forked from beched/libpywebhack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlibpywebhack.html
193 lines (151 loc) · 14 KB
/
libpywebhack.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head><title>Python: module libpywebhack</title>
</head><body bgcolor="#f0f0f8">
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="heading">
<tr bgcolor="#7799ee">
<td valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"> <br><big><big><strong>libpywebhack</strong></big></big></font></td
><td align=right valign=bottom
><font color="#ffffff" face="helvetica, arial"><a href=".">index</a><br><a href="file:/home/beched/PycharmProjects/LibPyWebHack/libpywebhack.py">/home/beched/PycharmProjects/LibPyWebHack/libpywebhack.py</a></font></td></tr></table>
<p><tt>#-*- coding:utf-8 -*-</tt></p>
<p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#aa55cc">
<td colspan=3 valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Modules</strong></big></font></td></tr>
<tr><td bgcolor="#aa55cc"><tt> </tt></td><td> </td>
<td width="100%"><table width="100%" summary="list"><tr><td width="25%" valign=top><a href="httplib.html">httplib</a><br>
<a href="re.html">re</a><br>
</td><td width="25%" valign=top><a href="socket.html">socket</a><br>
<a href="sys.html">sys</a><br>
</td><td width="25%" valign=top><a href="threading.html">threading</a><br>
</td><td width="25%" valign=top></td></tr></table></td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#ee77aa">
<td colspan=3 valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Classes</strong></big></font></td></tr>
<tr><td bgcolor="#ee77aa"><tt> </tt></td><td> </td>
<td width="100%"><dl>
<dt><font face="helvetica, arial"><a href="common.html#PyWebHack">common.PyWebHack</a>
</font></dt><dd>
<dl>
<dt><font face="helvetica, arial"><a href="libpywebhack.html#WebHack">WebHack</a>
</font></dt></dl>
</dd>
</dl>
<p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#ffc8d8">
<td colspan=3 valign=bottom> <br>
<font color="#000000" face="helvetica, arial"><a name="WebHack">class <strong>WebHack</strong></a>(<a href="common.html#PyWebHack">common.PyWebHack</a>)</font></td></tr>
<tr><td bgcolor="#ffc8d8"><tt> </tt></td><td> </td>
<td width="100%">Methods defined here:<br>
<dl><dt><a name="WebHack-apachetest"><strong>apachetest</strong></a>(self, path)</dt><dd><tt>Perform some security-specific information retrieval from Apache<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-argsfind"><strong>argsfind</strong></a>(self, path, modes<font color="#909090">=['get']</font>, fill<font color="#909090">='1'</font>, base<font color="#909090">='bases/argsbase.txt'</font>, fix<font color="#909090">=[]</font>)</dt><dd><tt>Search for the input parameters of the web-scenario<br>
:param path: target path<br>
:param modes: list of the data transition methods ('get', 'post' or 'cookie')<br>
:param fill: the payload which should be plugged into parameters<br>
:param base: path to file with parameter names<br>
:param fix: fixed points, i.e. a list of parameters which should be sent in each request</tt></dd></dl>
<dl><dt><a name="WebHack-asptest"><strong>asptest</strong></a>(self, path)</dt><dd><tt>Search for some sensitive .NET-specific files<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-brutesubs"><strong>brutesubs</strong></a>(self, threads<font color="#909090">=5</font>, words<font color="#909090">='bases/wordlist2.txt'</font>, ban_codes<font color="#909090">=None</font>, ban_regex<font color="#909090">=None</font>)</dt><dd><tt>Multi-threaded brute force of existing subdomains of the given domain<br>
:param threads: number of threads<br>
:param words: path to file with subdomain names<br>
:param ban_codes: ignore subdomains which respond with these codes via HTTP<br>
:param ban_regex: ignore subdomains which respond with body matching this regular expression via HTTP</tt></dd></dl>
<dl><dt><a name="WebHack-dobrute"><strong>dobrute</strong></a>(self, a, b)</dt><dd><tt>A worker-method for <a href="#WebHack">WebHack</a>.<a href="#WebHack-brutesubs">brutesubs</a>()<br>
:param a: beginning of interval<br>
:param b: end of interval</tt></dd></dl>
<dl><dt><a name="WebHack-domxsstest"><strong>domxsstest</strong></a>(self, path)</dt><dd><tt>Test if javascript-file matches some regular expressions, possibly indicating DOM XSS<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-fuzzbackups"><strong>fuzzbackups</strong></a>(self, path)</dt><dd><tt>Search for source code backups of the script<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-gpcreq"><strong>gpcreq</strong></a>(self, path, query<font color="#909090">=''</font>, mode<font color="#909090">='get'</font>)</dt><dd><tt><a href="#WebHack-restructure">restructure</a>(path)<br>
Send data via GET, POST request or in Cookie-header<br>
:param path: target path<br>
:param query: URL-encoded QUERY_STRING<br>
:param mode: 'get', 'post' or 'cookie'<br>
:return:</tt></dd></dl>
<dl><dt><a name="WebHack-iiscan"><strong>iiscan</strong></a>(self, path)</dt><dd><tt>Tilde (~) and wildcard (*) file names brute force in IIS<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-iistest"><strong>iistest</strong></a>(self, path)</dt><dd><tt>Search for sensitive IIS files, perform IIS files scanning, test access restriction bypass, test ASP.NET issues<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-javatest"><strong>javatest</strong></a>(self, path)</dt><dd><tt>Hack Java<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-minifuzz"><strong>minifuzz</strong></a>(self, path)</dt><dd><tt>Rapid fuzzing of known parameters<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-nginxtest"><strong>nginxtest</strong></a>(self, path)</dt><dd><tt>Hack NginX<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-phptest"><strong>phptest</strong></a>(self, path)</dt><dd><tt>Check for RCE, try to get PHP script path disclosure<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-pytest"><strong>pytest</strong></a>(self, path)</dt><dd><tt>Hack Django<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-rubytest"><strong>rubytest</strong></a>(self, path)</dt><dd><tt>Retrieve information from HTTP headers, check for RoR object deserialization RCE<br>
:param path: target path</tt></dd></dl>
<dl><dt><a name="WebHack-softdetect"><strong>softdetect</strong></a>(self, path)</dt><dd><tt>Extract information from HTTP headers, detects various platforms and searches for some files<br>
:param path: target path</tt></dd></dl>
<hr>
Methods inherited from <a href="common.html#PyWebHack">common.PyWebHack</a>:<br>
<dl><dt><a name="WebHack-__del__"><strong>__del__</strong></a>(self)</dt><dd><tt>The class destructor. Outputs the total number of HTTP requests made</tt></dd></dl>
<dl><dt><a name="WebHack-__init__"><strong>__init__</strong></a>(self, *args, **kwargs)</dt><dd><tt>The class constructor.<br>
:param host: a host to work with in format hostname[:port]. The only necessary parameter<br>
:param ssl: if True, HTTPS will be used, default value is 0<br>
:param ajax: if True, "X-Requested-With: XMLHttpRequest" header will be added to all HTTP requests<br>
:param cut: if set, all strings matching specified regexp will be removed from all HTTP responses<br>
:param sleep: if set, sleep after each HTTP request for the specified number of seconds, default value is 0<br>
:param verbose: if True, an output will be sent to STDOUT, default value is 1<br>
:return:</tt></dd></dl>
<dl><dt><a name="WebHack-chkpath"><strong>chkpath</strong></a>(self, paths, comment<font color="#909090">=None</font>)</dt><dd><tt>Check that the given paths exist. If some path exists, it's added to self.<strong>known_urls</strong><br>
:param paths: a list with request URIs<br>
:param comment: a description of what's going on. Will be logged</tt></dd></dl>
<dl><dt><a name="WebHack-help"><strong>help</strong></a>(self)</dt><dd><tt>A help method template. Called when invalid input is provided to the constructor</tt></dd></dl>
<dl><dt><a name="WebHack-makereq"><strong>makereq</strong></a>(self, path, query<font color="#909090">=None</font>, headers<font color="#909090">=None</font>, method<font color="#909090">='GET'</font>)</dt><dd><tt>The core method for sending HTTP requests<br>
:param path: a request URI (if it's directory, it should end with '/')<br>
:param query: a query string<br>
:param headers: a dict with additional request headers<br>
:param method: HTTP request method<br>
:return: a response tuple (str body, int code, dict headers)</tt></dd></dl>
<dl><dt><a name="WebHack-newstructure"><strong>newstructure</strong></a>(self)</dt><dd><tt>Generates a dictionary for holding the information about some path<br>
:return: a dict with all necessary (empty) fields</tt></dd></dl>
<dl><dt><a name="WebHack-rep_log"><strong>rep_log</strong></a>(self, string, delim<font color="#909090">='<font color="#c040c0">\n</font>'</font>)</dt><dd><tt>Logging method. If self.<strong>verbose</strong> is True, sents output to STDOUT<br>
:param string: a log entry<br>
:param delim: a delimiter which is appended to the entry</tt></dd></dl>
<dl><dt><a name="WebHack-restructure"><strong>restructure</strong></a>(self, path)</dt><dd><tt>Sets current path and generates a new structure for it, if path is new<br>
:param path: current path</tt></dd></dl>
<hr>
Data and other attributes inherited from <a href="common.html#PyWebHack">common.PyWebHack</a>:<br>
<dl><dt><strong>add_headers</strong> = {'Cookie': '', 'User-Agent': 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)'}</dl>
<dl><dt><strong>allowed_params</strong> = ['host', 'ssl', 'ajax', 'cut', 'sleep', 'verbose']</dl>
<dl><dt><strong>args</strong> = {}</dl>
<dl><dt><strong>cnt_reqs</strong> = 0</dl>
<dl><dt><strong>current_path</strong> = ''</dl>
<dl><dt><strong>known_subs</strong> = []</dl>
<dl><dt><strong>known_urls</strong> = {}</dl>
<dl><dt><strong>log</strong> = ''</dl>
<dl><dt><strong>verbose</strong> = False</dl>
</td></tr></table></td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#eeaa77">
<td colspan=3 valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Functions</strong></big></font></td></tr>
<tr><td bgcolor="#eeaa77"><tt> </tt></td><td> </td>
<td width="100%"><dl><dt><a name="-sleep"><strong>sleep</strong></a>(...)</dt><dd><tt><a href="#-sleep">sleep</a>(seconds)<br>
<br>
Delay execution for a given number of seconds. The argument may be<br>
a floating point number for subsecond precision.</tt></dd></dl>
</td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#55aa55">
<td colspan=3 valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Data</strong></big></font></td></tr>
<tr><td bgcolor="#55aa55"><tt> </tt></td><td> </td>
<td width="100%"><strong>__author__</strong> = 'Beched'</td></tr></table><p>
<table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section">
<tr bgcolor="#7799ee">
<td colspan=3 valign=bottom> <br>
<font color="#ffffff" face="helvetica, arial"><big><strong>Author</strong></big></font></td></tr>
<tr><td bgcolor="#7799ee"><tt> </tt></td><td> </td>
<td width="100%">Beched</td></tr></table>
</body></html>