def run(self): """ Run thread """ req_func = getattr(dns.query, self.proto.lower()) need_retest = False while not self.done: self.last_action = int(time.time()) if self.delay: time.sleep(self.delay) try: if not need_retest: check_host = self.queue.get() if not self.is_valid_hostname(check_host): continue self.check_name = self.template.replace( self.msymbol, check_host) query = dns.message.make_query(self.check_name, self.zone) try: result = req_func(query, self.dns_srv, timeout=5) ErrorsCounter.flush() except EOFError: ErrorsCounter.up() time.sleep(3) need_retest = True break except BaseException as e: if self.is_dns_retest_need(str(e)): time.sleep(3) need_retest = True continue raise e self.current_response_text = str(result.to_text()) response = self.re['ns_resp'].search(result.to_text()) if response is not None: if self.zone == 'A': self.parse_zone_a(response) elif self.zone == 'CNAME': self.parse_zone_cname(result) else: raise WSException("Wrong dns zone '{0}'".format( self.zone)) if len(self.result) >= int(Registry().get('config')['main'] ['positive_limit_stop']): Registry().set('positive_limit_stop', True) need_retest = False self.counter.up() except queue.Empty: self.done = True break except dns.exception.Timeout: need_retest = True time.sleep(1) except BaseException as e: self.logger.ex(e) self.logger.log("Exception with {0}".format(self.dns_srv)) time.sleep(5)
def run(self): """ Run thread """ req_func = getattr(self.http, self.method) need_retest = False while not self.done: self.last_action = int(time.time()) if self.delay: time.sleep(self.delay) try: if not need_retest: url = self.queue.get() for header in self.headers: header_log_str = header.lower() + ": " + Registry().get( 'fuzzer_evil_value') try: resp = req_func( url, headers={ header.lower(): Registry().get('fuzzer_evil_value') }, ) print("{0} {1} {2}".format( resp.text, header, Registry().get('fuzzer_evil_value'))) ErrorsCounter.flush() except ConnectionError: ErrorsCounter.up() need_retest = True self.http.change_proxy() continue if self.is_retest_need(url, resp): time.sleep(self.retest_delay) need_retest = True resp.close() continue if resp is None: continue if 499 < resp.status_code < 600: item_data = { "url": url, "words": ["{0} Status code".format(resp.status_code)], "header": header } self.result.append(item_data) self.xml_log(item_data) resp.close() continue found_words = [] for bad_word in self.bad_words: if resp.text.lower().count(bad_word): found_words.append(bad_word) self.test_log(url + " " + header, resp, len(found_words) > 0) if len(found_words): item_data = { "url": url, "words": found_words, "header": header } self.result.append({ "url": url, "words": found_words, "header": header }) self.xml_log(item_data) self.log_item( "_".join(found_words), self.build_positive_log_str(url, header_log_str, found_words, resp), len(found_words) > 0) self.counter.up() self.check_positive_limit_stop(self.result) resp.close() need_retest = False except queue.Empty: self.done = True break except BaseException as e: print(url + " " + str(e))
def run(self): """ Run thread """ req_func = getattr(self.http, self.method) need_retest = False word = False while not self.done: self.last_action = int(time.time()) if self.delay: time.sleep(self.delay) try: if not need_retest: word = self.queue.get() if self.ignore_word(word): continue try: hostname = self.template.replace(self.mask_symbol, word) except UnicodeDecodeError: self.logger.log( "URL build error (UnicodeDecodeError) with word '{0}', skip it" .format(pprint.pformat(word)), _print=False) continue try: resp = req_func(self.protocol + "://" + self.ip, headers={'host': hostname}) ErrorsCounter.flush() except ConnectionError: ErrorsCounter.up() if not self.is_test(): need_retest = True self.http.change_proxy() continue self.test_log(hostname, None, False) continue if self.is_retest_need(word, resp): time.sleep(self.retest_delay) need_retest = True resp.close() continue positive_item = False if self.is_poitive_item(resp): positive_item = True self.result.append(hostname) self.xml_log({'hostname': hostname}) self.log_item(word, resp, True) self.test_log(hostname, resp, positive_item) self.check_positive_limit_stop(self.result) need_retest = False self.counter.up() resp.close() except queue.Empty: self.done = True break except ChunkedEncodingError as e: self.logger.ex(e) except BaseException as e: import traceback traceback.format_exc() print(e) try: if str(e).count('Cannot connect to proxy'): need_retest = True else: self.logger.ex(e) except UnicodeDecodeError: pass except UnboundLocalError: self.logger.ex(e)
def run(self): """ Run thread """ need_retest = False word = False while not self.done and not self.is_pass_found(): try: self.last_action = int(time.time()) if self.delay: time.sleep(self.delay) if not need_retest: word = self.queue.get() if self.ignore_word(word): continue try: resp = self.http.get(self.url, auth=(self.login, word)) ErrorsCounter.flush() except ConnectionError: ErrorsCounter.up() need_retest = True self.http.change_proxy() continue if self.is_retest_need(word, resp): time.sleep(self.retest_delay) need_retest = True resp.close() continue positive_item = False if self.is_positive(resp): positive_item = True item_data = {'word': word, 'content': resp.text, 'size': get_response_size(resp)} self.result.append(item_data) self.xml_log(item_data) self.logger.log("F", False) self.log_item(word, resp, positive_item) self.check_positive_limit_stop(self.result) self.test_log(word, resp, positive_item) if positive_item and int(self.first_stop): self.done = True self.set_pass_found(True) break need_retest = False self.counter.up() resp.close() except queue.Empty: self.done = True break except ChunkedEncodingError as e: self.logger.ex(e) except BaseException as e: try: if str(e).count('Cannot connect to proxy'): need_retest = True else: self.logger.log(str(word) + " " + str(e)) except UnicodeDecodeError: pass except UnboundLocalError: self.logger.ex(e) finally: pass
def run(self): """ Run thread """ need_retest = False while not self.done: self.last_action = int(time.time()) if self.delay: time.sleep(self.delay) try: if not need_retest: params_count, params_str = self.build_params_str() try: resp = self.request_params(params_str) ErrorsCounter.flush() except ConnectionError: ErrorsCounter.up() need_retest = True self.http.change_proxy() continue if resp.status_code == 414: self.logger.log( "414 response code, very long url, it mean value of --max-param-length too high" ) if self.is_retest_need(params_str, resp): time.sleep(self.retest_delay) need_retest = True resp.close() continue positive_item = False if self.is_response_right(resp): param_found = False for one_param in self.split_params(params_str): try: resp = self.request_params(one_param) except ConnectionError: need_retest = True self.http.change_proxy() continue if self.is_response_right(resp): self.result.append(self.param_str_repr(one_param)) self.xml_log( {'param': self.param_str_repr(one_param)}) param_found = True found_item = self.param_str_repr(one_param) break if param_found is False: self.xml_log( {'param': self.param_str_repr(params_str)}) self.result.append(self.param_str_repr(params_str)) found_item = self.param_str_repr(params_str) positive_item = True self.log_item(found_item, resp, positive_item) self.test_log(params_str, resp, positive_item) self.check_positive_limit_stop(self.result) need_retest = False for _ in range(0, params_count): self.counter.up() resp.close() except queue.Empty: self.done = True break except ChunkedEncodingError as e: self.logger.ex(e) except BaseException as e: try: if str(e).count('Cannot connect to proxy'): need_retest = True else: self.logger.ex(e) except UnicodeDecodeError: pass except UnboundLocalError: self.logger.ex(e)
def run(self): """ Run thread """ req_func = getattr(self.http, self.method) need_retest = False word = False while not self.done: self.last_action = int(time.time()) if self.delay: time.sleep(self.delay) try: if not need_retest: word = self.queue.get() if not len(word.strip()) or ( self.ignore_words_re and self.ignore_words_re.findall(word)): continue try: url = self.template.replace(self.mask_symbol, word) except UnicodeDecodeError: self.logger.log( "URL build error (UnicodeDecodeError) with word '{0}', skip it" .format(pprint.pformat(word)), _print=False) continue rtime = int(time.time()) positive_item = False try: resp = req_func(url) ErrorsCounter.flush() except ConnectionError as ex: ErrorsCounter.up() if self.not_found_ex is not False and str(ex).count( self.not_found_ex): positive_item = False self.log_item(word, str(ex), positive_item) elif not self.is_test(): need_retest = True self.http.change_proxy() self.test_log(url, None, False) continue if self.is_retest_need(word, resp): time.sleep(self.retest_delay) need_retest = True resp.close() continue if self.is_response_right(resp): item_data = { 'url': url, 'code': resp.status_code, 'time': int(time.time()) - rtime } self.result.append(item_data) self.xml_log(item_data) positive_item = True self.test_log(url, resp, positive_item) self.log_item(word, resp, positive_item) self.check_positive_limit_stop(self.result) need_retest = False resp.close() self.counter.up() except queue.Empty: self.done = True break except ChunkedEncodingError as e: self.logger.ex(e) except BaseException as e: try: if str(e).count('Cannot connect to proxy'): need_retest = True else: self.logger.ex(e) except UnicodeDecodeError: pass except UnboundLocalError: self.logger.ex(e)