def heuristic(response, paramList): done = [] forms = re.findall(r'(?i)(?s)<form.*?</form.*?>', response) for form in forms: method = re.search(r'(?i)method=[\'"](.*?)[\'"]', form) inputs = re.findall(r'(?i)(?s)<input.*?>', response) if inputs != None and method != None: for inp in inputs: inpName = re.search(r'(?i)name=[\'"](.*?)[\'"]', inp) if inpName: inpName = d(e(inpName.group(1))) if inpName not in done: if inpName in paramList: paramList.remove(inpName) done.append(inpName) paramList.insert(0, inpName) print( '%s Heuristic found a potential %s parameter: %s%s%s' % (good, method.group(1), green, inpName, end)) print('%s Prioritizing it' % info) emptyJSvars = re.finditer(r'var\s+([^=]+)\s*=\s*[\'"`][\'"`]', response) for each in emptyJSvars: inpName = each.group(1) done.append(inpName) paramList.insert(0, inpName) print('%s Heuristic found a potential parameter: %s%s%s' % (good, green, inpName, end)) print('%s Prioritizing it' % info)
def heuristic(response, paramList): done = [] forms = re.findall(r'(?i)(?s)<form.*?</form.*?>', response) for form in forms: method = re.search(r'(?i)method=[\'"](.*?)[\'"]', form) inputs = re.findall(r'(?i)(?s)<input.*?>', response) for inp in inputs: inpName = re.search(r'(?i)name=[\'"](.*?)[\'"]', inp) if inpName: inpType = re.search(r'(?i)type=[\'"](.*?)[\'"]', inp) inpValue = re.search(r'(?i)value=[\'"](.*?)[\'"]', inp) inpName = d(e(inpName.group(1))) if inpName not in done: if inpName in paramList: paramList.remove(inpName) done.append(inpName) paramList.insert(0, inpName) print ('%s Heuristic found a potenial parameter: %s%s%s' % (good, green, inpName, end)) print ('%s Prioritizing it' % good)
def heuristic(response, paramList): done = [] forms = re.findall(r'(?i)(?s)<form.*?</form.*?>', response) for form in forms: method = re.search(r'(?i)method=[\'"](.*?)[\'"]', form) inputs = re.findall(r'(?i)(?s)<input.*?>', response) if inputs != None and method != None: for inp in inputs: inpName = re.search(r'(?i)name=[\'"](.*?)[\'"]', inp) if inpName: inpName = d(e(inpName.group(1))) if inpName not in done: if inpName in paramList: paramList.remove(inpName) done.append(inpName) paramList.insert(0, inpName) emptyJSvars = re.finditer(r'var\s+([^=]+)\s*=\s*[\'"`][\'"`]', response) for each in emptyJSvars: inpName = each.group(1) done.append(inpName) paramList.insert(0, inpName)