def gen(self, reqs, module, rules): requestList = [] #Store generated request objects data2 = FileOp(rules['cwd'] + '/lists/kiterunner-routes-small.txt').reader() #Use some different contexts api_context = [ '1', '-1', '0', '33e2c9de-991a-11eb-a8b3-0242ac130003', '064ad4e2-31a1-4559-8d96-83d17feca4e4', '00000000-0000-0000-0000-000000000000', '1.0', '%00', 'NULL' ] #Build URL lists data = [] for c in api_context: for route in data2: if route.startswith('/'): route = route[1:] newpath = route.replace('{kr}', c) data.append(newpath) for req in reqs: u = UrlObject(req.url) for directory in data: newurl = u.u_d + directory req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects if rules['datalist'] == None: print('dirb-files: Provide a list of file extensions -dl html php') sys.exit(0) else: filetypes = rules['datalist'] try: files = FileOp(rules['cwd'] + '/lists/files.xtcz').reader() except: files = ['fail.xtcz'] print('File Extensions: ' + str(filetypes)) for req in reqs: u = UrlObject(req.url) for ftype in filetypes: for directory in files: newurl = u.u_d + directory.replace('xtcz', ftype) req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects params = FileOp(rules['cwd'] + '/lists/parameters.txt').reader() headers = FileOp(rules['cwd'] + '/lists/all-headers.txt').reader() paramValue = 'discobiscuits' headerValue = '127.0.0.1' db = '' for req in reqs: u = UrlObject(req.url) #Brute GET and POST Parameters for param in params: req_get = copy.deepcopy(req) ndata = req.data.copy() ndata[param] = paramValue haxgod = u.u_q + '?' + self.getParamStr(ndata) req_get.update_url(haxgod) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) req_post = copy.deepcopy(req_get) req_post.update_url(req.url) req_post.update_data(ndata) req_post.update_method('POST') requestList.append(req_post) del ndata[param] #Brute Request Headers for head in headers: req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = headerValue req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] #Brute Cookies for cookie in params: req_c = copy.deepcopy(req) monster = req.cookies.copy() monster[cookie] = paramValue req_c.update_cookies(monster) req_c.update_reqID('reqID') req_c.update_module(module) requestList.append(req_c) del monster[cookie] return requestList
def standard_parse(self): for k, v in self.responses.items(): for req in v: u = copy.deepcopy(self.get_request(req['respID'])) url = UrlObject(u.url) if k == '200': if url.is_dir(): self.b_cnf = self.cnf._200_d self.b_cnf['url'] = copy.copy(url.full) self.b_cnf['req'] = copy.deepcopy( self.get_request(req['respID'])) self.multi_Req.append(copy.deepcopy(self.b_cnf)) elif url.is_compatable(): self.b_cnf = self.cnf._200_e self.b_cnf['url'] = copy.copy(url.full) self.b_cnf['req'] = copy.deepcopy( self.get_request(req['respID'])) self.multi_Req.append(copy.deepcopy(self.b_cnf)) elif k == '403': self.b_cnf = self.cnf._403 self.b_cnf['url'] = copy.copy(url.full) self.b_cnf['req'] = copy.deepcopy( self.get_request(req['respID'])) self.multi_Req.append(copy.deepcopy(self.b_cnf)) elif k == '401': self.b_cnf = self.cnf._401 self.b_cnf['url'] = copy.copy(url.full) self.b_cnf['req'] = copy.deepcopy( self.get_request(req['respID'])) self.multi_Req.append(copy.deepcopy(self.b_cnf)) elif k == '301': self.b_cnf = self.cnf._301 self.b_cnf['url'] = copy.copy(req['headers']['Location']) request = copy.deepcopy(self.get_request(req['respID'])) request.update_url(copy.copy(req['headers']['Location'])) self.b_cnf['req'] = request self.multi_Req.append(copy.deepcopy(self.b_cnf)) return True
def gen(self, cwd, urls, proxy, headers, timeout, cookies, postdata, module): requestList = [] #Store generated request objects data = FileOp(cwd + '/lists/files.txt').reader() shuffled = random.shuffle(data) #Randomize our list newurl = '' for url in urls: u = UrlObject(url) for directory in data: newurl = u.u_d + directory req_get = RequestObject('reqID', 'GET', proxy, headers, timeout, cookies, newurl, postdata, module) requestList.append(req_get) return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects data = FileOp(rules['cwd'] + '/lists/dirs.txt').reader() shuffled = random.shuffle(data) #Randomize our list newurl = '' for req in reqs: u = UrlObject(req.url) for directory in data: newurl = u.u_d + directory req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) return requestList
def gen(self, cwd, urls, proxy, headers, timeout, cookies, postdata, module, datalist): requestList = [] #Store generated request objects data = FileOp(cwd+'/lists/files.xtcz').reader() db = '' print('file extension: '+str(datalist)) for url in urls: u = UrlObject(url) for ftype in datalist: for directory in data: newurl = u.u_d + directory.replace('xtcz', ftype) req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, newurl, postdata, module) requestList.append(req_get) return requestList
def printAll(self): if self.url != None: url = UrlObject(self.url) path = url.fullpath host = url.host headrs = dict(self.headers) print('\nRequest ID:' + self.reqID) print('Module: ' + self.module) print(self.method + ' ' + str(path) + ' HTTP/1.1') print('Host: ' + host) for k, v in headrs.items(): print(k + ': ' + v) print('-------------------------------') print(self.cookies) print(self.data) print(self.url)
def gen(self, cwd, urls, proxy, headers, timeout, cookies, postdata, module, datalist): requestList = [] #Store generated request objects try: data = FileOp(datalist[0]).reader() except: print('dirb-custom: Provide a wordlist using -dl [wordlist]') sys.exit(0) for url in urls: u = UrlObject(url) for directory in data: newurl = u.u_d + directory req_get = RequestObject('reqID', "GET", proxy, headers, timeout, cookies, newurl, postdata, module) requestList.append(req_get) return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects try: custom_list = FileOp(rules['datalist'][0]).reader() except: print('dirb-custom: Provide a wordlist using -dl [wordlist]') sys.exit(0) for req in reqs: u = UrlObject(req.url) #For each item in custom list append to current url for directory in custom_list: newurl = u.u_d + directory req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects if rules['datalist'] == 0: print('dirb-single: -dl Provide directories or files to scan for') sys.exit(0) else: for req in reqs: u = UrlObject(req.url) #For each item in data list append to current url for directory in rules['datalist']: newurl = u.u_d + directory req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) return requestList
def gen(self, cwd, urls, proxy, headers, timeout, cookies, postdata, module): requestList = [] #Store generated request objects data = FileOp(cwd + '/lists/parameters.txt').reader() paramValue = 'discobiscuits' db = '' for url in urls: u = UrlObject(url) for param in data: ndata = postdata.copy() ndata[param] = paramValue db = u.u_q + '?' + self.getParamStr(ndata) req_get = RequestObject('reqID', "GET", proxy, headers, timeout, cookies, db, ndata, module) requestList.append(req_get) req_post = RequestObject('reqID', "POST", proxy, headers, timeout, cookies, u.u_q, ndata, module) requestList.append(req_post) del ndata[param] return requestList
def gen(self, reqs, module, rules): d1 = '' d2 = '' self.data = FileOp(rules['cwd'] + '/lists/archive-file.txt').reader() for req in reqs: u = UrlObject(req.url) #If no lastfile if u.lastfile != '': for i in self.data: d1 = u.u_q + i req_get = copy.deepcopy(req) req_get.update_url(d1) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) d2 = u.u_d + u.lastfile_ext + i req_get = copy.deepcopy(req) req_get.update_url(d2) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) for i in self.prepend: d3 = u.u_d + i + u.lastfile req_get = copy.deepcopy(req) req_get.update_url(d3) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) for j in self.data: d4 = u.u_d + i + u.lastfile + j req_get = copy.deepcopy(req) req_get.update_url(d4) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) #If no lastpath if u.lastpath != '': for i in self.data: d5 = u.u_d + u.lastpath + i req_get = copy.deepcopy(req) req_get.update_url(d5) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) d6 = u.u_dd + u.lastpath + i req_get = copy.deepcopy(req) req_get.update_url(d6) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) for i in self.common: for j in self.data: d7 = u.u_d + i + j req_get = copy.deepcopy(req) req_get.update_url(d7) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) #Else else: for i in self.common: for j in self.data: d8 = u.u_d + i + j req_get = copy.deepcopy(req) req_get.update_url(d8) req_get.update_reqID('reqID') req_get.update_module(module) self.requestList.append(req_get) return self.requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects params = FileOp(rules['cwd'] + '/lists/parameters.txt').reader() headers = FileOp(rules['cwd'] + '/lists/all-headers.txt').reader() if len(rules['datalist']) == 0: print('fuzz: -dl [fuzz payload] [fuzz payload] ...') sys.exit(0) for fuzz in rules['datalist']: paramValue = fuzz headerValue = fuzz db = '' for req in reqs: u = UrlObject(req.url) #Brute all headers with fuzzstrings for head in headers: req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = headerValue req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] #Add custom fuzz to path for req in reqs: u = UrlObject(req.url) newurl = u.u_d + paramValue req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Add custom fuzz to path+? for req in reqs: u = UrlObject(req.url) newurl = u.u_d + '?' + paramValue req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Included headers coverage (like user agent etc) for req in reqs: req_head = copy.deepcopy(req) heads = req.headers.copy() newhead = copy.deepcopy(heads) for h, value in heads.items(): req_head2 = copy.deepcopy(req) newhead[h] = headerValue req_head2.update_headers(heads) req_head2.update_reqID('reqID') req_head2.update_module(module) requestList.append(req_head2) del newhead[h] return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects params = FileOp(rules['cwd'] + '/lists/parameters.txt').reader() headers = FileOp(rules['cwd'] + '/lists/all-headers.txt').reader() mini = FileOp(rules['cwd'] + '/lists/mini-fuzz.txt').reader() for fuzz in mini: paramValue = fuzz headerValue = fuzz db = '' for req in reqs: u = UrlObject(req.url) #Brute GET and POST Parameters for param in params: req_get = copy.deepcopy(req) ndata = req.data.copy() ndata[param] = paramValue haxgod = u.u_q + '?' + self.getParamStr(ndata) req_get.update_url(haxgod) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) req_post = copy.deepcopy(req_get) req_post.update_url(req.url) req_post.update_data(ndata) req_post.update_method('POST') requestList.append(req_post) del ndata[param] #Fuzz with param[]=value if PHP if u.last_ext == 'php': for param in params: req_get = copy.deepcopy(req) ndata = req.data.copy() weird = param + '[]' ndata[weird] = paramValue haxgod = u.u_q + '?' + self.getParamStr(ndata) req_get.update_url(haxgod) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) req_post = copy.deepcopy(req_get) req_post.update_url(req.url) req_post.update_data(ndata) req_post.update_method('POST') requestList.append(req_post) del ndata[weird] #Brute Request Headers for head in headers: req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = headerValue req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] #Brute Cookies for cookie in params: req_c = copy.deepcopy(req) monster = req.cookies.copy() monster[cookie] = paramValue req_c.update_cookies(monster) req_c.update_reqID('reqID') req_c.update_module(module) requestList.append(req_c) del monster[cookie] return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects bypass = FileOp(rules['cwd'] + '/lists/bypass.txt').reader() all_methods = [ "GET", "POST", "OPTIONS", "PUT", "PATCH", "HEAD", "DELETE", "TRACE", "DEBUG", "AAA" ] newurl = '' headers = FileOp(rules['cwd'] + '/lists/all-headers.txt').reader() for req in reqs: u = UrlObject(req.url) #Try url/*fuzz* for fuzz in bypass: newurl = u.u_d + fuzz req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Try url(-1 dir)/*fuzz* for fuzz in bypass: newurl = u.u_dd + fuzz req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Try url/*fuzz*/PATH for fuzz in bypass: newurl = u.u_d + fuzz + u.lastpath req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Try url(-1 dir)/*fuzz*/PATH for fuzz in bypass: newurl = u.u_dd + fuzz + u.lastpath req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Try url/*fuzz**fuzz2*/PATH for fuzz in bypass: for fuzz2 in bypass: newurl = u.u_d + fuzz + fuzz2 + u.lastpath req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Try url/*fuzz*/PATH/*fuzz2*/ for fuzz in bypass: for fuzz2 in bypass: newurl = u.u_d + fuzz + u.lastpath + fuzz2 req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Try all headers for local ranges local_range = [ '127.0.0.1', '10.0.0.1', '172.16.0.1', '192.168.0.1' ] for ip in local_range: for head in headers: req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = ip req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] #Try all methods for method in all_methods: req_m = copy.deepcopy(req) req_m.update_method(method) req_m.update_reqID('reqID') req_m.update_module(module) requestList.append(req_m) #Try known bypasses known = ['X-Original-URL', 'X-Rewrite-URL', 'X-Override-URL'] for head in known: newurl = u.u_d req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = '/' + u.lastpath req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = '/' + u.lastpath + '/' req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects params = FileOp(rules['cwd'] + '/lists/parameters.txt').reader() headers = FileOp(rules['cwd'] + '/lists/all-headers.txt').reader() try: custom_list = FileOp(rules['datalist'][0]).reader() except: print('dirb-custom: Provide a wordlist using -dl [wordlist]') sys.exit(0) for fuzz in custom_list: paramValue = fuzz headerValue = fuzz db = '' for req in reqs: u = UrlObject(req.url) #Brute all headers with fuzzstrings for head in headers: req_head = copy.deepcopy(req) heads = req.headers.copy() heads[head] = headerValue req_head.update_headers(heads) req_head.update_reqID('reqID') req_head.update_module(module) requestList.append(req_head) del heads[head] #Brute GET and POST Parameters for param in params: req_get = copy.deepcopy(req) ndata = req.data.copy() ndata[param] = paramValue haxgod = u.u_q + '?' + self.getParamStr(ndata) req_get.update_url(haxgod) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) req_post = copy.deepcopy(req_get) req_post.update_url(req.url) req_post.update_data(ndata) req_post.update_method('POST') requestList.append(req_post) del ndata[param] #Add custom fuzz to path for req in reqs: u = UrlObject(req.url) newurl = u.u_d + paramValue req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Add custom fuzz to path+? for req in reqs: u = UrlObject(req.url) newurl = u.u_d + '?' + paramValue req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Included headers coverage (like user agent etc) for req in reqs: req_head = copy.deepcopy(req) heads = req.headers.copy() newhead = copy.deepcopy(heads) for h, value in heads.items(): req_head2 = copy.deepcopy(req) newhead[h] = headerValue req_head2.update_headers(heads) req_head2.update_reqID('reqID') req_head2.update_module(module) requestList.append(req_head2) del newhead[h] return requestList
def gen(self, reqs, module, rules): requestList = [] #Store generated request objects params = FileOp(rules['cwd']+'/lists/parameters.txt').reader() headers = FileOp(rules['cwd']+'/lists/all-headers.txt').reader() if len(rules['datalist']) == 0: print('fuzz: -dl [fuzz payload] [fuzz payload] ...') sys.exit(0) for fuzz in rules['datalist']: paramValue = fuzz headerValue = fuzz db = '' #Add custom fuzz to path for req in reqs: u = UrlObject(req.url) newurl = u.u_d+paramValue req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Add custom fuzz to path+? for req in reqs: u = UrlObject(req.url) newurl = u.u_d+'?'+paramValue req_get = copy.deepcopy(req) req_get.update_url(newurl) req_get.update_reqID('reqID') req_get.update_module(module) requestList.append(req_get) #Included headers coverage (like user agent etc) for req in reqs: req_head = copy.deepcopy(req) heads = req.headers.copy() newhead = copy.deepcopy(heads) for h,value in heads.items(): req_head2 = copy.deepcopy(req) newhead[h] = headerValue req_head2.update_headers(heads) req_head2.update_reqID('reqID') req_head2.update_module(module) requestList.append(req_head2) del newhead[h] mini_headers = [ 'X-Api-Version','User-Agent','Cookie','Referer', 'Accept-Language','Accept-Encoding', 'Upgrade-Insecure-Requests','Accept','Pragma', 'X-Requested-With','X-CSRF-Token','Dnt', 'Content-Length','Access-Control-Request-Method', 'Access-Control-Request-Headers','Warning', 'Authorization','TE','Accept-Charset','Accept-Datetime', 'Expect','Forwarded','From','Max-Forwards', 'Proxy-Authorization', 'X-Forwarded-For', 'Range', 'Content-Deposition', 'X-Amz-Target','Content-Type', 'Username','IP', 'IPaddress','Hostname'] #Generate requests using mini_headers and value provided for req in reqs: req_head = copy.deepcopy(req) heads = req.headers.copy() for h in mini_headers: newheaders = copy.deepcopy(heads) newheaders[h] = headerValue req_new = copy.deepcopy(req_head) req_new.update_headers(newheaders) req_new.update_reqID('reqID') req_new.update_module(module) requestList.append(req_new) return requestList
from lib.urlObject import UrlObject testing = [ 'https://securit.ie/users/testing/hax.html?test=1', 'https://securit.ie/users/testing/hax?test=1', 'https://securit.ie/users/testing/nothing/', 'https://securit.ie/users/hax?test=1', 'https://securit.ie/users', 'https://securit.ie/users.test.html', 'https://securit.ie/'] for i in testing: u = UrlObject(i) print('url: '+i) print('u_d: '+u.u_d) print('u_dd: '+u.u_dd) print('u_q: '+u.u_q) print('full: '+u.full) print('fullpath: '+u.fullpath) print('host: '+u.host) print('query: '+u.query) print('lastpath: '+u.lastpath) print('lastfile: '+u.lastfile) print('lastfile_ext: '+u.lastfile_ext) print('last_ext: '+u.last_ext) print('------------------\n')
def gen(self, cwd, urls, proxy, headers, timeout, cookies, postdata, module): d1 = '' d2 = '' data = FileOp(cwd+'/lists/archive-file.txt').reader() shuffled = random.shuffle(data) for url in urls: u = UrlObject(url) #If no lastfile if u.lastfile != '': for i in self.data: d1 = u.u_q + i req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d1, postdata, module) self.requestList.append(req_get) d2 = u.u_d + u.lastfile_ext+i req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d2, postdata, module) self.requestList.append(req_get) for i in self.prepend: d1 = u.u_d + i + u.lastfile req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d1, postdata, module) self.requestList.append(req_get) for j in self.data: d2 = u.u_d + i + u.lastfile + j req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d2, postdata, module) self.requestList.append(req_get) #If no lastpath if u.lastpath != '': for i in self.data: d1 = u.u_d + u.lastpath + i req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d1, postdata, module) self.requestList.append(req_get) d2 = u.u_dd + u.lastpath + i req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d2, postdata, module) self.requestList.append(req_get) for i in self.common: for j in self.data: d1 = u.u_d + i + j req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d1, postdata, module) self.requestList.append(req_get) #Else else: for i in self.common: for j in self.data: d1 = u.u_d + i + j req_get = RequestObject('reqID',"GET", proxy, headers, timeout, cookies, d1, postdata, module) self.requestList.append(req_get) return self.requestList