def initialize(url, include, headers, GET, delay, paramList, threadCount): url = stabilize(url) if not url: return {} else: firstResponse = requester(url, include, headers, GET, delay) originalFuzz = randomString(6) data = {originalFuzz: originalFuzz[::-1]} data.update(include) response = requester(url, data, headers, GET, delay) reflections = response.text.count(originalFuzz[::-1]) originalResponse = response.text originalCode = response.status_code newLength = len(response.text) plainText = removeTags(originalResponse) plainTextLength = len(plainText) factors = {'sameHTML': False, 'samePlainText': False} if len(firstResponse.text) == len(originalResponse): factors['sameHTML'] = True elif len(removeTags(firstResponse.text)) == len(plainText): factors['samePlainText'] = True heuristic(firstResponse.text, paramList) fuzz = randomString(8) data = {fuzz: fuzz[::-1]} data.update(include) toBeChecked = slicer(paramList, 50) foundParamsTemp = [] while True: toBeChecked = narrower(toBeChecked, url, include, headers, GET, delay, originalResponse, originalCode, reflections, factors, threadCount) toBeChecked = unityExtracter(toBeChecked, foundParamsTemp) if not toBeChecked: break foundParams = [] for param in foundParamsTemp: exists = quickBruter([param], originalResponse, originalCode, reflections, factors, include, delay, headers, url, GET) if exists: foundParams.append(param) for each in foundParams: print('%s?%s' % (url, each)) if not foundParams: pass return foundParams
def initialize(request, wordlist): url = request['url'] if not url.startswith('http'): print('%s %s is not a valid URL' % (bad, url)) return 'skipped' print('%s Probing the target for stability' % run) stable = stable_request(url, request['headers']) if not stable: return 'skipped' else: fuzz = randomString(6) response_1 = requester(request, {fuzz : fuzz[::-1]}) print('%s Analysing HTTP response for anamolies' % run) fuzz = randomString(6) response_2 = requester(request, {fuzz : fuzz[::-1]}) if type(response_1) == str or type(response_2) == str: return 'skipped' factors = define(response_1, response_2, fuzz, fuzz[::-1], wordlist) print('%s Analysing HTTP response for potential parameter names' % run) found = heuristic(response_1.text, wordlist) if found: num = len(found) s = 's' if num > 1 else '' print('%s Heuristic scanner found %i parameter%s: %s' % (good, num, s, ', '.join(found))) print('%s Logicforcing the URL endpoint' % run) populated = populate(wordlist) param_groups = slicer(populated, int(len(wordlist)/args.chunks)) last_params = [] while True: param_groups = narrower(request, factors, param_groups) if mem.var['kill']: return 'skipped' param_groups = confirm(param_groups, last_params) if not param_groups: break confirmed_params = [] for param in last_params: reason = bruter(request, factors, param, mode='verify') if reason: name = list(param.keys())[0] confirmed_params.append(name) print('%s name: %s, factor: %s' % (res, name, reason)) return confirmed_params
def _create_user(self, first_name, last_name, password, is_staff, is_superuser, username=None, email=None, phone_number=None, **kwargs): now = timezone.now() if not first_name: raise ValueError("You must enter a first name") if not last_name: raise ValueError("You must enter a last name") if not password: raise ValueError("You must enter a password") # Creates an username from email if doesn't exists if username is None: fname = str(self.cleaned_data['first_name']).lower().replace( ' ', '') lname = str(self.cleaned_data['last_name']).lower().replace( ' ', '') username = ''.join([fname, lname, randomString()]) print('Your username is ', username) email = self.normalize_email(email) user = self.model(username=username, first_name=first_name, last_name=last_name, is_staff=is_staff, is_active=True, is_superuser=is_superuser, last_login=now, date_joined=now, email=email, phone_number=phone_number, **kwargs) user.set_password(password) user.save(using=self.db) return user
def bruter(param, originalResponse, originalCode, factors, include, reflections, delay, headers, url, GET): fuzz = randomString(6) data = {param : fuzz} data.update(include) response = requester(url, data, headers, GET, delay) newReflections = response.text.count(fuzz) reason = False if response.status_code != originalCode: reason = 'Different response code' elif reflections != newReflections: reason = 'Different number of reflections' elif not factors['sameHTML'] and len(response.text) != (len(originalResponse)): reason = 'Different content length' elif not factors['samePlainText'] and len(removeTags(response.text)) != (len(removeTags(originalResponse))): reason = 'Different plain-text content length' if reason: return {param : reason} else: return None
def clean_username(self): username = self.cleaned_data['username'] if username is not None and len(username) > 0: try: User.objects.get(username=username) except User.DoesNotExist: return username raise forms.ValidationError(self.error_messages['duplicate_username']) else: # generate a unique username fname = str(self.cleaned_data['first_name']).lower().replace(' ', '') lname = str(self.cleaned_data['last_name']).lower().replace(' ', '') while True: username = ''.join([fname, lname, randomString()]) try: User.objects.get(username=username) except User.DoesNotExist: return username break
def bruter(param, originalResponse, originalCode, multiplier, reflections, delay, headers, url, GET): fuzz = randomString(6) data = {param: fuzz} response = requester(url, data, headers, GET, delay) newReflections = response.text.count(fuzz) if response.status_code != originalCode: print('%s Found a valid parameter: %s%s%s' % (good, green, param, end)) print('%s Reason: Different response code' % info) elif reflections != newReflections: print('%s Found a valid parameter: %s%s%s' % (good, green, param, end)) print('%s Reason: Different number of reflections' % info) elif len(response.text.replace( param + '=' + fuzz, '')) != (len( originalResponse.text.replace( originalFuzz + '=' + originalFuzz[::-1], '')) + (len(param) * multiplier)): print('%s Found a valid parameter: %s%s%s' % (good, green, param, end)) print('%s Reason: Different content length' % info)
if inpName not in done: if inpName in paramList: paramList.remove(inpName) done.append(inpName) paramList.insert(0, inpName) print ('%s Heuristic found a potenial parameter: %s%s%s' % (good, green, inpName, end)) print ('%s Prioritizing it' % good) url = stabilize(url) print ('%s Analysing the content of the webpage' % run) firstResponse = requester(url, include, headers, GET, delay) print ('%s Now lets see how target deals with a non-existent parameter' % run) originalFuzz = randomString(6) data = {originalFuzz : originalFuzz[::-1]} data.update(include) response = requester(url, data, headers, GET, delay) reflections = response.text.count(originalFuzz[::-1]) print ('%s Reflections: %s%i%s' % (info, green, reflections, end)) originalResponse = response.text originalCode = response.status_code print ('%s Response Code: %s%i%s' % (info, green, originalCode, end)) newLength = len(response.text) plainText = removeTags(originalResponse) plainTextLength = len(plainText) print ('%s Content Length: %s%i%s' % (info, green, newLength, end)) print ('%s Plain-text Length: %s%i%s' % (info, green, plainTextLength, end))
def initialize(url, include, headers, GET, delay, paramList, threadCount): url = stabilize(url) if not url: return {} else: print('%s Analysing the content of the webpage' % run) firstResponse = requester(url, include, headers, GET, delay) print('%s Analysing behaviour for a non-existent parameter' % run) originalFuzz = randomString(6) data = {originalFuzz: originalFuzz[::-1]} data.update(include) response = requester(url, data, headers, GET, delay) reflections = response.text.count(originalFuzz[::-1]) print('%s Reflections: %s%i%s' % (info, green, reflections, end)) originalResponse = response.text originalCode = response.status_code print('%s Response Code: %s%i%s' % (info, green, originalCode, end)) newLength = len(response.text) plainText = removeTags(originalResponse) plainTextLength = len(plainText) print('%s Content Length: %s%i%s' % (info, green, newLength, end)) print('%s Plain-text Length: %s%i%s' % (info, green, plainTextLength, end)) factors = {'sameHTML': False, 'samePlainText': False} if len(firstResponse.text) == len(originalResponse): factors['sameHTML'] = True elif len(removeTags(firstResponse.text)) == len(plainText): factors['samePlainText'] = True print('%s Parsing webpage for potential parameters' % run) heuristic(firstResponse.text, paramList) fuzz = randomString(8) data = {fuzz: fuzz[::-1]} data.update(include) print('%s Performing heuristic level checks' % run) toBeChecked = slicer(paramList, 50) foundParamsTemp = [] while True: toBeChecked = narrower(toBeChecked, url, include, headers, GET, delay, originalResponse, originalCode, reflections, factors, threadCount) toBeChecked = unityExtracter(toBeChecked, foundParamsTemp) if not toBeChecked: break foundParams = [] for param in foundParamsTemp: exists = quickBruter([param], originalResponse, originalCode, reflections, factors, include, delay, headers, url, GET) if exists: foundParams.append(param) print('%s Scan Completed ' % info) for each in foundParams: print('%s Valid parameter found: %s%s%s' % (good, green, each, end)) if not foundParams: print( '%s Unable to verify existence of parameters detected by heuristic.' % bad) return foundParams
def initialize(url, include, headers, GET, delay, paramList, threadCount): url = stabilize(url) log('%s Analysing the content of the webpage' % run) firstResponse = requester(url, include, headers, GET, delay) log('%s Analysing behaviour for a non-existent parameter' % run) originalFuzz = randomString(6) data = {originalFuzz : originalFuzz[::-1]} data.update(include) response = requester(url, data, headers, GET, delay) reflections = response.text.count(originalFuzz[::-1]) log('%s Reflections: %s%i%s' % (info, green, reflections, end)) originalResponse = response.text originalCode = response.status_code log('%s Response Code: %s%i%s' % (info, green, originalCode, end)) newLength = len(response.text) plainText = removeTags(originalResponse) plainTextLength = len(plainText) log('%s Content Length: %s%i%s' % (info, green, newLength, end)) log('%s Plain-text Length: %s%i%s' % (info, green, plainTextLength, end)) factors = {'sameHTML': False, 'samePlainText': False} if len(firstResponse.text) == len(originalResponse): factors['sameHTML'] = True elif len(removeTags(firstResponse.text)) == len(plainText): factors['samePlainText'] = True log('%s Parsing webpage for potential parameters' % run) heuristic(firstResponse.text, paramList) fuzz = randomString(8) data = {fuzz : fuzz[::-1]} data.update(include) log('%s Performing heuristic level checks' % run) toBeChecked = slicer(paramList, 50) foundParams = [] while True: toBeChecked = narrower(toBeChecked, url, include, headers, GET, delay, originalResponse, originalCode, reflections, factors, threadCount) toBeChecked = unityExtracter(toBeChecked, foundParams) if not toBeChecked: break if foundParams: log('%s Heuristic found %i potential parameters.' % (info, len(foundParams))) paramList = foundParams finalResult = [] jsonResult = [] threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount) futures = (threadpool.submit(bruter, param, originalResponse, originalCode, factors, include, reflections, delay, headers, url, GET) for param in foundParams) for i, result in enumerate(concurrent.futures.as_completed(futures)): if result.result(): finalResult.append(result.result()) log('%s Progress: %i/%i' % (info, i + 1, len(paramList)), mode='run') log('%s Scan Completed ' % info) for each in finalResult: for param, reason in each.items(): log('%s Valid parameter found: %s%s%s' % (good, green, param, end)) log('%s Reason: %s' % (info, reason)) jsonResult.append({"param": param, "reason": reason}) if not jsonResult: log('%s Unable to verify existence of parameters detected by heuristic' % bad) return jsonResult