class Fuzz_web_dir

var = Fuzz_web_dir::new var.url = “example.com” * var.hide_* type object var.hide_/code/line/char var show_/code/line/char var.dict = custom_dict.txt var.timeout = 5 var.max_thread = 24 var.ext = ['php','txt']

Attributes

check[RW]
decoy[RW]
dict[RW]
ext[RW]
follow[RW]
header[RW]
hide_char[RW]
hide_code[RW]
hide_line[RW]
last_decoy[RW]
max_thread[RW]
out[RW]
pfile[RW]
proxy[RW]
show_char[RW]
show_code[RW]
show_line[RW]
timeout[RW]
url[RW]
use_ext[RW]
wait[RW]

Public Class Methods

new() click to toggle source
# File lib/m4dh4v45b1n/fuzz-web-dir.rb, line 36
def initialize()
  @dict = FUZZ_WEB_DIR_DICT
  @hide_code = FUZZ_WEB_DIR_HIDE_CODE
  @hide_char = []
  @hide_line = []
  @show_code = []
  @show_char = []
  @show_line = []
  @timeout = FUZZ_WEB_DIR_TIMEOUT
  @max_thread = FUZZ_WEB_DIR_MAX_THREAD
  @header = FUZZ_WEB_DIR_HEADER
  @ext = FUZZ_WEB_DIR_EXT
  @wait = FUZZ_WEB_DIR_WAIT
  @decoy = false
  @check = true
  @follow = false
  @use_ext = true
  @last_decoy = ''
  @pfile = FUZZ_WEB_DIR_PROXY_FILE
end

Public Instance Methods

check_it() click to toggle source
# File lib/m4dh4v45b1n/fuzz-web-dir.rb, line 179
def check_it
  if @url[-1] != '/'
    @url += '/'
  end
  if @use_ext
    @ext = @ext.map {|i| '.'+i }
    @ext.append("")
  else
    @ext = [""]
  end
  @header = JSON::parse(@header)
  if @decoy
    @proxy = Pr0xy.new.get_proxies(@pfile,  @check)
    #@proxy = [["http","127.0.0.1",8080],["http","127.0.0.2", 8081]]
  end
  print_status_all
  if !@out.nil?
    @out = File.open(@out, "w")
  end
end
fuzz() click to toggle source
# File lib/m4dh4v45b1n/fuzz-web-dir.rb, line 199
def fuzz
  check_it
  count = 0
  # read dict file
  File::open(@dict, "r") do |line|
    while true
      string_line = line.readline
      @ext.map do |ext|
        Thread::new do
          begin
            Timeout::timeout(@timeout) do
              if string_line[0] != "#"
                count+= 1
                show_result(@url+URI::encode_www_form_component(string_line.chomp+ext))
              end
            end
          rescue (Timeout::Error) => e
          rescue (EOFError) => e
            break
          end
        end
        while Thread::list.length > @max_thread;end
        sleep(0.01 + @wait)
      end
      if string_line.length > 20
        string_line = string_line[0,18] + "…"
      end
      print "\r#{' '*55}\r> #{string_line.chomp}\r"
    end
  end
end
print_status(key, val) click to toggle source
print_status_all() click to toggle source
show_result(url_, try_ = 5) click to toggle source
# File lib/m4dh4v45b1n/fuzz-web-dir.rb, line 56
def show_result(url_, try_ = 5)
  begin
    @header['User-Agent'] = rand_user_agent
    protocol = URI(url_).scheme
    if @decoy
      proxy_ = @last_decoy
      loop do
        proxy_ = @proxy.shuffle[0]
        if proxy_[0] != @last_decoy
          @last_decoy = proxy_[0]+":"+proxy_[1]
          break
        end
      end
      proxy = Net::HTTP::Proxy(proxy_[0],proxy_[1].to_i)
      uri = URI url_
      uri.query = @header.to_s
      req = Net::HTTP::Get::new(uri.path)
      @header.keys.map do |k|
        req[k] = @header[k]
      end
      if uri.scheme == 'https'
        res_ = proxy.start(uri.host,uri.port,:use_ssl=>true,:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http|     
          http.request(req)
        end
      else
        res_ = proxy.start(uri.host,uri.port) do |http|
          http.request(req)
        end
      end
    else
      res_ = Net::HTTP::get_response(URI(url_), @header)
    end
    line_ = res_.body.split("\n").length
    char_ = res_.body.length
    code_ = res_.code
    put_it = true
    if (@hide_code.include? code_);put_it = false;end
    if (@hide_char.include? char_);put_it = false;end
    if (@hide_line.include? line_);put_it = false;end
    if (@show_code.include? code_);put_it = true;end
    if (@show_char.include? char_);put_it = true;end
    if (@show_line.include? line_);put_it = true;end
    if put_it
      finally_ = "\r\e[32m#{url_}\e[0m  lines:\e[33m#{line_}\e[0m chrs:\e[35m#{char_}\e[0m status:\e[36m#{code_}\e[0m"
      if !res_.header['Location'].nil?
        finally_ += " \e[33;1m>\e[0m #{res_.header['Location']}"
      end
      puts finally_

      if !@out.nil?
        @out.write(url_ + "\n")
      end
    end
    if (@follow and !res_.header["Location"].nil?)
      tmp = res_.header["Location"]
      if URI.extract(tmp).length == 0
        tmp = url_.sub(URI(url_).path, tmp)
      end
      show_result(tmp, try_)
    end
  rescue (Errno::ECONNREFUSED) => e
    print "\r#{' '*50}\r> retrying#{'.'* try_}\r"
    if (try_ != 0)
      show_result(url_, try_ -1)
    end
  rescue (Errno::ECONNRESET) => e
    print "\r#{' '*50}\r> retrying#{'.'* try_}\r"
    if (try_ != 0)
      show_result(url_, try_ -1)
    end
  rescue (Net::HTTPRetriableError) => e
  rescue (Net::HTTPFatalError) => e
    print "\r#{' '*50}\r> retrying#{'.'* try_}\r"
    if (try_ != 0)
      show_result(url_, try_ -1)
    end
  rescue (OpenSSL::SSL::SSLError) => e
    print "#{' '*50}\r> Openssl error. use http\r"
  rescue (SocketError) => e
    print "#{' '*50}\r> Socket error. Invalide url.\r"
  rescue (Net::HTTPServerException) => e
    print "\r#{' '*50}\r> retrying#{'.'* try_}\r"
    if (try_ != 0)
      show_result(url_, try_ -1)
    end
  rescue (LocalJumpError) => e
  rescue (EOFError) => e
  rescue Interrupt => e
    Thread::list::map do |t|
      Thread::kill t
    end
  rescue => e
    print "\r#{e}\r"
    #print "\rInvalideURL: #{@url}   "
  end
end