2.1.0 build
This commit is contained in:
Somdev Sangwan
@@ -1,35 +1,26 @@
|
||||
import re
|
||||
|
||||
from core.utils import extract_js
|
||||
from arjun.core.utils import extract_js
|
||||
|
||||
def is_not_junk(string):
|
||||
return re.match(r'^[A-Za-z0-9_]+$', string)
|
||||
|
||||
def heuristic(response, paramList):
|
||||
def insert_words(words, wordlist, found):
|
||||
if words:
|
||||
for var in words:
|
||||
if var not in found and is_not_junk(var):
|
||||
found.append(var)
|
||||
if var in wordlist:
|
||||
wordlist.remove(var)
|
||||
wordlist.insert(0, var)
|
||||
|
||||
def heuristic(response, wordlist):
|
||||
found = []
|
||||
inputs = re.findall(r'(?i)<input.+?name=["\']?([^"\'\s>]+)', response)
|
||||
if inputs:
|
||||
for inpName in inputs:
|
||||
if inpName not in found and is_not_junk(inpName):
|
||||
if inpName in paramList:
|
||||
paramList.remove(inpName)
|
||||
found.append(inpName)
|
||||
paramList.insert(0, inpName)
|
||||
insert_words(inputs, wordlist, found)
|
||||
for script in extract_js(response):
|
||||
emptyJSvars = re.findall(r'([^\s!=<>]+)\s*=\s*[\'"`][\'"`]', script)
|
||||
if emptyJSvars:
|
||||
for var in emptyJSvars:
|
||||
if var not in found and is_not_junk(var):
|
||||
found.append(var)
|
||||
if var in paramList:
|
||||
paramList.remove(var)
|
||||
paramList.insert(0, var)
|
||||
arrayJSnames = re.findall(r'([^\'"]+)[\'"]:\s?[\'"]', script)
|
||||
if arrayJSnames:
|
||||
for var in arrayJSnames:
|
||||
if var not in found and is_not_junk(var):
|
||||
found.append(var)
|
||||
if var in paramList:
|
||||
paramList.remove(var)
|
||||
paramList.insert(0, var)
|
||||
empty_vars = re.findall(r'([^\s!=<>]+)\s*=\s*[\'"`][\'"`]', script)
|
||||
insert_words(empty_vars, wordlist, found)
|
||||
map_keys = re.findall(r'([^\'"]+)[\'"]:\s?[\'"]', script)
|
||||
insert_words(map_keys, wordlist, found)
|
||||
return found
|
||||
|
||||
Reference in New Issue
Block a user