Merge pull request #11 from s0md3v/1.2

1.2-beta
s0md3v · Mar 2, 2019 · 4425a49 · 4425a49
2 parents 16b8a79 + 0a99552
commit 4425a49
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -18,13 +18,15 @@
   </a>
 </p>
 
-![demo](https://image.ibb.co/gDETnq/Screenshot-2018-11-10-04-55-31.png)
+![demo](https://i.ibb.co/dQV36LG/Screenshot-2019-03-02-07-48-14.png)
 
 ### Features
 - Multi-threading
 - 3 modes of detection
+- < 30 seconds of runtime
 - Regex powered heuristic scanning
 - Huge list of 3370 parameter names
+- Makes just 10-15 requests to the target
 
 ### Usage
 

diff --git a/arjun.py b/arjun.py
@@ -9,12 +9,12 @@
 
 from core.prompt import prompt
 from core.requester import requester
-from core.utils import e, d, stabilize, flattenParams, randomString
 from core.colors import red, green, white, end, info, bad, good, run
+from core.utils import e, d, stabilize, flattenParams, randomString, slicer, joiner, unityExtracter
 
 print ('''%s    _         
    /_| _ '    
-  (  |/ /(//) %sv1.0%s
+  (  |/ /(//) %sv1.2-beta%s
       _/      %s''' % (green, white, green, end))
 
 
@@ -102,6 +102,7 @@ def heuristic(response, paramList):
 reflections = response.text.count(originalFuzz[::-1])
 print ('%s Reflections: %s%i%s' % (info, green, reflections, end))
 
+originalHTML = response.text
 originalResponse = response.text.replace(originalFuzz + '=' + originalFuzz[::-1], '')
 originalCode = response.status_code
 print ('%s Response Code: %s%i%s' % (info, green, originalCode, end))
@@ -118,6 +119,15 @@ def heuristic(response, paramList):
 multiplier = int((len(responseMulti.text.replace(fuzz + '=' + fuzz[::-1], '')) - len(response.text.replace(originalFuzz + '=' + originalFuzz[::-1], ''))) / 2)
 print ('%s Content Length Multiplier: %s%i%s' % (info, green, multiplier, end))
 
+def quickBruter(params, originalResponse, originalCode, delay, headers, url, GET): 
+    newResponse = requester(url, joiner(params), headers, GET, delay)
+    if newResponse.status_code != originalCode:
+        return params
+    elif originalResponse and originalResponse != newResponse.text:
+        return params
+    else:
+        return False
+
 def bruter(param, originalResponse, originalCode, multiplier, reflections, delay, headers, url, GET): 
     fuzz = randomString(6)
     data = {param : fuzz}
@@ -133,9 +143,37 @@ def bruter(param, originalResponse, originalCode, multiplier, reflections, delay
         print ('%s Found a valid parameter: %s%s%s' % (good, green, param, end))
         print ('%s Reason: Different content length' % info)
 
+if firstResponse.text != originalHTML:
+    originalHTML = False
+
+print ('%s Performing heuristic level checks' % run)
+
+def narrower(oldParamList):
+    newParamList = []
+    potenialParameters = 0
+    threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
+    futures = (threadpool.submit(quickBruter, part, originalHTML, originalCode, delay, headers, url, GET) for part in oldParamList)
+    for i, result in enumerate(concurrent.futures.as_completed(futures)):
+        if result.result():
+            potenialParameters += 1
+            newParamList.extend(slicer(result.result()))
+        print('%s Processing: %i/%-6i' % (info, i + 1, len(oldParamList)), end='\r')
+    return newParamList
+
+toBeChecked = slicer(paramList, 10)
+foundParams = []
+while True:
+    toBeChecked = narrower(toBeChecked)
+    toBeChecked = unityExtracter(toBeChecked, foundParams)
+    if not toBeChecked:
+        break
+
+if foundParams:
+    print ('%s Heuristic found %i potenial parameters.' % (info, len(foundParams)))
+    paramList = foundParams
+
 threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
 futures = (threadpool.submit(bruter, param, originalResponse, originalCode, multiplier, reflections, delay, headers, url, GET) for param in paramList)
 for i, _ in enumerate(concurrent.futures.as_completed(futures)):
-    if i + 1 == len(paramList) or (i + 1) % threadCount == 0:
-        print('%s Progress: %i/%i' % (info, i + 1, len(paramList)), end='\r')
+    print('%s Progress: %i/%i' % (info, i + 1, len(paramList)), end='\r')
 print('\n%s Scan Completed' % info)
diff --git a/core/utils.py b/core/utils.py
@@ -1,8 +1,28 @@
+import re
 import string
 import random
 import requests
 from core.colors import bad
 
+def unityExtracter(arrayOfArrays, usable):
+    remainingArray = []
+    for array in arrayOfArrays:
+        if len(array) == 1:
+            usable.append(array[0])
+        else:
+            remainingArray.append(array)
+    return remainingArray
+
+def slicer(array, n=2):
+    k, m = divmod(len(array), n)
+    return list(array[i * k + min(i, m):(i + 1) * k + min(i + 1, m)] for i in range(n))
+
+def joiner(array):
+    params = {}
+    for element in array:
+        params[element] = randomString(6)
+    return params
+
 def stabilize(url):
     if 'http' not in url:
         try:
@@ -21,6 +41,20 @@ def stabilize(url):
             quit()
     return url
 
+def removeTags(html):
+    return re.sub(r'(?s)<.*?>', '', html)
+
+def lineComparer(response1, response2):
+    response1 = response1.split('\n')
+    response2 = response2.split('\n')
+    num = 0
+    dynamicLines = []
+    for line1, line2 in zip(response1, response2):
+        if line1 != line2:
+            dynamicLines.append(num)
+        num += 1
+    return dynamicLines
+
 def randomString(length):
    return ''.join(random.choice(string.ascii_lowercase) for i in range(length))