async def fuzz_all(self, sub_domain=False, log_file_path=None):
"""
Create a pool of threads, read the wordlist and invoke fuzz_all.
Should be run in an event loop.
:param sub_domain: Indicate if this is subdomain enumeration or URL busting
:param log_file_path: Log subdomain enum results to this path.
"""
self.logger = self.get_log_file_path(log_file_path)
try:
with open(self.wordlist, "r") as file:
fuzzlist = file.readlines()
fuzzlist = [x.replace("\n", "") for x in fuzzlist]
except FileNotFoundError:
raise FuzzerException("Cannot read URL list from {}. Will not perform Fuzzing".format(self.wordlist))
try:
# Rule out wildcard subdomain support/all resources redirect to a 200 page
self._rule_out_false_positives(sub_domain)
if not sub_domain:
self.logger.info("{} Fuzzing URLs".format(COLORED_COMBOS.INFO))
self.logger.info("{} Reading from list: {}".format(COLORED_COMBOS.INFO, self.wordlist))
pool = ThreadPool(self.num_threads)
pool.map(partial(self._fetch, sub_domain=sub_domain), fuzzlist)
if not sub_domain:
self.logger.info("{} Done fuzzing URLs".format(COLORED_COMBOS.INFO))
except FuzzerException as e:
self.logger.info("{} {}".format(COLORED_COMBOS.BAD, e))
def _create_set_from_wordlist_file(wordlist):
try:
with open(wordlist, "r") as file:
fuzzlist = file.readlines()
fuzzlist = [x.replace("\n", "") for x in fuzzlist]
return set(fuzzlist)
except FileNotFoundError:
raise FuzzerException("Cannot open file {}. Will not perform Fuzzing".format(wordlist))
def _rule_out_false_positives(response_codes, sub_domain):
if any(code == 200 for code in response_codes):
if sub_domain:
err_msg = "Wildcard subdomain support detected (all subdomains return 200)." \
" Will not bruteforce subdomains"
else:
err_msg = "Web server seems to redirect requests for all resources " \
"to eventually return 200. Will not bruteforce URLs"
raise FuzzerException(err_msg)
def _rule_out_false_positives(self, sub_domain):
fake_uris = (uuid.uuid4() for i in range(3))
for uri in fake_uris:
url = self._build_request_url(uri, sub_domain)
try:
res = self.request_handler.send("GET", url=url, allow_redirects=self.follow_redirects)
if res.status_code == 200:
if sub_domain:
err_msg = "Wildcard subdomain support detected (all subdomains return 200)." \
" Will not bruteforce subdomains"
else:
err_msg = "Web server seems to redirect requests for all resources " \
"to eventually return 200. Will not bruteforce URLs"
raise FuzzerException(err_msg)
except RequestHandlerException as e:
if sub_domain: # If should-not-work.example.com doesn't resolve, no wildcard subdomain is present
return
else:
raise FuzzerException("Could not get a response from {}."
" Maybe target is down ?".format(self.target))
def _generate_fake_requests(self, sub_domain):
response_codes = []
fake_uris = (uuid.uuid4(), uuid.uuid4())
session = self.request_handler.get_new_session()
for uri in fake_uris:
url = self._build_request_url(uri, sub_domain)
try:
res = self.request_handler.send("GET", url=url, allow_redirects=True)
response_codes.append(res.status_code)
res = session.get(url=url, allow_redirects=self.follow_redirects)
response_codes.append(res.status_code)
except RequestHandlerException as e:
if sub_domain: # If should-not-work.example.com doesn't resolve, no wildcard subdomain is present
return [0]
else:
raise FuzzerException("Could not get a response from {}."
" Maybe target is down ?".format(self.target))
return response_codes
