def _parse_seed(self, url, optsd): options = dict( url=url, fuzz_methods=False, auth=(None, None), follow=False, head=False, postdata=None, extraheaders=[], cookie=[], allvars=None, ) options['url'] = url if "-X" in optsd: options['fuzz_methods'] = True if "--basic" in optsd: options['auth'] = ("basic", optsd["--basic"][0]) if "--digest" in optsd: options['auth'] = ("digest", optsd["--digest"][0]) if "--ntlm" in optsd: options['auth'] = ("ntlm", optsd["--ntlm"][0]) if "--follow" in optsd: options['follow'] = True if "-I" in optsd: options['head'] = "HEAD" if "-d" in optsd: options['postdata'] = optsd["-d"][0] for bb in optsd["-b"]: options['cookie'].append(bb) for x in optsd["-H"]: splitted = x.partition(":") if splitted[1] != ":": raise FuzzException( FuzzException.FATAL, "Wrong header specified, it should be in the format \"name: value\"." ) options['extraheaders'].append((splitted[0], splitted[2].strip())) if "-V" in optsd: varset = str(optsd["-V"][0]) if varset not in ['allvars', 'allpost', 'allheaders']: raise FuzzException( FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders." ) options['allvars'] = varset return FuzzRequest.from_parse_options(options)
def next(self): if self.stats.cancelled: raise StopIteration if self.seed.wf_allvars is not None: return self._allvar_gen.next() else: return FuzzRequest.from_seed(self.seed, self.dictio.next())
def _parse_seed(self, url, optsd): options = dict( url=url, fuzz_methods=False, auth=(None, None), follow=False, head=False, postdata=None, extraheaders=[], cookie=[], allvars=None, ) options['url'] = url if "-X" in optsd: options['fuzz_methods'] = True if "--basic" in optsd: options['auth'] = ("basic", optsd["--basic"][0]) if "--digest" in optsd: options['auth'] = ("digest", optsd["--digest"][0]) if "--ntlm" in optsd: options['auth'] = ("ntlm", optsd["--ntlm"][0]) if "--follow" in optsd: options['follow'] = True if "-I" in optsd: options['head'] = "HEAD" if "-d" in optsd: options['postdata'] = optsd["-d"][0] for bb in optsd["-b"]: options['cookie'].append(bb) for x in optsd["-H"]: splitted = x.partition(":") if splitted[1] != ":": raise FuzzException(FuzzException.FATAL, "Wrong header specified, it should be in the format \"name: value\".") options['extraheaders'].append((splitted[0], splitted[2].strip())) if "-V" in optsd: varset = str(optsd["-V"][0]) if varset not in ['allvars', 'allpost', 'allheaders']: raise FuzzException(FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders.") options['allvars'] = varset return FuzzRequest.from_parse_options(options)
def from_fuzzRes(res, url, source): fr = FuzzRequest.from_fuzzRes(res, str(url)) fr.wf_description = fr.path fr.rlevel = res.rlevel + 1 plreq = PluginRequest() plreq.source = source plreq.request = fr plreq.rlevel = res.rlevel + 1 return plreq
def _parse_seed(self, url, optsd): options = dict( url=url, fuzz_methods=False, auth=(None, None), follow=False, head=False, postdata=None, extraheaders=None, cookie=None, allvars=None, ) options['url'] = url if "-X" in optsd: options['fuzz_methods'] = True if "--basic" in optsd: options['auth'] = ("basic", optsd["--basic"][0]) if "--digest" in optsd: options['auth'] = ("digest", optsd["--digest"][0]) if "--ntlm" in optsd: options['auth'] = ("ntlm", optsd["--ntlm"][0]) if "--follow" in optsd: options['follow'] = True if "-I" in optsd: options['head'] = "HEAD" if "-d" in optsd: options['postdata'] = optsd["-d"][0] if "-b" in optsd: options['cookie'] = optsd["-b"][0] if "-H" in optsd: options['extraheaders'] = str(optsd["-H"][0]) if "-V" in optsd: varset = str(optsd["-V"][0]) if varset not in ['allvars', 'allpost', 'allheaders']: raise FuzzException( FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders." ) options['allvars'] = varset return FuzzRequest.from_parse_options(options)
def __init__(self, seed, dictio): self.seed = seed self._baseline = FuzzRequest.from_baseline(seed) self.dictio = dictio self.stats = FuzzStats.from_requestGenerator(self) if self.seed.wf_allvars is not None: self._allvar_gen = self.__allvars_gen(self.dictio) else: self._allvar_gen = None
def _parse_seed(self, url, optsd): options = dict( url = url, fuzz_methods = False, auth = (None, None), follow = False, head = False, postdata = None, extraheaders = None, cookie = None, allvars = None, ) options['url'] = url if "-X" in optsd: options['fuzz_methods'] = True if "--basic" in optsd: options['auth'] = ("basic", optsd["--basic"][0]) if "--digest" in optsd: options['auth'] = ("digest", optsd["--digest"][0]) if "--ntlm" in optsd: options['auth'] = ("ntlm", optsd["--ntlm"][0]) if "--follow" in optsd: options['follow'] = True if "-I" in optsd: options['head'] = "HEAD" if "-d" in optsd: options['postdata'] = optsd["-d"][0] if "-b" in optsd: options['cookie'] = optsd["-b"][0] if "-H" in optsd: options['extraheaders'] = str(optsd["-H"][0]) if "-V" in optsd: varset = str(optsd["-V"][0]) if varset not in ['allvars','allpost','allheaders']: raise FuzzException(FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders.") options['allvars'] = varset return FuzzRequest.from_parse_options(options)
def __allvars_gen(self, dic): for payload in dic: for r in FuzzRequest.from_all_fuzz_request(self.seed, payload): yield r