Пример #1
0
    def for_inputs(self):
        patterns = {
            "url":
            re.compile("(http|https)\:\/\/"),
            "file":
            re.compile(
                "\.(php|pdf|exe|txt|asp|aspx|json|do|pl|html|js|csv|htm|jsp|css|ashx|dhtml|cgi|cfm|action|rb|shtml|xml)"
            ),
            "code":
            re.compile("[\{\}\$\;\=\|\:]+"),
            "path":
            re.compile("[\/\\\\]+")
        }

        ret = []
        tpl = "{0} {1} {2}\n{3}\n"

        for log in self.logs.Search():
            params = {}
            if log[1].request.query:
                params["Query"] = To.SingleDemension(log[1].request.query)
            if log[1].request.body:
                sd = To.SingleDemension(log[1].request.body)
                if sd:
                    params["Body"] = sd
            finds = {}
            for param, values in params.items():
                for f, v in values.items():
                    for t, p in patterns.items():
                        if p.search(v.lower()):
                            if param in finds.keys():
                                finds[param][f] = (t, v)
                            else:
                                finds[param] = {f: (t, v)}
                            break

            if len(finds.keys()) > 0:
                meta = []
                for p, find in finds.items():
                    label = p + ":"
                    for f, v in find.items():
                        meta.append(
                            Printer.Cols([
                                (label, 7, False),
                                (f, 25, False),
                                (v[0].upper(), 5, False),
                                (v[1], 80, False),
                            ], False))
                        label = ""
                ret.append(
                    tpl.format(log[0], log[1].method, log[1].request.uri,
                               "\n".join(meta)))

        return ret
Пример #2
0
 def for_reflected(self):
     ret = []
     for log in self.logs.Search([], {"mime": "HTML"}):
         if int(log[1].length) > 0:
             body = log[1].response.body
             body = To.SafeDecode(body)
             body = body if not isinstance(body,
                                           (list, dict,
                                            tuple)) else json.dumps(body)
             qm = self._reflect_find(body, log[1].request.query)
             bm = self._reflect_find(
                 body, log[1].request.body) if isinstance(
                     log[1].request.body, dict) else None
         if qm or bm:
             url = "{0}://{1}{2}".format(log[1].protocol, log[1].host,
                                         log[1].path)
             ret.append(
                 self._reflect_result(log[0], log[1].method, url, qm, bm))
     final = []
     for r in sorted(ret, key=lambda i: -i["score"]):
         if r["sig"] not in map(lambda m: m["sig"], final):
             final.append(r)
         else:
             for i in range(len(final)):
                 if r["sig"] == final[i][
                         "sig"] and r["score"] > final[i]["score"]:
                     final[i] = r
     return map(lambda m: m["value"], final)
Пример #3
0
    def Code(logs,fp):
        mapped = []
        multi = False
        jpad = 4
        opad = 0
        tpl = "single"
    
        if not isinstance(logs,list): 
            logs = [logs]

        if len(logs) > 1:
            multi = True
            jpad = 8
            opad = 4
            tpl = "multiple"
    

        for log in logs:
            mapped.append(Generate.substitute_map(log,jpad))
        const_header = "None"
        const_cookies = "None"

        if multi: 
            if len(set(map(lambda x: x["@@HEADER"],mapped))) == 1:
                const_header = To.Code(logs[0].request.HeaderNoCookies())
                for m in mapped:
                   m["@@HEADER"] = "header"
                
            if len(set(map(lambda x: x["@@COOKIES"],mapped))) == 1:
                const_cookies =  To.Code(logs[0].request.cookies)
                for m in mapped:
                   m["@@COOKIES"] = "cookies"

        t = Reader.Read("{0}/{1}.pyt".format(os.path.dirname(__file__),tpl))
        req_objs = [Generate.gen_request_object(m,opad) for m in mapped]
        
        if multi: 
            t = Reader.Substitute(t,"@@HEADER",const_header)
            t = Reader.Substitute(t,"@@COOKIES",const_cookies)
            t = Reader.Substitute(t,"@@REQOBJS",",\n".join(req_objs))
        else: 
            t = Reader.Substitute(t,"@@REQOBJ",req_objs[0])
        
        Writer.Replace(fp,t)
        return "Python Script Written to: {0}".format(fp)
Пример #4
0
 def Unique(self,field,regex,terms,pairs):
     results = self.Search(terms,pairs)
     ret = []
     for r in results:
         v = r[1].__dict__[field].raw if field in ['request','response'] else r[1].__dict__[field]
         if regex:
             if v: 
                 if isinstance(v,bytes):
                     expr = re.compile(regex.encode(),re.IGNORECASE)
                 else:  
                     expr = re.compile(regex,re.IGNORECASE)
                 m = expr.findall(v)
                 if m:
                     for x in m: 
                         ret.append(To.String(x))
         else: 
             ret.append(To.String(v))            
     final = sorted(list(set(ret))) 
     return final
Пример #5
0
 def substitute_map(log,pad):
     return {
         "@@URL": To.Code(log.request.uri),
         "@@METHOD": To.Code(log.method),
         "@@HEADER": To.Code(log.request.HeaderNoCookies(),pad),
         "@@COOKIES": To.Code(log.request.cookies,pad),
         "@@QUERY": To.Code(log.request.query,pad),
         "@@BODY": To.Code(log.request.body,pad)
     }
Пример #6
0
 def Permutations(self,log_id,options):
     section = None
     value = "AAAAAAA"
     for o in options:
         if o:
             if o in ["headers","cookies","query","body"]:
                 section = o
             else:
                 value = o 
     ret = []
     for key,parms in self.Parameters(log_id).items():
         if parms:
             if not section or section == key:
                 for p in parms:
                     r_pram = "{0}.{1}".format(key,p) if p.find(".") == -1 else "{0}.[{1}]".format(key,p) 
                     ret.append(To.Dict(r_pram,value))
     return ret
Пример #7
0
 def _injections_find(self, headers, params):
     l = 3
     ret = {}
     if not params:
         return None
     for hk, hv in headers.items():
         hv = " ".join(hv) if isinstance(hv, list) else hv
         matches = []
         for v in To.SimpleStrArray(params):
             if len(v) > l:
                 if self._ifind(hk, v) or self._ifind(hv, v):
                     matches.append(v)
         if len(matches) > 0:
             ret[hk] = matches
     if len(ret.keys()) > 0:
         return ret
     return None
Пример #8
0
 def flip_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("method", str)], 2)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             pv = To.Dict("method", args.method)
             res, err = self.replay.Request(log, pv, None, True,
                                            self.proxies)
             if not err:
                 self.display.ResultHeader()
                 flag = (str(log.status) == str(res.status_code))
                 self._result(args.log_id, "FLIP", pv, res, flag, None)
                 self.display.BR()
             else:
                 self.display.Error(err)
             return True
     except:
         self._error()
     return False
Пример #9
0
 def replay_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("parm", str), ("val", str),
                           ("find", str)], 1)
         args.val = self._substitute(args.val)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             pv = To.Dict(args.parm, args.val) if args.parm else None
             res, err = self.replay.Request(log, pv, args.find)
             if not err:
                 self.display.ResultHeader()
                 self._result(args.log_id, "REPLY", pv, res, False, None)
                 self.display.BR()
             else:
                 self.display.Error(err)
             return True
     except:
         self._error()
     return False
Пример #10
0
 def reflected_cmd(self, raw):
     try:
         args = Args(raw, [("log_id", int), ("parm", str), ("val", str),
                           ("find", str)], 3)
         args.val = self._substitute(args.val)
         if self._validate(args, "log_id"):
             log = self.logs.Get(args.log_id)
             pv = To.Dict(args.parm, args.val)
             res, err = self.replay.Request(log, pv, args.find)
             if not err:
                 self.display.ResultHeader()
                 flag, meta = Html.Reflected(res, args.val,
                                             self.options.Get("render"))
                 self._result(args.log_id, "RFLCT", pv, res, flag, meta)
                 self.display.BR()
             else:
                 self.display.Error(err)
             return True
     except:
         self._error()
     return False