コード例 #1
0
ファイル: http_basic.py プロジェクト: rahmiy/yawast 
    def _get_ip(res: HTTPResponse) -> Union[str, None]:
        loc = res.getheader("Location")
        if loc is not None:
            # it's a redirect, check to see if there's an IP in it
            parsed = urlparse(loc)
            domain = utils.get_domain(parsed.netloc)

            if utils.is_ip(domain):
                # it's an IP, now, is it private?
                if utils.is_private_ip(domain):
                    return domain
                else:
                    return None

        return None
コード例 #2
0
ファイル: http_basic.py プロジェクト: rahmiy/yawast 
def _decode_big_ip_cookie(value: str) -> Union[str, None]:
    def _swap_endianness(val, bits: int = 32):
        if bits == 32:
            return struct.unpack("<I", struct.pack(">I", val))[0]
        elif bits == 16:
            return struct.unpack("<H", struct.pack(">H", val))[0]

    # regex copied from: https://github.com/rapid7/metasploit-framework
    #   /blob/6300758c46464ff5488bc49bc326ebbb1df46321
    #   /modules/auxiliary/gather/f5_bigip_cookie_disclosure.rb
    # License: BSD
    # Copyright: 2006-2018, Rapid7, Inc.
    value_pattern = (
        r"(((?:\d+\.){2}\d+)|(rd\d+o0{20}f{4}\w+o\d{1,5})|"
        r"(vi([a-f0-9]{32})\.(\d{1,5}))|"
        r"(rd\d+o([a-f0-9]{32})o(\d{1,5})))(?:$|,|;|\s)"
    )

    ret = None

    if re.match(value_pattern, value):
        # it fits the pattern
        if re.search(r"(\d{8,10})\.(\d{1,5})\.", value):
            # BIGipServerWEB=2263487148.3013.0000 - IPv4
            comps = value.split(".")
            host = socket.inet_ntop(
                socket.AF_INET,
                _swap_endianness(int(comps[0])).to_bytes(4, byteorder="big"),
            )
            port = _swap_endianness(int(comps[1]), 16)

            if utils.is_private_ip(host):
                ret = f"{host}:{port}"
        elif re.search(r"rd\d+o0{20}f{4}([a-f0-9]{8})o(\d{1,5})", value):
            # BIGipServerWEB=rd5o00000000000000000000ffffc0000201o80 - IPv4
            comps = value.split("o")
            host = socket.inet_ntop(
                socket.AF_INET, int(comps[1][24:32], 16).to_bytes(4, byteorder="big")
            )
            port = int(comps[2])

            if utils.is_private_ip(host):
                ret = f"{host}:{port}"
        elif re.search(r"vi([a-f0-9]{32})\.(\d{1,5})", value):
            # BIGipServerWEB=vi20010112000000000000000000000030.20480 - IPv6
            comps = value.split(".")
            comps[0] = comps[0].replace("vi", "", 1)
            host = socket.inet_ntop(
                socket.AF_INET6, int(comps[0], 16).to_bytes(16, byteorder="big")
            )
            port = _swap_endianness(int(comps[1]), 16)

            if utils.is_private_ip(host):
                ret = f"{host}:{port}"
        elif re.search(r"rd\d+o([a-f0-9]{32})o(\d{1,5})", value):
            # BIGipServerWEB=rd3o20010112000000000000000000000030o80 - IPv6
            comps = value.split("o")
            host = socket.inet_ntop(
                socket.AF_INET6, int(comps[1], 16).to_bytes(16, byteorder="big")
            )
            port = int(comps[2])

            if utils.is_private_ip(host):
                ret = f"{host}:{port}"

    return ret