Add files via upload

2018-10-27 18:58:52 +05:30
parent d63b3cd810
commit 0d3f25bbee
17 changed files with 725 additions and 0 deletions
--- a/core/utils.py
+++ b/core/utils.py
@@ -0,0 +1,88 @@
+import re
+import random
+from core.config import xsschecker
+
+def extractHeaders(headers):
+    sorted_headers = {}
+    matches = re.findall(r'(.*):\s(.*)', headers)
+    for match in matches:
+        header = match[0]
+        value = match[1]
+        try:
+            if value[-1] == ',':
+                value = value[:-1]
+            sorted_headers[header] = value
+        except IndexError:
+            pass
+    return sorted_headers
+
+def replacer(dic, toReplace, replaceWith):
+    for key in dic.keys():
+        if dic[key] == toReplace:
+            dic[key] = replaceWith
+    return dic
+
+def getUrl(url, data, GET):
+    if GET:
+        return url.split('?')[0]
+    else:
+        return url
+
+def extractScripts(response):
+    scripts = []
+    matches = re.findall(r'(?s)<script.*?>(.*?)</script>', response.lower())
+    for match in matches:
+        if xsschecker in match:
+            scripts.append(match)
+    return scripts
+
+def randomUpper(string):
+    return ''.join(random.choice((x, y)) for x, y in zip(string.upper(),string.lower()))
+
+def flattenParams(currentParam, params, payload):
+    flatted = []
+    for name, value in params.items():
+        if name == currentParam:
+            value = payload
+        flatted.append(name + '=' + value)
+    return '?' + '&'.join(flatted)
+
+def genGen(fillings, eFillings, lFillings, eventHandlers, tags, functions, ends, breaker, special):
+    vectors = []
+    r = randomUpper
+    for tag in tags:
+        if tag == 'd3v' or tag == 'a':
+            bait = 'z'
+        else:
+            bait = ''
+        for eventHandler in eventHandlers:
+            if tag in eventHandlers[eventHandler]:
+                for function in functions:
+                    for filling in fillings:
+                        for eFilling in eFillings:
+                            for lFilling in lFillings:
+                                for end in ends:
+                                    if tag == 'd3v' or tag == 'a':
+                                        if '>' in ends:
+                                            end = '>'
+                                    vector = vector = r(breaker) + special + '<' + r(tag) + filling + r(eventHandler) + eFilling + '=' + eFilling + function + lFilling + end + bait
+                                    vectors.append(vector)
+    return vectors
+
+def getParams(url, data, GET):
+    params = {}
+    if GET:
+        if '=' in url:
+            data = url.split('?')[1]
+            if data[:1] == '?':
+                data = data[1:]
+        else:
+            data = ''
+    parts = data.split('&')
+    for part in parts:
+        each = part.split('=')
+        try:
+            params[each[0]] = each[1]
+        except IndexError:
+            params = None
+    return params