def for_inputs(self): patterns = { "url": re.compile("(http|https)\:\/\/"), "file": re.compile( "\.(php|pdf|exe|txt|asp|aspx|json|do|pl|html|js|csv|htm|jsp|css|ashx|dhtml|cgi|cfm|action|rb|shtml|xml)" ), "code": re.compile("[\{\}\$\;\=\|\:]+"), "path": re.compile("[\/\\\\]+") } ret = [] tpl = "{0} {1} {2}\n{3}\n" for log in self.logs.Search(): params = {} if log[1].request.query: params["Query"] = To.SingleDemension(log[1].request.query) if log[1].request.body: sd = To.SingleDemension(log[1].request.body) if sd: params["Body"] = sd finds = {} for param, values in params.items(): for f, v in values.items(): for t, p in patterns.items(): if p.search(v.lower()): if param in finds.keys(): finds[param][f] = (t, v) else: finds[param] = {f: (t, v)} break if len(finds.keys()) > 0: meta = [] for p, find in finds.items(): label = p + ":" for f, v in find.items(): meta.append( Printer.Cols([ (label, 7, False), (f, 25, False), (v[0].upper(), 5, False), (v[1], 80, False), ], False)) label = "" ret.append( tpl.format(log[0], log[1].method, log[1].request.uri, "\n".join(meta))) return ret
def for_reflected(self): ret = [] for log in self.logs.Search([], {"mime": "HTML"}): if int(log[1].length) > 0: body = log[1].response.body body = To.SafeDecode(body) body = body if not isinstance(body, (list, dict, tuple)) else json.dumps(body) qm = self._reflect_find(body, log[1].request.query) bm = self._reflect_find( body, log[1].request.body) if isinstance( log[1].request.body, dict) else None if qm or bm: url = "{0}://{1}{2}".format(log[1].protocol, log[1].host, log[1].path) ret.append( self._reflect_result(log[0], log[1].method, url, qm, bm)) final = [] for r in sorted(ret, key=lambda i: -i["score"]): if r["sig"] not in map(lambda m: m["sig"], final): final.append(r) else: for i in range(len(final)): if r["sig"] == final[i][ "sig"] and r["score"] > final[i]["score"]: final[i] = r return map(lambda m: m["value"], final)
def Code(logs,fp): mapped = [] multi = False jpad = 4 opad = 0 tpl = "single" if not isinstance(logs,list): logs = [logs] if len(logs) > 1: multi = True jpad = 8 opad = 4 tpl = "multiple" for log in logs: mapped.append(Generate.substitute_map(log,jpad)) const_header = "None" const_cookies = "None" if multi: if len(set(map(lambda x: x["@@HEADER"],mapped))) == 1: const_header = To.Code(logs[0].request.HeaderNoCookies()) for m in mapped: m["@@HEADER"] = "header" if len(set(map(lambda x: x["@@COOKIES"],mapped))) == 1: const_cookies = To.Code(logs[0].request.cookies) for m in mapped: m["@@COOKIES"] = "cookies" t = Reader.Read("{0}/{1}.pyt".format(os.path.dirname(__file__),tpl)) req_objs = [Generate.gen_request_object(m,opad) for m in mapped] if multi: t = Reader.Substitute(t,"@@HEADER",const_header) t = Reader.Substitute(t,"@@COOKIES",const_cookies) t = Reader.Substitute(t,"@@REQOBJS",",\n".join(req_objs)) else: t = Reader.Substitute(t,"@@REQOBJ",req_objs[0]) Writer.Replace(fp,t) return "Python Script Written to: {0}".format(fp)
def Unique(self,field,regex,terms,pairs): results = self.Search(terms,pairs) ret = [] for r in results: v = r[1].__dict__[field].raw if field in ['request','response'] else r[1].__dict__[field] if regex: if v: if isinstance(v,bytes): expr = re.compile(regex.encode(),re.IGNORECASE) else: expr = re.compile(regex,re.IGNORECASE) m = expr.findall(v) if m: for x in m: ret.append(To.String(x)) else: ret.append(To.String(v)) final = sorted(list(set(ret))) return final
def substitute_map(log,pad): return { "@@URL": To.Code(log.request.uri), "@@METHOD": To.Code(log.method), "@@HEADER": To.Code(log.request.HeaderNoCookies(),pad), "@@COOKIES": To.Code(log.request.cookies,pad), "@@QUERY": To.Code(log.request.query,pad), "@@BODY": To.Code(log.request.body,pad) }
def Permutations(self,log_id,options): section = None value = "AAAAAAA" for o in options: if o: if o in ["headers","cookies","query","body"]: section = o else: value = o ret = [] for key,parms in self.Parameters(log_id).items(): if parms: if not section or section == key: for p in parms: r_pram = "{0}.{1}".format(key,p) if p.find(".") == -1 else "{0}.[{1}]".format(key,p) ret.append(To.Dict(r_pram,value)) return ret
def _injections_find(self, headers, params): l = 3 ret = {} if not params: return None for hk, hv in headers.items(): hv = " ".join(hv) if isinstance(hv, list) else hv matches = [] for v in To.SimpleStrArray(params): if len(v) > l: if self._ifind(hk, v) or self._ifind(hv, v): matches.append(v) if len(matches) > 0: ret[hk] = matches if len(ret.keys()) > 0: return ret return None
def flip_cmd(self, raw): try: args = Args(raw, [("log_id", int), ("method", str)], 2) if self._validate(args, "log_id"): log = self.logs.Get(args.log_id) pv = To.Dict("method", args.method) res, err = self.replay.Request(log, pv, None, True, self.proxies) if not err: self.display.ResultHeader() flag = (str(log.status) == str(res.status_code)) self._result(args.log_id, "FLIP", pv, res, flag, None) self.display.BR() else: self.display.Error(err) return True except: self._error() return False
def replay_cmd(self, raw): try: args = Args(raw, [("log_id", int), ("parm", str), ("val", str), ("find", str)], 1) args.val = self._substitute(args.val) if self._validate(args, "log_id"): log = self.logs.Get(args.log_id) pv = To.Dict(args.parm, args.val) if args.parm else None res, err = self.replay.Request(log, pv, args.find) if not err: self.display.ResultHeader() self._result(args.log_id, "REPLY", pv, res, False, None) self.display.BR() else: self.display.Error(err) return True except: self._error() return False
def reflected_cmd(self, raw): try: args = Args(raw, [("log_id", int), ("parm", str), ("val", str), ("find", str)], 3) args.val = self._substitute(args.val) if self._validate(args, "log_id"): log = self.logs.Get(args.log_id) pv = To.Dict(args.parm, args.val) res, err = self.replay.Request(log, pv, args.find) if not err: self.display.ResultHeader() flag, meta = Html.Reflected(res, args.val, self.options.Get("render")) self._result(args.log_id, "RFLCT", pv, res, flag, meta) self.display.BR() else: self.display.Error(err) return True except: self._error() return False