本文整理汇总了Python中w3af.core.data.fuzzer.utils.rand_alnum函数的典型用法代码示例。如果您正苦于以下问题:Python rand_alnum函数的具体用法?Python rand_alnum怎么用?Python rand_alnum使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了rand_alnum函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: _mutate
def _mutate(self, data):
"""
Add a random parameter.
:param data: A dict-like object.
:return: The same object with one new key-value.
"""
key = rand_alnum(5)
value = rand_alnum(8)
data[key] = value
return data
开发者ID:masterapocalyptic,项目名称:Tortazo-spanishtranslate,代码行数:11,代码来源:rnd_param.py
示例2: test_find
def test_find(self):
find_id = random.randint(1, 499)
url = URL('http://w3af.org/a/b/foobar.php?foo=123')
tag_value = rand_alnum(10)
for i in xrange(0, 500):
request = HTTPRequest(url, data='a=1')
code = 200
if i == find_id:
code = 302
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(code, '<html>', hdr, url, url)
h1 = HistoryItem()
h1.request = request
res.set_id(i)
h1.response = res
if i == find_id:
h1.toggle_mark()
h1.update_tag(tag_value)
h1.save()
h2 = HistoryItem()
self.assertEqual(
len(h2.find([('tag', "%" + tag_value + "%", 'like')])), 1)
self.assertEqual(len(h2.find([('code', 302, '=')])), 1)
self.assertEqual(len(h2.find([('mark', 1, '=')])), 1)
self.assertEqual(len(h2.find([('has_qs', 1, '=')])), 500)
self.assertEqual(
len(h2.find([('has_qs', 1, '=')], result_limit=10)), 10)
results = h2.find(
[('has_qs', 1, '=')], result_limit=1, orderData=[('id', 'desc')])
self.assertEqual(results[0].id, 499)
search_data = []
search_data.append(('id', find_id + 1, "<"))
search_data.append(('id', find_id - 1, ">"))
self.assertEqual(len(h2.find(search_data)), 1)
开发者ID:0x554simon,项目名称:w3af,代码行数:35,代码来源:test_history.py
示例3: _gen_url_to_include
def _gen_url_to_include(self, file_content, extension):
"""
Generate the URL to include, based on the configuration it will return a
URL pointing to a XSS bug, or our local webserver.
"""
if self._use_XSS_vuln and self._xss_vuln:
mutant = self._xss_vuln.get_mutant()
mutant = mutant.copy()
mutant.set_token_value(file_content)
return mutant.get_uri().url_string
else:
# Write the php to the webroot
filename = rand_alnum()
filepath = os.path.join(get_home_dir(), 'webroot', filename)
try:
file_handler = open(filepath, 'w')
file_handler.write(file_content)
file_handler.close()
except:
raise BaseFrameworkException('Could not create file in webroot.')
else:
url_to_include = 'http://%s:%s/%s' % (self._listen_address,
self._listen_port,
filename)
return url_to_include
开发者ID:ElAleyo,项目名称:w3af,代码行数:26,代码来源:rfi.py
示例4: _is_404_with_extra_request
def _is_404_with_extra_request(self, http_response, clean_resp_body):
"""
Performs a very simple check to verify if this response is a 404 or not.
It takes the original URL and modifies it by pre-pending a "not-" to the
filename, then performs a request to that URL and compares the original
response with the modified one. If they are equal then the original
request is a 404.
:param http_response: The original HTTP response
:param clean_resp_body: The original HTML body you could find in
http_response after passing it by a cleaner
:return: True if the original response was a 404 !
"""
response_url = http_response.get_url()
filename = response_url.get_file_name()
if not filename:
relative_url = '../%s/' % rand_alnum(8)
url_404 = response_url.url_join(relative_url)
else:
relative_url = self._generate_404_filename(filename)
url_404 = response_url.copy()
url_404.set_file_name(relative_url)
response_404 = self._send_404(url_404)
clean_response_404_body = get_clean_body(response_404)
if response_404.get_code() == 404 and \
url_404.get_domain_path() not in self._directory_uses_404_codes:
self._directory_uses_404_codes.add(url_404.get_domain_path())
return fuzzy_equal(clean_response_404_body, clean_resp_body,
IS_EQUAL_RATIO)
开发者ID:0x554simon,项目名称:w3af,代码行数:34,代码来源:fingerprint_404.py
示例5: _audit
def _audit(self, function_id, plugin, fuzzable_request, orig_resp):
"""
Since threadpool's apply_async runs the callback only when the call to
this method ends without any exceptions, it is *very important* to
handle exceptions correctly here. Failure to do so will end up in
_task_done not called, which will make has_pending_work always return
True.
Python 3 has an error_callback in the apply_async method, which we could
use in the future.
"""
args = (plugin.get_name(), fuzzable_request.get_uri())
om.out.debug('%s.audit(%s)' % args)
debugging_id = rand_alnum(8)
took_line = TookLine(self._w3af_core,
plugin.get_name(),
'audit',
debugging_id=debugging_id,
method_params={'uri': fuzzable_request.get_uri()})
try:
plugin.audit_with_copy(fuzzable_request, orig_resp, debugging_id)
except Exception, e:
self.handle_exception('audit', plugin.get_name(),
fuzzable_request, e)
开发者ID:foobarmonk,项目名称:w3af,代码行数:27,代码来源:audit.py
示例6: _configure_debug
def _configure_debug(self):
"""
Configure debugging for the scans to be run.
"""
ptype = 'output'
pname = 'text_file'
enabled_output = self.w3afcore.plugins.get_enabled_plugins(ptype)
enabled_output += [pname]
self.w3afcore.plugins.set_plugins(enabled_output, ptype)
# Now we configure the output file to point to CircleCI's artifact
# directory (when run on circle) and /tmp/ when run on our
# workstation
output_dir = os.environ.get('CIRCLE_ARTIFACTS', tempfile.gettempdir())
rnd = rand_alnum(6)
text_output = os.path.join(output_dir, 'output-%s.txt' % rnd)
http_output = os.path.join(output_dir, 'output-http-%s.txt' % rnd)
text_file_inst = self.w3afcore.plugins.get_plugin_inst(ptype, pname)
default_opts = text_file_inst.get_options()
default_opts['output_file'].set_value(text_output)
default_opts['http_output_file'].set_value(http_output)
default_opts['verbose'].set_value(True)
print('Logging to %s' % text_output)
self.w3afcore.plugins.set_plugin_options(ptype, pname, default_opts)
开发者ID:carriercomm,项目名称:w3af_analyse,代码行数:29,代码来源:helper.py
示例7: __init__
def __init__(self):
self.func = None
self.args = None
self.kwargs = None
self.start_time = None
self.job = None
self.id = rand_alnum(8)
开发者ID:andresriancho,项目名称:w3af,代码行数:7,代码来源:threadpool.py
示例8: _single_404_check
def _single_404_check(self, http_response, html_body):
"""
Performs a very simple check to verify if this response is a 404 or not.
It takes the original URL and modifies it by pre-pending a "not-" to the
filename, then performs a request to that URL and compares the original
response with the modified one. If they are equal then the original
request is a 404.
:param http_response: The original HTTP response
:param html_body: The original HTML body after passing it by a cleaner
:return: True if the original response was a 404 !
"""
response_url = http_response.get_url()
filename = response_url.get_file_name()
if not filename:
relative_url = '../%s/' % rand_alnum(8)
url_404 = response_url.url_join(relative_url)
else:
relative_url = 'not-%s' % filename
url_404 = response_url.url_join(relative_url)
response_404 = self._send_404(url_404, store=False)
clean_response_404_body = get_clean_body(response_404)
if response_404.get_code() == 404 and \
url_404.get_domain_path() not in self._directory_uses_404_codes:
self._directory_uses_404_codes.add(url_404.get_domain_path())
return relative_distance_ge(clean_response_404_body, html_body, IS_EQUAL_RATIO)
开发者ID:Adastra-thw,项目名称:Tortazo,代码行数:31,代码来源:fingerprint_404.py
示例9: create_crash_file
def create_crash_file(exception):
filename = "w3af-crash-" + rand_alnum(5) + ".txt"
filename = os.path.join(gettempdir(), filename)
crash_dump = file(filename, "w")
crash_dump.write(_('Submit this bug here: https://github.com/andresriancho/w3af/issues/new \n'))
crash_dump.write(get_versions())
crash_dump.write(exception)
crash_dump.close()
return filename
开发者ID:0x554simon,项目名称:w3af,代码行数:9,代码来源:helpers.py
示例10: _PUT
def _PUT(self, domain_path):
"""
Tests PUT method.
"""
# upload
url = domain_path.url_join(rand_alpha(5))
rnd_content = rand_alnum(6)
headers = Headers([('content-type', 'text/plain')])
put_response = self._uri_opener.PUT(url, data=rnd_content,
headers=headers)
# check if uploaded
res = self._uri_opener.GET(url, cache=True)
if res.get_body() == rnd_content:
msg = 'File upload with HTTP PUT method was found at resource:' \
' "%s". A test file was uploaded to: "%s".'
msg = msg % (domain_path, res.get_url())
v = Vuln('Insecure DAV configuration', msg, severity.HIGH,
[put_response.id, res.id], self.get_name())
v.set_url(url)
v.set_method('PUT')
self.kb_append(self, 'dav', v)
# Report some common errors
elif put_response.get_code() == 500:
msg = 'DAV seems to be incorrectly configured. The web server' \
' answered with a 500 error code. In most cases, this means'\
' that the DAV extension failed in some way. This error was'\
' found at: "%s".' % put_response.get_url()
i = Info('DAV incorrect configuration', msg, res.id, self.get_name())
i.set_url(url)
i.set_method('PUT')
self.kb_append(self, 'dav', i)
# Report some common errors
elif put_response.get_code() == 403:
msg = 'DAV seems to be correctly configured and allowing you to'\
' use the PUT method but the directory does not have the'\
' correct permissions that would allow the web server to'\
' write to it. This error was found at: "%s".'
msg = msg % put_response.get_url()
i = Info('DAV incorrect configuration', msg,
[put_response.id, res.id], self.get_name())
i.set_url(url)
i.set_method('PUT')
self.kb_append(self, 'dav', i)
开发者ID:ElAleyo,项目名称:w3af,代码行数:56,代码来源:dav.py
示例11: _create_file
def _create_file(self):
"""
Create random name file php with random php content. To be used in the
remote file inclusion test.
:return: The file content to be served via the webserver.
Please note that the generated code works both in PHP and JSP without
any issues, since PHP will run everything between "<?" and "?>" and
JSP will run code between "<%" and "%>".
TODO: make this code compatible with: asp/aspx, jsp, js (nodejs), pl,
py, rb, etc. Some code snippets that might help to achieve this
task:
asp_code = 'response.write("%s");\n response.write("%s");' % (
rand1, rand2)
asp_code = '<% \n '+asp_code+'\n %>'
"""
with self._plugin_lock:
# First, generate the php file to be included.
rfi_result_part_1 = rand1 = rand_alnum(9)
rfi_result_part_2 = rand2 = rand_alnum(9)
rfi_result = rand1 + rand2
filename = rand_alnum(8)
php_jsp_code = '<?php echo "%(p1)s"; echo "%(p2)s"; ?>'
php_jsp_code += '<? echo "%(p1)s"; echo "%(p2)s"; ?>'
php_jsp_code += '<%% out.print("%(p1)s"); out.print("%(p2)s"); %%>'
php_jsp_code = php_jsp_code % {'p1': rfi_result_part_1,
'p2': rfi_result_part_2}
# Define the required parameters
netloc = self._listen_address + ':' + str(self._listen_port)
path = '/' + filename
rfi_url = URL.from_parts('http', netloc, path, None, None, None)
rfi_data = RFIData(rfi_url, rfi_result_part_1,
rfi_result_part_2, rfi_result)
return php_jsp_code, rfi_data
开发者ID:ElAleyo,项目名称:w3af,代码行数:42,代码来源:rfi.py
示例12: _send_requests
def _send_requests(self, fuzzable_request):
"""
Actually send the requests that might be blocked.
:param fuzzable_request: The FuzzableRequest to modify in order to
see if it's blocked
"""
rnd_param = rand_alnum(7)
rnd_value = rand_alnum(7)
fmt = '%s?%s=%s'
original_url_str = fmt % (fuzzable_request.get_url(),
rnd_param, rnd_value)
original_url = URL(original_url_str)
try:
http_resp = self._uri_opener.GET(original_url, cache=True)
except BaseFrameworkException, bfe:
msg = 'Active filter detection plugin failed to receive a'\
' response for the first request. The exception was: "%s".' \
' Can not perform analysis.'
raise BaseFrameworkException(msg % bfe)
开发者ID:RON313,项目名称:w3af,代码行数:20,代码来源:afd.py
示例13: get_file_from_template
def get_file_from_template(extension):
file_name = "%s.%s" % (rand_alpha(7), extension)
template_file = os.path.join(TEMPLATE_DIR, 'template.%s' % extension)
if os.path.exists(template_file):
file_content = file(template_file).read()
success = True
else:
file_content = rand_alnum(64)
success = False
return success, file_content, file_name
开发者ID:3rdDegree,项目名称:w3af,代码行数:12,代码来源:file_templates.py
示例14: _replace_JUNK
def _replace_JUNK(self, query):
"""
Replace the JUNK(x) variable with random alphanum.
"""
match_obj = self._junk_re.search(query)
if match_obj is not None:
if match_obj.group(1).isdigit():
length = int(match_obj.group(1))
query = self._junk_re.sub(rand_alnum(length), query)
return query
开发者ID:cathartic,项目名称:w3af,代码行数:13,代码来源:pykto.py
示例15: _id_failed_login_page
def _id_failed_login_page(self, mutant):
"""
Generate TWO different response bodies that are the result of failed
logins.
The first result is for logins with filled user and password fields;
the second one is for a filled user and a blank passwd.
"""
# The result is going to be stored here
login_failed_result_list = []
form = mutant.get_dc()
self._true_extra_fields(form)
user_token, pass_token = form.get_login_tokens()
# The first tuple is an invalid username and a password
# The second tuple is an invalid username with a blank password
tests = [(rand_alnum(8), rand_alnum(8)),
(rand_alnum(8), '')]
for user, passwd in tests:
# Setup the data_container
# Remember that we can have password only forms!
if user_token is not None:
form.set_login_username(user)
form.set_login_password(passwd)
response = self._uri_opener.send_mutant(mutant, grep=False)
# Save it
body = self.clean_body(response, user, passwd)
login_failed_result_list.append(body)
# Now I perform a self test, before starting with the actual
# bruteforcing. The first tuple is an invalid username and a password
# The second tuple is an invalid username with a blank password
tests = [(rand_alnum(8), rand_alnum(8)),
(rand_alnum(8), '')]
for user, passwd in tests:
# Now I do a self test of the result I just created.
# Remember that we can have password only forms!
if user_token is not None:
form.set_login_username(user)
form.set_login_password(passwd)
response = self._uri_opener.send_mutant(mutant, grep=False)
body = self.clean_body(response, user, passwd)
if not self._matches_failed_login(body, login_failed_result_list):
msg = ('Failed to generate a response that matches the'
' failed login page.')
raise BaseFrameworkException(msg)
return login_failed_result_list
开发者ID:batmanWjw,项目名称:w3af,代码行数:58,代码来源:form_auth.py
示例16: _send_requests
def _send_requests(self, fuzzable_request):
"""
Actually send the requests that might be blocked.
:param fuzzable_request: The FuzzableRequest to modify in order to
see if it's blocked
"""
rnd_param = rand_alnum(7)
rnd_value = rand_alnum(7)
fmt = '%s?%s=%s'
original_url_str = fmt % (fuzzable_request.get_url(),
rnd_param, rnd_value)
original_url = URL(original_url_str)
try:
http_resp = self._uri_opener.GET(original_url, cache=True)
except BaseFrameworkException:
msg = 'Active filter detection plugin failed to receive a'\
' response for the first request. Can not perform analysis.'
om.out.error(msg)
else:
original_response_body = http_resp.get_body()
original_response_body = original_response_body.replace(
rnd_param, '')
original_response_body = original_response_body.replace(
rnd_value, '')
tests = []
for offending_string in self._get_offending_strings():
offending_URL = fmt % (fuzzable_request.get_url(),
rnd_param,
offending_string)
offending_URL = URL(offending_URL)
tests.append((offending_string, offending_URL,
original_response_body, rnd_param))
self.worker_pool.map_multi_args(self._send_and_analyze, tests)
return self._filtered, self._not_filtered
开发者ID:3rdDegree,项目名称:w3af,代码行数:38,代码来源:afd.py
示例17: create_fuzzable_request
def create_fuzzable_request(_id):
path_count = _id * 5
paths = [rand_alnum(9) for _ in xrange(path_count)]
url = 'http://example.com/%s' % '/'.join(paths)
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL(url))
form_params.set_method('post')
form = dc_from_form_params(form_params)
return FuzzableRequest.from_form(form)
开发者ID:foobarmonk,项目名称:w3af,代码行数:14,代码来源:test_variant_db.py
示例18: get_remote_temp_file
def get_remote_temp_file(exec_method):
"""
:return: The name of a file in the remote file system that the user that I'm
executing commands with can write, read and execute. The normal
responses for this are files in /tmp/ or %TEMP% depending on the
remote OS.
"""
os = os_detection_exec(exec_method)
if os == 'windows':
_filename = exec_method('echo %TEMP%').strip() + '\\'
_filename += rand_alnum(6)
# verify exists
dir_res = exec_method('dir ' + _filename).strip().lower()
if 'not found' in dir_res:
return _filename
else:
# Shit, the file exists, run again and see what we can do
return get_remote_temp_file(exec_method)
return _filename
elif os == 'linux':
_filename = '/tmp/' + rand_alnum(6)
# verify exists
ls_res = exec_method('ls ' + _filename).strip()
if 'No such file' in ls_res:
return _filename
else:
# Shit, the file exists, run again and see what we can do
return get_remote_temp_file(exec_method)
else:
msg = 'Failed to create filename for a temporary file in the remote host.'
raise BaseFrameworkException(msg)
开发者ID:0x554simon,项目名称:w3af,代码行数:36,代码来源:execMethodHelpers.py
示例19: write_crash_file
def write_crash_file(self, edata):
"""
Writes the exception data to a random file in /tmp/ right after the
exception is found.
Very similar to the create_crash_file but for internal/debugging usage
:return: None
"""
filename = 'w3af-crash-%s.txt' % rand_alnum(5)
filename = os.path.join(tempfile.gettempdir(), filename)
crash_dump = file(filename, "w")
crash_dump.write(edata.get_details())
crash_dump.close()
return filename
开发者ID:0x554simon,项目名称:w3af,代码行数:15,代码来源:exception_handler.py
示例20: _return_without_eval
def _return_without_eval(self, uri):
"""
This method tries to lower the false positives.
"""
if not uri.has_query_string():
return False
uri.set_file_name(uri.get_file_name() + rand_alnum(7))
try:
response = self._uri_opener.GET(uri, cache=True,
headers=self._headers)
except BaseFrameworkException, e:
msg = 'An exception was raised while requesting "%s", the error'
msg += 'message is: "%s"'
om.out.error(msg % (uri, e))
开发者ID:andresriancho,项目名称:w3af-kali,代码行数:16,代码来源:url_fuzzer.py
注:本文中的w3af.core.data.fuzzer.utils.rand_alnum函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论