def prepare_requests(args): headers = { 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'close', 'Upgrade-Insecure-Requests': '1' } if type(headers) == bool: headers = extractHeaders(prompt()) elif type(headers) == str: headers = extractHeaders(headers) if mem.var['method'] == 'JSON': mem.headers['Content-type'] = 'application/json' if args.url: params = getParams(args.include) return { 'url': args.url, 'method': mem.var['method'], 'headers': headers, 'include': params } elif args.import_file: return importer(args.import_file, mem.var['method'], headers, args.include) return []
help='don\'t ask to continue', dest='skip', action='store_true') parser.add_argument('--skip-dom', help='skip dom checking', dest='skipDOM', action='store_true') parser.add_argument('-v', '--vectors', help='verbose output', dest='verbose', action='store_true') args = parser.parse_args() if args.headers: headers = extractHeaders(prompt()) else: from core.config import headers find = args.find fuzz = args.fuzz encode = args.encode target = args.target paramData = args.data verbose = args.verbose skipDOM = args.skipDOM level = args.level or 2 delay = args.delay or core.config.delay timeout = args.timeout or core.config.timeout threadCount = args.threads or core.config.threadCount
help='http request timeout', dest='timeout', type=int) parser.add_argument('--headers', help='http headers', dest='add_headers', nargs='?', const=True) args = parser.parse_args() if not args.target: print('\n' + parser.format_help().lower()) quit() if type(args.add_headers) == bool: headers = extractHeaders(prompt()) elif type(args.add_headers) == str: headers = extractHeaders(args.add_headers) else: from core.config import headers target = args.target delay = args.delay or 0 level = args.level or 2 timeout = args.timeout or 20 threadCount = args.threads or 2 allTokens = [] weakTokens = [] tokenDatabase = [] insecureForms = []
parser.add_argument('-t', '--threads', help='number of threads', dest='threadCount', type=int, default=core.config.threadCount) parser.add_argument('-d', '--delay', help='delay between requests', dest='delay', type=int, default=core.config.delay) parser.add_argument('--skip', help='don\'t ask to continue', dest='skip', action='store_true') parser.add_argument('--skip-dom', help='skip dom checking', dest='skipDOM', action='store_true') parser.add_argument('-v', '--vectors', help='verbose output', dest='verbose', action='store_true') parser.add_argument('--blind', help='inject blind XSS payload while crawling', dest='blindXSS', action='store_true') args = parser.parse_args() if args.add_headers: headers = extractHeaders(prompt()) else: from core.config import headers # Pull all parameter values of dict from argparse namespace into local variables of name == key # The following works, but the static checkers are too static ;-) locals().update(vars(args)) target = args.target path = args.path jsonData = args.jsonData paramData = args.paramData encode = args.encode fuzz = args.fuzz update = args.update timeout = args.timeout proxy = args.proxy find = args.find
help='add headers', dest='header_dict', nargs='?', const=True) args = parser.parse_args() delay = args.delay quiet = args.quiet target = args.target threads = args.threads inp_file = args.inp_file json_file = args.json_file header_dict = args.header_dict if type(header_dict) == bool: header_dict = extractHeaders(prompt()) elif type(header_dict) == str: header_dict = extractHeaders(header_dict) else: header_dict = { 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip', 'DNT': '1', 'Connection': 'close', } urls = create_url_list(target, inp_file)
dest='skipDOM', action='store_true') parser.add_argument('-v', '--vectors', help='verbose output', dest='verbose', action='store_true') parser.add_argument('--blind', help='inject blind XSS payload while crawling', dest='blindXSS', action='store_true') args = parser.parse_args() if args.file_headers: with open(args.file_headers, "r") as f: user_headers = extractHeaders(f.read()) from core.config import headers for key in user_headers: headers[key] = user_headers[key] if type(args.add_headers) == bool: headers = extractHeaders(prompt()) elif type(args.add_headers) == str: headers = extractHeaders(args.add_headers) else: if args.add_headers: headers = extractHeaders(prompt()) else: from core.config import headers # Pull all parameter values of dict from argparse namespace into local variables of name == key