def getBlacklists(self):
reext = re.compile(r'\%ext\%', re.IGNORECASE)
reextdot = re.compile(r'\.\%ext\%', re.IGNORECASE)
blacklists = {}
for status in [400, 403, 500]:
blacklistFileName = FileUtils.build_path(self.script_path, "db")
blacklistFileName = FileUtils.build_path(
blacklistFileName, "{}_blacklist.txt".format(status))
if not FileUtils.can_read(blacklistFileName):
# Skip if cannot read file
continue
blacklists[status] = []
for line in FileUtils.get_lines(blacklistFileName):
# Skip comments
if line.lstrip().startswith("#"):
continue
# The same with dictionary.py
if line.startswith("/"):
line = line[1:]
# Classic dirsearch blacklist processing (with %EXT% keyword)
if "%ext%" in line.lower():
for extension in self.arguments.extensions:
if self.arguments.noDotExtensions:
entry = reextdot.sub(extension, line)
else:
entry = line
entry = reext.sub(extension, entry)
blacklists[status].append(entry)
# Forced extensions is not used here because -r is only used for wordlist (in documentation),
# applying in blacklist may create false negatives
else:
blacklists[status].append(line)
return blacklists
