def run_url(req, rule):
def _contains(content, chars):
content = re.sub(r"\\[%s]" % "".join(chars), "", content,
re.S) if chars else content
return all(char in content for char in chars)
details = []
response = None
params = req.params
for match in PARAMS_PATTERN.finditer(params):
found = False
prefix, suffix = [
"".join(random.sample(string.ascii_lowercase,
PREFIX_SUFFIX_LENGTH)) for i in xrange(2)
]
for pool in (LARGER_CHAR_POOL, SMALLER_CHAR_POOL):
if not found:
tampered = params.replace(
match.group('value'),
"%s%s%s%s" % (match.group('value'), prefix, "".join(
random.sample(pool, len(pool))), suffix))
res = requestUrl(req, tampered)
if not res:
continue
content = res.text
for sample in re.finditer("%s(.+?)%s" % (prefix, suffix),
content, re.I | re.S):
for regex, condition, info in XSS_PATTERNS:
context = re.search(
regex % dict((("chars",
reduce(
lambda filtered, char: filtered.
replace(char, "\\%s" % char),
REGEX_SPECIAL_CHARS,
sample.group(0))), )), content,
re.I | re.S)
if context and not found and sample.group(1).strip():
#print sample.group(1),condition
if _contains(sample.group(1), condition):
msg = info % dict((("filtering", "no" if all(
char in sample.group(1)
for char in LARGER_CHAR_POOL) else
"some"), ))
DEBUG(msg)
found = True
if response is None:
response = res
details.append(u"漏洞参数:%s" % match.group('key'))
break
#end for
#end for
#end for
if response is not None:
return Result(response, details)
def retrieve_content(req, payloads=None, **kwargs):
retval = None
res = requestUrl(req, payloads, **kwargs)
if res:
retval = {}
retval[RESPONSE] = res
retval[HTTPCODE] = res.status_code
retval[HTML] = res.text
match = TITLE_PATTERN.search(retval[HTML])
retval[TITLE] = match.group('title') if match else None
retval[TEXT] = TEXT_PATTERN.sub(" ", retval[HTML])
return retval
def retrieve_content(req, payloads=None, **kwargs):
retval = None
res = requestUrl(req, payloads, **kwargs)
if res:
retval = {}
retval[RESPONSE] = res
retval[HTTPCODE] = res.status_code
retval[HTML] = res.text
match = TITLE_PATTERN.search(retval[HTML])
retval[TITLE] = match.group('title') if match else None
retval[TEXT] = TEXT_PATTERN.sub(" ", retval[HTML])
return retval
def run_url(req,rule):
"""
req:
url: http://www.example.com
method: get/post
params: name=skycrab&age24
referer: http://www.example.com/refer.html
rule:
domain: http://www.example.com/ (scheme+host+basepath)
"""
req = requestUrl(req)
if req:
details = [match.group(1) for line in req.iter_lines() for match in _INNER_IPADDR.finditer(line) if all(0<=int(x)<=255 for x in match.group(1).split('.'))]
if details:
return Result(req, details)
def run_url(req, rule):
"""
req:
url: http://www.example.com
method: get/post
params: name=skycrab&age24
referer: http://www.example.com/refer.html
rule:
domain: http://www.example.com/ (scheme+host+basepath)
"""
req = requestUrl(req)
if req:
details = [
match.group(1) for line in req.iter_lines()
for match in _INNER_IPADDR.finditer(line)
if all(0 <= int(x) <= 255 for x in match.group(1).split('.'))
]
if details:
return Result(req, details)
def run_url(req, rule):
def _contains(content, chars):
content = re.sub(r"\\[%s]" % "".join(chars), "", content, re.S) if chars else content
return all(char in content for char in chars)
details = []
response = None
params = req.params
for match in PARAMS_PATTERN.finditer(params):
found = False
prefix, suffix = ["".join(random.sample(string.ascii_lowercase, PREFIX_SUFFIX_LENGTH)) for i in xrange(2)]
for pool in (LARGER_CHAR_POOL, SMALLER_CHAR_POOL):
if not found:
tampered = params.replace(match.group('value'), "%s%s%s%s" % (match.group('value'), prefix, "".join(random.sample(pool, len(pool))), suffix))
res = requestUrl(req,tampered)
if not res:
continue
content = res.text
for sample in re.finditer("%s(.+?)%s" % (prefix, suffix), content, re.I|re.S):
for regex, condition, info in XSS_PATTERNS:
context = re.search(regex % dict((("chars",reduce(lambda filtered, char: filtered.replace(char, "\\%s" % char), REGEX_SPECIAL_CHARS, sample.group(0))),)), content, re.I|re.S)
if context and not found and sample.group(1).strip():
#print sample.group(1),condition
if _contains(sample.group(1), condition):
msg = info % dict((("filtering", "no" if all(char in sample.group(1) for char in LARGER_CHAR_POOL) else "some"),))
DEBUG(msg)
found = True
if response is None:
response = res
details.append(u"漏洞参数:%s" % match.group('key'))
break
#end for
#end for
#end for
if response is not None:
return Result(response,details)
def run_url(req, rule):
req = requestUrl(req)
if req and _FILE_UPLOAD.search(req.text):
#print '--------------_FILE_UPLOAD------------------'
return Result(req, '')
def run_url(req,rule):
req = requestUrl(req)
if req and _FILE_UPLOAD.search(req.text):
#print '--------------_FILE_UPLOAD------------------'
return Result(req,'')
