这次修改dirsearch的原因呢,是因为在渗透测试过程中发现,一扫目录,结果为
额,这还咋扫啊
本来想把202状态给过滤掉,但想了想万一202状态有其他信息岂不是也过滤了,然后想把18KB的包给过滤了,结果,,,dirsearch没有这个功能。不过有–exclude-texts,过滤掉包含指定字符串的响应包功能,但想着以后要是也出现这种情况,还要抓包找特定字符串也挺麻烦的,所以就给dirsearch增加个过滤指定大小的包的功能。下面是结果演示
敲下 python dirsearch.py -h 可看到新增加的功能
使用方法
–exsize 加上指定过滤包的大小,过滤多个的话用逗号分割,我这里过滤掉了18KB和19KB的包
然后扫描结果如下
增加的这个功能我修改了两个py文件,你们想要有这个功能的话把这两个py文件替换一下就行,不过最好把两个原文件备份一下再替换。我的dirsearch的版本是0.3.9的。
ArgumentParser.py在lib\core目录下
Controller.py在lib\controller目录下
ArgumentParser.py
# -*- coding: utf-8 -*-
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
# Author: Mauro Soria
from optparse import OptionParser, OptionGroup
from lib.utils.DefaultConfigParser import DefaultConfigParser
from lib.utils.FileUtils import File
from lib.utils.FileUtils import FileUtils
from thirdparty.oset import *
class ArgumentParser(object):
def __init__(self, script_path):
self.script_path = script_path
self.parseConfig()
options = self.parseArguments()
if options.url == None:
if options.urlList != None:
with File(options.urlList) as urlList:
if not urlList.exists():
print("The file with URLs does not exist")
exit(0)
if not urlList.isValid():
print('The wordlist is invalid')
exit(0)
if not urlList.canRead():
print('The wordlist cannot be read')
exit(0)
self.urlList = list(urlList.getLines())
elif options.url == None:
print('URL target is missing, try using -u <url> ')
exit(0)
else:
self.urlList = [options.url]
if not options.extensions and not options.defaultExtensions:
print('No extension specified. You must specify at least one extension or try using default extension list.')
exit(0)
if not options.extensions and options.defaultExtensions:
options.extensions = self.defaultExtensions
# Enable to use multiple dictionaries at once
for dictFile in options.wordlist.split(','):
with File(dictFile) as wordlist:
if not wordlist.exists():
print('The wordlist file does not exist')
exit(1)
if not wordlist.isValid():
print('The wordlist is invalid')
exit(1)
if not wordlist.canRead():
print('The wordlist cannot be read')
exit(1)
if options.httpProxy is not None:
if options.httpProxy.startswith('http://'):
self.proxy = options.httpProxy
else:
self.proxy = 'http://{0}'.format(options.httpProxy)
else:
self.proxy = None
if options.headers is not None:
try:
self.headers = dict((key.strip(), value.strip()) for (key, value) in (header.split(':', 1)
for header in options.headers))
except Exception as e:
print('Invalid headers')
exit(0)
else:
self.headers = {}
self.extensions = list(oset([extension.strip() for extension in options.extensions.split(',')]))
self.useragent = options.useragent
self.useRandomAgents = options.useRandomAgents
self.cookie = options.cookie
if options.threadsCount < 1:
print('Threads number must be a number greater than zero')
exit(1)
self.threadsCount = options.threadsCount
if options.excludeStatusCodes is not None:
try:
self.excludeStatusCodes = list(
oset([int(excludeStatusCode.strip()) if excludeStatusCode else None for excludeStatusCode in
options.excludeStatusCodes.split(',')]))
except ValueError:
self.excludeStatusCodes = []
else:
self.excludeStatusCodes = []
if options.excludeTexts is not None:
try:
self.excludeTexts = list(
oset([excludeTexts.strip() if excludeTexts else None for excludeTexts in
options.excludeTexts.split(',')]))
except ValueError:
self.excludeTexts = []
else:
self.excludeTexts = []
if options.excludesizes is not None:
try:
self.excludesizes = list(
oset([excludesizes.strip() if excludesizes else None for excludesizes in
options.excludesizes.split(',')]))
except ValueError:
self.excludesizes = []
else:
self.excludesizes = []
if options.excludeRegexps is not None:
try:
self.excludeRegexps = list(
oset([excludeRegexps.strip() if excludeRegexps else None for excludeRegexps in
options.excludeRegexps.split(',')]))
except ValueError:
self.excludeRegexps = []
else:
self.excludeRegexps = []
self.wordlist = list(oset([wordlist.strip() for wordlist in options.wordlist.split(',')]))
self.lowercase = options.lowercase
self.forceExtensions = options.forceExtensions
self.simpleOutputFile = options.simpleOutputFile
self.plainTextOutputFile = options.plainTextOutputFile
self.jsonOutputFile = options.jsonOutputFile
self.delay = options.delay
self.timeout = options.timeout
self.ip = options.ip
self.maxRetries = options.maxRetries
self.recursive = options.recursive
self.suppressEmpty = options.suppressEmpty
if options.scanSubdirs is not None:
self.scanSubdirs = list(oset([subdir.strip() for subdir in options.scanSubdirs.split(',')]))
for i in range(len(self.scanSubdirs)):
while self.scanSubdirs[i].startswith("/"):
self.scanSubdirs[i] = self.scanSubdirs[i][1:]
while self.scanSubdirs[i].endswith("/"):
self.scanSubdirs[i] = self.scanSubdirs[i][:-1]
self.scanSubdirs = list(oset([subdir + "/" for subdir in self.scanSubdirs]))
else:
self.scanSubdirs = None
if not self.recursive and options.excludeSubdirs is not None:
print('--exclude-subdir argument can only be used with -r|--recursive')
exit(1)
elif options.excludeSubdirs is not None:
self.excludeSubdirs = list(oset([subdir.strip() for subdir in options.excludeSubdirs.split(',')]))
for i in range(len(self.excludeSubdirs)):
while self.excludeSubdirs[i].startswith("/"):
self.excludeSubdirs[i] = self.excludeSubdirs[i][1:]
while self.excludeSubdirs[i].endswith("/"):
self.excludeSubdirs[i] = self.excludeSubdirs[i][:-1]
self.excludeSubdirs = list(oset(self.excludeSubdirs))
else:
self.excludeSubdirs = None
self.redirect = options.noFollowRedirects
self.requestByHostname = options.requestByHostname
self.httpmethod = options.httpmethod
self.recursive_level_max = options.recursive_level_max
def parseConfig(self):
config = DefaultConfigParser()
configPath = FileUtils.buildPath(self.script_path, "default.conf")
config.read(configPath)
# General
self.threadsCount = config.safe_getint("general", "threads", 10, list(range(1, 50)))
self.excludeStatusCodes = config.safe_get("general", "exclude-status", None)
self.redirect = config.safe_getboolean("general", "follow-redirects", False)
self.recursive = config.safe_getboolean("general", "recursive", False)
self.recursive_level_max = config.safe_getint("general", "recursive-level-max", 1)
self.suppressEmpty = config.safe_getboolean("general", "suppress-empty", False)
self.testFailPath = config.safe_get("general", "scanner-fail-path", "").strip()
self.saveHome = config.safe_getboolean("general", "save-logs-home", False)
self.defaultExtensions = config.safe_get("general", "default-extensions", "php,asp,aspx,jsp,js,html,do,action")
# Reports
self.autoSave = config.safe_getboolean("reports", "autosave-report", False)
self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"])
# Dictionary
self.wordlist = config.safe_get("dictionary", "wordlist",
FileUtils.buildPath(self.script_path, "db", "dicc.txt"))
self.lowercase = config.safe_getboolean("dictionary", "lowercase", False)
self.forceExtensions = config.safe_get("dictionary", "force-extensions", False)
# Connection
self.useRandomAgents = config.safe_get("connection", "random-user-agents", False)
self.useragent = config.safe_get("connection", "user-agent", None)
self.delay = config.safe_get("connection", "delay", 0)
self.timeout = config.safe_getint("connection", "timeout", 30)
self.maxRetries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
self.httpmethod = config.safe_get("connection", "httpmethod", "get", ["get", "head", "post"])
self.requestByHostname = config.safe_get("connection", "request-by-hostname", False)
def parseArguments(self):
usage = 'Usage: %prog [-u|--url] target [-e|--extensions] extensions [options]'
parser = OptionParser(usage)
# Mandatory arguments
mandatory = OptionGroup(parser, 'Mandatory')
mandatory.add_option('-u', '--url', help='URL target', action='store', type='string', dest='url', default=None)
mandatory.add_option('-L', '--url-list', help='URL list target', action='store', type='string', dest='urlList',
default=None)
mandatory.add_option('-e', '--extensions', help='Extension list separated by comma (Example: php,asp)',
action='store', dest='extensions', default=None)
mandatory.add_option('-E', '--extensions-list', help='Use predefined list of common extensions',
action='store_true', dest='defaultExtensions', default=False)
connection = OptionGroup(parser, 'Connection Settings')
connection.add_option('--timeout', action='store', dest='timeout', type='int',
default=self.timeout,
help='Connection timeout')
connection.add_option('--ip', action='store', dest='ip', default=None,
help='Resolve name to IP address')
connection.add_option('--proxy', '--http-proxy', action='store', dest='httpProxy', type='string',
default=self.proxy, help='Http Proxy (example: localhost:8080')
connection.add_option('--http-method', action='store', dest='httpmethod', type='string',
default=self.httpmethod, help='Method to use, default: GET, possible also: HEAD;POST')
connection.add_option('--max-retries', action='store', dest='maxRetries', type='int',
default=self.maxRetries)
connection.add_option('-b', '--request-by-hostname',
help='By default dirsearch will request by IP for speed. This forces requests by hostname',
action='store_true', dest='requestByHostname', default=self.requestByHostname)
# Dictionary settings
dictionary = OptionGroup(parser, 'Dictionary Settings')
dictionary.add_option('-w', '--wordlist', action='store', dest='wordlist',
help='Customize wordlist (separated by comma)',
default=self.wordlist)
dictionary.add_option('-l', '--lowercase', action='store_true', dest='lowercase', default=self.lowercase)
dictionary.add_option('-f', '--force-extensions',
help='Force extensions for every wordlist entry (like in DirBuster)',
action='store_true', dest='forceExtensions', default=self.forceExtensions)
# Optional Settings
general = OptionGroup(parser, 'General Settings')
general.add_option('-s', '--delay', help='Delay between requests (float number)', action='store', dest='delay',
type='float', default=self.delay)
general.add_option('-r', '--recursive', help='Bruteforce recursively', action='store_true', dest='recursive',
default=self.recursive)
general.add_option('-R', '--recursive-level-max',
help='Max recursion level (subdirs) (Default: 1 [only rootdir + 1 dir])', action='store', type="int",
dest='recursive_level_max',
default=self.recursive_level_max)
general.add_option('--suppress-empty', "--suppress-empty", action="store_true", dest='suppressEmpty')
general.add_option('--scan-subdir', '--scan-subdirs',
help='Scan subdirectories of the given -u|--url (separated by comma)', action='store',
dest='scanSubdirs',
default=None)
general.add_option('--exclude-subdir', '--exclude-subdirs',
help='Exclude the following subdirectories during recursive scan (separated by comma)',
action='store', dest='excludeSubdirs',
default=None)
general.add_option('-t', '--threads', help='Number of Threads', action='store', type='int', dest='threadsCount'
, default=self.threadsCount)
general.add_option('-x', '--exclude-status', help='Exclude status code, separated by comma (example: 301, 500)'
, action='store', dest='excludeStatusCodes', default=self.excludeStatusCodes)
general.add_option('--exclude-texts', help='Exclude responses by texts, separated by comma (example: "Not found", "Error")'
, action='store', dest='excludeTexts', default=None)
general.add_option('--exsize',help='Exclude responses by sizes, separated by comma (example: 1024B,1024KB)'
, action='store', dest='excludesizes', default=None)
general.add_option('--exclude-regexps', help='Exclude responses by regexps, separated by comma (example: "Not foun[a-z]{1}", "^Error$")'
, action='store', dest='excludeRegexps', default=None)
general.add_option('-c', '--cookie', action='store', type='string', dest='cookie', default=None)
general.add_option('--ua', '--user-agent', action='store', type='string', dest='useragent',
default=self.useragent)
general.add_option('-F', '--follow-redirects', action='store_true', dest='noFollowRedirects'
, default=self.redirect)
general.add_option('-H', '--header',
help='Headers to add (example: --header "Referer: example.com" --header "User-Agent: IE"',
action='append', type='string', dest='headers', default=None)
general.add_option('--random-agents', '--random-user-agents', action="store_true", dest='useRandomAgents')
reports = OptionGroup(parser, 'Reports')
reports.add_option('--simple-report', action='store', help="Only found paths",
dest='simpleOutputFile', default=None)
reports.add_option('--plain-text-report', action='store',
help="Found paths with status codes", dest='plainTextOutputFile', default=None)
reports.add_option('--json-report', action='store', dest='jsonOutputFile', default=None)
parser.add_option_group(mandatory)
parser.add_option_group(dictionary)
parser.add_option_group(general)
parser.add_option_group(connection)
parser.add_option_group(reports)
options, arguments = parser.parse_args()
return options
Controller.py
# -*- coding: utf-8 -*-
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
# Author: Mauro Soria
import gc
import os
import sys
import time
import re
import urllib.parse
from threading import Lock
from queue import Queue
from lib.connection import Requester, RequestException
from lib.core import Dictionary, Fuzzer, ReportManager
from lib.reports import JSONReport, PlainTextReport, SimpleReport
from lib.utils import FileUtils
class SkipTargetInterrupt(Exception):
pass
MAYOR_VERSION = 0
MINOR_VERSION = 3
REVISION = 9
VERSION = {
"MAYOR_VERSION": MAYOR_VERSION,
"MINOR_VERSION": MINOR_VERSION,
"REVISION": REVISION
}
class Controller(object):
def __init__(self, script_path, arguments, output):
global VERSION
program_banner = open(FileUtils.buildPath(script_path, "lib", "controller", "banner.txt")).read().format(
**VERSION)
self.script_path = script_path
self.exit = False
self.arguments = arguments
self.output = output
self.savePath = self.script_path
self.doneDirs = []
self.recursive_level_max = self.arguments.recursive_level_max
if self.arguments.httpmethod.lower() not in ["get", "head", "post"]:
self.output.error("Inavlid http method!")
exit(1)
self.httpmethod = self.arguments.httpmethod.lower()
if self.arguments.saveHome:
savePath = self.getSavePath()
if not FileUtils.exists(savePath):
FileUtils.createDirectory(savePath)
if FileUtils.exists(savePath) and not FileUtils.isDir(savePath):
self.output.error('Cannot use {} because is a file. Should be a directory'.format(savePath))
exit(1)
if not FileUtils.canWrite(savePath):
self.output.error('Directory {} is not writable'.format(savePath))
exit(1)
logs = FileUtils.buildPath(savePath, "logs")
if not FileUtils.exists(logs):
FileUtils.createDirectory(logs)
reports = FileUtils.buildPath(savePath, "reports")
if not FileUtils.exists(reports):
FileUtils.createDirectory(reports)
self.savePath = savePath
self.reportsPath = FileUtils.buildPath(self.savePath, "logs")
self.blacklists = self.getBlacklists()
self.fuzzer = None
self.excludeStatusCodes = self.arguments.excludeStatusCodes
self.excludeTexts = self.arguments.excludeTexts
self.excludesizes= self.arguments.excludesizes
self.excludeRegexps = self.arguments.excludeRegexps
self.recursive = self.arguments.recursive
self.suppressEmpty = self.arguments.suppressEmpty
self.directories = Queue()
self.excludeSubdirs = (arguments.excludeSubdirs if arguments.excludeSubdirs is not None else [])
self.output.header(program_banner)
self.dictionary = Dictionary(self.arguments.wordlist, self.arguments.extensions,
self.arguments.lowercase, self.arguments.forceExtensions)
self.printConfig()
self.errorLog = None
self.errorLogPath = None
self.errorLogLock = Lock()
self.batch = False
self.batchSession = None
self.setupErrorLogs()
self.output.newLine("\nError Log: {0}".format(self.errorLogPath))
if self.arguments.autoSave and len(self.arguments.urlList) > 1:
self.setupBatchReports()
self.output.newLine("\nAutoSave path: {0}".format(self.batchDirectoryPath))
if self.arguments.useRandomAgents:
self.randomAgents = FileUtils.getLines(FileUtils.buildPath(script_path, "db", "user-agents.txt"))
try:
for url in self.arguments.urlList:
try:
gc.collect()
self.reportManager = ReportManager()
self.currentUrl = url
self.output.target(self.currentUrl)
try:
self.requester = Requester(url, cookie=self.arguments.cookie,
useragent=self.arguments.useragent,
maxPool=self.arguments.threadsCount,
maxRetries=self.arguments.maxRetries, delay=self.arguments.delay,
timeout=self.arguments.timeout,
ip=self.arguments.ip, proxy=self.arguments.proxy,
redirect=self.arguments.redirect,
requestByHostname=self.arguments.requestByHostname,
httpmethod=self.httpmethod)
self.requester.request("/")
except RequestException as e:
self.output.error(e.args[0]['message'])
raise SkipTargetInterrupt
if self.arguments.useRandomAgents:
self.requester.setRandomAgents(self.randomAgents)
for key, value in arguments.headers.items():
self.requester.setHeader(key, value)
# Initialize directories Queue with start Path
self.basePath = self.requester.basePath
if self.arguments.scanSubdirs is not None:
for subdir in self.arguments.scanSubdirs:
self.directories.put(subdir)
else:
self.directories.put('')
self.setupReports(self.requester)
matchCallbacks = [self.matchCallback]
notFoundCallbacks = [self.notFoundCallback]
errorCallbacks = [self.errorCallback, self.appendErrorLog]
self.fuzzer = Fuzzer(self.requester, self.dictionary, testFailPath=self.arguments.testFailPath,
threads=self.arguments.threadsCount, matchCallbacks=matchCallbacks,
notFoundCallbacks=notFoundCallbacks, errorCallbacks=errorCallbacks)
try:
self.wait()
except RequestException as e:
self.output.error("Fatal error during site scanning: " + e.args[0]['message'])
raise SkipTargetInterrupt
except SkipTargetInterrupt:
continue
finally:
self.reportManager.save()
except KeyboardInterrupt:
self.output.error('\nCanceled by the user')
exit(0)
finally:
if not self.errorLog.closed:
self.errorLog.close()
self.reportManager.close()
self.output.warning('\nTask Completed')
def printConfig(self):
self.output.config(
', '.join(self.arguments.extensions),
str(self.arguments.threadsCount),
str(len(self.dictionary)),
str(self.httpmethod),
self.recursive,
str(self.recursive_level_max)
)
def getSavePath(self):
basePath = None
dirPath = None
basePath = os.path.expanduser('~')
if os.name == 'nt':
dirPath = "dirsearch"
else:
dirPath = ".dirsearch"
return FileUtils.buildPath(basePath, dirPath)
def getBlacklists(self):
blacklists = {}
for status in [400, 403, 500]:
blacklistFileName = FileUtils.buildPath(self.script_path, 'db')
blacklistFileName = FileUtils.buildPath(blacklistFileName, '{}_blacklist.txt'.format(status))
if not FileUtils.canRead(blacklistFileName):
# Skip if cannot read file
continue
blacklists[status] = []
for line in FileUtils.getLines(blacklistFileName):
# Skip comments
if line.lstrip().startswith('#'):
continue
blacklists[status].append(line)
return blacklists
def setupErrorLogs(self):
fileName = "errors-{0}.log".format(time.strftime('%y-%m-%d_%H-%M-%S'))
self.errorLogPath = FileUtils.buildPath(FileUtils.buildPath(self.savePath, "logs", fileName))
self.errorLog = open(self.errorLogPath, "w")
def setupBatchReports(self):
self.batch = True
self.batchSession = "BATCH-{0}".format(time.strftime('%y-%m-%d_%H-%M-%S'))
self.batchDirectoryPath = FileUtils.buildPath(self.savePath, "reports", self.batchSession)
if not FileUtils.exists(self.batchDirectoryPath):
FileUtils.createDirectory(self.batchDirectoryPath)
if not FileUtils.exists(self.batchDirectoryPath):
self.output.error("Couldn't create batch folder {}".format(self.batchDirectoryPath))
sys.exit(1)
if FileUtils.canWrite(self.batchDirectoryPath):
FileUtils.createDirectory(self.batchDirectoryPath)
targetsFile = FileUtils.buildPath(self.batchDirectoryPath, "TARGETS.txt")
FileUtils.writeLines(targetsFile, self.arguments.urlList)
else:
self.output.error("Couldn't create batch folder {}.".format(self.batchDirectoryPath))
sys.exit(1)
def setupReports(self, requester):
if self.arguments.autoSave:
basePath = ('/' if requester.basePath == '' else requester.basePath)
basePath = basePath.replace(os.path.sep, '.')[1:-1]
fileName = None
directoryPath = None
if self.batch:
fileName = requester.host
directoryPath = self.batchDirectoryPath
else:
fileName = ('{}_'.format(basePath) if basePath != '' else '')
fileName += time.strftime('%y-%m-%d_%H-%M-%S')
directoryPath = FileUtils.buildPath(self.savePath, 'reports', requester.host)
outputFile = FileUtils.buildPath(directoryPath, fileName)
if FileUtils.exists(outputFile):
i = 2
while FileUtils.exists(outputFile + "_" + str(i)):
i += 1
outputFile += "_" + str(i)
if not FileUtils.exists(directoryPath):
FileUtils.createDirectory(directoryPath)
if not FileUtils.exists(directoryPath):
self.output.error("Couldn't create reports folder {}".format(directoryPath))
sys.exit(1)
if FileUtils.canWrite(directoryPath):
report = None
if self.arguments.autoSaveFormat == 'simple':
report = SimpleReport(requester.host, requester.port, requester.protocol, requester.basePath,
outputFile, self.batch)
if self.arguments.autoSaveFormat == 'json':
report = JSONReport(requester.host, requester.port, requester.protocol, requester.basePath,
outputFile, self.batch)
else:
report = PlainTextReport(requester.host, requester.port, requester.protocol, requester.basePath,
outputFile, self.batch)
self.reportManager.addOutput(report)
else:
self.output.error("Can't write reports to {}".format(directoryPath))
sys.exit(1)
if self.arguments.simpleOutputFile is not None:
self.reportManager.addOutput(SimpleReport(requester.host, requester.port, requester.protocol,
requester.basePath, self.arguments.simpleOutputFile, self.batch))
if self.arguments.plainTextOutputFile is not None:
self.reportManager.addOutput(PlainTextReport(requester.host, requester.port, requester.protocol,
requester.basePath, self.arguments.plainTextOutputFile, self.batch))
if self.arguments.jsonOutputFile is not None:
self.reportManager.addOutput(JSONReport(requester.host, requester.port, requester.protocol,
requester.basePath, self.arguments.jsonOutputFile, self.batch))
def matchCallback(self, path):
self.index += 1
def sizeHuman(num):
base = 1024
for x in ['B ', 'KB', 'MB', 'GB']:
if num < base and num > -base:
return "%3.0f%s" % (num, x)
num /= base
return "%3.0f %s" % (num, 'TB')
if path.status is not None:
if path.status not in self.excludeStatusCodes and (
self.blacklists.get(path.status) is None or path.path not in self.blacklists.get(
path.status)) and not (
self.suppressEmpty and (len(path.response.body) == 0)):
for excludeText in self.excludeTexts:
if excludeText in path.response.body.decode():
del path
return
for excludesize in self.excludesizes:
if excludesize in sizeHuman(len(path.response.body)):
del path
return
for excludeRegexp in self.excludeRegexps:
if re.search(excludeRegexp, path.response.body.decode()) is not None:
del path
return
self.output.statusReport(path.path, path.response)
if path.response.redirect:
self.addRedirectDirectory(path)
else:
self.addDirectory(path.path)
self.reportManager.addPath(self.currentDirectory + path.path, path.status, path.response)
self.reportManager.save()
del path
def notFoundCallback(self, path):
self.index += 1
self.output.lastPath(path, self.index, len(self.dictionary))
del path
def errorCallback(self, path, errorMsg):
self.output.addConnectionError()
del path
def appendErrorLog(self, path, errorMsg):
with self.errorLogLock:
line = time.strftime('[%y-%m-%d %H:%M:%S] - ')
line += self.currentUrl + " - " + path + " - " + errorMsg
self.errorLog.write(os.linesep + line)
self.errorLog.flush()
def handleInterrupt(self):
self.output.warning('CTRL+C detected: Pausing threads, please wait...')
self.fuzzer.pause()
try:
while True:
msg = "[e]xit / [c]ontinue"
if not self.directories.empty():
msg += " / [n]ext"
if len(self.arguments.urlList) > 1:
msg += " / [s]kip target"
self.output.inLine(msg + ': ')
option = input()
if option.lower() == 'e':
self.exit = True
self.fuzzer.stop()
raise KeyboardInterrupt
elif option.lower() == 'c':
self.fuzzer.play()
return
elif not self.directories.empty() and option.lower() == 'n':
self.fuzzer.stop()
return
elif len(self.arguments.urlList) > 1 and option.lower() == 's':
raise SkipTargetInterrupt
else:
continue
except KeyboardInterrupt as SystemExit:
self.exit = True
raise KeyboardInterrupt
def processPaths(self):
while True:
try:
while not self.fuzzer.wait(0.3):
continue
break
except (KeyboardInterrupt, SystemExit) as e:
self.handleInterrupt()
def wait(self):
while not self.directories.empty():
self.index = 0
self.currentDirectory = self.directories.get()
self.output.warning('[{1}] Starting: {0}'.format(self.currentDirectory, time.strftime('%H:%M:%S')))
self.fuzzer.requester.basePath = self.basePath + self.currentDirectory
self.output.basePath = self.basePath + self.currentDirectory
self.fuzzer.start()
self.processPaths()
return
def addDirectory(self, path):
if not self.recursive:
return False
if path.endswith('/'):
if path in [directory + '/' for directory in self.excludeSubdirs]:
return False
dir = self.currentDirectory + path
if dir in self.doneDirs:
return False
if dir.count("/") > self.recursive_level_max:
return False
self.directories.put(dir)
self.doneDirs.append(dir)
return True
else:
return False
def addRedirectDirectory(self, path):
"""Resolve the redirect header relative to the current URL and add the
path to self.directories if it is a subdirectory of the current URL."""
if not self.recursive:
return False
baseUrl = self.currentUrl.rstrip("/") + "/" + self.currentDirectory
absoluteUrl = urllib.parse.urljoin(baseUrl, path.response.redirect)
if absoluteUrl.startswith(baseUrl) and absoluteUrl != baseUrl and absoluteUrl.endswith("/"):
dir = absoluteUrl[len(baseUrl):]
if dir in self.doneDirs:
return False
if dir.count("/") > self.recursive_level_max:
return False
self.directories.put(dir)
self.doneDirs.append(dir)
return True
return False
618
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
