Skip to content

Commit

Permalink
Minor code refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
@stasinopoulos
stasinopoulos committed Apr 23, 2024
1 parent d55ab3a commit c9c0306
Show file tree
Hide file tree
Showing 16 changed files with 53 additions and 53 deletions.
2 changes: 1 addition & 1 deletion src/core/injections/blind/techniques/time_based/tb_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,7 @@ def tb_injection_handler(url, timesec, filename, http_request_method, url_time_r
header_name = ""
the_type = " parameter"
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
Expand Down
8 changes: 4 additions & 4 deletions src/core/injections/blind/techniques/time_based/tb_injector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ def examine_requests(payload, vuln_parameter, http_request_method, url, timesec,
start = time.time()

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
# Encoding non-ASCII characters payload.
# payload = _urllib.parse.quote(payload)
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down Expand Up @@ -96,14 +96,14 @@ def injection_test(payload, http_request_method, url):
start = time.time()

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
# Encoding non-ASCII characters payload.
# payload = _urllib.parse.quote(payload)

# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down
14 changes: 7 additions & 7 deletions src/core/injections/blind/techniques/time_based/tb_payloads.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ def decision_alter_shell(separator, TAG, output_length, timesec, http_request_me
"[ " + str(output_length) + " -eq ${str1} ] " + separator +
"$(" + settings.LINUX_PYTHON_INTERPRETER + " -c \"import time\ntime.sleep(" + str(timesec) + ")\") "
)
#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down Expand Up @@ -202,7 +202,7 @@ def cmd_execution(separator, cmd, output_length, timesec, http_request_method):
"[ " + str(output_length) + " -eq $str1 ]" + separator +
"sleep " + str(timesec)
)
#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down Expand Up @@ -262,7 +262,7 @@ def cmd_execution_alter_shell(separator, cmd, output_length, timesec, http_reque
"[ " + str(output_length) + " -eq ${str1} ] " + separator +
"$(" + settings.LINUX_PYTHON_INTERPRETER + " -c \"import time\ntime.sleep(" + str(timesec) + ")\") "
)
#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down Expand Up @@ -339,7 +339,7 @@ def get_char(separator, cmd, num_of_chars, ascii_char, timesec, http_request_met
"[ " + str(ascii_char) + " -eq ${str} ] " + separator +
"sleep " + str(timesec)
)
#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down Expand Up @@ -400,7 +400,7 @@ def get_char_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, http
"[ " + str(ascii_char) + " -eq ${str} ] " + separator +
"$(" + settings.LINUX_PYTHON_INTERPRETER + " -c \"import time\ntime.sleep(" + str(timesec) + ")\")"
)
#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down Expand Up @@ -468,7 +468,7 @@ def fp_result(separator, cmd, num_of_chars, ascii_char, timesec, http_request_me
"sleep " + str(timesec)
)

#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down Expand Up @@ -524,7 +524,7 @@ def fp_result_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, htt
"[ " + str(ascii_char) + " -eq ${str} ] " + separator +
"$(" + settings.LINUX_PYTHON_INTERPRETER + " -c \"import time\ntime.sleep(" + str(timesec) + ")\")"
)
#if menu.options.data:

separator = _urllib.parse.unquote(separator)

elif separator == "||" :
Expand Down
2 changes: 1 addition & 1 deletion src/core/injections/controller/checks.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def check_waf(url, http_request_method):
else:
payload = settings.PARAMETER_DELIMITER + payload
url = url + payload
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(url, settings.USER_DEFINED_POST_DATA.encode(), method=http_request_method)
else:
request = _urllib.request.Request(url, method=http_request_method)
Expand Down
12 changes: 6 additions & 6 deletions src/core/injections/controller/controller.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,16 +96,16 @@ def command_injection_heuristic_basic(url, http_request_method, check_parameter,
payload = checks.perform_payload_modification(payload)
if settings.VERBOSITY_LEVEL >= 1:
print(settings.print_payload(payload))
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
data = settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC)
else:
data = None
cookie = None
tmp_url = url
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
cookie = menu.options.cookie.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
elif not settings.IGNORE_USER_DEFINED_POST_DATA and menu.options.data and settings.INJECT_TAG in menu.options.data:
data = menu.options.data.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
elif not settings.IGNORE_USER_DEFINED_POST_DATA and settings.USER_DEFINED_POST_DATA and settings.INJECT_TAG in settings.USER_DEFINED_POST_DATA:
data = settings.USER_DEFINED_POST_DATA.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
else:
if settings.INJECT_TAG in url:
tmp_url = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, _urllib.parse.quote(payload))
Expand Down Expand Up @@ -158,16 +158,16 @@ def code_injections_heuristic_basic(url, http_request_method, check_parameter, t
payload = checks.perform_payload_modification(payload)
if settings.VERBOSITY_LEVEL >= 1:
print(settings.print_payload(payload))
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
data = settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC)
else:
data = None
cookie = None
tmp_url = url
if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
cookie = menu.options.cookie.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
elif not settings.IGNORE_USER_DEFINED_POST_DATA and menu.options.data and settings.INJECT_TAG in menu.options.data:
data = menu.options.data.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
elif not settings.IGNORE_USER_DEFINED_POST_DATA and settings.USER_DEFINED_POST_DATA and settings.INJECT_TAG in settings.USER_DEFINED_POST_DATA:
data = settings.USER_DEFINED_POST_DATA.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload).encode(settings.DEFAULT_CODEC)
else:
if settings.INJECT_TAG in url:
tmp_url = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, _urllib.parse.quote(payload))
Expand Down
2 changes: 1 addition & 1 deletion src/core/injections/results_based/techniques/classic/cb_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ def cb_injection_handler(url, timesec, filename, http_request_method, injection_
header_name = ""
the_type = " parameter"
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
Expand Down
8 changes: 4 additions & 4 deletions src/core/injections/results_based/techniques/classic/cb_injector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@
def injection_test(payload, http_request_method, url):

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
if settings.SINGLE_WHITESPACE in payload:
payload = replace(settings.SINGLE_WHITESPACE, _urllib.parse.quote_plus(settings.SINGLE_WHITESPACE))
# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down Expand Up @@ -200,13 +200,13 @@ def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_reques

else:
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:

# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down
2 changes: 1 addition & 1 deletion src/core/injections/results_based/techniques/eval_based/eb_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ def eb_injection_handler(url, timesec, filename, http_request_method, injection_
else:
header_name = ""
the_type = " parameter"
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
Expand Down
8 changes: 4 additions & 4 deletions src/core/injections/results_based/techniques/eval_based/eb_injector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,14 @@
def injection_test(payload, http_request_method, url):

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)

# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down Expand Up @@ -188,13 +188,13 @@ def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_reques

else:
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)

target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down
2 changes: 1 addition & 1 deletion src/core/injections/semiblind/techniques/file_based/fb_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,7 +483,7 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r
header_name = ""
the_type = " parameter"
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
Expand Down
8 changes: 4 additions & 4 deletions src/core/injections/semiblind/techniques/file_based/fb_injector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
def injection_test(payload, http_request_method, url):

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:

# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)
Expand All @@ -55,7 +55,7 @@ def injection_test(payload, http_request_method, url):
vuln_parameter = parameters.vuln_GET_param(url)

target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down Expand Up @@ -192,13 +192,13 @@ def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, ht

else:
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
# Check if its not specified the 'INJECT_HERE' tag
#url = parameters.do_GET_check(url, http_request_method)
payload = payload.replace(settings.SINGLE_WHITESPACE,"%20")
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down
2 changes: 1 addition & 1 deletion src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -398,7 +398,7 @@ def tfb_injection_handler(url, timesec, filename, tmp_path, http_request_method,
header_name = ""
the_type = " parameter"
# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
found_vuln_parameter = parameters.vuln_GET_param(url)
else :
found_vuln_parameter = vuln_parameter
Expand Down
8 changes: 4 additions & 4 deletions src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,13 @@ def examine_requests(payload, vuln_parameter, http_request_method, url, timesec,
start = time.time()

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
# Encoding non-ASCII characters payload.
# payload = _urllib.parse.quote(payload)

target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
vuln_parameter = ''.join(vuln_parameter)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down Expand Up @@ -100,15 +100,15 @@ def injection_test(payload, http_request_method, url):
start = time.time()

# Check if defined POST data
if len(settings.USER_DEFINED_POST_DATA) == 0 or settings.IGNORE_USER_DEFINED_POST_DATA:
if not settings.USER_DEFINED_POST_DATA or settings.IGNORE_USER_DEFINED_POST_DATA:
payload = payload.replace("#","%23")
# Encoding non-ASCII characters payload.
# payload = _urllib.parse.quote(payload)

# Define the vulnerable parameter
vuln_parameter = parameters.vuln_GET_param(url)
target = url.replace(settings.TESTABLE_VALUE + settings.INJECT_TAG, settings.INJECT_TAG).replace(settings.INJECT_TAG, payload)
if len(settings.USER_DEFINED_POST_DATA) != 0:
if settings.USER_DEFINED_POST_DATA:
request = _urllib.request.Request(target, settings.USER_DEFINED_POST_DATA.encode(settings.DEFAULT_CODEC), method=http_request_method)
else:
request = _urllib.request.Request(target, method=http_request_method)
Expand Down
Loading

0 comments on commit c9c0306

Please sign in to comment.