-
Notifications
You must be signed in to change notification settings - Fork 2
/
Scanner.py
149 lines (140 loc) · 6.75 KB
/
Scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
from Injection import customModeInjection
# Class custom gửi request để scan
class scanner:
def __init__(self, mode, modeList, payloads, util, reqBody, defaultHeader, query, headerDict, injectAllHeader, excludedHeader):
self.mode = mode
self.modeList = modeList
self.payloads = payloads
self.util = util
self.reqBody = reqBody
self.defaultHeader = defaultHeader
self.query = query
self.headerDict = headerDict
self.injectAllHeader = injectAllHeader
self.excludedHeader = excludedHeader
self.modeInjection = customModeInjection(self.payloads, self.util)
if self.reqBody:
self.parsedBody, self.isJsonBody = self.util.parseBody(self.reqBody)
# Custom cho mỗi request được tiêm mỗi payload vào tất cả vị trí param trong request như header, body, url
def scanEveryWhere(self):
headerReqs = self.modeInjection.injectPayloadToAllHeader(self.defaultHeader)
queryReqs = self.modeInjection.injectPayloadToAllDictQuery(self.query)
if self.reqBody:
if self.isJsonBody:
bodyReqs = self.modeInjection.injectPayloadToAllJson(self.parsedBody)
else:
bodyReqs = self.modeInjection.injectPayloadToAllDictQuery(self.parsedBody)
stringBodyReqs = self.modeInjection.injectPayloadToAllStringQuery(self.parsedBody)
for body in stringBodyReqs:
reqData = dict()
reqData["header"] = self.headerDict
reqData["body"] = body
reqData["query"] = self.query
yield reqData
for (header, body, qry) in zip(headerReqs, bodyReqs, queryReqs):
reqData = dict()
reqData["header"] = header
reqData["body"] = body
reqData["query"] = qry
yield reqData
else:
for (header, qry) in zip(headerReqs, queryReqs):
reqData = dict()
reqData["header"] = header
reqData["body"] = self.reqBody
reqData["query"] = qry
yield reqData
# Custom để mỗi request chỉ có một param được chưa payload
def scanSequentially(self):
if self.injectAllHeader:
headerReqs = self.modeInjection.injectPayloadToAllHeader(self.defaultHeader)
for header in headerReqs:
reqData = dict()
reqData["header"] = header
reqData["body"] = self.reqBody
reqData["query"] = self.query
yield reqData
queryReqs = self.modeInjection.injectPayloadToDictQuerySequently(self.query)
for qry in queryReqs:
reqData = dict()
reqData["header"] = self.headerDict
reqData["body"] = self.reqBody
reqData["query"] = qry
yield reqData
if self.headerDict:
headerReqs = self.modeInjection.injectPayloadToHeaderSequently(self.headerDict, self.excludedHeader)
for header in headerReqs:
reqData = dict()
reqData["header"] = header
reqData["body"] = self.reqBody
reqData["query"] = self.query
yield reqData
if self.reqBody:
if self.isJsonBody:
bodyReqs = self.modeInjection.injectPayloadToJsonSequently(self.parsedBody)
for body in bodyReqs:
reqData = dict()
reqData["header"] = self.headerDict
reqData["body"] = body
reqData["query"] = self.query
yield reqData
else:
bodyReqs = self.modeInjection.injectPayloadToDictQuerySequently(self.parsedBody)
stringBodyReqs = self.modeInjection.injectPayloadToStringQuerySequently(self.parsedBody)
for body in bodyReqs:
reqData = dict()
reqData["header"] = self.headerDict
reqData["body"] = body
reqData["query"] = self.query
yield reqData
for body in stringBodyReqs:
reqData = dict()
reqData["header"] = self.headerDict
reqData["body"] = body
reqData["query"] = self.query
yield reqData
# Custom để mỗi request có các vị trí chứa keyword %FUZZ sẽ được replace thành payload
def scanAsIndicated(self):
headerReqs = self.modeInjection.injectPayloadToSpecificHeader(self.headerDict)
queryReqs = self.modeInjection.injectPayloadToSpecificDictQuery(self.query)
if self.reqBody:
if self.isJsonBody:
bodyReqs = self.modeInjection.injectPayloadToSpecificJson(self.parsedBody)
for (header, body, qry) in zip(headerReqs, bodyReqs, queryReqs):
reqData = dict()
reqData["header"] = header
reqData["body"] = body
reqData["query"] = qry
yield reqData
else:
bodyReqs = self.modeInjection.injectPayloadToSpecificDictQuery(self.parsedBody)
stringBodyReqs = self.modeInjection.injectPayloadToSpecificStringQuery(self.parsedBody)
for (header, body, qry, stringBody) in zip(headerReqs, bodyReqs, queryReqs, stringBodyReqs):
reqData = dict()
reqData["header"] = header
reqData["body"] = body
reqData["query"] = qry
if self.isJsonBody:
print("|"*50)
print(reqData)
yield reqData
reqData["body"] = stringBody
yield reqData
else:
for (header, qry) in zip(headerReqs, queryReqs):
reqData = dict()
reqData["header"] = header
reqData["body"] = self.reqBody
reqData["query"] = qry
yield reqData
# Set các mode dùng cho scanLog4j
def scanLog4j(self):
if self.modeList[self.mode] == "injectAll":
return self.scanEveryWhere()
elif self.modeList[self.mode] == "injectAllSequently":
return self.scanSequentially()
elif self.modeList[self.mode] == "injectToSpecificParams":
return self.scanAsIndicated()
# Set mode tiêm cho vector bruteforce đường dẫn theo dictionary
def bruteDirWithDict(self):
pass