diff --git a/PentestMapper.py b/PentestMapper.py index 33d915d..ac12102 100644 --- a/PentestMapper.py +++ b/PentestMapper.py @@ -3,7 +3,7 @@ from burp import IContextMenuFactory from burp import IContextMenuInvocation, IHttpService, IParameter, IMessageEditorController, IHttpRequestResponse from burp import IMessageEditorTabFactory -from burp import IMessageEditorTab +from burp import IMessageEditorTab, IExtensionStateListener from burp import IBurpExtender from burp import IMessageEditorTabFactory from burp import IMessageEditorTab @@ -30,19 +30,20 @@ from java.awt.event import * from javax.swing.event import TableModelListener #from java.awt.event import MouseAdapter, MouseListener -from threading import Lock +from threading import Lock, Timer from java.awt.event import ActionListener, KeyEvent from javax.swing.undo import UndoManager, CompoundEdit #from javax.swing.event import UndoableEditEvent, DocumentListener from urlparse import urlparse import time import os +#import schedule # Creating Burp Extend Class -class BurpExtender(IBurpExtender, ITab, IContextMenuFactory, AbstractTableModel, IMessageEditorController, TableColumnModel): +class BurpExtender(IBurpExtender, ITab, IContextMenuFactory, AbstractTableModel, IMessageEditorController, TableColumnModel, IExtensionStateListener): def registerExtenderCallbacks(self, callbacks): @@ -55,6 +56,7 @@ def registerExtenderCallbacks(self, callbacks): # Informing Burp suite the name of the extension callbacks.setExtensionName("Pentest Mapper") + callbacks.registerExtensionStateListener(self) # Creating a output after loading callbacks.printOutput("Author: AnoF") @@ -310,10 +312,144 @@ def registerExtenderCallbacks(self, callbacks): self.ThirdTab.add(self.tablePanel3, BorderLayout.CENTER) + self.FourthTab = swing.JPanel() + self.FourthTab.layout = BorderLayout() + self.tabbedPane.addTab("Config", self.FourthTab) + self.buttonPanel5 = swing.JPanel() + self.buttonPanel5.add(JLabel("Select Directory for Auto Save")) + self.buttonPanel5.add(swing.JButton( + "ChooseDirectory", actionPerformed=self.Autosavepath)) + self.autosavepath = JLabel() + #autosavepath.setText("helloworld") + self.buttonPanel5.add(self.autosavepath) + self.timeperid = JLabel("Set Time Interval for Autosave (Minutes):") + self.buttonPanel5.add(Box.createRigidArea(Dimension(35, 0))) + self.timeperid.setBounds(170,600,100,40) + self.timerbox = JTextField(5) + #self.timerbox.setText("30") + self.saveconfigbutton = swing.JButton("Save Config", actionPerformed=self.saveautoconfigdata) + self.buttonPanel5.add(self.timeperid) + self.buttonPanel5.add(self.timerbox) + self.buttonPanel5.add(self.saveconfigbutton) + self.FourthTab.add(self.buttonPanel5,BorderLayout.PAGE_START) + + self.path = callbacks.loadExtensionSetting('path') + self.time = callbacks.loadExtensionSetting('time') + self.timerbox.setText(self.time) + self.autosavepath.setText(self.path) + + self.callbacks.printOutput(self.time) + self.callbacks.printOutput(self.path) + + self.autosavelocation = 0 + self.extensionload = True + if self.time == None: + self.time = 1 + self.timerbox.setText(self.time) + else: + pass + + if self.path == None: + self.path = "Please select the Directory" + self.autosavepath.setText(self.path) + else: + pass + + #while self.extensionload == True: + + #self.t = Timer(int(self.time) * 60, self.timer) + #self.t.start() + #self.t.join() + + + #def timer(self): + + #self.callbacks.printOutput(str(self.extensionUnloaded)) + while self.extensionload == True: + if os.path.isdir(str(self.path)): + if self.logTable.getRowCount() > 0: + #self.path = fileLoad.getPath() + fname = "APIMapper"+"."+"csv" + fnameWithPath = os.path.join(self.path,fname) + if os.path.exists(fnameWithPath): + os.remove(fnameWithPath) + self.callbacks.printOutput("Saving the API Mapper output") + with open(fnameWithPath, 'wb') as loggerdata: + writer = csv.writer(loggerdata) + for logEntry in self._log: + + #self.callbacks.printOutput(str(logEntry._sr)) + writer.writerow([str(logEntry._sr), str(logEntry._url) ,str(logEntry._method) ,str(logEntry._postbody) ,str(logEntry._FunctionalityName) ,str(logEntry._requestResponse) ,str(logEntry._TestCases)]) + loggerdata.close() + else: + self.callbacks.printOutput("Skipping the API Mapper, Table is empty") + if self.dataModel2.getRowCount() > 0: + + fname2 = "Vulnerability"+"."+"csv" + fnameWithPath2 = os.path.join(self.path,fname2) + if os.path.exists(fnameWithPath2): + os.remove(fnameWithPath2) + self.callbacks.printOutput("Saving the Vulnerability output") + totalrow = self.dataModel2.getRowCount() + with open(fnameWithPath2, 'wb') as vulnerabilitydata: + writer = csv.writer(vulnerabilitydata) + for row in range (0, totalrow): + url = self.dataModel2.getValueAt(row,0) + paramter = self.dataModel2.getValueAt(int(row),1) + Vulnerability = self.dataModel2.getValueAt(int(row),2) + #self.callbacks.printOutput(str(url)) + + #self.callbacks.printOutput(str(logEntry._sr)) + writer.writerow([str(url), str(paramter) ,str(Vulnerability)]) + vulnerabilitydata.close() + else: + self.callbacks.printOutput("Skipping the Vulnerability, Table is empty") + else: + self.callbacks.printOutput("Output Directory doesn't exist") + time.sleep(int(self.time) * 60) - + + def extensionUnloaded(self): + self.extensionload = False + #self.t.cancel() + def Autosavepath(self,e): + chooseFile = swing.JFileChooser() + + chooseFile.setFileSelectionMode(swing.JFileChooser.DIRECTORIES_ONLY) + returnedFile = chooseFile.showDialog(self.buttonPanel4, "Output Path") + if returnedFile == JFileChooser.APPROVE_OPTION: + fileLoad1 = chooseFile.getSelectedFile() + self.autosavelocation = fileLoad1.getPath() + #self.callbacks.printOutput(str(self.filepath2)) + return str(self.autosavelocation) + + def saveautoconfigdata(self,e): + #path = self.Autosavepath + #self.callbacks.printOutput(str(path)) + if self.autosavelocation == 0: + self.autosavepath.setText("Please select the valid path!") + else: + #self.t.cancel() + #self.t.join() + self.callbacks.printOutput(str(self.autosavelocation)) + self.callbacks.printOutput(str(self.timerbox.getText())) + self.callbacks.saveExtensionSetting("path", str(self.autosavelocation)) + self.callbacks.saveExtensionSetting("time", self.timerbox.getText()) + self.autosavepath.setText(str(self.autosavelocation)) + self.path = self.callbacks.loadExtensionSetting('path') + self.time = self.callbacks.loadExtensionSetting('time') + + #time.sleep(5) + #runnig = self.t.is_alive() + #self.callbacks.printOutput(str(runnig)) + #if self.t.finished: + + #self.t.start() + + + # this will send the selected row in api mapper to vulnerability tab def sendVulnItem(self,event): row = self.logTable.getSelectedRows() @@ -756,3 +892,6 @@ def __init__(self, sr, url, method, postbody, requestResponse, FunctionalityName self._requestResponse = requestResponse self._FunctionalityName = FunctionalityName self._TestCases = TestCases + + +#schedule.every(15).minutes.do(BurpExtender.trying)