def for_inputs(self):
patterns = {
"url":
re.compile("(http|https)\:\/\/"),
"file":
re.compile(
"\.(php|pdf|exe|txt|asp|aspx|json|do|pl|html|js|csv|htm|jsp|css|ashx|dhtml|cgi|cfm|action|rb|shtml|xml)"
),
"code":
re.compile("[\{\}\$\;\=\|\:]+"),
"path":
re.compile("[\/\\\\]+")
}
ret = []
tpl = "{0} {1} {2}\n{3}\n"
for log in self.logs.Search():
params = {}
if log[1].request.query:
params["Query"] = To.SingleDemension(log[1].request.query)
if log[1].request.body:
sd = To.SingleDemension(log[1].request.body)
if sd:
params["Body"] = sd
finds = {}
for param, values in params.items():
for f, v in values.items():
for t, p in patterns.items():
if p.search(v.lower()):
if param in finds.keys():
finds[param][f] = (t, v)
else:
finds[param] = {f: (t, v)}
break
if len(finds.keys()) > 0:
meta = []
for p, find in finds.items():
label = p + ":"
for f, v in find.items():
meta.append(
Printer.Cols([
(label, 7, False),
(f, 25, False),
(v[0].upper(), 5, False),
(v[1], 80, False),
], False))
label = ""
ret.append(
tpl.format(log[0], log[1].method, log[1].request.uri,
"\n".join(meta)))
return ret
def for_reflected(self):
ret = []
for log in self.logs.Search([], {"mime": "HTML"}):
if int(log[1].length) > 0:
body = log[1].response.body
body = To.SafeDecode(body)
body = body if not isinstance(body,
(list, dict,
tuple)) else json.dumps(body)
qm = self._reflect_find(body, log[1].request.query)
bm = self._reflect_find(
body, log[1].request.body) if isinstance(
log[1].request.body, dict) else None
if qm or bm:
url = "{0}://{1}{2}".format(log[1].protocol, log[1].host,
log[1].path)
ret.append(
self._reflect_result(log[0], log[1].method, url, qm, bm))
final = []
for r in sorted(ret, key=lambda i: -i["score"]):
if r["sig"] not in map(lambda m: m["sig"], final):
final.append(r)
else:
for i in range(len(final)):
if r["sig"] == final[i][
"sig"] and r["score"] > final[i]["score"]:
final[i] = r
return map(lambda m: m["value"], final)
def Code(logs,fp):
mapped = []
multi = False
jpad = 4
opad = 0
tpl = "single"
if not isinstance(logs,list):
logs = [logs]
if len(logs) > 1:
multi = True
jpad = 8
opad = 4
tpl = "multiple"
for log in logs:
mapped.append(Generate.substitute_map(log,jpad))
const_header = "None"
const_cookies = "None"
if multi:
if len(set(map(lambda x: x["@@HEADER"],mapped))) == 1:
const_header = To.Code(logs[0].request.HeaderNoCookies())
for m in mapped:
m["@@HEADER"] = "header"
if len(set(map(lambda x: x["@@COOKIES"],mapped))) == 1:
const_cookies = To.Code(logs[0].request.cookies)
for m in mapped:
m["@@COOKIES"] = "cookies"
t = Reader.Read("{0}/{1}.pyt".format(os.path.dirname(__file__),tpl))
req_objs = [Generate.gen_request_object(m,opad) for m in mapped]
if multi:
t = Reader.Substitute(t,"@@HEADER",const_header)
t = Reader.Substitute(t,"@@COOKIES",const_cookies)
t = Reader.Substitute(t,"@@REQOBJS",",\n".join(req_objs))
else:
t = Reader.Substitute(t,"@@REQOBJ",req_objs[0])
Writer.Replace(fp,t)
return "Python Script Written to: {0}".format(fp)
def Unique(self,field,regex,terms,pairs):
results = self.Search(terms,pairs)
ret = []
for r in results:
v = r[1].__dict__[field].raw if field in ['request','response'] else r[1].__dict__[field]
if regex:
if v:
if isinstance(v,bytes):
expr = re.compile(regex.encode(),re.IGNORECASE)
else:
expr = re.compile(regex,re.IGNORECASE)
m = expr.findall(v)
if m:
for x in m:
ret.append(To.String(x))
else:
ret.append(To.String(v))
final = sorted(list(set(ret)))
return final
def substitute_map(log,pad):
return {
"@@URL": To.Code(log.request.uri),
"@@METHOD": To.Code(log.method),
"@@HEADER": To.Code(log.request.HeaderNoCookies(),pad),
"@@COOKIES": To.Code(log.request.cookies,pad),
"@@QUERY": To.Code(log.request.query,pad),
"@@BODY": To.Code(log.request.body,pad)
}
def Permutations(self,log_id,options):
section = None
value = "AAAAAAA"
for o in options:
if o:
if o in ["headers","cookies","query","body"]:
section = o
else:
value = o
ret = []
for key,parms in self.Parameters(log_id).items():
if parms:
if not section or section == key:
for p in parms:
r_pram = "{0}.{1}".format(key,p) if p.find(".") == -1 else "{0}.[{1}]".format(key,p)
ret.append(To.Dict(r_pram,value))
return ret
def _injections_find(self, headers, params):
l = 3
ret = {}
if not params:
return None
for hk, hv in headers.items():
hv = " ".join(hv) if isinstance(hv, list) else hv
matches = []
for v in To.SimpleStrArray(params):
if len(v) > l:
if self._ifind(hk, v) or self._ifind(hv, v):
matches.append(v)
if len(matches) > 0:
ret[hk] = matches
if len(ret.keys()) > 0:
return ret
return None
def flip_cmd(self, raw):
try:
args = Args(raw, [("log_id", int), ("method", str)], 2)
if self._validate(args, "log_id"):
log = self.logs.Get(args.log_id)
pv = To.Dict("method", args.method)
res, err = self.replay.Request(log, pv, None, True,
self.proxies)
if not err:
self.display.ResultHeader()
flag = (str(log.status) == str(res.status_code))
self._result(args.log_id, "FLIP", pv, res, flag, None)
self.display.BR()
else:
self.display.Error(err)
return True
except:
self._error()
return False
def replay_cmd(self, raw):
try:
args = Args(raw, [("log_id", int), ("parm", str), ("val", str),
("find", str)], 1)
args.val = self._substitute(args.val)
if self._validate(args, "log_id"):
log = self.logs.Get(args.log_id)
pv = To.Dict(args.parm, args.val) if args.parm else None
res, err = self.replay.Request(log, pv, args.find)
if not err:
self.display.ResultHeader()
self._result(args.log_id, "REPLY", pv, res, False, None)
self.display.BR()
else:
self.display.Error(err)
return True
except:
self._error()
return False
def reflected_cmd(self, raw):
try:
args = Args(raw, [("log_id", int), ("parm", str), ("val", str),
("find", str)], 3)
args.val = self._substitute(args.val)
if self._validate(args, "log_id"):
log = self.logs.Get(args.log_id)
pv = To.Dict(args.parm, args.val)
res, err = self.replay.Request(log, pv, args.find)
if not err:
self.display.ResultHeader()
flag, meta = Html.Reflected(res, args.val,
self.options.Get("render"))
self._result(args.log_id, "RFLCT", pv, res, flag, meta)
self.display.BR()
else:
self.display.Error(err)
return True
except:
self._error()
return False