0

I am currently developing a web scanner that continuously scans for vulnerable URLs. I wanted a GUI for my program and thus chose to use tkinter.

Currently I am facing a problem where when I call from my main program (the GUI) by pressing a button to the other scripts, the GUI will freeze and will only load up when the program is done scanning with the entire wordlist.

I know of threading and have tried to apply it to my program. But it doesn't seem to be working and I am unsure why.

I've browsed through many stackoverflow pages for hours and implementing them and it still doesn't seem to work out. One example I've tried is python running task in the background while allowing tkinter to be active

My codes are as follows:

Main GUI

from Tkinter import *
from URLFuzzerNonRecursive import nonrecursiveURL
import threading

def thread(value):
   t = threading.Thread(target=nonrecursiveURL(value))
   t.start()
   #t.join()

def main():
   master = Tk()
   master.title("Web Fuzzer")

   master.geometry("700x400")
   urllabel = Label(master, text="Input URL to Fuzz")
   urllabel.place(relx=0.35, rely=0.05)
   urlinput = Entry(master, bd =5)
   urlinput.place(relx=0.35, rely=0.10)
   urlinput.insert(END,"http://")

   nonrecursionURL = Button(master, text="Non-Recursive URL Fuzzer", command=lambda: thread(urlinput.get()),width=20, height=2)
   nonrecursionURL.place(relx=0.35, rely=0.30)

   master.mainloop()

if __name__ == '__main__':
   main()

Python Script called by main GUI:

import requests
import tkinter.messagebox as tkmb
import tkinter as tk
import threading

def nonrecursiveURL(URLtoTake):
   root = tk.Tk()

   ybar = tk.Scrollbar(root)
   T = tk.Text(root)
   ybar.config(command=T.yview)
   T.config(yscrollcommand=ybar.set)
   T.grid(row=0, column=0, columnspan=5)
   ybar.grid(row=0, column=5, sticky="ns")
   try:
    with open('wordlist.txt') as f:
        for line in f:
            website = URLtoTake.strip('\n')+"/" + line
            URL = requests.get(website)
            if URL.status_code == 200:
                foundsites.append(website)
                info_message = "Status code: "+ str(URL.status_code) + " Found :" + website
                T.insert(tk.END,info_message)

            else:
                info_message = "Status code: "+ str(URL.status_code) +" Not Found :" + website
                T.insert(tk.END,info_message)

        for i in foundsites:
            T.insert(tk.END,"\n")
            T.insert(tk.END,"Found : ")
            T.insert(tk.END, i)
   except requests.exceptions.RequestException:
       info_message = "Please enter a valid URL ( inclusive of http:// )"
       tkmb.showinfo("Output", info_message)
Mr 2
  • 33
  • 1
  • 5

1 Answers1

2

The thread function posted in the question is calling the nonrecursiveURL function directly, before passing it as the thread target.


def thread(value):
   t = threading.Thread(target=nonrecursiveURL(value)) <-- here nonerecursiveURL is being called

To call a function in a different thread, the threading.Thread instance requires a function reference, and an optional list of arguments to be passed to that function.

t = threading.Thread(target=nonrecursiveURL, args=(value,))

now nonrecursiveURL is not called in here, but only passed to the Thread, and will be called in a different thread, when t.start() is called.

You can confirm this issue, by just calling the thread function from Python REPL, leaving Tkinter out of the debugging session.

farzad
  • 8,775
  • 6
  • 32
  • 41