From 34e9771a502d68cf78aa4953987a70692b300c64 Mon Sep 17 00:00:00 2001 From: Somdev Sangwan Date: Sun, 20 Jan 2019 14:54:26 +0530 Subject: [PATCH] added common substrings test --- bolt.py | 27 ++++++++++++++++++++++++--- core/config.py | 2 +- core/datanize.py | 4 ++-- core/tweaker.py | 14 +++++++------- core/utils.py | 7 ++++--- 5 files changed, 38 insertions(+), 16 deletions(-) diff --git a/bolt.py b/bolt.py index 469febb..29846da 100644 --- a/bolt.py +++ b/bolt.py @@ -30,7 +30,7 @@ import statistics import core.config from core.entropy import isRandom -from core.config import token +from core.config import tokenPattern from core.datanize import datanize from core.prompt import prompt from core.photon import photon @@ -39,7 +39,7 @@ from core.evaluate import evaluate from core.ranger import ranger from core.zetanize import zetanize from core.requester import requester -from core.utils import extractHeaders, strength, isProtected, stringToBinary +from core.utils import extractHeaders, strength, isProtected, stringToBinary, longestCommonSubstring parser = argparse.ArgumentParser() parser.add_argument('-u', help='target url', dest='target') @@ -115,7 +115,7 @@ aToken = allTokens[0] matches = [] for element in hashPatterns: pattern = element['regex'] - if re.match(pattern, aToken): + if re.match(tokenPattern, aToken): for name in element['matches']: matches.append(name) if matches: @@ -146,6 +146,27 @@ except statistics.StatisticsError: print ('%s No CSRF protection to test' % bad) quit() +def staticParts(allTokens): + strings = list(set(allTokens.copy())) + commonSubstrings = {} + for theString in strings: + strings.remove(theString) + for string in strings: + commonSubstring = longestCommonSubstring(theString, string) + if commonSubstring not in commonSubstrings: + commonSubstrings[commonSubstring] = [] + if len(commonSubstring) > 2: + if theString not in commonSubstrings[commonSubstring]: + commonSubstrings[commonSubstring].append(theString) + if string not in commonSubstrings[commonSubstring]: + commonSubstrings[commonSubstring].append(string) + return commonSubstrings +result = {k: v for k, v in staticParts(allTokens).items() if v} + +if result: + print ('%s Common substring found') + print (json.dumps(result, indent=4)) + simTokens = [] print (' %s Phase: Observing %s[%s4/6%s]%s' % (lightning, green, end, green, end)) diff --git a/core/config.py b/core/config.py index 191ffb5..80f46de 100644 --- a/core/config.py +++ b/core/config.py @@ -2,7 +2,7 @@ password = 'xXx!69!xXx' email = 'testing@gmail.com' strings = ['red', 'bob', 'admin', 'alex', 'testing', 'test', 'lol', 'yes', 'dragon', 'bad'] commonNames = ['csrf', 'auth', 'token', 'verify', 'hash'] -token = r'^[\w\-_+=/]{14,256}$' +tokenPattern = r'^[\w\-_+=/]{14,256}$' headers = { # default headers 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', diff --git a/core/datanize.py b/core/datanize.py index 169d545..229b0d9 100644 --- a/core/datanize.py +++ b/core/datanize.py @@ -1,7 +1,7 @@ import random import re -from core.config import password, email, token, strings +from core.config import password, email, tokenPattern, strings def datanize(forms, tolerate=False): parsedForms = list(forms.values()) @@ -16,7 +16,7 @@ def datanize(forms, tolerate=False): name = inp['name'] kind = inp['type'] value = inp['value'] - if re.match(token, value): + if re.match(tokenPattern, value): protected = True if kind == 'password': data[name] = password diff --git a/core/tweaker.py b/core/tweaker.py index fa34df5..d407f20 100644 --- a/core/tweaker.py +++ b/core/tweaker.py @@ -1,4 +1,4 @@ -from core.config import token +from core.config import tokenPattern import random import re @@ -8,24 +8,24 @@ def tweaker(data, strategy, index=0, seeds=[None, None]): newData = {} if strategy == 'clear': for name, value in data.items(): - if re.match(token, value): + if re.match(tokenPattern, value): value = '' newData[name] = value return newData elif strategy == 'remove': for name, value in data.items(): - if not re.match(token, value): + if not re.match(tokenPattern, value): newData[name] = value elif strategy == 'break': for name, value in data.items(): - if re.match(token, value): + if re.match(tokenPattern, value): value = value[:index] for i in index: value += random.choice(digits + alphabets) newData[name] = value elif strategy == 'generate': for name, value in data.items(): - if re.match(token, value): + if re.match(tokenPattern, value): newToken = '' for char in list(value): if char in digits: @@ -39,6 +39,6 @@ def tweaker(data, strategy, index=0, seeds=[None, None]): newData[name] = value elif strategy == 'replace': for name, value in data.items(): - if re.match(token, value): + if re.match(tokenPattern, value): value - return newData \ No newline at end of file + return newData diff --git a/core/utils.py b/core/utils.py index ca8672b..8f3ba25 100644 --- a/core/utils.py +++ b/core/utils.py @@ -1,5 +1,6 @@ import re -from core.config import token +import math +from core.config import tokenPattern def longestCommonSubstring(s1, s2): m = [[0] * (1 + len(s2)) for i in range(1 + len(s1))] @@ -36,7 +37,7 @@ def isProtected(parsed): name = inp['name'] kind = inp['type'] value = inp['value'] - if re.match(token, value): + if re.match(tokenPattern, value): protected = True return protected @@ -76,4 +77,4 @@ def getParams(url, data, GET): params[each[0]] = each[1] except IndexError: params = None - return params + return params \ No newline at end of file