def complete_brute(self,url,body,charset,begin_str,end_str):
resultl=[]
bflist=generate_bflist(charset,begin_str,end_str)
for cur in bflist:
resultl.append(self._pool.apply_async(self._request,
args=(url.replace('@0@',cur),body.replace('@0@',cur))))
return self._get_result(resultl)
def complete_brute(self,target,charset,begin_str,end_str):
resultl=[]
bflist=generate_bflist(charset,begin_str,end_str)
for cur in bflist:
cur_target=target+cur
resultl.append(self._pool.apply_async(self._scan_target,args=(cur_target,)))
return self._get_result(resultl)
def _recur_set_payloads(self, url, body, depth):
if depth == 0:
return [
[url, body],
]
else:
ret = []
replacel = []
if len(self._args.int_payload[depth]) == 2:
with open(self._args.int_payload[depth][1]) as fp:
replacel.append(fp.readline())
else:
charset = self._args.int_payload[depth][1]
replacel = generate_bflist(
charset,
self._args.int_payload[depth][2][0] * charset[0],
self._args.int_payload[depth][2][1] * charset[-1],
)
# recursion
for curre in replacel:
ret.extend(
self._recur_set_payloads(
url.replace('@' + str(depth) + '@', curre),
body.replace('@' + str(depth) + '@', curre),
depth - 1))
return ret
def complete_brute(self, target, charset, begin_str, end_str):
resultl = []
bflist = generate_bflist(charset, begin_str, end_str)
for cur in bflist:
cur_target = cur + '.' + target
resultl.append(
self._pool.apply_async(self._scan_target, args=(cur_target, )))
return self._get_result(resultl)
def _recur_set_payloads(self,url,body,depth):
if depth==0:
return [[url,body],]
else:
ret=[]
replacel=[]
if len(self._args.int_payload[depth])==2:
with open(self._args.int_payload[depth][1]) as fp:
replacel.append(fp.readline())
else:
charset=self._args.int_payload[depth][1]
replacel=generate_bflist(charset,
self._args.int_payload[depth][2][0]*charset[0],
self._args.int_payload[depth][2][1]*charset[-1],)
# recursion
for curre in replacel:
ret.extend(self._recur_set_payloads(
url.replace('@'+str(depth)+'@',curre),
body.replace('@'+str(depth)+'@',curre),
depth-1)
)
return ret
def generate_compbrute_subtask(targetlist, len_interval, charset, granularity):
"""
Format:
target|comp|charset|begin_str|end_str
"""
# convert granularity
granularity += 2
# parse interval of subdomain name length
minlen, maxlen = parse_digital_interval(len_interval)
# parse char set
charset = parse_charset(charset)
subtasklist = []
for cur_target in targetlist:
begin_str = ''
if maxlen < granularity:
begin_str = minlen * charset[0]
end_str = maxlen * charset[-1]
task = '|'.join([cur_target, 'comp', charset, begin_str, end_str])
subtasklist.append(task)
continue
if minlen < granularity:
begin_str = minlen * charset[0]
end_str = (granularity - 1) * charset[-1]
task = '|'.join([cur_target, 'comp', charset, begin_str, end_str])
subtasklist.append(task)
bflist = generate_bflist(charset, charset[0],
(maxlen - granularity + 1) * charset[-1])
for pre_str in bflist:
begin_str = pre_str + (granularity - 1) * charset[0]
end_str = pre_str + (granularity - 1) * charset[-1]
task = '|'.join([cur_target, 'comp', charset, begin_str, end_str])
subtasklist.append(task)
return subtasklist