def __init__(self, http, reportGen): self.HTTP = http self.logVuln = reportGen.logVulnerability self.logAnom = reportGen.logAnomaly self.auxText = AuxText() self.attackedGET = [] self.attackedPOST = []
def __init__(self, http, report_gen): self.HTTP = http self.logVuln = report_gen.logVulnerability self.logAnom = report_gen.logAnomaly self.auxText = AuxText() # List of attack urls already launched in the current module self.attackedGET = [] self.attackedPOST = [] self.vulnerableGET = [] self.vulnerablePOST = [] self.verbose = 0 self.color = 0 # List of modules (objects) that must be launched before the current module # Must be left empty in the code self.deps = []
class Attack(object): """ This class represents an attack, it must be extended for any class which implements a new type of attack """ name = "attack" doGET = True doPOST = True # List of modules (strings) that must be launched before the current module # Must be defined in the code of the module require = [] if hasattr(sys, "frozen"): BASE_DIR = os.path.join( os.path.dirname( unicode(sys.executable, sys.getfilesystemencoding())), "data") else: BASE_DIR = os.path.dirname(sys.modules['wapitiCore'].__file__) CONFIG_DIR = os.path.join(BASE_DIR, "config", "attacks") # Color codes STD = "\033[0;0m" RED = "\033[0;31m" GREEN = "\033[0;32m" ORANGE = "\033[0;33m" YELLOW = "\033[1;33m" BLUE = "\033[1;34m" MAGENTA = "\033[0;35m" CYAN = "\033[0;36m" GB = "\033[0;30m\033[47m" allowed = [ 'php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py' ] # The priority of the module, from 0 (first) to 10 (last). Default is 5 PRIORITY = 5 def __init__(self, http, report_gen): self.HTTP = http self.logVuln = report_gen.logVulnerability self.logAnom = report_gen.logAnomaly self.auxText = AuxText() # List of attack urls already launched in the current module self.attackedGET = [] self.attackedPOST = [] self.vulnerableGET = [] self.vulnerablePOST = [] self.verbose = 0 self.color = 0 # List of modules (objects) that must be launched before the current module # Must be left empty in the code self.deps = [] def setVerbose(self, verbose): self.verbose = verbose def setColor(self): self.color = 1 def loadPayloads(self, filename): """Load the payloads from the specified file""" return self.auxText.readLines(filename) def attackGET(self, http_res): return def attackPOST(self, form): return def loadRequire(self, obj=[]): self.deps = obj def log(self, fmt_string, *args): if len(args) == 0: print(fmt_string) else: print(fmt_string.format(*args)) if self.color: sys.stdout.write(self.STD) def logR(self, fmt_string, *args): if self.color: sys.stdout.write(self.RED) self.log(fmt_string, *args) def logG(self, fmt_string, *args): if self.color: sys.stdout.write(self.GREEN) self.log(fmt_string, *args) def logY(self, fmt_string, *args): if self.color: sys.stdout.write(self.YELLOW) self.log(fmt_string, *args) def logC(self, fmt_string, *args): if self.color: sys.stdout.write(self.CYAN) self.log(fmt_string, *args) def logW(self, fmt_string, *args): if self.color: sys.stdout.write(self.GB) self.log(fmt_string, *args) def logM(self, fmt_string, *args): if self.color: sys.stdout.write(self.MAGENTA) self.log(fmt_string, *args) def logB(self, fmt_string, *args): if self.color: sys.stdout.write(self.BLUE) self.log(fmt_string, *args) def logO(self, fmt_string, *args): if self.color: sys.stdout.write(self.ORANGE) self.log(fmt_string, *args) def attack(self, http_resources, forms): if self.doGET is True: for http_res in http_resources: url = http_res.url if self.verbose == 1: self.log(_("+ attackGET {0}"), url) try: self.attackGET(http_res) except socket.error, se: self.log(_('error: {0} while attacking {1}'), repr(str(se[0])), url) except requests.exceptions.Timeout: self.log(_('error: timeout while attacking {0}'), url)
class Attack(object): """ This class represents an attack, it must be extended for any class which implements a new type of attack """ name = "attack" doGET = True doPOST = True # List of modules (strings) that must be launched before the current module # Must be defined in the code of the module require = [] if hasattr(sys, "frozen"): BASE_DIR = os.path.join(os.path.dirname(unicode(sys.executable, sys.getfilesystemencoding())), "data") else: BASE_DIR = os.path.dirname(sys.modules['wapitiCore'].__file__) CONFIG_DIR = os.path.join(BASE_DIR, "config", "attacks") # Color codes STD = "\033[0;0m" RED = "\033[0;31m" GREEN = "\033[0;32m" ORANGE = "\033[0;33m" YELLOW = "\033[1;33m" BLUE = "\033[1;34m" MAGENTA = "\033[0;35m" CYAN = "\033[0;36m" GB = "\033[0;30m\033[47m" allowed = ['php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py'] # The priority of the module, from 0 (first) to 10 (last). Default is 5 PRIORITY = 5 def __init__(self, http, report_gen): self.HTTP = http self.logVuln = report_gen.logVulnerability self.logAnom = report_gen.logAnomaly self.auxText = AuxText() # List of attack urls already launched in the current module self.attackedGET = [] self.attackedPOST = [] self.vulnerableGET = [] self.vulnerablePOST = [] self.verbose = 0 self.color = 0 # List of modules (objects) that must be launched before the current module # Must be left empty in the code self.deps = [] def setVerbose(self, verbose): self.verbose = verbose def setColor(self): self.color = 1 def loadPayloads(self, filename): """Load the payloads from the specified file""" return self.auxText.readLines(filename) def attackGET(self, http_res): return def attackPOST(self, form): return def loadRequire(self, obj=[]): self.deps = obj def log(self, fmt_string, *args): if len(args) == 0: print(fmt_string) else: print(fmt_string.format(*args)) if self.color: sys.stdout.write(self.STD) def logR(self, fmt_string, *args): if self.color: sys.stdout.write(self.RED) self.log(fmt_string, *args) def logG(self, fmt_string, *args): if self.color: sys.stdout.write(self.GREEN) self.log(fmt_string, *args) def logY(self, fmt_string, *args): if self.color: sys.stdout.write(self.YELLOW) self.log(fmt_string, *args) def logC(self, fmt_string, *args): if self.color: sys.stdout.write(self.CYAN) self.log(fmt_string, *args) def logW(self, fmt_string, *args): if self.color: sys.stdout.write(self.GB) self.log(fmt_string, *args) def logM(self, fmt_string, *args): if self.color: sys.stdout.write(self.MAGENTA) self.log(fmt_string, *args) def logB(self, fmt_string, *args): if self.color: sys.stdout.write(self.BLUE) self.log(fmt_string, *args) def logO(self, fmt_string, *args): if self.color: sys.stdout.write(self.ORANGE) self.log(fmt_string, *args) def attack(self, http_resources, forms): if self.doGET is True: for http_res in http_resources: url = http_res.url if self.verbose == 1: self.log(_("+ attackGET {0}"), url) try: self.attackGET(http_res) except socket.error, se: self.log(_('error: {0} while attacking {1}'), repr(str(se[0])), url) except requests.exceptions.Timeout: self.log(_('error: timeout while attacking {0}'), url)