def setup(self, options):
self.options = options
self.pass_dirs = ['']
if options["raw_file"]:
self.options.update(
zip(["urls", "httpmethod", "headers", "data"],
parse_raw(options["raw_file"])))
else:
self.options["headers"] = {**DEFAULT_HEADERS, **options["headers"]}
if options["cookie"]:
self.options["headers"]["Cookie"] = options["cookie"]
if options["useragent"]:
self.options["headers"]["User-Agent"] = options["useragent"]
self.random_agents = None
if options["use_random_agents"]:
self.random_agents = FileUtils.get_lines(
FileUtils.build_path(SCRIPT_PATH, "db", "user-agents.txt"))
self.targets.queue = deque(options["urls"])
self.blacklists = Dictionary.generate_blacklists(options["extensions"])
self.dictionary = Dictionary(
paths=options["wordlist"],
extensions=options["extensions"],
suffixes=options["suffixes"],
prefixes=options["prefixes"],
lowercase=options["lowercase"],
uppercase=options["uppercase"],
capitalization=options["capitalization"],
force_extensions=options["force_extensions"],
exclude_extensions=options["exclude_extensions"],
no_extension=options["no_extension"],
only_selected=options["only_selected"])
self.current_job = 0
self.batch = False
self.batch_session = None
self.exit = None
self.start_time = time.time()
self.jobs_count = self.targets.qsize() * (len(
options["scan_subdirs"]) if options["scan_subdirs"] else 1)
if options["autosave_report"] or options["output_file"]:
if options["autosave_report"]:
self.report_path = options[
"output_location"] or FileUtils.build_path(
SCRIPT_PATH, "reports")
self.create_dir(self.report_path)
if options["log_file"]:
options["log_file"] = FileUtils.get_abs_path(options["log_file"])
self.create_dir(FileUtils.parent(options["log_file"]))
def setup_reports(self):
if self.output_file:
output_file = FileUtils.get_abs_path(self.output_file)
self.output.output_file(output_file)
else:
if len(self.url_list) > 1:
self.setup_batch_reports()
filename = "BATCH"
filename += self.get_output_extension()
directory_path = self.batch_directory_path
else:
parsed = urlparse(self.url_list[0])
filename = (
"{}_".format(parsed.path)
)
filename += time.strftime("%y-%m-%d_%H-%M-%S")
filename += self.get_output_extension()
directory_path = FileUtils.build_path(
self.report_path, clean_filename(parsed.netloc)
)
filename = clean_filename(filename)
output_file = FileUtils.build_path(directory_path, filename)
if FileUtils.exists(output_file):
i = 2
while FileUtils.exists(output_file + "_" + str(i)):
i += 1
output_file += "_" + str(i)
if not FileUtils.exists(directory_path):
FileUtils.create_directory(directory_path)
if not FileUtils.exists(directory_path):
self.output.error(
"Couldn't create the reports folder at {}".format(directory_path)
)
sys.exit(1)
self.output.output_file(output_file)
if self.output_file and self.output_format:
self.report_manager = ReportManager(self.output_format, self.output_file)
elif self.output_format:
self.report_manager = ReportManager(self.output_format, output_file)
else:
self.report_manager = ReportManager("plain", output_file)
def setup_reports(self):
if self.options["output_file"]:
output_file = FileUtils.get_abs_path(self.options["output_file"])
self.output.output_file(output_file)
else:
if self.targets.qsize() > 1:
self.setup_batch_reports()
filename = "BATCH"
filename += self.get_output_extension()
directory_path = self.batch_directory_path
else:
parsed = urlparse(self.targets.queue[0])
filename = ("{}_".format(parsed.path))
filename += time.strftime("%y-%m-%d_%H-%M-%S")
filename += self.get_output_extension()
directory_path = FileUtils.build_path(
self.report_path, get_valid_filename(parsed.netloc))
filename = get_valid_filename(filename)
output_file = FileUtils.build_path(directory_path, filename)
if FileUtils.exists(output_file):
i = 2
while FileUtils.exists(output_file + "_" + str(i)):
i += 1
output_file += "_" + str(i)
if not FileUtils.exists(directory_path):
FileUtils.create_directory(directory_path)
if not FileUtils.exists(directory_path):
self.output.error(
"Couldn't create the reports folder at {}".format(
directory_path))
exit(1)
self.output.output_file(output_file)
if self.options["output_format"]:
self.report_manager = ReportManager(
self.options["output_format"], self.options["output_file"]
or output_file)
else:
self.report_manager = ReportManager("plain", output_file)
def setup_reports(self):
"""Create report file"""
output_file = None
if self.options.output_file:
output_file = FileUtils.get_abs_path(self.options.output_file)
elif self.options.autosave_report:
if len(self.targets) > 1:
directory_path = self.setup_batch_reports()
filename = "BATCH" + self.get_output_extension()
else:
parsed = urlparse(self.options.urls[0])
filename = get_valid_filename(f"{parsed.path}_")
filename += time.strftime("%y-%m-%d_%H-%M-%S")
filename += self.get_output_extension()
directory_path = FileUtils.build_path(
self.report_path, get_valid_filename(parsed.netloc)
)
output_file = FileUtils.build_path(directory_path, filename)
if FileUtils.exists(output_file):
i = 2
while FileUtils.exists(f"{output_file}_{i}"):
i += 1
output_file += f"_{i}"
try:
FileUtils.create_dir(directory_path)
except Exception:
self.output.error(
f"Couldn't create the reports folder at {directory_path}"
)
exit(1)
self.report_manager = ReportManager(self.options.output_format, output_file)
if output_file:
self.output.output_file(output_file)
def __init__(self, options, output):
self.directories = Queue()
self.output = output
self.options = options
self.pass_dirs = ["/"]
if options.raw_file:
raw = Raw(options.raw_file)
self.url_list = [raw.url]
self.httpmethod = raw.method
self.data = raw.body
self.headers = raw.headers
else:
self.url_list = options.url_list
self.httpmethod = options.httpmethod
self.data = options.httpmethod
self.headers = {**DEFAULT_HEADERS, **options.headers}
if options.cookie:
self.headers["Cookie"] = options.cookie
if options.useragent:
self.headers["User-Agent"] = options.useragent
self.random_agents = None
if options.use_random_agents:
self.random_agents = FileUtils.get_lines(
FileUtils.build_path(SCRIPT_PATH, "db", "user-agents.txt"))
self.blacklists = Dictionary.generate_blacklists(options.extensions)
self.dictionary = Dictionary(
paths=options.wordlist,
extensions=options.extensions,
suffixes=options.suffixes,
prefixes=options.prefixes,
lowercase=options.lowercase,
uppercase=options.uppercase,
capitalization=options.capitalization,
force_extensions=options.force_extensions,
exclude_extensions=options.exclude_extensions,
no_extension=options.no_extension,
only_selected=options.only_selected)
self.jobs_count = len(self.url_list) * (len(options.scan_subdirs)
if options.scan_subdirs else 1)
self.current_job = 0
self.batch = False
self.batch_session = None
self.exit = None
self.threads_lock = threading.Lock()
self.report_manager = EmptyReportManager()
self.report = EmptyReport()
self.start_time = time.time()
self.output.header(BANNER)
self.print_config()
if options.autosave_report or options.output_file:
if options.autosave_report:
self.report_path = options.output_location or FileUtils.build_path(
SCRIPT_PATH, "reports")
self.validate_dir(self.report_path)
self.setup_reports()
if options.log_file:
self.validate_dir(FileUtils.parent(options.log_file))
FileUtils.create_directory(FileUtils.parent(options.log_file))
self.output.log_file(FileUtils.get_abs_path(options.log_file))
try:
for url in self.url_list:
try:
gc.collect()
try:
self.requester = Requester(
url if url.endswith("/") else url + "/",
max_pool=options.threads_count,
max_retries=options.max_retries,
timeout=options.timeout,
ip=options.ip,
proxy=options.proxy,
proxylist=options.proxylist,
redirect=options.follow_redirects,
request_by_hostname=options.request_by_hostname,
httpmethod=self.httpmethod,
data=self.data,
scheme=options.scheme,
random_agents=self.random_agents,
)
self.output.set_target(self.requester.base_url +
self.requester.base_path)
self.requester.setup()
for key, value in self.headers.items():
self.requester.set_header(key, value)
if options.auth:
self.requester.set_auth(options.auth_type,
options.auth)
# Test request to check if server is up
self.requester.request("")
self.write_log("Test request sent for: {}".format(
self.requester.base_url))
if options.autosave_report or options.output_file:
self.report = Report(self.requester.host,
self.requester.port,
self.requester.scheme,
self.requester.base_path)
except RequestException as e:
self.output.error(e.args[0])
raise SkipTargetInterrupt
self.skip = None
if not options.scan_subdirs:
self.directories.put("")
for subdir in options.scan_subdirs:
self.directories.put(subdir)
self.pass_dirs.append(subdir)
match_callbacks = [self.match_callback, self.append_log]
not_found_callbacks = [
self.not_found_callback, self.append_log
]
error_callbacks = [
self.error_callback, self.append_error_log
]
self.fuzzer = Fuzzer(
self.requester,
self.dictionary,
suffixes=options.suffixes,
prefixes=options.prefixes,
exclude_response=options.exclude_response,
threads=options.threads_count,
delay=options.delay,
maxrate=options.maxrate,
match_callbacks=match_callbacks,
not_found_callbacks=not_found_callbacks,
error_callbacks=error_callbacks,
)
try:
self.prepare()
except RequestException as e:
self.output.error(e.args[0])
raise SkipTargetInterrupt
except SkipTargetInterrupt:
self.report.completed = True
continue
except KeyboardInterrupt:
self.close("Canceled by the user")
self.output.warning("\nTask Completed")
def setup(self, options, output):
self.options, self.output = options, output
if self.options.raw_file:
self.options.update(
zip(
["urls", "httpmethod", "headers", "data"],
parse_raw(self.options.raw_file),
)
)
else:
self.options.headers = {**DEFAULT_HEADERS, **self.options.headers}
if self.options.cookie:
self.options.headers["Cookie"] = self.options.cookie
if self.options.useragent:
self.options.headers["User-Agent"] = self.options.useragent
self.random_agents = None
if self.options.use_random_agents:
self.random_agents = FileUtils.get_lines(
FileUtils.build_path(SCRIPT_PATH, "db", "user-agents.txt")
)
self.requester = Requester(
max_pool=self.options.threads_count,
max_retries=self.options.max_retries,
timeout=self.options.timeout,
ip=self.options.ip,
proxy=self.options.proxy,
follow_redirects=self.options.follow_redirects,
httpmethod=self.options.httpmethod,
headers=self.options.headers,
data=self.options.data,
scheme=self.options.scheme,
random_agents=self.random_agents,
)
self.dictionary = Dictionary(
paths=self.options.wordlist,
extensions=self.options.extensions,
suffixes=self.options.suffixes,
prefixes=self.options.prefixes,
lowercase=self.options.lowercase,
uppercase=self.options.uppercase,
capitalization=self.options.capitalization,
force_extensions=self.options.force_extensions,
exclude_extensions=self.options.exclude_extensions,
no_extension=self.options.no_extension,
only_selected=self.options.only_selected,
)
self.blacklists = Dictionary.generate_blacklists(self.options.extensions)
self.targets = options.urls
self.start_time = time.time()
self.passed_urls = set()
self.directories = []
self.report = None
self.batch = False
self.current_job = 0
self.jobs_count = 0
self.errors = 0
self.consecutive_errors = 0
if self.options.auth:
self.requester.set_auth(self.options.auth_type, self.options.auth)
if self.options.proxy_auth:
self.requester.set_proxy_auth(self.options.proxy_auth)
if self.options.log_file:
self.options.log_file = FileUtils.get_abs_path(self.options.log_file)
try:
FileUtils.create_dir(FileUtils.parent(self.options.log_file))
if not FileUtils.can_write(self.options.log_file):
raise Exception
except Exception:
self.output.error(
f"Couldn't create log file at {self.options.log_file}"
)
exit(1)
if self.options.autosave_report:
self.report_path = self.options.output_path or FileUtils.build_path(
SCRIPT_PATH, "reports"
)
try:
FileUtils.create_dir(self.report_path)
if not FileUtils.can_write(self.report_path):
raise Exception
except Exception:
self.output.error(
f"Couldn't create report folder at {self.report_path}"
)
exit(1)
self.output.header(BANNER)
self.output.config(
", ".join(self.options["extensions"]),
", ".join(self.options["prefixes"]),
", ".join(self.options["suffixes"]),
str(self.options["threads_count"]),
str(len(self.dictionary)),
str(self.options["httpmethod"]),
)
self.setup_reports()
if self.options.log_file:
self.output.log_file(self.options.log_file)