def __init__(self, projectTag):
self.projectTag = projectTag
self.info_Test = readConfig.ReadConfig().getValue('infoTest',
'info')[0]
self.log = creatLog().get_logger()
self.info_filters = readConfig.ReadConfig().getValue(
'infoTest', 'infoFilter')[0]
def __init__(self, projectTag):
self.projectTag = projectTag
self.blacklist_param = readConfig.ReadConfig().getValue(
'FuzzerParam', 'param')[0]
self.default_judges = readConfig.ReadConfig().getValue(
'FuzzerParam', 'default')[0]
self.log = creatLog().get_logger()
def __init__(self, jsRealPaths, options):
# 传入的js文件的路径
warnings.filterwarnings('ignore')
self.jsRealPaths = jsRealPaths
self.blacklist_domains = readConfig.ReadConfig().getValue(
'blacklist', 'domain')[0]
self.blacklistFilenames = readConfig.ReadConfig().getValue(
'blacklist', 'filename')[0]
self.options = options
self.proxy_data = {
'http': self.options.proxy,
'https': self.options.proxy
}
self.UserAgent = [
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.50",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 TaoBrowser/2.0 Safari/536.11",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.3.4000 Chrome/30.0.1599.101 Safari/537.36",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; QQDownload 732; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E; LBBROWSER)",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0",
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.8.131 Version/11.11",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)"
]
self.log = creatLog().get_logger()
def __init__(self,projectTag,options):
self.projectTag = projectTag
self.uploadtest_list = readConfig.ReadConfig().getValue('vuln', 'uploadtest_list')[0]
self.upload_fail = readConfig.ReadConfig().getValue('vuln', 'upload_fail')[0]
self.upload_success = readConfig.ReadConfig().getValue('vuln', 'upload_success')[0]
self.options = options
self.log = creatLog().get_logger()
self.header = ""
self.proxy_data = {'http': self.options.proxy,'https': self.options.proxy}
self.UserAgent = ["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.50",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 TaoBrowser/2.0 Safari/536.11",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.3.4000 Chrome/30.0.1599.101 Safari/537.36",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; QQDownload 732; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E; LBBROWSER)",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0",
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.8.131 Version/11.11",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)"]
self.proxy_data = {'http': self.options.proxy,'https': self.options.proxy}
def __init__(self, projectTag):
self.projectTag = projectTag
self.api_UnAuth_result = []
self.resultFilters = readConfig.ReadConfig().getValue(
'vulnTest', 'resultFilter')[0]
self.unauth_not_sure = readConfig.ReadConfig().getValue(
'vulnTest', 'unauth_not_sure')[0]
self.log = creatLog().get_logger()
def __init__(self,projectTag):
self.projectTag = projectTag
self.passwordtest_list = readConfig.ReadConfig().getValue('vuln', 'passwordtest_list')[0]
self.passworduser_list = readConfig.ReadConfig().getValue('vuln', 'passworduser_list')[0]
self.passwordpass_list = readConfig.ReadConfig().getValue('vuln', 'passwordpass_list')[0]
self.postdatas = []
self.getdatas = []
self.jsonposts = []
self.log = creatLog().get_logger()
self.path = ""
def getMyWord(self, someWord):
lang = CommandLines().cmd().language
if lang:
localLang = lang
else:
localLang = locale.getdefaultlocale()[0][0:2]
try:
myWord = readConfig.ReadConfig().getLang(localLang,someWord)[0]
except:
myWord = readConfig.ReadConfig().getLang('en',someWord)[0] #默认英语
return myWord
def vulntestStart(self,options):
# 获取from_js 和api_id
projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db"
connect = sqlite3.connect(os.sep.join(projectDBPath.split('/')))
cursor = connect.cursor()
connect.isolation_level = None
sql = "select id,from_js from api_tree where path=\"" + self.path + "\""
cursor.execute(sql)
apiTreeInfo = cursor.fetchall()
if len(apiTreeInfo) != 0:
api_id = int(apiTreeInfo[0][0]) # 对应路径的api_id
from_js = int(apiTreeInfo[0][1]) # 对应路径的from_js
message = str(readConfig.ReadConfig().getValue('vulnTest', 'login')[0]).split(',')
# get类型返回的数据列表
getdatas = self.getdatas
# post类型返回的数据列表
postdatas = self.postdatas
jsonpostdata = self.jsonposts
# post请求
if len(getdatas) == 0:
postobj = PostsDataText(self.path, options)
# 传入post的数据和json的数据 线程池跑
# postobj.res.items 是返回的结果
postobj.run(postdatas, jsonpostdata)
for key, value in postobj.res.items():
#print(key + ": " + value)
for flag in message:
if flag in str(value):
# 进行数据裤的插入
try:
DatabaseType(self.projectTag).insertWeakPassInfoIntoDB(api_id,from_js,str(key), str(value))
except Exception as e:
self.log.error("[Err] %s" % e)
# get请求
if len(postdatas) == 0:
getobj = ApiText(getdatas, options)
getobj.run()
for key, value in getobj.res.items():
for flag in message:
if flag in str(value):
# 进行数据裤的插入
try:
DatabaseType(self.projectTag).insertWeakPassInfoIntoDB(api_id,from_js,str(key), str(value))
except Exception as e:
self.log.error("[Err] %s" % e)
def __init__(self, projectTag):
self.projectTag = projectTag
self.regxs = [r'\w\.get\(\"(.*?)\"\,',
r'\w\.post\(\"(.*?)\"\,',
r'\w\.post\(\"(.*?)\"',
r'\w\.get\(\"(.*?)\"',
r'\w\+\"(.*?)\"\,']
self.baseUrlRegxs = [r'url.?\s?\:\s?\"(.*?)\"',
r'url.?\s?\+\s?\"(.*?)\"',
r'url.?\s?\=\s?\"(.*?)\"',
r'host\s?\:\s?\"(.*?)\"', ]
self.baseUrlPaths = []
self.apiPaths = []
self.completeUrls = []
self.apiExts = readConfig.ReadConfig().getValue('blacklist', 'apiExts')[0]
self.log = creatLog().get_logger()