def fimapapi(p_url):
result = []
config = {
'p_doDotTruncation': False,
'p_dot_trunc_step': 50,
'p_googlesleep': 5,
'p_rfi_encode': None,
'p_pages': 10,
'p_monkeymode': False,
'p_depth': 1,
'p_list': None,
'p_proxy': None,
'p_mode': 0,
'p_skiponerror': False,
'p_query': None,
'p_dot_trunc_only_win': True,
'header': {},
'p_exploit_domain': None,
'force-run': False,
'p_exploit_script_id': None,
'p_exploit_payload': None,
'p_dot_trunc_min': 700,
'p_multiply_term': 1,
'force-os': None,
'p_dot_trunc_ratio': 0.095,
'p_write': None,
'p_verbose': 2,
'p_dot_trunc_max': 2000,
'p_ttl': 30,
'p_skippages': 0,
'p_useragent': 'fimap.googlecode.com/v1.00_svn (My life for Aiur)',
'p_post': '',
'p_maxtries': 5,
'p_results_per_query': 100,
'p_color': False,
'p_bingkey': None,
'p_mergexml': None,
'p_exploit_filter': '',
'p_exploit_cmds': None,
'p_tabcomplete': False,
'p_autolang': True
}
config["p_url"] = p_url
xmlsettings = language.XML2Config(config)
config["XML2CONFIG"] = xmlsettings
plugman = plugininterface(config)
config["PLUGINMANAGER"] = plugman
if (config["p_mode"] == 0):
single = singleScan(config)
single.setURL(config["p_url"])
result = single.scan()
return result
# fimapapi("http://127.0.0.1:88/sqlgun/sqlgun/fltest.php?file=xss.php")
# print sys.path[0]
# Setup possibly changed engine settings.
if (blind_min != None):
xmlsettings.blind_min = blind_min
print "Overwriting 'blind_min' setting to %s..." %(blind_min)
if (blind_max != None):
xmlsettings.blind_max = blind_max
print "Overwriting 'blind_max' setting to %s..." %(blind_max)
config["XML2CONFIG"] = xmlsettings
plugman = plugininterface(config)
config["PLUGINMANAGER"] = plugman
if startExploiter:
try:
list_results(onlyExploitable=showOnlyExploitable)
except KeyboardInterrupt:
print "\n\nYou killed me brutally. Wtf!\n\n"
sys.exit(0)
except getopt.GetoptError, err:
print (err)
sys.exit(1)
if (doUpdateDef):
xmlconfig = config["XML2CONFIG"]
def main(self, arg):
'''
Main method of the class.
Note that it's just a name unlike java...
See below for the entry point of the program.
#If no arg are passed to main, we grab argv from main.py wrapper.
#Argv is a list of args.
'''
#FIMAP Comment : User variables
self.mainconfig["p_url"] = None
self.mainconfig["p_mode"] = 0 # 0=single ; 1=mass ; 2=google ; 3=crawl ; 4=autoawesome
self.mainconfig["p_list"] = None
self.mainconfig["p_verbose"] = 2
self.mainconfig["p_useragent"] = "fimap.googlecode.com/"
self.mainconfig["p_pages"] = 10
self.mainconfig["p_query"] = None
self.mainconfig["p_exploit_filter"] = ""
self.mainconfig["p_write"] = None
self.mainconfig["p_depth"] = 1
self.mainconfig["p_maxtries"] = 5
self.mainconfig["p_skippages"] = 0
self.mainconfig["p_monkeymode"] = False
self.mainconfig["p_doDotTruncation"] = False
self.mainconfig["p_dot_trunc_min"] = 700
self.mainconfig["p_dot_trunc_max"] = 2000
self.mainconfig["p_dot_trunc_step"] = 50
self.mainconfig["p_dot_trunc_ratio"] = 0.095
self.mainconfig["p_dot_trunc_only_win"] = True
self.mainconfig["p_proxy"] = None
self.mainconfig["p_ttl"] = 30
self.mainconfig["p_post"] = ""
self.mainconfig["p_autolang"] = True
self.mainconfig["p_color"] = False
self.mainconfig["p_mergexml"] = None
self.mainconfig["p_results_per_query"] = 100
self.mainconfig["p_googlesleep"] = 5
self.mainconfig["p_tabcomplete"] = False
self.mainconfig["p_multiply_term"] = 1
self.mainconfig["header"] = {}
self.mainconfig["force-run"] = False
self.mainconfig["force-os"] = None
self.mainconfig["p_rfi_encode"] = None
doPluginsShow = False
doRFITest = False
doInternetInfo = False
doInstallPlugins = False
doMergeXML = False
blind_min = None
blind_max = None
# Check that there is no empty arg.
if (len(arg) < 1):
#show_help(True)
# Show help if were found keys: -h or --help
if arg[0] == '-h' or arg[0] == '--help':
self.show_help(True)
else:
print "Use -h or --help for some help."
sys.exit(0)
try:
longSwitches = ["url=" , "mass" , "single" , "list=" , "verbose=" , "help",
"user-agent=" , "query=" , "google" , "pages=" , "credits" , "exploit",
"harvest" , "write=" , "depth=" , "greetings" , "test-rfi" , "skip-pages=",
"show-my-ip" , "enable-blind", "http-proxy=" , "ttl=" , "post=" , "no-auto-detect",
"plugins" , "enable-color", "merge-xml=" , "install-plugins" , "results=",
"googlesleep=" , "dot-truncation", "dot-trunc-min=", "dot-trunc-max=", "dot-trunc-step=", "dot-trunc-ratio=",
"tab-complete" , "cookie=" , "bmin=" , "bmax=" , "dot-trunc-also-unix", "multiply-term=",
"autoawesome" , "force-run" , "force-os=" , "rfi-encoder=", "header="]
#The getopt is the standard python module for parsing args
#(see python reference documentation : http://docs.python.org/lib/module-getopt.html)
#Here we search for args beginning with s,k,f,x,d,t,c,w,e,o that need a value, and args h,v,n
#The list(inside []), refers to the long options.
#
# argv[1:] returns a list that begins with element 1 of argv
# exemple : argv = ['a','b','c']
# argv[1:] will be ['b','c']
# argv[2:] will be ['c']
#
#The getopt returns a tuple.
#Here, opts is a list of tuple containing the options type and the values
#args is the extra paramaters
#For exemple :
# opts, args = getopt.getopt(['-h','-s','10','url'],"u:msl:v:hA:gq:p:sxHw:d:bP:CIDTM:4R:")
#will return
# opts = [('-h',''),('-s','10')]
# args = ['url']
optlist, args = getopt.getopt(arg, "u:msl:v:hA:gq:p:sxHw:d:bP:CIDTM:4R:", longSwitches)
startExploiter = False
# Here we check options returned in by getopt
# we make a for statement on this list
# o and a are iterator on option type and args values
# for exemple if optlist = [('-h',''),('-s','3')]
# first loop : v = '-h' and a= ''
# second loop : v = '-s' and a='3'
# Options are registered in member class variables.
for k,v in optlist:
if (k in ("-u", "--url")):
self.mainconfig["p_url"] = v
if (k in ("-s", "--single")):
self.mainconfig["p_mode"] = 0
if (k in ("-m", "--mass")):
self.mainconfig["p_mode"] = 1
if (k in ("-g", "--google")):
self.mainconfig["p_mode"] = 2
if (k in ("-H", "--harvest")):
self.mainconfig["p_mode"] = 3
if (k in ("-4", "--autoawesome")):
self.mainconfig["p_mode"] = 4
if (k in ("-l", "--list")):
self.mainconfig["p_list"] = v
if (k in ("-q", "--query")):
self.mainconfig["p_query"] = v
if (k in ("-v", "--verbose")):
self.mainconfig["p_verbose"] = int(v)
if (k in ("-p", "--pages")):
self.mainconfig["p_pages"] = int(v)
if (k in ("--results",)):
self.mainconfig["p_results_per_query"] = int(v)
if (k in ("--googlesleep",)):
self.mainconfig["p_googlesleep"] = int(v)
if (k in ("-A", "--user-agent")):
self.mainconfig["p_useragent"] = v
if (k in ("--http-proxy",)):
self.mainconfig["p_proxy"] = v
if (k in ("-w", "--write")):
self.mainconfig["p_write"] = v
if (k in ("-d", "--depth")):
self.mainconfig["p_depth"] = int(v)
if (k in ("--ttl",)):
self.mainconfig["p_ttl"] = int(v)
if (k in ("-h", "--help")):
self.show_help(True)
if (k in ("--test-rfi",)):
doRFITest = True
if (k in ("-b", "--enable-blind")):
self.mainconfig["p_monkeymode"] = True
if (k in ("-D", "--dot-truncation")):
self.mainconfig["p_doDotTruncation"] = True
if (k in ("-C", "--enable-color")):
self.mainconfig["p_color"] = True
if (k in ("--skip-pages",)):
self.mainconfig["p_skippages"] = int(v)
if (k in ("--show-my-ip",)):
doInternetInfo = True
if (k in("-x", "--exploit")):
startExploiter = True
if (k in ("-P", "--post")):
self.mainconfig["p_post"] = v
if (k in ("--no-auto-detect", )):
self.mainconfig["p_autolang"] = False
if (k in ("--plugins",)):
doPluginsShow = True
if (k in ("-I", "--install-plugins")):
doInstallPlugins = True
if (k in ("--merge-xml",)):
doMergeXML = True
self.mainconfig["p_mergexml"] = v
if (k in ("--dot-trunc-min",)):
self.mainconfig["p_dot_trunc_min"] = int(v)
if (k in ("--dot-trunc-max",)):
self.mainconfig["p_dot_trunc_max"] = int(v)
if (k in ("--dot-trunc-step",)):
self.mainconfig["p_dot_trunc_step"] = int(v)
if (k in ("--dot-trunc-ratio",)):
self.mainconfig["p_dot_trunc_ratio"] = float(v)
if (k in ("--dot-trunc-also-unix",)):
self.mainconfig["p_dot_trunc_only_win"] = False
if (k in ("-T", "--tab-complete")):
self.mainconfig["p_tabcomplete"] = True
if (k in ("-M", "--multiply-term")):
self.mainconfig["p_multiply_term"] = int(v)
if (k in ("--cookie",)):
self.mainconfig["header"]["Cookie"] = v
if (k in ("--header",)):
head = None
value = ""
if (v.find(":") == -1):
head = v
else:
head = v.split(":")[0]
value = ":".join(v.split(":")[1:])
self.mainconfig["header"][head] = value
if (k in ("--bmin",)):
blind_min = int(v)
if (k in ("--bmax",)):
blind_max = int(v)
if (k in ("--force-run",)):
self.mainconfig["force-run"] = True
if (k in ("--force-os",)):
self.mainconfig["force-os"] = v
if (k in ("--rfi-encoder")):
self.mainconfig["p_rfi_encode"] = v
#if (k in("-f", "--exploit-filter")):
# self.mainconfig["p_exploit_filter"] = v
# Create instance of class codeinjector and pass the param
xmlsettings = language.XML2Config(self.mainconfig)
# Ape style lockfile. But it works! :)
lockFound = False
curlockfile = None
# Check if another process of fimap is already runned. If so, exit with error message.
# Otherwise create new lockfile
for f in os.listdir(tempfile.gettempdir()):
if f.startswith("fimap_") and f.endswith("_lockfile"):
lockFound = True
curlockfile = f
break
# Only one instance of fimap can be run
if (lockFound):
if (self.mainconfig["force-run"] == True):
print "Another fimap instance is running! But you requested to ignore that..."
else:
print "Another fimap instance is already running!"
print "If you think this is not correct please delete the following file:"
print "-> " + os.path.join(tempfile.gettempdir(), curlockfile)
print "or start fimap with '--force-run' on your own risk."
sys.exit(0)
else:
lockfile = tempfile.NamedTemporaryFile(prefix="fimap_", suffix="_lockfile")
# Setup possibly changed engine settings.
if (blind_min != None):
xmlsettings.blind_min = blind_min
print "Overwriting 'blind_min' setting to %s..." %(blind_min)
if (blind_max != None):
xmlsettings.blind_max = blind_max
print "Overwriting 'blind_max' setting to %s..." %(blind_max)
self.mainconfig["XML2CONFIG"] = xmlsettings
# Create instance of class plugininterface and pass the param
plugman = plugininterface(self.mainconfig)
self.mainconfig["PLUGINMANAGER"] = plugman
# If startExploiter is True then call method self.list_results()
if startExploiter:
try:
self.list_results()
except KeyboardInterrupt:
print "\n\nYou killed me brutally.\n\n"
sys.exit(0)
# This is raised when an unrecognized option is found in the argument list or when an option requiring
# an argument is given none. The argument to the exception is a string indicating the cause of the error.
except getopt.GetoptError, err:
print (err)
# Exit with error code 1
sys.exit(1)
sys.exit(0)
else:
lockfile = tempfile.NamedTemporaryFile(prefix="fimap_",
suffix="_lockfile")
# Setup possibly changed engine settings.
if (blind_min != None):
xmlsettings.blind_min = blind_min
print("Overwriting 'blind_min' setting to %s..." % (blind_min))
if (blind_max != None):
xmlsettings.blind_max = blind_max
print("Overwriting 'blind_max' setting to %s..." % (blind_max))
config["XML2CONFIG"] = xmlsettings
plugman = plugininterface(config)
config["PLUGINMANAGER"] = plugman
if startExploiter:
try:
list_results(onlyExploitable=showOnlyExploitable)
except KeyboardInterrupt:
print("\n\nYou killed me brutally. Wtf!\n\n")
sys.exit(0)
except getopt.GetoptError as err:
print(err)
sys.exit(1)
if (doUpdateDef):
xmlconfig = config["XML2CONFIG"]