def request_muntants(url, timeout = 30.0, allow_redirects = True, allow_out_of_scope = False): if not isinstance(url , URL): raise TypeError("Expected url object, type:%s" % type(url)) L.logger.log_verbose('[requets_url:%s] [+] %s' % (get_curmodule(), url.url)) return get_request(url = url, allow_redirects=False, timeout = timeout)
def run(self, info, **kwargs): #if not info.has_url_params and not info.has_post_params: # return m_return = [] #TODO 30X redirect p = get_request(url=info, allow_redirects=False) if (p.status == '301' or p.status == '302') and not p.headers.get('Location'): return m_return #TODO Content-Type if p.content_type is not None and re.search( '(application\/json)|(application\/javascript)|(text\/json)|(text\/javascript)|' '(application\/x-javascript)|(application\/octet-stream)|(text\/xml)|(application\/xml)', p.content_type) is not None: return m_return m_url = info ''' if info.has_url_params: for k,v in m_url.url_params.iteritems(): key = to_utf8(k) value = to_utf8(v) if self.xss_detect(m_url, method = 'GET', k = key, v = value): break #return m_return if info.has_post_params: for k,v in m_url.post_params.iteritems(): key = to_utf8(k) value = to_utf8(v) if self.xss_detect(m_url, method = 'POST', k = key, v = value): break ''' method = kwargs.get('method', None) if method is None or not isinstance(method, str): raise LalascanValueError("run plugin param has not method!") param = kwargs.get('param', None) if param is None or not isinstance(param, dict): raise LalascanValueError("run plugin param has not param!") if self.xss_detect(m_url, method=method, k=param['param_key'], v=param['param_value']): return m_return # Send the results return m_return
def payload_muntants(url_info, payload={}, bmethod='GET', exclude_cgi_suffix=[ 'css', 'js', 'jpeg', 'jpg', 'png', 'gif', 'svg', 'txt' ], use_cache=None, timeout=30.0, payload_encode=True, bcheck_use_orig_body=True, req_header={}, resp_code='200', resp_header={}, **kwargs): ''' :param url_info: :param payload: {'k':'id', 'pos': 1, 'payload':str, 'type': 0} (pos:0 key, pos:1 value) (type:0 append, type:1 replace) :param exclude_cgi_suffix: :param depth: :param bcheck_use_orig_body: :param req_header: :param resp_code: :param resp_header: :param kwargs: :return: ''' if not isinstance(url_info, URL): raise TypeError("Expected url object, type:%s" % type(url_info)) if not isinstance(payload, dict): raise TypeError("Excepted payload object, type:%s" % type(payload)) if url_info.parsed_url.extension[1:] in exclude_cgi_suffix: logger.log_verbose("Skipping URL: %s" % url_info.url) m_url_info = copy(url_info) if bmethod == "GET": param_dict = copy(m_url_info.url_params) elif bmethod == "POST": param_dict = copy(m_url_info.post_params) if len(param_dict) == None and len(param_dict) == 0: return None __ = parse_url(m_url_info.url) k = payload['k'] if payload['pos'] == 1: #value if payload['type'] == 0: #append param_dict[k] = param_dict[k] + payload['payload'] elif payload['type'] == 1: #replace param_dict[k] = payload['payload'] else: #key 先不考虑key值 if payload['type'] == 0: param_dict.update(k=param_dict.pop(k)) # TODO GET/POST param key need deal raise LalascanValueError("GET/POST param key payload is not support!") if bmethod == "GET": m_resource_url_payload = URL(url=__.request_cgi, method=bmethod, referer=m_url_info.referer, url_params=param_dict, post_params=m_url_info.post_params, urlencode=payload_encode) try: logger.log_verbose('[webvul:%s] [+] %s' % (get_curmodule(), m_resource_url_payload.url)) except LalascanBaseException: logger.log_verbose('[+] %s' % m_resource_url_payload.url) elif bmethod == "POST": m_resource_url_payload = URL(url=__.request_cgi, method=bmethod, referer=m_url_info.referer, url_params=m_url_info.url_params, post_params=param_dict, urlencode=payload_encode) try: logger.log_verbose( '[webvul:%s] [+] %s %s' % (get_curmodule(), m_resource_url_payload.url, param_dict)) except LalascanBaseException: logger.log_verbose('[+] %s %s' % (m_resource_url_payload.url, param_dict)) return get_request(url=m_resource_url_payload, allow_redirects=False, use_cache=use_cache, timeout=timeout), m_resource_url_payload
def get_original_time(): try: p = get_request(url=url, allow_redirects=False) return p.elapsed if p is not None else None except LalascanNetworkException: return None