def writeXMLToFile(self, doc=None):
     # write the xml out to file
     try:
         FILE = open(self.fileHandle, "w")
         if doc is not None:
             FILE.write(doc.toxml())
         else:
             FILE.write(self.doc.toxml())
         FILE.close()
     except IOError, detail:
         genUtils.handleFileMsg(self.fileHandle, msg=detail)
         return None
 def writeXMLToFile(self, doc=None):
     # write the xml out to file
     try:
     	FILE = open(self.fileHandle,"w")
     	if doc is not None:
     		FILE.write(doc.toxml())
     	else:
     		FILE.write(self.doc.toxml())
     	FILE.close()
     except IOError, detail:
         genUtils.handleFileMsg(self.fileHandle, msg=detail)
         return None
 def res_detect(self,host,dir_list):
     self.target = host
     s = re.compile(r'[Ee]rror 404', re.IGNORECASE)
     t = re.compile(r'300 [Mm]ultiple', re.IGNORECASE)
     if self.target.startswith('http') is False:
         self.target = 'http://' + self.target
     # get dictionaries for resource and file extension data
     try:
         dirs = open(self.infile)
         ft = open(self.extfile)
         files = dirs.read().split()
         filetypes = ft.read().split()
     except IOError, e:
         genUtils.handleFileMsg(self.infile, msg=e, exit=True)
 def dir_detect_adv(self,host,depth=5):
     self.target = host
     cnt = 0
     line_cnt = 0
     limit = 0
     s = re.compile(r'[Ee]rror 404', re.IGNORECASE)
     t = re.compile(r'300 [Mm]ultiple', re.IGNORECASE)
     if self.target.startswith('http') is False:
         self.target = 'http://' + self.target
     # get dictionary for dir data
     try:
         dirs = open(self.infile)
         directories = dirs.read().split()
     except IOError, e:
         genUtils.handleFileMsg(self.infile, msg=e, exit=True)
Exemple #5
0
    def beginFuzz(self, param=None):
        # gather all of the static data from
        # the dictionary submitted by the user
        #############################################################
        # standard model means the user chooses options
        # and submits dict in the interactive form
        if self.dictType == "standard":
            try:
                self.fileHandle = open(self.source, 'rb')
            except:
                genUtils.handleFileMsg(self.source, exit=True)

            #self.fuzzList = self.fileHandle.readlines()
            tmpfuzzList = self.fileHandle.readlines()
            # populate the fuzzList array with the added data
            # necessary for the XML write
            for fl in tmpfuzzList:
                # dictionary data should now be coming in as such:
                # vector:::type
                # example:
                # x' OR 1 = 1 --:::SQL Injection
                a = fl.split(':::')
                # fuzzList then holds the following data structure:
                # each node in the array is an array
                # in each node array you will find the index
                # is a dictionary as such:
                # [ [{"x' OR 1 = 1 --": 'C'}, 'SQL Injection'], [{"x' OR '1' = '1": 'C'}, 'SQL Injection'] ]
                if a[0] <> '\n':
                    self.fuzzList.append([{a[0].strip(): 'C'}, a[1].strip()])
        #############################################################

            if (self.automated == True):
                self.f = FuzzGenerator.FuzzGenerator()
                self.x = XMLFuzzGenerator.XMLFuzzGenerator()

                # gather attacks strings from class FuzzGenerator
                # call generate function and it will
                # generate all dynamic attack strings
                self.f.generate()
                # iterate over each array returned to us
                for all in self.f.getall():
                    # iterate over each val per array
                    for a in all:
                        self.fuzzList.append([{a[0]: 'C'}, a[1]])

                # now gather attack strings from
                # class XMLFuzzGenerator
                # call generateAttacks function and
                # it will generate XML attack strings
                self.x.generateAttacks(self.fuzzList, param)
                # iterate over each array returned to us
                for all in self.x.getallparam():
                    # iterate over each val per array
                    for a in all:
                        self.fuzzList.append([{a[0]: 'C'}, a[1]])
        #############################################################
        # the payload model means that the user has submitted an XML
        # file containing attack vectors already once generated by
        # WSFuzzer and saved
        if self.dictType == "payload":
            self.fuzzList = self.xmlp.getAllData(self.getDictionaryFileName(),
                                                 "attack_string", "vector")
        #############################################################
        # logistics ...
        self.length = len(self.fuzzList)
Exemple #6
0
    def beginFuzz(self, param=None):
        # gather all of the static data from
        # the dictionary submitted by the user
        #############################################################
        # standard model means the user chooses options
        # and submits dict in the interactive form
        if self.dictType == "standard":
            try:
                self.fileHandle = open(self.source, 'rb')
            except:
                genUtils.handleFileMsg(self.source, exit=True)

            #self.fuzzList = self.fileHandle.readlines()
            tmpfuzzList = self.fileHandle.readlines()
            # populate the fuzzList array with the added data
            # necessary for the XML write
            for fl in tmpfuzzList:
                # dictionary data should now be coming in as such:
                # vector:::type
                # example:
                # x' OR 1 = 1 --:::SQL Injection
                a = fl.split(':::')
                # fuzzList then holds the following data structure:
                # each node in the array is an array
                # in each node array you will find the index
                # is a dictionary as such:
                # [ [{"x' OR 1 = 1 --": 'C'}, 'SQL Injection'], [{"x' OR '1' = '1": 'C'}, 'SQL Injection'] ]
                if a[0] <> '\n':
                    self.fuzzList.append([{a[0].strip():'C'}, a[1].strip()])
        #############################################################

            if (self.automated == True):
                self.f = FuzzGenerator.FuzzGenerator()
                self.x = XMLFuzzGenerator.XMLFuzzGenerator()

                # gather attacks strings from class FuzzGenerator
                # call generate function and it will
                # generate all dynamic attack strings
                self.f.generate()
                # iterate over each array returned to us
                for all in self.f.getall():
                    # iterate over each val per array
                    for a in all:
                        self.fuzzList.append([{a[0]:'C'}, a[1]])

                # now gather attack strings from
                # class XMLFuzzGenerator
                # call generateAttacks function and
                # it will generate XML attack strings
                self.x.generateAttacks(self.fuzzList, param)
                # iterate over each array returned to us
                for all in self.x.getallparam():
                    # iterate over each val per array
                    for a in all:
                        self.fuzzList.append([{a[0]:'C'}, a[1]])
        #############################################################
        # the payload model means that the user has submitted an XML
        # file containing attack vectors already once generated by
        # WSFuzzer and saved
        if self.dictType == "payload":
            self.fuzzList = self.xmlp.getAllData(self.getDictionaryFileName(), "attack_string", "vector")
        #############################################################
        # logistics ...
        self.length = len(self.fuzzList)