def __init__(self, projectTag): self.projectTag = projectTag self.info_Test = readConfig.ReadConfig().getValue('infoTest', 'info')[0] self.log = creatLog().get_logger() self.info_filters = readConfig.ReadConfig().getValue( 'infoTest', 'infoFilter')[0]
def __init__(self, projectTag): self.projectTag = projectTag self.blacklist_param = readConfig.ReadConfig().getValue( 'FuzzerParam', 'param')[0] self.default_judges = readConfig.ReadConfig().getValue( 'FuzzerParam', 'default')[0] self.log = creatLog().get_logger()
def __init__(self, jsRealPaths, options): # 传入的js文件的路径 warnings.filterwarnings('ignore') self.jsRealPaths = jsRealPaths self.blacklist_domains = readConfig.ReadConfig().getValue( 'blacklist', 'domain')[0] self.blacklistFilenames = readConfig.ReadConfig().getValue( 'blacklist', 'filename')[0] self.options = options self.proxy_data = { 'http': self.options.proxy, 'https': self.options.proxy } self.UserAgent = [ "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.50", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11", "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 TaoBrowser/2.0 Safari/536.11", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.3.4000 Chrome/30.0.1599.101 Safari/537.36", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; QQDownload 732; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E; LBBROWSER)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0", "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.8.131 Version/11.11", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)" ] self.log = creatLog().get_logger()
def __init__(self,projectTag,options): self.projectTag = projectTag self.uploadtest_list = readConfig.ReadConfig().getValue('vuln', 'uploadtest_list')[0] self.upload_fail = readConfig.ReadConfig().getValue('vuln', 'upload_fail')[0] self.upload_success = readConfig.ReadConfig().getValue('vuln', 'upload_success')[0] self.options = options self.log = creatLog().get_logger() self.header = "" self.proxy_data = {'http': self.options.proxy,'https': self.options.proxy} self.UserAgent = ["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.50", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11", "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 TaoBrowser/2.0 Safari/536.11", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/4.4.3.4000 Chrome/30.0.1599.101 Safari/537.36", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; SV1; QQDownload 732; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E; LBBROWSER)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50", "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0", "Opera/9.80 (Windows NT 6.1; U; en) Presto/2.8.131 Version/11.11", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0)"] self.proxy_data = {'http': self.options.proxy,'https': self.options.proxy}
def __init__(self, projectTag): self.projectTag = projectTag self.api_UnAuth_result = [] self.resultFilters = readConfig.ReadConfig().getValue( 'vulnTest', 'resultFilter')[0] self.unauth_not_sure = readConfig.ReadConfig().getValue( 'vulnTest', 'unauth_not_sure')[0] self.log = creatLog().get_logger()
def __init__(self,projectTag): self.projectTag = projectTag self.passwordtest_list = readConfig.ReadConfig().getValue('vuln', 'passwordtest_list')[0] self.passworduser_list = readConfig.ReadConfig().getValue('vuln', 'passworduser_list')[0] self.passwordpass_list = readConfig.ReadConfig().getValue('vuln', 'passwordpass_list')[0] self.postdatas = [] self.getdatas = [] self.jsonposts = [] self.log = creatLog().get_logger() self.path = ""
def getMyWord(self, someWord): lang = CommandLines().cmd().language if lang: localLang = lang else: localLang = locale.getdefaultlocale()[0][0:2] try: myWord = readConfig.ReadConfig().getLang(localLang,someWord)[0] except: myWord = readConfig.ReadConfig().getLang('en',someWord)[0] #默认英语 return myWord
def vulntestStart(self,options): # 获取from_js 和api_id projectDBPath = DatabaseType(self.projectTag).getPathfromDB() + self.projectTag + ".db" connect = sqlite3.connect(os.sep.join(projectDBPath.split('/'))) cursor = connect.cursor() connect.isolation_level = None sql = "select id,from_js from api_tree where path=\"" + self.path + "\"" cursor.execute(sql) apiTreeInfo = cursor.fetchall() if len(apiTreeInfo) != 0: api_id = int(apiTreeInfo[0][0]) # 对应路径的api_id from_js = int(apiTreeInfo[0][1]) # 对应路径的from_js message = str(readConfig.ReadConfig().getValue('vulnTest', 'login')[0]).split(',') # get类型返回的数据列表 getdatas = self.getdatas # post类型返回的数据列表 postdatas = self.postdatas jsonpostdata = self.jsonposts # post请求 if len(getdatas) == 0: postobj = PostsDataText(self.path, options) # 传入post的数据和json的数据 线程池跑 # postobj.res.items 是返回的结果 postobj.run(postdatas, jsonpostdata) for key, value in postobj.res.items(): #print(key + ": " + value) for flag in message: if flag in str(value): # 进行数据裤的插入 try: DatabaseType(self.projectTag).insertWeakPassInfoIntoDB(api_id,from_js,str(key), str(value)) except Exception as e: self.log.error("[Err] %s" % e) # get请求 if len(postdatas) == 0: getobj = ApiText(getdatas, options) getobj.run() for key, value in getobj.res.items(): for flag in message: if flag in str(value): # 进行数据裤的插入 try: DatabaseType(self.projectTag).insertWeakPassInfoIntoDB(api_id,from_js,str(key), str(value)) except Exception as e: self.log.error("[Err] %s" % e)
def __init__(self, projectTag): self.projectTag = projectTag self.regxs = [r'\w\.get\(\"(.*?)\"\,', r'\w\.post\(\"(.*?)\"\,', r'\w\.post\(\"(.*?)\"', r'\w\.get\(\"(.*?)\"', r'\w\+\"(.*?)\"\,'] self.baseUrlRegxs = [r'url.?\s?\:\s?\"(.*?)\"', r'url.?\s?\+\s?\"(.*?)\"', r'url.?\s?\=\s?\"(.*?)\"', r'host\s?\:\s?\"(.*?)\"', ] self.baseUrlPaths = [] self.apiPaths = [] self.completeUrls = [] self.apiExts = readConfig.ReadConfig().getValue('blacklist', 'apiExts')[0] self.log = creatLog().get_logger()