Ejemplo n.º 1
0
 def results_cmd(self, raw):
     try:
         args = Args(raw, ["clear"], 0, [
             Term("where",
                  keys=self.results.Keys(),
                  start="where",
                  stop="order"),
             Term("order",
                  keys=self.results.Keys(),
                  start="order",
                  stop="where"),
         ])
         if args.clear:
             self.results.Clear()
             self.display.P("Results Cleared...", True)
         else:
             self.display.ResultHeader()
             for r in self.results.Search(args.where.pairs,
                                          args.order.terms):
                 self.display.Result(r)
             self.display.BR()
         return True
     except:
         self._error()
     return False
Ejemplo n.º 2
0
    def jwt_cmd(self, raw):
        try:
            args = Args(raw, [("token", str)], 0)

            canary = self.options.Get("canary_url")
            issuer = self.options.Get("oauth_issuer")
            keyfile = self.options.Get("oauth_keyfile")
            kid = self.options.Get("oauth_kid")

            if args.token:
                jwt = Jwty(args.token)
                self.display.JWT(False, jwt, canary, issuer, keyfile, kid)
            else:
                wzd = Wizzard({
                    "header": ("Enter Header (Default None):", dict, True, {}),
                    "payload":
                    ("Enter Payload (Default None):", dict, True, {}),
                    "secret": ("Enter HS Secret or RS Key (Default None):",
                               str, True, False),
                    "signature":
                    ("Enter Signature (Default None): ", str, False, False)
                })
                self.display.Header("JWT Builder")
                wzd.Launch()
                j = Jwty.Construct(wzd.payload, keyfile, kid, issuer,
                                   wzd.header, wzd.secret, wzd.signature)
                self.display.Header("ENCODED TOKEN: ")
                print(j)
                self.display.BR()

            return True
        except:
            self._error()
        return False
Ejemplo n.º 3
0
    def permutate_cmd(self, raw):
        try:
            args = Args(raw, [("log_id", int), "ALL", ("opt1", str),
                              ("opt2", str)], 1)
            opts = [self._substitute(args.opt1), self._substitute(args.opt2)]

            if self._validate(args, "log_id"):
                log = self.logs.Get(args.log_id)
                orig, err = self.replay.Request(log, None)
                self.display.ResultHeader()
                if err:
                    self.display.Error(
                        "Base Request Failed for log: {0}".format(args.log_id))
                    return True
                self._result(args.log_id, "PERM", {"Base Line": ""}, orig,
                             False, None)
                self.replay.Repeat(
                    args.log_id, log, "PERM",
                    self.logs.Permutations(False if args.ALL else args.log_id,
                                           opts), None, None,
                    [Html.Compare, orig], self._result, self.display.Error)
                self.display.BR()
                return True
        except:
            self._error()
        return False
Ejemplo n.º 4
0
 def replay_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("parm", str), ("val", str),
                           ("find", str)], 1)
         args.val = self._substitute(args.val)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             pv = To.Dict(args.parm, args.val) if args.parm else None
             res, err = self.replay.Request(log, pv, args.find)
             if not err:
                 self.display.ResultHeader()
                 self._result(args.log_id, "REPLY", pv, res, False, None)
                 self.display.BR()
             else:
                 self.display.Error(err)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 5
0
 def hunt_cmd(self, raw):
     try:
         args = Args(raw, [("category", str)], 0)
         for k, v in Hunt(self.logs, args.category).results.items():
             self.display.Header(k)
             self.display.List(v)
         return True
     except:
         self._error()
     return False
Ejemplo n.º 6
0
 def result_cmd(self, raw):
     try:
         args = Args(raw, [("result_id", int), "full", ("opt1", str),
                           ("opt2", str), ("opt3", str)], 1)
         if self._validate(args, "result_id"):
             self.display.Result(self.results.Get(args.result_id), True,
                                 args.full, args.opt1, args.opt2, args.opt3)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 7
0
 def search_cmd(self, raw):
     try:
         args = Args(raw, (), 0, [Term("search", keys=self.logs.Keys())])
         results = self.logs.Search(args.search.terms, args.search.pairs)
         for r in results:
             self.display.Log(r)
         self.display.Pair("Results", len(results), True, True)
         return True
     except Exception:
         self._error()
         return False
Ejemplo n.º 8
0
 def header_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("fp", str)], 1)
         if self._validate(args, "log_id"):
             fp = args.fp if args.fp else "./header.json"
             msg = Generate.Header(self.logs.Get(args.log_id), fp)
             self.display.P(msg, True)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 9
0
 def reflected_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("parm", str), ("val", str),
                           ("find", str)], 3)
         args.val = self._substitute(args.val)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             pv = To.Dict(args.parm, args.val)
             res, err = self.replay.Request(log, pv, args.find)
             if not err:
                 self.display.ResultHeader()
                 flag, meta = Html.Reflected(res, args.val,
                                             self.options.Get("render"))
                 self._result(args.log_id, "RFLCT", pv, res, flag, meta)
                 self.display.BR()
             else:
                 self.display.Error(err)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 10
0
 def view_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), "full", ("opt1", str),
                           ("opt2", str), ("opt3", str)], 1)
         if self._validate(args, "log_id"):
             self.display.Log((args.log_id, self.logs.Get(args.log_id)),
                              True, args.full, args.opt1, args.opt2,
                              args.opt3)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 11
0
 def unique_cmd(self, raw):
     try:
         args = Args(raw, [("field", str), ("regex", str)], 1,
                     [Term("where", keys=self.logs.Keys(), start="where")])
         if self._validate(args):
             ret = self.logs.Unique(args.field, args.regex,
                                    args.where.terms, args.where.pairs)
             self.display.List(ret)
             self.display.Pair("Results", len(ret), True, True)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 12
0
 def parameters_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int)], 0)
         if self._validate(args, "log_id"):
             result = self.logs.Parameters(args.log_id)
             for s in ["Headers", "Cookies", "Query", "Body"]:
                 self.display.Header(s)
                 for v in result[s.lower()]:
                     self.display.P(v)
                 self.display.BR()
             return True
     except:
         self._error()
     return False
Ejemplo n.º 13
0
 def code_cmd(self, raw):
     try:
         args = Args(raw,
                     [("log_id", lambda l: [int(x) for x in l.split(',')]),
                      ("fp", str)], 1)
         if self._validate(args, "log_id"):
             fp = args.fp if args.fp else "./run-{0}.py".format("-".join(
                 [str(x) for x in args.log_id]))
             msg = Generate.Code([self.logs.Get(i) for i in args.log_id],
                                 fp)
             self.display.P(msg, True)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 14
0
 def extract_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("fp", str)], 2)
         if self._validate(args, "log_id"):
             content = self.logs.Get(args.log_id).response.body
             if isinstance(content, (list, dict)):
                 Writer.Json(args.fp, content)
             else:
                 Writer.Replace(args.fp, content)
             self.display.Format("Log: {0} Extracted: {1}", True,
                                 args.log_id, args.fp)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 15
0
 def burp_cmd(self, raw):
     try:
         args = Args(raw, [("result_id", int)], 1)
         if self._validate(args, "result_id"):
             result = self.results.Get(args.result_id)
             r = self.replay.Result(result, self.proxies)
             self.display.Header(
                 "Result: {0} Sent Through Burp Proxy".format(
                     result.result_id))
             self.display.Pair(r.request.method.upper(), r.request.url)
             self.display.BR()
             return True
     except:
         self._error()
     return False
Ejemplo n.º 16
0
 def flip_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("method", str)], 2)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             pv = To.Dict("method", args.method)
             res, err = self.replay.Request(log, pv, None, True,
                                            self.proxies)
             if not err:
                 self.display.ResultHeader()
                 flag = (str(log.status) == str(res.status_code))
                 self._result(args.log_id, "FLIP", pv, res, flag, None)
                 self.display.BR()
             else:
                 self.display.Error(err)
             return True
     except:
         self._error()
     return False
Ejemplo n.º 17
0
 def set_cmd(self, raw):
     try:
         args = Args(raw, [("key", str), ("value", str)], 2)
         if self._validate(args):
             value = int(args.value) if args.value.isdigit() else args.value
             value = True if str(
                 args.value).lower() == "true" else args.value
             value = False if str(
                 args.value).lower() == "false" else args.value
             value = args.value.split(
                 ",") if args.value.find(",") > -1 else args.value
             self.options.Set(args.key, value)
             self.display.Header("Belch Cli Options Updated")
             self.display.Pair(args.key, value)
             self.display.BR()
             return True
     except:
         self._error()
     return False
Ejemplo n.º 18
0
    def _fuzz(self, result_type, wordlist_name, raw):
        try:
            args = Args(raw, [("log_id", int), ("parm", str), ("opt1", str),
                              ("opt2", str)], 2)
            if self._validate(args, "log_id"):
                log = self.logs.Get(args.log_id)
                self.display.ResultHeader()
                self.replay.Repeat(
                    args.log_id, log, result_type, args.parm,
                    self._substitute(WordList.Get(wordlist_name)),
                    [args.opt1, args.opt2], [
                        lambda res:
                        (True if res.status_code == 500 else False, None)
                    ], self._result, self.display.Error)

                self.display.BR()
                return True
        except:
            self._error()
        return False
Ejemplo n.º 19
0
 def jwts_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int)], 1)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             x = log.request.raw
             if log.response and log.response.raw:
                 x += log.response.raw
             jwts = Parser.FindJWTs(x)
             self.display.JWT(
                 (args.log_id, log),
                 jwts,
                 self.options.Get("canary_url"),
                 self.options.Get("oauth_issuer"),
                 self.options.Get("oauth_keyfile"),
                 self.options.Get("oauth_kid"),
             )
             return True
     except:
         self._error()
     return False
Ejemplo n.º 20
0
 def xss_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("parm", str), ("opt1", str),
                           ("opt2", str)], 2)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             self.display.ResultHeader()
             self.replay.Repeat(
                 args.log_id, log, "XSS", args.parm,
                 self._substitute(WordList.Get("xss")),
                 [args.opt1, args.opt2], [
                     Html.FindExecJs, "console.log(742)",
                     [
                         "onerror", "onpointermove", "href", "src",
                         "onload", "BACKGROUND", "STYLE"
                     ],
                     self.options.Get("render")
                 ], self._result, self.display.Error)
             self.display.BR()
             return True
     except:
         self._error()
     return False