Пример #1
0
def resultHandler(status, payload):
    th.output_screen_lock.acquire()
    sys.stdout.write(payload + " " * (th.console_width - len(payload)) + "\r")
    sys.stdout.flush()
    th.output_screen_lock.release()
    if not status or status is POC_RESULT_STATUS.FAIL:
        return
    # try again
    elif status is POC_RESULT_STATUS.RETRAY:
        changeScanCount(-1)
        th.target.put(payload)
        return
    # vulnerable
    elif status is True or status is POC_RESULT_STATUS.SUCCESS:
        msg = '[+] ' + payload
        th.output_screen_lock.acquire()
        outputscreen.info(msg)  # 成功了
        th.output_screen_lock.release()
        th.result.append(payload)
    else:
        msg = str(status)
        th.output_screen_lock.acquire()
        outputscreen.info(msg)
        th.output_screen_lock.release()
        th.result.append(msg)

    # get found number of payload +1
    changeFoundCount(1)

    # if result list is too large, save it to file and empty list
    if len(th.result) > 5000:
        if not th.no_output:
            output2file(th.result)
            th.result = []
Пример #2
0
def responseHandler(response):
    '''
    @description: 处理响应结果
    @param {type}
    @return:
    '''
    #结果处理阶段
    try:
        size = intToSize(int(response.headers['content-length']))
    except (KeyError, ValueError):
        size = intToSize(len(response.content))
    #跳过大小为skip_size的页面
    if size == conf.skip_size:
        return

    #自动识别404-判断是否与获取404页面特征匹配
    if conf.auto_check_404_page:
        if hashlib.md5(
                response.content).hexdigest() in conf.autodiscriminator_md5:
            return

    #自定义状态码显示
    if response.status_code in conf.response_status_code:
        msg = '[{}]'.format(str(response.status_code))
        if conf.response_header_content_type:
            msg += '[{}]'.format(response.headers.get('content-type'))
        if conf.response_size:
            msg += '[{}] '.format(str(size))
        msg += response.url
        outputscreen.info('\r' + msg + ' ' * (th.console_width - len(msg) + 1))
        conf['thread'].update.emit(response.url,
                                   response.headers.get('content-type'),
                                   str(size), str(response.status_code))
        #已去重复,结果保存。NOTE:此处使用response.url进行文件名构造,解决使用-iL参数时,不能按照域名来命名文件名的问题
        #使用replace(),替换`:`,修复window下不能创建有`:`的文件问题
        saveResults(
            urllib.parse.urlparse(response.url).netloc.replace(':', '_'), msg)
    #关于递归扫描。响应在自定义状态码中时,添加判断是否进行递归扫描
    if response.status_code in conf.recursive_status_code:
        if conf.recursive_scan:
            recursiveScan(response.url, payloads.all_payloads)

    #自定义正则匹配响应
    if conf.custom_response_page:
        pattern = re.compile(conf.custom_response_page)
        if pattern.search(response.text):
            outputscreen.info(
                '[!] Custom response information matched\n[!] use regular expression:{}\n[!] matched page:{}'
                .format(conf.custom_response_page, response.text))
Пример #3
0
def responseHandler(response):
    '''
    @description: 处理响应结果
    @param {type} 
    @return: 
    '''
    #3结果处理阶段
    try:
        size = intToSize(int(response.headers['content-length']))
    except (KeyError, ValueError):
        size = intToSize(len(response.content))
    #跳过大小为skip_size的页面
    if size == conf.skip_size:
        return
    #自定义404页面
    if conf.custom_404_page in response.text:
        return
    #自定义状态码显示
    if response.status_code in conf.response_status_code:
        msg = '[' + str(response.status_code) + ']'
        if conf.response_header_content_type:
            msg += '[' + response.headers['content-type'] + ']'
        if conf.response_size:
            msg += '[' + str(size) + ']'
        msg += response.url
        outputscreen.info('\r' + msg + ' ' * (th.console_width - len(msg) + 1))
        #已去重复,结果保存。NOTE:此处使用response.url进行文件名构造,解决使用-iL参数时,不能按照域名来命名文件名的问题
        saveResults(urllib.parse.urlparse(response.url).netloc, msg)
    #关于递归扫描。响应在自定义状态码中时,添加判断是否进行递归扫描
    if response.status_code in conf.recursive_status_code:
        if conf.recursive_scan:
            recursiveScan(response.url, payloads.all_payloads)
    #自定义正则匹配响应
    pattern = re.compile(conf.custom_response_page)
    if pattern.search(response.text):
        outputscreen.info(
            '[!] custom response information matched\n[!] use regular expression:{}\n[!] matched page:{}'
            .format(conf.custom_response_page, response.text))
Пример #4
0
def _initHttpClient():
    if conf.google_proxy:
        proxy_str = conf.google_proxy
    elif ConfigFileParser().google_proxy():
        proxy_str = ConfigFileParser().google_proxy()
    else:
        proxy_str = None

    if not proxy_str:
        return Http()

    msg = 'Proxy: %s' % proxy_str
    outputscreen.info(msg)
    proxy = proxy_str.strip().split(' ')
    if len(proxy) != 3:
        msg = '[-] SyntaxError in GoogleProxy string, Please check your args or config file.'
        outputscreen.error(msg)
        sys.exit()
    if proxy[0].lower() == 'http':
        type = PROXY_TYPE.HTTP
    elif proxy[0].lower() == 'sock5':
        type = PROXY_TYPE.SOCKS5
    elif proxy[0].lower() == 'sock4':
        type = PROXY_TYPE.SOCKS4
    else:
        msg = '[-] Invalid proxy-type in GoogleProxy string, Please check your args or config file.'
        outputscreen.error(msg)
        sys.exit()
    try:
        port = int(proxy[2])
    except ValueError:
        msg = '[-] Invalid port in GoogleProxy string, Please check your args or config file.'
        outputscreen.error(msg)
        sys.exit()
    else:
        http_client = Http(proxy_info=ProxyInfo(type, proxy[1], port))
    return http_client
Пример #5
0
def resultHandler(status, payload):
    if th.thread_mode: th.output_screen_lock.acquire()
    sys.stdout.write(payload + " " * (th.console_width - len(payload)) + "\r")
    sys.stdout.flush()
    if th.thread_mode: th.output_screen_lock.release()
    if not status or status is POC_RESULT_STATUS.FAIL:
        return
    # try again
    elif status is POC_RESULT_STATUS.RETRAY:
        change_scan_count(-1)
        th.target.put(payload)
        return
    # vulnerable
    elif status is True or status is POC_RESULT_STATUS.SUCCESS:
        msg = '[+] ' + payload
        if th.thread_mode: th.output_screen_lock.acquire()
        outputscreen.info(msg)
        if th.thread_mode: th.output_screen_lock.release()
        th.result.append(payload)
    # If there is a lot of information, Line feed display
    elif isinstance(status, list):
        if th.thread_mode: th.output_screen_lock.acquire()
        for msg in status:
            outputscreen.info(msg)
            th.result.append(msg)
        if th.thread_mode: th.output_screen_lock.release()

    else:
        msg = str(status)
        if th.thread_mode: th.output_screen_lock.acquire()
        outputscreen.info(msg)
        if th.thread_mode: th.output_screen_lock.release()
        th.result.append(msg)

    # get found number of payload +1
    change_found_count(1)

    # if result list is too large, save it to file and empty list
    if len(th.result) > 5000:
        if not th.no_output:
            output2file(th.result)
            th.result = []