コード例 #1
0
def establishMethods(wrapper=None, dictionary=None, automate=None, simultaneous=None):
    if wrapper != None:
        methods = wrapper.getMethods()
        total = len(methods)
        counter = 0
        while counter < total:
            print "\nMethod[%s]: %s" % (counter, methods[counter])
            print "Params:"
            paramsHash = wrapper.getParamsOfMethod(methods[counter])
            for param in  paramsHash.keys():
                print "\t" + param + "(" + paramsHash[param] + ")"
            counter = counter + 1

        methodsChosen = raw_input("\nSelect the methods you want to Fuzz(ex: 0,1,2,3 or A for All)\nMethods: ")
        methodsChosen = methodsChosen.strip('\r')
        if (methodsChosen == 'A'):
            methodsArray = []
            num = 0
            for w in wrapper.getMethods():
                methodsArray.append(num)
                num += 1
        else:
            methodsArray = methodsChosen.split(',')

        pcount = 0
        for m in methodsArray:
            for p in wrapper.getParamsOfMethod(methods[int(m)]):
                pcount += 1

        if pcount > 1 and simultaneous is None:
            vars.simultaneous = raw_input("\nWould you like to attack all the chosen params simultaneously? ")
            vars.simultaneous = vars.simultaneous.strip('\r')
        elif simultaneous is None:
            vars.simultaneous = "No"
        # simultaneous mode chosen
        if y.search(vars.simultaneous):
            fuzzer.setSim(True)
            if vars.attacks is None:
                if dictionary is None:
                    dictionary = genUtils.defineDictionaryName(0)

                if automate is None:
                    automate = genUtils.getAutoAttackResponse(0)

            for methodInt in methodsArray:
                print "\nMethod: " + methods[int(methodInt)]
                method = Fuzzer.Method(methods[int(methodInt)])
                paramsHash = wrapper.getParamsOfMethod(methods[int(methodInt)])

                for param in paramsHash.keys():
                    print "\tParameter: " + param + " Type: " + paramsHash[param]

                    if vars.allparams is not None and y.search(vars.allparams):
                        fuzzChosen = 'yes'
                    else:
                        fuzzChosen = raw_input("\nWould you like to fuzz this param: ")
                        fuzzChosen = fuzzChosen.strip('\r')
                    fuzzThisParam = False

                    if vars.attacks is None:
                        fuzzer.setDictType("standard")
                        fuzzer.initObjects()
                        if y.search(automate):
                            fuzzType = Fuzzer.DictionaryFuzz(dictionary, "standard", True)
                            fuzzer.setAuto(True)
                        else:
                            fuzzType = Fuzzer.DictionaryFuzz(dictionary, "standard")
                    else:
                        fuzzType = Fuzzer.DictionaryFuzz(dictionaryType="payload")
                        fuzzer.setSaveFileName(vars.attacks)
                        fuzzType.setDictionaryFileName(vars.attacks)
                        fuzzer.setDictType("payload")

                    if (y.search(fuzzChosen)):
                        print "\tFuzzing this param"
                        fuzzThisParam = True

                    parameter = Fuzzer.Parameter(param, paramsHash[param], fuzzType, fuzzThisParam)
                    method.addParameter(parameter)
                fuzzer.addMethodToFuzz(method)
        else:
            for methodInt in methodsArray:
                print "\nMethod: " + methods[int(methodInt)]
                method = Fuzzer.Method(methods[int(methodInt)])
                paramsHash = wrapper.getParamsOfMethod(methods[int(methodInt)])
                for param in paramsHash.keys():
                    if vars.attacks is None:
                        fuzzChosen = genUtils.defineFuzzType(param)
                        fuzzThisParam = False
                        fuzzType = None
                    else:
                        fuzzChosen = 1

                    if(fuzzChosen == 0):
                        print "\nNot fuzzing this param"
                        fuzzThisParam = False
                    elif (fuzzChosen == 1):
                        print "\tFuzzing using dictionary"
                        if vars.attacks is None:
                            if dictionary is None:
                                dictionary = genUtils.defineDictionaryName(0)

                            if automate is None:
                                automate = genUtils.getAutoAttackResponse(0)

                        if vars.attacks is None:
                            fuzzer.setDictType("standard")
                            fuzzer.initObjects()
                            if y.search(automate):
                                fuzzType = Fuzzer.DictionaryFuzz(dictionary, "standard", True)
                                fuzzer.setAuto(True)
                            else:
                                fuzzType = Fuzzer.DictionaryFuzz(dictionary, "standard")
                        else:
                            fuzzType = Fuzzer.DictionaryFuzz(dictionaryType="payload")
                            fuzzer.setDictType("payload")
                            fuzzer.setSaveFileName(vars.attacks)
                            fuzzType.setDictionaryFileName(vars.attacks)

                        fuzzThisParam = True
                    elif (fuzzChosen == 2):
                        print "\nFuzzing using patterns not implemented yet\n\n"
                        sys.exit(0)
                    else:
                        print "Input not valid\n\n"
                        sys.exit(0)
                    parameter = Fuzzer.Parameter(param, paramsHash[param], fuzzType, fuzzThisParam)
                    method.addParameter(parameter)
                fuzzer.addMethodToFuzz(method)
コード例 #2
0
                fuzzType = Fuzzer.DictionaryFuzz(dictionaryType="payload")
                fuzzer.setDictType("payload")
                fuzzer.setSaveFileName(vars.attacks)
                fuzzType.setDictionaryFileName(vars.attacks)

            if (y.search(fuzzChosen)):
                print "\tFuzzing this param"
                fuzzThisParam = True

            parameter = Fuzzer.Parameter(param, None, fuzzType, fuzzThisParam)
            method.addParameter(parameter)
        fuzzer.addMethodToFuzz(method)
    else:
        for param in paramsArray:
            if vars.attacks is None:
                fuzzChosen = genUtils.defineFuzzType(param)
                fuzzThisParam = False
                fuzzType = None
            else:
                fuzzChosen = 1

            if(fuzzChosen == 0):
                print "\nNot fuzzing this param"
                fuzzThisParam = False
            elif (fuzzChosen == 1):
                print "\tFuzzing using dictionary"
                if vars.attacks is None:
                    if dictionary is None:
                        dictionary = genUtils.defineDictionaryName(0)

                    if vars.automate is None: