def test_normalize_2(self): window = WindowDict() window.url = 'www.google.com' s = HTTPSession() url = s._normalize_protocol_relative_url(window, '//www.google.com') assert url == 'http://www.google.com'
def run_remote(self, url): log.last_url = None log.last_url_fetched = None log.ThugOpts.local = False try: scheme = urlparse.urlparse(url).scheme except ValueError as e: log.warning("[WARNING] Analysis not performed (%s)", e.message) return if not scheme or not scheme.startswith('http'): url = 'http://%s' % (url, ) log.ThugLogging.set_url(url) log.HTTPSession = HTTPSession() doc = w3c.parseString('') window = Window(log.ThugOpts.referer, doc, personality=log.ThugOpts.useragent) window = window.open(url) if window: self.__run(window)
def run_local(self, url): log.last_url = None log.last_url_fetched = None log.ThugLogging.set_url(url) log.ThugOpts.local = True log.HTTPSession = HTTPSession() content = open(url, 'r').read() extension = os.path.splitext(url) encoding = cchardet.detect(content) if len(extension) > 1 and extension[1].lower() in ( '.js', '.jse', ): if not content.lstrip().startswith('<script'): html = tostring( E.HTML( E.HEAD(), E.BODY(E.SCRIPT(content.decode( encoding['encoding']))))) else: soup = BeautifulSoup(content, "html.parser") try: soup.html.unwrap() except AttributeError: pass try: soup.head.unwrap() except AttributeError: pass try: soup.body.unwrap() except AttributeError: pass html = tostring( E.HTML(E.HEAD(), E.BODY(E.SCRIPT(soup.script.get_text())))) else: html = content if log.ThugOpts.features_logging: log.ThugLogging.Features.add_characters_count(len(html)) log.ThugLogging.Features.add_whitespaces_count( len([a for a in html if a.isspace()])) doc = w3c.parseString(html) window = Window('about:blank', doc, personality=log.ThugOpts.useragent) window.open() self.__run(window)
def run_local(self, url): log.last_url = None log.last_url_fetched = None log.ThugLogging.set_url(url) log.ThugOpts.local = True log.HTTPSession = HTTPSession() content = open(url, 'r', encoding="utf-8").read() extension = os.path.splitext(url) if len(extension) > 1 and extension[1].lower() in ( '.js', '.jse', ): if not content.lstrip().startswith('<script'): html = tostring(E.HTML(E.HEAD(), E.BODY(E.SCRIPT(content)))) else: soup = bs4.BeautifulSoup(content, "html.parser") try: soup.html.unwrap() except AttributeError: pass try: soup.head.unwrap() except AttributeError: pass try: soup.body.unwrap() except AttributeError: pass code = soup.script.get_text(types=(NavigableString, CData, Script)) html = tostring(E.HTML(E.HEAD(), E.BODY(E.SCRIPT(code)))) else: html = content if log.ThugOpts.features_logging: log.ThugLogging.Features.add_characters_count(len(html)) whitespaces_count = len([ a for a in html if isinstance(a, six.string_types) and a.isspace() ]) log.ThugLogging.Features.add_whitespaces_count(whitespaces_count) doc = w3c.parseString(html) window = Window('about:blank', doc, personality=log.ThugOpts.useragent) window.open() self.__run(window)
def run_remote(self, url): scheme = urlparse.urlparse(url).scheme if not scheme or not scheme.startswith('http'): url = 'http://%s' % (url, ) log.ThugLogging.set_url(url) log.HTTPSession = HTTPSession() doc = w3c.parseString('') window = Window(log.ThugOpts.referer, doc, personality = log.ThugOpts.useragent) window = window.open(url) if window: self.__run(window)
def run_local(self, url): log.ThugLogging.set_url(url) log.ThugOpts.local = True log.HTTPSession = HTTPSession() content = open(url, 'r').read() extension = os.path.splitext(url) if len(extension) > 1 and extension[1].lower() in ('.js'): html = tostring(E.HTML(E.BODY(E.SCRIPT(content)))) else: html = content doc = w3c.parseString(html) window = Window('about:blank', doc, personality=log.ThugOpts.useragent) window.open() self.run(window)
def run_local(self, url): log.ThugLogging.set_url(url) log.ThugOpts.local = True log.HTTPSession = HTTPSession() content = open(url, 'r').read() extension = os.path.splitext(url) if len(extension) > 1 and extension[1].lower() in ( '.js', '.jse', ): if not content.lstrip().startswith('<script'): html = tostring(E.HTML(E.HEAD(), E.BODY(E.SCRIPT(content)))) else: soup = BeautifulSoup(content, "html.parser") try: soup.html.unwrap() except AttributeError: pass try: soup.head.unwrap() except AttributeError: pass try: soup.body.unwrap() except AttributeError: pass html = tostring( E.HTML(E.HEAD(), E.BODY(E.SCRIPT(soup.script.get_text())))) else: html = content doc = w3c.parseString(html) window = Window('about:blank', doc, personality=log.ThugOpts.useragent) window.open() self.__run(window)
from thug.ThugAPI.ThugVulnModules import ThugVulnModules from thug.Logging.ThugLogging import ThugLogging from thug.Encoding.Encoding import Encoding from thug.DOM.HTTPSession import HTTPSession configuration_path = thug.__configuration_path__ log = logging.getLogger("Thug") log.personalities_path = os.path.join(configuration_path, "personalities") if configuration_path else None log.ThugOpts = ThugOpts() log.configuration_path = configuration_path log.ThugLogging = ThugLogging(thug.__version__) log.ThugVulnModules = ThugVulnModules() log.Encoding = Encoding() log.HTTPSession = HTTPSession() class TestMongoDB: cve = "CVE-XXXX" url = "www.example.com" data = b"sample-data" desc = "sample-desc" cert = "sample-cert" file_data = {'sha1': 'b13d13733c4c9406fd0e01485bc4a34170b7d326', 'data': data, 'ssdeep': u'24:9EGtDqSyDVHNkCq4LOmvmuS+MfTAPxokCOB:97tG5DjQ4LDs+sTAPxLT', 'sha256': '459bf0aeda19633c8e757c05ee06b8121a51217cea69ce60819bb34092a296a0', 'type': 'JAR', 'md5': 'd4be8fbeb3a219ec8c6c26ffe4033a16'}
def test_valid_proxy(self): s = HTTPSession(proxy='http://antifork.org:443')
def test_invalid_proxy_3(self): with pytest.raises(ValueError): s = HTTPSession('socks5://127.0.0.1:10000')
def test_invalid_proxy_2(self): with pytest.raises(SystemExit): s = HTTPSession('foo://bar')
def test_invalid_proxy_1(self): with pytest.raises(SystemExit): s = HTTPSession('invalid')