fix: urllib request error resolutions

This commit is contained in:
ajmeese7 2023-02-11 17:11:10 -05:00
parent daf7760517
commit 4190188a2d
No known key found for this signature in database
GPG key ID: 8CA7BE49705F7776
8 changed files with 90 additions and 89 deletions

View file

@ -163,7 +163,7 @@ def perform_port_scan(url, scanner=NmapHook, **kwargs):
"nmap was not found on your system", level=50
))
lib.core.common.run_fix(
"would you like to automatically install it",
"Would you like to automatically install it?",
"sudo sh {}".format(lib.core.settings.NMAP_INSTALLER_TOOL),
"nmap is not installed, please install it in order to continue"
)
)

View file

@ -2,7 +2,7 @@ import json
import re
import subprocess
import shlex
import urllib as urllib2
import urllib.request as urllib2
import requests
import lib.core.common
@ -34,14 +34,14 @@ class SqlmapHook(object):
def init_new_scan(self):
"""
create a new API scan
Create a new API scan
"""
new_scan_url = "{}{}".format(self.connection, self.commands["init"])
return requests.get(new_scan_url, params=self.headers)
def get_scan_id(self, split_by=16):
"""
get the ID of the current API scan
Get the ID of the current API scan
"""
current_scan_id = None
id_re = re.compile(r"[a-fA-F0-9]{16}")
@ -67,7 +67,7 @@ class SqlmapHook(object):
def start_scan(self, api_id, opts=None):
"""
start the API scan
Start the API scan
"""
start_scan_url = "{}{}".format(self.connection, self.commands["start"].format(api_id))
data_dict = {"url": self.to_scan}
@ -91,12 +91,12 @@ class SqlmapHook(object):
# }
data_dict[opts[i][0]] = opts[i][1]
post_data = json.dumps(data_dict)
req = urllib2.Request(start_scan_url, data=post_data, headers=self.headers)
req = urllib2.Request(start_scan_url, data=str.encode(post_data), headers=self.headers)
return urllib2.urlopen(req)
def show_sqlmap_log(self, api_id):
"""
show the sqlmap log during the API scan
Show the sqlmap log during the API scan
"""
running_status_url = "{}{}".format(self.connection, self.commands["status"].format(api_id))
running_log_url = "{}{}".format(self.connection, self.commands["log"].format(api_id))
@ -135,7 +135,7 @@ class SqlmapHook(object):
def find_sqlmap(to_find="sqlmap"):
"""
find sqlmap on the users system
Find sqlmap on the users system
"""
found_path = lib.core.settings.find_application(to_find)
return found_path
@ -143,7 +143,7 @@ def find_sqlmap(to_find="sqlmap"):
def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
"""
the main function that will be called and initialize everything
The main function that will be called and initialize everything
"""
is_started = lib.core.settings.search_for_process("sqlmapapi.py")
@ -151,7 +151,7 @@ def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
if auto_start:
lib.core.settings.logger.info(lib.core.settings.set_color(
"attempting to launch sqlmap API"
"Attempting to launch sqlmap API"
))
sqlmap_api_command = shlex.split("sudo sh {} p {}".format(
lib.core.settings.LAUNCH_SQLMAP_API_TOOL, "".join(found_path)
@ -163,10 +163,10 @@ def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
))
else:
lib.core.settings.logger.error(lib.core.settings.set_color(
"there was a problem starting sqlmap API", level=40
"There was a problem starting sqlmap API", level=40
))
lib.core.common.prompt(
"manually start the API and press enter when ready"
"Manually start the API and press enter when ready"
)
else:
if not is_started:
@ -176,39 +176,39 @@ def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
try:
sqlmap_scan = SqlmapHook(url, port=port)
lib.core.settings.logger.info(lib.core.settings.set_color(
"initializing new sqlmap scan with given URL '{}'".format(url)
"Initializing new sqlmap scan with given URL '{}'".format(url)
))
sqlmap_scan.init_new_scan()
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"scan initialized", level=10
"Scan initialized", level=10
))
lib.core.settings.logger.info(lib.core.settings.set_color(
"gathering sqlmap API scan ID"
"Fathering sqlmap API scan ID"
))
api_id = sqlmap_scan.get_scan_id()
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"current sqlmap scan ID: '{}'".format(api_id), level=10
"Current sqlmap scan ID: '{}'".format(api_id), level=10
))
lib.core.settings.logger.info(lib.core.settings.set_color(
"starting sqlmap scan on url: '{}'".format(url), level=25
"Starting sqlmap scan on url: '{}'".format(url), level=25
))
if opts:
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"using arguments: '{}'".format(opts), level=10
"Using arguments: '{}'".format(opts), level=10
))
lib.core.settings.logger.info(lib.core.settings.set_color(
"adding arguments to sqlmap API"
"Adding arguments to sqlmap API"
))
else:
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"no arguments passed, skipping", level=10
"No arguments passed, skipping", level=10
))
lib.core.settings.logger.warning(lib.core.settings.set_color(
"please keep in mind that this is the API, output will "
"Please keep in mind that this is the API, output will "
"not be saved to log file, it may take a little longer "
"to finish processing, launching sqlmap", level=30
))
@ -218,7 +218,7 @@ def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
print("-" * 30)
except requests.exceptions.HTTPError as e:
lib.core.settings.logger.exception(lib.core.settings.set_color(
"ran into error '{}', seems you didn't start the server, check "
"Ran into error '{}', seems you didn't start the server, check "
"the server port and try again".format(e), level=50
))
pass
@ -236,7 +236,7 @@ def sqlmap_scan_main(url, port=None, verbose=None, opts=None, auto_start=False):
pass
else:
lib.core.settings.logger.exception(lib.core.settings.set_color(
"ran into error '{}', seems something went wrong, error has "
"Ran into error '{}', seems something went wrong, error has "
"been saved to current log file.".format(e), level=50
))
request_issue_creation()

View file

@ -243,7 +243,7 @@ def main_xss(start_url, proxy=None, agent=None, **kwargs):
lib.core.settings.logger.error(lib.core.settings.set_color(
"host '{}' does not appear to be vulnerable to XSS attacks".format(start_url), level=40
))
question_msg = "would you like to keep the created URLs saved for further testing"
question_msg = "Would you like to keep the created URLs saved for further testing"
if not batch:
save = lib.core.common.prompt(
question_msg, opts="yN"

View file

@ -516,10 +516,12 @@ def find_application(application, opt="path"):
with open(TOOL_PATHS) as config:
read_conf = config.read()
conf_parser = ConfigParser.RawConfigParser(allow_no_value=True)
conf_parser.readfp(io.BytesIO(read_conf))
conf_parser.read(read_conf)
for section in conf_parser.sections():
if str(section).lower() == str(application).lower():
retval.append(conf_parser.get(section, opt))
return retval
@ -533,7 +535,7 @@ def get_random_dork(filename="{}/etc/text_files/dorks.txt"):
def update_zeus():
"""
Update zeus to the newest version
Update Zeus to the newest version
"""
can_update = True if ".git" in os.listdir(os.getcwd()) else False
if can_update:
@ -946,7 +948,7 @@ def run_attacks(url, **kwargs):
threads = kwargs.get("threads", None)
force_ssl = kwargs.get("ssl", False)
if threads > MAX_THREADS:
if threads and threads > MAX_THREADS:
threads = check_thread_num(threads, batch=batch)
__enabled_attacks = {
@ -972,7 +974,7 @@ def run_attacks(url, **kwargs):
))
lib.core.common.shutdown()
question_msg = "would you like to process found URL: '{}'".format(url)
question_msg = "Would you like to process found URL: '{}'".format(url)
if not batch:
question = lib.core.common.prompt(
question_msg, opts="yN"

View file

@ -40,10 +40,10 @@ from lib.core.settings import (
def get_charset(html, headers, **kwargs):
"""
detect the target URL charset
Detect the target URL charset
"""
charset_regex = re.compile(r'charset=[\"]?([a-zA-Z0-9_-]+)', re.I)
charset = charset_regex.search(html)
charset = charset_regex.search(str(html))
if charset is not None:
return charset.group(1)
else:
@ -62,7 +62,7 @@ def detect_protection(url, status, html, headers, **kwargs):
for regex in DBMS_ERRORS[dbms]:
if re.compile(regex).search(html) is not None:
logger.warning(set_color(
"it appears that the WAF/IDS/IPS check threw a DBMS error and may be vulnerable "
"It appears that the WAF/IDS/IPS check threw a DBMS error and may be vulnerable "
"to SQL injection attacks. it appears the backend DBMS is '{}', site will be "
"saved for further processing".format(dbms), level=30
))
@ -75,7 +75,7 @@ def detect_protection(url, status, html, headers, **kwargs):
item = item[:-3]
if verbose:
logger.debug(set_color(
"loading script '{}'".format(item), level=10
"Loading script '{}'".format(item), level=10
))
detection_name = "lib.firewall.{}"
detection_name = detection_name.format(item)
@ -88,7 +88,7 @@ def detect_protection(url, status, html, headers, **kwargs):
del retval[retval.index("Generic (Unknown)")]
except (Exception, IndexError):
logger.warning(set_color(
"multiple firewalls identified ({}), displaying most likely".format(
"Multiple firewalls identified ({}), displaying most likely".format(
", ".join([item.split("(")[0] for item in retval])
), level=30
))
@ -97,7 +97,7 @@ def detect_protection(url, status, html, headers, **kwargs):
del retval[retval.index(retval[1])]
if retval[0] == "Generic (Unknown)":
logger.warning(set_color(
"discovered firewall is unknown to Zeus, saving fingerprint to file. "
"Discovered firewall is unknown to Zeus, saving fingerprint to file. "
"if you know the details or the context of the firewall please create "
"an issue ({}) with the fingerprint, or a pull request with the script".format(
ISSUE_LINK
@ -114,7 +114,7 @@ def detect_protection(url, status, html, headers, **kwargs):
except Exception as e:
if any(err in str(e) for err in ["Read timed out.", "Connection reset by peer"]):
logger.warning(set_color(
"detection request failed, assuming no protection and continuing", level=30
"Detection request failed, assuming no protection and continuing", level=30
))
return None
else:
@ -136,7 +136,7 @@ def detect_plugins(html, headers, **kwargs):
plugin = plugin[:-3]
if verbose:
logger.debug(set_color(
"loading script '{}'".format(plugin), level=10
"Loading script '{}'".format(plugin), level=10
))
plugin_detection = "lib.plugins.{}"
plugin_detection = plugin_detection.format(plugin)
@ -150,19 +150,19 @@ def detect_plugins(html, headers, **kwargs):
logger.exception(str(e))
if "Read timed out." or "Connection reset by peer" in str(e):
logger.warning(set_color(
"plugin request failed, assuming no plugins and continuing", level=30
"Plugin request failed, assuming no plugins and continuing", level=30
))
return None
else:
logger.exception(set_color(
"plugin detection has failed with error {}".format(str(e))
"Plugin detection has failed with error {}".format(str(e))
))
request_issue_creation()
def load_xml_data(path, start_node="header", search_node="name"):
"""
load the XML data
Load the XML data
"""
retval = []
fetched_xml = minidom.parse(path)
@ -174,13 +174,13 @@ def load_xml_data(path, start_node="header", search_node="name"):
def load_headers(url, req, **kwargs):
"""
load the HTTP headers
Load the HTTP headers
"""
literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
if len(req.cookies) > 0:
logger.info(set_color(
"found a request cookie, saving to file", level=25
"Found a request cookie, saving to file", level=25
))
try:
cookie_start = req.cookies.keys()
@ -226,7 +226,7 @@ def load_headers(url, req, **kwargs):
def compare_headers(found_headers, comparable_headers):
"""
compare the headers against one another
Compare the headers against one another
"""
retval = set()
for header in comparable_headers:
@ -237,7 +237,7 @@ def compare_headers(found_headers, comparable_headers):
def main_header_check(url, **kwargs):
"""
main function
Main function
"""
verbose = kwargs.get("verbose", False)
agent = kwargs.get("agent", None)
@ -265,70 +265,70 @@ def main_header_check(url, **kwargs):
req, status, html, headers = get_page(url, proxy=proxy, agent=agent, xforward=xforward)
logger.info(set_color(
"detecting target charset"
"Detecting target charset"
))
charset = get_charset(html, headers)
if charset is not None:
logger.info(set_color(
"target charset appears to be '{}'".format(charset), level=25
"Target charset appears to be '{}'".format(charset), level=25
))
else:
logger.warning(set_color(
"unable to detect target charset", level=30
"Unable to detect target charset", level=30
))
if identify_waf:
waf_url = "{} {}".format(url.strip(), PROTECTION_CHECK_PAYLOAD)
_, waf_status, waf_html, waf_headers = get_page(waf_url, xforward=xforward, proxy=proxy, agent=agent)
logger.info(set_color(
"checking if target URL is protected by some kind of WAF/IPS/IDS"
"Checking if target URL is protected by some kind of WAF/IPS/IDS"
))
if verbose:
logger.debug(set_color(
"attempting connection to '{}'".format(waf_url), level=10
"Attempting connection to '{}'".format(waf_url), level=10
))
identified_waf = detect_protection(url, waf_status, waf_html, waf_headers, verbose=verbose)
if identified_waf is None:
logger.info(set_color(
"no WAF/IDS/IPS has been identified on target URL", level=25
"No WAF/IDS/IPS has been identified on target URL", level=25
))
else:
logger.warning(set_color(
"the target URL WAF/IDS/IPS has been identified as '{}'".format(identified_waf), level=35
"The target URL WAF/IDS/IPS has been identified as '{}'".format(identified_waf), level=35
))
if identify_plugins:
logger.info(set_color(
"attempting to identify plugins"
"Attempting to identify plugins"
))
identified_plugin = detect_plugins(html, headers, verbose=verbose)
if identified_plugin is not None:
for plugin in identified_plugin:
if show_description:
logger.info(set_color(
"possible plugin identified as '{}' (description: '{}')".format(
"Possible plugin identified as '{}' (description: '{}')".format(
plugin[0], plugin[1]
), level=25
))
else:
logger.info(set_color(
"possible plugin identified as '{}'".format(
"Possible plugin identified as '{}'".format(
plugin[0]
), level=25
))
else:
logger.warning(set_color(
"no known plugins identified on target", level=30
"No known plugins identified on target", level=30
))
if verbose:
logger.debug(set_color(
"loading XML data", level=10
"Loading XML data", level=10
))
comparable_headers = load_xml_data(HEADER_XML_DATA)
logger.info(set_color(
"attempting to get request headers for '{}'".format(url.strip())
"Attempting to get request headers for '{}'".format(url.strip())
))
try:
found_headers = load_headers(url, req)
@ -344,30 +344,30 @@ def main_header_check(url, **kwargs):
if found_headers is not None:
if verbose:
logger.debug(set_color(
"fetched {}".format(found_headers), level=10
"Fetched {}".format(found_headers), level=10
))
headers_established = [str(h) for h in compare_headers(found_headers, comparable_headers)]
for key in definition.iterkeys():
if any(key in h.lower() for h in headers_established):
logger.warning(set_color(
"provided target has {}".format(definition[key][0]), level=30
"Provided target has {}".format(definition[key][0]), level=30
))
for key in found_headers.iterkeys():
protection[key] = found_headers[key]
logger.info(set_color(
"writing found headers to log file", level=25
"Writing found headers to log file", level=25
))
return write_to_log_file(protection, HEADER_RESULT_PATH, HEADERS_FILENAME.format(replace_http(url)))
else:
logger.error(set_color(
"unable to retrieve headers for site '{}'".format(url.strip()), level=40
"Unable to retrieve headers for site '{}'".format(url.strip()), level=40
))
except ConnectionError:
attempts = attempts - 1
if attempts == 0:
return False
logger.warning(set_color(
"target actively refused the connection, sleeping for {}s and retrying the request".format(
"Target actively refused the connection, sleeping for {}s and retrying the request".format(
default_sleep_time
), level=30
))
@ -379,14 +379,14 @@ def main_header_check(url, **kwargs):
)
except ReadTimeout:
logger.error(set_color(
"meta-data retrieval failed due to target URL timing out, skipping", level=40
"Metadata retrieval failed due to target URL timing out, skipping", level=40
))
except KeyboardInterrupt:
if not pause():
shutdown()
except Exception as e:
logger.exception(set_color(
"meta-data retrieval failed with unexpected error '{}'".format(
"Metadata retrieval failed with unexpected error: '{}'".format(
str(e)
), level=50
))
))

View file

@ -9,9 +9,8 @@ import var.auto_issue.github
class Blackwidow(object):
"""
spider to scrape a webpage for all available URL's
Spider to scrape a webpage for all available URL's
"""
def __init__(self, url, user_agent=None, proxy=None, forward=None):
@ -23,7 +22,7 @@ class Blackwidow(object):
@staticmethod
def get_url_ext(url):
"""
get the extension of the URL
Get the extension of the URL
"""
try:
data = url.split(".")
@ -33,7 +32,7 @@ class Blackwidow(object):
def test_connection(self):
"""
make sure the connection is good before you continue
Make sure the connection is good before you continue
"""
try:
# we'll skip SSL verification to avoid any SSLErrors that might
@ -53,14 +52,14 @@ class Blackwidow(object):
else:
info_msg += ""
lib.core.settings.logger.fatal(lib.core.settings.set_color(
"provided website '{}' is refusing connection{}".format(
"Provided website '{}' is refusing connection{}".format(
self.url, info_msg
), level=50
))
lib.core.common.shutdown()
else:
lib.core.settings.logger.exception(lib.core.settings.set_color(
"failed to connect to '{}' received error '{}'".format(
"Failed to connect to '{}' received error '{}'".format(
self.url, e
), level=50
))
@ -69,7 +68,7 @@ class Blackwidow(object):
def scrape_page_for_links(self, given_url, attribute="a", descriptor="href"):
"""
scrape the webpage's HTML for usable GET links
Scrape the webpage's HTML for usable GET links
"""
unique_links = set()
true_url = lib.core.settings.replace_http(given_url)
@ -88,7 +87,7 @@ class Blackwidow(object):
def blackwidow_main(url, **kwargs):
"""
scrape a given URL for all available links
Scrape a given URL for all available links
"""
verbose = kwargs.get("verbose", False)
proxy = kwargs.get("proxy", None)
@ -104,26 +103,26 @@ def blackwidow_main(url, **kwargs):
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"settings user-agent to '{}'".format(agent), level=10
"Settings user-agent to '{}'".format(agent), level=10
))
if proxy is not None:
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"running behind proxy '{}'".format(proxy), level=10
"Running behind proxy '{}'".format(proxy), level=10
))
lib.core.settings.create_dir("{}/{}".format(os.getcwd(), "log/blackwidow-log"))
lib.core.settings.logger.info(lib.core.settings.set_color(
"starting blackwidow on '{}'".format(url)
"Starting blackwidow on '{}'".format(url)
))
crawler = Blackwidow(url, user_agent=agent, proxy=proxy, forward=forward)
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"testing connection to the URL", level=10
"Testing connection to the URL", level=10
))
test_code = crawler.test_connection()
if not test_code[0] == "ok":
error_msg = (
"connection test failed with status code: {}, reason: '{}'. "
"Connection test failed with status code: {}, reason: '{}'. "
"test connection needs to pass, try a different link"
)
for error_code in lib.core.common.STATUS_CODES.keys():
@ -142,15 +141,15 @@ def blackwidow_main(url, **kwargs):
lib.core.common.shutdown()
else:
lib.core.settings.logger.info(lib.core.settings.set_color(
"connection test succeeded, continuing", level=25
"Connection test succeeded, continuing", level=25
))
lib.core.settings.logger.info(lib.core.settings.set_color(
"crawling given URL '{}' for links".format(url)
"Crawling given URL '{}' for links".format(url)
))
found = crawler.scrape_page_for_links(url)
if len(found) > 0:
lib.core.settings.logger.info(lib.core.settings.set_color(
"found a total of {} links from given URL '{}'".format(
"Found a total of {} links from given URL '{}'".format(
len(found), url
), level=25
))
@ -158,5 +157,5 @@ def blackwidow_main(url, **kwargs):
filename=lib.core.settings.BLACKWIDOW_FILENAME)
else:
lib.core.settings.logger.fatal(lib.core.settings.set_color(
"did not find any usable links from '{}'".format(url), level=50
"Did not find any usable links from '{}'".format(url), level=50
))

View file

@ -132,10 +132,10 @@ def get_urls(query, url, verbose=False, **kwargs):
try:
retval = URLParser(retval).extract_ip_ban_url()
question_msg = (
"zeus was able to successfully extract the URL from Google's ban URL "
"it is advised to shutdown zeus and attempt to extract the URL's manually. "
"failing to do so will most likely result in no results being found by zeus. "
"would you like to shutdown"
"Zeus was able to successfully extract the URL from Google's ban URL. "
"It is advised to shutdown zeus and attempt to extract the URL's manually. "
"Failing to do so will most likely result in no results being found by zeus. "
"Would you like to shutdown? >"
)
if not batch:
do_continue = prompt(
@ -280,7 +280,7 @@ def parse_search_results(query, url_to_search, verbose=False, **kwargs):
elif "Program install error!" in str(e):
logger.error(set_color(
"Seems the program is having some trouble installing; would you like "
"to try and automatically fix this issue", level=40
"to try and automatically fix this issue? >", level=40
))
run_fix(
"Would you like to attempt to fix this issue automatically? >",

View file

@ -313,8 +313,8 @@ if __name__ == "__main__":
else:
if URL_QUERY_REGEX.match(opt.spiderWebSite):
question_msg = (
"It is recommended to not use a URL that has a GET(query) parameter in it, "
"would you like to continue"
"It is recommended to not use a URL that has a GET (query) parameter in it, "
"would you like to continue? > "
)
if not opt.runInBatch:
is_sure = prompt(