diff --git a/README.md b/README.md index b8e6299791..2f0cb6fe5a 100755 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- CommixProject + CommixProject

Build Status Python 2.6|2.7|3.x diff --git a/doc/translations/README-gr-GR.md b/doc/translations/README-gr-GR.md index d30a4b5372..216bcfcd3d 100644 --- a/doc/translations/README-gr-GR.md +++ b/doc/translations/README-gr-GR.md @@ -1,5 +1,5 @@

- CommixProject + CommixProject

Build Status Python 2.6|2.7|3.x diff --git a/setup.py b/setup.py index f1a516d497..447f95574a 100644 --- a/setup.py +++ b/setup.py @@ -17,7 +17,7 @@ setup( name='commix', - version='3.2', + version='3.3-dev', description='Automated All-in-One OS Command Injection Exploitation Tool', long_description=open('README.md').read(), long_description_content_type='text/markdown', diff --git a/src/core/injections/blind/techniques/time_based/tb_handler.py b/src/core/injections/blind/techniques/time_based/tb_handler.py index 67f2cdee68..49976f82c7 100755 --- a/src/core/injections/blind/techniques/time_based/tb_handler.py +++ b/src/core/injections/blind/techniques/time_based/tb_handler.py @@ -375,7 +375,7 @@ def tb_injection_handler(url, timesec, filename, http_request_method, url_time_r else: header_name = "" the_type = " parameter" - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: found_vuln_parameter = parameters.vuln_GET_param(url) else : found_vuln_parameter = vuln_parameter diff --git a/src/core/injections/blind/techniques/time_based/tb_injector.py b/src/core/injections/blind/techniques/time_based/tb_injector.py index 15bd4b0693..aea2d2dcd1 100755 --- a/src/core/injections/blind/techniques/time_based/tb_injector.py +++ b/src/core/injections/blind/techniques/time_based/tb_injector.py @@ -46,7 +46,7 @@ def examine_requests(payload, vuln_parameter, http_request_method, url, timesec, start = time.time() # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Encoding non-ASCII characters payload. # payload = _urllib.parse.quote(payload) target = url.replace(settings.INJECT_TAG, payload) @@ -93,7 +93,7 @@ def injection_test(payload, http_request_method, url): start = time.time() # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Encoding non-ASCII characters payload. # payload = _urllib.parse.quote(payload) diff --git a/src/core/injections/blind/techniques/time_based/tb_payloads.py b/src/core/injections/blind/techniques/time_based/tb_payloads.py index 2d936d7d74..53cd134065 100755 --- a/src/core/injections/blind/techniques/time_based/tb_payloads.py +++ b/src/core/injections/blind/techniques/time_based/tb_payloads.py @@ -80,7 +80,7 @@ def decision(separator, TAG, output_length, timesec, http_request_method): "[ " + str(output_length) + " -eq $str1 ]" + separator + "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -152,7 +152,7 @@ def decision_alter_shell(separator, TAG, output_length, timesec, http_request_me "[ " + str(output_length) + " -eq ${str1} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") " ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -234,7 +234,7 @@ def cmd_execution(separator, cmd, output_length, timesec, http_request_method): "[ " + str(output_length) + " -eq $str1 ]" + separator + "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -304,7 +304,7 @@ def cmd_execution_alter_shell(separator, cmd, output_length, timesec, http_reque "[ " + str(output_length) + " -eq ${str1} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") " ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -393,7 +393,7 @@ def get_char(separator, cmd, num_of_chars, ascii_char, timesec, http_request_met "[ " + str(ascii_char) + " -eq ${str} ] " + separator + "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -463,7 +463,7 @@ def get_char_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, http "[ " + str(ascii_char) + " -eq ${str} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")" ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -538,7 +538,7 @@ def fp_result(separator, cmd, num_of_chars, ascii_char, timesec, http_request_me "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -605,7 +605,7 @@ def fp_result_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, htt "[ " + str(ascii_char) + " -eq ${str} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")" ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : diff --git a/src/core/injections/controller/checks.py b/src/core/injections/controller/checks.py index 0e67a87abe..5cb7c97158 100755 --- a/src/core/injections/controller/checks.py +++ b/src/core/injections/controller/checks.py @@ -480,7 +480,7 @@ def unavailable_option(check_option): def time_based_separators(separator, http_request_method): if separator == "||" or separator == "&&" : separator = separator[:1] - if http_request_method == "POST": + if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.quote(separator) return separator @@ -865,7 +865,7 @@ def print_non_listed_params(check_parameters, http_request_method, header_name): warn_msg += " not part of the " warn_msg += http_request_method warn_msg += ('', ' (JSON)')[settings.IS_JSON] + ('', ' (SOAP/XML)')[settings.IS_XML] - warn_msg += (' data', ' request')[http_request_method == "GET"] + warn_msg += (' data', ' request')[http_request_method == settings.HTTPMETHOD.GET] warn_msg += "." print(settings.print_warning_msg(warn_msg)) diff --git a/src/core/injections/controller/controller.py b/src/core/injections/controller/controller.py index 09b6393fb2..608bcd283f 100644 --- a/src/core/injections/controller/controller.py +++ b/src/core/injections/controller/controller.py @@ -83,7 +83,7 @@ def heuristic_basic(url, http_request_method): if settings.VERBOSITY_LEVEL != 0: debug_msg = "Performing heuristic test for " + technique + "." print(settings.print_debug_msg(debug_msg)) - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: request = _urllib.request.Request(url.replace(settings.INJECT_TAG, settings.BASIC_TEST)) else: data = menu.options.data.replace(settings.INJECT_TAG, settings.BASIC_TEST) @@ -628,9 +628,9 @@ def basic_level_checks(): # Check if HTTP Method is GET. if not menu.options.data: - http_request_method = "GET" + http_request_method = settings.HTTPMETHOD.GET else: - http_request_method = "POST" + http_request_method = settings.HTTPMETHOD.POST if menu.options.shellshock: menu.options.level = settings.HTTP_HEADER_INJECTION_LEVEL diff --git a/src/core/injections/controller/parser.py b/src/core/injections/controller/parser.py index e8f01b94c4..6d78d83f31 100755 --- a/src/core/injections/controller/parser.py +++ b/src/core/injections/controller/parser.py @@ -99,7 +99,7 @@ def invalid_data(request, single_request): words_dict = {} for word in request.read().strip().splitlines(): - if word[:4].strip() == "GET" or word[:4].strip() == "POST": + if word[:4].strip() == settings.HTTPMETHOD.GET or word[:4].strip() == settings.HTTPMETHOD.POST: words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1 # Check if same header appears more than once. @@ -111,7 +111,7 @@ def invalid_data(request, single_request): single_request = multi_requests() # Check for GET / POST HTTP Header - for http_header in ["GET","POST"]: + for http_header in [settings.HTTPMETHOD.GET,settings.HTTPMETHOD.POST]: request = open(request_file, "r") request = request.read() if "\\n" in request: @@ -121,7 +121,7 @@ def invalid_data(request, single_request): if request_url: if not single_request: request_url = request_url[0] - if http_header == "POST": + if http_header == settings.HTTPMETHOD.POST: # Check for POST Data. result = [item for item in request.splitlines() if item] multiple_xml = [] @@ -205,7 +205,7 @@ def invalid_data(request, single_request): print(settings.print_info_msg(info_msg)) sub_content = http_header + " " + prefix + menu.options.host + request_url print(settings.print_sub_content(sub_content)) - if http_header == "POST": + if http_header == settings.HTTPMETHOD.POST: sub_content = "Data: " + menu.options.data print(settings.print_sub_content(sub_content)) # eof \ No newline at end of file diff --git a/src/core/injections/results_based/techniques/classic/cb_handler.py b/src/core/injections/results_based/techniques/classic/cb_handler.py index 3f8c818279..8ec26630b0 100755 --- a/src/core/injections/results_based/techniques/classic/cb_handler.py +++ b/src/core/injections/results_based/techniques/classic/cb_handler.py @@ -246,7 +246,7 @@ def cb_injection_handler(url, timesec, filename, http_request_method, injection_ else: header_name = "" the_type = " parameter" - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: found_vuln_parameter = parameters.vuln_GET_param(url) else : found_vuln_parameter = vuln_parameter diff --git a/src/core/injections/results_based/techniques/classic/cb_injector.py b/src/core/injections/results_based/techniques/classic/cb_injector.py index fbfe830b95..eb895f31c1 100755 --- a/src/core/injections/results_based/techniques/classic/cb_injector.py +++ b/src/core/injections/results_based/techniques/classic/cb_injector.py @@ -47,7 +47,7 @@ def injection_test(payload, http_request_method, url): # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: if " " in payload: payload = payload.replace(" ","%20") # Define the vulnerable parameter @@ -198,7 +198,7 @@ def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_reques else: # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) diff --git a/src/core/injections/results_based/techniques/eval_based/eb_handler.py b/src/core/injections/results_based/techniques/eval_based/eb_handler.py index fa8a212366..3f0a494711 100755 --- a/src/core/injections/results_based/techniques/eval_based/eb_handler.py +++ b/src/core/injections/results_based/techniques/eval_based/eb_handler.py @@ -259,7 +259,7 @@ def eb_injection_handler(url, timesec, filename, http_request_method, injection_ else: header_name = "" the_type = " parameter" - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: found_vuln_parameter = parameters.vuln_GET_param(url) else : found_vuln_parameter = vuln_parameter diff --git a/src/core/injections/results_based/techniques/eval_based/eb_injector.py b/src/core/injections/results_based/techniques/eval_based/eb_injector.py index a0cfca89ca..83f2b0599e 100755 --- a/src/core/injections/results_based/techniques/eval_based/eb_injector.py +++ b/src/core/injections/results_based/techniques/eval_based/eb_injector.py @@ -41,7 +41,7 @@ def injection_test(payload, http_request_method, url): # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) @@ -186,7 +186,7 @@ def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_reques else: # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) diff --git a/src/core/injections/semiblind/techniques/file_based/fb_handler.py b/src/core/injections/semiblind/techniques/file_based/fb_handler.py index ce401315b0..bd60f3c7d2 100755 --- a/src/core/injections/semiblind/techniques/file_based/fb_handler.py +++ b/src/core/injections/semiblind/techniques/file_based/fb_handler.py @@ -465,7 +465,7 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r else: header_name = "" the_type = " parameter" - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: found_vuln_parameter = parameters.vuln_GET_param(url) else : found_vuln_parameter = vuln_parameter diff --git a/src/core/injections/semiblind/techniques/file_based/fb_injector.py b/src/core/injections/semiblind/techniques/file_based/fb_injector.py index 4977e9d6b9..6ee103f3bd 100755 --- a/src/core/injections/semiblind/techniques/file_based/fb_injector.py +++ b/src/core/injections/semiblind/techniques/file_based/fb_injector.py @@ -43,7 +43,7 @@ def injection_test(payload, http_request_method, url): # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) @@ -189,7 +189,7 @@ def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, ht else: # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ","%20") diff --git a/src/core/injections/semiblind/techniques/tempfile_based/tfb_enumeration.py b/src/core/injections/semiblind/techniques/tempfile_based/tfb_enumeration.py index a9dc90779b..62ba55f6ee 100755 --- a/src/core/injections/semiblind/techniques/tempfile_based/tfb_enumeration.py +++ b/src/core/injections/semiblind/techniques/tempfile_based/tfb_enumeration.py @@ -244,7 +244,7 @@ def system_users(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timese settings.SYS_USERS = settings.WIN_SYS_USERS settings.SYS_USERS = settings.SYS_USERS + "-replace('\s+',' '))" # URL encode "+ " if POST request and python alternative shell. - if alter_shell and http_request_method == "POST": + if alter_shell and http_request_method == settings.HTTPMETHOD.POST: settings.SYS_USERS = settings.SYS_USERS.replace("+ ","%2B") cmd = settings.SYS_USERS if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session: diff --git a/src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py b/src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py index 5c2071e63f..0a387b3306 100755 --- a/src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py +++ b/src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py @@ -414,7 +414,7 @@ def tfb_injection_handler(url, timesec, filename, tmp_path, http_request_method, else: header_name = "" the_type = " parameter" - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: found_vuln_parameter = parameters.vuln_GET_param(url) else : found_vuln_parameter = vuln_parameter diff --git a/src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py b/src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py index 2b4a938949..c43d3b5636 100755 --- a/src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py +++ b/src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py @@ -47,7 +47,7 @@ def examine_requests(payload, vuln_parameter, http_request_method, url, timesec, start = time.time() # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: # Encoding non-ASCII characters payload. # payload = _urllib.parse.quote(payload) @@ -97,7 +97,7 @@ def injection_test(payload, http_request_method, url): start = time.time() # Check if defined method is GET (Default). - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: payload = payload.replace("#","%23") # Encoding non-ASCII characters payload. # payload = _urllib.parse.quote(payload) diff --git a/src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py b/src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py index 7af0a48a07..ede9f7cf20 100755 --- a/src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py +++ b/src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py @@ -89,7 +89,7 @@ def decision(separator, j, TAG, OUTPUT_TEXTFILE, timesec, http_request_method): "[ " + str(j) + " -eq ${str1} ] " + separator + "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -168,7 +168,7 @@ def decision_alter_shell(separator, j, TAG, OUTPUT_TEXTFILE, timesec, http_reque "[ " + str(j) + " -eq ${str1} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") " ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -287,7 +287,7 @@ def cmd_execution(separator, cmd, j, OUTPUT_TEXTFILE, timesec, http_request_meth "str1=$(od -A n -t d1<" + OUTPUT_TEXTFILE + ")" + separator + "echo $str1 >" + OUTPUT_TEXTFILE ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -371,7 +371,7 @@ def cmd_execution_alter_shell(separator, cmd, j, OUTPUT_TEXTFILE, timesec, http_ "[ " + str(j) + " -eq ${str1} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") " ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -449,7 +449,7 @@ def get_char(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, timesec, http "[ " + str(ascii_char) + " -eq ${str} ] " + separator + "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -522,7 +522,7 @@ def get_char_alter_shell(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, t "[ " + str(ascii_char) + " -eq ${str} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")" ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -597,7 +597,7 @@ def fp_result(separator, OUTPUT_TEXTFILE, ascii_char, timesec, http_request_meth "[ " + str(ord(str(ascii_char))) + " -eq ${str} ] " + separator + "sleep " + str(timesec) ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : @@ -665,7 +665,7 @@ def fp_result_alter_shell(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, "[ " + str(ascii_char) + " -eq ${str} ] " + separator + "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")" ) - #if http_request_method == "POST": + #if http_request_method == settings.HTTPMETHOD.POST: separator = _urllib.parse.unquote(separator) elif separator == "||" : diff --git a/src/core/modules/dns_exfiltration/dns_exfiltration.py b/src/core/modules/dns_exfiltration/dns_exfiltration.py index 43f1046424..22b95e4ea2 100755 --- a/src/core/modules/dns_exfiltration/dns_exfiltration.py +++ b/src/core/modules/dns_exfiltration/dns_exfiltration.py @@ -67,7 +67,7 @@ def cmd_exec(dns_server, http_request_method, cmd, url, vuln_parameter): if settings.VERBOSITY_LEVEL != 0: sys.stdout.write("\n" + settings.print_payload(payload)) - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: url = url.replace(settings.INJECT_TAG, "") data = payload.replace(" ", "%20") request = url + data @@ -184,7 +184,7 @@ def dns_exfiltration_handler(url, http_request_method): print("\n" + settings.print_critical_msg(err_msg)) os._exit(0) - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: #url = parameters.do_GET_check(url) vuln_parameter = parameters.vuln_GET_param(url) request = _urllib.request.Request(url) diff --git a/src/core/modules/icmp_exfiltration/icmp_exfiltration.py b/src/core/modules/icmp_exfiltration/icmp_exfiltration.py index 2e0e442777..9c2374c562 100755 --- a/src/core/modules/icmp_exfiltration/icmp_exfiltration.py +++ b/src/core/modules/icmp_exfiltration/icmp_exfiltration.py @@ -83,7 +83,7 @@ def cmd_exec(http_request_method, cmd, url, vuln_parameter, ip_src): sys.stdout.write(settings.print_debug_msg(debug_msg)) sys.stdout.flush() sys.stdout.write("\n" + settings.print_payload(payload) + "\n") - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: url = url.replace(settings.INJECT_TAG, "") data = payload.replace(" ", "%20") req = url + data @@ -211,7 +211,7 @@ def icmp_exfiltration_handler(url, http_request_method): print(settings.print_critical_msg(err_msg) + "\n") os._exit(0) - if http_request_method == "GET": + if http_request_method == settings.HTTPMETHOD.GET: #url = parameters.do_GET_check(url) request = _urllib.request.Request(url) headers.do_check(request) diff --git a/src/core/requests/parameters.py b/src/core/requests/parameters.py index b5da18010e..e764f14e4a 100755 --- a/src/core/requests/parameters.py +++ b/src/core/requests/parameters.py @@ -36,7 +36,7 @@ def get_url_part(url): Check if the 'INJECT_HERE' tag, is specified on GET Requests. """ def do_GET_check(url): - http_request_method = "GET" + http_request_method = settings.HTTPMETHOD.GET # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. url = checks.wildcard_character(url) @@ -203,7 +203,7 @@ def vuln_GET_param(url): Check if the 'INJECT_HERE' tag, is specified on POST Requests. """ def do_POST_check(parameter): - http_request_method = "POST" + http_request_method = settings.HTTPMETHOD.POST # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'","\"") # Check if JSON Object. diff --git a/src/core/requests/redirection.py b/src/core/requests/redirection.py index 16502ac456..ffc1d8b5f3 100755 --- a/src/core/requests/redirection.py +++ b/src/core/requests/redirection.py @@ -36,7 +36,7 @@ def do_check(url): """ class Request(_urllib.request.Request): def get_method(self): - return "GET" + return settings.HTTPMETHOD.GET class RedirectHandler(_urllib.request.HTTPRedirectHandler): """ diff --git a/src/utils/crawler.py b/src/utils/crawler.py index c83eb17c2c..17195fa96f 100644 --- a/src/utils/crawler.py +++ b/src/utils/crawler.py @@ -131,7 +131,7 @@ def crawling(url): tags += re.finditer(r'(?i)\s(href|src)=["\'](?P[^>"\']+)', content) tags += re.finditer(r'(?i)window\.open\(["\'](?P[^)"\']+)["\']', content) for tag in tags: - href = tag.get("href") if hasattr(tag, "get") else tag.group("href") + href = tag.get("href") if hasattr(tag, settings.HTTPMETHOD.GET) else tag.group("href") if href: href = _urllib.parse.urljoin(url, href) if _urllib.parse.urlparse(url).netloc in href: diff --git a/src/utils/settings.py b/src/utils/settings.py index 96ab9676f3..a37570ca9d 100755 --- a/src/utils/settings.py +++ b/src/utils/settings.py @@ -25,6 +25,10 @@ from src.thirdparty.six.moves import reload_module as _reload_module from src.thirdparty.colorama import Fore, Back, Style, init +class HTTPMETHOD(object): + GET = "GET" + POST = "POST" + # Status FAIL_MSG = Fore.RED + " " * 10 + Style.RESET_ALL FAIL_STATUS = "" + FAIL_MSG + "" @@ -203,12 +207,13 @@ def sys_argv_errors(): DESCRIPTION_FULL = "Automated All-in-One OS Command Injection Exploitation Tool" DESCRIPTION = "The command injection exploiter" AUTHOR = "Anastasios Stasinopoulos" -VERSION_NUM = "3.2.98" -STABLE_VERSION = True -if STABLE_VERSION: - VERSION = "v" + VERSION_NUM[:3] + "-stable" +VERSION_NUM = "3.3" +REVISION = "1" +STABLE_RELEASE = False +if STABLE_RELEASE: + VERSION = "v" + VERSION_NUM + "-stable" else: - VERSION = "v" + VERSION_NUM[:3] + "-dev#" + VERSION_NUM[4:] + VERSION = "v" + VERSION_NUM + "-dev#" + REVISION YEAR = "2014-2021" AUTHOR_TWITTER = "@ancst" APPLICATION_URL = "https://commixproject.com"