Created
August 5, 2017 02:39
-
-
Save Graph-X/d588302512be9245f06c32526e04a342 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from string import maketrans | |
| import urllib | |
| import binascii | |
| import re | |
| import base64 | |
| lpp = dict() | |
| def unescape_octal(s): | |
| result = "" | |
| while len(s) != 0: | |
| if s[0] == "\\": | |
| (octbyte, s) = (s[1:4], s[4:]) | |
| try: | |
| result += chr(int(octbyte, 8)) | |
| except ValueError: | |
| result += "\\" | |
| s = octbyte + s | |
| else: | |
| result += s[0] | |
| s = s[1:] | |
| return result | |
| EOL = editor.getEOLMode() | |
| def repl_hex(s): | |
| return binascii.unhexlify(s) | |
| def repl_escapes(lpp,m): | |
| conText = [] | |
| r = m.group(0).split('\\') | |
| for s in r[1:]: | |
| if 'x' not in s: | |
| if len(s) == 2: | |
| s = chr(48) + str(s) | |
| s = chr(92) + str(s) | |
| conText.append(unescape_octal(s)) | |
| else: | |
| conText.append(repl_hex(s[1:])) | |
| q = ''.join(conText) | |
| if lpp.has_key(q): | |
| lpp[q] += 1 | |
| else: | |
| lpp[q] = 1 | |
| console.write(str(lpp) + '\n') | |
| return q | |
| def rex_replace_array(u,m,l): | |
| v = len(u) + 1 | |
| n = [] | |
| for o in l: | |
| n.append(o) | |
| console.write(str(n) + "\n") | |
| console.write("this: " + m.group(0)[v:-2] + "\nthat:") | |
| b = n[m.group(0)[v:-2]] | |
| console.write(b + "\n") | |
| return b | |
| def url_decode(m): | |
| r = r'((\%[a-fA-F0-9]{2})+)' | |
| p = m.group(0) | |
| u = re.search( r, m.group(0)).group().replace("%5C", "%5C%5C") | |
| return re.sub(r,urllib.unquote(urllib.unquote(u)), p) | |
| def find_next(t): | |
| return editor.searchNext(0, t) | |
| def rot_13(s): | |
| trans = maketrans("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ","nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM") | |
| return s.translate(trans) | |
| def b64(s): | |
| return base64.b64decode(s) | |
| def gzinflate(s): | |
| z = 0 | |
| while True: | |
| try: | |
| d = zlib.decompress(s, z) | |
| return d | |
| except: | |
| z -= 1 | |
| if z == -16: | |
| return False | |
| def replace_keyval(k,v): | |
| editor.replace(k,v) | |
| editor.setCurrentPos(0) | |
| editor.setSelection(0,0) | |
| editor.replace(k,v) | |
| def var_replace(c): | |
| a = list() | |
| z = {} | |
| w = {} | |
| for b in c: | |
| a.append(b) | |
| console.write(str(a) + "\n") | |
| editor.setCurrentPos(0) | |
| editor.setSelectionStart(0) | |
| #editor.setSelectionEnd(len(editor.getText())) | |
| l = "" | |
| while l != "//End_Vars\r\n": | |
| #console.write("current position is: %d\n" % editor.getCurrentPos()) | |
| l = editor.getCurLine() | |
| if '=' in l: | |
| l = l.split('=',1) | |
| if l[1][-3] == ';': | |
| l[1] = l[1][:-3] | |
| f = len(l[0]) | |
| p = 0 | |
| while p < f: | |
| if any(x in l[0][p] for x in a): | |
| console.write(l[0][p] +"\n") | |
| p += 1 | |
| else: | |
| console.write("[*] Line does not match variable characters next line\n") | |
| break | |
| if p == f: | |
| z[l[0]] = l[1] | |
| editor.lineDown() | |
| else: | |
| editor.lineDown() | |
| l = editor.getCurLine() | |
| p = 0 | |
| for k, v in z.iteritems(): | |
| g = '{"GLOBALS"}["' + k[1:] + '"]' | |
| editor.replace(g,v) | |
| console.write(g + "\n") | |
| replace_keyval(k[1:],v) | |
| editor.setCurrentPos(0) | |
| editor.setSelection(0,0) | |
| p = 0 | |
| while p <= editor.getLineCount(): | |
| line_breaks(editor.getCurLine(),p) | |
| editor.gotoLine(p) | |
| editor.setCurrentPos(0) | |
| editor.setSelection(0,0) | |
| p = 0 | |
| while "//START_VAR2" not in editor.getCurLine(): | |
| editor.lineDown() | |
| p = p + 1 | |
| while p <= editor.getLineCount(): | |
| l = editor.getCurLine() | |
| if all(x in l[:10] for x in c): | |
| w[l[:10]] = l.split('=',1)[1] | |
| for k,v in w.iteritems(): | |
| console.write(k + " ==> " + v + "\r\n") | |
| def hunt_vars(c,lpp): | |
| stru = re.compile(r'^\$[0-9a-zA-Z]+[\.\=][\=\"].*\";\r\n$') | |
| if stru.match(c): | |
| c = c.split('=') | |
| p = [pos for pos, char in enumerate(c[1]) if char == '"'] | |
| c[1] = c[1][p[0]+1:p[1]] | |
| if c[0].endswith('.') and lpp.has_key(c[0][:-1]): | |
| lpp[c[0][:-1]] += c[1] | |
| else: | |
| lpp[c[0]] = c[1] | |
| def evaluable(): | |
| x = list() | |
| i = 0 | |
| while i <= editor.getLineCount(): | |
| c = editor.getLine(i) | |
| b = {'base64_decode':'b64','rot13': 'rot_13','gzuncopmpress': 'gzinflate'} | |
| stru = re.compile(r'^\@eval\(.*$') | |
| if stru.match(c): | |
| d = c.split('(') | |
| i = 1 | |
| while i < len(d): | |
| for a in b.keys(): | |
| if a in d[1]: | |
| x.append(b[d[i]]) | |
| if '"' in c: | |
| e = [m.start() for m in re.finditer('"', c)] | |
| if len(e) == 2: | |
| z = c[e[0] + 1:e[1]] | |
| elif len(e) == 1: | |
| z = c[e[0]+1:-2] | |
| n = i + 1 | |
| while True: | |
| z += editor.getLine(n)[:-2] | |
| n += 1 | |
| def line_breaks(c,n): | |
| o = 0 | |
| if '${"GLOBALS"}' not in c: | |
| while o <= len(c): | |
| if c[o] == "'" and o < len(c): | |
| console.write(c[o]) | |
| o += 1 | |
| while c[o] != "'" and o <= len(c): | |
| console.write(c[o]) | |
| o += 1 | |
| for x in [';', '{', '}']: | |
| if c[o] == x and c[o + 1] != '\r': | |
| c = c[:o] + c[o] + "\r\n" + c[o + 1:] | |
| editor.replaceLine(n,c) | |
| return 1 | |
| o += 1 | |
| else: | |
| return 0 | |
| def run_all(): | |
| for d in [';','{','}']: | |
| editor.replace(d,d + '\r\n') | |
| editor.rereplace(r'((\\x?[0-9a-f]{2,3})+)', lambda m: repl_escapes(lpp,m)) | |
| editor.rereplace(r'(\%[0-9A-Fa-f]{2})+"\)', url_decode) | |
| i=0 | |
| while i < editor.getLineCount(): | |
| hunt_vars(editor.getLine(i),lpp) | |
| i += 1 | |
| i=0 | |
| for k,v in lpp.iteritems(): | |
| console.write(str(k) + " ==> " + str(v) + "\n") | |
| replace_keyval(k,v) | |
| #evaluable() | |
| # rex_replace_array(u,m,l) | |
| #var_replace(c) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment