def exploit_common_file(url, extion, dirs=[]): result = [] try: dicts = [] standers = get_site_stander(url) files_path = os.path.abspath(os.path.join(path, "../dict/files.txt")) if len(dirs) == 1: #如果dirs 只有一个目录,说明没有解析到其他路径,从common/dirs.txt中枚举 目录 dir_path = os.path.abspath( os.path.join(path, "../dict/common/dirs.txt")) with open(dir_path) as f: commondirs = f.readlines() f.close() for i in commondirs: dirs.append("/" + i.strip('\n')) with open(files_path) as f: files = f.readlines() f.close() for d in dirs: for f in files: f = f.strip('\n').format(extion) if d: dicts.append('/' + d + '/' + f) else: dicts.append('/' + f) hand = fuzz(url, dicts, standers) result = hand.scan() except: traceback.print_exc() finally: return result
def exploit_common_file(url, extion, dirs=[]): result = [] try: dicts = [] e = get_extion_by_sever(url) extion = extion if extion != 'php' else e standers = get_site_stander(url) files_path = os.path.abspath(os.path.join(path, "../dict/files.txt")) if len(dirs) == 1: dir_path = os.path.abspath( os.path.join(path, "../dict/common/dirs.txt")) with open(dir_path) as f: commondirs = f.readlines() f.close() print commondirs for i in commondirs: dirs.append(i.strip('\n')) with open(files_path) as f: files = f.readlines() f.close() for d in dirs: for f in files: f = f.strip('\n').format(extion) dicts.append(d + '/' + f) hand = fuzz(url, dicts, standers) result = hand.scan() except: traceback.print_exc() finally: return result
def exploit_server_path(url): result = [] try: standers = get_site_stander(url) r = _requests(url) dicts = get_dict_by_server(r.headers) if dicts: hand = fuzz(url, dicts, standers) result = hand.scan() except: traceback.print_exc() finally: return result
def exploit_directory_path(url, dirs=[]): result = [] try: standers = {"title": r"<title>([^<]*)"} dir_path = os.path.abspath( os.path.join(path, "../dict/common/dirs.txt")) with open(dir_path) as f: commondirs = f.readlines() dicts = [] for i in dirs: dicts.append("/" + i + '/') for i in commondirs: i = "/" + i.strip("\n") + '/' dicts.append(i) hand = fuzz(url, dicts, standers) result = hand.scan() except: traceback.print_exc() finally: return result
def exploit_backup_path(url, dirs=[]): result = [] try: domain = urlparse.urlparse(url).netloc standers = { "Content-Type": [ "tmp", "old", "zip", "swp", "rar", "bak", "7z", "tar.gz", "tar.bz2", "tar", "iso" ] } preffix_path = os.path.abspath( os.path.join(path, "../dict/common/backup.preffixs")) suffix_path = os.path.abspath( os.path.join(path, "../dict/common/backup.suffixs")) if len(dirs) == 1: dir_path = os.path.abspath( os.path.join(path, "../dict/common/dirs.txt")) with open(dir_path) as f: commondirs = f.readlines() f.close() for i in commondirs: dirs.append(i.strip('\n')) with open(preffix_path) as f: preffixs = f.readlines() f.close() with open(suffix_path) as f: suffixs = f.readlines() f.close() dicts = [] for d in dirs: for p in preffixs: p = p.strip('\n').format(domain) for s in suffixs: s = s.strip('\n') dicts.append(d + '/' + p + s) hand = fuzz(url, dicts, standers) result = hand.scan() except: traceback.print_exc() finally: return result
def run_parsed_arguments(args): # Process arguments config.args = args action = config.args.action # Split submissions and testcases for 'run'. if action == 'run': if config.args.submissions: config.args.submissions, config.args.testcases = split_submissions_and_testcases( config.args.submissions) else: config.args.testcases = [] # Split submissions and testcases for 'fuzz'. if action == 'fuzz': if config.args.testcases: config.args.submissions, config.args.testcases = split_submissions_and_testcases( config.args.testcases) else: config.args.submissions = [] # Skel commands. if action in ['new_contest']: skel.new_contest(config.args.contestname) return if action in ['new_problem']: skel.new_problem() return # Get problem_paths and cd to contest problems, level, contest, tmpdir = get_problems() # Check for incompatible actions at the problem/problemset level. if level != 'problem': if action == 'generate': fatal('Generating testcases only works for a single problem.') if action == 'test': fatal('Testing a submission only works for a single problem.') if action == 'skel': fatal('Copying skel directories only works for a single problem.') # 'submissions' and 'testcases' are only allowed at the problem level, and only when --problem is not specified. if level != 'problem' or config.args.problem is not None: if hasattr(config.args, 'submissions') and config.args.submissions: fatal( 'Passing in a list of submissions only works when running from a problem directory.' ) if hasattr(config.args, 'testcases') and config.args.testcases: fatal( 'Passing in a list of testcases only works when running from a problem directory.' ) if (action != 'generate' and hasattr(config.args, 'testcases') and config.args.testcases and hasattr(config.args, 'samples') and config.args.samples): fatal( '--samples can not go together with an explicit list of testcases.' ) if hasattr(config.args, 'move_manual') and config.args.move_manual: # Path *must* be inside generators/. try: config.args.move_manual = (problems[0].path / config.args.move_manual).resolve() config.args.move_manual.relative_to(problems[0].path.resolve() / 'generators') except Exception as e: fatal('Directory given to move_manual must be inside generators/.') config.args.add_manual = True # Handle one-off subcommands. if action == 'tmp': if level == 'problem': level_tmpdir = tmpdir / problems[0].name else: level_tmpdir = tmpdir if config.args.clean: log(f'Deleting {tmpdir}!') if level_tmpdir.is_dir(): shutil.rmtree(level_tmpdir) if level_tmpdir.is_file(): level_tmpdir.unlink() else: print(level_tmpdir) return if action in ['stats']: stats.stats(problems) return if action == 'sort': print_sorted(problems) return if action in ['samplezip']: export.build_samples_zip(problems) return if action == 'gitlabci': skel.create_gitlab_jobs(contest, problems) return if action == 'skel': skel.copy_skel_dir(problems) return problem_zips = [] success = True for problem in problems: if (level == 'problemset' and action == 'pdf' and not (hasattr(config.args, 'all') and config.args.all)): continue print(Style.BRIGHT, 'PROBLEM ', problem.name, Style.RESET_ALL, sep='', file=sys.stderr) # TODO: Remove usages of settings. settings = problem.settings if action in ['generate']: success &= generate.generate(problem) if action in ['all', 'constraints', 'run' ] and not getattr(config.args, 'no_generate', False): # Call `generate` with modified arguments. old_args = argparse.Namespace(**vars(config.args)) config.args.check_deterministic = action in ['all', 'constraints'] config.args.jobs = 4 config.args.add_manual = False config.args.move_manual = False config.args.verbose = 0 if not hasattr(config.args, 'testcases'): config.args.testcases = None if not hasattr(config.args, 'force'): config.args.force = False success &= generate.generate(problem) config.args = old_args if action in ['fuzz']: success &= fuzz.fuzz(problem) if action in ['pdf', 'all']: # only build the pdf on the problem level, or on the contest level when # --all is passed. if level == 'problem' or (level == 'problemset' and hasattr( config.args, 'all') and config.args.all): success &= latex.build_problem_pdf(problem) if action in ['solutions']: if level == 'problem': success &= latex.build_problem_pdf(problem, solutions=True) if action in ['validate', 'input', 'all']: success &= problem.validate_format('input_format') if action in ['validate', 'output', 'all']: success &= problem.validate_format('output_format') if action in ['run', 'all']: success &= problem.run_submissions() if action in ['test']: config.args.no_bar = True success &= problem.test_submissions() if action in ['constraints']: success &= constraints.check_constraints(problem, settings) if action in ['zip']: # For DOMjudge: export to A.zip output = problem.label + '.zip' # For Kattis: export to shortname.zip if hasattr(config.args, 'kattis') and config.args.kattis: output = problem.path.with_suffix('.zip') problem_zips.append(output) if not config.args.skip: # Set up arguments for generate. old_args = argparse.Namespace(**vars(config.args)) config.args.check_deterministic = False if config.args.force else True config.args.jobs = 4 config.args.add_manual = False config.args.move_manual = False config.args.verbose = 0 config.args.testcases = None config.args.force = False success &= generate.generate(problem) config.args = old_args success &= latex.build_problem_pdf(problem) if not config.args.force: success &= problem.validate_format('input_format', constraints={}) success &= problem.validate_format('output_format', constraints={}) # Write to problemname.zip, where we strip all non-alphanumeric from the # problem directory name. success &= export.build_problem_zip(problem, output, settings) if action in ['clean'] or (action in ['all'] and config.args.clean): if not hasattr(config.args, 'force'): config.args.force = False success &= generate.clean(problem) if len(problems) > 1: print(file=sys.stderr) if level == 'problemset': print(f'{Style.BRIGHT}CONTEST {contest}{Style.RESET_ALL}', file=sys.stderr) # build pdf for the entire contest if action in ['pdf']: success &= latex.build_contest_pdf(contest, problems, tmpdir, web=config.args.web) if action in ['solutions']: success &= latex.build_contest_pdf(contest, problems, tmpdir, solutions=True, web=config.args.web) if action in ['zip']: if not config.args.kattis: success &= latex.build_contest_pdf(contest, problems, tmpdir) success &= latex.build_contest_pdf(contest, problems, tmpdir, web=True) if not config.args.no_solutions: success &= latex.build_contest_pdf(contest, problems, tmpdir, solutions=True) success &= latex.build_contest_pdf(contest, problems, tmpdir, solutions=True, web=True) outfile = contest + '.zip' if config.args.kattis: outfile = contest + '-kattis.zip' export.build_contest_zip(problems, problem_zips, outfile, config.args) if not success or config.n_error > 0 or config.n_warn > 0: sys.exit(1)
def execute(self, **kwargs): if "data" in kwargs: data = kwargs["data"] else: return "" return fuzz.fuzz(data,self.bfp,self.bip)
def execute(self, **kwargs): if "data" in kwargs: data = kwargs["data"] else: return "" return fuzz.fuzz(data, self.bfp, self.bip)
def Fuzzer(): ret = 0 incrementedrepeat = 0 mutatedcharacter = '' asciicounter = 0 asciiend = 0 fileiocounter = 0 mutatedasciivalue = 0 mutatedasciihex = 0 FZ = fuzz() #This section is responsible for mutating the payload to rotate with the ASCII table #You can select all ASCII values, alphanumic or just the alphabet if (AP.mutate=='asciistd' or AP.mutate=='asciialphanum' or AP.mutate=='asciialpha' or AP.mutate =='asciiext'): if AP.mutate =='asciistd': asciicounter=0 asciiend=127 elif AP.mutate=='asciialphanum': asciicounter=48 asciiend=122 elif AP.mutate =='asciialpha': asciicounter=65 asciiend=122 else: asciicounter=0 asciiend=254 mutatedcharacter = chr(asciicounter) mutatedasciivalue = ord(mutatedcharacter) mutatedasciihex = hex(asciicounter) print 'Mutating character to ASCII DEC %d HEX %s STR %s' %(asciicounter, mutatedasciihex, repr(mutatedcharacter)) while (asciicounter <= asciiend): if AP.repeatincrement > 1: incrementedrepeat += AP.repeatincrement while (incrementedrepeat <= AP.repeat): if AP.protocol != 'HTTP': AP.payload = FZ.CompileFuzz(AP.command, mutatedcharacter, AP.repeat, AP.repeatatonce, incrementedrepeat, AP.fileobject) ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject) if ret != 0: print 'Connection has been terminated' return -1 incrementedrepeat += AP.repeatincrement incrementedrepeat = 0 else: if AP.protocol != 'HTTP': AP.payload = FZ.CompileFuzz(AP.command, mutatedcharacter, AP.repeat, AP.repeatatonce, AP.repeatincrement, AP.fileobject) ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject) asciicounter = asciicounter + 1 if asciicounter < asciiend: mutatedcharacter = chr(asciicounter) mutatedasciivalue = ord(mutatedcharacter) mutatedasciihex = hex(asciicounter) print 'Mutating character to ASCII DEC %d HEX %s STR %s' %(asciicounter, mutatedasciihex, mutatedcharacter) else: if AP.repeatincrement > 1 and AP.repeat > 0: incrementedrepeat += AP.repeatincrement while (incrementedrepeat <= AP.repeat): if AP.protocol != 'HTTP': AP.payload = FZ.CompileFuzz(AP.command, AP.character, AP.repeat, AP.repeatatonce, incrementedrepeat, AP.fileobject) ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject) if ret != 0: print 'Connection has been terminated' return -1 incrementedrepeat += AP.repeatincrement else: if AP.protocol != 'HTTP': AP.payload = FZ.CompileFuzz(AP.command, AP.character, AP.repeat, AP.repeatatonce, AP.repeatincrement, AP.fileobject) ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject) return ret