(target, paramData, encoding, headers, delay, timeout)
| 13 | |
| 14 | |
| 15 | def singleFuzz(target, paramData, encoding, headers, delay, timeout): |
| 16 | GET, POST = (False, True) if paramData else (True, False) |
| 17 | # If the user hasn't supplied the root url with http(s), we will handle it |
| 18 | if not target.startswith('http'): |
| 19 | try: |
| 20 | response = requester('https://' + target, {}, |
| 21 | headers, GET, delay, timeout) |
| 22 | target = 'https://' + target |
| 23 | except: |
| 24 | target = 'http://' + target |
| 25 | logger.debug('Single Fuzz target: {}'.format(target)) |
| 26 | host = urlparse(target).netloc # Extracts host out of the url |
| 27 | logger.debug('Single fuzz host: {}'.format(host)) |
| 28 | url = getUrl(target, GET) |
| 29 | logger.debug('Single fuzz url: {}'.format(url)) |
| 30 | params = getParams(target, paramData, GET) |
| 31 | logger.debug_json('Single fuzz params:', params) |
| 32 | if not params: |
| 33 | logger.error('No parameters to test.') |
| 34 | quit() |
| 35 | WAF = wafDetector( |
| 36 | url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout) |
| 37 | if WAF: |
| 38 | logger.error('WAF detected: %s%s%s' % (green, WAF, end)) |
| 39 | else: |
| 40 | logger.good('WAF Status: %sOffline%s' % (green, end)) |
| 41 | |
| 42 | for paramName in params.keys(): |
| 43 | logger.info('Fuzzing parameter: %s' % paramName) |
| 44 | paramsCopy = copy.deepcopy(params) |
| 45 | paramsCopy[paramName] = xsschecker |
| 46 | fuzzer(url, paramsCopy, headers, GET, |
| 47 | delay, timeout, WAF, encoding) |
no test coverage detected