Projects STRLCPY pentest-tools Commits fbcb7ea8
🤬
  • ■ ■ ■ ■ ■ ■
    lfi.py
    skipped 17 lines
    18 18  from multiprocessing.dummy import Pool
    19 19  from colored import fg, bg, attr
    20 20   
    21  -MAX_EXCEPTION = 3
    22  -MAX_VULNERABLE = 3
     21 +MAX_EXCEPTION = 100
     22 +MAX_VULNERABLE = 100
    23 23   
    24 24  # disable "InsecureRequestWarning: Unverified HTTPS request is being made."
    25 25  from requests.packages.urllib3.exceptions import InsecureRequestWarning
    skipped 92 lines
    118 118   t_urlparse = urllib.parse.urlparse( url )
    119 119   
    120 120   if len(t_urlparse.query):
    121  - testParams( t_urlparse, payload.strip('/') )
     121 + testParams( t_urlparse, payload )
     122 + # testParams( t_urlparse, payload.strip('/') )
    122 123   
    123 124   # if len(t_urlparse.fragment):
    124 125   # testFragment( t_urlparse, payload.strip('/') )
    skipped 3 lines
    128 129   
    129 130  def testURL( url ):
    130 131   time.sleep( 0.01 )
    131  - 
     132 + # print(url)
    132 133   if _verbose <= 1:
    133 134   sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) )
    134 135   t_multiproc['n_current'] = t_multiproc['n_current'] + 1
    skipped 6 lines
    141 142   
    142 143  def doTest( url, method='GET', post_params='' ):
    143 144   
    144  - with open('generated_urls', 'a+') as fp:
    145  - fp.write(url+"\n")
    146  - return
     145 + # with open('generated_urls', 'a+') as fp:
     146 + # fp.write(url+"\n")
     147 + # return
    147 148   
    148  - t_realdotest.append( [url,method,post_params] )
     149 + # t_realdotest.append( [url,method,post_params] )
     150 + realDoTest( [url,method,post_params] );
    149 151   return
    150 152   
    151 153   
    skipped 10 lines
    162 164   t_urlparse = urllib.parse.urlparse(url)
    163 165   u = t_urlparse.scheme + '_' + t_urlparse.netloc
    164 166   
    165  - if not u in t_exceptions:
    166  - t_exceptions[u] = 0
    167  - if t_exceptions[u] >= MAX_EXCEPTION:
    168  - if _verbose >= 3 and _verbose < 4:
    169  - print("skip too many exceptions %s" % t_urlparse.netloc)
    170  - return
     167 + # if not u in t_exceptions:
     168 + # t_exceptions[u] = 0
     169 + # if t_exceptions[u] >= MAX_EXCEPTION:
     170 + # if _verbose >= 3 and _verbose < 4:
     171 + # print("skip too many exceptions %s" % t_urlparse.netloc)
     172 + # return
    171 173   
    172  - if not u in t_vulnerable:
    173  - t_vulnerable[u] = 0
    174  - if t_vulnerable[u] >= MAX_VULNERABLE:
    175  - if _verbose >= 3 and _verbose < 4:
    176  - print("skip already vulnerable %s" % t_urlparse.netloc)
    177  - return
     174 + # if not u in t_vulnerable:
     175 + # t_vulnerable[u] = 0
     176 + # if t_vulnerable[u] >= MAX_VULNERABLE:
     177 + # if _verbose >= 3 and _verbose < 4:
     178 + # print("skip already vulnerable %s" % t_urlparse.netloc)
     179 + # return
    178 180   
    179 181   try:
    180 182   if method == 'POST':
    skipped 1 lines
    182 184   else:
    183 185   r = requests.get( url, headers=t_custom_headers, timeout=5, verify=False )
    184 186   except Exception as e:
    185  - t_exceptions[u] = t_exceptions[u] + 1
     187 + # t_exceptions[u] = t_exceptions[u] + 1
    186 188   if _verbose >= 3 and _verbose < 4:
    187 189   sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) )
    188 190   return
    skipped 9 lines
    198 200   else:
    199 201   vuln = '-'
    200 202   
    201  - if vuln == 'VULNERABLE':
    202  - t_vulnerable[u] = t_vulnerable[u] + 1
     203 + # if vuln == 'VULNERABLE':
     204 + # t_vulnerable[u] = t_vulnerable[u] + 1
    203 205   
    204 206   # output = '%sC=%d\t\tT=%s\t\tV=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,content_type,vuln)
    205 207   output = '%s\t\tC=%d\t\tT=%s\t\tV=%s\n' % (url,r.status_code,content_type,vuln)
    skipped 114 lines
    320 322   
    321 323  if _verbose < 4:
    322 324   sys.stdout.write( '%s[+] options are -> threads:%d, verbose:%d%s\n' % (fg('green'),_threads,_verbose,attr(0)) )
    323  - sys.stdout.write( '[+] computing host and payload list...\n' )
     325 + # sys.stdout.write( '[+] computing host and payload list...\n' )
    324 326   
    325 327   
    326 328  # source: https://github.com/jhaddix/SecLists/blob/master/Fuzzing/LFI-JHADDIX.txt
    skipped 180 lines
    507 509   
    508 510  n_totest = len(t_totest)
    509 511   
    510  -random.shuffle(t_totest)
     512 +# random.shuffle(t_totest)
    511 513  # print("\n".join(t_totest))
    512 514  # exit()
    513 515   
    skipped 29 lines
    543 545   sys.exit(1)
    544 546   
    545 547   
     548 + 
     549 + 
     550 +exit()
     551 + 
     552 + 
     553 + 
     554 + 
    546 555  if _verbose < 4:
    547 556   sys.stdout.write( '%s[+] %d urls payloaded to test.%s\n' % (fg('green'),len(t_realdotest),attr(0)) )
    548 557   sys.stdout.write( '[+] testing...\n' )
    skipped 15 lines
    564 573   realDoTest( params )
    565 574   q.task_done()
    566 575   
    567  -# q = Queue( _threads*2 )
     576 +q = Queue( _threads*2 )
    568 577   
    569  -# for i in range(_threads):
    570  -# t = Thread( target=realDoWork )
    571  -# t.daemon = True
    572  -# t.start()
     578 +for i in range(_threads):
     579 + t = Thread( target=realDoWork )
     580 + t.daemon = True
     581 + t.start()
    573 582   
    574  -# with open('generated_urls', 'w') as fp:
    575  -# fp.write("\n".join(str(item[0]) for item in t_realdotest))
    576  - 
    577  -exit()
    578  - 
    579  -# f = open("generated_urls", "w")
    580  -# f.write(t_realdotest.join("\n"))
    581  -# # f.write("\n".join(t_realdotest))
    582  -# f.close()
    583  - 
    584  -# try:
    585  -# for url in t_realdotest:
    586  -# q.put( url )
    587  -# q.join()
    588  -# except KeyboardInterrupt:
    589  -# sys.exit(1)
     583 +try:
     584 + for url in t_realdotest:
     585 + q.put( url )
     586 + q.join()
     587 +except KeyboardInterrupt:
     588 + sys.exit(1)
    590 589   
    591 590   
Please wait...
Page is in error, reload to recover