def newmreq(self):
""" Hot, fresh MassRequest everytime!
Workaround for the iFuzzer class using self.mreq.
"""
return MassRequest(**self.mreq_config_dict)
def __init__(self, targets=None, payloads=None, num_threads=10,
time_per_url=10, request_timeout=10, proxy_list=None,
hadoop_reporting=False, depreciated=None):
""" Initialize this WebFuzzer object.
targets list of Target objects. Default [].
payloads list of Payload objects. Default [].
num_threads Number of threads/processes to launch as an int.
Default 10.
time_per_url Time in seconds to spend on each Target.
Default 10.
request_timeout Time in seconds to wait for a connection before
giving up. Default 10.
proxy_list list of proxies specified as dicts. Default empty.
hadoop_reporting Output info for hadoop if True. Default False.
payload_groups UNUSED. list of groups of Payload objects.
Default [].
"""
super(WebFuzzer, self).__init__()
# do this because we may need to create more MassRequest objects in
# checks (like bsqli), needs to be configured the same
self.mreq_config_dict = {"num_threads": num_threads,
"time_per_url": time_per_url,
"request_timeout": request_timeout,
"proxy_list": proxy_list or [{}],
"hadoop_reporting": hadoop_reporting}
self.mreq = MassRequest(**self.mreq_config_dict)
self.targets = targets or []
self.payloads = payloads or []
self.mxi_check = MXICheck()
self.osci_check = OSCICheck()
self.sqli_check = SQLICheck()
self.trav_check = TravCheck()
self.xpathi_check = XPathICheck()
self.xss_check = XSSCheck()
self.hadoop_reporting = hadoop_reporting
if self.hadoop_reporting:
logger.info("Hadoop reporting set in fuzzer")
self.fuzzy_targets = []
def fetch(self,
num_threads=10,
time_per_url=10,
request_timeout=10,
proxy_list=[{}]):
"""Fetch URLs and append them to the seed list"""
self.mreq = MassRequest(num_threads=num_threads,
time_per_url=time_per_url,
request_timeout=request_timeout,
proxy_list=proxy_list,
hadoop_reporting=True)
unfetched_targets = [
unfetched_target for unfetched_target in self.targets
if unfetched_target.status == "unfetched"
]
for ut in unfetched_targets:
logger.info("Fetching %s", ut)
# NB: this only fetches via GET, doesn't submit forms for more links
self.mreq.get_targets(self.targets)
self.results = self.mreq.results
for target in self.targets:
target.status = "fetched"
>>> targets = [target_1, target_2, target_3]
>>> mr = MassRequest()
>>> mr.request_targets(targets)
>>> for r in mr.results:
... print r
...
(<massweb.targets.target.Target object at 0x15496d0>, <Response [200]>)
(<massweb.targets.target.Target object at 0x1549650>, <Response [200]>)
(<massweb.targets.target.Target object at 0x1549490>, <Response [200]>)
>>> for target, response in mr.results:
... print target, response.status_code
...
http://course.hyperiongray.com/vuln2/898538a7335fd8e6bac310f079ba3fd1/ 200
http://www.hyperiongray.com/ 200
http://course.hyperiongray.com/vuln1 200``
"""
from massweb.mass_requests.mass_request import MassRequest
from massweb.targets.target import Target
target_1 = Target(url=u"http://course.hyperiongray.com/vuln1", data={"password": "******"}, ttype="post")
target_2 = Target(url=u"http://course.hyperiongray.com/vuln2/898538a7335fd8e6bac310f079ba3fd1/", data={"how": "I'm good thx"}, ttype="post")
target_3 = Target(url=u"http://www.hyperiongray.com/", ttype="get")
targets = [target_1, target_2, target_3]
mr = MassRequest()
mr.request_targets(targets)
for result in mr.results:
print result
for target, response in mr.results:
print target, response.status_code
