1from wfuzz.externals.moduleman.plugin import moduleman_plugin 2from wfuzz.plugin_api.base import BasePlugin 3 4# Python 2 and 3 5try: 6 from urllib.parse import urljoin 7except ImportError: 8 from urlparse import urljoin 9 10 11@moduleman_plugin 12class backups(BasePlugin): 13 name = "backups" 14 summary = "Looks for known backup filenames." 15 description = ("Looks for known backup filenames.",) 16 "For example, given http://localhost.com/dir/index.html, it will perform the following requests", 17 "* http://localhost/dir/index.EXTENSIONS", 18 "* http://localhost/dir/index.html.EXTENSIONS", 19 "* http://localhost/dir.EXTENSIONS", 20 author = ("Xavi Mendez (@xmendez)",) 21 version = "0.1" 22 category = ["fuzzer", "active"] 23 priority = 99 24 25 parameters = ( 26 ( 27 "ext", 28 ".bak,.tgz,.zip,.tar.gz,~,.rar,.old,.-.swp", 29 False, 30 "Extensions to look for.", 31 ), 32 ) 33 34 def __init__(self): 35 BasePlugin.__init__(self) 36 self.extensions = self.kbase["backups.ext"][0].split(",") 37 38 def validate(self, fuzzresult): 39 return fuzzresult.code != 404 and ( 40 fuzzresult.history.urlparse.fext not in self.extensions 41 ) 42 43 def process(self, fuzzresult): 44 # >>> urlparse.urlparse("http://www.localhost.com/kk/index.html?id=1") 45 # ParseResult(scheme='http', netloc='www.localhost.com', path='/kk/index.html', params='', query='id=1', fragment='') 46 47 for pre_extension in self.extensions: 48 pre, nothing, extension = pre_extension.partition("-") 49 50 # http://localhost/dir/test.html -----> test.BAKKK 51 self.queue_url( 52 urljoin( 53 fuzzresult.url, pre + fuzzresult.history.urlparse.fname + extension 54 ) 55 ) 56 57 # http://localhost/dir/test.html ---> test.html.BAKKK 58 self.queue_url( 59 urljoin(fuzzresult.url, fuzzresult.history.urlparse.ffname + extension) 60 ) 61 62 # http://localhost/dir/test.html ----> dir.BAKKK 63