示例#1
0
    def __add_test(self, url, hostname, port, path):

        headers = Headers(self.config)
        headers.set("Host", hostname)
        headers.add_user_defined_headers()

        if self.config.cookies != "":
            headers.set("Cookie", self.config.cookies)

        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "text/html")

        self.tests.append({
            'url': url,
            'port': port,
            'method': 'GET',
            'host': hostname,
            'path': path,
            'headers': headers.make(),
            'body': '',
        })
示例#2
0
    def __create_postparams_json_testcase(self, url, hostname, port, path,
                                          query):

        real_path = "{}?{}".format(path, query)

        if query == "":
            real_path = "{}".format(path)

        callback = Callback(url, self.config, "dns", "default")
        callback.set_hostname(hostname)
        callback.set_testname("jpdd")
        callback.make()

        headers = Headers(self.config)
        headers.set("Host", hostname)
        headers.add_static_headers()
        headers.set("Cookie", self.config.cookies)
        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "application/json")

        params = HttpParameter(self.config, query, callback.result)

        self.tests.append({
            'url': url,
            'port': port,
            'method': 'POST',
            'host': hostname,
            'path': real_path,
            'headers': headers.make(),
            'body': params.combine_as_json(),
            'test_name': "json_post_dns_default"
        })

        callback = Callback(url, self.config, "http", "default")
        callback.set_hostname(hostname)
        callback.set_testname("jphd")
        callback.make()

        headers = Headers(self.config)
        headers.set("Host", hostname)
        headers.add_static_headers()
        headers.set("Cookie", self.config.cookies)
        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "application/json")

        params = HttpParameter(self.config, query, callback.result)

        self.tests.append({
            'url': url,
            'port': port,
            'method': 'POST',
            'host': hostname,
            'path': real_path,
            'headers': headers.make(),
            'body': params.combine_as_json(),
            'test_name': "json_post_http_default"
        })
示例#3
0
    def __create_path_testcase(self, url, hostname, port):

        callback = Callback(url, self.config, "http", "default")
        callback.set_hostname(hostname)
        callback.set_testname("pahd")
        callback.make()

        headers = Headers(self.config)

        headers.set("Host", callback.result)
        headers.add_static_headers()
        headers.set("Cookie", self.config.cookies)
        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "text/html")
        headers.set("Host", hostname)

        self.tests.append({
            'url': url,
            'port': port,
            'method': self.config.http_method,
            'host': hostname,
            'path': callback.result,
            'headers': headers.make(),
            'body': '',
            'test_name': "path_http_default"
        })
示例#4
0
    def __create_host_testcase(self, url, hostname, port, path, query):

        callback = Callback(url, self.config, "dns", "default")
        callback.set_hostname(hostname)
        callback.set_testname("hdd")
        callback.make()

        headers = Headers(self.config)
        headers.set("Host", callback.result)
        headers.add_static_headers()
        headers.set("Cookie", self.config.cookies)
        headers.set("Referer", "{}{}?{}".format(url, path, query))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "text/html")

        self.tests.append({
            'url': url,
            'port': port,
            'method': self.config.http_method,
            'host': hostname,
            'path': "{}?{}".format(path, query),
            'headers': headers.make(),
            'body': '',
            'test_name': "host_dns_default"
        })

        if self.config.attack_use_exec_payload:
            callback = Callback(url, self.config, "dns", "exec")
            callback.set_hostname(hostname)
            callback.set_testname("hde")
            callback.make()

            headers = Headers(self.config)
            headers.set("Host", callback.result)
            headers.add_static_headers()
            headers.set("Cookie", self.config.cookies)
            headers.set("Referer", "{}{}?{}".format(url, path, query))
            headers.set("User-Agent", headers.get_random_user_agent())
            headers.set("Content-Type", "text/html")
            headers.set("Host", callback.result)

            self.tests.append({
                'url': url,
                'port': port,
                'method': self.config.http_method,
                'host': hostname,
                'path': "{}?{}".format(path, query),
                'headers': headers.make(),
                'body': '',
                'test_name': "host_dns_exec"
            })
示例#5
0
    def __create_getparams_testcase(self, url, hostname, port, path, query):

        callback = Callback(url, self.config, "dns", "default")
        callback.set_hostname(hostname)
        callback.set_testname("gdd")
        callback.make()

        headers = Headers(self.config)
        headers.set("Host", hostname)
        headers.add_static_headers()
        headers.set("Cookie", self.config.cookies)
        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "text/html")

        params = HttpParameter(self.config, query, callback.result)

        for paramset in params.get_data_for_get_in_chunks():
            self.tests.append({
                'url': url,
                'port': port,
                'method': 'GET',
                'host': hostname,
                'path': "{}?{}".format(path, paramset),
                'headers': headers.make(),
                'body': '',
                'test_name': "get_dns_default"
            })

        callback = Callback(url, self.config, "http", "default")
        callback.set_hostname(hostname)
        callback.set_testname("ghd")
        callback.make()

        headers = Headers(self.config)
        headers.set("Host", hostname)
        headers.add_static_headers()
        headers.set("Cookie", self.config.cookies)
        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "text/html")

        params = HttpParameter(self.config, query, callback.result)

        for paramset in params.get_data_for_get_in_chunks():
            self.tests.append({
                'url': url,
                'port': port,
                'method': 'GET',
                'host': hostname,
                'path': "{}?{}".format(path, paramset),
                'headers': headers.make(),
                'body': '',
                'test_name': "get_http_default"
            })
    def __put_post_attack_to_tests(self, method, url, hostname, port, path,
                                   test_char, parameters):

        headers = Headers(self.config)
        headers.set("Host", hostname)
        headers.add_user_defined_headers()

        if self.config.cookies != "":
            headers.set("Cookie", self.config.cookies)

        headers.set("Referer", "{}".format(url))
        headers.set("User-Agent", headers.get_random_user_agent())
        headers.set("Content-Type", "application/x-www-form-urlencoded")

        payload = Payload()
        payload.generate_get_string(parameters, test_char)

        self.tests.append({
            'url': url,
            'port': port,
            'method': method,
            'host': hostname,
            'path': "{}".format(path),
            'base_path': "{}?".format(path),
            'headers': headers.make(),
            'body': payload.string,
            'test_char': test_char,
            'payload_information': payload.payload_information
        })