Feat/rich UI menu lovely (#567)

tools/sql_tools.py

@@ -2,113 +2,148 @@
 from core import HackingTool
 from core import HackingToolsCollection
 
+from rich.console import Console
+from rich.theme import Theme
+from rich.table import Table
+from rich.panel import Panel
+from rich.prompt import Prompt
+
+_theme = Theme({"purple": "#7B61FF"})
+console = Console(theme=_theme)
+
 
 class Sqlmap(HackingTool):
     TITLE = "Sqlmap tool"
     DESCRIPTION = "sqlmap is an open source penetration testing tool that " \
-                  "automates the process of \n" \
-                  "detecting and exploiting SQL injection flaws and taking " \
-                  "over of database servers \n " \
-                  "[!] python3 sqlmap.py -u [<http://example.com>] --batch --banner \n " \
-                  "More Usage [!] https://github.com/sqlmapproject/sqlmap/wiki/Usage"
-    INSTALL_COMMANDS = [
-        "sudo git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev"]
+                  "automates the process of detecting and exploiting SQL injection flaws " \
+                  "and taking over database servers. [!] python3 sqlmap.py -u [http://example.com] --batch --banner. More usage: https://github.com/sqlmapproject/sqlmap/wiki/Usage"
+    INSTALL_COMMANDS = ["sudo git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev"]
     RUN_COMMANDS = ["cd sqlmap-dev;python3 sqlmap.py --wizard"]
     PROJECT_URL = "https://github.com/sqlmapproject/sqlmap"
 
+
 class NoSqlMap(HackingTool):
     TITLE = "NoSqlMap"
-    DESCRIPTION = "NoSQLMap is an open source Python tool designed to \n " \
-                  "audit for as well as automate injection attacks and exploit.\n " \
-                  "\033[91m " \
-                  "[*] Please Install MongoDB \n "
-    INSTALL_COMMANDS = [
-        "git clone https://github.com/codingo/NoSQLMap.git",
-        "sudo chmod -R 755 NoSQLMap;cd NoSQLMap;python setup.py install"
-    ]
+    DESCRIPTION = "NoSQLMap is an open source Python tool designed to audit and automate injection attacks. [*] Please install MongoDB."
+    INSTALL_COMMANDS = ["git clone https://github.com/codingo/NoSQLMap.git",
+                        "sudo chmod -R 755 NoSQLMap;cd NoSQLMap;python setup.py install"]
     RUN_COMMANDS = ["python NoSQLMap"]
     PROJECT_URL = "https://github.com/codingo/NoSQLMap"
 
 
 class SQLiScanner(HackingTool):
     TITLE = "Damn Small SQLi Scanner"
-    DESCRIPTION = "Damn Small SQLi Scanner (DSSS) is a fully functional SQL " \
-                  "injection\nvulnerability scanner also supporting GET and " \
-                  "POST parameters.\n" \
-                  "[*]python3 dsss.py -h[help] | -u[URL]"
+    DESCRIPTION = "DSSS is a fully functional SQL injection vulnerability scanner also supporting GET and POST parameters. Usage: python3 dsss.py -h | -u [URL]"
     INSTALL_COMMANDS = ["git clone https://github.com/stamparm/DSSS.git"]
     PROJECT_URL = "https://github.com/stamparm/DSSS"
 
     def __init__(self):
-        super(SQLiScanner, self).__init__(runnable = False)
+        super(SQLiScanner, self).__init__(runnable=False)
 
 
 class Explo(HackingTool):
     TITLE = "Explo"
-    DESCRIPTION = "Explo is a simple tool to describe web security issues " \
-                  "in a human and machine readable format.\n " \
-                  "Usage:- \n " \
-                  "[1] explo [--verbose|-v] testcase.yaml \n " \
-                  "[2] explo [--verbose|-v] examples/*.yaml"
-    INSTALL_COMMANDS = [
-        "git clone https://github.com/dtag-dev-sec/explo.git",
-        "cd explo;sudo python setup.py install"
-    ]
+    DESCRIPTION = "Explo is a simple tool to describe web security issues in human and machine readable format. Usage: explo [--verbose|-v] testcase.yaml | explo [--verbose|-v] examples/*.yaml"
+    INSTALL_COMMANDS = ["git clone https://github.com/dtag-dev-sec/explo.git",
+                        "cd explo;sudo python setup.py install"]
     PROJECT_URL = "https://github.com/dtag-dev-sec/explo"
 
     def __init__(self):
-        super(Explo, self).__init__(runnable = False)
+        super(Explo, self).__init__(runnable=False)
 
 
 class Blisqy(HackingTool):
     TITLE = "Blisqy - Exploit Time-based blind-SQL injection"
-    DESCRIPTION = "Blisqy is a tool to aid Web Security researchers to find " \
-                  "Time-based Blind SQL injection \n on HTTP Headers and also " \
-                  "exploitation of the same vulnerability.\n " \
-                  "For Usage >> \n"
+    DESCRIPTION = "Blisqy helps web security researchers find time-based blind SQL injections on HTTP headers and exploit them."
     INSTALL_COMMANDS = ["git clone https://github.com/JohnTroony/Blisqy.git"]
     PROJECT_URL = "https://github.com/JohnTroony/Blisqy"
 
     def __init__(self):
-        super(Blisqy, self).__init__(runnable = False)
+        super(Blisqy, self).__init__(runnable=False)
 
 
 class Leviathan(HackingTool):
     TITLE = "Leviathan - Wide Range Mass Audit Toolkit"
-    DESCRIPTION = "Leviathan is a mass audit toolkit which has wide range " \
-                  "service discovery,\nbrute force, SQL injection detection " \
-                  "and running custom exploit capabilities. \n " \
-                  "[*] It Requires API Keys \n " \
-                  "More Usage [!] https://github.com/utkusen/leviathan/wiki"
-    INSTALL_COMMANDS = [
-        "git clone https://github.com/leviathan-framework/leviathan.git",
-        "cd leviathan;sudo pip install -r requirements.txt"
-    ]
+    DESCRIPTION = "Leviathan is a mass audit toolkit with service discovery, brute force, SQL injection detection, and custom exploit capabilities. Requires API keys."
+    INSTALL_COMMANDS = ["git clone https://github.com/leviathan-framework/leviathan.git",
+                        "cd leviathan;sudo pip install -r requirements.txt"]
     RUN_COMMANDS = ["cd leviathan;python leviathan.py"]
     PROJECT_URL = "https://github.com/leviathan-framework/leviathan"
 
 
 class SQLScan(HackingTool):
     TITLE = "SQLScan"
-    DESCRIPTION = "sqlscan is quick web scanner for find an sql inject point." \
-                  " not for educational, this is for hacking."
-    INSTALL_COMMANDS = [
-        "sudo apt install php php-bz2 php-curl php-mbstring curl",
-        "sudo curl https://raw.githubusercontent.com/Cvar1984/sqlscan/dev/build/main.phar --output /usr/local/bin/sqlscan",
-        "chmod +x /usr/local/bin/sqlscan"
-    ]
+    DESCRIPTION = "SQLScan is a quick web scanner to find SQL injection points. Not for educational purposes."
+    INSTALL_COMMANDS = ["sudo apt install php php-bz2 php-curl php-mbstring curl",
+                        "sudo curl https://raw.githubusercontent.com/Cvar1984/sqlscan/dev/build/main.phar --output /usr/local/bin/sqlscan",
+                        "chmod +x /usr/local/bin/sqlscan"]
     RUN_COMMANDS = ["sudo sqlscan"]
     PROJECT_URL = "https://github.com/Cvar1984/sqlscan"
 
 
 class SqlInjectionTools(HackingToolsCollection):
     TITLE = "SQL Injection Tools"
-    TOOLS = [
-        Sqlmap(),
-        NoSqlMap(),
-        SQLiScanner(),
-        Explo(),
-        Blisqy(),
-        Leviathan(),
-        SQLScan()
-    ]
+    TOOLS = [Sqlmap(), NoSqlMap(), SQLiScanner(), Explo(), Blisqy(), Leviathan(), SQLScan()]
+
+    def _get_attr(self, obj, *names, default=""):
+        for n in names:
+            if hasattr(obj, n):
+                return getattr(obj, n)
+        return default
+
+    def pretty_print(self):
+        table = Table(title="SQL Injection Tools", show_lines=True, expand=True)
+        table.add_column("Title", style="purple", no_wrap=True)
+        table.add_column("Description", style="purple")
+        table.add_column("Project URL", style="purple", no_wrap=True)
+
+        for t in self.TOOLS:
+            title = self._get_attr(t, "TITLE", "Title", "title", default=t.__class__.__name__)
+            desc = self._get_attr(t, "DESCRIPTION", "Description", "description", default="").strip().replace("\n", " ")
+            url = self._get_attr(t, "PROJECT_URL", "PROJECT_URL", "PROJECT", "project_url", "projectUrl", default="")
+            table.add_row(str(title), str(desc or "—"), str(url))
+
+        panel = Panel(table, title="[purple]Available Tools[/purple]", border_style="purple")
+        console.print(panel)
+
+    def show_options(self, parent=None):
+        console.print("\n")
+        panel = Panel.fit("[bold magenta]SQL Injection Tools Collection[/bold magenta]\nSelect a tool to view options or run it.", border_style="purple")
+        console.print(panel)
+
+        table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True)
+        table.add_column("Index", justify="center", style="bold yellow")
+        table.add_column("Tool Name", justify="left", style="bold green")
+        table.add_column("Description", justify="left", style="white")
+
+        for i, tool in enumerate(self.TOOLS):
+            title = self._get_attr(tool, "TITLE", "Title", "title", default=tool.__class__.__name__)
+            desc = self._get_attr(tool, "DESCRIPTION", "Description", "description", default="—")
+            table.add_row(str(i + 1), title, desc or "—")
+
+        table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu")
+        console.print(table)
+
+        try:
+            choice = int(Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99"))
+            if 1 <= choice <= len(self.TOOLS):
+                selected = self.TOOLS[choice - 1]
+                if hasattr(selected, "show_options"):
+                    selected.show_options(parent=self)
+                elif hasattr(selected, "run"):
+                    selected.run()
+                elif hasattr(selected, "before_run"):
+                    selected.before_run()
+                else:
+                    console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]")
+            elif choice == 99:
+                return 99
+        except Exception:
+            console.print("[bold red]Invalid choice. Try again.[/bold red]")
+        return self.show_options(parent=parent)
+
+
+if __name__ == "__main__":
+    tools = SqlInjectionTools()
+    tools.pretty_print()
+    tools.show_options()