예제 #1
0
파일: slide.py 프로젝트: ye-man/brutemap
def login(username, password):
    _, u_field, _ = getFormField()
    u_field.clear()
    u_field.send_keys(username)
    u_field.submit()
    newFields = getFormField()
    if newFields is not None and isWebShellLoginPage(newFields):
        newPage = getPage(browser.current_url)
        TARGET.PAGE.insert(0, newPage)
        passwordField = newFields[-1]
        passwordField.clear()
        passwordField.send_keys(password)
        passwordField.submit()
        TARGET.PASSWORD_TESTED = True

    status = verifyAccount()
    infoMsg = "Account => %s : %s (%s)" % (username, password, status)
    logger.info(infoMsg)

    if status == STATUS.OK:
        TARGET.CREDENTIALS.append((username, password))
        TARGET.PAGE.pop(0)

    browser.delete_all_cookies()
    browser.get(TARGET.URL)
예제 #2
0
파일: webshell.py 프로젝트: ye-man/brutemap
def login(password):
    _, _, p_field = getFormField()
    p_field.clear()
    p_field.send_keys(password)
    p_field.submit()

    status = verifyAccount()
    infoMsg = "Password => %s (%s)" % (password, status)
    logger.info(infoMsg)

    if status == STATUS.OK:
        TARGET.CREDENTIALS.append((password, ))
        browser.delete_all_cookies()
        raise BrutemapStopBruteForceException
예제 #3
0
def login(username, password):
    form, u_field, p_field = getFormField()
    u_field.clear()
    u_field.send_keys(username)
    p_field.clear()
    p_field.send_keys(password)
    form.submit()

    status = verifyAccount()
    infoMsg = "Account => %s : %s (%s)" % (username, password, status)
    logger.info(infoMsg)

    if status == STATUS.OK:
        TARGET.CREDENTIALS.append((username, password))
        browser.delete_all_cookies()
        browser.get(TARGET.URL)
예제 #4
0
파일: target.py 프로젝트: ye-man/brutemap
            registerInterruptHandler()
            if skip_target:
                raise BrutemapSkipTargetException

        infoMsg = "HTTP authentication type: %s" % authType.capitalize()
        logger.info(infoMsg)
        SETTING.HTTP_AUTH_HANDLER = auth_handler

    else:
        SETTING.HTTP_AUTH_HANDLER = response = None
        browser.get(url)

    form_elements = [] if response is not None else getFormElements()
    if len(form_elements) > 0:
        fields = getFormField()
        status, pageType = isSupportedTarget(fields)

        if not status:
            criMsg = "Unsupported target"
            logger.critical(criMsg)

            raise BrutemapSkipTargetException

        else:
            TARGET.URL = str(browser.current_url)
            infoMsg = "Login page type: %s" % repr(pageType)
            logger.info(infoMsg)
            bruteForceAttack(fields)

    elif response is not None:
예제 #5
0
def checkTarget(url):
    """
    Memeriksa jika target adalah target yang didukung.
    """

    infoMsg = "Checking target..."
    logger.info(infoMsg)

    response = None

    try:
        wrapped = errormanager(requests.get)
        response = wrapped(url)
    except Exception as e:
        logger.exception(e)
        raise BrutemapSkipTargetException

    if response.status_code == 401:
        infoMsg = "Login page type: 'HTTP AUTHENTICATION'"
        logger.info(infoMsg)

        TARGET.URL = response.url
        header = response.headers.get("www-authenticate")
        if not header:
            criMsg = "Cannot find HTTP Authentication type. "
            criMsg += "url %s there is no HTTP header 'WWW-Authenticate'" % repr(
                url)
            logger.critical(criMsg)

            raise BrutemapSkipTargetException

        else:
            authType = header.split(" ", 1)[0].lower()

        auth_handler = None
        if authType == "basic":
            auth_handler = requests.auth.HTTPBasicAuth

        elif authType == "digest":
            auth_handler = requests.auth.HTTPDigestAuth

        else:
            warnMsg = "Unsupported HTTP authentication (%s). " % repr(
                authType.capitalize())
            logger.warn(warnMsg)
            infoMsg = "Enter HTTP authentication handler (for 'python-requests'). "
            infoMsg += "(press 'CTRL-C' to exit)"
            logger.info(infoMsg)

            registerInterruptHandler(reset=True)

            skip_target = False
            while not skip_target:
                try:
                    auth_handler = __import__(
                        raw_input(
                            "[#] (e.g. 'requests.auth.HTTPDigestAuth')> "))
                    if issubclass(auth_handler, requests.auth.AuthBase) and \
                        not auth_handler is requests.auth.AuthBase:
                        break

                except KeyboardInterrupt:
                    print()
                    skip_target = True

                except Exception as e:
                    logger.exception(e)

            registerInterruptHandler()
            if skip_target:
                raise BrutemapSkipTargetException

        infoMsg = "HTTP authentication type: %s" % authType.capitalize()
        logger.info(infoMsg)
        SETTING.HTTP_AUTH_HANDLER = auth_handler

    else:
        SETTING.HTTP_AUTH_HANDLER = response = None
        browser.get(url)

    form_elements = [] if response is not None else getFormElements()
    if len(form_elements) > 0:
        fields = getFormField()
        status, pageType = isSupportedTarget(fields)

        if not status:
            criMsg = "Unsupported target"
            logger.critical(criMsg)

            raise BrutemapSkipTargetException

        else:
            TARGET.URL = str(browser.current_url)
            infoMsg = "Login page type: %s" % repr(pageType)
            logger.info(infoMsg)
            bruteForceAttack(fields)

    elif response is not None:
        bruteForceAttack((), http_auth=response)

    else:
        criMsg = "Unsupported target"
        logger.critical(criMsg)

        raise BrutemapSkipTargetException