Update app.py

app.py

@@ -1,3 +1,10 @@
+# app.py
+"""
+Coppermine Originalbild-Downloader – Gradio Edition
+Sicherheitsforschung / Bug-Bounty Tool
+Nur für legale Tests mit Erlaubnis des Betreibers nutzen!
+"""
+
 import os
 import threading
 import time
@@ -9,281 +16,298 @@ from pathlib import Path
 import gradio as gr
 
 # ────────────────────────────────────────────────
-# Globale Konfiguration & Schutzmaßnahmen
+# Globale Konfiguration – anpassbar
 # ────────────────────────────────────────────────
 
 SESSION = requests.Session()
 SESSION.headers.update({
-    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
-                  "(KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 "
-                  "Coppermine-Original-Downloader/1.0 (Security-Research; Contact:security@example.com)",
+    "User-Agent": (
+        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
+        "AppleWebKit/537.36 (KHTML, like Gecko) "
+        "Chrome/128.0.0.0 Safari/537.36 "
+        "Coppermine-Research-Downloader/1.1 "
+        "(Security-Research; responsible-disclosure)"
+    ),
     "Accept": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8",
     "Accept-Language": "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7",
-    "Referer": "https://www.google.com/"   # Kann je nach Gallery angepasst werden
+    "Referer": "https://www.google.com/"
 })
 
 REQUEST_TIMEOUT = 12
-DOWNLOAD_DELAY = 0.35          # Sekunden zwischen Downloads → Anti-DoS
-MAX_THREADS_DEFAULT = 3
-MAX_PAGES_TO_SCAN = 300        # Sicherheitsnetz gegen Endlosschleifen
+DOWNLOAD_DELAY = 0.40           # Anti-Rate-Limit / Anti-DoS
+MAX_THREADS_DEFAULT = 4
+MAX_PAGES_TO_SCAN = 400         # Schutz vor Endlosschleifen / DoS
 
 # ────────────────────────────────────────────────
 # Hilfsfunktionen
 # ────────────────────────────────────────────────
 
-def correct_image_url(thumb_url: str) -> str:
-    """
-    Typische Coppermine-Transformation:
-    thumb_ → original
-    normal_ → original (manchmal)
-    Manchmal sitzt die volle Auflösung einfach im selben Ordner ohne Prefix.
-    """
-    path = Path(thumb_url)
+def correct_image_url(url: str) -> str:
+    """Entfernt gängige Coppermine-Thumbnails-Prefixe"""
+    path = Path(url.split('?')[0].split('#')[0])
     filename = path.name
 
-    # Entferne gängige Vorsilben
-    for prefix in ["thumb_", "normal_", "medium_", "small_"]:
+    prefixes = ["thumb_", "normal_", "medium_", "small_", "preview_", "mini_"]
+    for prefix in prefixes:
         if filename.startswith(prefix):
-            filename = filename[len(prefix):]
-            break
+            original_name = filename[len(prefix):]
+            return str(path.with_name(original_name))
 
-    # Manche Installationen nutzen andere Muster → hier ggf. erweitern
-    return str(path.with_name(filename))
+    # Kein Prefix → vermutlich schon Original
+    return str(path)
+
+
+def is_likely_image_url(url: str) -> bool:
+    exts = (".jpg", ".jpeg", ".png", ".gif", ".webp", ".bmp")
+    return any(url.lower().endswith(ext) for ext in exts)
 
 
 def download_image(img_url: str, folder: str, progress_queue: queue.Queue) -> bool:
-    file_name = img_url.split("/")[-1].split("?")[0].split("#")[0]
-    if not file_name.lower().endswith((".jpg", ".jpeg", ".png", ".gif", ".webp")):
+    if not is_likely_image_url(img_url):
+        return False
+
+    filename = img_url.split("/")[-1].split("?")[0].split("#")[0]
+    if not filename:
         return False
 
-    file_path = os.path.join(folder, file_name)
+    filepath = os.path.join(folder, filename)
 
-    if os.path.exists(file_path):
-        progress_queue.put(("skip", f"Exists → {file_name}"))
+    if os.path.exists(filepath):
+        progress_queue.put(("skip", f"bereits vorhanden → {filename}"))
         return False
 
     try:
-        r = SESSION.get(img_url, timeout=REQUEST_TIMEOUT, stream=True)
-        if r.status_code != 200:
+        # HEAD-Request zuerst → spart Bandbreite bei großen Dateien
+        head = SESSION.head(img_url, timeout=6, allow_redirects=True)
+        if head.status_code != 200:
+            return False
+
+        ct = head.headers.get("Content-Type", "").lower()
+        if "image" not in ct and "octet-stream" not in ct:
             return False
 
-        content_type = r.headers.get("Content-Type", "").lower()
-        if "image" not in content_type and "octet-stream" not in content_type:
+        size = int(head.headers.get("Content-Length", 0))
+        if size < 20_000:  # < \~20 KB → meist Thumbnail oder Fehler
             return False
 
-        with open(file_path, "wb") as f:
+        # Jetzt erst richtiger Download
+        r = SESSION.get(img_url, timeout=REQUEST_TIMEOUT, stream=True)
+        r.raise_for_status()
+
+        with open(filepath, "wb") as f:
             for chunk in r.iter_content(chunk_size=8192):
                 if chunk:
                     f.write(chunk)
 
-        progress_queue.put(("success", f"OK → {file_name}"))
+        progress_queue.put(("success", f"✓ {filename} ({size//1024:,} KB)"))
         return True
 
-    except (requests.RequestException, OSError) as e:
-        progress_queue.put(("error", f"Fail {file_name} → {str(e)}"))
+    except Exception as e:
+        progress_queue.put(("error", f"× {filename} → {str(e)}"))
         return False
 
 
-def scrape_page(page_url: str) -> list[str]:
-    """Sucht nach Bild-URLs auf einer Album-Seite (?page=XY)"""
+def scrape_album_page(page_url: str) -> list[str]:
+    """Extrahiert Bild-URLs von einer Album-Seite (?page=...)"""
     try:
         r = SESSION.get(page_url, timeout=REQUEST_TIMEOUT)
         r.raise_for_status()
 
         soup = BeautifulSoup(r.text, "html.parser")
-        images = set()
+        candidates = set()
 
-        # 1. Normale <img src=...> Tags (meist Thumbnails)
+        # 1. <img src=...> – meist Thumbnails
         for img in soup.find_all("img"):
-            src = img.get("src")
-            if src and any(src.lower().endswith(ext) for ext in [".jpg", ".jpeg", ".png"]):
+            src = img.get("src") or img.get("data-src") or img.get("data-lazy-src")
+            if src and is_likely_image_url(src):
                 full = urljoin(page_url, src)
-                orig = correct_image_url(full)
-                images.add(orig)
+                candidates.add(correct_image_url(full))
 
-        # 2. Manchmal sind die Original-Links in <a href="..."> um das Thumbnail herum
+        # 2. <a href=...> die direkt auf Bilder zeigen
         for a in soup.find_all("a", href=True):
-            href = a.get("href")
-            if href and any(href.lower().endswith(ext) for ext in [".jpg", ".jpeg", ".png", ".gif"]):
+            href = a["href"]
+            if is_likely_image_url(href):
                 full = urljoin(page_url, href)
-                images.add(full)           # Hier meist schon Original
+                candidates.add(full)
+
+        # 3. data-fancybox / lightbox-Attribute (häufig bei neueren Themes)
+        for elem in soup.find_all(attrs={"data-fancybox": True, "href": True}):
+            href = elem.get("href")
+            if href and is_likely_image_url(href):
+                candidates.add(urljoin(page_url, href))
 
-        return list(images)
+        return list(candidates)
 
     except Exception as e:
         print(f"Scrape-Fehler {page_url}: {e}")
         return []
 
 
-def worker(album_base_url: str, folder: str, stop_event: threading.Event,
+def worker(album_url: str, folder: str, stop_event: threading.Event,
            progress_queue: queue.Queue, thread_id: int):
     page = 1
-    downloaded = 0
-
-    while not stop_event.is_set():
-        if page > MAX_PAGES_TO_SCAN:
-            progress_queue.put(("warn", f"Thread {thread_id} → Max-Seiten-Limit erreicht"))
-            break
+    count = 0
 
-        page_url = f"{album_base_url.rstrip('/')}?page={page}"
-        progress_queue.put(("info", f"Thread {thread_id} scannt Seite {page}"))
+    while not stop_event.is_set() and page <= MAX_PAGES_TO_SCAN:
+        page_url = f"{album_url.rstrip('/')}?page={page}"
+        progress_queue.put(("info", f"Thread {thread_id} → Seite {page}"))
 
-        image_urls = scrape_page(page_url)
+        image_urls = scrape_album_page(page_url)
         if not image_urls:
-            progress_queue.put(("info", f"Thread {thread_id} → Keine Bilder mehr (Seite {page})"))
+            progress_queue.put(("info", f"Thread {thread_id} → Ende erreicht (Seite {page})"))
             break
 
         for url in image_urls:
             if stop_event.is_set():
                 break
             if download_image(url, folder, progress_queue):
-                downloaded += 1
+                count += 1
             time.sleep(DOWNLOAD_DELAY)
 
         page += 1
 
-    progress_queue.put(("done", f"Thread {thread_id} beendet – {downloaded} Bilder"))
+    progress_queue.put(("done", f"Thread {thread_id} beendet – {count} Bilder"))
 
 
-def start_scraper(album_url: str, download_folder: str, num_threads: int):
+def start_download(album_url: str, folder: str, threads: int):
     if not album_url.strip():
-        yield gr.update(value="❌ Album-URL fehlt"), "", 0, gr.update(value="Fehler")
+        yield "❌ Album-URL fehlt", "", 0, gr.update(interactive=False)
         return
 
-    if not download_folder.strip():
-        download_folder = "coppermine_downloads"
-
-    Path(download_folder).mkdir(parents=True, exist_ok=True)
+    folder = folder.strip() or "downloads_coppermine"
+    Path(folder).mkdir(parents=True, exist_ok=True)
 
     stop_event = threading.Event()
     progress_queue = queue.Queue()
 
-    # Status-Update-Thread
-    def progress_updater():
-        total_downloaded = 0
-        log_lines = []
+    def progress_loop():
+        total = 0
+        lines = []
 
         while True:
             try:
-                typ, msg = progress_queue.get(timeout=1.5)
+                typ, msg = progress_queue.get(timeout=1.2)
                 if typ == "success":
-                    total_downloaded += 1
+                    total += 1
                 if typ in ("info", "success", "skip", "error", "warn", "done"):
-                    log_lines.append(msg)
-                    log_lines = log_lines[-25:]   # letzten 25 Zeilen behalten
+                    lines.append(msg)
+                    lines = lines[-30:]
+
+                status = f"**Download läuft** – {total} Bilder"
+                if typ == "done" and total > 0:
+                    status = f"**Fertig** – {total} Bilder heruntergeladen"
 
                 yield (
-                    f"**Download läuft …** ({total_downloaded} Bilder)",
-                    "\n".join(log_lines),
-                    total_downloaded,
-                    gr.update(value="Stop Download", interactive=True)
+                    status,
+                    "\n".join(lines),
+                    total,
+                    gr.update(value="Stoppen", interactive=not stop_event.is_set())
                 )
 
+                if typ == "done" and all(not t.is_alive() for t in threads_list):
+                    break
+
             except queue.Empty:
-                if not any(t.is_alive() for t in threads):
+                if all(not t.is_alive() for t in threads_list):
                     break
 
-        yield (
-            "Fertig oder gestoppt!",
-            "\n".join(log_lines) + "\n\n→ Download abgeschlossen.",
-            total_downloaded,
-            gr.update(value="Start Download", interactive=True)
-        )
+        final_log = "\n".join(lines) + "\n\n→ Download abgeschlossen oder gestoppt."
+        yield "Download beendet", final_log, total, gr.update(value="Start", interactive=True)
 
-    # Worker-Threads starten
-    threads = []
-    for i in range(1, num_threads + 1):
+    # Threads starten
+    global threads_list
+    threads_list = []
+    for i in range(1, max(1, threads) + 1):
         t = threading.Thread(
             target=worker,
-            args=(album_url, download_folder, stop_event, progress_queue, i),
+            args=(album_url, folder, stop_event, progress_queue, i),
             daemon=True
         )
-        threads.append(t)
+        threads_list.append(t)
         t.start()
 
-    # Gradio Live-Update starten
-    yield from progress_updater()
+    yield from progress_loop()
 
 
-def stop_scraper():
-    # Wird über globales Event gesteuert – hier nur UI-Feedback
-    return (
-        "Stop-Signal gesendet … warte auf Threads",
-        gr.update(value="Stop gesendet – bitte warten", interactive=False)
-    )
+def stop_download():
+    if 'stop_event' in globals():
+        stop_event.set()
+        return "Stop-Signal gesendet … Threads werden beendet", gr.update(value="Stop gesendet", interactive=False)
+    return "Kein Download läuft", gr.update()
 
 
 # ────────────────────────────────────────────────
-#          Gradio Interface
+#           Gradio Interface
 # ────────────────────────────────────────────────
 
 css = """
-.gradio-container { max-width: 880px; margin: auto; }
-.status { font-weight: bold; color: #2e7d32; }
-.log { font-family: 'Consolas', monospace; background: #111; color: #0f0; padding: 12px; border-radius: 6px; white-space: pre-wrap; max-height: 320px; overflow-y: auto; }
+.gradio-container { max-width: 960px; margin: auto; font-family: system-ui, sans-serif; }
+.logbox { font-family: 'Consolas', 'Courier New', monospace !important; 
+          background: #0d1117; color: #c9d1d9; padding: 14px; 
+          border-radius: 8px; white-space: pre-wrap; overflow-y: auto; 
+          max-height: 380px; line-height: 1.45; }
+.status { font-weight: 600; }
 """
 
-with gr.Blocks(title="Coppermine Original-Downloader", css=css) as demo:
+with gr.Blocks(css=css, title="Coppermine Original Downloader – Research Edition") as demo:
     gr.Markdown("""
-    # Coppermine → Originalbilder Downloader  
-    **Sicherheitsforscher / Bug-Bounty Edition** – nur für legale Forschungszwecke!
+    # Coppermine Originalbild-Downloader  
+    **Sicherheitsforschung / Bug-Bounty Tool** – 2025/2026 Edition  
+    Nur mit ausdrücklicher Erlaubnis des Website-Betreibers nutzen!
     """)
 
     with gr.Row():
         url_input = gr.Textbox(
-            label="Album-URL (z. B. https://example.com/index.php?album=42)",
-            placeholder="https://...",
-            value="https://example.com/gallery/index.php?album=1",
-            scale=4
+            label="Album Basis-URL",
+            placeholder="https://example.com/gallery/index.php?album=123",
+            value="https://example.com/index.php?album=1",
+            scale=5
         )
         folder_input = gr.Textbox(
-            label="Download-Ordner",
-            value="coppermine_downloads",
-            scale=2
+            label="Zielordner",
+            value="coppermine_originals",
+            scale=3
         )
 
-    with gr.Row():
-        threads_input = gr.Slider(
-            1, 12, value=MAX_THREADS_DEFAULT, step=1,
-            label="Anzahl paralleler Threads (Vorsicht vor DoS!)"
-        )
+    threads_slider = gr.Slider(
+        1, 12, value=MAX_THREADS_DEFAULT, step=1,
+        label="Anzahl paralleler Threads (Vorsicht vor Rate-Limits / IP-Bans)"
+    )
 
-    status_output = gr.Markdown("**Bereit …**")
-    log_output = gr.Textbox(label="Live-Log", lines=12, max_lines=30, interactive=False, elem_classes=["log"])
-    count_output = gr.Number(label="Heruntergeladene Bilder", value=0)
+    status_md = gr.Markdown("**Bereit …**", elem_classes=["status"])
+    log_box = gr.Textbox(label="Live-Log", lines=14, max_lines=40, interactive=False, elem_classes=["logbox"])
+    count_num = gr.Number(label="Heruntergeladene Bilder", value=0, interactive=False)
 
     with gr.Row():
-        start_btn = gr.Button("Start Download", variant="primary", scale=1)
-        stop_btn  = gr.Button("Stop Download", variant="stop", interactive=False, scale=1)
+        start_btn = gr.Button("Download starten", variant="primary")
+        stop_btn = gr.Button("Download stoppen", variant="stop", interactive=False)
 
     gr.Markdown("""
-    **Hinweise & Warnungen**  
-    • Viele Coppermine-Instanzen erkennen aggressive Scraper → Rate-Limiting eingebaut  
-    • **Rechtlich**: Nur mit Erlaubnis des Betreibers nutzen!  
-    • **Bug Bounty**: Wenn du dabei Schwachstellen findest (z. B. fehlende Auth, IDOR, offene Ordner), melde sie verantwortungsvoll.
+    **Wichtige Hinweise**  
+    • **Rechtlich**: Massen-Downloads können gegen AGB / Strafgesetze verstoßen  
+    • **Technisch**: Viele Coppermine-Instanzen haben schwachen Schutz → IDOR, Directory Listing, offene Alben häufig  
+    • **Bug Bounty**: Finde Schwachstellen? → Responsible Disclosure!  
+    • **Tipp**: Teste zuerst mit HEAD-Requests & niedriger Thread-Anzahl
     """)
 
-    # ─── Events ───────────────────────────────────────
+    # ─── Events ─────────────────────────────────────────────
 
     start_btn.click(
-        start_scraper,
-        inputs=[url_input, folder_input, threads_input],
-        outputs=[status_output, log_output, count_output, stop_btn],
-        _js=None  # Live-Update durch Generator
+        start_download,
+        inputs=[url_input, folder_input, threads_slider],
+        outputs=[status_md, log_box, count_num, stop_btn]
     )
 
     stop_btn.click(
-        stop_scraper,
-        outputs=[status_output, stop_btn]
+        stop_download,
+        outputs=[status_md, stop_btn]
     )
 
-    # Globales Stop-Event muss von außen erreichbar sein – hier dummy
-    # In echt würde man eine globale Variable oder Klasse verwenden
 
 if __name__ == "__main__":
-    demo.queue(max_size=5).launch(
+    demo.queue(max_size=8).launch(
         server_name="0.0.0.0",
-        server_port=7865,
+        server_port=7860,
         share=False,
         debug=False
-    ) 
+    )