def test_normalize_2(self):
window = WindowDict()
window.url = 'www.google.com'
s = HTTPSession()
url = s._normalize_protocol_relative_url(window, '//www.google.com')
assert url == 'http://www.google.com'
def run_remote(self, url):
log.last_url = None
log.last_url_fetched = None
log.ThugOpts.local = False
try:
scheme = urlparse.urlparse(url).scheme
except ValueError as e:
log.warning("[WARNING] Analysis not performed (%s)", e.message)
return
if not scheme or not scheme.startswith('http'):
url = 'http://%s' % (url, )
log.ThugLogging.set_url(url)
log.HTTPSession = HTTPSession()
doc = w3c.parseString('')
window = Window(log.ThugOpts.referer,
doc,
personality=log.ThugOpts.useragent)
window = window.open(url)
if window:
self.__run(window)
def run_local(self, url):
log.last_url = None
log.last_url_fetched = None
log.ThugLogging.set_url(url)
log.ThugOpts.local = True
log.HTTPSession = HTTPSession()
content = open(url, 'r').read()
extension = os.path.splitext(url)
encoding = cchardet.detect(content)
if len(extension) > 1 and extension[1].lower() in (
'.js',
'.jse',
):
if not content.lstrip().startswith('<script'):
html = tostring(
E.HTML(
E.HEAD(),
E.BODY(E.SCRIPT(content.decode(
encoding['encoding'])))))
else:
soup = BeautifulSoup(content, "html.parser")
try:
soup.html.unwrap()
except AttributeError:
pass
try:
soup.head.unwrap()
except AttributeError:
pass
try:
soup.body.unwrap()
except AttributeError:
pass
html = tostring(
E.HTML(E.HEAD(), E.BODY(E.SCRIPT(soup.script.get_text()))))
else:
html = content
if log.ThugOpts.features_logging:
log.ThugLogging.Features.add_characters_count(len(html))
log.ThugLogging.Features.add_whitespaces_count(
len([a for a in html if a.isspace()]))
doc = w3c.parseString(html)
window = Window('about:blank', doc, personality=log.ThugOpts.useragent)
window.open()
self.__run(window)
def run_local(self, url):
log.last_url = None
log.last_url_fetched = None
log.ThugLogging.set_url(url)
log.ThugOpts.local = True
log.HTTPSession = HTTPSession()
content = open(url, 'r', encoding="utf-8").read()
extension = os.path.splitext(url)
if len(extension) > 1 and extension[1].lower() in (
'.js',
'.jse',
):
if not content.lstrip().startswith('<script'):
html = tostring(E.HTML(E.HEAD(), E.BODY(E.SCRIPT(content))))
else:
soup = bs4.BeautifulSoup(content, "html.parser")
try:
soup.html.unwrap()
except AttributeError:
pass
try:
soup.head.unwrap()
except AttributeError:
pass
try:
soup.body.unwrap()
except AttributeError:
pass
code = soup.script.get_text(types=(NavigableString, CData,
Script))
html = tostring(E.HTML(E.HEAD(), E.BODY(E.SCRIPT(code))))
else:
html = content
if log.ThugOpts.features_logging:
log.ThugLogging.Features.add_characters_count(len(html))
whitespaces_count = len([
a for a in html
if isinstance(a, six.string_types) and a.isspace()
])
log.ThugLogging.Features.add_whitespaces_count(whitespaces_count)
doc = w3c.parseString(html)
window = Window('about:blank', doc, personality=log.ThugOpts.useragent)
window.open()
self.__run(window)
def run_remote(self, url):
scheme = urlparse.urlparse(url).scheme
if not scheme or not scheme.startswith('http'):
url = 'http://%s' % (url, )
log.ThugLogging.set_url(url)
log.HTTPSession = HTTPSession()
doc = w3c.parseString('')
window = Window(log.ThugOpts.referer, doc, personality = log.ThugOpts.useragent)
window = window.open(url)
if window:
self.__run(window)
def run_local(self, url):
log.ThugLogging.set_url(url)
log.ThugOpts.local = True
log.HTTPSession = HTTPSession()
content = open(url, 'r').read()
extension = os.path.splitext(url)
if len(extension) > 1 and extension[1].lower() in ('.js'):
html = tostring(E.HTML(E.BODY(E.SCRIPT(content))))
else:
html = content
doc = w3c.parseString(html)
window = Window('about:blank', doc, personality=log.ThugOpts.useragent)
window.open()
self.run(window)
def run_local(self, url):
log.ThugLogging.set_url(url)
log.ThugOpts.local = True
log.HTTPSession = HTTPSession()
content = open(url, 'r').read()
extension = os.path.splitext(url)
if len(extension) > 1 and extension[1].lower() in (
'.js',
'.jse',
):
if not content.lstrip().startswith('<script'):
html = tostring(E.HTML(E.HEAD(), E.BODY(E.SCRIPT(content))))
else:
soup = BeautifulSoup(content, "html.parser")
try:
soup.html.unwrap()
except AttributeError:
pass
try:
soup.head.unwrap()
except AttributeError:
pass
try:
soup.body.unwrap()
except AttributeError:
pass
html = tostring(
E.HTML(E.HEAD(), E.BODY(E.SCRIPT(soup.script.get_text()))))
else:
html = content
doc = w3c.parseString(html)
window = Window('about:blank', doc, personality=log.ThugOpts.useragent)
window.open()
self.__run(window)
from thug.ThugAPI.ThugVulnModules import ThugVulnModules
from thug.Logging.ThugLogging import ThugLogging
from thug.Encoding.Encoding import Encoding
from thug.DOM.HTTPSession import HTTPSession
configuration_path = thug.__configuration_path__
log = logging.getLogger("Thug")
log.personalities_path = os.path.join(configuration_path, "personalities") if configuration_path else None
log.ThugOpts = ThugOpts()
log.configuration_path = configuration_path
log.ThugLogging = ThugLogging(thug.__version__)
log.ThugVulnModules = ThugVulnModules()
log.Encoding = Encoding()
log.HTTPSession = HTTPSession()
class TestMongoDB:
cve = "CVE-XXXX"
url = "www.example.com"
data = b"sample-data"
desc = "sample-desc"
cert = "sample-cert"
file_data = {'sha1': 'b13d13733c4c9406fd0e01485bc4a34170b7d326',
'data': data,
'ssdeep': u'24:9EGtDqSyDVHNkCq4LOmvmuS+MfTAPxokCOB:97tG5DjQ4LDs+sTAPxLT',
'sha256': '459bf0aeda19633c8e757c05ee06b8121a51217cea69ce60819bb34092a296a0',
'type': 'JAR',
'md5': 'd4be8fbeb3a219ec8c6c26ffe4033a16'}
def test_valid_proxy(self):
s = HTTPSession(proxy='http://antifork.org:443')
def test_invalid_proxy_3(self):
with pytest.raises(ValueError):
s = HTTPSession('socks5://127.0.0.1:10000')
def test_invalid_proxy_2(self):
with pytest.raises(SystemExit):
s = HTTPSession('foo://bar')
def test_invalid_proxy_1(self):
with pytest.raises(SystemExit):
s = HTTPSession('invalid')