def calculate_eta(self, input_speed, output_speed, queue_size, _type):
"""
Do our best effort to calculate the ETA for a specific queue
for which we have the input speed, output speed and current
size.
:param input_speed: The speed at which items are added to the queue
:param output_speed: The speed at which items are read from the queue
:param queue_size: The current queue size
:param _type: The type of ETA we're calculating
:return: A string with an ETA, None if one of the parameters is None.
"""
if input_speed is None or output_speed is None:
return None
if input_speed >= output_speed:
# This is a tricky case. The input speed is greater than
# the output speed, which means that at this rate we will
# never end.
#
# The good news is that this situation will eventually change,
# and the output speed will be greater.
#
# For this case we still want to give our best guess.
#
# The ETA will be calculated like:
#
# ETA = T(queued) + T(new) * 2
#
# Where:
#
# * T(queued) is the time it will take to consume the
# already queued items.
#
# * T(new) is te time it will take to consume the new items
# that will appear in the queue while we solve T(queued)
#
# * 2 is our way of saying: we're not sure how much time this
# will take, go have a coffee and come back later.
t_queued = queue_size / output_speed
t_new = input_speed * t_queued / output_speed * 2
eta_minutes = t_queued + t_new
else:
# This case is easier, we have an output speed which is
# greater than the input speed, so we should be able to calculate
# the ETA using:
#
# ETA = T(queued) + T(new)
#
# See above to understand what those are.
t_queued = queue_size / output_speed
t_new = input_speed * t_queued / output_speed
eta_minutes = t_queued + t_new
# Smooth with average to avoid ugly spikes in the ETAs
eta_seconds = eta_minutes * 60
eta_seconds_avg = (eta_seconds + self._eta_smooth[_type]) / 2.0
self._eta_smooth[_type] = eta_seconds
return epoch_to_string(time.time() - eta_seconds_avg)
def audit(self, freq, debugging_id=None):
"""
Tries to bruteforce a basic HTTP auth. This is not fast!
:param freq: A FuzzableRequest
:param debugging_id: The ID to use in the logs to be able to track this
call to audit(). Plugins need to send this ID to
the ExtendedUrllib to get improved logging.
"""
auth_url_list = [
i.get_url().get_domain_path()
for i in kb.kb.get('http_auth_detect', 'auth')
]
domain_path = freq.get_url().get_domain_path()
if domain_path not in auth_url_list:
return
if domain_path in self._already_tested:
return
# Save it (we don't want dups!)
self._already_tested.append(domain_path)
# Let the user know what we are doing
msg = 'Starting basic authentication bruteforce on "%s"'
om.out.information(msg % domain_path)
start = time.time()
up_generator = self._create_user_pass_generator(domain_path)
self._bruteforce(domain_path, up_generator, debugging_id)
# Finished!
took_str = epoch_to_string(start)
msg = 'Finished basic authentication bruteforce on "%s" (spent %s)'
args = (domain_path, took_str)
om.out.information(msg % args)
def get_scan_time(self):
"""
:return: The scan time in a format similar to:
3h 25m 32s
"""
return epoch_to_string(self._start_time_epoch)
def get_scan_time(self):
"""
:return: The scan time in a format similar to:
3h 25m 32s
"""
return epoch_to_string(self._start_time_epoch)
def epoch_eta_to_string(self, eta):
if eta is None:
return None
return epoch_to_string(time.time() - eta)
start = time.time()
if user_token is not None:
generator = self._create_user_pass_generator(mutant.get_url())
else:
generator = self._create_pass_generator(mutant.get_url())
self._bruteforce_pool(mutant,
login_failed_bodies,
generator,
session,
debugging_id)
# Report that we've finished.
took_str = epoch_to_string(start)
msg = 'Finished bruteforcing "%s" (spent %s)'
args = (mutant.get_url(), took_str)
om.out.information(msg % args)
def _create_new_session(self, mutant, debugging_id):
"""
Creates a new session in the xurllib. This session will be used
to send HTTP requests and brute force the login.
:param mutant: The form mutant
:return: The session ID (a string)
"""
session = self._uri_opener.get_new_session()
def epoch_eta_to_string(self, eta):
if eta is None:
return None
return epoch_to_string(time.time() - eta)
