core.requester.requester.text - python examples

Here are the examples of the python api core.requester.requester.text taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

12 Examples 7

3 View Complete Implementation : bolt.py
Copyright GNU General Public License v3.0
Author : s0md3v
def extractForms(url):
    response = requester(url, {}, headers, True, 0).text
    forms = zetanize(url, response)
    for each in forms.values():
        localTokens = set()
        inputs = each['inputs']
        for inp in inputs:
            value = inp['value']
            if value and match(r'^[\w\-_]+$', value):
                if strength(value) > 10:
                    simTokens.append(value)

3 View Complete Implementation : retirejs.py
Copyright GNU General Public License v3.0
Author : s0md3v
def retirejs(url, response, checkedScripts):
    final_result = []
    scripts = script_extractor(response)
    for script in scripts:
        if script not in checkedScripts:
            checkedScripts.add(script)
            uri = handle_anchor(url, script)
            response = requester(uri).text
            result = main_scanner(uri, response)
            if result:
                final_result.append(result)
    return final_result

3 View Complete Implementation : whatcms.py
Copyright GNU General Public License v3.0
Author : s0md3v
def whatcms(domain):
    response = requester('https://whatcms.org/?gpreq=json&jsoncallback=jQuery1124008091494457806547_1554361369057&s=%s&na=&nb=1cg805dlm7d7e5eickf67rzxrn12mju6bnch3a99hrt88v7n8rhf0lovwr8d0zm1&verified=&_=1554361369059' % domain).text
    match = re.search(r'uses<\\/div>[^>]+>(.*?)<\\/a>', response)
    if match:
    	return match.group(1)
    else:
    	return None

3 View Complete Implementation : arjun.py
Copyright GNU General Public License v3.0
Author : s0md3v
def checky(param, paraNames, url, headers, GET, delay, timeout):
    if param not in paraNames:
        logger.debug('Checking param: {}'.format(param))
        response = requester(url, {param: xsschecker},
                             headers, GET, delay, timeout).text
        if '\'%s\'' % xsschecker in response or '"%s"' % xsschecker in response or ' %s ' % xsschecker in response:
            paraNames[param] = ''
            logger.good('Valid parameter found: %s%s', green, param)

3 View Complete Implementation : retireJs.py
Copyright GNU General Public License v3.0
Author : s0md3v
def retireJs(url, response):
    scripts = js_extractor(response)
    for script in scripts:
        if script not in getVar('checkedScripts'):
            updateVar('checkedScripts', script, 'add')
            uri = handle_anchor(url, script)
            response = requester(uri, '', getVar('headers'), True, getVar('delay'), getVar('timeout')).text
            result = main_scanner(uri, response)
            if result:
                logger.red_line()
                logger.good('Vulnerable component: ' + result['component'] + ' v' + result['version'])
                logger.info('Component location: %s' % uri)
                details = result['vulnerabilities']
                logger.info('Total vulnerabilities: %i' % len(details))
                for detail in details:
                    logger.info('%sSummary:%s %s' % (green, end, detail['identifiers']['summary']))
                    logger.info('Severity: %s' % detail['severity'])
                    logger.info('CVE: %s' % detail['identifiers']['CVE'][0])
                logger.red_line()

0 View Complete Implementation : photon.py
Copyright GNU General Public License v3.0
Author : s0md3v
def photon(seedUrl, headers, depth, threadCount):
    forms = []  # web forms
    processed = set()  # urls that have been crawled
    storage = set()  # urls that belong to the target i.e. in-scope
    scheme = urlparse(seedUrl).scheme
    host = urlparse(seedUrl).netloc
    main_url = scheme + '://' + host
    storage.add(seedUrl)

    def rec(url):
        processed.add(url)
        urlPrint = (url + (' ' * 60))[:60]
        print ('%s Parsing %-40s' % (run, urlPrint), end='\r')
        url = getUrl(url, '', True)
        params = getParams(url, '', True)
        if '=' in url:
            inps = []
            for name, value in params.items():
                inps.append({'name': name, 'value': value})
            forms.append(
                {url: {0: {'action': url, 'method': 'get', 'inputs': inps}}})
        response = requester(url, params, headers, True, 0).text
        forms.append({url: zetanize(url, response)})
        matches = findall(
            r'<[aA][^>]*?(href|HREF)=["\']{0,1}(.*?)["\']', response)
        for link in matches:  # iterate over the matches
            # remove everything after a "#" to deal with in-page anchors
            link = link[1].split('#')[0].lstrip(' ')
            if link[:4] == 'http':
                if link.startswith(main_url):
                    storage.add(link)
            elif link[:2] == '//':
                if link.split('/')[2].startswith(host):
                    storage.add(scheme + '://' + link)
            elif link[:1] == '/':
                storage.add(remove_file(url) + link)
            else:
                usable_url = remove_file(url)
                if usable_url.endswith('/'):
                    storage.add(usable_url + link)
                elif link.startswith('/'):
                    storage.add(usable_url + link)
                else:
                    storage.add(usable_url + '/' + link)
    for x in range(depth):
        urls = storage - processed
        threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=10)
        futures = (threadpool.submit(rec, url) for url in urls)
        for i in concurrent.futures.as_completed(futures):
            past
    return [forms, len(processed)]

0 View Complete Implementation : vulners.py
Copyright GNU General Public License v3.0
Author : s0md3v
def vulners(software, version, cpe=False):
    if software and version:
        past
    else:
        return False
    cached = query_cache(software, version, cpe)
    if cached:
        if cached == 'vulnerable':
            return True
        else:
            return False
    kind = 'software'
    if cpe:
        kind = 'cpe'
    data = '{"software": "%s", "version": "%s", "type" : "%s", "maxVulnerabilities" : %i}' % (software, version, kind, 1)
    response = requester('https://vulners.com/api/v3/burp/software/', get=False, data=data).text
    cache(software, version, response, cpe)
    if 'Nothing found for Burpsuite search request' in response:
        return False
    return True

0 View Complete Implementation : findsubdomains.py
Copyright GNU General Public License v3.0
Author : s0md3v
def findsubdomains(host):
    response = requester('https://findsubdomains.com/subdomains-of/' +
                   host).text
    matches = re.finditer(r'(?s)<div clast="domains js-domain-name">(.*?)</div>', response)
    return [match.group(1).lstrip('\n').rstrip(' ').lstrip(' ') for match in matches]

0 View Complete Implementation : security_trails.py
Copyright GNU General Public License v3.0
Author : s0md3v
def security_trails(domain):
	response = requester('https://securitytrails.com/list/apex_domain/' + domain).text
	prefixes = json.loads(re.search(r'(?m)"subdomains":(\[.*?\])', response).group(1))
	return [prefix + '.' + domain for prefix in prefixes]

0 View Complete Implementation : arjun.py
Copyright GNU General Public License v3.0
Author : s0md3v
def arjun(url, GET, headers, delay, timeout):
    paraNames = {}
    response = requester(url, {}, headers, GET, delay, timeout).text
    matches = re.findall(
        r'<input.*?name=\'(.*?)\'.*?>|<input.*?name="(.*?)".*?>', response)
    for match in matches:
        try:
            foundParam = match[1]
        except UnicodeDecodeError:
            continue
        logger.good('Heuristics found a potentially valid parameter: %s%s%s. Priortizing it.' % (
            green, foundParam, end))
        if foundParam not in blindParams:
            blindParams.insert(0, foundParam)
    threadpool = concurrent.futures.ThreadPoolExecutor(max_workers=threadCount)
    futures = (threadpool.submit(checky, param, paraNames, url,
                                 headers, GET, delay, timeout) for param in blindParams)
    for i, _ in enumerate(concurrent.futures.as_completed(futures)):
        if i + 1 == len(blindParams) or (i + 1) % threadCount == 0:
            logger.info('Progress: %i/%i\r' % (i + 1, len(blindParams)))
    return paraNames