def __init__(self, crawler, persister, logger, attack_options, stop_event): Attack.__init__(self, crawler, persister, logger, attack_options, stop_event) self.user_config_dir = self.persister.CONFIG_DIR if not os.path.isdir(self.user_config_dir): os.makedirs(self.user_config_dir)
def __init__(self, crawler, persister, logger, attack_options, stop_event): Attack.__init__(self, crawler, persister, logger, attack_options, stop_event) self.rules_to_messages = {} self.payload_to_rules = {} self.known_false_positives = defaultdict(set) self.mutator = self.get_mutator()
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.known_dirs = [] self.known_pages = [] self.new_resources = [] self.finished = False self.network_errors = 0
def __init__(self, crawler, xml_report_generator, logger, attack_options): Attack.__init__(self, crawler, xml_report_generator, logger, attack_options) user_config_dir = os.getenv('HOME') or os.getenv('USERPROFILE') user_config_dir += "/config" if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: with open(os.path.join(user_config_dir, self.NIKTO_DB)) as fd: reader = csv.reader(fd) self.nikto_db = [line for line in reader if line != [] and line[0].isdigit()] except IOError: try: print(_("Problem with local nikto database.")) print(_("Downloading from the web...")) nikto_req = web.Request("http://cirt.net/nikto/UPDATES/2.1.5/db_tests") response = self.crawler.send(nikto_req) csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\") reader = csv.reader(response.content.split("\n"), "nikto") self.nikto_db = [line for line in reader if line != [] and line[0].isdigit()] with open(os.path.join(user_config_dir, self.NIKTO_DB), "w") as fd: writer = csv.writer(fd) writer.writerows(self.nikto_db) except socket.timeout: print(_("Error downloading Nikto database"))
def __init__(self, crawler, persister, logger, attack_options, stop_event): Attack.__init__(self, crawler, persister, logger, attack_options, stop_event) self.known_dirs = [] self.known_pages = [] self.new_resources = [] self.network_errors = 0
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) user_config_dir = os.getenv("HOME") or os.getenv("USERPROFILE") user_config_dir += "/config" if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: fd = open(os.path.join(user_config_dir, self.CONFIG_FILE)) reader = csv.reader(fd) self.nikto_db = [l for l in reader if l != [] and l[0].isdigit()] fd.close() except IOError: try: print(_("Problem with local nikto database.")) print(_("Downloading from the web...")) nikto_req = HTTP.HTTPResource("http://cirt.net/nikto/UPDATES/2.1.5/db_tests") resp = self.HTTP.send(nikto_req) page = resp.getRawPage() csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\") reader = csv.reader(page.split("\n"), "nikto") self.nikto_db = [l for l in reader if l != [] and l[0].isdigit()] fd = open(os.path.join(user_config_dir, self.CONFIG_FILE), "w") writer = csv.writer(fd) writer.writerows(self.nikto_db) fd.close() except socket.timeout: print(_("Error downloading Nikto database"))
def __init__(self, crawler, persister, attack_options, stop_event): Attack.__init__(self, crawler, persister, attack_options, stop_event) self.tech_versions: Dict[Technology, List[Version]] = {} self.user_config_dir = self.persister.CONFIG_DIR if not os.path.isdir(self.user_config_dir): os.makedirs(self.user_config_dir)
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) user_config_dir = os.getenv('HOME') or os.getenv('USERPROFILE') user_config_dir += "/config" if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: fd = open(os.path.join(user_config_dir, self.CONFIG_FILE)) reader = csv.reader(fd) self.nikto_db = [l for l in reader if l != [] and l[0].isdigit()] fd.close() except IOError: try: print(_("Problem with local nikto database.")) print(_("Downloading from the web...")) nikto_req = HTTP.HTTPResource("http://cirt.net/nikto/UPDATES/2.1.5/db_tests") resp = self.HTTP.send(nikto_req) page = resp.getRawPage() csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\") reader = csv.reader(page.split("\n"), "nikto") self.nikto_db = [l for l in reader if l != [] and l[0].isdigit()] fd = open(os.path.join(user_config_dir, self.CONFIG_FILE), "w") writer = csv.writer(fd) writer.writerows(self.nikto_db) fd.close() except socket.timeout: print(_("Error downloading Nikto database"))
def __init__(self, crawler, persister, attack_options, stop_event): Attack.__init__(self, crawler, persister, attack_options, stop_event) methods = "" if self.do_get: methods += "G" if self.do_post: methods += "PF" self.mutator = Mutator(methods=methods, payloads=random_string_with_flags, qs_inject=self.must_attack_query_string, skip=self.options.get("skipped_parameters"))
def __init__(self, crawler, persister, attack_options, stop_event): Attack.__init__(self, crawler, persister, attack_options, stop_event) self.user_config_dir = self.persister.CONFIG_DIR self.junk_string = "w" + "".join( [random.choice("0123456789abcdefghjijklmnopqrstuvwxyz") for __ in range(0, 5000)] ) self.parts = None if not os.path.isdir(self.user_config_dir): os.makedirs(self.user_config_dir) self.status_codes = {} self.random_string = random_string()
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) user_config_dir = self.persister.CRAWLER_DATA_DIR if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: with open(os.path.join(user_config_dir, self.WAPP_DB)) as wapp_db_file: json.load(wapp_db_file) except IOError: print(_("Problem with local wapp database.")) print(_("Downloading from the web...")) self.update()
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\") user_config_dir = os.getenv("HOME") or os.getenv("USERPROFILE") user_config_dir += "/config" if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: with open(os.path.join(user_config_dir, self.NIKTO_DB)) as fd: reader = csv.reader(fd, "nikto") self.nikto_db = [ line for line in reader if line != [] and line[0].isdigit() ] except IOError: # Disable downloading of Nikto database because the license of the file # forbids it. self.nikto_db = [] return try: print(_("Problem with local nikto database.")) print(_("Downloading from the web...")) nikto_req = web.Request( "https://raw.githubusercontent.com/sullo/nikto/master/program/databases/db_tests" ) response = self.crawler.send(nikto_req) csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\") reader = csv.reader(response.content.split("\n"), "nikto") self.nikto_db = [ line for line in reader if line != [] and line[0].isdigit() ] with open(os.path.join(user_config_dir, self.NIKTO_DB), "w") as fd: writer = csv.writer(fd, "nikto") writer.writerows(self.nikto_db) except socket.timeout: print(_("Error downloading Nikto database"))
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) empty_func = "() { :;}; " self.random_bytes = [random.choice(string.hexdigits) for _ in range(32)] bash_string = "" for c in self.random_bytes: bash_string += "\\x" + c.encode("hex_codec") cmd = "echo; echo; echo -e '{0}';".format(bash_string) self.hdrs = { "user-agent": empty_func + cmd, "referer": empty_func + cmd, "cookie": empty_func + cmd }
def __init__(self, crawler, persister, logger, attack_options, stop_event): Attack.__init__(self, crawler, persister, logger, attack_options, stop_event) empty_func = "() { :;}; " self.rand_string = "".join([random.choice(string.hexdigits) for _ in range(32)]) hex_string = hexlify(self.rand_string.encode()) bash_string = "" for i in range(0, 64, 2): bash_string += "\\x" + hex_string[i:i + 2].decode() cmd = "echo; echo; echo -e '{0}';".format(bash_string) self.hdrs = { "user-agent": empty_func + cmd, "referer": empty_func + cmd, "cookie": empty_func + cmd }
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) user_config_dir = self.persister.CRAWLER_DATA_DIR if not os.path.isdir(user_config_dir): os.makedirs(user_config_dir) try: with open(os.path.join(user_config_dir, self.NIKTO_DB)) as nikto_db_file: reader = csv.reader(nikto_db_file) self.nikto_db = [ line for line in reader if line != [] and line[0].isdigit() ] except IOError: print(_("Problem with local nikto database.")) print(_("Downloading from the web...")) self.update()
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) #self.payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) self.fd = open(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE), "r+") self.payloads = json.load(self.fd)
def __init__(self, crawler, persister, logger, attack_options, stop_event): Attack.__init__(self, crawler, persister, logger, attack_options, stop_event) # list to ensure only one occurrence per (vulnerable url/post_keys) tuple self.already_vulnerable = []
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.known_dirs = [] self.known_pages = [] self.new_resources = []
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.independant_payloads = self.loadPayloads( os.path.join(self.CONFIG_DIR, self.CONFIG_FILE))
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.finished = False
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.known_dirs = [] self.known_pages = [] self.new_resources = []
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.mutator = self.get_mutator()
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.blind_sql_payloads = self.payloads self.excluded_get = [] self.excluded_post = []
def __init__(self, crawler, persister, attack_options, stop_event): Attack.__init__(self, crawler, persister, attack_options, stop_event) if not self._is_valid_dns(attack_options.get("dns_endpoint")): self.finished = True
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options)
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.vulnerables = set() self.attacked_urls = set() self.payload_to_rules = {} self.mutator = self.get_mutator()
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator)
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.blind_sql_payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) self.excludedGET = [] self.excludedPOST = []
def __init__(self, crawler, persister, logger, attack_options): Attack.__init__(self, crawler, persister, logger, attack_options) self.rules_to_messages = {} self.payload_to_rules = {} self.known_false_positives = defaultdict(set)
def __init__(self, crawler, xml_report_generator, logger, attack_options): Attack.__init__(self, crawler, xml_report_generator, logger, attack_options) self.independant_payloads = self.payloads
def __init__(self, crawler, xml_report_generator, logger, attack_options): Attack.__init__(self, crawler, xml_report_generator, logger, attack_options)
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.blind_sql_payloads = self.loadPayloads( os.path.join(self.CONFIG_DIR, self.CONFIG_FILE)) self.excludedGET = [] self.excludedPOST = []
def __init__(self, http, xmlRepGenerator): Attack.__init__(self, http, xmlRepGenerator) self.independant_payloads = self.loadPayloads(os.path.join(self.CONFIG_DIR, self.CONFIG_FILE))