def main(argv: list):
"""The main function
@type argv: list
@param argv: The arguments given in the execution
"""
if (len(argv) < 2):
oh.errorBox(
"Invalid format! Use -h on 2nd parameter to show the help menu.")
if (argv[1] == '-h' or argv[1] == '--help'):
showHelpMenu()
if (argv[1] == '-v' or argv[1] == '--version'):
exit("FuzzingTool v3.1.0")
url, method, param, headers = getDefaultRequestData(argv)
defaultParam = getRequestParams(param) if param != '' else {}
getWordlistFile(argv)
fuzzer = Fuzzer(RequestHandler(url, method, defaultParam, headers))
oh.infoBox(f"Set target: {fuzzer.getRequestHandler().getUrl()}")
oh.infoBox(f"Set request method: {method}")
oh.infoBox(f"Set request data: {str(defaultParam)}")
checkCookie(argv, fuzzer.getRequestHandler())
checkProxy(argv, fuzzer.getRequestHandler())
checkProxies(argv, fuzzer.getRequestHandler())
checkDelay(argv, fuzzer)
checkVerboseMode(argv, fuzzer)
checkNumThreads(argv, fuzzer)
fuzzer.prepareApplication()
def __checkConnectionAndRedirections(self):
"""Test the connection and redirection to target"""
# If we'll not fuzzing the url paths, so
# test the redirections before start the fuzzing
rh = self.__requestHandler
if rh.getUrlIndexToPayload():
oh.infoBox(
"Test mode set to URL Fuzzing. No redirection verifications to target are being tested."
)
try:
rh.testConnection()
except:
if not oh.askYesNo(
"Connection to target failed. Continue anyway? "):
exit()
else:
oh.infoBox("Connection status: OK")
else:
try:
rh.testConnection()
except:
oh.errorBox("Failed to connect to the server.")
oh.infoBox("Connection status: OK")
oh.infoBox("Testing redirections ...")
rh.testRedirection()
def openProxies(self, proxiesFileName: str):
"""Open the proxies file
@type proxiesFileName: str
@param proxiesFileName: The name of the proxies file
"""
try:
self.__proxiesFile = open('../input/' + proxiesFileName, 'r')
except FileNotFoundError:
oh.errorBox("File '" + proxiesFileName + "' not found.")
def getUrl(argv: list):
"""Get the target URL
@type argv: list
@param argv: The arguments given in the execution
@returns str: The target URL
"""
try:
return argv[argv.index('-u') + 1]
except ValueError:
oh.errorBox("An URL is needed to make the fuzzing.")
def openWordlist(self, wordlistFileName: str):
"""Open the wordlist file
@type wordlistFileName: str
@param wordlistFileName: The name of the wordlist file
"""
try:
self.__wordlistFile = open('../input/' + wordlistFileName, 'r')
except FileNotFoundError:
oh.errorBox(
"File '" + wordlistFileName +
"' not found. Did you put it in the correct directory?")
def readData(self, dataFileName: str):
'''Reads the default data of the requests.
@type dataFileName: str
@param dataFileName: The filename
@returns list: The content into data file
'''
try:
dataFile = open('../input/' + dataFileName, 'r')
return [data.rstrip('\n') for data in dataFile]
except FileNotFoundError:
oh.errorBox("File '" + dataFileName + "' not found.")
def getWordlistFile(argv: list):
"""Get the fuzzing wordlist filename from -f argument, and returns the file object
if the argument -f doesn't exists, or the file couldn't be open, an error is thrown and the application exits
@type argv: list
@param argv: The arguments given in the execution
"""
try:
index = argv.index('-f') + 1
wordlistFileName = argv[index]
fh.openWordlist(wordlistFileName)
except ValueError:
oh.errorBox("An file is needed to make the fuzzing")
def getMethodAndArgs(argv: list, url: str):
"""Get the param method to use ('?' or '$' in URL if GET, or --data) and the request param string
@type argv: list
@param argv: The arguments given in the execution
@type url: str
@param url: The target URL
@returns tuple(str, str, str): The tuple with the new target URL, the request method and params
"""
param = ''
if '?' in url or '$' in url:
if '?' in url:
url, param = url.split('?', 1)
method = 'GET'
else:
method = 'POST'
try:
index = argv.index('--data') + 1
param = argv[index]
except ValueError:
oh.errorBox(
"You must set at least GET or POST parameters for the fuzzing test."
)
return (url, method, param)