@@ -533,183 +533,6 @@ def issues_presentation(self):
533533 # call reporter
534534 result .show_issues ()
535535
536- def start (self ):
537-
538- _scope_ = {}
539- target_list = []
540- port_list = []
541- invalid_targets = []
542- port_step = ''
543-
544- dmt_handler = argparse .Namespace (
545- ignore_state = False , # ignore state - disable IP and port state verification
546- single_target = False , # single target scope
547- scope = False , # file with a list of targets
548- range = False , # ip range, 192.168.12.0-20
549- cidr = False , # cidr range: 192.168.32.0/26
550- port = False , # single port verification
551- single_port = None , # single port verification
552- portr = False , # port range: 8000-8010
553- portl = False , # port list: 8999, 5001, 9000, 7120
554- debug = False # debug mode
555- )
556-
557- options = self .parse_args ()
558- dmt_handler .args = options .parse_known_args (
559- namespace = dmt_handler )[1 ]
560-
561- if not self .vmnf_handler ['scope' ]:
562- print (VimanaSharedArgs ().shared_help .__doc__ )
563- sys .exit (1 )
564-
565- # here we just need to get a list of valid scope
566- targets_ports_set = get_tool_scope (** self .vmnf_handler )
567- self .tps = targets_ports_set
568-
569- ports = []
570- for p in targets_ports_set :
571- ports .append (p .split (':' )[1 ].strip ())
572-
573- self .last_step = False
574- self .debug = dmt_handler .debug
575- self .exp_mode = False
576- start = True
577- last_step = False
578- server_flag_found = False
579- request_fail = 0
580-
581- for entry in targets_ports_set :
582- ''' have to change this to auto choose the right scheme'''
583- self .target = 'http://' + entry
584- port = entry .split (':' )[1 ].strip ()
585-
586- dmt_start = datetime .now ().strftime ('%Y-%m-%d %H:%M:%S' )
587- c_target = colored (self .target ,'green' )
588- cprint ("[{0}] Starting DMT against {1}..." .format (datetime .now (),c_target ), 'cyan' )
589- sleep (1 )
590-
591- xvals = ['_' ,'.' ,'' ,'^' ,'~' ,'-' ]
592- fakefile = "/{}{}" .format (
593- random .choice (xvals ),
594- self .random_value (random .choice (range (1 ,6 )))
595- )
596- base_r = self .target
597- payload_ = base_r + fakefile
598-
599- self .vmnf_handler ['target_url' ] = payload_
600- response = createSession (** self .vmnf_handler )
601-
602- if response is None :
603- # because with target --port will be just one port, doesnt need such control like request_fail
604-
605- if not self .vmnf_handler ['single_port' ]:
606- # control request fails to improve consistence of module
607- request_fail += 1
608- if request_fail > 3 :
609- request_fail = 0
610- print ("\n Hi, sadhu! Too many fails in this process, try to discovery host before!" )
611-
612- cprint ('''[{}] DMT did not receive a valid response from the target, nothing to do.
613- ''' .format (datetime .now ()), 'red' , attrs = [])
614-
615- # to continue testing other ports
616- if (len (targets_ports_set ) > 1 ):
617- continue
618- else :
619- break
620-
621- current_response = self .get_unescape_html (response .text )
622- response_status = response .status_code
623- found_exception_flag = True if 'Exception Type' \
624- in current_response else False
625-
626- if start or not server_flag_found :
627- '''just to check if there is any known django/python keyword in response headers'''
628-
629- start = False
630- # just a test to blackbox fingerprint...
631- flags = [
632- 'Python' ,'WSGIServer' , 'CPython' ,
633- 'Django' , 'CherryPy' , 'gunicorn' ,
634- 'Flask' ,'web2py' , 'mod_wsgi' , 'APACHE'
635- ]
636-
637- for header in response .headers :
638- for flag in flags :
639- flag = flag .lower ()
640- try :
641- value = (response .headers [header ])
642- except KeyError :
643- continue
644-
645- if flag in header .lower () or flag in value .lower ():
646- server_flag_found = True
647- header = str (' → ' + header + ": " )
648- print ("\n " )
649- self .print_it (header , value )
650-
651- self .expanded_response = current_response
652- self .dmt_start_request = current_response
653- self .dmt_start_base_r = base_r
654- self .dmt_start_port = port
655- self .dmt_start_last_step = last_step
656-
657- if response_status == 400 :
658- if found_exception_flag :
659- self .handle_discovery_xt ()
660- else :
661- print ('''\n [dmt: {}]: The target does not appear to be vulnerable.
662- \r Make sure that the analysis settings are correct:\n ''' .format (
663- datetime .now ()
664- )
665- )
666- for set_k , set_v in (self .vmnf_handler .items ()):
667- if set_k != 'scope' and set_v :
668- print ('{}{}:\t {}' .format (
669- (' ' * int (5 - len (set_k ) + 10 )),set_k ,
670- colored (set_v , 'blue' )
671- )
672- )
673- sys .exit (1 )
674-
675- if response_status == 404 :
676- # Check if last step
677- if (targets_ports_set .index (entry ) + 1 ) == (len (targets_ports_set )):
678- last_step = True
679-
680- if self .debug_is_true ():
681- '''status is 404 and DEBUG is True so run another tests'''
682-
683- # Basic DMT actions
684- self .get_url_patterns ()
685- self .expand_UP ()
686- self .check_api_auth_points ()
687- self .check_django_adm ()
688-
689- # extending DMT: Call DJunch fuzzer and create instances of object result
690- # this result, a list of dictionaries (2) will be used to resultParser
691- self .fuzz_result = Djunch (
692- base_r , self .expanded_patterns ,
693- ** self .vmnf_handler ).start ()
694-
695- response = (future .result ())
696- self .expanded_response = self .get_unescape_html (response .text )
697- response_status = response .status_code
698-
699- # print("\nThreaded time:", time.time() - threaded_start)
700- if self .expanded_response :
701- if response_status == 404 :
702- self .get_url_patterns ()
703- if self .vmnf_handler ['debug' ]:
704- self .djmimic ()
705- elif response_status == 500 :
706- self .dxt_parser (self .expanded_response , False , True )
707-
708- print ()
709- print (self .xlp_tbl_x )
710-
711- return self .expanded_patterns
712-
713536 def parse_args (self ):
714537 ''' ~ siddhi needs only shared arguments from VimanaSharedArgs() ~'''
715538 parser = argparse .ArgumentParser (
0 commit comments