def _parse_help_opt(self, optsd):
if "--version" in optsd:
print version
sys.exit(0)
if "--help" in optsd or "-h" in optsd:
self.show_usage()
sys.exit(0)
# Extensions help
if "--script-help" in optsd:
script_string = optsd["--script-help"][0]
if script_string == "":
script_string = "$all$"
self.show_plugins_help("parsers", 2, script_string)
if "-e" in optsd:
if "payloads" in optsd["-e"]:
self.show_plugins_help("payloads")
elif "encoders" in optsd["-e"]:
self.show_plugins_help("encoders", 2)
elif "iterators" in optsd["-e"]:
self.show_plugins_help("iterators")
elif "printers" in optsd["-e"]:
self.show_plugins_help("printers")
elif "scripts" in optsd["-e"]:
self.show_plugins_help("parsers", 2)
else:
raise FuzzException(
FuzzException.FATAL,
"Unknown category. Valid values are: payloads, encoders, iterators, printers or scripts."
)
if "-o" in optsd:
if "help" in optsd["-o"]:
self.show_plugins_help("printers")
if "-m" in optsd:
if "help" in optsd["-m"]:
self.show_plugins_help("iterators")
if "-z" in optsd:
if "help" in optsd["-z"]:
self.show_plugins_help("payloads")
def _set_proxy(self, c, freq):
ip, port, ptype = self._proxies.next()
freq.wf_proxy = (("%s:%s" % (ip, port)), ptype)
c.setopt(pycurl.PROXY, "%s:%s" % (ip, port))
if ptype == "SOCKS5":
c.setopt(pycurl.PROXYTYPE, pycurl.PROXYTYPE_SOCKS5)
elif ptype == "SOCKS4":
c.setopt(pycurl.PROXYTYPE, pycurl.PROXYTYPE_SOCKS4)
elif ptype == "HTML":
pass
else:
raise FuzzException(
FuzzException.FATAL,
"Bad proxy type specified, correct values are HTML, SOCKS4 or SOCKS5."
)
return c
def __compute_element(self, tokens):
element, operator, value = tokens[0]
if value == 'BBB' and self.baseline == None:
raise FuzzException(
FuzzException.FATAL,
"FilterQ: specify a baseline value when using BBB")
if element == 'c' and value == 'XXX':
value = 0
if value == 'BBB':
if element == 'l':
value = self.baseline.lines
elif element == 'c':
value = self.baseline.code
elif element == 'w':
value = self.baseline.words
elif element == 'h':
value = self.baseline.chars
test = dict(w=self.res.words,
c=self.res.code,
l=self.res.lines,
h=self.res.chars)
value = int(value)
if operator == "=":
return test[element] == value
elif operator == "<=":
return test[element] <= value
elif operator == ">=":
return test[element] >= value
elif operator == "<":
return test[element] < value
elif operator == ">":
return test[element] > value
elif operator == "!=":
return test[element] != value
def from_parse_options(options):
fr = FuzzRequest()
fr.rlevel = 1
fr.setUrl(options['url'])
fr.wf_fuzz_methods = options['fuzz_methods']
if options['auth'][0] is not None:
fr.setAuth(options['auth'][0], options['auth'][1])
if options['follow']:
fr.setFollowLocation(options['follow'])
if options['postdata']:
fr.setPostData(options['postdata'])
if options['head']:
fr.method = "HEAD"
if options['cookie']:
fr.addHeader("Cookie", options['cookie'])
if options['extraheaders']:
hh = options['extraheaders'].split(",")
for x in hh:
splitted = x.partition(":")
if splitted[1] != ":":
raise FuzzException(
FuzzException.FATAL,
"Wrong header specified, it should be in the format \"name: value\"."
)
fr.addHeader(splitted[0], splitted[2])
if options['allvars']:
fr.wf_allvars = options['allvars']
return fr
def parse_cl(self):
options = FuzzSessionOptions()
# Usage and command line help
try:
opts, args = getopt.getopt(
self.argv[1:], "hAZIXvcb:e:R:d:z:r:f:t:w:V:H:m:o:s:p:w:", [
'sc=', 'sh=', 'sl=', 'sw=', 'ss=', 'hc=', 'hh=', 'hl=',
'hw=', 'hs=', 'ntlm=', 'basic=', 'digest=', 'follow',
'script-help=', 'script=', 'script-args=', 'filter=',
'interact', 'help', 'version'
])
optsd = defaultdict(list)
for i, j in opts:
optsd[i].append(j)
self._parse_help_opt(optsd)
if len(args) == 0:
raise FuzzException(FuzzException.FATAL,
"You must specify a payload and a URL")
url = args[0]
self._check_options(optsd)
self._parse_options(optsd, options)
options.set("filter_params", self._parse_filters(optsd))
options.set(
"genreq",
requestGenerator(self._parse_seed(url, optsd),
self._parse_payload(optsd)))
return options
except FuzzException, e:
self.show_brief_usage()
#self.show_usage()
raise e
def __init__(self, options):
self.genReq = options.get("genreq")
# Get active plugins
lplugins = None
if options.get("script_string"):
lplugins = Facade().get_parsers(options.get("script_string"))
if not lplugins:
raise FuzzException(FuzzException.FATAL, "No plugin selected, check the --script name or category introduced.")
recursive = lplugins or options.get("rlevel") > 0
filtering = options.get('filter_params')['active'] is True
# Create queues (in reverse order)
# genReq ---> seed_queue -> http_queue -> [round_robin] -> [plugins_queue] * N -> process_queue -> [routing_queue] -> [filter_queue]---> results_queue
self.results_queue = MyPriorityQueue()
self.filter_queue = FilterQ(options.get("filter_params"), self.results_queue) if filtering else None
self.routing_queue = RoutingQ(None, self.filter_queue if filtering else self.results_queue) if recursive else None
self.process_queue = ProcessorQ(options.get("rlevel"), self.genReq.stats, self.routing_queue if recursive else self.filter_queue if filtering else self.results_queue)
self.plugins_queue = None
if lplugins:
cache = HttpCache()
self.plugins_queue = RoundRobin([JobMan(lplugins, cache, self.process_queue), JobMan(lplugins, cache, self.process_queue), JobMan(lplugins, cache, self.process_queue)])
self.http_queue = HttpQueue(options, self.plugins_queue if lplugins else self.process_queue)
self.seed_queue = SeedQ(self.genReq, options.get("sleeper"), self.http_queue)
# recursion routes
if recursive:
self.routing_queue.set_routes({
"<class 'framework.fuzzer.fuzzobjects.FuzzRequest'>": self.seed_queue,
"framework.plugins.pluginobjects.PluginRequest": self.http_queue,
"framework.fuzzer.fuzzobjects.FuzzResult": self.filter_queue if filtering else self.results_queue})
## initial seed request
self.seed_queue.put_priority(1, self.genReq)
def cancel_job(self):
# stop generating items
self.http_queue.pause.set()
self.genReq.stop()
# stop processing pending items
for q in [
self.seed_queue, self.http_queue, self.plugins_queue,
self.process_queue, self.filter_queue, self.routing_queue
]:
if q:
q.put_first(
FuzzException(FuzzException.SIGCANCEL, "Cancel job"))
# wait for cancel to be processed
for q in [
self.seed_queue, self.http_queue, self.plugins_queue
] + self.plugins_queue.queue_out if self.plugins_queue else [] + [
self.process_queue, self.filter_queue, self.routing_queue
]:
if q: q.join()
# send None to stop (almost nicely)
self.seed_queue.put_last(None)
def from_all_fuzz_request(seed, payload):
# no FUZZ keyword allowed
marker_regex = re.compile("FUZ\d*Z",re.MULTILINE|re.DOTALL)
if len(marker_regex.findall(seed.getAll())) > 0:
raise FuzzException(FuzzException.FATAL, "FUZZ words not allowed when using all parameters brute forcing.")
# only a fuzz payload is allowed using this technique
if len(payload) > 1:
raise FuzzException(FuzzException.FATAL, "Only one payload is allowed when fuzzing all parameters!")
if seed.wf_allvars == "allvars":
varSET = seed.getGETVars()
elif seed.wf_allvars == "allpost":
varSET = seed.getPOSTVars()
elif seed.wf_allvars == "allheaders":
varSET = seed.getHeaders()
else:
raise FuzzException(FuzzException.FATAL, "Unknown variable set: " + seed.wf_allvars)
if len(varSET) == 0:
raise FuzzException(FuzzException.FATAL, "No variables on specified variable set: " + seed.wf_allvars)
for v in varSET:
variable = v.name
payload_content = payload[0]
copycat = seed.from_copy()
copycat.wf_description = variable + "=" + payload_content
try:
if seed.wf_allvars == "allvars":
copycat.setVariableGET(variable, payload_content)
elif seed.wf_allvars == "allpost":
copycat.setVariablePOST(variable, payload_content)
elif seed.wf_allvars == "allheaders":
copycat.addHeader(variable, payload_content)
else:
raise FuzzException(FuzzException.FATAL, "Unknown variable set: " + seed.wf_allvars)
except TypeError, e:
raise FuzzException(FuzzException.FATAL, "It is not possible to use all fuzzing with duplicated parameters.")
yield copycat
requestGenerator(self._parse_seed(url, optsd),
self._parse_payload(optsd)))
return options
except FuzzException, e:
self.show_brief_usage()
#self.show_usage()
raise e
except ValueError:
self.show_brief_usage()
raise FuzzException(FuzzException.FATAL,
"Incorrect options, please check help.")
except getopt.GetoptError, qw:
self.show_brief_usage()
#self.show_usage()
raise FuzzException(FuzzException.FATAL, "{0!s}.".format(str(qw)))
def _parse_help_opt(self, optsd):
if "--version" in optsd:
print version
sys.exit(0)
if "--help" in optsd or "-h" in optsd:
self.show_usage()
sys.exit(0)
# Extensions help
if "--script-help" in optsd:
script_string = optsd["--script-help"][0]
if script_string == "":
script_string = "$all$"
def get_kbase(self, key):
v = self.kbase.get(key)
if not v:
raise FuzzException(FuzzException.FATAL, "Key not in kbase")
return v
def _set_allvars(self, bl): if bl is not None and bl not in ['allvars', 'allpost']: raise FuzzException(FuzzException.FATAL, "Incorrect all parameters brute forcing type specified, correct values are allvars, allpost or allheaders.") self._allvars = bl
def get_payload(self, name):
try:
return self.__payloads.get_plugin("payloads/" + name)
except KeyError:
raise FuzzException(FuzzException.FATAL, name + " payload does not exists (-e payloads for a list of available payloads)")
def get_printer(self, name):
try:
return self.__printers.get_plugin("printers/" + name)()
except KeyError:
raise FuzzException(FuzzException.FATAL, name + " printer does not exists (-e printers for a list of available printers)")
def _parse_options(self, optsd, options):
if "-p" in optsd:
proxy = []
for p in optsd["-p"][0].split('-'):
vals = p.split(":")
if len(vals) == 2:
proxy.append((vals[0], vals[1], "HTML"))
elif len(vals) == 3:
if vals[2] not in ("SOCKS5", "SOCKS4", "HTML"):
raise FuzzException(
FuzzException.FATAL,
"Bad proxy type specified, correct values are HTML, SOCKS4 or SOCKS5."
)
proxy.append((vals[0], vals[1], vals[2]))
else:
raise FuzzException(FuzzException.FATAL,
"Bad proxy parameter specified.")
options.set('proxy_list', proxy)
if "-R" in optsd:
options.set("rlevel", int(optsd["-R"][0]))
options.set("printer_tool", "default")
if "-v" in optsd:
options.set("printer_tool", "verbose")
if "-c" in optsd:
Facade().proxy("printers").kbase.add("colour", True)
if "-A" in optsd:
options.set("printer_tool", "verbose")
Facade().proxy("printers").kbase.add("colour", True)
options.set("script_string", "default")
options.set("scanmode", "-Z" in optsd)
if "-o" in optsd:
options.set("printer_tool", optsd['-o'][0])
if "--script" in optsd:
options.set(
"script_string", "default"
if optsd["--script"][0] == "" else optsd["--script"][0])
if "--script-args" in optsd:
vals = optsd["--script-args"][0].split(",")
for i in vals:
k, v = i.split("=", 1)
Facade().proxy("parsers").kbase.add(k, v)
options.set("interactive", "--interact" in optsd)
# HTTP options
if "-s" in optsd:
options.set("sleeper", float(optsd["-s"][0]))
if "-t" in optsd:
options.set("max_concurrent", int(optsd["-t"][0]))
def get_iterator(self, name):
try:
return self.__iterators.get_plugin("iterations/" + name)
except KeyError:
raise FuzzException(FuzzException.FATAL, name + " iterator does not exists (-m iterators for a list of available iterators)")
def get_encoder(self, name):
try:
return self.__encoders.get_plugin("encoders/" + name)()
except KeyError:
raise FuzzException(FuzzException.FATAL, name + " encoder does not exists (-e encodings for a list of available encoders)")
def get_parsers(self, filterstr): try: return self.__plugins.get_plugins(filterstr) except Exception, e: raise FuzzException(FuzzException.FATAL, "Error selecting scripts: %s" % str(e))
if self.baseline and res.is_baseline == True:
return True
filter_string = self.hideparams['filter_string']
if filter_string and PYPARSING:
self.res = res
try:
return self.finalformula.parseString(filter_string)[0]
except ParseException, e:
raise FuzzException(FuzzException.FATAL, "Incorrect filter expression. It should be composed of: c,l,w,h/and,or/=,<,>,!=,<=,>=")
else:
if self.baseline is None and ('BBB' in self.hideparams['codes'] \
or 'BBB' in self.hideparams['lines'] \
or 'BBB' in self.hideparams['words'] \
or 'BBB' in self.hideparams['chars']):
raise FuzzException(FuzzException.FATAL, "FilterQ: specify a baseline value when using BBB")
if self.hideparams['codes_show'] is None:
cond1 = True
else:
cond1 = not self.hideparams['codes_show']
if self.hideparams['regex_show'] is None:
cond2 = True
else:
cond2 = not self.hideparams['regex_show']
if str(res.code) in self.hideparams['codes'] \
or str(res.lines) in self.hideparams['lines'] \
or str(res.words) in self.hideparams['words'] \
or str(res.chars) in self.hideparams['chars']:
def _throw(self, e):
if isinstance(e, FuzzException):
self.send_first(e)
else:
msg = "%s\n\n%s" % (str(e), traceback.format_exc())
self.send_first(FuzzException(FuzzException.FATAL, msg))
printer = None
try:
# parse command line
session_options = CLParser(sys.argv).parse_cl()
# Create fuzzer's engine
fz = Fuzzer(session_options)
if session_options.get("interactive"):
# initialise controller
try:
kb = KeyPress()
except ImportError, e:
raise FuzzException(
FuzzException.FATAL,
"Error importing necessary modules for interactive mode: {0!s}"
.format(str(e)))
else:
mc = Controller(fz, kb)
kb.start()
printer = Facade().get_printer(session_options.get("printer_tool"))
printer.header(fz.genReq.stats)
for res in fz:
printer.result(res) if res.is_visible else printer.noresult(res)
printer.footer(fz.genReq.stats)
except FuzzException, e:
print "\nFatal exception: {0!s}".format(e.msg)
if fz: fz.cancel_job()
os.chdir(dname)
try:
# parse command line
session_options = CLParser(sys.argv).parse_cl()
# Create fuzzer's engine
fz = Fuzzer(session_options)
if session_options.get("interactive"):
# initialise controller
try:
kb = KeyPress()
except ImportError, e:
raise FuzzException(
FuzzException.FATAL,
"Error importing necessary modules for interactive mode: %s" %
str(e))
else:
mc = Controller(fz, kb)
kb.start()
printer = Facade().get_printer(session_options.get("printer_tool"))
printer.header(fz.genReq.stats)
for res in fz:
printer.result(res) if res.is_visible else printer.noresult(res)
printer.footer(fz.genReq.stats)
except FuzzException, e:
print "\nFatal exception: %s" % e.msg
if fz: fz.cancel_job()
requestGenerator(self._parse_seed(url, optsd),
self._parse_payload(optsd)))
return options
except FuzzException, e:
self.show_brief_usage()
#self.show_usage()
raise e
except ValueError:
self.show_brief_usage()
raise FuzzException(FuzzException.FATAL,
"Incorrect options, please check help.")
except getopt.GetoptError, qw:
self.show_brief_usage()
#self.show_usage()
raise FuzzException(FuzzException.FATAL, "%s." % str(qw))
def _parse_help_opt(self, optsd):
if "--version" in optsd:
print version
sys.exit(0)
if "--help" in optsd or "-h" in optsd:
self.show_usage()
sys.exit(0)
# Extensions help
if "--script-help" in optsd:
script_string = optsd["--script-help"][0]
if script_string == "":
script_string = "$all$"
