예제 #1
0
    def start_requests(self):
        urls = [
            #'https://www.bing.com'
            #'https://httpbin.org/post^sss=lalala'
            #'http://www.freebuf.com'
            target_url_to_crawl
            #'http://3xp10it.cc'
            #'http://www.ip138.com/'
            #'http://httpbin.org/ip'
            #'http://geekpwn.freebuf.com'
        ]
        self.domain = urlparse(urls[0]).hostname
        self.path = urlparse(urls[0]).path
        self.cookie = get_url_cookie(urls[0])
        a = get_random_proxy()
        print(a)
        self.lua_script = """
        function main(splash, args)
          assert(splash:go{splash.args.url,http_method=splash.args.http_method,body=splash.args.body,headers={
              ['Cookie']='%s',
              }
              }
              )
          assert(splash:wait(6))


          return { url = splash:url(),  cookies = splash:get_cookies(), html = splash:html(), }
        end
        """ % (self.cookie)

        self.start_url = urls[0]
        for url in urls:
            if "^" in url:
                post_url_list = url.split("^")
                post_url = post_url_list[0]
                post_data = post_url_list[1]
                yield SplashRequest(post_url,
                                    callback=self.parse_post,
                                    endpoint='execute',
                                    magic_response=True,
                                    meta={
                                        'handle_httpstatus_all': True,
                                        'current_url': url
                                    },
                                    args={
                                        'lua_source': self.lua_script,
                                        'http_method': 'POST',
                                        'body': post_data
                                    })
            else:
                if url == "http://m.pingan.com/":
                    input(6666666666)
                    pdb.set_trace()
                yield SplashRequest(url,
                                    self.parse_get,
                                    endpoint='execute',
                                    magic_response=True,
                                    meta={'handle_httpstatus_all': True},
                                    args={'lua_source': self.lua_script})
예제 #2
0
import sys
import requests

exp10it_module_path = os.path.expanduser("~") + "/mypypi"
sys.path.insert(0, exp10it_module_path)
from exp10it import CLIOutput

from exploit import get_target_urls_from_db
from exploit import get_url_cookie

current_dir = os.path.split(os.path.realpath(__file__))[0]
target = sys.argv[1]
print("checking lfi vul for " + target)
urls = get_target_urls_from_db(target, "exp10itdb")
urls.append(target)
cookie = get_url_cookie(target)
check_url_list = []
for url in urls:
    match1 = re.search(
        r"(([^\?&\^]*action=[^&]*)|([^\?&\^]*page=[^&]*)|([^\?&\^]*file=[^&]*)|([^\?&\^]*filename=[^&]*)|([^\?&\^]path=[^&]*))",
        url, re.I)
    if match1:
        vul_str = match1.group(1)
        param = vul_str.split("=")[0]
        url = url.replace(vul_str, param + "=xxxxxxxxxx")
        check_url_list.append(url)
    else:
        match2 = re.search(r"([^\?&\^]+=.+\.[^&]{,5})", url, re.I)
        if match2:
            vul_str = match2.group(1)
            param = vul_str.split("=")[0]