PEP 8 Compliance

Author: thehappydinoa

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -1,20 +1,19 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Paste here the arguments you used: `./autosqli.py ___________________`
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Additional context**
-Add any other context about the problem here.
+---
+name: Bug report
+about: Create a report to help us improve
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Paste here the arguments you used: `./autosqli.py ___________________`
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/Feature_request.md

@@ -1,17 +1,16 @@
----
-name: Feature request
-about: Suggest an idea for this project
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
+---
+name: Feature request
+about: Suggest an idea for this project
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

README.md

@@ -1,46 +1,48 @@
-# AutoSQLi, **the new way script-kiddies hack websites** ( that's a joke :p )
-
-## What is working right now
-
-- Save System
-	- there is a complete save system, which can resume even when your pc crashed.
-	- technology is cool
-- Dorking
-	- from the command line ( one dork ): YES
-	- from a file: NO
-	- from an interactive wizard: YES
-- Waffing
-	- Thanks to Eku, WhatWaf now has a JSON output function.
-	- So it's mostly finished :)
-	- UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step
-- Sqlmapping
-	- I'll look if there is some sort of sqlmap API, because I don't wanna use `execute` this time (:
-	- Sqlmap is cool
-- REPORTING:
-- Rest: NOPE
+# AutoSQLi, **the new way script-kiddies hack websites**
+
+(that's a joke :p)
+
+## Features
+
+-   Save System
+    		\- there is a complete save system, which can resume even when your pc crashed.
+    		\- technology is cool
+-   Dorking
+    		\- from the command line ( one dork ): YES
+    		\- from a file: NO
+    		\- from an interactive wizard: YES
+-   Waffing
+    		\- Thanks to [Ekultek](https://github.com/Ekultek), WhatWaf now has a JSON output function.
+    		\- So it's mostly finished :)
+    		\- UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step
+-   Sqlmapping
+    		\- I'll look if there is some sort of sqlmap API, because I don't wanna use `execute` this time (:
+    		\- Sqlmap is cool
+-   REPORTING: YES
+-   Rest API: NOPE
 
 ## TODO:
 
-Could someone add a proper handling of the log? I mean, logging with different levels, cleanly ^^ ?
-Also, could someone add an option to translate the save ( which is in pickle format ) to a json/csv save ?
-Thanks :)
+-   [ ] Log handling (logging with different levels, cleanly)
+-   [ ] Translate output (option to translate the save, which is in pickle format, to a json/csv save)
+-   [ ] Spellcheck (correct wrongly spelled words and conjugational errors. I'm on Neovim right now and there is no auto-spelling check)
 
 ## The Plan
 
 This plan is a bit outdated, but it will follow this idea
 
-AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites vulnerable to a SQL injection.
-To find vulnerable websites, the users firstly provide a dork [DOrking]( https://www.techopedia.com/definition/30938/google-dorking), which is passed to findDorks.py, which returns a list of URLs corresponding to it.
-Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT's --smart and --batch function ) to verify if the application is protected by a Waf, or if one of it's parameters is vulnerable.
-Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.
+1.  AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites vulnerable to a SQL injection.
+2.  To find vulnerable websites, the users firstly provide a dork [DOrking](https://www.techopedia.com/definition/30938/google-dorking), which is passed to findDorks.py, which returns a list of URLs corresponding to it.
+3.  Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT's --smart and --batch function ) to verify if the application is protected by a Waf, or if one of it's parameters is vulnerable.
+4.  Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.
+5.  Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !
 
-Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !
-
-## Tor
+### Tor
 
 Also, AutoSQLi should work using Tor by default. So it should check for tor availiability on startup.
 
 ## FAQ
+
 ### Cool :)
 
 Yeah, I know.
@@ -49,8 +51,6 @@ Yeah, I know.
 
 Yeah, I know.
 
-TODO: please someone correct those wrongly spelled words and conjugational errors. I'm on Neovim right now and there is no auto-spelling check.
-
 ## Popularity note ( 2018-05-10 )
 
 When I woke up this morning, someone said that a guy by the name of NullArray tweeted about this project. 11 stars later, it makes me want to finish it more than ever !
@@ -61,7 +61,7 @@ Friday, the 11th of May, the first pull request of this project was sent by [@iy
 
 ## sTaTiStIcS
 
-###  2018-05-11
+### 2018-05-11
 
 Today, we are at 15 stars, and got our first pull request. The number of cloners and unique viewers is decreasing with the time, but I noticed that someone followed a link from `web.telegram.org`. Well, those referer statistics are cool.
 I also finished implementing WhatWaf :)
@@ -83,10 +83,9 @@ Also, today, I was at the point of buying a HackRF One ( you know, these cards w
 The fact is I only have 100€ right now, and the HackRF One costs 300€. Ya.
 I think I'll wait. ~please buy me a HackRF One :)~
 
-# Disclaimer ( because you know, every InfoSec projects should have one ) ( I may not be an InfoSec project ) ( don't be offended, please )
+# Disclaimer ( because you know, every InfoSec projects should have one )
 
 ## Don't mess up
 
 This project is for demonstration purposes. Nobody should ever run AutoSQLi. Really.
-Hacking into DB's is fun, but you know, there are guys just like you and me who don't want to get their entire work messed up. You don't to make them scratch their hairs, na ?
-
+Hacking into DB's is fun, but you know, there are guys just like you and me who don't want to get their entire work messed up. You don't to make them pull out their hairs, ya?

autosqli.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 # Adapted to the new save system
 
-from src import log             # provides log.info/debug/warning/critical
+from src import log  # provides log.info/debug/warning/critical
 from src.parse_args import argument_parse  # provides argument_parse()
 # from src.save import Save           # provides Save() [class]
 from src import save
@@ -20,12 +20,12 @@ def main():
     args = argument_parse()
 
     if args.debug:
-        log.debug("ok boss, launching the debug mode")
+        log.debug("Ok boss, launching in debug mode")
         import pdb
         pdb.set_trace()  # XXX BREAKPOINT
 
-    log.info("Welcome into AutoSQLi !")
-    log.debug("Checking save...")
+    log.info("Welcome into AutoSQLi!")
+    log.debug("Checking for saves...")
     save.saveStartup(args)
     log.debug("Loading save...")
     save.importSave()
@@ -42,11 +42,11 @@ def main():
         stages.nextStage(args)
         # backup the current state (into autosqli.save)
         save.writeSave()  # TODO: add a time based saver
-        log.debug("save exported")
+        log.debug("Save exported")
         if save.getStage() == stages.REPORT_STAGE:
             break
 
-    log.info("Goodbye !")
+    log.info("Goodbye!")
 
 
 if __name__ == "__main__":

src/dorkStage.py

@@ -1,7 +1,8 @@
 # Adapted to the new save system
 # from .target import urls_to_targets
 from . import log
-from . import findDorks           # provides findDorks.dorkLines(dorks)
+from . import findDorks  # provides findDorks.dorkLines(dorks)
+
 # from . import save
 
 
@@ -14,8 +15,8 @@ def getDorks(args):
         log.critical("-f (--dork-file) and -d (--dork) are incompatible")
         exit(1)
     elif args.dorkfile is not None:
-        exit(2)     # not implemented
-        pass        # TODO: accept a dorkfile
+        exit(2)  # not implemented
+        pass  # TODO: accept a dorkfile
     elif args.dorkfile is None and args.dork is None:
         log.debug("interactively querying dork")
         log.info("Enter a dork:")
@@ -36,6 +37,7 @@ def dorkStage(args):
 
     search_dork(dorks)
 
+
 #    # convert urls to targets
 #    targets_to_test = urls_to_targets(urls)
 #    # append our targets to the current_save

src/execute.py

@@ -24,15 +24,20 @@ def execute(command, cwd=None, timeout=None, yes=None):
     for arg in pre_command:
         assembled_pre_command += " " + arg
 
-    final_command = ["bash -c {}".format(
-        satanize_for_bash(assembled_pre_command))]
+    final_command = [
+        "bash -c {}".format(satanize_for_bash(assembled_pre_command))
+    ]
 
     # shellmode = True if yes is not None else None
-    import pdb; pdb.set_trace()  # XXX BREAKPOINT
+    import pdb
+    pdb.set_trace()  # XXX BREAKPOINT
     shellmode = True
     log.debug("command: {}; cwd: {}; timeout: {}; shellmode: {}".format(
         final_command, cwd, timeout, shellmode))
-    result = subprocess.run(final_command, stdout=subprocess.PIPE, cwd=cwd,
-                            timeout=timeout,
-                            shell=shellmode)
+    result = subprocess.run(
+        final_command,
+        stdout=subprocess.PIPE,
+        cwd=cwd,
+        timeout=timeout,
+        shell=shellmode)
     return result.stdout.decode('utf-8')

src/findDorks.py

@@ -23,7 +23,7 @@ def main():
 
 def dorkFromFile(filename):
     f = open(filename, 'r')
-    lines = f.readlines()   # read all the lines of the file into 'lines'
+    lines = f.readlines()  # read all the lines of the file into 'lines'
     f.close()
     dorkLines(lines)
 
@@ -53,12 +53,12 @@ def dorkLines(lines):
 
             # TODO: google ban handling
             result_clean = json.loads(result)
-#            # try:
-#                # result_clean = json.loads(result)
-#            # except:
-#                # google_ban = True
-#                # print("Google may have banned us\
-#                      # , but don't worry, it's temporary")
+            #            # try:
+            #                # result_clean = json.loads(result)
+            #            # except:
+            #                # google_ban = True
+            #                # print("Google may have banned us\
+            #                      # , but don't worry, it's temporary")
 
             for x in result_clean:
                 # url = x['url']
@@ -69,13 +69,13 @@ def dorkLines(lines):
             result = duckSearch(dork)
             result_clean = json.loads(result)
 
-#            # TODO: ducky ban handling
-#            # try:
-#                # result_clean = json.loads(result)
-#            # except:
-#                # duck_ban = True
-#                # print("DuckduckGo may have banned us, \
-#                       #but don't worry, it's temporary")
+            #            # TODO: ducky ban handling
+            #            # try:
+            #                # result_clean = json.loads(result)
+            #            # except:
+            #                # duck_ban = True
+            #                # print("DuckduckGo may have banned us, \
+            #                       #but don't worry, it's temporary")
 
             for x in result_clean:
                 # url = x['url']
@@ -97,9 +97,8 @@ def googleSearch(dork):
 def duckSearch(dork):
     """ dork shall be a string which contains... a dork. """
     """ returns the duckduckgo json response for the specified dork """
-    return execute([ddgr_path,
-                    dork,
-                    "--unsafe", "--json", "--np", "--num", "25"])
+    return execute(
+        [ddgr_path, dork, "--unsafe", "--json", "--np", "--num", "25"])
 
 
 if __name__ == "__main__":

src/log.py

@@ -8,17 +8,22 @@
 CRITICAL_PREFIX = colors.FAIL + colors.UNDERLINE + colors.BOLD + "[CRITICAL] "
 WARNING_PREFIX = colors.FAIL + colors.BOLD + "[WARNING] "
 
+
 def debug(msg):
     print(DEBUG_PREFIX + msg + colors.ENDC)
 
+
 def info(msg):
     print(INFO_PREFIX + msg + colors.ENDC)
 
+
 def error(msg):
     print(ERROR_PREFIX + msg + colors.ENDC)
 
+
 def critical(msg):
     print(CRITICAL_PREFIX + msg + colors.ENDC)
 
+
 def warning(msg):
     print(WARNING_PREFIX + msg + colors.ENDC)