From 74cad36c0579431bd969e535daf278b7fc4358bd Mon Sep 17 00:00:00 2001 From: t4d Date: Thu, 14 Mar 2019 22:40:36 +0100 Subject: [PATCH] Better zipfile verification, ignore other filetypes --- stalkphish/tools/download.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/stalkphish/tools/download.py b/stalkphish/tools/download.py index 661af6b..bd897a6 100644 --- a/stalkphish/tools/download.py +++ b/stalkphish/tools/download.py @@ -6,7 +6,8 @@ import requests from bs4 import BeautifulSoup import os -import re +import io +import zipfile import sys from urllib.parse import urlparse from tools.utils import TimestampNow @@ -24,7 +25,7 @@ def PKDownloadOpenDir(siteURL, siteDomain, IPaddress, TABLEname, InvTABLEname, D user_agent = {'User-agent': UA} now = str(TimestampNow().Timestamp()) SHA = SHA256() - Ziplst=[] + Ziplst = [] rhtml = requests.get(siteURL, headers=user_agent, proxies=proxies, allow_redirects=True, timeout=(5, 12), verify=False) thtml = BeautifulSoup(rhtml.text, 'html.parser') @@ -35,7 +36,7 @@ def PKDownloadOpenDir(siteURL, siteDomain, IPaddress, TABLEname, InvTABLEname, D try: r = requests.get(file, headers=user_agent, proxies=proxies, allow_redirects=True, timeout=(5, 12), verify=False) zzip = file.replace('/', '_').replace(':', '') - if "application/zip" in r.headers['content-type'] or "application/octet-stream" in r.headers['content-type']: + if zipfile.is_zipfile(io.BytesIO(r.content)): savefile = DLDir + zzip # Still collected file if os.path.exists(savefile): @@ -140,7 +141,7 @@ def TryPKDownload(siteURL, siteDomain, IPaddress, TABLEname, InvTABLEname, DLDir lastHTTPcode = str(rz.status_code) zzip = zip.replace('/', '_').replace(':', '') try: - if "application/zip" in rz.headers['content-type'] or "application/octet-stream" in rz.headers['content-type']: + if zipfile.is_zipfile(io.BytesIO(rz.content)): savefile = DLDir + zzip + '.zip' # Still collected file if os.path.exists(savefile):