def makeFile():
"""
Membuat file hasil brute force
"""
dirname = os.path.dirname(SETTING.OUTPUT)
if not dirname:
dirname = DEFAULT.OUTPUT_DIRECTORY
elif not os.path.isdir(os.path.realpath(dirname)):
warnMsg = "No such directory %s (using default %s)"
warnMsg %= (repr(dirname), repr(DEFAULT.OUTPUT_DIRECTORY))
logger.warn(warnMsg)
dirname = DEFAULT.OUTPUT_DIRECTORY
dirname = os.path.realpath(dirname)
filename = os.path.basename(SETTING.OUTPUT)
if not filename:
filename = DEFAULT.FILENAME
else:
filename = filename.split(".", 1)[0]
filename = filename + "-" + os.urandom(4).encode(
"hex") + "." + DEFAULT.FILE_EXTENSION
filepath = os.path.join(dirname, filename)
fp = open(filepath, "w")
return fp
raise BrutemapSkipTargetException
else:
authType = header.split(" ", 1)[0].lower()
auth_handler = None
if authType == "basic":
auth_handler = requests.auth.HTTPBasicAuth
elif authType == "digest":
auth_handler = requests.auth.HTTPDigestAuth
else:
warnMsg = "Unsupported HTTP authentication (%s). " % repr(authType.capitalize())
logger.warn(warnMsg)
infoMsg = "Enter HTTP authentication handler (for 'python-requests'). "
infoMsg += "(press 'CTRL-C' to exit)"
logger.info(infoMsg)
registerInterruptHandler(reset=True)
skip_target = False
while not skip_target:
try:
auth_handler = __import__(raw_input("[#] (e.g. 'requests.auth.HTTPDigestAuth')> "))
if issubclass(auth_handler, requests.auth.AuthBase) and \
not auth_handler is requests.auth.AuthBase:
break
except KeyboardInterrupt:
def checkTarget(url):
"""
Memeriksa jika target adalah target yang didukung.
"""
infoMsg = "Checking target..."
logger.info(infoMsg)
response = None
try:
wrapped = errormanager(requests.get)
response = wrapped(url)
except Exception as e:
logger.exception(e)
raise BrutemapSkipTargetException
if response.status_code == 401:
infoMsg = "Login page type: 'HTTP AUTHENTICATION'"
logger.info(infoMsg)
TARGET.URL = response.url
header = response.headers.get("www-authenticate")
if not header:
criMsg = "Cannot find HTTP Authentication type. "
criMsg += "url %s there is no HTTP header 'WWW-Authenticate'" % repr(
url)
logger.critical(criMsg)
raise BrutemapSkipTargetException
else:
authType = header.split(" ", 1)[0].lower()
auth_handler = None
if authType == "basic":
auth_handler = requests.auth.HTTPBasicAuth
elif authType == "digest":
auth_handler = requests.auth.HTTPDigestAuth
else:
warnMsg = "Unsupported HTTP authentication (%s). " % repr(
authType.capitalize())
logger.warn(warnMsg)
infoMsg = "Enter HTTP authentication handler (for 'python-requests'). "
infoMsg += "(press 'CTRL-C' to exit)"
logger.info(infoMsg)
registerInterruptHandler(reset=True)
skip_target = False
while not skip_target:
try:
auth_handler = __import__(
raw_input(
"[#] (e.g. 'requests.auth.HTTPDigestAuth')> "))
if issubclass(auth_handler, requests.auth.AuthBase) and \
not auth_handler is requests.auth.AuthBase:
break
except KeyboardInterrupt:
print()
skip_target = True
except Exception as e:
logger.exception(e)
registerInterruptHandler()
if skip_target:
raise BrutemapSkipTargetException
infoMsg = "HTTP authentication type: %s" % authType.capitalize()
logger.info(infoMsg)
SETTING.HTTP_AUTH_HANDLER = auth_handler
else:
SETTING.HTTP_AUTH_HANDLER = response = None
browser.get(url)
form_elements = [] if response is not None else getFormElements()
if len(form_elements) > 0:
fields = getFormField()
status, pageType = isSupportedTarget(fields)
if not status:
criMsg = "Unsupported target"
logger.critical(criMsg)
raise BrutemapSkipTargetException
else:
TARGET.URL = str(browser.current_url)
infoMsg = "Login page type: %s" % repr(pageType)
logger.info(infoMsg)
bruteForceAttack(fields)
elif response is not None:
bruteForceAttack((), http_auth=response)
else:
criMsg = "Unsupported target"
logger.critical(criMsg)
raise BrutemapSkipTargetException
"User-Agent":
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0"
}
result = {"type": None}
logger.info("request a url: %s" % url)
try:
req = requests.get(url, headers=header, timeout=4)
except Exception, e:
try:
logger.error("%s @@ requests fail and the info is %s" %
(url.encode('utf-8'), e))
except:
print url
print isinstance(url, unicode)
return result
if 'text/html' in req.headers['Content-Type']:
logger.debug("get a html page: " + url)
result['type'] = 'html'
result['html'] = req.text
result['url'] = url
elif 'text/javascript' in req.headers['Content-Type']:
logger.debug("get a js page: " + url)
result['type'] = 'js'
result['html'] = req.text
result['url'] = url
else:
logger.warn("the page is not a html or a js(" + url + ")")
return result
header = {
"User-Agent":
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0"
}
result = {"type": None}
logger.info("request a url: %s" %url)
try:
req = requests.get(url, headers=header, timeout=4)
except Exception, e:
try:
logger.error("%s @@ requests fail and the info is %s" %(url.encode('utf-8'), e))
except:
print url
print isinstance(url, unicode)
return result
if 'text/html' in req.headers['Content-Type']:
logger.debug("get a html page: " + url)
result['type'] = 'html'
result['html'] = req.text
result['url'] = url
elif 'text/javascript' in req.headers['Content-Type']:
logger.debug("get a js page: " + url)
result['type'] = 'js'
result['html'] = req.text
result['url'] = url
else:
logger.warn("the page is not a html or a js("+url+")")
return result