crash.software
Projects
Pull Requests
Issues
Builds
ghauri
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ghauri Commits b6b24ff5
🤬

  • updated code to check if the requested parameter is already tested and can be found in session, if not start testing..

  • Loading...
  • r0oth3x49 committed 1 year ago
    b6b24ff5
    1 parent 6dbc665c
  • ■ ■ ■ ■ ■ ■
    ghauri/core/tests.py
    skipped 78 lines
    79 79   is_dynamic = False
    80 80   is_resumed = False
    81 81   param_name = ""
     82 + is_parameter_tested = False
    82 83   if is_multipart:
    83 84   param_name += "MULTIPART "
    84 85   if is_json:
    skipped 2 lines
    87 88   param_key = parameter.get("key")
    88 89   Response = collections.namedtuple(
    89 90   "BasicCheckResponse",
    90  - ["base", "possible_dbms", "is_connection_tested", "is_dynamic", "is_resumed"],
     91 + [
     92 + "base",
     93 + "possible_dbms",
     94 + "is_connection_tested",
     95 + "is_dynamic",
     96 + "is_resumed",
     97 + "is_parameter_tested",
     98 + ],
    91 99   )
    92 100   _possible_dbms = None
    93 101   try:
    skipped 13 lines
    107 115   values=(base.path,),
    108 116   )
    109 117   if retval:
    110  - logger.debug("ghauri is going to resume target exploitation.")
     118 + json_data_parameters = [
     119 + json.loads(i.get("parameter", "{}")) for i in retval
     120 + ]
     121 + params_tested_already = list(
     122 + set(
     123 + [
     124 + i
     125 + for i in [
     126 + i.get("key", "").lower() for i in json_data_parameters
     127 + ]
     128 + if i
     129 + ]
     130 + )
     131 + )
     132 + param_tobe_tested = parameter.get("key").lower()
     133 + if param_tobe_tested in params_tested_already:
     134 + logger.debug(f"parameter '{param_tobe_tested}' is already tested..")
     135 + is_parameter_tested = True
     136 + logger.debug("ghauri is going to resume target exploitation.")
    111 137   is_resumed = True
    112 138   if not is_resumed:
    113 139   logger.info("testing if the target URL content is stable")
    skipped 82 lines
    196 222   is_connection_tested=True,
    197 223   is_dynamic=is_dynamic,
    198 224   is_resumed=is_resumed,
     225 + is_parameter_tested=is_parameter_tested,
    199 226   )
    200 227   
    201 228   
    skipped 2171 lines
  • ■ ■ ■ ■ ■
    ghauri/ghauri.py
    skipped 253 lines
    254 254   for parameter in parameters:
    255 255   param_name = parameter.get("key")
    256 256   param_value = parameter.get("value")
     257 + is_parameter_tested = False
    257 258   is_custom_injection_marker_found = bool(
    258 259   "*" in param_name or "*" in param_value
    259 260   )
    skipped 30 lines
    290 291   )
    291 292   possible_dbms = retval_check.possible_dbms
    292 293   is_connection_tested = retval_check.is_connection_tested
    293  - is_resumed = retval_check.is_resumed
    294  - if not is_resumed:
     294 + is_parameter_tested = retval_check.is_parameter_tested
     295 + if not is_resumed or not is_parameter_tested:
    295 296   if custom_injection_in:
    296 297   custom_point = custom_injection_in[-1]
    297 298   if "HEADER" in custom_point:
    skipped 503 lines
Please wait...
Page is in error, reload to recover