def execute(self, target, headers=None, params=None, mode='verify', verbose=True):
"""
:param url: the target url
:param headers: a :class dict include some fields for request header.
:param params: a instance of Params, includ extra params
:return: A instance of Output
"""
self.target = target
self.url = parseTargetUrl(target)
self.headers = headers
self.params = strToDict(params) if params else {}
self.mode = mode
self.verbose = verbose
self.expt = 'None'
# TODO
output = None
try:
if self.mode == 'attack':
output = self._attack()
else:
output = self._verify()
except NotImplementedError, e:
self.expt = (ERROR_TYPE_ID.NOTIMPLEMENTEDERROR, e)
logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s not defined ' '%s mode' % (self.name, self.mode))
output = Output(self)
def execute(self,
target,
headers=None,
params=None,
mode='verify',
verbose=True):
"""
:param url: the target url
:param headers: a :class dict include some fields for request header.
:param params: a instance of Params, includ extra params
:return: A instance of Output
"""
self.target = target
self.url = parseTargetUrl(target)
self.headers = headers
self.params = strToDict(params) if params else {}
self.mode = mode
self.verbose = verbose
self.expt = 'None'
# TODO
output = None
try:
if self.mode == 'attack':
output = self._attack()
else:
output = self._verify()
except NotImplementedError, e:
self.expt = (ERROR_TYPE_ID.NOTIMPLEMENTEDERROR, e)
logger.log(
CUSTOM_LOGGING.ERROR, 'POC: %s not defined '
'%s mode' % (self.name, self.mode))
output = Output(self)
def execute(self,
target,
headers=None,
params=None,
mode='verify',
verbose=True):
"""
:param url: the target url
:param headers: a :class dict include some fields for request header.
:param params: a instance of Params, includ extra params
:return: A instance of Output
"""
self.target = target
self.url = parseTargetUrl(target)
self.headers = headers
self.params = params
self.mode = mode
self.verbose = verbose
# TODO
output = None
try:
if self.mode == 'attack':
output = self._attack()
else:
output = self._verify()
except NotImplementedError:
logger.log(
CUSTOM_LOGGING.ERROR, 'POC: %s not defined '
'%s mode' % (self.name, self.mode))
output = Output(self)
except ConnectTimeout, e:
while conf.retry > 0:
logger.log(CUSTOM_LOGGING.WARNING,
'POC: %s timeout, start it over.' % self.name)
try:
if self.mode == 'attack':
output = self._attack()
else:
output = self._verify()
break
except ConnectTimeout:
logger.log(CUSTOM_LOGGING.ERROR,
'POC: %s time-out retry failed!' % self.name)
output = Output(self)
conf.retry -= 1
else:
logger.log(CUSTOM_LOGGING.ERROR, str(e))
output = Output(self)
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
url, startTime = parseTargetUrl(targetUrl), time.time()
step, method, path, params, headers, match, status_code = initilizeJson(targetJson)
if (targetUrl + pocInfo['vulID']) not in resultJson:
resultJson[targetUrl + pocInfo['vulID']] = {}
resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}
try:
if method == 'get':
r = req.get('%s/%s' % (url, path), params=params, headers=headers)
else:
r = req.post('%s/%s' % (url, path), data=params, headers=headers)
except Exception, ex:
logger.log(CUSTOM_LOGGING.ERROR, str(ex))
return False
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
url, startTime = parseTargetUrl(targetUrl), time.time()
step, method, path, params, headers, match, status_code = initilizeJson(targetJson)
if (targetUrl + pocInfo['vulID']) not in resultJson:
resultJson[targetUrl + pocInfo['vulID']] = {}
resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}
try:
if method == 'get':
r = req.get('%s/%s' % (url, path), params=params, headers=headers)
else:
r = req.post('%s/%s' % (url, path), data=params, headers=headers)
except Exception, ex:
logger.log(CUSTOM_LOGGING.ERROR, str(ex))
return False
def execute(self, target, headers=None, params=None, mode='verify', verbose=True):
"""
:param url: the target url
:param headers: a :class dict include some fields for request header.
:param params: a instance of Params, includ extra params
:return: A instance of Output
"""
self.target = target
self.url = parseTargetUrl(target)
self.headers = headers
self.params = strToDict(params) if params else {}
self.mode = mode
self.verbose = verbose
# TODO
output = None
try:
if self.mode == 'attack':
output = self._attack()
else:
output = self._verify()
except NotImplementedError:
logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s not defined ' '%s mode' % (self.name, self.mode))
output = Output(self)
except ConnectTimeout, e:
while conf.retry > 0:
logger.log(CUSTOM_LOGGING.WARNING, 'POC: %s timeout, start it over.' % self.name)
try:
if self.mode == 'attack':
output = self._attack()
else:
output = self._verify()
break
except ConnectTimeout:
logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s time-out retry failed!' % self.name)
output = Output(self)
conf.retry -= 1
else:
logger.log(CUSTOM_LOGGING.ERROR, str(e))
output = Output(self)