def __init__(self):
BasePlugin.__init__(self)
regex = [
r'\b(?:(?<!data-)href)="((?!mailto:|tel:|#|javascript:).*?)"',
r'\bsrc="((?!javascript:).*?)"',
r'\baction="((?!javascript:).*?)"',
# http://en.wikipedia.org/wiki/Meta_refresh
r'<meta.*content="\d+;url=(.*?)">',
r'getJSON\("(.*?)"',
]
self.regex = []
for regex_str in regex:
self.regex.append(re.compile(regex_str, re.MULTILINE | re.DOTALL))
self.regex_header = [
("Link", re.compile(r"<(.*)>;")),
("Location", re.compile(r"(.*)")),
]
self.add_path = self.kbase["links.add_path"]
self.domain_regex = None
if self.kbase["links.regex"][0]:
self.domain_regex = re.compile(self.kbase["links.regex"][0],
re.MULTILINE | re.DOTALL)
self.list_links = set()
def __init__(self):
BasePlugin.__init__(self)
try:
print(self.kbase["grep.regex"])
self.regex = re.compile(self.kbase["grep.regex"][0], re.MULTILINE | re.DOTALL)
except Exception:
raise FuzzExceptPluginBadParams("Incorrect regex or missing regex parameter.")
def __init__(self):
BasePlugin.__init__(self)
regex = [
r'href="((?!mailto:|tel:|#|javascript:).*?)"',
r'src="((?!javascript:).*?)"',
r'action="((?!javascript:).*?)"',
# http://en.wikipedia.org/wiki/Meta_refresh
r'<meta.*content="\d+;url=(.*?)">',
r'getJSON\("(.*?)"',
]
self.regex = []
for regex_str in regex:
self.regex.append(re.compile(regex_str, re.MULTILINE | re.DOTALL))
self.regex_header = [
('Link', re.compile(r'<(.*)>;')),
('Location', re.compile(r'(.*)')),
]
self.add_path = self.kbase["links.add_path"]
self.domain_regex = None
if self.kbase["links.regex"][0]:
self.domain_regex = re.compile(self.kbase["links.regex"][0],
re.MULTILINE | re.DOTALL)
def __init__(self):
BasePlugin.__init__(self)
try:
print(self.kbase["grep.regex"])
self.regex = re.compile(self.kbase["grep.regex"][0],
re.MULTILINE | re.DOTALL)
except Exception:
raise FuzzExceptPluginBadParams(
"Incorrect regex or missing regex parameter.")
def __init__(self):
BasePlugin.__init__(self)
regex = [
('Apache Tomcat', 'Apache Tomcat/(.*?) - Error report'),
]
self.regex = []
for server_name, i in regex:
self.regex.append((server_name, re.compile(i, re.MULTILINE|re.DOTALL)))
def __init__(self):
BasePlugin.__init__(self)
date_dir = time.strftime('%y-%m-%d')
date_dir += "-"
date_dir += ''.join(
random.choice(string.ascii_lowercase + string.digits)
for _ in range(6))
self.reports_dir = WFUZZ_REPORTS_DIR + "/" + date_dir + "/"
mkdir_p(self.reports_dir)
self.l = dict()
print("Report dir is at: ", self.reports_dir)
def __init__(self):
BasePlugin.__init__(self)
regex = [ 'href="((?!mailto:|tel:|#|javascript:).*?)"',
'src="((?!javascript:).*?)"',
'action="((?!javascript:).*?)"',
# http://en.wikipedia.org/wiki/Meta_refresh
'<meta.*content="\d+;url=(.*?)">',
'getJSON\("(.*?)"',
]
self.regex = []
for i in regex:
self.regex.append(re.compile(i, re.MULTILINE|re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
regex = [
'href="((?!mailto:|tel:|#|javascript:).*?)"',
'src="((?!javascript:).*?)"',
'action="((?!javascript:).*?)"',
# http://en.wikipedia.org/wiki/Meta_refresh
'<meta.*content="\d+;url=(.*?)">',
'getJSON\("(.*?)"',
]
self.regex = []
for i in regex:
self.regex.append(re.compile(i, re.MULTILINE | re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
regex = [
('Apache Tomcat', 'Apache Tomcat/(.*?) - Error report'),
]
self.server_regex = []
for server_name, i in regex:
self.server_regex.append((server_name, re.compile(i, re.MULTILINE|re.DOTALL)))
regex = [
('MySQL', 'You have an error in your SQL syntax'),
]
self.error_regex = []
for server_name, i in regex:
self.error_regex.append((server_name, re.compile(i, re.MULTILINE|re.DOTALL)))
def __init__(self):
BasePlugin.__init__(self)
dir_indexing_regexes = []
dir_indexing_regexes.append("<title>Index of /")
dir_indexing_regexes.append('<a href="\\?C=N;O=D">Name</a>')
dir_indexing_regexes.append("Last modified</a>")
dir_indexing_regexes.append("Parent Directory</a>")
dir_indexing_regexes.append("Directory Listing for")
dir_indexing_regexes.append("<TITLE>Folder Listing.")
dir_indexing_regexes.append("<TITLE>Folder Listing.")
dir_indexing_regexes.append('<table summary="Directory Listing" ')
dir_indexing_regexes.append("- Browsing directory ")
dir_indexing_regexes.append('">\\[To Parent Directory\\]</a><br><br>') # IIS 6.0 and 7.0
dir_indexing_regexes.append('<A HREF=".*?">.*?</A><br></pre><hr></body></html>') # IIS 5.0
self.regex = []
for i in dir_indexing_regexes:
self.regex.append(re.compile(i,re.MULTILINE|re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
regex = [
('Apache Tomcat', 'Apache Tomcat/(.*?) - Error report'),
]
self.server_regex = []
for server_name, i in regex:
self.server_regex.append(
(server_name, re.compile(i, re.MULTILINE | re.DOTALL)))
regex = [
('MySQL', 'You have an error in your SQL syntax'),
]
self.error_regex = []
for server_name, i in regex:
self.error_regex.append(
(server_name, re.compile(i, re.MULTILINE | re.DOTALL)))
def __init__(self):
BasePlugin.__init__(self)
dir_indexing_regexes = []
dir_indexing_regexes.append("<title>Index of /")
dir_indexing_regexes.append('<a href="\\?C=N;O=D">Name</a>')
dir_indexing_regexes.append("Last modified</a>")
dir_indexing_regexes.append("Parent Directory</a>")
dir_indexing_regexes.append("Directory Listing for")
dir_indexing_regexes.append("<TITLE>Folder Listing.")
dir_indexing_regexes.append("<TITLE>Folder Listing.")
dir_indexing_regexes.append('<table summary="Directory Listing" ')
dir_indexing_regexes.append("- Browsing directory ")
dir_indexing_regexes.append(
'">\\[To Parent Directory\\]</a><br><br>') # IIS 6.0 and 7.0
dir_indexing_regexes.append(
'<A HREF=".*?">.*?</A><br></pre><hr></body></html>') # IIS 5.0
self.regex = []
for i in dir_indexing_regexes:
self.regex.append(re.compile(i, re.MULTILINE | re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
regex = [
r'\b(?:(?<!data-)href)="((?!mailto:|tel:|#|javascript:).*?)"',
r'\bsrc="((?!javascript:).*?)"',
r'\baction="((?!javascript:).*?)"',
r'<meta.*content="\d+;url=(.*?)">', # http://en.wikipedia.org/wiki/Meta_refresh
r'getJSON\("(.*?)"',
r"[^/][`'\"]([\/][a-zA-Z0-9_.-]+)+(?!(?:[,;\s]))", # based on https://github.com/nahamsec/JSParser/blob/master/handler.py#L93
]
self.regex = []
for regex_str in regex:
self.regex.append(re.compile(regex_str, re.MULTILINE | re.DOTALL))
self.regex_header = [
("Link", re.compile(r"<(.*)>;")),
("Location", re.compile(r"(.*)")),
]
self.add_path = self._bool(self.kbase[KBASE_PARAM_PATH][0])
self.enqueue_links = self._bool(self.kbase[KBASE_PARAM_ENQUEUE][0])
self.domain_regex = None
if self.kbase[KBASE_PARAM_DOMAIN_REGEX][0]:
self.domain_regex = re.compile(
self.kbase[KBASE_PARAM_DOMAIN_REGEX][0], re.IGNORECASE)
self.regex_param = None
if self.kbase[KBASE_PARAM_REGEX][0]:
self.regex_param = re.compile(self.kbase[KBASE_PARAM_REGEX][0],
re.IGNORECASE)
if self.regex_param and self.domain_regex is None:
self.domain_regex = re.compile(".*", re.IGNORECASE)
self.list_links = set()
def __init__(self):
BasePlugin.__init__(self)
regex_list = [
"A syntax error has occurred",
"ADODB.Field error",
"ASP.NET is configured to show verbose error messages",
"ASP.NET_SessionId",
"Active Server Pages error",
"An illegal character has been found in the statement",
'An unexpected token "END-OF-STATEMENT" was found',
"Can't connect to local",
"Custom Error Message",
"DB2 Driver",
"DB2 Error",
"DB2 ODBC",
"Disallowed Parent Path",
"Error Diagnostic Information",
"Error Message : Error loading required libraries.",
"Error Report",
"Error converting data type varchar to numeric",
"Fatal error",
"Incorrect syntax near",
"Internal Server Error",
"Invalid Path Character",
"Invalid procedure call or argument",
"Invision Power Board Database Error",
"JDBC Driver",
"JDBC Error",
"JDBC MySQL",
"JDBC Oracle",
"JDBC SQL",
"Microsoft OLE DB Provider for ODBC Drivers",
"Microsoft VBScript compilation error",
"Microsoft VBScript error",
"MySQL Driver",
"MySQL Error",
"MySQL ODBC",
"ODBC DB2",
"ODBC Driver",
"ODBC Error",
"ODBC Microsoft Access",
"ODBC Oracle",
"ODBC SQL",
"ODBC SQL Server",
"OLE/DB provider returned message",
"ORA-0",
"ORA-1",
"Oracle DB2",
"Oracle Driver",
"Oracle Error",
"Oracle ODBC",
"PHP Error",
"PHP Parse error",
"PHP Warning",
"Permission denied: 'GetObject'",
"PostgreSQL query failed: ERROR: parser: parse error",
r"SQL Server Driver\]\[SQL Server",
"SQL command not properly ended",
"SQLException",
"Supplied argument is not a valid PostgreSQL result",
"Syntax error in query expression",
"The error occurred in",
"The script whose uid is",
"Type mismatch",
"Unable to jump to row",
"Unclosed quotation mark before the character string",
"Unterminated string constant",
"Warning: Cannot modify header information - headers already sent",
"Warning: Supplied argument is not a valid File-Handle resource in",
r"Warning: mysql_query\(\)",
r"Warning: mysql_fetch_array\(\)",
r"Warning: pg_connect\(\): Unable to connect to PostgreSQL server: FATAL",
"You have an error in your SQL syntax near",
"data source=",
"detected an internal error [IBM][CLI Driver][DB2/6000]",
"invalid query",
"is not allowed to access",
"missing expression",
"mySQL error with query",
"mysql error",
"on MySQL result index",
"supplied argument is not a valid MySQL result resource",
]
self.error_regex = []
for regex in regex_list:
self.error_regex.append(re.compile(regex,
re.MULTILINE | re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
print("init")
def __init__(self):
BasePlugin.__init__(self)
def __init__(self):
BasePlugin.__init__(self)
self.extensions = self.kbase["backups.ext"][0].split(",")
def __init__(self):
BasePlugin.__init__(self)
regex_list = [
'A syntax error has occurred',
'ADODB.Field error',
'ASP.NET is configured to show verbose error messages',
'ASP.NET_SessionId',
'Active Server Pages error',
'An illegal character has been found in the statement',
'An unexpected token "END-OF-STATEMENT" was found',
'Can\'t connect to local',
'Custom Error Message',
'DB2 Driver',
'DB2 Error',
'DB2 ODBC',
'Disallowed Parent Path',
'Error Diagnostic Information',
'Error Message : Error loading required libraries.',
'Error Report',
'Error converting data type varchar to numeric',
'Fatal error',
'Incorrect syntax near',
'Internal Server Error',
'Invalid Path Character',
'Invalid procedure call or argument',
'Invision Power Board Database Error',
'JDBC Driver',
'JDBC Error',
'JDBC MySQL',
'JDBC Oracle',
'JDBC SQL',
'Microsoft OLE DB Provider for ODBC Drivers',
'Microsoft VBScript compilation error',
'Microsoft VBScript error',
'MySQL Driver',
'MySQL Error',
'MySQL ODBC',
'ODBC DB2',
'ODBC Driver',
'ODBC Error',
'ODBC Microsoft Access',
'ODBC Oracle',
'ODBC SQL',
'ODBC SQL Server',
'OLE/DB provider returned message',
'ORA-0',
'ORA-1',
'Oracle DB2',
'Oracle Driver',
'Oracle Error',
'Oracle ODBC',
'PHP Error',
'PHP Parse error',
'PHP Warning',
'Permission denied: \'GetObject\'',
'PostgreSQL query failed: ERROR: parser: parse error',
r'SQL Server Driver\]\[SQL Server',
'SQL command not properly ended',
'SQLException',
'Supplied argument is not a valid PostgreSQL result',
'Syntax error in query expression',
'The error occurred in',
'The script whose uid is',
'Type mismatch',
'Unable to jump to row',
'Unclosed quotation mark before the character string',
'Unterminated string constant',
'Warning: Cannot modify header information - headers already sent',
'Warning: Supplied argument is not a valid File-Handle resource in',
r'Warning: mysql_query\(\)',
r'Warning: mysql_fetch_array\(\)',
r'Warning: pg_connect\(\): Unable to connect to PostgreSQL server: FATAL',
'You have an error in your SQL syntax near',
'data source=',
'detected an internal error [IBM][CLI Driver][DB2/6000]',
'invalid query',
'is not allowed to access',
'missing expression',
'mySQL error with query',
'mysql error',
'on MySQL result index',
'supplied argument is not a valid MySQL result resource',
]
self.error_regex = []
for regex in regex_list:
self.error_regex.append(re.compile(regex,
re.MULTILINE | re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
def __init__(self):
BasePlugin.__init__(self)
regex_list = [
'A syntax error has occurred',
'ADODB.Field error',
'ASP.NET is configured to show verbose error messages',
'ASP.NET_SessionId',
'Active Server Pages error',
'An illegal character has been found in the statement',
'An unexpected token "END-OF-STATEMENT" was found',
'Can\'t connect to local',
'Custom Error Message',
'DB2 Driver',
'DB2 Error',
'DB2 ODBC',
'Disallowed Parent Path',
'Error Diagnostic Information',
'Error Message : Error loading required libraries.',
'Error Report',
'Error converting data type varchar to numeric',
'Fatal error',
'Incorrect syntax near',
'Internal Server Error',
'Invalid Path Character',
'Invalid procedure call or argument',
'Invision Power Board Database Error',
'JDBC Driver',
'JDBC Error',
'JDBC MySQL',
'JDBC Oracle',
'JDBC SQL',
'Microsoft OLE DB Provider for ODBC Drivers',
'Microsoft VBScript compilation error',
'Microsoft VBScript error',
'MySQL Driver',
'MySQL Error',
'MySQL ODBC',
'ODBC DB2',
'ODBC Driver',
'ODBC Error',
'ODBC Microsoft Access',
'ODBC Oracle',
'ODBC SQL',
'ODBC SQL Server',
'OLE/DB provider returned message',
'ORA-0',
'ORA-1',
'Oracle DB2',
'Oracle Driver',
'Oracle Error',
'Oracle ODBC',
'PHP Error',
'PHP Parse error',
'PHP Warning',
'Permission denied: \'GetObject\'',
'PostgreSQL query failed: ERROR: parser: parse error',
r'SQL Server Driver\]\[SQL Server',
'SQL command not properly ended',
'SQLException',
'Supplied argument is not a valid PostgreSQL result',
'Syntax error in query expression',
'The error occurred in',
'The script whose uid is',
'Type mismatch',
'Unable to jump to row',
'Unclosed quotation mark before the character string',
'Unterminated string constant',
'Warning: Cannot modify header information - headers already sent',
'Warning: Supplied argument is not a valid File-Handle resource in',
r'Warning: mysql_query\(\)',
r'Warning: mysql_fetch_array\(\)',
r'Warning: pg_connect\(\): Unable to connect to PostgreSQL server: FATAL',
'You have an error in your SQL syntax near',
'data source=',
'detected an internal error [IBM][CLI Driver][DB2/6000]',
'invalid query',
'is not allowed to access',
'missing expression',
'mySQL error with query',
'mysql error',
'on MySQL result index',
'supplied argument is not a valid MySQL result resource',
]
self.error_regex = []
for regex in regex_list:
self.error_regex.append(re.compile(regex, re.MULTILINE | re.DOTALL))
def __init__(self):
BasePlugin.__init__(self)
self.extensions = self.kbase["backups.ext"][0].split(",")