Exemple #1
0
def initialize(request, wordlist):
    """
    handles parameter finding process for a single request object
    returns 'skipped' (on error), list on success
    """
    url = request['url']
    if not url.startswith('http'):
        print('%s %s is not a valid URL' % (bad, url))
        return 'skipped'
    print('%s Probing the target for stability' % run)
    stable = stable_request(url, request['headers'])
    if not stable:
        return 'skipped'
    else:
        fuzz = random_str(6)
        response_1 = requester(request, {fuzz: fuzz[::-1]})
        print('%s Analysing HTTP response for anamolies' % run)
        fuzz = random_str(6)
        response_2 = requester(request, {fuzz: fuzz[::-1]})
        if type(response_1) == str or type(response_2) == str:
            return 'skipped'
        factors = define(response_1, response_2, fuzz, fuzz[::-1], wordlist)
        print('%s Analysing HTTP response for potential parameter names' % run)
        found = heuristic(response_1.text, wordlist)
        if found:
            num = len(found)
            s = 's' if num > 1 else ''
            print('%s Heuristic scanner found %i parameter%s: %s' %
                  (good, num, s, ', '.join(found)))
        print('%s Logicforcing the URL endpoint' % run)
        populated = populate(wordlist)
        param_groups = slicer(populated,
                              int(len(wordlist) / mem.var['chunks']))
        last_params = []
        while True:
            param_groups = narrower(request, factors, param_groups)
            if mem.var['kill']:
                return 'skipped'
            param_groups = confirm(param_groups, last_params)
            if not param_groups:
                break
        confirmed_params = []
        for param in last_params:
            reason = bruter(request, factors, param, mode='verify')
            if reason:
                name = list(param.keys())[0]
                confirmed_params.append(name)
                print('%s name: %s, factor: %s' % (res, name, reason))
        return confirmed_params
Exemple #2
0
def bruter(request, factors, params, mode='bruteforce'):
    """
    returns anomaly detection result for a chunk of parameters
    returns list
    """
    if mem.var['kill']:
        return []
    response = requester(request, params)
    conclusion = error_handler(response, factors)
    if conclusion == 'retry':
        response = requester(request, params)
    elif conclusion == 'kill':
        return []
    comparison_result = compare(response, factors, params)
    if mode == 'verify':
        return comparison_result[0]
    return comparison_result[1]