Пример #1
0
    def _send_in_threads(self, base_url, vhosts):
        base_url_repeater = repeat(base_url)
        args_iterator = izip(base_url_repeater, vhosts)
        http_get = return_args(one_to_many(self._http_get_vhost))
        pool_results = self.worker_pool.imap_unordered(http_get, args_iterator)

        for ((base_url, vhost), ), vhost_response in pool_results:
            yield vhost, vhost_response
Пример #2
0
    def _send_in_threads(self, base_url, vhosts):
        base_url_repeater = repeat(base_url)
        args_iterator = izip(base_url_repeater, vhosts)
        http_get = return_args(one_to_many(self._http_get_vhost))
        pool_results = self.worker_pool.imap_unordered(http_get,
                                                          args_iterator)

        for ((base_url, vhost),), vhost_response in pool_results:
            yield vhost, vhost_response
Пример #3
0
    def discover(self, fuzzable_request):
        '''
        Checks if JBoss Interesting Directories exist in the target server.
        Also verifies some vulnerabilities.
        '''
        fuzzable_requests_to_return = []
        base_url = fuzzable_request.get_url().base_url()

        args_iter = izip(repeat(base_url), self.JBOSS_VULNS)
        otm_send_request = one_to_many(self.send_request)
        response_pool = self.worker_pool.imap_unordered(
            otm_send_request, args_iter)

        for vuln_db_instance, response in response_pool:

            if not is_404(response):

                vuln_url = base_url.url_join(vuln_db_instance['url'])
                name = vuln_db_instance['name']
                desc = vuln_db_instance['desc']

                if vuln_db_instance['type'] == 'info':
                    o = Info(name, desc, response.id, self.get_name())

                else:                    
                    o = Vuln(name, desc, severity.LOW, response.id,
                             self.get_name())
                    
                o.set_url(vuln_url)

                kb.kb.append(self, 'find_jboss', o)

                fuzzable_requests_to_return.extend(
                    self._create_fuzzable_requests(response))

        return fuzzable_requests_to_return
Пример #4
0
        """

        def http_get(fuzzable_request, (egg_url, egg_desc)):
            egg_URL = fuzzable_request.get_url().uri2url().url_join(egg_url)
            try:
                response = self._uri_opener.GET(egg_URL, cache=True)
            except w3afException, w3:
                raise w3
            else:
                return response, egg_URL, egg_desc

        # Send the requests using threads:
        query_results = []
        EggQueryResult = namedtuple("EggQueryResult", ["http_response", "egg_desc", "egg_URL"])

        http_get = one_to_many(http_get)
        fr_repeater = repeat(fuzzable_request)
        args_iterator = izip(fr_repeater, self.PHP_EGGS)
        pool_results = self.worker_pool.imap_unordered(http_get, args_iterator)

        for response, egg_URL, egg_desc in pool_results:
            eqr = EggQueryResult(response, egg_desc, egg_URL)
            query_results.append(eqr)

        return query_results

    def _are_php_eggs(self, query_results):
        """
        Now I analyze if this is really a PHP eggs thing, or simply a response that
        changes a lot on each request. Before, I had something like this:
Пример #5
0
        '''
        def http_get(fuzzable_request, (egg_url, egg_desc)):
            egg_URL = fuzzable_request.get_url().uri2url().url_join(egg_url)
            try:
                response = self._uri_opener.GET(egg_URL, cache=True)
            except w3afException, w3:
                raise w3
            else:
                return response, egg_URL, egg_desc

        # Send the requests using threads:
        query_results = []
        EggQueryResult = namedtuple('EggQueryResult',
                                    ['http_response', 'egg_desc', 'egg_URL'])

        http_get = one_to_many(http_get)
        fr_repeater = repeat(fuzzable_request)
        args_iterator = izip(fr_repeater, self.PHP_EGGS)
        pool_results = self.worker_pool.imap_unordered(http_get, args_iterator)

        for response, egg_URL, egg_desc in pool_results:
            eqr = EggQueryResult(response, egg_desc, egg_URL)
            query_results.append(eqr)

        return query_results

    def _are_php_eggs(self, query_results):
        '''
        Now I analyze if this is really a PHP eggs thing, or simply a response that
        changes a lot on each request. Before, I had something like this: