From 8c425bd30dc3d43cd13e86b923f385f02152c102 Mon Sep 17 00:00:00 2001
From: Tanaydin Sirin <t.sirin@youwe.nl>
Date: Fri, 5 Apr 2019 14:25:05 +0200
Subject: [PATCH] Adds --plain for plain output.

---
 detection.py | 12 ++++++------
 functions.py | 20 ++++++++++----------
 index.py     |  7 ++++---
 3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/detection.py b/detection.py
index f6d2929..2a2e872 100644
--- a/detection.py
+++ b/detection.py
@@ -9,7 +9,7 @@ result_count = 0
 result_files = 0
 
 # Analyse the source code of a single page
-def analysis(path):
+def analysis(path,plain):
   global result_files
   result_files += 1
   with open(path, 'r') as content_file:
@@ -43,7 +43,7 @@ def analysis(path):
              line_declaration = str(line_vuln)
              occurence = 1
 
-             display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence)
+             display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence, plain)
 
 
     # Detection of RCE/SQLI/LFI/RFI/RFU/XSS/...
@@ -85,11 +85,11 @@ def analysis(path):
                 if not false_positive:
                     global result_count
                     result_count = result_count + 1
-                    display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1], occurence)
+                    display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1], occurence, plain)
 
 
 # Run thru every files and subdirectories
-def recursive(dir,progress):
+def recursive(dir,progress,plain):
     progress += 1
     try:
       for name in os.listdir(dir):
@@ -98,9 +98,9 @@ def recursive(dir,progress):
         # Targetting only PHP Files
         if os.path.isfile(os.path.join(dir, name)):
             if ".php" in os.path.join(dir, name):
-                analysis(dir+"/"+name)
+                analysis(dir+"/"+name,plain)
         else :
-            recursive(dir+"/"+name, progress)
+            recursive(dir+"/"+name, progress,plain)
 
     except OSError, e:
         print "Error 404 - Not Found, maybe you need more right ?"+" "*30
diff --git a/functions.py b/functions.py
index e31f4c8..4813076 100644
--- a/functions.py
+++ b/functions.py
@@ -17,34 +17,34 @@ def nth_replace(string, old, new, n):
 
 
 # Display the found vulnerability with basic informations like the line
-def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence):
+def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence, plain):
     # Potential vulnerability found :  SQL Injection
-    header = "\033[1mPotential vulnerability found : \033[92m{}\033[0m".format(payload[1])
+    header = "\033[{}mPotential vulnerability found : \033[{}m{}\033[0m".format('0' if plain else '1', '0' if plain else '92', payload[1])
 
     # Line  25  in test/sqli.php
-    line = "n°\033[92m{}\033[0m in {}".format(line,path)
+    line = "n°\033[{}m{}\033[0m in {}".format('0' if plain else '92',line,path)
 
     # Code : include($_GET['patisserie'])
-    vuln = nth_replace("".join(vulnerability), colored, "\033[93m"+colored+"\033[0m", occurence)
+    vuln = nth_replace("".join(vulnerability), colored, "\033[{}m".format('0' if plain else '92')+colored+"\033[0m", occurence)
     vuln = "{}({})".format(payload[0], vuln)
 
     # Final Display
     rows, columns = os.popen('stty size', 'r').read().split()
     print "-" * (int(columns)-1)
-    print "Name        " + "\t"+header
+    print "Name        \t{}".format(header)
     print "-" * (int(columns)-1)
-    print "\033[1mLine \033[0m        " + "\t"+line
-    print "\033[1mCode \033[0m        " + "\t"+vuln
+    print "\033[{}mLine \033[0m             {}".format('0' if plain else '1', line)
+    print "\033[{}mCode \033[0m             {}".format('0' if plain else '1', vuln)
 
     # Declared at line 1 : $dest = $_GET['who'];
     if not "$_" in colored:
         declared = "Undeclared in the file"
         if declaration_text != "":
-            declared = "Line n°\033[0;92m"+declaration_line+"\033[0m : "+ declaration_text
+            declared = "Line n°\033[0;{}m{}\033[0m : {}".format('0' if plain else '92', declaration_line, declaration_text)
 
-        print "\033[1mDeclaration \033[0m " + "\t"+declared
+        print "\033[{}mDeclaration \033[0m      {}".format('0' if plain else '1', declared)
 
-	# Small delimiter
+    # Small delimiter
     print ""
 
 # Find the line where the vulnerability is located
diff --git a/index.py b/index.py
index acfa1a5..d171b7b 100644
--- a/index.py
+++ b/index.py
@@ -16,6 +16,7 @@ from indicators import *
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
     parser.add_argument('--dir', action ='store', dest='dir', help="Directory to analyse")
+    parser.add_argument('--plain', action ='store_true', dest='plain', help="No color in output")
     results = parser.parse_args()
 
     if results.dir != None:
@@ -28,12 +29,12 @@ if __name__ == "__main__":
         print "\-'\   /   \  '-'(_ .' |     |'|  | \   |  `-/   /` (_'  '--'\  '  '-'  '|  '-'  / |  `---."
         print "    `-'     `-----'    `-----' `--'  `--'    `--'      `-----'   `-----' `------'  `------'"
         print "                                                            Copyright @pentest_swissky     "
-        print "\n\033[1mAnalyzing '"+results.dir+"' source code\033[0m"
+        print ("\n\033[{}mAnalyzing '{}' source code\033[{}m".format('0' if results.plain else '1', results.dir, '0'))
 
         if os.path.isfile(results.dir):
-            analysis(results.dir)
+            analysis(results.dirm, results.plain)
         else:
-            recursive(results.dir,0)
+            recursive(results.dir,0, results.plain)
         scanresults()
 
     else: