def __init__(self, view): Facade().mode = "gui" self.data = Facade().data = {"main": []} self._model = GUIModel(self.data["main"]) self._view = view self._interp = WfuzzInterpreter2 self._interp = WfuzzInterpreter(self._model) # init gui self.start_gui() pub.subscribe(self.on_exit, "exit")
def do_tab(self, cmd): data = Facade().data[cmd[1]] = [] model = GUIModel(data) pub.sendMessage("create_tab", name=cmd[1], model=model, interp=WfuzzInterpreter(model))
def show_plugins_help(self, registrant, cols=3, category="$all$"): print("\nAvailable %s:\n" % registrant) table_print([ x[cols:] for x in Facade().proxy(registrant).get_plugins_ext(category) ]) sys.exit(0)
def test_payload_description(self): class mock_saved_session(object): def __init__(self, description, show_field): fr = FuzzRequest() fr.url = "http://www.wfuzz.org/path?param=1¶m2=2" fuzz_res = FuzzResult(history=fr) fuzz_res._description = description fuzz_res._show_field = show_field self.outfile = BytesIO() with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f: pickle.dump(fuzz_res, f) self.outfile.seek(0) self.outfile.name = "mockfile" def close(self): pass def read(self, *args, **kwargs): return self.outfile.read(*args, **kwargs) def seek(self, *args, **kwargs): return self.outfile.seek(*args, **kwargs) def tell(self): return self.outfile.tell() # load plugins before mocking file object Facade().payloads m = mock.MagicMock(name='open', spec=open) m.return_value = mock_saved_session("r.params.all", True) mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open" with mock.patch(mocked_fun, m): payload_list = list(wfuzz.payload(**{'show_field': True, 'description': 'r', 'payloads': [('wfuzzp', {'default': 'mockedfile', 'encoder': None}, None)]})) self.assertEqual([res[0].description for res in payload_list], [{'param': '1', 'param2': '2'}]) m = mock.MagicMock(name='open', spec=open) m.return_value = mock_saved_session("url", None) mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open" with mock.patch(mocked_fun, m): payload_list = list(wfuzz.payload(**{'show_field': True, 'description': 'r', 'payloads': [('wfuzzp', {'default': 'mockedfile', 'encoder': None}, None)]})) self.assertEqual([res[0].description for res in payload_list], ['http://www.wfuzz.org/path?param=1¶m2=2']) m = mock.MagicMock(name='open', spec=open) m.return_value = mock_saved_session("r.scheme", False) mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open" with mock.patch(mocked_fun, m): payload_list = list(wfuzz.payload(**{'show_field': True, 'description': 'r', 'payloads': [('wfuzzp', {'default': 'mockedfile', 'encoder': None}, None)]})) self.assertEqual([res[0].description for res in payload_list], ['http://www.wfuzz.org/path?param=1¶m2=2 | http'])
def find_file(self, name): if os.path.exists(name): return name for pa in Facade().sett.get('general', 'lookup_dirs').split(","): fn = find_file_in_paths(name, pa) if fn is not None: return fn return name
def __init__(self, output): self.f = None if output: try: self.f = open(output, 'w') except IOError as e: raise FuzzExceptBadFile("Error opening file. %s" % str(e)) else: self.f = sys.stdout self.verbose = Facade().printers.kbase["verbose"]
def show_plugin_ext_help(self, registrant, category="$all$"): for p in Facade().proxy(registrant).get_plugins(category): print("Name: %s %s" % (p.name, p.version)) print("Categories: %s" % ','.join(p.category)) print("Summary: %s" % p.summary) print("Author: %s" % ','.join(p.author)) print("Description:") for l in p.description: print(" %s" % l) print("Parameters:") for l in p.parameters: print(" %s %s%s: %s" % ("+" if l[2] else "-", l[0], " (= %s)" % str(l[1]) if l[1] else "", l[3])) print("\n") sys.exit(0)
def __init__(self, dork, page, limit): key = Facade().sett.get('plugins', 'shodan_apikey') if not key: raise FuzzExceptMissingAPIKey( "A Shodan api key is needed. Please check ~/.wfuzz/wfuzz.ini") self.api = shodan.Shodan(key) self._dork = dork self._page = MyCounter(page) self._page_limit = self._page() + limit if limit > 0 else -1 self.results_queue = Queue(self.MAX_ENQUEUED_RES) self.page_queue = Queue() self._threads = [] self._started = False self._cancel_job = False
def show_plugin_ext_help(self, registrant, category="$all$"): for plugin in Facade().proxy(registrant).get_plugins(category): print("Name: %s %s" % (plugin.name, plugin.version)) print("Categories: %s" % ",".join(plugin.category)) print("Summary: %s" % plugin.summary) print("Author: %s" % ",".join(plugin.author)) print("Description:") for desc_lines in plugin.description: print(" %s" % desc_lines) print("Parameters:") for param in plugin.parameters: print(" %s %s%s: %s" % ( "+" if param[2] else "-", param[0], " (= %s)" % str(param[1]) if param[1] else "", param[3], )) print("\n") sys.exit(0)
def show_plugin_ext_help(self, registrant, category="$all$"): for plugin in Facade().proxy(registrant).get_plugins(category): print("Name: %s %s" % (plugin.name, plugin.version)) print("Categories: %s" % ",".join(plugin.category)) print("Summary: %s" % plugin.summary) print("Author: %s" % ",".join(plugin.author)) print("Description:") for desc_lines in plugin.description: print(" %s" % desc_lines) print("Parameters:") for name, default_value, mandatory, description in plugin.parameters: print(" {} {}{}: {}".format( "+" if mandatory else "-", name, " (= %s)" % str(default_value) if default_value is not None else "", description, )) print("\n") sys.exit(0)
def test_burplog_content(burplog_file, expected_content): # load plugins before mocking file object Facade().payloads m = mock.MagicMock(name="open", spec=open) m.return_value = burplog_file mocked_fun = "builtins.open" if sys.version_info >= ( 3, 0) else "__builtin__.open" with mock.patch(mocked_fun, m, create=True): payload_list = list( wfuzz.payload( **{ "payloads": [("burplog", { "default": "mockedfile", "encoder": None }, None)], })) fres = payload_list[0][0] assert fres.history.content == expected_content
def __init__(self, dork, offset=0, limit=0, key=None): if key is None: key = Facade().sett.get("plugins", "bing_apikey") if not key: raise FuzzExceptMissingAPIKey( "An api Bing key is needed. Please chek wfuzz.ini." ) self._key = key self._dork = dork self.max_count = 0 self.current = 0 self._index = 0 self._retrieved = 0 self._results = [] # first bing request to get estimated total count (it does not take into consideration offset). if limit > 0 and limit < 50: total_results, self._retrieved, self._results = self._do_search( offset, limit ) else: total_results, self._retrieved, self._results = self._do_search(offset) # offset not over the results if offset > total_results: self._offset = total_results else: self._offset = offset self.max_count = total_results - self._offset # no more than limit results if self.max_count > limit and limit > 0: self.max_count = limit
def __init__(self, dork, page, limit): if IMPORTED_SHODAN is False: raise FuzzExceptPluginLoadError( "shodan module not imported. Please, install shodan using pip" ) key = Facade().sett.get("plugins", "shodan_apikey") if not key: raise FuzzExceptMissingAPIKey( "A Shodan api key is needed. Please check ~/.wfuzz/wfuzz.ini" ) self.api = shodan.Shodan(key) self._dork = dork self._page = MyCounter(page) self._page_limit = self._page() + limit if limit > 0 else -1 self.results_queue = Queue(self.MAX_ENQUEUED_RES) self.page_queue = Queue() self._threads = [] self._started = False self._cancel_job = False
def __init__(self, params): BasePayload.__init__(self, params) self.attr = self.params["attr"] self._it = iter(Facade().data[self.params["tab"]])
def show_plugins_help(self, registrant, cols=3, category="$all$"): print "\nAvailable %s:\n" % registrant table_print( map(lambda x: x[cols:], Facade().proxy(registrant).get_plugins_ext(category))) sys.exit(0)
def test_payload_description(self): class mock_saved_session(object): def __init__(self, fields, show_field): fr = FuzzRequest() fr.url = "http://www.wfuzz.org/path?param=1¶m2=2" fuzz_res = FuzzResult(history=fr) fuzz_res._fields = fields fuzz_res._show_field = show_field self.outfile = BytesIO() with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f: pickle.dump(fuzz_res, f) self.outfile.seek(0) self.outfile.name = "mockfile" def close(self): pass def read(self, *args, **kwargs): return self.outfile.read(*args, **kwargs) def seek(self, *args, **kwargs): return self.outfile.seek(*args, **kwargs) def tell(self): return self.outfile.tell() # load plugins before mocking file object Facade().payloads m = mock.MagicMock(name="open", spec=open) m.return_value = mock_saved_session(["r.params.all"], True) mocked_fun = ("builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open") with mock.patch(mocked_fun, m): payload_list = list( wfuzz.payload( **{ "show_field": True, "fields": ["r"], "payloads": [("wfuzzp", { "default": "mockedfile", "encoder": None }, None)], })) self.assertEqual( sorted("-".join([res[0].description for res in payload_list]).split("\n")), sorted(["param=1", "param2=2"]), ) m = mock.MagicMock(name="open", spec=open) m.return_value = mock_saved_session(["url"], None) mocked_fun = ("builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open") with mock.patch(mocked_fun, m): payload_list = list( wfuzz.payload( **{ "show_field": True, "fields": ["r"], "payloads": [("wfuzzp", { "default": "mockedfile", "encoder": None }, None)], })) self.assertEqual( [res[0].description for res in payload_list], ["http://www.wfuzz.org/path?param=1¶m2=2"], ) m = mock.MagicMock(name="open", spec=open) m.return_value = mock_saved_session(["r.scheme"], False) mocked_fun = ("builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open") with mock.patch(mocked_fun, m): payload_list = list( wfuzz.payload( **{ "show_field": True, "fields": ["r"], "payloads": [("wfuzzp", { "default": "mockedfile", "encoder": None }, None)], })) self.assertEqual( [res[0].description for res in payload_list], ["http://www.wfuzz.org/path?param=1¶m2=2 | http"], )
def show_plugins_names(self, registrant): print("\n".join(Facade().proxy(registrant).get_plugins_names("$all$")))
def isbllist(self): fext = self.fext return fext != "." and fext in Facade().sett.get( "kbase", "discovery.blacklist").split("-")
def count(self): return len(Facade().data[self.params["tab"]])
def _parse_help_opt(self, optsd): if "--version" in optsd: print(version) sys.exit(0) if "-h" in optsd: self.show_usage() sys.exit(0) if "--help" in optsd: self.show_verbose_usage() sys.exit(0) if "--filter-help" in optsd: FILTER_HELP_REGEX_EXP = ( "Filter Language\n---------------\n\n(.*?)Filtering results") FILTER_HELP_REGEX = re.compile(FILTER_HELP_REGEX_EXP, re.MULTILINE | re.DOTALL) print(FILTER_HELP_REGEX.search(get_filter_help_file()).group(1)) sys.exit(0) # Extensions help if "--script-help" in optsd: script_string = optsd["--script-help"][0] if script_string == "": script_string = "$all$" self.show_plugin_ext_help("scripts", category=script_string) if "--ee" in optsd: if "payloads" in optsd["--ee"]: self.show_plugins_names("payloads") elif "encoders" in optsd["--ee"]: self.show_plugins_names("encoders") elif "iterators" in optsd["--ee"]: self.show_plugins_names("iterators") elif "printers" in optsd["--ee"]: self.show_plugins_names("printers") elif "scripts" in optsd["--ee"]: self.show_plugins_names("scripts") elif "fields" in optsd["--ee"]: print("\n".join(allowed_fields)) elif "files" in optsd["--ee"]: print("\n".join(Facade().sett.get("general", "lookup_dirs").split(","))) elif "registrants" in optsd["--ee"]: print("\n".join(Facade().get_registrants())) elif "options" in optsd["--ee"]: print("\n".join([ "-{}".format(opt) for opt in self.short_opts.replace(":", "") ])) print("\n".join([ "--{}".format(opt.replace("=", "")) for opt in self.long_opts ])) else: raise FuzzExceptBadOptions( "Unknown category. Valid values are: payloads, encoders, iterators, printers or scripts." ) sys.exit(0) if "-e" in optsd: if "payloads" in optsd["-e"]: self.show_plugins_help("payloads") elif "encoders" in optsd["-e"]: self.show_plugins_help("encoders", 2) elif "iterators" in optsd["-e"]: self.show_plugins_help("iterators") elif "printers" in optsd["-e"]: self.show_plugins_help("printers") elif "scripts" in optsd["-e"]: self.show_plugins_help("scripts", 2) else: raise FuzzExceptBadOptions( "Unknown category. Valid values are: payloads, encoders, iterators, printers or scripts." ) if "-f" in optsd: if "help" in optsd["-f"]: self.show_plugins_help("printers") if "-o" in optsd: if "help" in optsd["-o"]: self.show_plugins_help("printers") if "-m" in optsd: if "help" in optsd["-m"]: self.show_plugins_help("iterators") if "-z" in optsd: if "help" in optsd["-z"]: filt = optsd["--slice"][0] if "--slice" in optsd else "$all$" self.show_plugin_ext_help("payloads", category=filt)