def browser_verification(page):
if not settings.BROWSER_VERIFICATION and re.search(r"(?i)browser.?verification", page or ""):
settings.BROWSER_VERIFICATION = True
warn_msg = "Potential browser verification protection mechanism detected"
if re.search(r"(?i)CloudFlare", page):
warn_msg += " (CloudFlare)."
else:
warn_msg += "."
print settings.print_bold_warning_msg(warn_msg)
def browser_verification(page):
if not settings.BROWSER_VERIFICATION and re.search(r"(?i)browser.?verification", page or ""):
settings.BROWSER_VERIFICATION = True
warn_msg = "Potential browser verification protection mechanism detected"
if re.search(r"(?i)CloudFlare", page):
warn_msg += " (CloudFlare)."
else:
warn_msg += "."
print settings.print_bold_warning_msg(warn_msg)
def captcha_check(page):
if not settings.CAPTCHA_DETECED and re.search(r"(?i)captcha", page or ""):
for match in re.finditer(r"(?si)<form.+?</form>", page):
if re.search(r"(?i)captcha", match.group(0)):
settings.CAPTCHA_DETECED = True
warn_msg = "Potential CAPTCHA protection mechanism detected"
if re.search(r"(?i)<title>[^<]*CloudFlare", page):
warn_msg += " (CloudFlare)."
else:
warn_msg += "."
print settings.print_bold_warning_msg(warn_msg)
break
def captcha_check(page):
if not settings.CAPTCHA_DETECED and re.search(r"(?i)captcha", page or ""):
for match in re.finditer(r"(?si)<form.+?</form>", page):
if re.search(r"(?i)captcha", match.group(0)):
settings.CAPTCHA_DETECED = True
warn_msg = "Potential CAPTCHA protection mechanism detected"
if re.search(r"(?i)<title>[^<]*CloudFlare", page):
warn_msg += " (CloudFlare)."
else:
warn_msg += "."
print settings.print_bold_warning_msg(warn_msg)
break
def python_version():
PYTHON_VERSION = sys.version.split()[0]
if PYTHON_VERSION >= "3" or PYTHON_VERSION < "2.7":
warn_msg = "Python version "
warn_msg += PYTHON_VERSION + " detected. "
warn_msg += "You are advised to use Python version 2.7.x."
print("\n" + settings.print_bold_warning_msg(warn_msg))
def python_version():
PYTHON_VERSION = sys.version.split()[0]
if PYTHON_VERSION.split(".")[0] != "3":
warn_msg = "Deprecated Python version detected: "
warn_msg += PYTHON_VERSION + ". "
warn_msg += "You are advised to use Python version 3."
print("\n" + settings.print_bold_warning_msg(warn_msg))
def blocked_ip(page):
if re.search(settings.BLOCKED_IP_REGEX, page):
warn_msg = "It appears that you have been blocked by the target server."
print(settings.print_bold_warning_msg(warn_msg))
def blocked_ip(page):
if re.search(settings.BLOCKED_IP_REGEX, page):
warn_msg = "It appears that you have been blocked by the target server."
print settings.print_bold_warning_msg(warn_msg)
def estimate_response_time(url, timesec):
stored_auth_creds = False
if settings.VERBOSITY_LEVEL != 0:
debug_msg = "Estimating the target URL response time. "
sys.stdout.write(settings.print_debug_msg(debug_msg))
sys.stdout.flush()
# Check if defined POST data
if menu.options.data:
request = _urllib.request.Request(url, menu.options.data.encode(settings.UNICODE_ENCODING))
else:
url = parameters.get_url_part(url)
request = _urllib.request.Request(url)
headers.do_check(request)
start = time.time()
try:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
response.read(1)
response.close()
except _urllib.error.HTTPError as err:
ignore_start = time.time()
if settings.UNAUTHORIZED_ERROR in str(err) and menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
pass
else:
if settings.VERBOSITY_LEVEL != 0:
print(settings.SPACE)
err_msg = "Unable to connect to the target URL"
try:
err_msg += " (Reason: " + str(err.args[0]).split("] ")[-1].lower() + ")."
except IndexError:
err_msg += " (" + str(err) + ")."
print(settings.print_critical_msg(err_msg))
# Check for HTTP Error 401 (Unauthorized).
if str(err.getcode()) == settings.UNAUTHORIZED_ERROR:
try:
# Get the auth header value
auth_line = err.headers.get('www-authenticate', '')
# Checking for authentication type name.
auth_type = auth_line.split()[0]
settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower())
# Checking for the realm attribute.
try:
auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups()
realm = auth_obj[1].split(',')[0].replace("\"", "")
except:
realm = False
except ValueError:
err_msg = "The identified HTTP authentication type (" + str(auth_type) + ") "
err_msg += "is not yet supported."
print(settings.print_critical_msg(err_msg) + "\n")
raise SystemExit()
except IndexError:
err_msg = "The provided pair of " + str(menu.options.auth_type)
err_msg += " HTTP authentication credentials '" + str(menu.options.auth_cred) + "'"
err_msg += " seems to be invalid."
print(settings.print_critical_msg(err_msg))
raise SystemExit()
if menu.options.auth_type and menu.options.auth_type != auth_type.lower():
if checks.identified_http_auth_type(auth_type):
menu.options.auth_type = auth_type.lower()
else:
menu.options.auth_type = auth_type.lower()
# Check for stored auth credentials.
if not menu.options.auth_cred:
try:
stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower())
except:
stored_auth_creds = False
if stored_auth_creds and not menu.options.ignore_session:
menu.options.auth_cred = stored_auth_creds
info_msg = "Identified a previously stored valid pair of credentials '"
info_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT + "'."
print(settings.print_bold_info_msg(info_msg))
else:
# Basic authentication
if menu.options.auth_type == "basic":
if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
warn_msg = menu.options.auth_type.capitalize() + " "
warn_msg += "HTTP authentication credentials are required."
print(settings.print_warning_msg(warn_msg))
while True:
if not menu.options.batch:
question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
do_update = _input(settings.print_question_msg(question_msg))
else:
do_update = ""
if len(do_update) == 0:
do_update = "Y"
if do_update in settings.CHOICE_YES:
auth_creds = authentication.http_auth_cracker(url, realm)
if auth_creds != False:
menu.options.auth_cred = auth_creds
settings.REQUIRED_AUTHENTICATION = True
break
else:
raise SystemExit()
elif do_update in settings.CHOICE_NO:
checks.http_auth_err_msg()
elif do_update in settings.CHOICE_QUIT:
raise SystemExit()
else:
err_msg = "'" + do_update + "' is not a valid answer."
print(settings.print_error_msg(err_msg))
pass
# Digest authentication
elif menu.options.auth_type == "digest":
if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR:
warn_msg = menu.options.auth_type.capitalize() + " "
warn_msg += "HTTP authentication credentials are required."
print(settings.print_warning_msg(warn_msg))
# Check if heuristics have failed to identify the realm attribute.
if not realm:
warn_msg = "Heuristics have failed to identify the realm attribute."
print(settings.print_warning_msg(warn_msg))
while True:
if not menu.options.batch:
question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > "
do_update = _input(settings.print_question_msg(question_msg))
else:
do_update = ""
if len(do_update) == 0:
do_update = "Y"
if do_update in settings.CHOICE_YES:
auth_creds = authentication.http_auth_cracker(url, realm)
if auth_creds != False:
menu.options.auth_cred = auth_creds
settings.REQUIRED_AUTHENTICATION = True
break
else:
raise SystemExit()
elif do_update in settings.CHOICE_NO:
checks.http_auth_err_msg()
elif do_update in settings.CHOICE_QUIT:
raise SystemExit()
else:
err_msg = "'" + do_update + "' is not a valid answer."
print(settings.print_error_msg(err_msg))
pass
else:
checks.http_auth_err_msg()
else:
raise SystemExit()
ignore_end = time.time()
start = start - (ignore_start - ignore_end)
except socket.timeout:
if settings.VERBOSITY_LEVEL != 0:
print(settings.SPACE)
err_msg = "The connection to target URL has timed out."
print(settings.print_critical_msg(err_msg) + "\n")
raise SystemExit()
except _urllib.error.URLError as err_msg:
if settings.VERBOSITY_LEVEL != 0:
print(settings.SPACE)
print(settings.print_critical_msg(str(err_msg.args[0]).split("] ")[1] + "."))
raise SystemExit()
except ValueError as err_msg:
if settings.VERBOSITY_LEVEL != 0:
print(settings.SPACE)
print(settings.print_critical_msg(str(err_msg) + "."))
raise SystemExit()
end = time.time()
diff = end - start
if int(diff) < 1:
if settings.VERBOSITY_LEVEL != 0 and stored_auth_creds == False:
print(settings.SPACE)
url_time_response = int(diff)
if settings.TARGET_OS == "win":
warn_msg = "Due to the relatively slow response of 'cmd.exe' in target "
warn_msg += "host, there may be delays during the data extraction procedure."
print(settings.print_warning_msg(warn_msg))
else:
if settings.VERBOSITY_LEVEL != 0:
print(settings.SPACE)
url_time_response = int(round(diff))
warn_msg = "The estimated response time is " + str(url_time_response)
warn_msg += " second" + "s"[url_time_response == 1:] + ". That may cause"
if url_time_response >= 3:
warn_msg += " serious"
warn_msg += " delays during the data extraction procedure"
if url_time_response >= 3:
warn_msg += " and/or possible corruptions over the extracted data"
warn_msg += "."
print(settings.print_bold_warning_msg(warn_msg))
if int(timesec) == int(url_time_response):
timesec = int(timesec) + int(url_time_response)
else:
timesec = int(timesec)
# Against windows targets (for more stability), add one extra second delay.
if settings.TARGET_OS == "win" :
timesec = timesec + 1
return timesec, url_time_response
