40 lines
1.7 KiB
Python
40 lines
1.7 KiB
Python
import concurrent.futures
|
|
import re
|
|
|
|
from core.colors import good, info, green, end
|
|
from core.config import blindParams, xsschecker, threadCount
|
|
from core.requester import requester
|
|
|
|
|
|
def checky(param, paraNames, url, headers, GET, delay, timeout):
|
|
if param not in paraNames:
|
|
response = requester(url, {param: xsschecker},
|
|
headers, GET, delay, timeout).text
|
|
if '\'%s\'' % xsschecker in response or '"%s"' % xsschecker in response or ' %s ' % xsschecker in response:
|
|
paraNames[param] = ''
|
|
print('%s Valid parameter found : %s%s%s' %
|
|
(good, green, param, end))
|
|
|
|
|
|
def arjun(url, GET, headers, delay, timeout):
|
|
paraNames = {}
|
|
response = requester(url, {}, headers, GET, delay, timeout).text
|
|
matches = re.findall(
|
|
r'<input.*?name=\'(.*?)\'.*?>|<input.*?name="(.*?)".*?>', response)
|
|
for match in matches:
|
|
try:
|
|
foundParam = match[1]
|
|
except UnicodeDecodeError:
|
|
continue
|
|
print('%s Heuristics found a potentially valid parameter: %s%s%s. Priortizing it.' % (
|
|
good, green, foundParam, end))
|
|
if foundParam not in blindParams:
|
|
blindParams.insert(0, foundParam)
|
|
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
|
|
futures = (threadpool.submit(checky, param, paraNames, url,
|
|
headers, GET, delay, timeout) for param in blindParams)
|
|
for i, _ in enumerate(concurrent.futures.as_completed(futures)):
|
|
if i + 1 == len(blindParams) or (i + 1) % threadCount == 0:
|
|
print('%s Progress: %i/%i' % (info, i + 1, len(blindParams)), end='\r')
|
|
return paraNames
|