def test_POST(target_info, wlist):
"""
[POST] Path test function
"""
#target_info is a tuple and has
# [0] = URL
# [1] = default page size
# [2] = default HTML page
# [3] = injection parameter
target = target_info[0]
p_size_default = target_info[1]
p_html_default = target_info[2]
parameter = target_info[3]
#Will go through all the lines in the wordlist
for directory in wlist:
directory = directory.rstrip()
if directory not in scanned:
scanned.append(directory)
#If --timeset in use. The program will wait before next request
if args.timeset != None:
if args.v == True:
print("sleeping %s seconds" % args.timeset)
sleep(args.timeset)
for p in parameter:
#First run has "PAYLOAD" as value
if parameter[p] == "PAYLOAD":
parameter[p] = directory
#After the first, it adquires the injection payload value
elif "/" in parameter[p]:
parameter[p] = directory
conn = connection.verify(target, args.v, args.UserAgent,
args.timeout)
post_response = conn.post(directory, parameter)
infos[post_response[3]] = [post_response[1]]
html = sub("<.*?>", "", post_response[2])
teste_html = tester.crawler(html, args.v)
comparation = teste_html.compare(p_html_default)
if comparation == "not_equal":
teste_string = teste_html.strings(args.ignore)
if teste_string == "not_found":
infos[post_response[3]].append(html)
else:
pass
def check():
"""
Check All Requirements (URL, Server Status, Redirect
"""
if args.RandomAgent == True:
args.UserAgent = useragents.generate()
conn = connection.verify(args.u, args.v, args.UserAgent, args.timeout)
#Validates input URL
conn.url()
#Returns url and HTTP code
code = conn.HTTPcode(True)
if code[1] == 200:
print(" [+] Server Status: Online")
print(" [+] Response code: ", code[1])
else:
print(" [-] Server Status: Offline")
print("Response code: ", code[1])
follow = input(" [!] Proceed anyway? [y/n] ")
if follow == "n":
exit()
else:
#returns URL, default page size, default html
return (args.u, 0, "not found")
#Get default failed injection page size
#Returns URL and Default page size
default_p_size = conn.PageSize(True)
#Get default page HTML
default_html = conn.HTML(True)
default_html = sub("<.*?>", "", default_html)
#Check for redirect (True)
target_url = conn.redirect(True, True)
#Returns URL, (URL, default page size), default_html
if args.p != None:
par = conn.parameter(args.p)
return (target_url, default_p_size, default_html, par)
else:
return (target_url, default_p_size, default_html)
def check():
#Call Module
conn = connection.verify(args.u, args.v, args.UserAgent,\
args.timeout)
#Check if directory ends with "/"
#site.com/dir/ /../etc/passwd
if directory[0] != "/":
#This site.com/dir ../etc/passwd
if target[-1] != "/":
#becames site.com/dir/../etc/passwd
final_target = target + "/" + directory
else:
final_target = target + directory
else:
if target[-1] == "/":
final_target = target[:-1] + directory
#Import connection module so the paths can be tested
conn = connection.verify(final_target, args.v, args.UserAgent,\
args.timeout)
#Checks for HTTP code of URL + payload. False to "check"
#Response_code returns (URL tested, HTTP code)
response_code = conn.HTTPcode(False)
#If page exists, check for redirections
if response_code[1] == 200:
#Add HTTP code results to found list
infos[response_code[0]] = [response_code[1]]
#Returns URL and Page size. Gives False to "check"
p_size = conn.PageSize(False)
#Add page size results to size list
infos[p_size[0]].append(p_size[1])
#Returns (URL, serverURL, Redirect status)
def test_GET(target_info, wlist):
"""
[GET] Path test function
"""
#target_info is a tuple and has
# [0] = URL
# [1] = default page size
# [2] = default HTML page
target = target_info[0]
p_size_default = target_info[1]
p_html_default = target_info[2]
#Will go through all the lines in the wordlist
for directory in wlist:
directory = directory.rstrip()
if directory not in scanned:
scanned.append(directory)
#If --timeset in use. The program will wait before next
#request
if args.timeset != None:
if args.v == True:
print("sleeping %s seconds" % args.timeset)
sleep(args.timeset)
#Here the final URL will be treated. This way we can assure the
#Right URL and payload will be passed
#Check if target URL finishs with "/"
# site.com/index.php?file= ../etc/passwd
if directory[0] != "/":
if target[-1] != "/":
#Final target becomes
#site.com/index.php?file=../etc/passwd
final_target = target + directory
#If site.com/index.php?file=/ ../etc/passwd
else:
#Final target becomes
#site.com/index.php?file=../etc/passwd
final_target = target[:-1] + directory
# site.com/index.php?file= /../etc/passwd
else:
#Final target becomes
#site.com/index.php?file=../etc/passwd
final_target = target + directory[1:]
if args.RandomAgent == True:
args.UserAgent = useragents.generate()
conn = connection.verify(final_target, args.v, args.UserAgent,
args.timeout)
#Checks for HTTP code of URL + payload. False to "check"
#Response_code returns (URL tested, HTTP code)
response_code = conn.HTTPcode(False)
#If page exists, check for redirections
if response_code[1] == 200:
#Add HTTP code results to found list
infos[response_code[0]] = [response_code[1]]
#Returns URL and Page size. Gives False to "check"
p_size = conn.PageSize(False)
#Add page size results to size list
infos[p_size[0]].append(p_size[1])
#Returns (URL, serverURL, Redirect status)
#False both to "check" and "parameter" Parameter will only
#be relevant if checking.
verify_red = conn.redirect(False, False)
#Add redirect results to redirect list
infos[verify_red[0]].append(verify_red[1]) #server URL
infos[verify_red[0]].append(verify_red[2]) #Redirect status
#Downloads page source code
#Returns page HTML. False to "check"
html = conn.HTML(False)
html = sub("<.*?>", "", html)
#Calls module tha test source code content
test_html = tester.crawler(html, args.v)
#Test HTML if it's the same as default page
comparation = test_html.compare(p_html_default)
if comparation == "not_equal":
#IF passes in first test. Go further
#Test HTML if contain payload string inside of HTML
test_payload = test_html.payload(final_target)
if test_payload[2] == "not_found":
#If passes on second test. Go further
#Test HTML if contain specific strings
test_string = test_html.strings(args.ignore)
if test_string == "not_found":
#If passes on third test. Go further
#Compares pages byte size
if p_size != p_size_default:
#Potential result
infos[final_target].append(html)
#If yes directory in scanned, skip
else:
pass