Exemple #1
0
    def reduce_uri(self, uri, default_port=True):
        """Accept authority or URI and extract only the authority and path."""

        # note HTTP URLs do not have a userinfo component
        parts = urllib2.urlparse.urlsplit(uri)

        if parts[1]:
            # URI
            scheme = parts[0]
            authority = parts[1]
            path = parts[2] or '/'
        else:
            # host or host:port
            scheme = None
            authority = uri
            path = '/'

        host, port = urllib2.splitport(authority)

        if default_port and port is None and scheme is not None:
            dport = {"http": 80,
                     "https": 443,
                     }.get(scheme)
            if dport is not None:
                authority = "%s:%d" % (host, dport)

        return authority, path
  def __init__(self, Url, ApiVersion, Args={}):

	    self.ApiVersion = ApiVersion
            self.Url = Url

            spliturl = urlparse.urlparse(Url)
            callType = spliturl[0]
            if callType not in ['http', 'https']:
                raise DbsConfigurationError(args="HttpError, BAD URL: %s" %Url, code="200")
            hostport=urllib2.splitport(spliturl[1])
            self.Host=hostport[0]
            self.Port=hostport[1]
            self.ipList = [self.Host]
            try :
       	        self.ipList = socket.gethostbyname_ex(self.Host)[2]
            except:
                raise DbsConnectionError(args="Could not locate the host " + self.Host, code=400)

            if self.Port in [None, ""]:
                self.Port = "80"
            self.Servlet=spliturl[2]
            if self.Servlet in ['None', '']:
                raise DbsConfigurationError(args="HttpError, BAD URL: %s  Missing Servlet Path" %Url, code="200")
            if callType == 'https':
               ##Make a secure connection       
               self.Secure = True
            else:
               self.Secure = False

	    self.UserID = Args['userID']
	    self.retry_att = 0
            if Args.has_key('retry'):
               self.retry = Args['retry']
            else:
               self.retry = None
Exemple #3
0
    def download_file(self, url):
        injectd_url = self.extract_url(urllib2.unquote(url))
        try:
            req = urllib2.Request(injectd_url)
            # Set User-Agent to look more credible
            req.add_unredirected_header('User-Agent', '-')
            # FIXME: We need a timeout on read here
            injected_file = urllib2.urlopen(req, timeout=4).read()
            #  If the file is hosted on a SSL enabled host get the certificate
            if re.match('^https', injectd_url, re.IGNORECASE):
                proto, rest = urllib2.splittype(injectd_url)
                host, rest = urllib2.splithost(rest)
                host, port = urllib2.splitport(host)
                if port is None:
                    port = 443

                cert_file = ssl.get_server_certificate((host, int(port)))
                cert_name = self.store_file(cert_file)

        except IOError as e:
            logger.exception(
                "Failed to fetch injected file, I/O error: {0}".format(e))
            # TODO: We want to handle the case where we can't download
            # the injected file but pretend to be vulnerable.
            file_name = None
        else:
            file_name, file_sha256 = self.store_file(injected_file)
        return file_name, file_sha256
Exemple #4
0
    def download_file(self, url):
        injectd_url = self.extract_url(urllib2.unquote(url))
        try:
            req = urllib2.Request(injectd_url)
            # Set User-Agent to look more credible
            req.add_unredirected_header('User-Agent', '-')
            # FIXME: We need a timeout on read here
            injected_file = urllib2.urlopen(req, timeout=4).read()
            #  If the file is hosted on a SSL enabled host get the certificate
            if re.match('^https', injectd_url, re.IGNORECASE):
                proto, rest = urllib2.splittype(injectd_url)
                host, rest = urllib2.splithost(rest)
                host, port = urllib2.splitport(host)
                if port is None:
                    port = 443

                cert_file = ssl.get_server_certificate((host, int(port)))
                cert_name = self.store_file(cert_file)

        except IOError as e:
            logger.exception("Failed to fetch injected file, I/O error: {0}".format(e))
            # TODO: We want to handle the case where we can't download
            # the injected file but pretend to be vulnerable.
            file_name = None
        else:
            file_name, file_sha256 = self.store_file(injected_file)
        return file_name, file_sha256
Exemple #5
0
def get_proxy_info(proxystr=""):
    """
    Get proxy config from string or environment variables.

    If a proxy string is passed in, it overrides whatever might be in the
    environment variables.

    Returns dictionary of identified proxy information, or None if proxystr was
    empty and no config was found fmor os.environ

    Raises InvalidConfiguration on any configuration error.

    """
    if proxystr == "":
        # FIXME: We should be supporting http_proxy, HTTP_PROXY variables.
        proxy_info = {
            'host' : os.environ.get('PROXY_HOST', None),
            'port' : _convert_port_value(os.environ.get('PROXY_PORT', None)),
            'user' : os.environ.get('PROXY_USER', None),
            'pass' : os.environ.get('PROXY_PASS', None)
            }
        if proxy_info.get("host") is None:
            return None
    else:
        parts = urlparse.urlparse(proxystr)
        if parts.netloc == "":
            proxystr = "http://{0}".format(proxystr)
            parts = urlparse.urlparse(proxystr)

        _, hostport = urllib2.splituser(parts.netloc)
        host, _ = urllib2.splitport(hostport)

        host = urlparse.urlunparse((parts.scheme, host, "", "", "", ""))

        proxy_info = {
            'host' : host,
            'port' : _convert_port_value(parts.port),
            'user' : parts.username,
            'pass' : parts.password,
            }

    # If a user was specified, but no password was, prompt for it now.
    user = proxy_info.get('user', None)
    if user is not None and len(user) > 0:
        passwd = proxy_info.get('pass', None)
        if passwd is None or len(passwd) < 1:
            import getpass
            proxy_info['pass'] = getpass.getpass()

    if proxy_info["host"] is None or len(proxy_info["host"]) < 1:
        error_msg = ("Invalid proxy configuration '{0}': "
                     "proxy string should be of the form "
                     "'http://host:port' or 'http://host'".format(proxystr))
        raise InvalidConfiguration(error_msg)

    return proxy_info
Exemple #6
0
def parse_url(url):
    # Determine the protocol, host, port, and path from the URL argument.
    if '//' not in url:
        url = '//' + url
    scheme, netloc, path, query, fragment = urlparse.urlsplit(url)
    host, port = urllib2.splitport(netloc)
    port = int(port or (scheme == 'http' and 80 or 443))  # default to https
    secure = (port == 443)
    host = host or 'localhost'
    path = path or '/remote_api'
    return secure, host, port, path
def parse_url(url):
    # Determine the protocol, host, port, and path from the URL argument.
    if "//" not in url:
        url = "//" + url
    scheme, netloc, path, query, _ = urlparse.urlsplit(url)
    host, port = urllib2.splitport(netloc)
    port = int(port or (scheme == "http" and 80 or 443))  # default to https
    secure = port == 443
    host = host or "localhost"
    path = path or "/_ah/remote_api"
    return secure, host, port, path
def parse_url(url):
    # Determine the protocol, host, port, and path from the URL argument.
    if '//' not in url:
        url = '//' + url
    scheme, netloc, path, query, fragment = urlparse.urlsplit(url)
    host, port = urllib2.splitport(netloc)
    port = int(port or (scheme == 'http' and 80 or 443))  # default to https
    secure = (port == 443)
    host = host or 'localhost'
    path = path or '/remote_api'
    return secure, host, port, path
Exemple #9
0
 def __init__(self, url):
     self.url = url
     self.schema, url = urllib2.splittype(url)
     host, path = urllib2.splithost(url)
     userpass, host = urllib2.splituser(host)
     if userpass:
         self.user, self.password = urllib2.splitpasswd(userpass)
     path, self.querystring = urllib.splitquery(path)
     self.query = self.querystring and self.querystring.split('&') or []
     #urllib.splitquery(url)
     self.host, self.port = urllib2.splitport(host)
     path, self.tag = urllib2.splittag(path)
     self.path = path.strip('/')
Exemple #10
0
def getHtmlByUrl(url):
    global domains
    try:
        u = urllib2.urlopen(url, timeout=10.0)
        content = u.read()
        if content != "":
            try:
                proto, rest = urllib2.splittype(url)
                host, rest = urllib2.splithost(rest)
                host, port = urllib2.splitport(host)
                domains[host] = int(port)
            except:
                pass
        return content
    except:
        pass
Exemple #11
0
def getHtmlByUrl(url):
    global domains
    try:
           u = urllib2.urlopen(url,timeout = 10.0)
           content = u.read()
           if content !="":
               try:
                  proto, rest = urllib2.splittype(url)
                  host, rest = urllib2.splithost(rest) 
                  host, port = urllib2.splitport(host)
                  domains[host] = int(port)
               except:
                  pass
           return content
    except:
           pass
Exemple #12
0
def get_proxy_info(proxystr=None):
    """
    Get proxy config from string or environment variables.

    If a proxy string is passed in, it overrides whatever might be in the
    environment variables.

    Returns dictionary of identified proxy information.

    Raises ValueError on any configuration error.

    """

    default_port = 80

    # Only check for env variables if no explicit proxy string was provided.
    if proxystr is None or len(proxystr) < 1:
        # FIXME: We should be supporting http_proxy, HTTP_PROXY variables.
        proxy_info = {
            'host' : os.environ.get('PROXY_HOST', None),
            'port' : os.environ.get('PROXY_PORT', default_port),
            'user' : os.environ.get('PROXY_USER', None),
            'pass' : os.environ.get('PROXY_PASS', None)
            }

    # Parse the passed proxy string
    else:
        # XXX Using proxy parsing function from urllib2 to parse proxystr
        _, user, passwd, host_port = urllib2._parse_proxy(proxystr)
        host, port = urllib2.splitport(host_port)
        proxy_info = {
            'host' : host,
            'port' : port or default_port,
            'user' : user,
            'pass' : passwd,
            }

    # If a user was specified, but no password was, prompt for it now.
    user = proxy_info.get('user', None)
    if user is not None and len(user) > 0:
        passwd = proxy_info.get('pass', None)
        if passwd is None or len(passwd) < 1:
            import getpass
            proxy_info['pass'] = getpass.getpass()

    return proxy_info
Exemple #13
0
 def get_domain(self):
     info = self.driver.find_elements(By.XPATH, self.search_key)
     for i in info:
         link = i.text.split('/')[0]
         try:
             host, port = urllib2.splitport(link)
             if port is None:
                 port = 80
             if host not in domains:
                 if self.key == 'ip':
                     if check_ip_bind(host, self.value):
                         domains[host] = port
                 elif self.key == 'domain':
                     host = check_host_complete(host, self.value)
                     domains[host] = port
         except:
             pass
Exemple #14
0
  def set_proxy (self):
    """Set proxy information.

    Initiate ftp connection to proxy server with login@host as username.
    """

    if not self.proxy.host:
      return

    if self.auth.login:
      self.auth.login = self.auth.login + '@' + self.host + ':' + \
                        str (self.port)
    else:
      self.auth.login = '******' + self.host + ':' + str (self.port)

    proxytuple = urllib2.splitport (self.proxy.host)
    [self.host, self.port] = (proxytuple[0], int (proxytuple[1] or 21))
Exemple #15
0
 def get_domain(self):
     info = self.driver.find_elements(By.XPATH, self.search_key)
     for i in info:
         link = i.get_attribute('href')
         if link is None:
             continue
         try:
             proto, rest = urllib2.splittype(link)
             host, rest = urllib2.splithost(rest)
             host, port = urllib2.splitport(host)
             if port is None:
                 port = 80
             if host not in domains:
                 if check_ip_bind(host, self.value):
                     domains[host] = port
         except:
             pass
Exemple #16
0
def lsdns(basedomain=None):
    """
    Get the required DNS settings.
    """
    from urllib2 import splitport
    from inyoka.core.api import ctx

    _old = ctx.cfg['base_domain_name']
    if basedomain is not None:
        ctx.cfg['base_domain_name'] = basedomain

    print u' '.join(((sub +'.' if sub else sub) +
                     splitport(ctx.dispatcher.get_url_adapter().server_name)[0])
        for sub in sorted(set(rule.subdomain
            for rule in ctx.dispatcher.url_map.iter_rules()))
    )

    ctx.cfg['base_domain_name'] = _old
Exemple #17
0
def getDomains(info):
    global domains
    if info != "":
        match = re.search(r'<ol[^>]*id="b_results">([\s\S]*?)</ol>', info)
        if match:
            info = match.group(1)
            match = re.findall('<a[^>]*href="([^"]*)"[^>]*>', info)
            if len(match) > 0:
                for a in match:
                    try:
                        proto, rest = urllib2.splittype(a)
                        host, rest = urllib2.splithost(rest)
                        host, port = urllib2.splitport(host)
                        if port == None:
                            port = 80
                        if not domains.has_key(host):
                            domains[host] = port
                    except:
                        pass
Exemple #18
0
def lsdns(basedomain=None):
    """
    Get the required DNS settings.
    """
    from urllib2 import splitport
    from inyoka.core.api import ctx

    _old = ctx.cfg['base_domain_name']
    if basedomain is not None:
        ctx.cfg['base_domain_name'] = basedomain

    print u' '.join(
        ((sub + '.' if sub else sub) +
         splitport(ctx.dispatcher.get_url_adapter().server_name)[0])
        for sub in sorted(
            set(rule.subdomain
                for rule in ctx.dispatcher.url_map.iter_rules())))

    ctx.cfg['base_domain_name'] = _old
Exemple #19
0
def getDomains(info):
    global domains
    if info != "":
          match = re.search(r'<ol[^>]*id="b_results">([\s\S]*?)</ol>', info)
          if match :
              info = match.group(1)
              match = re.findall('<a[^>]*href="([^"]*)"[^>]*>', info)
              if len(match) > 0:
                  for a in match:
                      try:
                         proto, rest = urllib2.splittype(a)
                         host, rest = urllib2.splithost(rest) 
                         host, port = urllib2.splitport(host)
                         if port == None:
                             port = 80
                         if not domains.has_key(host):
                            domains[host] = port
                      except:
                         pass
def bing_get(domain):
    trytime = 0
    f = 1
    domainsbing = []
    #bing里面获取的数据不是很完全
    while True:
        try:
            req = urllib2.Request(
                'http://cn.bing.com/search?count=50&q=site:' + domain +
                '&first=' + str(f))
            req.add_header('User-Agent', random_useragent())
            res = urllib2.urlopen(req, timeout=30)
            src = res.read()
            TempD = re.findall('<cite>(.*?)<\/cite>', src)
            for item in TempD:
                item = item.split('<strong>')[0]
                item += domain
                try:
                    if not (item.startswith('http://')
                            or item.startswith('https://')):
                        item = "http://" + item
                    proto, rest = urllib2.splittype(item)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)
                    if port == None:
                        item = host
                    else:
                        item = host + ":" + port
                except:
                    print traceback.format_exc()
                    pass
                domainsbing.append(item)
            if f < 500 and re.search('class="sb_pagN"', src) is not None:
                f = int(f) + 50
            else:
                subdomainbing = {}.fromkeys(domainsbing).keys()
                return subdomainbing
                break
        except Exception, e:
            pass
            trytime += 1
            if trytime > 3:
                return domainsbing
Exemple #21
0
def getDomains(ip, page):
    global domains
    trytime = 0
    while True:
        try:
            request = urllib2.Request(
                "http://dns.aizhan.com/index.php?r=index/domains&ip=" + ip +
                "&page=" + str(page))
            request.add_header(
                'User-Agent',
                'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0'
            )
            request.add_header('Accept-encoding', 'gzip')
            request.add_header('X-FORWARDED-FOR', ip)
            request.add_header('Referer', request.get_full_url())
            u = urllib2.urlopen(request, timeout=30)
            content = ''
            if u.info().get('Content-Encoding') == 'gzip':
                buf = StringIO(u.read())
                f = gzip.GzipFile(fileobj=buf)
                content = f.read()
            else:
                content = u.read()
            type = sys.getfilesystemencoding()
            content = content.decode("UTF-8").encode(type)
            domaintemp = json.loads(content, encoding="utf-8")
            for d in domaintemp["domains"]:
                try:
                    proto, rest = urllib2.splittype("http://" + str(d))
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)
                    if port == None:
                        port = 80
                    if not domains.has_key(host):
                        domains[host] = port
                except:
                    pass
            return
        except:
            trytime += 1
            if trytime > 0:
                return
Exemple #22
0
def socket_client(url, data):
    """
    GET /kuoaidebb/p/4703015.html HTTP/1.1\r\n
    Host: www.cnblogs.com\r\n
    Connection: keep-alive\r\n
    Pragma: no-cache\r\n
    Cache-Control: no-cache\r\n
    Upgrade-Insecure-Requests: 1\r\n
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n
    Accept-Encoding: gzip, deflate\r\n
    Accept-Language: zh-CN,zh;q=0.8\r\n\r\n

    'GET /kuoaidebb/p/4703015.html HTTP/1.1\r\nHost: www.cnblogs.com\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: zh-CN,zh;q=0.8\r\n\r\n'    
    """
    ParseResult = urlparse.urlparse(url)
    # stuck in favicon.ico
    #if ParseResult.path == 'favicon.ico':
    ##HTTP/1.1 404 Not Found
    ##Server: nginx/1.10.1
    ##Date: Thu, 22 Jun 2017 11:36:00 GMT
    ##Content-Type: text/html
    ##Connection: keep-alive
    #data = '\r\n'.join(['HTTP/1.1 404 Not Found', 'Server: nginx/1.10.1', 'Date: Thu, 22 Jun 2017 11:36:00 GMT', 'Content-Type: text/html', 'Connection: keep-alive'])  + '\r\n\r\n'
    if ParseResult.scheme not in ["https", 'http']:
        data = 'HTTP/1.1 404 Not Found\r\n'

    host, port = urllib2.splitport(ParseResult.netloc)
    if port:
        port = int(port)
    else:
        if ParseResult.scheme == 'https':
            port = 443
        else:
            port = 80

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    s.sendall(data)
    ret = parse_request(s)
    s.close()
    return ret
    def test_blueflood_ingest(self, collectd):
        try:
            blueflood_socket = socket.socket()
            blueflood_socket.connect(*urllib2.splitport(self.URL))
        except:
            pytest.skip()

        server = BluefloodEndpoint()
        server.tenant = self.tenantid

        resp = server.retrieve_resolution(collectdconf.test_metric_name, 0, int(time.time()*1000))
        count_before = len(resp['values'])

        # wait for some time for collectd to write data to Blueflood
        time.sleep(15)
    
        resp = server.retrieve_resolution(collectdconf.test_metric_name, 0, int(time.time()*1000))
        count_after = len(resp['values'][0])
        assert count_after > count_before, resp
        assert count_after != 0
Exemple #24
0
    def __init__(self, Url, ApiVersion, Args={}):

        self.ApiVersion = ApiVersion
        self.Url = Url

        spliturl = urlparse.urlparse(Url)
        callType = spliturl[0]
        if callType not in ['http', 'https']:
            raise DbsConfigurationError(args="HttpError, BAD URL: %s" % Url,
                                        code="200")
        hostport = urllib2.splitport(spliturl[1])
        self.Host = hostport[0]
        self.Port = hostport[1]
        self.ipList = [self.Host]
        try:
            self.ipList = socket.gethostbyname_ex(self.Host)[2]
        except:
            raise DbsConnectionError(args="Could not locate the host " +
                                     self.Host,
                                     code=400)

        if self.Port in [None, ""]:
            self.Port = "80"
        self.Servlet = spliturl[2]
        if self.Servlet in ['None', '']:
            raise DbsConfigurationError(
                args="HttpError, BAD URL: %s  Missing Servlet Path" % Url,
                code="200")
        if callType == 'https':
            ##Make a secure connection
            self.Secure = True
        else:
            self.Secure = False

        self.UserID = Args['userID']
        self.retry_att = 0
        if Args.has_key('retry'):
            self.retry = int(Args['retry'])
        else:
            self.retry = None
Exemple #25
0
def bing_get(domain):
    trytime = 0
    f = 1
    domainsbing = []
    #bing里面获取的数据不是很完全
    while True:
        try:            
            req=urllib2.Request('http://cn.bing.com/search?count=50&q=site:'+domain+'&first='+str(f))
            req.add_header('User-Agent',random_useragent()) 
            res=urllib2.urlopen(req, timeout = 30)
            src=res.read()
            TempD=re.findall('<cite>(.*?)<\/cite>',src)
            for item in TempD:
                item=item.split('<strong>')[0]
                item += domain
                try:
                    if not (item.startswith('http://') or item.startswith('https://')):
                        item = "http://" + item
                    proto, rest = urllib2.splittype(item)
                    host, rest = urllib2.splithost(rest) 
                    host, port = urllib2.splitport(host)
                    if port == None:
                        item = host
                    else:
                        item = host + ":" + port
                except:
                     print traceback.format_exc()
                     pass                          
                domainsbing.append(item)         
            if f<500 and re.search('class="sb_pagN"',src) is not None:
                f = int(f)+50
            else:
                subdomainbing={}.fromkeys(domainsbing).keys()
                return subdomainbing
                break
        except Exception, e:
            pass
            trytime+=1
            if trytime>3:
                return domainsbing
Exemple #26
0
    def test_blueflood_ingest(self, collectd):
        try:
            blueflood_socket = socket.socket()
            blueflood_socket.connect(*urllib2.splitport(self.URL))
        except:
            pytest.skip()

        server = BluefloodEndpoint()
        server.tenant = self.tenantid

        resp = server.retrieve_resolution(collectdconf.test_metric_name, 0,
                                          int(time.time() * 1000))
        count_before = len(resp['values'])

        # wait for some time for collectd to write data to Blueflood
        time.sleep(15)

        resp = server.retrieve_resolution(collectdconf.test_metric_name, 0,
                                          int(time.time() * 1000))
        count_after = len(resp['values'][0])
        assert count_after > count_before, resp
        assert count_after != 0
Exemple #27
0
  def __init__(self, Url, ApiVersion, Args={}):

	    self.ApiVersion = ApiVersion
            self.Url = Url

            spliturl = urlparse.urlparse(Url)
            callType = spliturl[0]
            if callType not in ['http', 'https']:
                raise NvsException("HttpError, BAD URL: %s" %Url, "200")
            hostport=urllib2.splitport(spliturl[1])
            self.Host=hostport[0]
            self.Port=hostport[1]
            if self.Port in [None, ""]:
                self.Port = "80"
            self.Servlet=spliturl[2]
            if self.Servlet in ['None', '']:
                raise NvsException ("HttpError, BAD URL: %s  Missing Servlet Path" %Url, "200")
            if callType == 'https':
               ##Make a secure connection       
               self.Secure = True
            else:
               self.Secure = False
Exemple #28
0
def getDomains(ip,page):
    global domains
    trytime = 0
    while True:
        try:
           request = urllib2.Request("http://dns.aizhan.com/index.php?r=index/domains&ip="+ ip +"&page="+ str(page) )
           request.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0')
           request.add_header('Accept-encoding', 'gzip')
           request.add_header('X-FORWARDED-FOR', ip)
           request.add_header('Referer', request.get_full_url())
           u = urllib2.urlopen(request , timeout = 30)
           content = ''
           if u.info().get('Content-Encoding') == 'gzip':
              buf = StringIO(u.read())
              f = gzip.GzipFile(fileobj=buf)
              content = f.read()
           else:
              content = u.read()
           type = sys.getfilesystemencoding()
           content = content.decode("UTF-8").encode(type)
           domaintemp = json.loads(content,encoding="utf-8")
           for d in domaintemp["domains"]:
                 try:
                     proto, rest = urllib2.splittype("http://"+ str(d))
                     host, rest = urllib2.splithost(rest) 
                     host, port = urllib2.splitport(host)
                     if port == None:
                        port = 80
                     if not domains.has_key(host):
                        domains[host] = port
                 except:
                     pass
           return
        except:
            trytime+=1
            if trytime>0:
                return 
# -*- coding: utf-8 -*-
"""
    gen_hosts_string
    ~~~~~~~~~~~~~~~~

    This script generates the string that must be added to a /etc/hosts file
    to finally setup inyoka development.

    :copyright: 2010-2011 by the Inyoka Team, see AUTHORS for more details.
    :license: GNU GPL, see LICENSE for more details.
"""
from urllib2 import splitport
from inyoka.core.api import ctx

print u' '.join((sub +'.' if sub else sub) + splitport(ctx.dispatcher.get_url_adapter().server_name)[0] for sub in sorted(set(rule.subdomain for rule in ctx.dispatcher.url_map.iter_rules())))
# -*- coding: utf-8 -*-
"""
    gen_hosts_string
    ~~~~~~~~~~~~~~~~

    This script generates the string that must be added to a /etc/hosts file
    to finally setup inyoka development.

    :copyright: 2010-2011 by the Inyoka Team, see AUTHORS for more details.
    :license: GNU GPL, see LICENSE for more details.
"""
from urllib2 import splitport
from inyoka.core.api import ctx

print u' '.join(
    (sub + '.' if sub else sub) +
    splitport(ctx.dispatcher.get_url_adapter().server_name)[0]
    for sub in sorted(
        set(rule.subdomain for rule in ctx.dispatcher.url_map.iter_rules())))
Exemple #31
0
def cmdLineParser():
    """Implementation to WPHardening."""

    usage = "usage: python %prog [options]"
    version = colored('WPHardening', 'green') + ' version' + \
        colored(' 1.5', 'yellow') + '\n'

    parser = OptionParser(usage, version=version)

    parser.add_option("-v", "--verbose", action="store_true",
                      dest="verbose", default=False,
                      help="Active verbose mode output results")

    parser.add_option("--update", action="store_true", dest="update",
                      default=False,
                      help="Check for WPHardening latest stable version")

    target = OptionGroup(parser, "Target", "This option must be "
                         "specified to modify the package WordPress.")

    target.add_option("-d", "--dir", dest="path", help="**REQUIRED** -"
                      " Working Directory.", metavar="DIRECTORY")

    target.add_option("--load-conf", dest="loadconf", metavar="FILE",
                      help="Load file configuration.")

    hardening = OptionGroup(parser, "Hardening", "Different tools to"
                            " hardening WordPress.")

    hardening.add_option("-c", "--chmod", action="store_true", dest="chmod",
                         help="Chmod 755 in directory and 644 in files.")

    hardening.add_option("-r", "--remove", action="store_true",
                         dest="remove", help="Remove files and directory.")

    hardening.add_option("-b", "--robots", action="store_true", dest="robots",
                         help="Create file robots.txt")

    hardening.add_option("-f", "--fingerprinting", action="store_true",
                         dest="finger", help="Deleted fingerprinting "
                         "WordPress.")

    hardening.add_option("-t", "--timthumb", action="store_true",
                         dest="timthumb", help="Find the library TimThumb.")

    hardening.add_option("--chown", action="store", type="string",
                         dest="chown", metavar="user:group", help="Changing "
                         "file and directory owner.")

    hardening.add_option("--wp-config", action="store_true", dest="wpconfig",
                         help="Wizard generated wp-config.php")

    hardening.add_option("--plugins", action="store_true", dest="plugins",
                         help="Download Plugins Security.")

    hardening.add_option("--proxy", action="store", type="string",
                         dest="proxy", help="Use a HTTP proxy to connect to "
                         "the target url for --plugins and --wp-config.")

    hardening.add_option("--indexes", action="store_true", dest="indexes",
                         help="It allows you to display the contents of "
                         "directories.")

    hardening.add_option("--minify", action="store_true", dest="minify",
                         help="Compressing static file .css and .js")

    hardening.add_option("--malware-scan", action="store_true",
                         dest="malwares", help="Malware Scan in WordPress "
                         "project.")

    miscellaneous = OptionGroup(parser, "Miscellaneous")

    miscellaneous.add_option("-o", "--output", help="Write log report to "
                             "FILE.log", metavar="FILE", dest="output")

    parser.add_option_group(target)
    parser.add_option_group(hardening)
    parser.add_option_group(miscellaneous)

    cmdBanner()

    (options, args) = parser.parse_args()

    if options.loadconf is not None:
        options.path = loadConfWordPress(options.loadconf).getDirectory()
        options.chmod = loadConfWordPress(options.loadconf).getChmod()
        options.robots = loadConfWordPress(options.loadconf).getRobots()
        options.finger = loadConfWordPress(
            options.loadconf
        ).getFingerprinting()
        options.wpconfig = loadConfWordPress(options.loadconf).getWpConfig()
        options.indexes = loadConfWordPress(options.loadconf).getIndexes()
        options.timthumb = loadConfWordPress(options.loadconf).getTimthumb()
        options.malwares = loadConfWordPress(options.loadconf).getMalwareScan()
        options.output = loadConfWordPress(options.loadconf).getOutput()

    if options.output is None:
        filename = 'wphardening.log'
    else:
        filename = options.output

    log = registerLog(filename)
    log.setConfigure()

    if options.update:
        log.add("Check for WPHardening latest stable version")
        updateWPHardening(os.path.abspath(".")).update()
        sys.exit()

    if options.path is None:
        log.add("Did not specify a working directory.")
        parser.print_help()
        sys.exit()

    options.path = os.path.abspath(options.path)

    if os.path.exists(options.path):

        if checkWordpress(options.path, options.verbose).isWordPress():

            if options.chown is not None:
                changeOwner = chownWordPress(
                    options.path, options.chown, options.verbose
                )

                if changeOwner.isValid():
                    changeOwner.changeOwner()

            if options.chmod is not None:
                chmodWordPress(
                    options.path, options.verbose
                ).changePermisions()

            if options.robots is not None:
                robotsWordPress(options.path).createRobots()

            if options.finger is not None:
                deleteVersionWordPress(options.path).delete()
                fingerprintingWordPress(
                    options.path, options.verbose
                ).searchStaticFile()

            if options.wpconfig is not None:

                if options.proxy is not None:
                    protocolo, rest = urllib2.splittype(options.proxy)

                    if protocolo is None:
                        raise ValueError("unknown URL type: %s") % \
                            (options.proxy)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)

                    if port is None:
                        raise ValueError("unknown protocol for %s") % \
                            (options.proxy)
                    puerto = int(port)
                    asdf = wpconfigWordPress(options.path, options.proxy)
                else:
                    asdf = wpconfigWordPress(options.path, options.proxy)
                asdf.createConfig()

            if options.indexes is not None:
                indexesWordPress(options.path, options.verbose).createIndexes()

            if options.timthumb is not None:
                timthumbWordPress(options.path).checkTimbthumb()

            if options.plugins is not None:

                if options.proxy is not None:
                    protocolo, rest = urllib2.splittype(options.proxy)

                    if protocolo is None:
                        raise ValueError("unknown URL type: %s") % \
                            (options.proxy)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)

                    if port is None:
                        raise ValueError("unknown protocol for %s") % \
                            (options.proxy)
                    puerto = int(port)
                    asdf = pluginsWordPress(options.path, options.proxy)
                else:
                    asdf = pluginsWordPress(options.path, options.proxy)
                asdf.questions()

            if options.malwares is not None:
                malwareScanWordPress(options.path).scan()

            if options.remove is not None:
                removeWordPress(options.path).delete()

            if options.minify is not None:
                minifyWordPress(options.path, options.verbose).minify()
    else:
        log.add("Could not find the specified directory.")
        print colored('\nCould not find the specified directory.\n', 'red')
Exemple #32
0
def cmdLineParser():
    """Implementation to WPHardening."""

    version_wph = "1.6"
    usage = "usage: python %prog [options]"
    version = colored('WPHardening', 'green') + ' version ' + \
        colored(version_wph, 'yellow') + '\n'

    parser = OptionParser(usage, version=version)

    parser.add_option("-v", "--verbose", action="store_true",
                      dest="verbose", default=False,
                      help="Active verbose mode output results")

    parser.add_option("--update", action="store_true", dest="update",
                      default=False,
                      help="Check for WPHardening latest stable version")

    target = OptionGroup(parser, "Target", "This option must be "
                         "specified to modify the package WordPress.")

    target.add_option("-d", "--dir", dest="path", help="**REQUIRED** -"
                      " Working Directory.", metavar="DIRECTORY")

    target.add_option("--load-conf", dest="loadconf", metavar="FILE",
                      help="Load file configuration.")

    hardening = OptionGroup(parser, "Hardening", "Different tools to"
                            " hardening WordPress.")

    hardening.add_option("-c", "--chmod", action="store_true", dest="chmod",
                         help="Chmod 755 in directory and 644 in files.")

    hardening.add_option("-r", "--remove", action="store_true",
                         dest="remove", help="Remove files and directory.")

    hardening.add_option("-b", "--robots", action="store_true", dest="robots",
                         help="Create file robots.txt")

    hardening.add_option("-f", "--fingerprinting", action="store_true",
                         dest="finger", help="Deleted fingerprinting "
                         "WordPress.")

    hardening.add_option("-t", "--timthumb", action="store_true",
                         dest="timthumb", help="Find the library TimThumb.")

    hardening.add_option("--chown", action="store", type="string",
                         dest="chown", metavar="user:group", help="Changing "
                         "file and directory owner.")

    hardening.add_option("--wp-config", action="store_true", dest="wpconfig",
                         help="Wizard generated wp-config.php")

    hardening.add_option("--plugins", action="store_true", dest="plugins",
                         help="Download Plugins Security.")

    hardening.add_option("--proxy", action="store", type="string",
                         dest="proxy", help="Use a HTTP proxy to connect to "
                         "the target url for --plugins and --wp-config.")

    hardening.add_option("--indexes", action="store_true", dest="indexes",
                         help="It deny you to display the contents of "
                         "directories.")

    hardening.add_option("--minify", action="store_true", dest="minify",
                         help="Compressing static file .css and .js")

    hardening.add_option("--malware-scan", action="store_true",
                         dest="malwares", help="Malware Scan in WordPress "
                         "project.")

    hardening.add_option("--6g-firewall", action="store_true",
                         dest="sixg", help="6G Firewall.")

    hardening.add_option("--rest-api", action="store_true",
                         dest="api", help="Disable REST API.")

    miscellaneous = OptionGroup(parser, "Miscellaneous")

    miscellaneous.add_option("-o", "--output", help="Write log report to "
                             "FILE.log", metavar="FILE", dest="output")

    parser.add_option_group(target)
    parser.add_option_group(hardening)
    parser.add_option_group(miscellaneous)

    cmdBanner()

    (options, args) = parser.parse_args()

    if options.loadconf is not None:
        options.path = loadConfWordPress(options.loadconf).getDirectory()
        options.chmod = loadConfWordPress(options.loadconf).getChmod()
        options.robots = loadConfWordPress(options.loadconf).getRobots()
        options.finger = loadConfWordPress(
            options.loadconf
        ).getFingerprinting()
        options.wpconfig = loadConfWordPress(options.loadconf).getWpConfig()
        options.indexes = loadConfWordPress(options.loadconf).getIndexes()
        options.timthumb = loadConfWordPress(options.loadconf).getTimthumb()
        options.malwares = loadConfWordPress(options.loadconf).getMalwareScan()
        options.output = loadConfWordPress(options.loadconf).getOutput()

    if options.output is None:
        filename = 'wphardening.log'
    else:
        filename = options.output

    log = registerLog(filename)
    log.setConfigure()

    if options.update:
        log.add("Check for WPHardening latest stable version")
        updateWPHardening(os.path.abspath(".")).update()
        sys.exit()

    if options.path is None:
        log.add("Did not specify a working directory.")
        parser.print_help()
        sys.exit()

    options.path = os.path.abspath(options.path)

    if os.path.exists(options.path):

        fname = "output.html"
        context = {
            'directory': options.path,
            'version': version_wph
        }

        if checkWordpress(options.path, options.verbose).isWordPress():

            if options.chown is not None:
                changeOwner = chownWordPress(
                    options.path, options.chown, options.verbose
                )

                if changeOwner.isValid():
                    changeOwner.changeOwner()
                    context['chown'] = options.chown

            if options.chmod is not None:
                chmodWordPress(
                    options.path, options.verbose
                ).changePermisions()
                context['chmod'] = True

            if options.robots is not None:
                robotsWordPress(options.path).createRobots()
                context['robots'] = True

            if options.finger is not None:
                deleteVersionWordPress(options.path).delete()
                fingerprintingWordPress(
                    options.path, options.verbose
                ).searchStaticFile()
                context['finger'] = True

            if options.wpconfig is not None:

                if options.proxy is not None:
                    protocolo, rest = urllib2.splittype(options.proxy)

                    if protocolo is None:
                        raise ValueError("unknown URL type: %s") % \
                            (options.proxy)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)

                    if port is None:
                        raise ValueError("unknown protocol for %s") % \
                            (options.proxy)
                    puerto = int(port)
                    asdf = wpconfigWordPress(options.path, options.proxy)
                else:
                    asdf = wpconfigWordPress(options.path, options.proxy)
                asdf.createConfig()

            if options.indexes is not None:
                indexesWordPress(options.path, options.verbose).createIndexes()
                context['indexes'] = True

            if options.timthumb is not None:
                timthumbWordPress(options.path).checkTimbthumb()

            if options.plugins is not None:

                if options.proxy is not None:
                    protocolo, rest = urllib2.splittype(options.proxy)

                    if protocolo is None:
                        raise ValueError("unknown URL type: %s") % \
                            (options.proxy)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)

                    if port is None:
                        raise ValueError("unknown protocol for %s") % \
                            (options.proxy)
                    puerto = int(port)
                    asdf = pluginsWordPress(options.path, options.proxy)
                else:
                    asdf = pluginsWordPress(options.path, options.proxy)
                asdf.questions()

            if options.malwares is not None:
                malwareScanWordPress(options.path).scan()

            if options.remove is not None:
                removeWordPress(options.path).delete()
                context['remove'] = True

            if options.minify is not None:
                minifyWordPress(options.path, options.verbose).minify()

            if options.sixg is not None:
                sixgWordPress(options.path, options.verbose).createFirewall()
                context['sixg'] = True

            if options.api is not None:
                restApiWordPress(options.path).disableRestApi()
                context['api'] = True

        # output jinja2
        with open(fname, 'w') as f:
            html = render_template('index.html.tmpl', context)
            f.write(html)

    else:
        log.add("Could not find the specified directory.")
        print colored('\nCould not find the specified directory.\n', 'red')
Exemple #33
0
def main():
    usage = "usage: %prog [options] arg"
    version = colored('WP Hardening', 'green') + ' version' + \
        colored(' 1.1', 'yellow')
    parser = OptionParser(usage, version=version)
    parser.add_option(
        "-v", "--verbose", action="store_true", dest="verbose",
        help="active verbose mode output results",
    )
    group1 = OptionGroup(
        parser, "Target",
        "This option must be specified to modify the package WordPress."
    )
    group1.add_option(
        "-d", "--dir", dest="path",
        help="**REQUIRED** - Working Directory.", metavar="DIRECTORY"
    )
    parser.add_option_group(group1)

    group2 = OptionGroup(
        parser, "Hardening", "Different tools to hardening WordPress."
    )
    group2.add_option(
        "-c", "--chmod", action="store_true", dest="chmod",
        help="Chmod 755 in directory and 644 in files."
    )
    group2.add_option(
        "-r", "--remove", action="store_true", dest="remove",
        help="Remove files and directory."
    )
    group2.add_option(
        "-b", "--robots", action="store_true", dest="robots",
        help="Create file robots.txt"
    )
    group2.add_option(
        "-f", "--fingerprinting", action="store_true",
        dest="finger", help="Deleted fingerprinting WordPress."
    )
    group2.add_option(
        "--wp-config", action="store_true", dest="wpconfig",
        help="Generated wp-config.php"
    )
    group2.add_option(
        "--delete-version", action="store_true",
        dest="delete_version", help="Deleted version WordPress."
    )
    group2.add_option(
        "--plugins", action="store_true", dest="plugins",
        help="Download Plugins Security."
    )
    group2.add_option(
        "--proxy", action="store", type="string", dest="proxy",
        help="Use a HTTP proxy to connect to the target url for --plugins and \
--wp-config."
    )
    group2.add_option(
        "--indexes", action="store_true", dest="indexes",
        help="It allows you to display the contents of directories."
    )
    parser.add_option_group(group2)

    group3 = OptionGroup(
        parser, "Miscellaneous",
    )
    group3.add_option(
        "-o", "--output", help="Write log report to FILE.log", metavar="FILE",
        dest="output"
    )
    parser.add_option_group(group3)

    (options, args) = parser.parse_args()

    if options.output is None:
        filename = 'wphardening.log'
    else:
        filename = options.output
    log = registerLog(filename)
    log.setConfigure()

    if options.path is None:
        log.add("Did not specify a working directory.")
        parser.print_help()
        sys.exit()

    options.path = os.path.abspath(options.path)
    if os.path.exists(options.path):
        wordpress = checkWordpress(options.path)
        if wordpress.isWordPress():
            log.add(options.path + " This project directory is a WordPress.")
            print colored(options.path, 'yellow') + ' -', \
                colored('\nThis project directory is a WordPress.', 'green')
            if options.delete_version is not None:
                asdf = deleteVersionWordPress(options.path)
                asdf.delete()
            if options.chmod is not None:
                asdf = chmodWordPress(options.path)
                asdf.changePermisions()
            if options.remove is not None:
                qwer = removeWordPress(options.path)
                qwer.delete()
            if options.robots is not None:
                zxcv = robotsWordPress(options.path)
                zxcv.createRobots()
            if options.finger is not None:
                asdf = fingerprintingWordPress(options.path)
                asdf.searchStaticFile()
            if options.wpconfig is not None:
                if options.proxy is not None:
                    protocolo, rest = urllib2.splittype(options.proxy)
                    if protocolo is None:
                        raise ValueError("unknown URL type: %s") % \
                            (options.proxy)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)
                    if port is None:
                        raise ValueError("unknown protocol for %s") % \
                            (options.proxy)
                    puerto = int(port)
                    asdf = wpconfigWordPress(options.path, options.proxy)
                else:
                    asdf = wpconfigWordPress(options.path, options.proxy)
                asdf.createConfig()
            if options.indexes is not None:
                asdf = indexesWordPress(options.path)
                asdf.createIndexes()
            if options.plugins is not None:
                if options.proxy is not None:
                    protocolo, rest = urllib2.splittype(options.proxy)
                    if protocolo is None:
                        raise ValueError("unknown URL type: %s") % \
                            (options.proxy)
                    host, rest = urllib2.splithost(rest)
                    host, port = urllib2.splitport(host)
                    if port is None:
                        raise ValueError("unknown protocol for %s") % \
                            (options.proxy)
                    puerto = int(port)
                    asdf = pluginsWordPress(options.path, options.proxy)
                else:
                    asdf = pluginsWordPress(options.path, options.proxy)
                asdf.questions()
        else:
            log.add(
                options.path + " This Project directory is not a WordPress."
            )
            print colored(options.path, 'yellow') + ' -', \
                colored('This Project directory is not a WordPress.\n', 'red')
    else:
        log.add("Could not find the specified directory.")
        print colored('\nCould not find the specified directory.\n', 'red')