Skip to content

Commit ecb910a

Browse files
flashnukeflashnuke
committed
print size before
1 parent 26fa1a3 commit ecb910a

File tree

1 file changed

+20
-29
lines changed

1 file changed

+20
-29
lines changed

scanners/bypass_403.py

Lines changed: 20 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -48,30 +48,14 @@ def __init__(self, target_keyword, *args, **kwargs):
4848

4949
def try_bypass(self) -> dict:
5050
results = collections.defaultdict(list)
51+
original_path = f"{self.target_url}/{self.target_keyword}"
52+
self._log_progress(f"in progress -> {self.target_keyword}")
5153

5254
# methods
5355

54-
req_path = f"{self.target_url}/{self.target_keyword}"
55-
scode, size = self.send_request("GET", req_path)
56-
results[scode].append(f"GET {req_path}\tsize {size}")
57-
58-
req_path = f"{self.target_url}/{self.target_keyword}"
59-
headers = {"Content-Length": "0"}
60-
scode, size = self.send_request("POST", req_path, headers=headers)
61-
results[scode].append(f"POST {req_path} -H 'Content-Length: 0'\tsize {size}")
62-
63-
req_path = f"{self.target_url}/{self.target_keyword}"
64-
headers = {"Content-Length": "0"}
65-
scode, size = self.send_request("PUT", req_path, headers=headers)
66-
results[scode].append(f"PUT {req_path} -H 'Content-Length: 0'\tsize {size}")
67-
68-
req_path = f"{self.target_url}/{self.target_keyword}"
69-
scode, size = self.send_request("TRACE", req_path)
70-
results[scode].append(f"TRACE {req_path}\tsize {size}")
71-
72-
req_path = f"{self.target_url}/{self.target_keyword}"
73-
scode, size = self.send_request("TRACE", req_path)
74-
results[self.send_request("DELETE", req_path)].append(f"DELETE {req_path}\tsize {size}")
56+
for method in ["GET", "POST", "PUT", "TRACE", "DELETE"]:
57+
scode, size = self.send_request(method, original_path)
58+
results[scode].append(f"size {size}\t\t{method} {original_path}")
7559

7660
# encoding / path traversal
7761

@@ -82,33 +66,40 @@ def try_bypass(self) -> dict:
8266
f"{self.target_url}/{self.target_keyword}?", f"{self.target_url}/{self.target_keyword}#",
8367
f"{self.target_url}/{self.target_keyword}/*"]:
8468
scode, size = self.send_request("GET", req_path)
85-
results[scode].append(f"GET {req_path}\tsize {size}")
69+
results[scode].append(f"size {size}\t\tGET {req_path}")
8670

8771
# file extensions
8872

8973
for file_ext in ["html", "php", "json"]:
90-
req_path = f"{self.target_url}/{self.target_keyword}.{file_ext}"
74+
req_path = f"{original_path}.{file_ext}"
9175
scode, size = self.send_request("GET", req_path)
92-
results[scode].append(f"GET {req_path}\tsize {size}")
76+
results[scode].append(f"size {size}\t\tGET {req_path}\t\tsize {size}")
9377

9478
# headers
9579

9680
for header in Bypass403._HOST_HEADERS:
9781
for host_nickname in Bypass403._LHOST_NICKNAMES:
98-
req_path = f"{self.target_url}/{self.target_keyword}"
9982
headers = {header: host_nickname}
100-
scode, size = self.send_request("GET", req_path, headers=headers)
101-
results[scode].append(f"GET {req_path} -H {header}: {host_nickname}\tsize {size}")
83+
scode, size = self.send_request("GET", original_path, headers=headers)
84+
results[scode].append(f"size {size}\t\tGET {original_path} -H {header}: {host_nickname}")
10285

10386
req_path = f"{self.target_url}"
10487
headers = {"X-rewrite-url": self.target_keyword}
10588
scode, size = self.send_request("GET", req_path, headers=headers)
106-
results[scode].append(f"GET {req_path} -H 'X-rewrite-url: {self.target_keyword}'\tsize {size}")
89+
results[scode].append(f"size {size}\t\tGET {req_path} -H 'X-rewrite-url: {self.target_keyword}'")
10790

10891
req_path = f"{self.target_url}"
10992
headers = {"X-Original-URL": self.target_keyword}
11093
scode, size = self.send_request("GET", req_path, headers=headers)
111-
results[scode].append(f"GET {req_path} -H 'X-Original-URL: {self.target_keyword}'\tsize {size}")
94+
results[scode].append(f"size {size}\t\tGET {req_path} -H 'X-Original-URL: {self.target_keyword}'")
95+
96+
headers = {"Content-Length": "0"}
97+
scode, size = self.send_request("POST", original_path, headers=headers)
98+
results[scode].append(f"size {size}\t\tPOST {original_path} -H 'Content-Length: 0'")
99+
100+
headers = {"Content-Length": "0"}
101+
scode, size = self.send_request("PUT", original_path, headers=headers)
102+
results[scode].append(f"size {size}\t\tPUT {original_path} -H 'Content-Length: 0'")
112103

113104
return results
114105

0 commit comments

Comments
 (0)