def process(self, url, value): s = requests.Session() req = s.get(url) self.display_message("Server answered: %s status code" % req.status_code) pattern = r'S=\'([a-zA-Z0-9\=]+)\'' cookie_sucuri = base64.b64decode(re.findall(pattern, req.content)[0]) cookie_sucuri = cookie_sucuri.replace('document.cookie', 'res') cookie_sucuri = cookie_sucuri.replace('location.reload();', '') # executing the javascript rt = Runtime() cx = rt.new_context() result = cx.execute(cookie_sucuri) self.display_message("Sucuri cookie: %s" % result) cookie_sucuri = result.split('=') cookies = {cookie_sucuri[0]: cookie_sucuri[1]} data = {'domainName': value, 'domainResolved': '', 'resolveDomain': ''} req = s.post(url, cookies=cookies, data=data) self.display_message("Server answered: %s status code" % req.status_code) soup = BeautifulSoup(req.content, 'html.parser') res = soup.find('input', attrs={'name': 'domainResolved'})['value'] if res: return filter(None, res.split(', ')) else: return None
def __init__(self, connection, name): self._name = name self._connection = connection self._collections = {} if Runtime is not None: self._jsruntime = Runtime() else: self._jsruntime = None
def setUp(self): rt = Runtime() self.cx = rt.new_context() self.x = [] def echo(arg): self.x.append(arg) return arg self.cx.bind_callable("echo", echo)
def __init__(self, client, name, **__): super(Database, self).__init__(client, name) self._name = name self._client = client self._collections = {} if Runtime is not None: self._jsruntime = Runtime() else: self._jsruntime = None
def activate(self): super(Hubot, self).activate() self.process = HubotProcess(self) self.rt = Runtime() if not self.get('scripts', None): self['scripts'] = {} else: for name, snippet in self['scripts'].iteritems(): logging.debug("Inserting %s... " % name) self.add_snippet(name, snippet)
def setUp(self): class Nonce: pass class Window: def __init__(self): self.arg = Nonce() self.window = self self.name = "foobar" self.val = 42 def foo(self, arg): self.arg = arg self.window = Window() rt = Runtime() self.cx = rt.new_context(self.window) self.cx.bind_class(Nonce)
def setUp(self): rt = Runtime() self.cx = rt.new_context() class spam: def __init__(self): self.args = [] self.val = 42 self._private = "no peeking" def foo(self, *args): self.args.append(args) def _private_method(self): assert False def __getitem__(self, key): assert type(key) == IntType self.args.append(key) return self.val def __setitem__(self, key, value): assert type(key) == IntType self.args.append((key, value)) self.val = value self.cx.bind_class(spam) self.spam = spam() self.cx.bind_object("bs", self.spam)
def analyseJS(code): ''' Search for obfuscated functions in the Javascript code @param code: The Javascript code (string) @return: List with analysis information of the Javascript code: [JSCode,unescapedBytes,urlsFound], where JSCode is a list with the several stages Javascript code, unescapedBytes is a list with the parameters of unescape functions, and urlsFound is a list with the URLs found in the unescaped bytes. ''' error = '' errors = [] JSCode = [] unescapedBytes = [] urlsFound = [] oldStdErr = sys.stderr errorFile = open('jserror.log','w') sys.stderr = errorFile if code != None and JS_MODULE: r = Runtime() context = r.new_context() while True: evalFunctionsData = searchObfuscatedFunctions(code, 'eval') originalElement = code for evalFunctionData in evalFunctionsData: if not evalFunctionData[2]: modifiedCode = evalFunctionData[1][0].replace(evalFunctionData[0],'return') code = originalElement.replace(evalFunctionData[1][0],modifiedCode) else: code = originalElement.replace(evalFunctionData[1][0],evalFunctionData[1][1]+';') try: executedJS = context.eval_script(code) if executedJS == None: raise exception break except: if evalFunctionData[2]: modifiedCode = evalFunctionData[1][0].replace(evalFunctionData[0],'return') code = originalElement.replace(evalFunctionData[1][0],modifiedCode) else: code = originalElement.replace(evalFunctionData[1][0],evalFunctionData[1][1]+';') try: executedJS = context.eval_script(code) if executedJS == None: raise exception except: code = originalElement continue else: break if executedJS != originalElement and executedJS != None and executedJS != '': code = executedJS JSCode.append(code) else: break if code != None: escapedVars = re.findall('(\w*?)\s*?=\s*?(unescape\((.*?)\))', code, re.DOTALL) for var in escapedVars: bytes = var[2] if bytes.find('+') != -1: varContent = getVarContent(code, bytes) if len(varContent) > 150: ret = unescape(varContent) if ret[0] != -1: bytes = ret[1] urls = re.findall('https?://.*$', bytes, re.DOTALL) if bytes not in unescapedBytes: unescapedBytes.append(bytes) for url in urls: if url not in urlsFound: urlsFound.append(url) else: bytes = bytes[1:-1] if len(bytes) > 150: ret = unescape(bytes) if ret[0] != -1: bytes = ret[1] urls = re.findall('https?://.*$', bytes, re.DOTALL) if bytes not in unescapedBytes: unescapedBytes.append(bytes) for url in urls: if url not in urlsFound: urlsFound.append(url) errorFile.close() sys.stderr = oldStdErr errorFileContent = open('jserror.log','r').read() if errorFileContent != '' and errorFileContent.find('JavaScript error') != -1: lines = errorFileContent.split(newLine) for line in lines: if line.find('JavaScript error') != -1 and line not in errors: errors.append(line) return [JSCode,unescapedBytes,urlsFound,errors]
def analyseJS(code): ''' Search for obfuscated functions in the Javascript code @param code: The Javascript code (string) @return: List with analysis information of the Javascript code: [JSCode,unescapedBytes,urlsFound], where JSCode is a list with the several stages Javascript code, unescapedBytes is a list with the parameters of unescape functions, and urlsFound is a list with the URLs found in the unescaped bytes. ''' errors = [] JSCode = [] unescapedBytes = [] urlsFound = [] oldStdErr = sys.stderr errorFile = StringIO() sys.stderr = errorFile try: scriptCode = re.findall(reJSscript, code, re.DOTALL | re.IGNORECASE) if scriptCode != []: for c in scriptCode: code = unescapeHTMLEntities(c) code = jsbeautifier.beautify(c) JSCode.append(c) else: code_items = filter( lambda x: re.match('^\s*\d+\s+\d+', x) == None, [ re.sub('^\s*\(', '', re.sub('\)[^\)]+$', '', a.split('JavaScript')[0])) for a in re.split('/\s*JS', code)[1:] ]) if code_items != []: for ci in code_items: ci = ci.replace("\\\\", "\\").replace("\(", "(").replace( "\)", ")").replace("\ ", " ").replace("\\r", "\r").replace("\\n", "\n") ci = unescapeHTMLEntities(ci) ci = jsbeautifier.beautify(ci) JSCode.append(ci) else: code = unescapeHTMLEntities(code) code = jsbeautifier.beautify(code) JSCode.append(code) for code in JSCode: if code != None and JS_MODULE: r = Runtime() context = r.new_context() while True: evalFunctionsData = searchObfuscatedFunctions(code, 'eval') originalElement = code for evalFunctionData in evalFunctionsData: if not evalFunctionData[2]: modifiedCode = evalFunctionData[1][0].replace( evalFunctionData[0], 'return') code = originalElement.replace( evalFunctionData[1][0], modifiedCode) else: code = originalElement.replace( evalFunctionData[1][0], evalFunctionData[1][1] + ';') try: executedJS = context.eval_script(code) if executedJS == None: raise Exception break except: if evalFunctionData[2]: modifiedCode = evalFunctionData[1][0].replace( evalFunctionData[0], 'return') code = originalElement.replace( evalFunctionData[1][0], modifiedCode) else: code = originalElement.replace( evalFunctionData[1][0], evalFunctionData[1][1] + ';') try: executedJS = context.eval_script(code) if executedJS == None: raise Exception except: code = originalElement continue else: break if executedJS != originalElement and executedJS != None and executedJS != '': code = executedJS JSCode.append(code) else: break if code != None: escapedVars = re.findall( '(\w*?)\s*?=\s*?(unescape\((.*?)\))', code, re.DOTALL) for var in escapedVars: bytes = var[2] if bytes.find('+') != -1: varContent = getVarContent(code, bytes) if len(varContent) > 150: ret = unescape(varContent) if ret[0] != -1: bytes = ret[1] urls = re.findall('https?://.*$', bytes, re.DOTALL) if bytes not in unescapedBytes: unescapedBytes.append(bytes) for url in urls: if url not in urlsFound: urlsFound.append(url) else: bytes = bytes[1:-1] if len(bytes) > 150: ret = unescape(bytes) if ret[0] != -1: bytes = ret[1] urls = re.findall('https?://.*$', bytes, re.DOTALL) if bytes not in unescapedBytes: unescapedBytes.append(bytes) for url in urls: if url not in urlsFound: urlsFound.append(url) except Exception, e: errors.append('Unknown error!! [%s]' % e)
def setUp(self): rt = Runtime() self.cx = rt.new_context()
def _get_runtime(self): return Runtime()