def __init__(self, view):
Facade().mode = "gui"
self.data = Facade().data = {"main": []}
self._model = GUIModel(self.data["main"])
self._view = view
self._interp = WfuzzInterpreter2
self._interp = WfuzzInterpreter(self._model)
# init gui
self.start_gui()
pub.subscribe(self.on_exit, "exit")
def do_tab(self, cmd):
data = Facade().data[cmd[1]] = []
model = GUIModel(data)
pub.sendMessage("create_tab",
name=cmd[1],
model=model,
interp=WfuzzInterpreter(model))
def show_plugins_help(self, registrant, cols=3, category="$all$"):
print("\nAvailable %s:\n" % registrant)
table_print([
x[cols:]
for x in Facade().proxy(registrant).get_plugins_ext(category)
])
sys.exit(0)
def test_payload_description(self):
class mock_saved_session(object):
def __init__(self, description, show_field):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
fuzz_res._description = description
fuzz_res._show_field = show_field
self.outfile = BytesIO()
with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f:
pickle.dump(fuzz_res, f)
self.outfile.seek(0)
self.outfile.name = "mockfile"
def close(self):
pass
def read(self, *args, **kwargs):
return self.outfile.read(*args, **kwargs)
def seek(self, *args, **kwargs):
return self.outfile.seek(*args, **kwargs)
def tell(self):
return self.outfile.tell()
# load plugins before mocking file object
Facade().payloads
m = mock.MagicMock(name='open', spec=open)
m.return_value = mock_saved_session("r.params.all", True)
mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open"
with mock.patch(mocked_fun, m):
payload_list = list(wfuzz.payload(**{'show_field': True, 'description': 'r', 'payloads': [('wfuzzp', {'default': 'mockedfile', 'encoder': None}, None)]}))
self.assertEqual([res[0].description for res in payload_list], [{'param': '1', 'param2': '2'}])
m = mock.MagicMock(name='open', spec=open)
m.return_value = mock_saved_session("url", None)
mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open"
with mock.patch(mocked_fun, m):
payload_list = list(wfuzz.payload(**{'show_field': True, 'description': 'r', 'payloads': [('wfuzzp', {'default': 'mockedfile', 'encoder': None}, None)]}))
self.assertEqual([res[0].description for res in payload_list], ['http://www.wfuzz.org/path?param=1¶m2=2'])
m = mock.MagicMock(name='open', spec=open)
m.return_value = mock_saved_session("r.scheme", False)
mocked_fun = "builtins.open" if sys.version_info >= (3, 0) else "__builtin__.open"
with mock.patch(mocked_fun, m):
payload_list = list(wfuzz.payload(**{'show_field': True, 'description': 'r', 'payloads': [('wfuzzp', {'default': 'mockedfile', 'encoder': None}, None)]}))
self.assertEqual([res[0].description for res in payload_list], ['http://www.wfuzz.org/path?param=1¶m2=2 | http'])
def find_file(self, name):
if os.path.exists(name):
return name
for pa in Facade().sett.get('general', 'lookup_dirs').split(","):
fn = find_file_in_paths(name, pa)
if fn is not None:
return fn
return name
def __init__(self, output):
self.f = None
if output:
try:
self.f = open(output, 'w')
except IOError as e:
raise FuzzExceptBadFile("Error opening file. %s" % str(e))
else:
self.f = sys.stdout
self.verbose = Facade().printers.kbase["verbose"]
def show_plugin_ext_help(self, registrant, category="$all$"):
for p in Facade().proxy(registrant).get_plugins(category):
print("Name: %s %s" % (p.name, p.version))
print("Categories: %s" % ','.join(p.category))
print("Summary: %s" % p.summary)
print("Author: %s" % ','.join(p.author))
print("Description:")
for l in p.description:
print(" %s" % l)
print("Parameters:")
for l in p.parameters:
print(" %s %s%s: %s" % ("+" if l[2] else "-", l[0], " (= %s)" % str(l[1]) if l[1] else "", l[3]))
print("\n")
sys.exit(0)
def __init__(self, dork, page, limit):
key = Facade().sett.get('plugins', 'shodan_apikey')
if not key:
raise FuzzExceptMissingAPIKey(
"A Shodan api key is needed. Please check ~/.wfuzz/wfuzz.ini")
self.api = shodan.Shodan(key)
self._dork = dork
self._page = MyCounter(page)
self._page_limit = self._page() + limit if limit > 0 else -1
self.results_queue = Queue(self.MAX_ENQUEUED_RES)
self.page_queue = Queue()
self._threads = []
self._started = False
self._cancel_job = False
def show_plugin_ext_help(self, registrant, category="$all$"):
for plugin in Facade().proxy(registrant).get_plugins(category):
print("Name: %s %s" % (plugin.name, plugin.version))
print("Categories: %s" % ",".join(plugin.category))
print("Summary: %s" % plugin.summary)
print("Author: %s" % ",".join(plugin.author))
print("Description:")
for desc_lines in plugin.description:
print(" %s" % desc_lines)
print("Parameters:")
for param in plugin.parameters:
print(" %s %s%s: %s" % (
"+" if param[2] else "-",
param[0],
" (= %s)" % str(param[1]) if param[1] else "",
param[3],
))
print("\n")
sys.exit(0)
def show_plugin_ext_help(self, registrant, category="$all$"):
for plugin in Facade().proxy(registrant).get_plugins(category):
print("Name: %s %s" % (plugin.name, plugin.version))
print("Categories: %s" % ",".join(plugin.category))
print("Summary: %s" % plugin.summary)
print("Author: %s" % ",".join(plugin.author))
print("Description:")
for desc_lines in plugin.description:
print(" %s" % desc_lines)
print("Parameters:")
for name, default_value, mandatory, description in plugin.parameters:
print(" {} {}{}: {}".format(
"+" if mandatory else "-",
name,
" (= %s)" %
str(default_value) if default_value is not None else "",
description,
))
print("\n")
sys.exit(0)
def test_burplog_content(burplog_file, expected_content):
# load plugins before mocking file object
Facade().payloads
m = mock.MagicMock(name="open", spec=open)
m.return_value = burplog_file
mocked_fun = "builtins.open" if sys.version_info >= (
3, 0) else "__builtin__.open"
with mock.patch(mocked_fun, m, create=True):
payload_list = list(
wfuzz.payload(
**{
"payloads": [("burplog", {
"default": "mockedfile",
"encoder": None
}, None)],
}))
fres = payload_list[0][0]
assert fres.history.content == expected_content
def __init__(self, dork, offset=0, limit=0, key=None):
if key is None:
key = Facade().sett.get("plugins", "bing_apikey")
if not key:
raise FuzzExceptMissingAPIKey(
"An api Bing key is needed. Please chek wfuzz.ini."
)
self._key = key
self._dork = dork
self.max_count = 0
self.current = 0
self._index = 0
self._retrieved = 0
self._results = []
# first bing request to get estimated total count (it does not take into consideration offset).
if limit > 0 and limit < 50:
total_results, self._retrieved, self._results = self._do_search(
offset, limit
)
else:
total_results, self._retrieved, self._results = self._do_search(offset)
# offset not over the results
if offset > total_results:
self._offset = total_results
else:
self._offset = offset
self.max_count = total_results - self._offset
# no more than limit results
if self.max_count > limit and limit > 0:
self.max_count = limit
def __init__(self, dork, page, limit):
if IMPORTED_SHODAN is False:
raise FuzzExceptPluginLoadError(
"shodan module not imported. Please, install shodan using pip"
)
key = Facade().sett.get("plugins", "shodan_apikey")
if not key:
raise FuzzExceptMissingAPIKey(
"A Shodan api key is needed. Please check ~/.wfuzz/wfuzz.ini"
)
self.api = shodan.Shodan(key)
self._dork = dork
self._page = MyCounter(page)
self._page_limit = self._page() + limit if limit > 0 else -1
self.results_queue = Queue(self.MAX_ENQUEUED_RES)
self.page_queue = Queue()
self._threads = []
self._started = False
self._cancel_job = False
def __init__(self, params):
BasePayload.__init__(self, params)
self.attr = self.params["attr"]
self._it = iter(Facade().data[self.params["tab"]])
def show_plugins_help(self, registrant, cols=3, category="$all$"):
print "\nAvailable %s:\n" % registrant
table_print(
map(lambda x: x[cols:],
Facade().proxy(registrant).get_plugins_ext(category)))
sys.exit(0)
def test_payload_description(self):
class mock_saved_session(object):
def __init__(self, fields, show_field):
fr = FuzzRequest()
fr.url = "http://www.wfuzz.org/path?param=1¶m2=2"
fuzz_res = FuzzResult(history=fr)
fuzz_res._fields = fields
fuzz_res._show_field = show_field
self.outfile = BytesIO()
with gzip.GzipFile(fileobj=self.outfile, mode="wb") as f:
pickle.dump(fuzz_res, f)
self.outfile.seek(0)
self.outfile.name = "mockfile"
def close(self):
pass
def read(self, *args, **kwargs):
return self.outfile.read(*args, **kwargs)
def seek(self, *args, **kwargs):
return self.outfile.seek(*args, **kwargs)
def tell(self):
return self.outfile.tell()
# load plugins before mocking file object
Facade().payloads
m = mock.MagicMock(name="open", spec=open)
m.return_value = mock_saved_session(["r.params.all"], True)
mocked_fun = ("builtins.open" if sys.version_info >=
(3, 0) else "__builtin__.open")
with mock.patch(mocked_fun, m):
payload_list = list(
wfuzz.payload(
**{
"show_field":
True,
"fields": ["r"],
"payloads": [("wfuzzp", {
"default": "mockedfile",
"encoder": None
}, None)],
}))
self.assertEqual(
sorted("-".join([res[0].description
for res in payload_list]).split("\n")),
sorted(["param=1", "param2=2"]),
)
m = mock.MagicMock(name="open", spec=open)
m.return_value = mock_saved_session(["url"], None)
mocked_fun = ("builtins.open" if sys.version_info >=
(3, 0) else "__builtin__.open")
with mock.patch(mocked_fun, m):
payload_list = list(
wfuzz.payload(
**{
"show_field":
True,
"fields": ["r"],
"payloads": [("wfuzzp", {
"default": "mockedfile",
"encoder": None
}, None)],
}))
self.assertEqual(
[res[0].description for res in payload_list],
["http://www.wfuzz.org/path?param=1¶m2=2"],
)
m = mock.MagicMock(name="open", spec=open)
m.return_value = mock_saved_session(["r.scheme"], False)
mocked_fun = ("builtins.open" if sys.version_info >=
(3, 0) else "__builtin__.open")
with mock.patch(mocked_fun, m):
payload_list = list(
wfuzz.payload(
**{
"show_field":
True,
"fields": ["r"],
"payloads": [("wfuzzp", {
"default": "mockedfile",
"encoder": None
}, None)],
}))
self.assertEqual(
[res[0].description for res in payload_list],
["http://www.wfuzz.org/path?param=1¶m2=2 | http"],
)
def show_plugins_names(self, registrant):
print("\n".join(Facade().proxy(registrant).get_plugins_names("$all$")))
def isbllist(self):
fext = self.fext
return fext != "." and fext in Facade().sett.get(
"kbase", "discovery.blacklist").split("-")
def count(self):
return len(Facade().data[self.params["tab"]])
def _parse_help_opt(self, optsd):
if "--version" in optsd:
print(version)
sys.exit(0)
if "-h" in optsd:
self.show_usage()
sys.exit(0)
if "--help" in optsd:
self.show_verbose_usage()
sys.exit(0)
if "--filter-help" in optsd:
FILTER_HELP_REGEX_EXP = (
"Filter Language\n---------------\n\n(.*?)Filtering results")
FILTER_HELP_REGEX = re.compile(FILTER_HELP_REGEX_EXP,
re.MULTILINE | re.DOTALL)
print(FILTER_HELP_REGEX.search(get_filter_help_file()).group(1))
sys.exit(0)
# Extensions help
if "--script-help" in optsd:
script_string = optsd["--script-help"][0]
if script_string == "":
script_string = "$all$"
self.show_plugin_ext_help("scripts", category=script_string)
if "--ee" in optsd:
if "payloads" in optsd["--ee"]:
self.show_plugins_names("payloads")
elif "encoders" in optsd["--ee"]:
self.show_plugins_names("encoders")
elif "iterators" in optsd["--ee"]:
self.show_plugins_names("iterators")
elif "printers" in optsd["--ee"]:
self.show_plugins_names("printers")
elif "scripts" in optsd["--ee"]:
self.show_plugins_names("scripts")
elif "fields" in optsd["--ee"]:
print("\n".join(allowed_fields))
elif "files" in optsd["--ee"]:
print("\n".join(Facade().sett.get("general",
"lookup_dirs").split(",")))
elif "registrants" in optsd["--ee"]:
print("\n".join(Facade().get_registrants()))
elif "options" in optsd["--ee"]:
print("\n".join([
"-{}".format(opt)
for opt in self.short_opts.replace(":", "")
]))
print("\n".join([
"--{}".format(opt.replace("=", ""))
for opt in self.long_opts
]))
else:
raise FuzzExceptBadOptions(
"Unknown category. Valid values are: payloads, encoders, iterators, printers or scripts."
)
sys.exit(0)
if "-e" in optsd:
if "payloads" in optsd["-e"]:
self.show_plugins_help("payloads")
elif "encoders" in optsd["-e"]:
self.show_plugins_help("encoders", 2)
elif "iterators" in optsd["-e"]:
self.show_plugins_help("iterators")
elif "printers" in optsd["-e"]:
self.show_plugins_help("printers")
elif "scripts" in optsd["-e"]:
self.show_plugins_help("scripts", 2)
else:
raise FuzzExceptBadOptions(
"Unknown category. Valid values are: payloads, encoders, iterators, printers or scripts."
)
if "-f" in optsd:
if "help" in optsd["-f"]:
self.show_plugins_help("printers")
if "-o" in optsd:
if "help" in optsd["-o"]:
self.show_plugins_help("printers")
if "-m" in optsd:
if "help" in optsd["-m"]:
self.show_plugins_help("iterators")
if "-z" in optsd:
if "help" in optsd["-z"]:
filt = optsd["--slice"][0] if "--slice" in optsd else "$all$"
self.show_plugin_ext_help("payloads", category=filt)
