def browser_verification(page): if not settings.BROWSER_VERIFICATION and re.search(r"(?i)browser.?verification", page or ""): settings.BROWSER_VERIFICATION = True warn_msg = "Potential browser verification protection mechanism detected" if re.search(r"(?i)CloudFlare", page): warn_msg += " (CloudFlare)." else: warn_msg += "." print settings.print_bold_warning_msg(warn_msg)
def browser_verification(page): if not settings.BROWSER_VERIFICATION and re.search(r"(?i)browser.?verification", page or ""): settings.BROWSER_VERIFICATION = True warn_msg = "Potential browser verification protection mechanism detected" if re.search(r"(?i)CloudFlare", page): warn_msg += " (CloudFlare)." else: warn_msg += "." print settings.print_bold_warning_msg(warn_msg)
def captcha_check(page): if not settings.CAPTCHA_DETECED and re.search(r"(?i)captcha", page or ""): for match in re.finditer(r"(?si)<form.+?</form>", page): if re.search(r"(?i)captcha", match.group(0)): settings.CAPTCHA_DETECED = True warn_msg = "Potential CAPTCHA protection mechanism detected" if re.search(r"(?i)<title>[^<]*CloudFlare", page): warn_msg += " (CloudFlare)." else: warn_msg += "." print settings.print_bold_warning_msg(warn_msg) break
def captcha_check(page): if not settings.CAPTCHA_DETECED and re.search(r"(?i)captcha", page or ""): for match in re.finditer(r"(?si)<form.+?</form>", page): if re.search(r"(?i)captcha", match.group(0)): settings.CAPTCHA_DETECED = True warn_msg = "Potential CAPTCHA protection mechanism detected" if re.search(r"(?i)<title>[^<]*CloudFlare", page): warn_msg += " (CloudFlare)." else: warn_msg += "." print settings.print_bold_warning_msg(warn_msg) break
def python_version(): PYTHON_VERSION = sys.version.split()[0] if PYTHON_VERSION >= "3" or PYTHON_VERSION < "2.7": warn_msg = "Python version " warn_msg += PYTHON_VERSION + " detected. " warn_msg += "You are advised to use Python version 2.7.x." print("\n" + settings.print_bold_warning_msg(warn_msg))
def python_version(): PYTHON_VERSION = sys.version.split()[0] if PYTHON_VERSION.split(".")[0] != "3": warn_msg = "Deprecated Python version detected: " warn_msg += PYTHON_VERSION + ". " warn_msg += "You are advised to use Python version 3." print("\n" + settings.print_bold_warning_msg(warn_msg))
def blocked_ip(page): if re.search(settings.BLOCKED_IP_REGEX, page): warn_msg = "It appears that you have been blocked by the target server." print(settings.print_bold_warning_msg(warn_msg))
def blocked_ip(page): if re.search(settings.BLOCKED_IP_REGEX, page): warn_msg = "It appears that you have been blocked by the target server." print settings.print_bold_warning_msg(warn_msg)
def estimate_response_time(url, timesec): stored_auth_creds = False if settings.VERBOSITY_LEVEL != 0: debug_msg = "Estimating the target URL response time. " sys.stdout.write(settings.print_debug_msg(debug_msg)) sys.stdout.flush() # Check if defined POST data if menu.options.data: request = _urllib.request.Request(url, menu.options.data.encode(settings.UNICODE_ENCODING)) else: url = parameters.get_url_part(url) request = _urllib.request.Request(url) headers.do_check(request) start = time.time() try: response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT) response.read(1) response.close() except _urllib.error.HTTPError as err: ignore_start = time.time() if settings.UNAUTHORIZED_ERROR in str(err) and menu.options.ignore_code == settings.UNAUTHORIZED_ERROR: pass else: if settings.VERBOSITY_LEVEL != 0: print(settings.SPACE) err_msg = "Unable to connect to the target URL" try: err_msg += " (Reason: " + str(err.args[0]).split("] ")[-1].lower() + ")." except IndexError: err_msg += " (" + str(err) + ")." print(settings.print_critical_msg(err_msg)) # Check for HTTP Error 401 (Unauthorized). if str(err.getcode()) == settings.UNAUTHORIZED_ERROR: try: # Get the auth header value auth_line = err.headers.get('www-authenticate', '') # Checking for authentication type name. auth_type = auth_line.split()[0] settings.SUPPORTED_HTTP_AUTH_TYPES.index(auth_type.lower()) # Checking for the realm attribute. try: auth_obj = re.match('''(\w*)\s+realm=(.*)''', auth_line).groups() realm = auth_obj[1].split(',')[0].replace("\"", "") except: realm = False except ValueError: err_msg = "The identified HTTP authentication type (" + str(auth_type) + ") " err_msg += "is not yet supported." print(settings.print_critical_msg(err_msg) + "\n") raise SystemExit() except IndexError: err_msg = "The provided pair of " + str(menu.options.auth_type) err_msg += " HTTP authentication credentials '" + str(menu.options.auth_cred) + "'" err_msg += " seems to be invalid." print(settings.print_critical_msg(err_msg)) raise SystemExit() if menu.options.auth_type and menu.options.auth_type != auth_type.lower(): if checks.identified_http_auth_type(auth_type): menu.options.auth_type = auth_type.lower() else: menu.options.auth_type = auth_type.lower() # Check for stored auth credentials. if not menu.options.auth_cred: try: stored_auth_creds = session_handler.export_valid_credentials(url, auth_type.lower()) except: stored_auth_creds = False if stored_auth_creds and not menu.options.ignore_session: menu.options.auth_cred = stored_auth_creds info_msg = "Identified a previously stored valid pair of credentials '" info_msg += menu.options.auth_cred + Style.RESET_ALL + Style.BRIGHT + "'." print(settings.print_bold_info_msg(info_msg)) else: # Basic authentication if menu.options.auth_type == "basic": if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR: warn_msg = menu.options.auth_type.capitalize() + " " warn_msg += "HTTP authentication credentials are required." print(settings.print_warning_msg(warn_msg)) while True: if not menu.options.batch: question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > " do_update = _input(settings.print_question_msg(question_msg)) else: do_update = "" if len(do_update) == 0: do_update = "Y" if do_update in settings.CHOICE_YES: auth_creds = authentication.http_auth_cracker(url, realm) if auth_creds != False: menu.options.auth_cred = auth_creds settings.REQUIRED_AUTHENTICATION = True break else: raise SystemExit() elif do_update in settings.CHOICE_NO: checks.http_auth_err_msg() elif do_update in settings.CHOICE_QUIT: raise SystemExit() else: err_msg = "'" + do_update + "' is not a valid answer." print(settings.print_error_msg(err_msg)) pass # Digest authentication elif menu.options.auth_type == "digest": if not menu.options.ignore_code == settings.UNAUTHORIZED_ERROR: warn_msg = menu.options.auth_type.capitalize() + " " warn_msg += "HTTP authentication credentials are required." print(settings.print_warning_msg(warn_msg)) # Check if heuristics have failed to identify the realm attribute. if not realm: warn_msg = "Heuristics have failed to identify the realm attribute." print(settings.print_warning_msg(warn_msg)) while True: if not menu.options.batch: question_msg = "Do you want to perform a dictionary-based attack? [Y/n] > " do_update = _input(settings.print_question_msg(question_msg)) else: do_update = "" if len(do_update) == 0: do_update = "Y" if do_update in settings.CHOICE_YES: auth_creds = authentication.http_auth_cracker(url, realm) if auth_creds != False: menu.options.auth_cred = auth_creds settings.REQUIRED_AUTHENTICATION = True break else: raise SystemExit() elif do_update in settings.CHOICE_NO: checks.http_auth_err_msg() elif do_update in settings.CHOICE_QUIT: raise SystemExit() else: err_msg = "'" + do_update + "' is not a valid answer." print(settings.print_error_msg(err_msg)) pass else: checks.http_auth_err_msg() else: raise SystemExit() ignore_end = time.time() start = start - (ignore_start - ignore_end) except socket.timeout: if settings.VERBOSITY_LEVEL != 0: print(settings.SPACE) err_msg = "The connection to target URL has timed out." print(settings.print_critical_msg(err_msg) + "\n") raise SystemExit() except _urllib.error.URLError as err_msg: if settings.VERBOSITY_LEVEL != 0: print(settings.SPACE) print(settings.print_critical_msg(str(err_msg.args[0]).split("] ")[1] + ".")) raise SystemExit() except ValueError as err_msg: if settings.VERBOSITY_LEVEL != 0: print(settings.SPACE) print(settings.print_critical_msg(str(err_msg) + ".")) raise SystemExit() end = time.time() diff = end - start if int(diff) < 1: if settings.VERBOSITY_LEVEL != 0 and stored_auth_creds == False: print(settings.SPACE) url_time_response = int(diff) if settings.TARGET_OS == "win": warn_msg = "Due to the relatively slow response of 'cmd.exe' in target " warn_msg += "host, there may be delays during the data extraction procedure." print(settings.print_warning_msg(warn_msg)) else: if settings.VERBOSITY_LEVEL != 0: print(settings.SPACE) url_time_response = int(round(diff)) warn_msg = "The estimated response time is " + str(url_time_response) warn_msg += " second" + "s"[url_time_response == 1:] + ". That may cause" if url_time_response >= 3: warn_msg += " serious" warn_msg += " delays during the data extraction procedure" if url_time_response >= 3: warn_msg += " and/or possible corruptions over the extracted data" warn_msg += "." print(settings.print_bold_warning_msg(warn_msg)) if int(timesec) == int(url_time_response): timesec = int(timesec) + int(url_time_response) else: timesec = int(timesec) # Against windows targets (for more stability), add one extra second delay. if settings.TARGET_OS == "win" : timesec = timesec + 1 return timesec, url_time_response