def manager(self):
to_scan_url_list = j_pentest_utils.textcsv_read('source.txt')
for to_scan_url in to_scan_url_list:
job = {
'url': to_scan_url,
'timeout': 60 * 3,
}
self.job_queue.put(job)
def scan_page(url, data=None):
retval = {}
retval['url'] = url
retval['payloads'] = []
url, data = re.sub(r"=(&|\Z)", "=1\g<1>", url) if url else url, re.sub(
r"=(&|\Z)", "=1\g<1>", data) if data else data
tag = prefix = suffix = ''.join(
random.sample(string.ascii_lowercase, PREFIX_SUFFIX_LENGTH))
tag = prefix = suffix = 'IIIIIIII' # debug tag, easy to search
#for phase in (GET, POST):
for phase in (GET, ):
current = url if phase is GET else (data or "")
for match in re.finditer(
r"((\A|[?&])(?P<parameter>[\w\[\]]+)=)(?P<value>[^&#]*)",
current):
found, usable = False, True
context_list = []
print "* scanning %s parameter '%s'" % (phase,
match.group("parameter"))
# baseline request
tampered = current.replace(match.group(0), match.group(0) + tag)
r = retrive_content(tampered)
baseline_match_count = len(re.findall(tag, r))
print 'baseline_match_count:', baseline_match_count
if not baseline_match_count: # parameter not found in response, impossible to hack
continue
payloads = j_pentest_utils.textcsv_read('payloads.txt')
for payload in payloads:
payload = '{tag}{rawpayload}{tag}'.format(tag=tag,
rawpayload=payload)
payload_pattern = r'{tag}(?P<payload_output>.*?){tag}'.format(
tag=tag)
payload_output_mutants = []
tampered = current.replace(match.group(0),
match.group(0) + payload)
r = retrive_content(tampered)
for payload_match in re.finditer(payload_pattern, r):
payload_output_mutants.append(
payload_match.groupdict()['payload_output'])
retval['payloads'].append({
'parameter':
match.group(0),
'rawpayload':
payload,
'outputmutants':
payload_output_mutants
})
return retval
def get_dirdb():
dirdb = os.path.join(path, 'dirdb.txt')
dirdb = j_pentest_utils.textcsv_read(dirdb)
return dirdb
def get_top_1m():
top_1m_path = os.path.join(path, 'top-1m.csv')
top_1m = j_pentest_utils.textcsv_read(top_1m_path)
return map(lambda x: x.split(',')[-1], top_1m)
def get_vulnbox_src():
vulnbox_src_path = os.path.join(path, 'vulnbox_source.txt')
return j_pentest_utils.textcsv_read(vulnbox_src_path)
def get_butian_src():
butian_src_path = os.path.join(path, 'butian_source.txt')
return j_pentest_utils.textcsv_read(butian_src_path)