def writeXMLToFile(self, doc=None):
# write the xml out to file
try:
FILE = open(self.fileHandle, "w")
if doc is not None:
FILE.write(doc.toxml())
else:
FILE.write(self.doc.toxml())
FILE.close()
except IOError, detail:
genUtils.handleFileMsg(self.fileHandle, msg=detail)
return None
def writeXMLToFile(self, doc=None):
# write the xml out to file
try:
FILE = open(self.fileHandle,"w")
if doc is not None:
FILE.write(doc.toxml())
else:
FILE.write(self.doc.toxml())
FILE.close()
except IOError, detail:
genUtils.handleFileMsg(self.fileHandle, msg=detail)
return None
def res_detect(self,host,dir_list):
self.target = host
s = re.compile(r'[Ee]rror 404', re.IGNORECASE)
t = re.compile(r'300 [Mm]ultiple', re.IGNORECASE)
if self.target.startswith('http') is False:
self.target = 'http://' + self.target
# get dictionaries for resource and file extension data
try:
dirs = open(self.infile)
ft = open(self.extfile)
files = dirs.read().split()
filetypes = ft.read().split()
except IOError, e:
genUtils.handleFileMsg(self.infile, msg=e, exit=True)
def dir_detect_adv(self,host,depth=5):
self.target = host
cnt = 0
line_cnt = 0
limit = 0
s = re.compile(r'[Ee]rror 404', re.IGNORECASE)
t = re.compile(r'300 [Mm]ultiple', re.IGNORECASE)
if self.target.startswith('http') is False:
self.target = 'http://' + self.target
# get dictionary for dir data
try:
dirs = open(self.infile)
directories = dirs.read().split()
except IOError, e:
genUtils.handleFileMsg(self.infile, msg=e, exit=True)
def beginFuzz(self, param=None):
# gather all of the static data from
# the dictionary submitted by the user
#############################################################
# standard model means the user chooses options
# and submits dict in the interactive form
if self.dictType == "standard":
try:
self.fileHandle = open(self.source, 'rb')
except:
genUtils.handleFileMsg(self.source, exit=True)
#self.fuzzList = self.fileHandle.readlines()
tmpfuzzList = self.fileHandle.readlines()
# populate the fuzzList array with the added data
# necessary for the XML write
for fl in tmpfuzzList:
# dictionary data should now be coming in as such:
# vector:::type
# example:
# x' OR 1 = 1 --:::SQL Injection
a = fl.split(':::')
# fuzzList then holds the following data structure:
# each node in the array is an array
# in each node array you will find the index
# is a dictionary as such:
# [ [{"x' OR 1 = 1 --": 'C'}, 'SQL Injection'], [{"x' OR '1' = '1": 'C'}, 'SQL Injection'] ]
if a[0] <> '\n':
self.fuzzList.append([{a[0].strip(): 'C'}, a[1].strip()])
#############################################################
if (self.automated == True):
self.f = FuzzGenerator.FuzzGenerator()
self.x = XMLFuzzGenerator.XMLFuzzGenerator()
# gather attacks strings from class FuzzGenerator
# call generate function and it will
# generate all dynamic attack strings
self.f.generate()
# iterate over each array returned to us
for all in self.f.getall():
# iterate over each val per array
for a in all:
self.fuzzList.append([{a[0]: 'C'}, a[1]])
# now gather attack strings from
# class XMLFuzzGenerator
# call generateAttacks function and
# it will generate XML attack strings
self.x.generateAttacks(self.fuzzList, param)
# iterate over each array returned to us
for all in self.x.getallparam():
# iterate over each val per array
for a in all:
self.fuzzList.append([{a[0]: 'C'}, a[1]])
#############################################################
# the payload model means that the user has submitted an XML
# file containing attack vectors already once generated by
# WSFuzzer and saved
if self.dictType == "payload":
self.fuzzList = self.xmlp.getAllData(self.getDictionaryFileName(),
"attack_string", "vector")
#############################################################
# logistics ...
self.length = len(self.fuzzList)
def beginFuzz(self, param=None):
# gather all of the static data from
# the dictionary submitted by the user
#############################################################
# standard model means the user chooses options
# and submits dict in the interactive form
if self.dictType == "standard":
try:
self.fileHandle = open(self.source, 'rb')
except:
genUtils.handleFileMsg(self.source, exit=True)
#self.fuzzList = self.fileHandle.readlines()
tmpfuzzList = self.fileHandle.readlines()
# populate the fuzzList array with the added data
# necessary for the XML write
for fl in tmpfuzzList:
# dictionary data should now be coming in as such:
# vector:::type
# example:
# x' OR 1 = 1 --:::SQL Injection
a = fl.split(':::')
# fuzzList then holds the following data structure:
# each node in the array is an array
# in each node array you will find the index
# is a dictionary as such:
# [ [{"x' OR 1 = 1 --": 'C'}, 'SQL Injection'], [{"x' OR '1' = '1": 'C'}, 'SQL Injection'] ]
if a[0] <> '\n':
self.fuzzList.append([{a[0].strip():'C'}, a[1].strip()])
#############################################################
if (self.automated == True):
self.f = FuzzGenerator.FuzzGenerator()
self.x = XMLFuzzGenerator.XMLFuzzGenerator()
# gather attacks strings from class FuzzGenerator
# call generate function and it will
# generate all dynamic attack strings
self.f.generate()
# iterate over each array returned to us
for all in self.f.getall():
# iterate over each val per array
for a in all:
self.fuzzList.append([{a[0]:'C'}, a[1]])
# now gather attack strings from
# class XMLFuzzGenerator
# call generateAttacks function and
# it will generate XML attack strings
self.x.generateAttacks(self.fuzzList, param)
# iterate over each array returned to us
for all in self.x.getallparam():
# iterate over each val per array
for a in all:
self.fuzzList.append([{a[0]:'C'}, a[1]])
#############################################################
# the payload model means that the user has submitted an XML
# file containing attack vectors already once generated by
# WSFuzzer and saved
if self.dictType == "payload":
self.fuzzList = self.xmlp.getAllData(self.getDictionaryFileName(), "attack_string", "vector")
#############################################################
# logistics ...
self.length = len(self.fuzzList)
