def _parse_help_opt(self, optsd): if "--version" in optsd: print version sys.exit(0) if "--help" in optsd or "-h" in optsd: self.show_usage() sys.exit(0) # Extensions help if "--script-help" in optsd: script_string = optsd["--script-help"][0] if script_string == "": script_string = "$all$" self.show_plugins_help("parsers", 2, script_string) if "-e" in optsd: if "payloads" in optsd["-e"]: self.show_plugins_help("payloads") elif "encoders" in optsd["-e"]: self.show_plugins_help("encoders", 2) elif "iterators" in optsd["-e"]: self.show_plugins_help("iterators") elif "printers" in optsd["-e"]: self.show_plugins_help("printers") elif "scripts" in optsd["-e"]: self.show_plugins_help("parsers", 2) else: raise FuzzException( FuzzException.FATAL, "Unknown category. Valid values are: payloads, encoders, iterators, printers or scripts." ) if "-o" in optsd: if "help" in optsd["-o"]: self.show_plugins_help("printers") if "-m" in optsd: if "help" in optsd["-m"]: self.show_plugins_help("iterators") if "-z" in optsd: if "help" in optsd["-z"]: self.show_plugins_help("payloads")
def _set_proxy(self, c, freq): ip, port, ptype = self._proxies.next() freq.wf_proxy = (("%s:%s" % (ip, port)), ptype) c.setopt(pycurl.PROXY, "%s:%s" % (ip, port)) if ptype == "SOCKS5": c.setopt(pycurl.PROXYTYPE, pycurl.PROXYTYPE_SOCKS5) elif ptype == "SOCKS4": c.setopt(pycurl.PROXYTYPE, pycurl.PROXYTYPE_SOCKS4) elif ptype == "HTML": pass else: raise FuzzException( FuzzException.FATAL, "Bad proxy type specified, correct values are HTML, SOCKS4 or SOCKS5." ) return c
def __compute_element(self, tokens): element, operator, value = tokens[0] if value == 'BBB' and self.baseline == None: raise FuzzException( FuzzException.FATAL, "FilterQ: specify a baseline value when using BBB") if element == 'c' and value == 'XXX': value = 0 if value == 'BBB': if element == 'l': value = self.baseline.lines elif element == 'c': value = self.baseline.code elif element == 'w': value = self.baseline.words elif element == 'h': value = self.baseline.chars test = dict(w=self.res.words, c=self.res.code, l=self.res.lines, h=self.res.chars) value = int(value) if operator == "=": return test[element] == value elif operator == "<=": return test[element] <= value elif operator == ">=": return test[element] >= value elif operator == "<": return test[element] < value elif operator == ">": return test[element] > value elif operator == "!=": return test[element] != value
def from_parse_options(options): fr = FuzzRequest() fr.rlevel = 1 fr.setUrl(options['url']) fr.wf_fuzz_methods = options['fuzz_methods'] if options['auth'][0] is not None: fr.setAuth(options['auth'][0], options['auth'][1]) if options['follow']: fr.setFollowLocation(options['follow']) if options['postdata']: fr.setPostData(options['postdata']) if options['head']: fr.method = "HEAD" if options['cookie']: fr.addHeader("Cookie", options['cookie']) if options['extraheaders']: hh = options['extraheaders'].split(",") for x in hh: splitted = x.partition(":") if splitted[1] != ":": raise FuzzException( FuzzException.FATAL, "Wrong header specified, it should be in the format \"name: value\"." ) fr.addHeader(splitted[0], splitted[2]) if options['allvars']: fr.wf_allvars = options['allvars'] return fr
def parse_cl(self): options = FuzzSessionOptions() # Usage and command line help try: opts, args = getopt.getopt( self.argv[1:], "hAZIXvcb:e:R:d:z:r:f:t:w:V:H:m:o:s:p:w:", [ 'sc=', 'sh=', 'sl=', 'sw=', 'ss=', 'hc=', 'hh=', 'hl=', 'hw=', 'hs=', 'ntlm=', 'basic=', 'digest=', 'follow', 'script-help=', 'script=', 'script-args=', 'filter=', 'interact', 'help', 'version' ]) optsd = defaultdict(list) for i, j in opts: optsd[i].append(j) self._parse_help_opt(optsd) if len(args) == 0: raise FuzzException(FuzzException.FATAL, "You must specify a payload and a URL") url = args[0] self._check_options(optsd) self._parse_options(optsd, options) options.set("filter_params", self._parse_filters(optsd)) options.set( "genreq", requestGenerator(self._parse_seed(url, optsd), self._parse_payload(optsd))) return options except FuzzException, e: self.show_brief_usage() #self.show_usage() raise e
def __init__(self, options): self.genReq = options.get("genreq") # Get active plugins lplugins = None if options.get("script_string"): lplugins = Facade().get_parsers(options.get("script_string")) if not lplugins: raise FuzzException(FuzzException.FATAL, "No plugin selected, check the --script name or category introduced.") recursive = lplugins or options.get("rlevel") > 0 filtering = options.get('filter_params')['active'] is True # Create queues (in reverse order) # genReq ---> seed_queue -> http_queue -> [round_robin] -> [plugins_queue] * N -> process_queue -> [routing_queue] -> [filter_queue]---> results_queue self.results_queue = MyPriorityQueue() self.filter_queue = FilterQ(options.get("filter_params"), self.results_queue) if filtering else None self.routing_queue = RoutingQ(None, self.filter_queue if filtering else self.results_queue) if recursive else None self.process_queue = ProcessorQ(options.get("rlevel"), self.genReq.stats, self.routing_queue if recursive else self.filter_queue if filtering else self.results_queue) self.plugins_queue = None if lplugins: cache = HttpCache() self.plugins_queue = RoundRobin([JobMan(lplugins, cache, self.process_queue), JobMan(lplugins, cache, self.process_queue), JobMan(lplugins, cache, self.process_queue)]) self.http_queue = HttpQueue(options, self.plugins_queue if lplugins else self.process_queue) self.seed_queue = SeedQ(self.genReq, options.get("sleeper"), self.http_queue) # recursion routes if recursive: self.routing_queue.set_routes({ "<class 'framework.fuzzer.fuzzobjects.FuzzRequest'>": self.seed_queue, "framework.plugins.pluginobjects.PluginRequest": self.http_queue, "framework.fuzzer.fuzzobjects.FuzzResult": self.filter_queue if filtering else self.results_queue}) ## initial seed request self.seed_queue.put_priority(1, self.genReq)
def cancel_job(self): # stop generating items self.http_queue.pause.set() self.genReq.stop() # stop processing pending items for q in [ self.seed_queue, self.http_queue, self.plugins_queue, self.process_queue, self.filter_queue, self.routing_queue ]: if q: q.put_first( FuzzException(FuzzException.SIGCANCEL, "Cancel job")) # wait for cancel to be processed for q in [ self.seed_queue, self.http_queue, self.plugins_queue ] + self.plugins_queue.queue_out if self.plugins_queue else [] + [ self.process_queue, self.filter_queue, self.routing_queue ]: if q: q.join() # send None to stop (almost nicely) self.seed_queue.put_last(None)
def from_all_fuzz_request(seed, payload): # no FUZZ keyword allowed marker_regex = re.compile("FUZ\d*Z",re.MULTILINE|re.DOTALL) if len(marker_regex.findall(seed.getAll())) > 0: raise FuzzException(FuzzException.FATAL, "FUZZ words not allowed when using all parameters brute forcing.") # only a fuzz payload is allowed using this technique if len(payload) > 1: raise FuzzException(FuzzException.FATAL, "Only one payload is allowed when fuzzing all parameters!") if seed.wf_allvars == "allvars": varSET = seed.getGETVars() elif seed.wf_allvars == "allpost": varSET = seed.getPOSTVars() elif seed.wf_allvars == "allheaders": varSET = seed.getHeaders() else: raise FuzzException(FuzzException.FATAL, "Unknown variable set: " + seed.wf_allvars) if len(varSET) == 0: raise FuzzException(FuzzException.FATAL, "No variables on specified variable set: " + seed.wf_allvars) for v in varSET: variable = v.name payload_content = payload[0] copycat = seed.from_copy() copycat.wf_description = variable + "=" + payload_content try: if seed.wf_allvars == "allvars": copycat.setVariableGET(variable, payload_content) elif seed.wf_allvars == "allpost": copycat.setVariablePOST(variable, payload_content) elif seed.wf_allvars == "allheaders": copycat.addHeader(variable, payload_content) else: raise FuzzException(FuzzException.FATAL, "Unknown variable set: " + seed.wf_allvars) except TypeError, e: raise FuzzException(FuzzException.FATAL, "It is not possible to use all fuzzing with duplicated parameters.") yield copycat
requestGenerator(self._parse_seed(url, optsd), self._parse_payload(optsd))) return options except FuzzException, e: self.show_brief_usage() #self.show_usage() raise e except ValueError: self.show_brief_usage() raise FuzzException(FuzzException.FATAL, "Incorrect options, please check help.") except getopt.GetoptError, qw: self.show_brief_usage() #self.show_usage() raise FuzzException(FuzzException.FATAL, "{0!s}.".format(str(qw))) def _parse_help_opt(self, optsd): if "--version" in optsd: print version sys.exit(0) if "--help" in optsd or "-h" in optsd: self.show_usage() sys.exit(0) # Extensions help if "--script-help" in optsd: script_string = optsd["--script-help"][0] if script_string == "": script_string = "$all$"
def get_kbase(self, key): v = self.kbase.get(key) if not v: raise FuzzException(FuzzException.FATAL, "Key not in kbase") return v
def _set_allvars(self, bl): if bl is not None and bl not in ['allvars', 'allpost']: raise FuzzException(FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars, allpost or allheaders.") self._allvars = bl
def get_payload(self, name): try: return self.__payloads.get_plugin("payloads/" + name) except KeyError: raise FuzzException(FuzzException.FATAL, name + " payload does not exists (-e payloads for a list of available payloads)")
def get_printer(self, name): try: return self.__printers.get_plugin("printers/" + name)() except KeyError: raise FuzzException(FuzzException.FATAL, name + " printer does not exists (-e printers for a list of available printers)")
def _parse_options(self, optsd, options): if "-p" in optsd: proxy = [] for p in optsd["-p"][0].split('-'): vals = p.split(":") if len(vals) == 2: proxy.append((vals[0], vals[1], "HTML")) elif len(vals) == 3: if vals[2] not in ("SOCKS5", "SOCKS4", "HTML"): raise FuzzException( FuzzException.FATAL, "Bad proxy type specified, correct values are HTML, SOCKS4 or SOCKS5." ) proxy.append((vals[0], vals[1], vals[2])) else: raise FuzzException(FuzzException.FATAL, "Bad proxy parameter specified.") options.set('proxy_list', proxy) if "-R" in optsd: options.set("rlevel", int(optsd["-R"][0])) options.set("printer_tool", "default") if "-v" in optsd: options.set("printer_tool", "verbose") if "-c" in optsd: Facade().proxy("printers").kbase.add("colour", True) if "-A" in optsd: options.set("printer_tool", "verbose") Facade().proxy("printers").kbase.add("colour", True) options.set("script_string", "default") options.set("scanmode", "-Z" in optsd) if "-o" in optsd: options.set("printer_tool", optsd['-o'][0]) if "--script" in optsd: options.set( "script_string", "default" if optsd["--script"][0] == "" else optsd["--script"][0]) if "--script-args" in optsd: vals = optsd["--script-args"][0].split(",") for i in vals: k, v = i.split("=", 1) Facade().proxy("parsers").kbase.add(k, v) options.set("interactive", "--interact" in optsd) # HTTP options if "-s" in optsd: options.set("sleeper", float(optsd["-s"][0])) if "-t" in optsd: options.set("max_concurrent", int(optsd["-t"][0]))
def get_iterator(self, name): try: return self.__iterators.get_plugin("iterations/" + name) except KeyError: raise FuzzException(FuzzException.FATAL, name + " iterator does not exists (-m iterators for a list of available iterators)")
def get_encoder(self, name): try: return self.__encoders.get_plugin("encoders/" + name)() except KeyError: raise FuzzException(FuzzException.FATAL, name + " encoder does not exists (-e encodings for a list of available encoders)")
def get_parsers(self, filterstr): try: return self.__plugins.get_plugins(filterstr) except Exception, e: raise FuzzException(FuzzException.FATAL, "Error selecting scripts: %s" % str(e))
if self.baseline and res.is_baseline == True: return True filter_string = self.hideparams['filter_string'] if filter_string and PYPARSING: self.res = res try: return self.finalformula.parseString(filter_string)[0] except ParseException, e: raise FuzzException(FuzzException.FATAL, "Incorrect filter expression. It should be composed of: c,l,w,h/and,or/=,<,>,!=,<=,>=") else: if self.baseline is None and ('BBB' in self.hideparams['codes'] \ or 'BBB' in self.hideparams['lines'] \ or 'BBB' in self.hideparams['words'] \ or 'BBB' in self.hideparams['chars']): raise FuzzException(FuzzException.FATAL, "FilterQ: specify a baseline value when using BBB") if self.hideparams['codes_show'] is None: cond1 = True else: cond1 = not self.hideparams['codes_show'] if self.hideparams['regex_show'] is None: cond2 = True else: cond2 = not self.hideparams['regex_show'] if str(res.code) in self.hideparams['codes'] \ or str(res.lines) in self.hideparams['lines'] \ or str(res.words) in self.hideparams['words'] \ or str(res.chars) in self.hideparams['chars']:
def _throw(self, e): if isinstance(e, FuzzException): self.send_first(e) else: msg = "%s\n\n%s" % (str(e), traceback.format_exc()) self.send_first(FuzzException(FuzzException.FATAL, msg))
printer = None try: # parse command line session_options = CLParser(sys.argv).parse_cl() # Create fuzzer's engine fz = Fuzzer(session_options) if session_options.get("interactive"): # initialise controller try: kb = KeyPress() except ImportError, e: raise FuzzException( FuzzException.FATAL, "Error importing necessary modules for interactive mode: {0!s}" .format(str(e))) else: mc = Controller(fz, kb) kb.start() printer = Facade().get_printer(session_options.get("printer_tool")) printer.header(fz.genReq.stats) for res in fz: printer.result(res) if res.is_visible else printer.noresult(res) printer.footer(fz.genReq.stats) except FuzzException, e: print "\nFatal exception: {0!s}".format(e.msg) if fz: fz.cancel_job()
os.chdir(dname) try: # parse command line session_options = CLParser(sys.argv).parse_cl() # Create fuzzer's engine fz = Fuzzer(session_options) if session_options.get("interactive"): # initialise controller try: kb = KeyPress() except ImportError, e: raise FuzzException( FuzzException.FATAL, "Error importing necessary modules for interactive mode: %s" % str(e)) else: mc = Controller(fz, kb) kb.start() printer = Facade().get_printer(session_options.get("printer_tool")) printer.header(fz.genReq.stats) for res in fz: printer.result(res) if res.is_visible else printer.noresult(res) printer.footer(fz.genReq.stats) except FuzzException, e: print "\nFatal exception: %s" % e.msg if fz: fz.cancel_job()
requestGenerator(self._parse_seed(url, optsd), self._parse_payload(optsd))) return options except FuzzException, e: self.show_brief_usage() #self.show_usage() raise e except ValueError: self.show_brief_usage() raise FuzzException(FuzzException.FATAL, "Incorrect options, please check help.") except getopt.GetoptError, qw: self.show_brief_usage() #self.show_usage() raise FuzzException(FuzzException.FATAL, "%s." % str(qw)) def _parse_help_opt(self, optsd): if "--version" in optsd: print version sys.exit(0) if "--help" in optsd or "-h" in optsd: self.show_usage() sys.exit(0) # Extensions help if "--script-help" in optsd: script_string = optsd["--script-help"][0] if script_string == "": script_string = "$all$"