def run(forms, url, cookies):
"""
Itera todos os formulários preenchendo os campos com nossos payloads.
Se payload for injetado e executado com êxito, significa que a página é vulnerável ao XSS.
:param forms: Lista de formulários que existem na URL
:param url: URL alvo que irá servir como base para join com atributo action de formulários
:param cookies: Informações para auxiliar em caso de acesso restrito
:return: Flag informando se é ou não vulnerável ao XSS
"""
ajax_url = input('Informe a URL que está sendo enviada as informações via AJAX se existir: ')
file_payloads = open("payloads.txt", "r")
# Carregamos nosso arquivo que possui nossos payloads e para cada payload vamos fazer o teste
payloads = file_payloads.readlines()
# Transformamos as linhas do nosso arquivo em lista, para facilitar no loop
for payload in payloads:
for form in forms:
details = extractor.run(form) # details do formulário
js = ' '.join(payload.split())
# breakpoint()
response = submit.run(details=details, url=url, payload=js, ajax_url=ajax_url, cookies=cookies)
# breakpoint() # c2205pegoq1lqetqsnts7o0t06
if response:
if payload in response.content.decode():
print('--- Formulário Vulnerável ---')
print(form)
print('--- Payload Executado ---')
print(payload)
file_payloads.close()
def run(num_samples = 10000, verbose = False, Covid = False, feed_back = [],sf=0):
# Extract features
loading=open("((cm,-0.4)=0.84)causeSunWed.pkl",'rb')
xA, xF, xJ, xS, cmFJS, cmAJS, cmAFS, cmAFJ,_A,_F,_J,_S,cm4=load(loading)
loading.close()
#ext, val_xs, val_ys, count_vectorizer = extractor.run(
# verbose = verbose, num_samples = num_samples, feed_back = [cmFJS, cmAJS, cmAFS, cmAFJ],scoreFactor=-0.4)
ext, val_xs, val_ys, count_vectorizer = extractor.run(
verbose = verbose, num_samples = num_samples, feed_back = feed_back,scoreFactor=sf)
if Covid:
val_xs, val_ys = read_data()
## negationArray = [negation.mark_negation(sent) for sent in val_xs]
clf = Classifier(ext.score, ext.log_prior, ext.num_classes)
# Make validation bow
_, val_bows, sent = extractor._create_bow(val_xs, vectorizer=count_vectorizer, msg_prefix="\n[Validation]")
# Evaluation
## val_preds = clf.classify(val_xs, negationArray, count_vectorizer,ext.num_classes)
val_preds, val_scores = clf.classify(val_bows)
val_accuracy = accuracy_score(val_ys, val_preds)
val_cm = confusion_matrix(val_ys, val_preds)
val_cm_norm = confusion_matrix(val_ys, val_preds,normalize="true")
print("\n[Validation] Accuracy: {}".format(val_accuracy))
print("\n[Validation] Confusion matrix: \n{}".format(val_cm))
if True:
sn.heatmap(val_cm_norm, annot=True,cmap="Greens",xticklabels=["Anger","Fear","Joy","Sadness"],yticklabels=["Anger","Fear","Joy","Sadness"])
plt.show()
def main():
parser = argparse.ArgumentParser('minecraft-data-extractor', epilog=EPILOG)
parser.add_argument("-v", "--version", help=VERSION_HELP, required=True)
parser.add_argument("--decompile",
help="Decompile speicifed version",
action='store_true')
parser.add_argument(
"--extract",
nargs='?',
help=
"Possible extractors: burger, burger-extractor, jar-extractor, builtin. Seperate with commas. If none specified, all will be run.",
const='')
parser.add_argument("--diffs",
help="Generate git diffs from decompiled versions",
action='store_true')
parser.add_argument("--clean",
help="Erase data on completion (dry run).",
action='store_true')
parser.add_argument('--server',
help="Decompile server instead of client",
action='store_true')
parser.add_argument("--ignoreMappings",
help="Decompile even if mappings are not found",
action='store_true')
args = parser.parse_args()
print("Args", args)
versions = []
_versions = args.version
if '?' in _versions:
print_versions()
return
if _versions == 'all':
versions = []
elif ',' in _versions and ('>' in _versions or '<' in _versions):
parser.print_help()
print("Invalid versions")
sys.exit(1)
else:
versions = _versions.split(',')
if args.decompile:
print("Decompile ", versions, _versions,
'server' if args.server else 'client')
decompiler.run(versions,
client=not args.server,
ignoreMappings=args.ignoreMappings)
if args.extract != None:
toppings_ava = [
'burger', 'burger-extractor', 'jar-extractor', 'builtin'
]
toppings_req = args.extract.split(',')
toppings = []
if not args.extract:
toppings = toppings_ava
else:
for t in toppings_req:
if t in toppings_ava:
toppings.append(t)
extractor.run(versions,
runBurger='burger' in toppings,
runBE='burger-extractor' in toppings,
runJarExtractor='jar-extractor' in toppings)
if args.diffs:
if len(versions) == 2:
gen_diffs(versions[0], versions[1])
else:
gen_diffs()
print(f"Done: {len(utils.get_journal_writes())} files written")
if args.clean:
clean(args, versions)
pass
default_path='logging.yaml',
default_level=logging.INFO,
env_key='LOG_CFG'
):
path = default_path
value = os.getenv(env_key, None)
if value:
path = value
if os.path.exists(path):
with open(path, 'rt') as f:
config = yaml.load(f.read())
logging.config.dictConfig(config)
else:
logging.basicConfig(level=default_level)
if __name__ == '__main__':
setup_logging()
logger = logging.getLogger(__name__)
#logger.info('starting subsetter task')
#subsetter.run('46348_CAVoter.txt')
#logger.info('ended subsetter task')
counties = [
'alameda',
#'sanbernardino',
#'sanfrancisco'
'losangeles'
]
logger.info('starting extractor task')
extractor.run(counties)
logger.info('ended extractor task')
def run(num_samples=30000,
num_sentences=10,
outDeminish=4000,
verbose=False,
chunkScatter=False,
dates=[
"../../2020-04-19 Coronavirus Tweets.csv",
"../../2020-04-21 Coronavirus Tweets.csv",
"../../2020-04-22 Coronavirus Tweets.csv"
],
printtweets=False,
feedback=[]):
# the list "avoid" contains manual filtering data
avoid = ['...', "n't", 'https', "'re", "amp"]
data_list = []
for date in dates:
data_list.append(
pd.read_csv(date,
header=None,
engine='python',
skiprows=1,
encoding="utf-8"))
data = map(lambda df: list(df[4][df[21] == 'en'][df[11] > 90000]),
data_list)
# map(fun, iterable) returns function returns a map object(an iterator) of the results
# after applying the given function to each item of a given iterable
# val here means validation set. val_x means the validation tweet
# and val_y means the validated emotion for the val_x(tweet)
ext, val_xs, val_ys, count_vectorizer = extractor.run(
feed_back=feedback, verbose=verbose, num_samples=num_samples)
clf = classifier.Classifier(ext.score, ext.log_prior, ext.num_classes)
# Make validation bow(bag of words)
val_bows_list = []
random.seed(10)
for i in data:
_, val_bow_data, sentences = extractor._create_bow(
random.sample(i, num_samples),
vectorizer=count_vectorizer,
msg_prefix="\n[Validation]")
val_bows_list.append((val_bow_data, sentences))
# Evaluation
val_data_list = []
for x in val_bows_list:
val_pred, val_scores = clf.classify(x[0])
val_data_list.append((val_pred, val_scores, x[1]))
# See trend of emotions over time
result_data = []
for i in val_data_list:
fd = nltk.FreqDist(i[0])
result_data.append(list(fd.items()))
for d in dates:
print(d[8:13], end=" + ")
print()
_a, _f, _j, _s = 0, 0, 0, 0
for rData in result_data:
for i in rData:
if i[0] == 0:
_a += i[1]
elif i[0] == 1:
_f += i[1]
elif i[0] == 2:
_j += i[1]
else:
_s += i[1]
print("Anger : {0}, Fear: {1}, Joy: {2}, Sadness: {3}".format(
_a, _f, _j, _s))
tot = _a + _f + _j + _s
print("{0:.2f}%, {1:.2f}%, {2:.2f}%, {3:.2f}%".format(
_a / tot * 100, _f / tot * 100, _j / tot * 100, _s / tot * 100))
# See classification of random sentences from the first set
combined_preds, combined_scores, combined_tweets = [], [], []
for val_data in val_data_list:
combined_preds = combined_preds + list(val_data[0])
combined_scores = combined_scores + list(val_data[1])
combined_tweets = combined_tweets + list(val_data[2])
check_list = list(zip(combined_preds, combined_scores, combined_tweets))
check_anger = sorted([item for item in check_list if item[0] == 0],
key=lambda x: x[1],
reverse=True)
check_fear = sorted([item for item in check_list if item[0] == 1],
key=lambda x: x[1],
reverse=True)
check_joy = sorted([item for item in check_list if item[0] == 2],
key=lambda x: x[1],
reverse=True)
check_sadness = sorted([item for item in check_list if item[0] == 3],
key=lambda x: x[1],
reverse=True)
if printtweets:
print("ANGER:", len(check_anger))
for i in check_anger[:len(check_anger) // outDeminish]:
print(i)
print("FEAR:", len(check_fear))
for i in check_fear[:len(check_fear) // outDeminish]:
print(i)
print("JOY:", len(check_joy))
for i in check_joy[:len(check_joy) // outDeminish]:
print(i)
print("SADNESS:", len(check_sadness))
for i in check_sadness[:len(check_sadness) // outDeminish]:
print(i)
if chunkScatter:
model = Word2Vec([
nltk.word_tokenize(twt[2].lower())
for twt in check_fear + check_sadness + check_joy + check_anger
],
size=50,
workers=4,
iter=10)
checks = [check_anger, check_fear, check_joy, check_sadness]
title = ["Anger", "Fear", "Joy", "Sadness"]
titlei = 0
result = []
for check in checks:
Words = []
for _twt in check:
Words += list(nltk.word_tokenize(_twt[2].lower()))
wFD = nltk.FreqDist(Words)
# model = model.wv.save_word2vec_format()
words = [
w for w, fr in wFD.most_common(200)
if (w not in list(stp.words('english')) + avoid and len(w) > 2)
]
result.append(words)
if chunkScatter:
vecs = [model[w] for w in words]
tsne = TSNE(n_components=2)
vecs_tsne = tsne.fit_transform(vecs)
df = pd.DataFrame(vecs_tsne, index=words, columns=['x', 'y'])
fig = plt.figure()
fig.suptitle("Word Cluster for {}".format(title[titlei]),
fontsize=25)
ax = fig.add_subplot(1, 1, 1)
ax.title.set_text(title[titlei])
kcl = KMeansClusterer(5,
nltk.cluster.util.cosine_distance,
repeats=50)
Labels = kcl.cluster(vecs, assign_clusters=True)
colors = []
for i in Labels:
if (i == 0):
colors.append("r")
elif (i == 1):
colors.append("g")
elif (i == 2):
colors.append("y")
elif (i == 3):
colors.append("c")
elif (i == 4):
colors.append("m")
else:
colors.append("k")
ax.scatter(df['x'], df['y'], marker=6, s=270, c=colors)
titlei = titlei + 1
for word, pos in df.iterrows():
ax.annotate(word, pos, fontsize=10)
for j in range(10):
for i in range(len(vecs)):
if Labels[i] == j:
print(words[i])
print("\n")
plt.show()
return result
import extractor import sqlite import config import os import time weibo_list = extractor.run() if os.path.exists(config.sqlite_db): os.rename(config.sqlite_db, config.sqlite_db + str(int(time.time()))) sqlite.insert_into_new_db(weibo_list) sqlite.dump_db()
parser = argparse.ArgumentParser(description=description)
parser.add_argument("--option",
dest="option",
action="store",
choices=["c", "s", "e"],
required=True,
help="c - compress, s - scan, e - extract")
parser.add_argument("file",
metavar="file",
type=str,
help="path for file to processing")
parser.add_argument("--extract-dir", dest="extract_dir", action="store")
args = parser.parse_args()
print("{0}\n".format(description))
logging.info("Running scanner...")
scanner = scanner.Scanner(file_name=args.file)
results = scanner.run()
if results == None:
sys.exit(1)
if args.option == "e":
logging.info("Extracting...")
extractor = extractor.Extractor(file_name=args.file,
extract_dir=args.extract_dir,
results=results)
extractor.run()
