def prepare_requests(args):
headers = {
'User-Agent':
'Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip, deflate',
'Connection': 'close',
'Upgrade-Insecure-Requests': '1'
}
if type(headers) == bool:
headers = extractHeaders(prompt())
elif type(headers) == str:
headers = extractHeaders(headers)
if mem.var['method'] == 'JSON':
mem.headers['Content-type'] = 'application/json'
if args.url:
params = getParams(args.include)
return {
'url': args.url,
'method': mem.var['method'],
'headers': headers,
'include': params
}
elif args.import_file:
return importer(args.import_file, mem.var['method'], headers,
args.include)
return []
help='don\'t ask to continue',
dest='skip',
action='store_true')
parser.add_argument('--skip-dom',
help='skip dom checking',
dest='skipDOM',
action='store_true')
parser.add_argument('-v',
'--vectors',
help='verbose output',
dest='verbose',
action='store_true')
args = parser.parse_args()
if args.headers:
headers = extractHeaders(prompt())
else:
from core.config import headers
find = args.find
fuzz = args.fuzz
encode = args.encode
target = args.target
paramData = args.data
verbose = args.verbose
skipDOM = args.skipDOM
level = args.level or 2
delay = args.delay or core.config.delay
timeout = args.timeout or core.config.timeout
threadCount = args.threads or core.config.threadCount
help='http request timeout',
dest='timeout',
type=int)
parser.add_argument('--headers',
help='http headers',
dest='add_headers',
nargs='?',
const=True)
args = parser.parse_args()
if not args.target:
print('\n' + parser.format_help().lower())
quit()
if type(args.add_headers) == bool:
headers = extractHeaders(prompt())
elif type(args.add_headers) == str:
headers = extractHeaders(args.add_headers)
else:
from core.config import headers
target = args.target
delay = args.delay or 0
level = args.level or 2
timeout = args.timeout or 20
threadCount = args.threads or 2
allTokens = []
weakTokens = []
tokenDatabase = []
insecureForms = []
parser.add_argument('-t', '--threads', help='number of threads',
dest='threadCount', type=int, default=core.config.threadCount)
parser.add_argument('-d', '--delay', help='delay between requests',
dest='delay', type=int, default=core.config.delay)
parser.add_argument('--skip', help='don\'t ask to continue',
dest='skip', action='store_true')
parser.add_argument('--skip-dom', help='skip dom checking',
dest='skipDOM', action='store_true')
parser.add_argument('-v', '--vectors', help='verbose output',
dest='verbose', action='store_true')
parser.add_argument('--blind', help='inject blind XSS payload while crawling',
dest='blindXSS', action='store_true')
args = parser.parse_args()
if args.add_headers:
headers = extractHeaders(prompt())
else:
from core.config import headers
# Pull all parameter values of dict from argparse namespace into local variables of name == key
# The following works, but the static checkers are too static ;-) locals().update(vars(args))
target = args.target
path = args.path
jsonData = args.jsonData
paramData = args.paramData
encode = args.encode
fuzz = args.fuzz
update = args.update
timeout = args.timeout
proxy = args.proxy
find = args.find
help='add headers',
dest='header_dict',
nargs='?',
const=True)
args = parser.parse_args()
delay = args.delay
quiet = args.quiet
target = args.target
threads = args.threads
inp_file = args.inp_file
json_file = args.json_file
header_dict = args.header_dict
if type(header_dict) == bool:
header_dict = extractHeaders(prompt())
elif type(header_dict) == str:
header_dict = extractHeaders(header_dict)
else:
header_dict = {
'User-Agent':
'Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Accept-Encoding': 'gzip',
'DNT': '1',
'Connection': 'close',
}
urls = create_url_list(target, inp_file)
dest='skipDOM',
action='store_true')
parser.add_argument('-v',
'--vectors',
help='verbose output',
dest='verbose',
action='store_true')
parser.add_argument('--blind',
help='inject blind XSS payload while crawling',
dest='blindXSS',
action='store_true')
args = parser.parse_args()
if args.file_headers:
with open(args.file_headers, "r") as f:
user_headers = extractHeaders(f.read())
from core.config import headers
for key in user_headers:
headers[key] = user_headers[key]
if type(args.add_headers) == bool:
headers = extractHeaders(prompt())
elif type(args.add_headers) == str:
headers = extractHeaders(args.add_headers)
else:
if args.add_headers:
headers = extractHeaders(prompt())
else:
from core.config import headers
# Pull all parameter values of dict from argparse namespace into local variables of name == key
