コード例 #1
0
    def _fallback_check(self, payload, count, unknown_error_counter=0):
        PayloadResponse = collections.namedtuple(
            "PayloadResponse",
            [
                "is_injected",
                "status_code",
                "result",
                "payload",
                "payloads_count",
                "error",
            ],
        )
        status_code = None
        error = None
        logger.payload(f"{payload}")
        payload_request = prepare_payload_request(
            self, payload, unknown_error_counter=unknown_error_counter)
        url = payload_request.url
        data = payload_request.data
        regex = payload_request.regex
        headers = payload_request.headers
        try:
            response = request.inject_payload(url=url,
                                              regex=regex,
                                              data=data,
                                              headers=headers,
                                              proxy=self._proxy)
            if response.ok:
                result = response.result
                status_code = response.status_code
                error = response.error
                return PayloadResponse(
                    is_injected=True,
                    status_code=status_code,
                    result=result,
                    payload=payload,
                    payloads_count=count,
                    error=error,
                )
            else:
                status_code = response.status_code
                error = response.error
        except KeyboardInterrupt:
            logger.error("user interrupted")
            logger.end("ending")
            exit(0)

        return PayloadResponse(
            is_injected=False,
            status_code=status_code,
            result="",
            payload="",
            payloads_count=count,
            error=error,
        )
コード例 #2
0
ファイル: tables.py プロジェクト: r0oth3x49/Xpath
    def _extract_tbls(self, payloads, database=""):
        _temp, index = [], 0
        Response = collections.namedtuple("Response", ["is_fetched", "result"])

        while index < len(payloads):
            payload = payloads[index]
            payload_request = prepare_payload_request(self, payload)
            url = payload_request.url
            data = payload_request.data
            regex = payload_request.regex
            headers = payload_request.headers
            try:
                response = request.inject_payload(url=url,
                                                  regex=regex,
                                                  data=data,
                                                  headers=headers,
                                                  proxy=self._proxy)
            except KeyboardInterrupt:
                logger.warning(
                    "user aborted during enumeration. Xpath will display partial output"
                )
                break
            else:
                if response.ok:
                    result = response.result
                    logger.info("retrieved: '%s'" % (result))
                    _temp.append(result)
                    retval = session.dump(
                        session_filepath=self.session_filepath,
                        query=TBLS_STATEMENT.format(tbl_name=database,
                                                    tblname=result),
                    )
                index += 1

        if _temp and len(_temp) > 0:
            _temp = list(set(_temp))
            resp = Response(is_fetched=True, result=_temp)
        else:
            resp = Response(is_fetched=True, result=_temp)
        return resp
コード例 #3
0
    def _extract_data(self,
                      payloads,
                      table=None,
                      columns=None,
                      fetched_records=None,
                      count=None):
        _temp, is_interrupted = [], False
        Response = collections.namedtuple("Response", ["is_fetched", "result"])

        for index, values in payloads.items():
            __temp = [] if not fetched_records else fetched_records
            position = 0
            while position < len(values):
                p = values[position]
                name = p.get("column")
                payload = p.get("payload")
                payload_request = prepare_payload_request(self, payload)
                url = payload_request.url
                data = payload_request.data
                regex = payload_request.regex
                headers = payload_request.headers
                try:
                    response = request.inject_payload(
                        url=url,
                        regex=regex,
                        data=data,
                        headers=headers,
                        proxy=self._proxy,
                    )
                except KeyboardInterrupt:
                    logger.warning(
                        "user aborted during enumeration. Xpath will display partial output"
                    )
                    is_interrupted = True
                    break
                else:
                    if response.ok:
                        result = response.result
                        logger.info(
                            "retrieved: '%s'" %
                            (result if result != "<blank_value>" else ""))
                        _temp.append({
                            "index": index + 1,
                            "column_name": name,
                            "column_value": result,
                        })
                        __temp.append(result)
                        table_name = f"{count}_{table}_tmp"
                        PREPARED_STATEMENT = f"INSERT INTO `{table_name}` (`index`, `column_name`, `column_value`) VALUES (?, ?, ?);"
                        retval = session.dump(
                            session_filepath=self.session_filepath,
                            query=PREPARED_STATEMENT,
                            values=(index + 1, name, result),
                        )
                    position += 1

            _ = self._save_records(table=table,
                                   column_names=columns,
                                   records=__temp,
                                   count=count)
            if is_interrupted:
                break

        if _temp and len(_temp) > 0:
            resp = Response(is_fetched=True, result=_temp)
        else:
            resp = Response(is_fetched=False, result=_temp)
        return resp
コード例 #4
0
    def _extact(self, payloads):

        PayloadResponse = collections.namedtuple(
            "PayloadResponse",
            [
                "is_injected",
                "status_code",
                "result",
                "payload",
                "payloads_count",
                "error",
            ],
        )
        payloads_count = len(payloads)
        status_code = None
        error = None
        unknown_error_counter = 0
        for payload in payloads:
            logger.payload(f"{payload}")
            payload_request = prepare_payload_request(self, payload)
            url = payload_request.url
            data = payload_request.data
            regex = payload_request.regex
            headers = payload_request.headers
            try:
                response = request.inject_payload(url=url,
                                                  regex=regex,
                                                  data=data,
                                                  headers=headers,
                                                  proxy=self._proxy)
            except KeyboardInterrupt:
                logger.error("user interrupted")
                logger.end("ending")
                exit(0)
            except:
                unknown_error_counter += 1
                logger.debug(
                    "trying again the same payload with url encoding..")
                resp = self._fallback_check(
                    payload,
                    payloads_count,
                    unknown_error_counter=unknown_error_counter)
                if resp.is_injected:
                    return resp
            else:
                if response.ok:
                    result = response.result
                    status_code = response.status_code
                    error = response.error
                    return PayloadResponse(
                        is_injected=True,
                        status_code=status_code,
                        result=result,
                        payload=payload,
                        payloads_count=payloads_count,
                        error=error,
                    )
                else:
                    status_code = response.status_code
                    error = response.error
        return PayloadResponse(
            is_injected=False,
            status_code=status_code,
            result="",
            payload="",
            payloads_count=payloads_count,
            error=error,
        )