added common substrings test
This commit is contained in:
Somdev Sangwan
27
bolt.py
27
bolt.py
@@ -30,7 +30,7 @@ import statistics
|
||||
|
||||
import core.config
|
||||
from core.entropy import isRandom
|
||||
from core.config import token
|
||||
from core.config import tokenPattern
|
||||
from core.datanize import datanize
|
||||
from core.prompt import prompt
|
||||
from core.photon import photon
|
||||
@@ -39,7 +39,7 @@ from core.evaluate import evaluate
|
||||
from core.ranger import ranger
|
||||
from core.zetanize import zetanize
|
||||
from core.requester import requester
|
||||
from core.utils import extractHeaders, strength, isProtected, stringToBinary
|
||||
from core.utils import extractHeaders, strength, isProtected, stringToBinary, longestCommonSubstring
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('-u', help='target url', dest='target')
|
||||
@@ -115,7 +115,7 @@ aToken = allTokens[0]
|
||||
matches = []
|
||||
for element in hashPatterns:
|
||||
pattern = element['regex']
|
||||
if re.match(pattern, aToken):
|
||||
if re.match(tokenPattern, aToken):
|
||||
for name in element['matches']:
|
||||
matches.append(name)
|
||||
if matches:
|
||||
@@ -146,6 +146,27 @@ except statistics.StatisticsError:
|
||||
print ('%s No CSRF protection to test' % bad)
|
||||
quit()
|
||||
|
||||
def staticParts(allTokens):
|
||||
strings = list(set(allTokens.copy()))
|
||||
commonSubstrings = {}
|
||||
for theString in strings:
|
||||
strings.remove(theString)
|
||||
for string in strings:
|
||||
commonSubstring = longestCommonSubstring(theString, string)
|
||||
if commonSubstring not in commonSubstrings:
|
||||
commonSubstrings[commonSubstring] = []
|
||||
if len(commonSubstring) > 2:
|
||||
if theString not in commonSubstrings[commonSubstring]:
|
||||
commonSubstrings[commonSubstring].append(theString)
|
||||
if string not in commonSubstrings[commonSubstring]:
|
||||
commonSubstrings[commonSubstring].append(string)
|
||||
return commonSubstrings
|
||||
result = {k: v for k, v in staticParts(allTokens).items() if v}
|
||||
|
||||
if result:
|
||||
print ('%s Common substring found')
|
||||
print (json.dumps(result, indent=4))
|
||||
|
||||
simTokens = []
|
||||
|
||||
print (' %s Phase: Observing %s[%s4/6%s]%s' % (lightning, green, end, green, end))
|
||||
|
||||
@@ -2,7 +2,7 @@ password = 'xXx!69!xXx'
|
||||
email = 'testing@gmail.com'
|
||||
strings = ['red', 'bob', 'admin', 'alex', 'testing', 'test', 'lol', 'yes', 'dragon', 'bad']
|
||||
commonNames = ['csrf', 'auth', 'token', 'verify', 'hash']
|
||||
token = r'^[\w\-_+=/]{14,256}$'
|
||||
tokenPattern = r'^[\w\-_+=/]{14,256}$'
|
||||
|
||||
headers = { # default headers
|
||||
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import random
|
||||
import re
|
||||
|
||||
from core.config import password, email, token, strings
|
||||
from core.config import password, email, tokenPattern, strings
|
||||
|
||||
def datanize(forms, tolerate=False):
|
||||
parsedForms = list(forms.values())
|
||||
@@ -16,7 +16,7 @@ def datanize(forms, tolerate=False):
|
||||
name = inp['name']
|
||||
kind = inp['type']
|
||||
value = inp['value']
|
||||
if re.match(token, value):
|
||||
if re.match(tokenPattern, value):
|
||||
protected = True
|
||||
if kind == 'password':
|
||||
data[name] = password
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
from core.config import token
|
||||
from core.config import tokenPattern
|
||||
import random
|
||||
import re
|
||||
|
||||
@@ -8,24 +8,24 @@ def tweaker(data, strategy, index=0, seeds=[None, None]):
|
||||
newData = {}
|
||||
if strategy == 'clear':
|
||||
for name, value in data.items():
|
||||
if re.match(token, value):
|
||||
if re.match(tokenPattern, value):
|
||||
value = ''
|
||||
newData[name] = value
|
||||
return newData
|
||||
elif strategy == 'remove':
|
||||
for name, value in data.items():
|
||||
if not re.match(token, value):
|
||||
if not re.match(tokenPattern, value):
|
||||
newData[name] = value
|
||||
elif strategy == 'break':
|
||||
for name, value in data.items():
|
||||
if re.match(token, value):
|
||||
if re.match(tokenPattern, value):
|
||||
value = value[:index]
|
||||
for i in index:
|
||||
value += random.choice(digits + alphabets)
|
||||
newData[name] = value
|
||||
elif strategy == 'generate':
|
||||
for name, value in data.items():
|
||||
if re.match(token, value):
|
||||
if re.match(tokenPattern, value):
|
||||
newToken = ''
|
||||
for char in list(value):
|
||||
if char in digits:
|
||||
@@ -39,6 +39,6 @@ def tweaker(data, strategy, index=0, seeds=[None, None]):
|
||||
newData[name] = value
|
||||
elif strategy == 'replace':
|
||||
for name, value in data.items():
|
||||
if re.match(token, value):
|
||||
if re.match(tokenPattern, value):
|
||||
value
|
||||
return newData
|
||||
return newData
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import re
|
||||
from core.config import token
|
||||
import math
|
||||
from core.config import tokenPattern
|
||||
|
||||
def longestCommonSubstring(s1, s2):
|
||||
m = [[0] * (1 + len(s2)) for i in range(1 + len(s1))]
|
||||
@@ -36,7 +37,7 @@ def isProtected(parsed):
|
||||
name = inp['name']
|
||||
kind = inp['type']
|
||||
value = inp['value']
|
||||
if re.match(token, value):
|
||||
if re.match(tokenPattern, value):
|
||||
protected = True
|
||||
return protected
|
||||
|
||||
@@ -76,4 +77,4 @@ def getParams(url, data, GET):
|
||||
params[each[0]] = each[1]
|
||||
except IndexError:
|
||||
params = None
|
||||
return params
|
||||
return params
|
||||
Reference in New Issue
Block a user