s0md3v/Bolt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes #15, fixes #17

Browse Source
This commit is contained in:
Somdev Sangwan
2022-01-24 11:58:00 +05:30
committed by GitHub
parent 04c752cc7a
commit 798cfdf578
1 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bolt.py
View File

@@ -13,16 +13,17 @@ banner()
try:
import concurrent.futures
try:
except:
print ('%s Bolt is not compatible with python 2. Please run it with python 3.' % bad)
try:
from fuzzywuzzy import fuzz, process
except:
except:
import os
print ('%s fuzzywuzzy library is not installed, installing now.' % info)
os.system('pip3 install fuzzywuzzy')
print ('%s fuzzywuzzy has been installed, please restart Bolt.' % info)
quit()
except:
print ('%s Bolt is not compatible with python 2. Please run it with python 3.' % bad)
import argparse
import json
@@ -110,8 +111,10 @@ if len(uniqueTokens) < len(allTokens):
print ('%s Potential Replay Attack condition found' % good)
print ('%s Verifying and looking for the cause' % run)
replay = False
for url, token in tokenDatabase:
for url2, token2 in tokenDatabase:
for each in tokenDatabase:
url, token = next(iter(each.keys())), next(iter(each.values()))
for each2 in tokenDatabase:
url2, token2 = next(iter(each2.keys())), next(iter(each2.values()))
if token == token2 and url != url2:
print ('%s The same token was used on %s%s%s and %s%s%s' %
(good, green, url, end, green, url2, end))
@@ -233,10 +236,10 @@ print (' %s Phase: Testing %s[%s5/6%s]%s' %
(lightning, green, end, green, end))
parsed = ''
found = False
print ('%s Finding a suitable form for further testing. It may take a while.' % run)
for form_dict in allForms:
for url, forms in form_dict.items():
found = False
parsed = datanize(forms, tolerate=True)
if parsed:
found = True
@@ -245,9 +248,7 @@ for form_dict in allForms:
break
if not parsed:
candidate = list(random.choice(tokenDatabase).keys())[0]
parsed = datanize(candidate, tolerate=True)
print (parsed)
quit('%s No suitable form found for testing.' % bad)
origGET = parsed[0]
origUrl = parsed[1]