s0md3v/Bolt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added common substrings test

Browse Source
This commit is contained in:
Somdev Sangwan
2019-01-20 14:54:26 +05:30
committed by GitHub
parent 7a9806aa8c
commit 34e9771a50
5 changed files with 38 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
bolt.py
View File

@@ -30,7 +30,7 @@ import statistics
import core.config
from core.entropy import isRandom
from core.config import token
from core.config import tokenPattern
from core.datanize import datanize
from core.prompt import prompt
from core.photon import photon
@@ -39,7 +39,7 @@ from core.evaluate import evaluate
from core.ranger import ranger
from core.zetanize import zetanize
from core.requester import requester
from core.utils import extractHeaders, strength, isProtected, stringToBinary
from core.utils import extractHeaders, strength, isProtected, stringToBinary, longestCommonSubstring
parser = argparse.ArgumentParser()
parser.add_argument('-u', help='target url', dest='target')
@@ -115,7 +115,7 @@ aToken = allTokens[0]
matches = []
for element in hashPatterns:
pattern = element['regex']
if re.match(pattern, aToken):
if re.match(tokenPattern, aToken):
for name in element['matches']:
matches.append(name)
if matches:
@@ -146,6 +146,27 @@ except statistics.StatisticsError:
print ('%s No CSRF protection to test' % bad)
quit()
def staticParts(allTokens):
strings = list(set(allTokens.copy()))
commonSubstrings = {}
for theString in strings:
strings.remove(theString)
for string in strings:
commonSubstring = longestCommonSubstring(theString, string)
if commonSubstring not in commonSubstrings:
commonSubstrings[commonSubstring] = []
if len(commonSubstring) > 2:
if theString not in commonSubstrings[commonSubstring]:
commonSubstrings[commonSubstring].append(theString)
if string not in commonSubstrings[commonSubstring]:
commonSubstrings[commonSubstring].append(string)
return commonSubstrings
result = {k: v for k, v in staticParts(allTokens).items() if v}
if result:
print ('%s Common substring found')
print (json.dumps(result, indent=4))
simTokens = []
print (' %s Phase: Observing %s[%s4/6%s]%s' % (lightning, green, end, green, end))