Here are the examples of the python api core.requester.requester.text taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
12 Examples
3
View Complete Implementation : bolt.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def extractForms(url):
response = requester(url, {}, headers, True, 0).text
forms = zetanize(url, response)
for each in forms.values():
localTokens = set()
inputs = each['inputs']
for inp in inputs:
value = inp['value']
if value and match(r'^[\w\-_]+$', value):
if strength(value) > 10:
simTokens.append(value)
3
View Complete Implementation : retirejs.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def retirejs(url, response, checkedScripts):
final_result = []
scripts = script_extractor(response)
for script in scripts:
if script not in checkedScripts:
checkedScripts.add(script)
uri = handle_anchor(url, script)
response = requester(uri).text
result = main_scanner(uri, response)
if result:
final_result.append(result)
return final_result
3
View Complete Implementation : whatcms.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def whatcms(domain):
response = requester('https://whatcms.org/?gpreq=json&jsoncallback=jQuery1124008091494457806547_1554361369057&s=%s&na=&nb=1cg805dlm7d7e5eickf67rzxrn12mju6bnch3a99hrt88v7n8rhf0lovwr8d0zm1&verified=&_=1554361369059' % domain).text
match = re.search(r'uses<\\/div>[^>]+>(.*?)<\\/a>', response)
if match:
return match.group(1)
else:
return None
3
View Complete Implementation : arjun.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def checky(param, paraNames, url, headers, GET, delay, timeout):
if param not in paraNames:
logger.debug('Checking param: {}'.format(param))
response = requester(url, {param: xsschecker},
headers, GET, delay, timeout).text
if '\'%s\'' % xsschecker in response or '"%s"' % xsschecker in response or ' %s ' % xsschecker in response:
paraNames[param] = ''
logger.good('Valid parameter found: %s%s', green, param)
3
View Complete Implementation : retireJs.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def retireJs(url, response):
scripts = js_extractor(response)
for script in scripts:
if script not in getVar('checkedScripts'):
updateVar('checkedScripts', script, 'add')
uri = handle_anchor(url, script)
response = requester(uri, '', getVar('headers'), True, getVar('delay'), getVar('timeout')).text
result = main_scanner(uri, response)
if result:
logger.red_line()
logger.good('Vulnerable component: ' + result['component'] + ' v' + result['version'])
logger.info('Component location: %s' % uri)
details = result['vulnerabilities']
logger.info('Total vulnerabilities: %i' % len(details))
for detail in details:
logger.info('%sSummary:%s %s' % (green, end, detail['identifiers']['summary']))
logger.info('Severity: %s' % detail['severity'])
logger.info('CVE: %s' % detail['identifiers']['CVE'][0])
logger.red_line()
0
View Complete Implementation : photon.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def photon(seedUrl, headers, depth, threadCount):
forms = [] # web forms
processed = set() # urls that have been crawled
storage = set() # urls that belong to the target i.e. in-scope
scheme = urlparse(seedUrl).scheme
host = urlparse(seedUrl).netloc
main_url = scheme + '://' + host
storage.add(seedUrl)
def rec(url):
processed.add(url)
urlPrint = (url + (' ' * 60))[:60]
print ('%s Parsing %-40s' % (run, urlPrint), end='\r')
url = getUrl(url, '', True)
params = getParams(url, '', True)
if '=' in url:
inps = []
for name, value in params.items():
inps.append({'name': name, 'value': value})
forms.append(
{url: {0: {'action': url, 'method': 'get', 'inputs': inps}}})
response = requester(url, params, headers, True, 0).text
forms.append({url: zetanize(url, response)})
matches = findall(
r'<[aA][^>]*?(href|HREF)=["\']{0,1}(.*?)["\']', response)
for link in matches: # iterate over the matches
# remove everything after a "#" to deal with in-page anchors
link = link[1].split('#')[0].lstrip(' ')
if link[:4] == 'http':
if link.startswith(main_url):
storage.add(link)
elif link[:2] == '//':
if link.split('/')[2].startswith(host):
storage.add(scheme + '://' + link)
elif link[:1] == '/':
storage.add(remove_file(url) + link)
else:
usable_url = remove_file(url)
if usable_url.endswith('/'):
storage.add(usable_url + link)
elif link.startswith('/'):
storage.add(usable_url + link)
else:
storage.add(usable_url + '/' + link)
for x in range(depth):
urls = storage - processed
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=10)
futures = (threadpool.submit(rec, url) for url in urls)
for i in concurrent.futures.as_completed(futures):
past
return [forms, len(processed)]
0
View Complete Implementation : vulners.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def vulners(software, version, cpe=False):
if software and version:
past
else:
return False
cached = query_cache(software, version, cpe)
if cached:
if cached == 'vulnerable':
return True
else:
return False
kind = 'software'
if cpe:
kind = 'cpe'
data = '{"software": "%s", "version": "%s", "type" : "%s", "maxVulnerabilities" : %i}' % (software, version, kind, 1)
response = requester('https://vulners.com/api/v3/burp/software/', get=False, data=data).text
cache(software, version, response, cpe)
if 'Nothing found for Burpsuite search request' in response:
return False
return True
0
View Complete Implementation : findsubdomains.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def findsubdomains(host):
response = requester('https://findsubdomains.com/subdomains-of/' +
host).text
matches = re.finditer(r'(?s)<div clast="domains js-domain-name">(.*?)</div>', response)
return [match.group(1).lstrip('\n').rstrip(' ').lstrip(' ') for match in matches]
0
View Complete Implementation : security_trails.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def security_trails(domain):
response = requester('https://securitytrails.com/list/apex_domain/' + domain).text
prefixes = json.loads(re.search(r'(?m)"subdomains":(\[.*?\])', response).group(1))
return [prefix + '.' + domain for prefix in prefixes]
0
View Complete Implementation : arjun.py
Copyright GNU General Public License v3.0
Author : s0md3v
Copyright GNU General Public License v3.0
Author : s0md3v
def arjun(url, GET, headers, delay, timeout):
paraNames = {}
response = requester(url, {}, headers, GET, delay, timeout).text
matches = re.findall(
r'<input.*?name=\'(.*?)\'.*?>|<input.*?name="(.*?)".*?>', response)
for match in matches:
try:
foundParam = match[1]
except UnicodeDecodeError:
continue
logger.good('Heuristics found a potentially valid parameter: %s%s%s. Priortizing it.' % (
green, foundParam, end))
if foundParam not in blindParams:
blindParams.insert(0, foundParam)
threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
futures = (threadpool.submit(checky, param, paraNames, url,
headers, GET, delay, timeout) for param in blindParams)
for i, _ in enumerate(concurrent.futures.as_completed(futures)):
if i + 1 == len(blindParams) or (i + 1) % threadCount == 0:
logger.info('Progress: %i/%i\r' % (i + 1, len(blindParams)))
return paraNames