Beispiel #1
0
    def execute(self, target, headers=None, params=None, mode='verify', verbose=True):
        """
        :param url: the target url
        :param headers: a :class dict include some fields for request header.
        :param params: a instance of Params, includ extra params

        :return: A instance of Output
        """
        self.target = target
        self.url = parseTargetUrl(target)
        self.headers = headers
        self.params = strToDict(params) if params else {}
        self.mode = mode
        self.verbose = verbose
        self.expt = 'None'
        # TODO
        output = None

        try:
            if self.mode == 'attack':
                output = self._attack()
            else:
                output = self._verify()

        except NotImplementedError, e:
            self.expt = (ERROR_TYPE_ID.NOTIMPLEMENTEDERROR, e)
            logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s not defined ' '%s mode' % (self.name, self.mode))
            output = Output(self)
Beispiel #2
0
    def execute(self,
                target,
                headers=None,
                params=None,
                mode='verify',
                verbose=True):
        """
        :param url: the target url
        :param headers: a :class dict include some fields for request header.
        :param params: a instance of Params, includ extra params

        :return: A instance of Output
        """
        self.target = target
        self.url = parseTargetUrl(target)
        self.headers = headers
        self.params = strToDict(params) if params else {}
        self.mode = mode
        self.verbose = verbose
        self.expt = 'None'
        # TODO
        output = None

        try:
            if self.mode == 'attack':
                output = self._attack()
            else:
                output = self._verify()

        except NotImplementedError, e:
            self.expt = (ERROR_TYPE_ID.NOTIMPLEMENTEDERROR, e)
            logger.log(
                CUSTOM_LOGGING.ERROR, 'POC: %s not defined '
                '%s mode' % (self.name, self.mode))
            output = Output(self)
Beispiel #3
0
    def execute(self,
                target,
                headers=None,
                params=None,
                mode='verify',
                verbose=True):
        """
        :param url: the target url
        :param headers: a :class dict include some fields for request header.
        :param params: a instance of Params, includ extra params

        :return: A instance of Output
        """
        self.target = target
        self.url = parseTargetUrl(target)
        self.headers = headers
        self.params = params
        self.mode = mode
        self.verbose = verbose
        # TODO
        output = None

        try:
            if self.mode == 'attack':
                output = self._attack()
            else:
                output = self._verify()

        except NotImplementedError:
            logger.log(
                CUSTOM_LOGGING.ERROR, 'POC: %s not defined '
                '%s mode' % (self.name, self.mode))
            output = Output(self)

        except ConnectTimeout, e:
            while conf.retry > 0:
                logger.log(CUSTOM_LOGGING.WARNING,
                           'POC: %s timeout, start it over.' % self.name)
                try:
                    if self.mode == 'attack':
                        output = self._attack()
                    else:
                        output = self._verify()
                    break
                except ConnectTimeout:
                    logger.log(CUSTOM_LOGGING.ERROR,
                               'POC: %s time-out retry failed!' % self.name)
                    output = Output(self)
                conf.retry -= 1
            else:
                logger.log(CUSTOM_LOGGING.ERROR, str(e))
                output = Output(self)
Beispiel #4
0
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
    url, startTime = parseTargetUrl(targetUrl), time.time()
    step, method, path, params, headers, match, status_code = initilizeJson(targetJson)

    if (targetUrl + pocInfo['vulID']) not in resultJson:
        resultJson[targetUrl + pocInfo['vulID']] = {}
        resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}

    try:
        if method == 'get':
            r = req.get('%s/%s' % (url, path), params=params, headers=headers)
        else:
            r = req.post('%s/%s' % (url, path), data=params, headers=headers)

    except Exception, ex:
        logger.log(CUSTOM_LOGGING.ERROR, str(ex))
        return False
Beispiel #5
0
def _executeVerify(pocInfo, targetJson, targetUrl, mode):
    url, startTime = parseTargetUrl(targetUrl), time.time()
    step, method, path, params, headers, match, status_code = initilizeJson(targetJson)

    if (targetUrl + pocInfo['vulID']) not in resultJson:
        resultJson[targetUrl + pocInfo['vulID']] = {}
        resultJson[targetUrl + pocInfo['vulID']]['verifyInfo'] = {'URL': url, 'Postdata': params, 'Path': path}

    try:
        if method == 'get':
            r = req.get('%s/%s' % (url, path), params=params, headers=headers)
        else:
            r = req.post('%s/%s' % (url, path), data=params, headers=headers)

    except Exception, ex:
        logger.log(CUSTOM_LOGGING.ERROR, str(ex))
        return False
Beispiel #6
0
    def execute(self, target, headers=None, params=None, mode='verify', verbose=True):
        """
        :param url: the target url
        :param headers: a :class dict include some fields for request header.
        :param params: a instance of Params, includ extra params

        :return: A instance of Output
        """
        self.target = target
        self.url = parseTargetUrl(target)
        self.headers = headers
        self.params = strToDict(params) if params else {}
        self.mode = mode
        self.verbose = verbose
        # TODO
        output = None

        try:
            if self.mode == 'attack':
                output = self._attack()
            else:
                output = self._verify()

        except NotImplementedError:
            logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s not defined ' '%s mode' % (self.name, self.mode))
            output = Output(self)

        except ConnectTimeout, e:
            while conf.retry > 0:
                logger.log(CUSTOM_LOGGING.WARNING, 'POC: %s timeout, start it over.' % self.name)
                try:
                    if self.mode == 'attack':
                        output = self._attack()
                    else:
                        output = self._verify()
                    break
                except ConnectTimeout:
                    logger.log(CUSTOM_LOGGING.ERROR, 'POC: %s time-out retry failed!' % self.name)
                    output = Output(self)
                conf.retry -= 1
            else:
                logger.log(CUSTOM_LOGGING.ERROR, str(e))
                output = Output(self)