s0md3v/Arjun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed redirection bug

Browse Source
This commit is contained in:
s0md3v
2022-04-09 21:35:06 +05:30
parent 0f5be57c3f
commit cd82a222aa
3 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
arjun/__init__.py
View File

@@ -1 +1 @@
__version__ = '2.1.4' __version__ = '2.1.5'

2
arjun/__main__.py
View File

@@ -35,7 +35,7 @@ parser.add_argument('--headers', help='Add headers. Separate multiple headers wi
parser.add_argument('--passive', help='Collect parameter names from passive sources like wayback, commoncrawl and otx.', dest='passive', nargs='?', const='-') parser.add_argument('--passive', help='Collect parameter names from passive sources like wayback, commoncrawl and otx.', dest='passive', nargs='?', const='-')
parser.add_argument('--stable', help='Prefer stability over speed.', dest='stable', action='store_true') parser.add_argument('--stable', help='Prefer stability over speed.', dest='stable', action='store_true')
parser.add_argument('--include', help='Include this data in every request.', dest='include', default={}) parser.add_argument('--include', help='Include this data in every request.', dest='include', default={})
parser.add_argument('--disable-redirects', help='Include this data in every request.', dest='disable_redirects', action='store_true') parser.add_argument('--disable-redirects', help='disable redirects', dest='disable_redirects', action='store_true')
args = parser.parse_args() # arguments to be parsed args = parser.parse_args() # arguments to be parsed
if args.quiet: if args.quiet:

19
arjun/core/anomaly.py
View File

@@ -1,6 +1,8 @@
import re import re
import requests import requests
import arjun.core.config as mem
from urllib.parse import urlparse from urllib.parse import urlparse
from arjun.core.utils import diff_map, remove_tags from arjun.core.utils import diff_map, remove_tags
@@ -28,8 +30,13 @@ def define(response_1, response_2, param, value, wordlist):
if response_1.headers.keys() == response_2.headers.keys(): if response_1.headers.keys() == response_2.headers.keys():
factors['same_headers'] = list(response_1.headers.keys()) factors['same_headers'] = list(response_1.headers.keys())
factors['same_headers'].sort() factors['same_headers'].sort()
if response_1.headers.get('Location', '') == response_2.headers.get('Location', ''): if mem.var['disable_redirects']:
factors['same_redirect'] = urlparse(response_1.headers.get('Location', '')).path if response_1.headers.get('Location', '') == response_2.headers.get('Location', ''):
factors['same_redirect'] = urlparse(response_1.headers.get('Location', '')).path
elif urlparse(response_1.url).path == urlparse(response_2.url).path:
factors['same_redirect'] = urlparse(response_1.url).path
else:
factors['same_redirect'] = ''
if response_1.text == response_2.text: if response_1.text == response_2.text:
factors['same_body'] = response_1.text factors['same_body'] = response_1.text
elif response_1.text.count('\n') == response_2.text.count('\n'): elif response_1.text.count('\n') == response_2.text.count('\n'):
@@ -56,8 +63,12 @@ def compare(response, factors, params):
return ('http code', params) return ('http code', params)
if factors['same_headers'] and these_headers != factors['same_headers']: if factors['same_headers'] and these_headers != factors['same_headers']:
return ('http headers', params) return ('http headers', params)
if factors['same_redirect'] and urlparse(response.headers.get('Location', '')).path != factors['same_redirect']: if mem.var['disable_redirects']:
return ('redirection', params) if factors['same_redirect'] and urlparse(response.headers.get('Location', '')).path != factors['same_redirect']:
return ('redirection', params)
elif factors['same_redirect'] and 'Location' in response.headers:
if urlparse(response.headers.get['Location']).path != factors['same_redirect']:
return ('redirection', params)
if factors['same_body'] and response.text != factors['same_body']: if factors['same_body'] and response.text != factors['same_body']:
return ('body length', params) return ('body length', params)
if factors['lines_num'] and response.text.count('\n') != factors['lines_num']: if factors['lines_num'] and response.text.count('\n') != factors['lines_num']: