def _parse_payload(self, optsd):
selected_dic = []
if "-z" in optsd:
for i in optsd["-z"]:
vals = i.split(",")
t, par = vals[:2]
p = Facade().get_payload(t)(par)
l = []
if len(vals) == 3:
encoding = vals[2]
for i in encoding.split("-"):
if i.find('@') > 0:
l.append(
plugins.encoders.pencoder_multiple([
Facade().get_encoder(ii)
for ii in i.split("@")
]).encode)
else:
l += map(lambda x: x().encode,
Facade().proxy("encoders").get_plugins(i))
else:
l = [Facade().get_encoder('none').encode]
d = dictionary(p, l)
selected_dic.append(d)
# Alias por "-z file,Wordlist"
if "-w" in optsd:
for i in optsd["-w"]:
vals = i.split(",")
f, = vals[:1]
p = Facade().get_payload("file")(f)
l = []
if len(vals) == 2:
encoding = vals[1]
for i in encoding.split("-"):
if i.find('@') > 0:
l.append(
plugins.encoders.pencoder_multiple([
Facade().get_encoder(ii)
for ii in i.split("@")
]).encode)
else:
l += map(lambda x: x().encode,
Facade().proxy("encoders").get_plugins(i))
else:
l = [Facade().get_encoder('none').encode]
d = dictionary(p, l)
selected_dic.append(d)
iterat_tool = plugins.iterations.piterator_void
if "-m" in optsd:
iterat_tool = Facade().get_iterator(optsd['-m'][0])
elif len(selected_dic) > 0:
iterat_tool = Facade().get_iterator("product")
return iterat_tool(*selected_dic)
def search_bing(dork, key=None, raw=False):
if key is None:
key = Facade().sett.get('plugins', 'bing_apikey')
if not key:
raise FuzzException(
FuzzException.FATAL,
"An api Bing key is needed. Please chek wfuzz.ini.")
# some code taken from http://www.securitybydefault.com/2014/07/search2auditpy-deja-que-bing-haga-el.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityByDefault+%28Security+By+Default%29
user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
creds = (':{0!s}'.format(key)).encode('base64')[:-1]
auth = 'Basic {0!s}'.format(creds)
# temporary solution, wf should have a process performing http requests. even plugins might need this.
try:
request = urllib2.Request(
'https://api.datamarket.azure.com/Data.ashx/Bing/Search/Composite?Sources=%27web%27&Query=%27'
+ dork + '%27&$format=json')
request.add_header('Authorization', auth)
request.add_header('User-Agent', user_agent)
requestor = urllib2.build_opener()
result = requestor.open(request)
except Exception, e:
raise FuzzException(
FuzzException.FATAL,
"Error when retrieving Bing API results: {0!s}.".format(e.msg))
def __init__(self, options):
self.genReq = options.get("genreq")
# Get active plugins
lplugins = None
if options.get("script_string"):
lplugins = Facade().get_parsers(options.get("script_string"))
if not lplugins:
raise FuzzException(
FuzzException.FATAL,
"No plugin selected, check the --script name or category introduced."
)
recursive = lplugins or options.get("rlevel") > 0
filtering = options.get('filter_params')['active'] is True
# Create queues (in reverse order)
# genReq ---> seed_queue -> http_queue -> [round_robin] -> [plugins_queue] * N -> process_queue -> [routing_queue] -> [filter_queue]---> results_queue
self.results_queue = MyPriorityQueue()
self.filter_queue = FilterQ(options.get("filter_params"),
self.results_queue) if filtering else None
self.routing_queue = RoutingQ(
None, self.filter_queue
if filtering else self.results_queue) if recursive else None
self.process_queue = ProcessorQ(
options.get("rlevel"), self.genReq.stats,
self.routing_queue if recursive else
self.filter_queue if filtering else self.results_queue)
self.plugins_queue = None
if lplugins:
cache = HttpCache()
self.plugins_queue = RoundRobin([
JobMan(lplugins, cache, self.process_queue),
JobMan(lplugins, cache, self.process_queue),
JobMan(lplugins, cache, self.process_queue)
])
self.http_queue = HttpQueue(
options, self.plugins_queue if lplugins else self.process_queue)
self.seed_queue = SeedQ(self.genReq, options.get("sleeper"),
self.http_queue)
# recursion routes
if recursive:
self.routing_queue.set_routes({
"<class 'framework.fuzzer.fuzzobjects.FuzzRequest'>":
self.seed_queue,
"framework.plugins.pluginobjects.PluginRequest":
self.http_queue,
"framework.fuzzer.fuzzobjects.FuzzResult":
self.filter_queue if filtering else self.results_queue
})
## initial seed request
self.seed_queue.put_priority(1, self.genReq)
fz = Fuzzer(session_options)
if session_options.get("interactive"):
# initialise controller
try:
kb = KeyPress()
except ImportError, e:
raise FuzzException(
FuzzException.FATAL,
"Error importing necessary modules for interactive mode: %s" %
str(e))
else:
mc = Controller(fz, kb)
kb.start()
printer = Facade().get_printer(session_options.get("printer_tool"))
printer.header(fz.genReq.stats)
for res in fz:
printer.result(res) if res.is_visible else printer.noresult(res)
printer.footer(fz.genReq.stats)
except FuzzException, e:
print "\nFatal exception: %s" % e.msg
if fz: fz.cancel_job()
except KeyboardInterrupt:
print "\nFinishing pending requests..."
if fz: fz.cancel_job()
except NotImplementedError, e:
print "\nFatal exception: Error importing wfuzz extensions"
finally:
for genreq in genreqs:
# Create fuzzer's engine
session_options.set("genreq",genreq)
fz = Fuzzer(session_options)
if session_options.get("interactive"):
# initialise controller
try:
kb = KeyPress()
except ImportError, e:
raise FuzzException(FuzzException.FATAL, "Error importing necessary modules for interactive mode: %s" % str(e))
else:
mc = Controller(fz, kb)
kb.start()
printer = Facade().get_printer(session_options.get("printer_tool"))
printer.header(fz.genReq.stats)
for res in fz:
printer.result(res) if res.is_visible else printer.noresult(res)
printer.footer(fz.genReq.stats)
except FuzzException, e:
print "\nFatal exception: %s" % e.msg
if fz: fz.cancel_job()
except KeyboardInterrupt:
print "\nFinishing pending requests..."
if fz: fz.cancel_job()
except NotImplementedError, e:
print "\nFatal exception: Error importing wfuzz extensions"
finally:
def __init__(self):
self.black_list = Facade().sett.get('plugins', 'file_bl').split(",")
if self.has_kbase("discovery.bl"):
self.black_list = self.get_kbase("discovery.bl")[0].split("-")
def show_plugins_help(self, registrant, cols=3, category="$all$"):
print "\nAvailable %s:\n" % registrant
table_print(
map(lambda x: x[cols:],
Facade().proxy(registrant).get_plugins_ext(category)))
sys.exit(0)
def _parse_options(self, optsd, options):
if "-p" in optsd:
proxy = []
for p in optsd["-p"][0].split('-'):
vals = p.split(":")
if len(vals) == 2:
proxy.append((vals[0], vals[1], "HTML"))
elif len(vals) == 3:
if vals[2] not in ("SOCKS5", "SOCKS4", "HTML"):
raise FuzzException(
FuzzException.FATAL,
"Bad proxy type specified, correct values are HTML, SOCKS4 or SOCKS5."
)
proxy.append((vals[0], vals[1], vals[2]))
else:
raise FuzzException(FuzzException.FATAL,
"Bad proxy parameter specified.")
options.set('proxy_list', proxy)
if "-R" in optsd:
options.set("rlevel", int(optsd["-R"][0]))
options.set("printer_tool", "default")
if "-v" in optsd:
options.set("printer_tool", "verbose")
if "-c" in optsd:
Facade().proxy("printers").kbase.add("colour", True)
if "-A" in optsd:
options.set("printer_tool", "verbose")
Facade().proxy("printers").kbase.add("colour", True)
options.set("script_string", "default")
options.set("scanmode", "-Z" in optsd)
if "-o" in optsd:
options.set("printer_tool", optsd['-o'][0])
if "--script" in optsd:
options.set(
"script_string", "default"
if optsd["--script"][0] == "" else optsd["--script"][0])
if "--script-args" in optsd:
vals = optsd["--script-args"][0].split(",")
for i in vals:
k, v = i.split("=", 1)
Facade().proxy("parsers").kbase.add(k, v)
options.set("interactive", "--interact" in optsd)
# HTTP options
if "-s" in optsd:
options.set("sleeper", float(optsd["-s"][0]))
if "-t" in optsd:
options.set("max_concurrent", int(optsd["-t"][0]))