def _parse_seed(self, url, optsd):
options = dict(
url=url,
fuzz_methods=False,
auth=(None, None),
follow=False,
head=False,
postdata=None,
extraheaders=[],
cookie=[],
allvars=None,
)
options['url'] = url
if "-X" in optsd:
options['fuzz_methods'] = True
if "--basic" in optsd:
options['auth'] = ("basic", optsd["--basic"][0])
if "--digest" in optsd:
options['auth'] = ("digest", optsd["--digest"][0])
if "--ntlm" in optsd:
options['auth'] = ("ntlm", optsd["--ntlm"][0])
if "--follow" in optsd:
options['follow'] = True
if "-I" in optsd:
options['head'] = "HEAD"
if "-d" in optsd:
options['postdata'] = optsd["-d"][0]
for bb in optsd["-b"]:
options['cookie'].append(bb)
for x in optsd["-H"]:
splitted = x.partition(":")
if splitted[1] != ":":
raise FuzzException(
FuzzException.FATAL,
"Wrong header specified, it should be in the format \"name: value\"."
)
options['extraheaders'].append((splitted[0], splitted[2].strip()))
if "-V" in optsd:
varset = str(optsd["-V"][0])
if varset not in ['allvars', 'allpost', 'allheaders']:
raise FuzzException(
FuzzException.FATAL,
"Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders."
)
options['allvars'] = varset
return FuzzRequest.from_parse_options(options)
def next(self):
if self.stats.cancelled:
raise StopIteration
if self.seed.wf_allvars is not None:
return self._allvar_gen.next()
else:
return FuzzRequest.from_seed(self.seed, self.dictio.next())
def next(self): if self.stats.cancelled: raise StopIteration if self.seed.wf_allvars is not None: return self._allvar_gen.next() else: return FuzzRequest.from_seed(self.seed, self.dictio.next())
def _parse_seed(self, url, optsd):
options = dict(
url=url,
fuzz_methods=False,
auth=(None, None),
follow=False,
head=False,
postdata=None,
extraheaders=[],
cookie=[],
allvars=None,
)
options['url'] = url
if "-X" in optsd:
options['fuzz_methods'] = True
if "--basic" in optsd:
options['auth'] = ("basic", optsd["--basic"][0])
if "--digest" in optsd:
options['auth'] = ("digest", optsd["--digest"][0])
if "--ntlm" in optsd:
options['auth'] = ("ntlm", optsd["--ntlm"][0])
if "--follow" in optsd:
options['follow'] = True
if "-I" in optsd:
options['head'] = "HEAD"
if "-d" in optsd:
options['postdata'] = optsd["-d"][0]
for bb in optsd["-b"]:
options['cookie'].append(bb)
for x in optsd["-H"]:
splitted = x.partition(":")
if splitted[1] != ":":
raise FuzzException(FuzzException.FATAL,
"Wrong header specified, it should be in the format \"name: value\".")
options['extraheaders'].append((splitted[0], splitted[2].strip()))
if "-V" in optsd:
varset = str(optsd["-V"][0])
if varset not in ['allvars', 'allpost', 'allheaders']:
raise FuzzException(FuzzException.FATAL,
"Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders.")
options['allvars'] = varset
return FuzzRequest.from_parse_options(options)
def from_fuzzRes(res, url, source):
fr = FuzzRequest.from_fuzzRes(res, str(url))
fr.wf_description = fr.path
fr.rlevel = res.rlevel + 1
plreq = PluginRequest()
plreq.source = source
plreq.request = fr
plreq.rlevel = res.rlevel + 1
return plreq
def _parse_seed(self, url, optsd):
options = dict(
url=url,
fuzz_methods=False,
auth=(None, None),
follow=False,
head=False,
postdata=None,
extraheaders=None,
cookie=None,
allvars=None,
)
options['url'] = url
if "-X" in optsd:
options['fuzz_methods'] = True
if "--basic" in optsd:
options['auth'] = ("basic", optsd["--basic"][0])
if "--digest" in optsd:
options['auth'] = ("digest", optsd["--digest"][0])
if "--ntlm" in optsd:
options['auth'] = ("ntlm", optsd["--ntlm"][0])
if "--follow" in optsd:
options['follow'] = True
if "-I" in optsd:
options['head'] = "HEAD"
if "-d" in optsd:
options['postdata'] = optsd["-d"][0]
if "-b" in optsd:
options['cookie'] = optsd["-b"][0]
if "-H" in optsd:
options['extraheaders'] = str(optsd["-H"][0])
if "-V" in optsd:
varset = str(optsd["-V"][0])
if varset not in ['allvars', 'allpost', 'allheaders']:
raise FuzzException(
FuzzException.FATAL,
"Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders."
)
options['allvars'] = varset
return FuzzRequest.from_parse_options(options)
def __init__(self, seed, dictio):
self.seed = seed
self._baseline = FuzzRequest.from_baseline(seed)
self.dictio = dictio
self.stats = FuzzStats.from_requestGenerator(self)
if self.seed.wf_allvars is not None:
self._allvar_gen = self.__allvars_gen(self.dictio)
else:
self._allvar_gen = None
def __init__(self, seed, dictio): self.seed = seed self._baseline = FuzzRequest.from_baseline(seed) self.dictio = dictio self.stats = FuzzStats.from_requestGenerator(self) if self.seed.wf_allvars is not None: self._allvar_gen = self.__allvars_gen(self.dictio) else: self._allvar_gen = None
def from_fuzzRes(res, url, source):
fr = FuzzRequest.from_fuzzRes(res, str(url))
fr.wf_description = fr.path
fr.rlevel = res.rlevel + 1
plreq = PluginRequest()
plreq.source = source
plreq.request = fr
plreq.rlevel = res.rlevel + 1
return plreq
def _parse_seed(self, url, optsd):
options = dict(
url = url,
fuzz_methods = False,
auth = (None, None),
follow = False,
head = False,
postdata = None,
extraheaders = None,
cookie = None,
allvars = None,
)
options['url'] = url
if "-X" in optsd:
options['fuzz_methods'] = True
if "--basic" in optsd:
options['auth'] = ("basic", optsd["--basic"][0])
if "--digest" in optsd:
options['auth'] = ("digest", optsd["--digest"][0])
if "--ntlm" in optsd:
options['auth'] = ("ntlm", optsd["--ntlm"][0])
if "--follow" in optsd:
options['follow'] = True
if "-I" in optsd:
options['head'] = "HEAD"
if "-d" in optsd:
options['postdata'] = optsd["-d"][0]
if "-b" in optsd:
options['cookie'] = optsd["-b"][0]
if "-H" in optsd:
options['extraheaders'] = str(optsd["-H"][0])
if "-V" in optsd:
varset = str(optsd["-V"][0])
if varset not in ['allvars','allpost','allheaders']:
raise FuzzException(FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars,allpost or allheaders.")
options['allvars'] = varset
return FuzzRequest.from_parse_options(options)
def __allvars_gen(self, dic):
for payload in dic:
for r in FuzzRequest.from_all_fuzz_request(self.seed, payload):
yield r
def __allvars_gen(self, dic): for payload in dic: for r in FuzzRequest.from_all_fuzz_request(self.seed, payload): yield r
