def rec(target): processed.add(target) urlPrint = (target + (' ' * 60))[:60] print('%s Parsing %-40s' % (run, urlPrint), end='\r') url = getUrl(target, True) params = getParams(target, '', True) if '=' in target: # if there's a = in the url, there should be GET parameters inps = [] for name, value in params.items(): inps.append({'name': name, 'value': value}) forms.append({0: {'action': url, 'method': 'get', 'inputs': inps}}) raw_response = requester(url, params, True) response = raw_response.text js = js_extractor(response) scripts = script_extractor(response) for each in retirejs(url, response, checkedScripts): all_outdated_js.append(each) all_techs.extend(wappalyzer(raw_response, js, scripts)) parsed_response = zetanize(response) forms.append(parsed_response) matches = re.finditer( r'<[aA][^>]*?(?:href|HREF)=[\'"`]?([^>]*?)[\'"`]?>', response) for link in matches: # iterate over the matches # remove everything after a "#" to deal with in-page anchors link = link.group(1).split('#')[0] this_url = handle_anchor(target, link) if urlparse(this_url).netloc == host: storage.add(this_url)
def retireJs(url, response): vulnerable_component = list() scripts = js_extractor(response) for index, script in enumerate(scripts): if script not in getVar('checkedScripts'): updateVar('checkedScripts', script, 'add') uri = handle_anchor(url, script) response = requester(uri, '', getVar('headers'), True, getVar('delay'), getVar('timeout')).text result = main_scanner(uri, response) if result: component_report = dict() logger.red_line() logger.good('Vulnerable component: ' + result['component'] + ' v' + result['version']) logger.info('Component location: %s' % uri) details = result['vulnerabilities'] logger.info('Total vulnerabilities: %i' % len(details)) component_report['vulnerable_component'] = result[ 'component'] + ' v' + result['version'] component_report['component_location'] = uri component_report['total_vulnerabilities'] = len(details) component_report['details'] = list() for detail in details: detail_report = dict() identifiers = detail['identifiers'] summary = identifiers.get('summary', "None") severity = identifiers.get('severity', "None") _cve = identifiers.get('CVE', ["None"]) cve = _cve[0] logger.info('%sSummary:%s %s' % (green, end, summary)) logger.info('Severity: %s' % severity) logger.info('CVE: %s' % cve) detail_report['summary'] = summary detail_report['severity'] = severity detail_report['cve'] = cve component_report['details'].append(detail_report) logger.red_line() print("\n{}\n".format(component_report)) vulnerable_component.append(component_report) return vulnerable_component
def retireJs(url, response): scripts = js_extractor(response) for script in scripts: if script not in getVar('checkedScripts'): updateVar('checkedScripts', script, 'add') uri = handle_anchor(url, script) response = requester(uri, '', getVar('headers'), True, getVar('delay'), getVar('timeout')).text result = main_scanner(uri, response) if result: logger.red_line() logger.good('Vulnerable component: ' + result['component'] + ' v' + result['version']) logger.info('Component location: %s' % uri) details = result['vulnerabilities'] logger.info('Total vulnerabilities: %i' % len(details)) for detail in details: logger.info('%sSummary:%s %s' % (green, end, detail['identifiers']['summary'])) logger.info('Severity: %s' % detail['severity']) logger.info('CVE: %s' % detail['identifiers']['CVE'][0]) logger.red_line()