Somdev Sangwan
33
bolt.py
33
bolt.py
@@ -13,17 +13,18 @@ banner()
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
import concurrent.futures
|
import concurrent.futures
|
||||||
try:
|
|
||||||
from fuzzywuzzy import fuzz, process
|
|
||||||
except:
|
|
||||||
import os
|
|
||||||
print ('%s fuzzywuzzy library is not installed, installing now.' % info)
|
|
||||||
os.system('pip3 install fuzzywuzzy')
|
|
||||||
print ('%s fuzzywuzzy has been installed, please restart Bolt.' % info)
|
|
||||||
quit()
|
|
||||||
except:
|
except:
|
||||||
print ('%s Bolt is not compatible with python 2. Please run it with python 3.' % bad)
|
print ('%s Bolt is not compatible with python 2. Please run it with python 3.' % bad)
|
||||||
|
|
||||||
|
try:
|
||||||
|
from fuzzywuzzy import fuzz, process
|
||||||
|
except:
|
||||||
|
import os
|
||||||
|
print ('%s fuzzywuzzy library is not installed, installing now.' % info)
|
||||||
|
os.system('pip3 install fuzzywuzzy')
|
||||||
|
print ('%s fuzzywuzzy has been installed, please restart Bolt.' % info)
|
||||||
|
quit()
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
import json
|
import json
|
||||||
import random
|
import random
|
||||||
@@ -110,8 +111,10 @@ if len(uniqueTokens) < len(allTokens):
|
|||||||
print ('%s Potential Replay Attack condition found' % good)
|
print ('%s Potential Replay Attack condition found' % good)
|
||||||
print ('%s Verifying and looking for the cause' % run)
|
print ('%s Verifying and looking for the cause' % run)
|
||||||
replay = False
|
replay = False
|
||||||
for url, token in tokenDatabase:
|
for each in tokenDatabase:
|
||||||
for url2, token2 in tokenDatabase:
|
url, token = next(iter(each.keys())), next(iter(each.values()))
|
||||||
|
for each2 in tokenDatabase:
|
||||||
|
url2, token2 = next(iter(each2.keys())), next(iter(each2.values()))
|
||||||
if token == token2 and url != url2:
|
if token == token2 and url != url2:
|
||||||
print ('%s The same token was used on %s%s%s and %s%s%s' %
|
print ('%s The same token was used on %s%s%s and %s%s%s' %
|
||||||
(good, green, url, end, green, url2, end))
|
(good, green, url, end, green, url2, end))
|
||||||
@@ -233,21 +236,19 @@ print (' %s Phase: Testing %s[%s5/6%s]%s' %
|
|||||||
(lightning, green, end, green, end))
|
(lightning, green, end, green, end))
|
||||||
|
|
||||||
parsed = ''
|
parsed = ''
|
||||||
|
found = False
|
||||||
print ('%s Finding a suitable form for further testing. It may take a while.' % run)
|
print ('%s Finding a suitable form for further testing. It may take a while.' % run)
|
||||||
for form_dict in allForms:
|
for form_dict in allForms:
|
||||||
for url, forms in form_dict.items():
|
for url, forms in form_dict.items():
|
||||||
found = False
|
|
||||||
parsed = datanize(forms, tolerate=True)
|
parsed = datanize(forms, tolerate=True)
|
||||||
if parsed:
|
if parsed:
|
||||||
found = True
|
found = True
|
||||||
break
|
break
|
||||||
if found:
|
if found:
|
||||||
break
|
break
|
||||||
|
|
||||||
if not parsed:
|
if not parsed:
|
||||||
candidate = list(random.choice(tokenDatabase).keys())[0]
|
quit('%s No suitable form found for testing.' % bad)
|
||||||
parsed = datanize(candidate, tolerate=True)
|
|
||||||
print (parsed)
|
|
||||||
|
|
||||||
origGET = parsed[0]
|
origGET = parsed[0]
|
||||||
origUrl = parsed[1]
|
origUrl = parsed[1]
|
||||||
|
|||||||
Reference in New Issue
Block a user