui->lineEdit_5->text().isEmpty()) { QMessageBox::critical(this,"Error","Please enter the variables in the POST field!"); }else{ //sqli scan QWebView *addsql = new QWebView; //instancia o pedido http GET QString url = ui->lineEdit_4->text(); QString metodo = ui->comboBox_3->currentText(); QString postdata2 = QUrl::toPercentEncoding(ui->lineEdit_5->text()); QFile ficheiro(QApplication::applicationDirPath() + "/strings.txt"); QStringList strings; int numlinhas=0; if (ficheiro.open(QIODevice::ReadOnly | QIODevice::Text)) { QTextStream input(&ficheiro); while (!input.atEnd()) { strings += input.readLine(); numlinhas++; } QFile ficheiro2(QApplication::applicationDirPath() + "/erros.txt"); QStringList erros; int totallinhas=0; if (ficheiro2.open(QIODevice::ReadOnly | QIODevice::Text)) { QTextStream in(&ficheiro2); while (!in.atEnd()) { erros += in.readLine(); totallinhas++; } } QNetworkRequest request(url); request.setHeader(QNetworkRequest::ContentTypeHeader, QVariant("application/x-www-form-urlencoded")); for(int i=0;i < numlinhas;i++) { QByteArray postdata; postdata.append(ui->lineEdit_5->text() + strings[i]); if(ui->comboBox_3->currentIndex() == 0){ ui->webView_3->load(url+strings[i]); }else if(ui->comboBox_3->currentIndex() == 1){ ui->webView_3->load(request,QNetworkAccessManager::PostOperation, postdata); } // qDebug() << url+strings[i]; ui->progressBar->setValue(i*(100/numlinhas)); QTime delay = QTime::currentTime().addSecs(3); while( QTime::currentTime() < delay ) QCoreApplication::processEvents(QEventLoop::AllEvents, 100); for(int j=0;j< totallinhas;j++) { qDebug() << erros[j]; if(ui->webView_3->page()->mainFrame()->toHtml().contains(erros[j])) { ui->progressBar->setValue(100); QMessageBox::information(this,"Results","This website may be vulnerable to SQL Injection!"); QUrl url2 = "http://"+webhost+"/vulndb/includes/add.php?add&tabela=sqli&token="+webtoken+"&url="+url+"&metodo="+metodo+"&postdata="+postdata2+"&vuln=1"; addsql->load(url2); return; } } //return; } ui->progressBar->setValue(100); QMessageBox::information(this,"Results","This website does not appear to be vulnerable to SQL Injection!"); QUrl url2 = "http://"+webhost+"/vulndb/includes/add.php?add&tabela=sqli&token="+webtoken+"&url="+url+"&metodo="+metodo+"&postdata="+postdata2+"&vuln=0"; addsql->load(url2); } } }