def execute(block, scope):
"""
Execute block and check for blind SQL injection
"""
name = block['name']
opts = block['parameter']
required_fields(opts, ['delay_seconds'])
delay_seconds = float(opts['delay_seconds'])
_, response = http_request(block, scope)
time_diff = response.elapsed.total_seconds()
scope[name] = {
'response': {
'content': response.text,
'cookies': response.cookies,
'headers': response.headers
},
'time_diff': time_diff
}
Message.log(level='status',
message="Response time: {}, delay_seconds: {}".format(
color.cyan(time_diff), color.cyan(delay_seconds)))
if time_diff > delay_seconds:
return True, scope
else:
return False, scope
def pretty_print_request(req):
""" Print a request """
output = '{} {} {}\n'.format(color.yellow(req.method), color.cyan(req.url), color.grayscale[14]('HTTP/1.1'))
output += '\n'.join('{}: {}'.format(color.grayscale[14](k), color.cyan(v)) for k, v in req.headers.items())
output += '\n\n{}'.format(req.body)
Message.log(level='request', message=output)
def main():
""" Get file list from args and execute """
global args
args = parser.parse_args()
add_destination(log_stdout)
for filename in args.filename:
try:
print('Loading {}'.format(color.cyan(filename)))
if from_file(filename):
result = color.green('Success.')
else:
result = color.red('No match.')
print('==> {}'.format(result))
except ParserException as exc:
print(color.yellow('ERROR parsing file %s: %s' % (filename, exc)))
except (ConnectionException, ProxyException) as exc:
print(
color.yellow('ERROR connecting to host in file %s: %s' %
(filename, exc)))
except ExploException as exc:
print(color.yellow('ERROR in file %s: %s' % (filename, exc)))
def pretty_print_response(res):
""" Print a response """
# Status line
output = color.yellow('HTTP') + color.grayscale[14]('/1.1 %s %s\n' % (res.status_code, res.reason))
# Headers
for name, value in res.headers.items():
output += '%s: %s\n' % (color.grayscale[14](name), color.cyan(value))
output += '\n'
# Body
output += res.text
Message.log(level='response', message=output)
def execute(block, scope):
"""
Simple HTTP request, also does basic extracting and finding in the response text
"""
name = block['name']
opts = block['parameter']
_, response = http_request(block, scope)
scope[name] = {
'response': {
'content': response.text,
'cookies': response.cookies,
'headers': response.headers
}
}
success = True
if 'find_in_headers' in opts:
headers = ''
for header in response.headers:
headers += '{}: {}\n'.format(header, response.headers[header])
keyword = opts['find_in_headers']
success = (keyword in headers)
if not success:
Message.log(level='status',
message="==> Not found in HEADERS: '%s'" %
color.cyan(keyword))
return success, scope
else:
Message.log(level='status',
message="==> Found in HEADERS: '%s'" %
color.cyan(keyword))
if 'extract' in opts:
scope[name]['extracted'] = extract(response.text, opts['extract'])
if 'find' in opts:
keyword = opts['find']
success = (keyword in response.text)
if not success:
Message.log(level='status',
message="==> Not found in BODY: '%s'" %
color.cyan(keyword))
return success, scope
else:
Message.log(level='status',
message="==> Found in BODY: '%s'" %
color.cyan(keyword))
if 'find_regex' in opts:
pattern = opts['find_regex']
success = (re.search(pattern, response.text, flags=re.MULTILINE) !=
None)
if not success:
Message.log(level='status',
message="==> Not found in BODY: '%s'" %
color.cyan(pattern))
return success, scope
else:
Message.log(level='status',
message="==> Found in BODY: '%s'" %
color.cyan(pattern))
if 'expect_response_code' in opts:
status_code = opts['expect_response_code']
success = (response.status_code == status_code)
if not success:
Message.log(
level='status',
message="==> HTTP Status is not %s, response code is %s" %
(color.cyan(status_code), color.red(response.status_code)))
return success, scope
else:
Message.log(level='status',
message="==> HTTP status is valid (%s == %s)" %
(color.cyan(status_code), color.cyan(status_code)))
return success, scope