def newmreq(self): """ Hot, fresh MassRequest everytime! Workaround for the iFuzzer class using self.mreq. """ return MassRequest(**self.mreq_config_dict)
def __init__(self, targets=None, payloads=None, num_threads=10, time_per_url=10, request_timeout=10, proxy_list=None, hadoop_reporting=False, depreciated=None): """ Initialize this WebFuzzer object. targets list of Target objects. Default []. payloads list of Payload objects. Default []. num_threads Number of threads/processes to launch as an int. Default 10. time_per_url Time in seconds to spend on each Target. Default 10. request_timeout Time in seconds to wait for a connection before giving up. Default 10. proxy_list list of proxies specified as dicts. Default empty. hadoop_reporting Output info for hadoop if True. Default False. payload_groups UNUSED. list of groups of Payload objects. Default []. """ super(WebFuzzer, self).__init__() # do this because we may need to create more MassRequest objects in # checks (like bsqli), needs to be configured the same self.mreq_config_dict = {"num_threads": num_threads, "time_per_url": time_per_url, "request_timeout": request_timeout, "proxy_list": proxy_list or [{}], "hadoop_reporting": hadoop_reporting} self.mreq = MassRequest(**self.mreq_config_dict) self.targets = targets or [] self.payloads = payloads or [] self.mxi_check = MXICheck() self.osci_check = OSCICheck() self.sqli_check = SQLICheck() self.trav_check = TravCheck() self.xpathi_check = XPathICheck() self.xss_check = XSSCheck() self.hadoop_reporting = hadoop_reporting if self.hadoop_reporting: logger.info("Hadoop reporting set in fuzzer") self.fuzzy_targets = []
def fetch(self, num_threads=10, time_per_url=10, request_timeout=10, proxy_list=[{}]): """Fetch URLs and append them to the seed list""" self.mreq = MassRequest(num_threads=num_threads, time_per_url=time_per_url, request_timeout=request_timeout, proxy_list=proxy_list, hadoop_reporting=True) unfetched_targets = [ unfetched_target for unfetched_target in self.targets if unfetched_target.status == "unfetched" ] for ut in unfetched_targets: logger.info("Fetching %s", ut) # NB: this only fetches via GET, doesn't submit forms for more links self.mreq.get_targets(self.targets) self.results = self.mreq.results for target in self.targets: target.status = "fetched"
>>> targets = [target_1, target_2, target_3] >>> mr = MassRequest() >>> mr.request_targets(targets) >>> for r in mr.results: ... print r ... (<massweb.targets.target.Target object at 0x15496d0>, <Response [200]>) (<massweb.targets.target.Target object at 0x1549650>, <Response [200]>) (<massweb.targets.target.Target object at 0x1549490>, <Response [200]>) >>> for target, response in mr.results: ... print target, response.status_code ... http://course.hyperiongray.com/vuln2/898538a7335fd8e6bac310f079ba3fd1/ 200 http://www.hyperiongray.com/ 200 http://course.hyperiongray.com/vuln1 200`` """ from massweb.mass_requests.mass_request import MassRequest from massweb.targets.target import Target target_1 = Target(url=u"http://course.hyperiongray.com/vuln1", data={"password": "******"}, ttype="post") target_2 = Target(url=u"http://course.hyperiongray.com/vuln2/898538a7335fd8e6bac310f079ba3fd1/", data={"how": "I'm good thx"}, ttype="post") target_3 = Target(url=u"http://www.hyperiongray.com/", ttype="get") targets = [target_1, target_2, target_3] mr = MassRequest() mr.request_targets(targets) for result in mr.results: print result for target, response in mr.results: print target, response.status_code