From 4c16cc4bb7cd33c06950f8b876f8e4546510ff15 Mon Sep 17 00:00:00 2001 From: shelld3v <59408894+shelld3v@users.noreply.github.com> Date: Sat, 3 Aug 2024 11:32:12 +0700 Subject: [PATCH 01/11] Variables in output path/table, multiple output formats usage, ... --- .github/workflows/ci.yml | 2 +- CHANGELOG.md | 3 + config.ini | 82 ++++++----- lib/connection/response.py | 9 +- lib/controller/controller.py | 130 +----------------- lib/core/fuzzer.py | 4 +- lib/core/options.py | 32 +++-- lib/core/settings.py | 9 +- lib/parse/cmdline.py | 29 ++-- lib/{reports => report}/__init__.py | 0 lib/report/csv_report.py | 49 +++++++ lib/report/factory.py | 118 ++++++++++++++++ lib/report/html_report.py | 64 +++++++++ lib/report/json_report.py | 54 ++++++++ lib/report/manager.py | 93 +++++++++++++ lib/{reports => report}/markdown_report.py | 33 +++-- lib/{reports => report}/mysql_report.py | 24 ++-- lib/{reports => report}/plain_text_report.py | 40 +++--- lib/{reports => report}/postgresql_report.py | 17 ++- lib/{reports => report}/simple_report.py | 17 ++- lib/{reports => report}/sqlite_report.py | 28 ++-- .../templates/html_report_template.html | 35 +++-- lib/report/xml_report.py | 55 ++++++++ lib/reports/base.py | 99 ------------- lib/reports/csv_report.py | 39 ------ lib/reports/html_report.py | 59 -------- lib/reports/json_report.py | 43 ------ lib/reports/xml_report.py | 43 ------ lib/utils/common.py | 16 +-- lib/utils/file.py | 2 +- lib/view/terminal.py | 25 ++-- requirements.txt | 1 + testing.py | 2 +- tests/{reports => report}/__init__.py | 0 tests/{reports => report}/test_reports.py | 20 +-- 35 files changed, 693 insertions(+), 583 deletions(-) rename lib/{reports => report}/__init__.py (100%) create mode 100755 lib/report/csv_report.py create mode 100755 lib/report/factory.py create mode 100755 lib/report/html_report.py create mode 100755 lib/report/json_report.py create mode 100755 lib/report/manager.py rename lib/{reports => report}/markdown_report.py (63%) rename lib/{reports => report}/mysql_report.py (75%) rename lib/{reports => report}/plain_text_report.py (50%) rename lib/{reports => report}/postgresql_report.py (71%) rename lib/{reports => report}/simple_report.py (70%) rename lib/{reports => report}/sqlite_report.py (62%) rename lib/{reports => report}/templates/html_report_template.html (83%) create mode 100755 lib/report/xml_report.py delete mode 100755 lib/reports/base.py delete mode 100755 lib/reports/csv_report.py delete mode 100755 lib/reports/html_report.py delete mode 100755 lib/reports/json_report.py delete mode 100755 lib/reports/xml_report.py rename tests/{reports => report}/__init__.py (100%) rename tests/{reports => report}/test_reports.py (78%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15befeaed..8abf8741c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: echo "Host: google.com" >> tmp_raw.txt echo "User-Agent: dirsearch" >> tmp_raw.txt echo "Accept: */*" >> tmp_raw.txt - python3 dirsearch.py -w tmp_wordlist.txt -u https://example.com -o tmp_report.json --format json --force-recursive -R 3 --full-url -q -O + python3 dirsearch.py -w tmp_wordlist.txt -u https://example.com -o tmp_report.json --output-formats json --force-recursive -R 3 --full-url -q python3 dirsearch.py -w tmp_wordlist.txt -l tmp_targets.txt --subdirs /,admin/ --exclude-extensions conf -q -L -f -i 200 --user-agent a --log tmp_log.log python3 dirsearch.py -w tmp_wordlist.txt -u https://localhost --ip 93.184.216.34 --max-rate 2 -H K:V --random-agent --overwrite-extensions --no-color python3 dirsearch.py -w tmp_wordlist.txt --raw tmp_raw.txt --prefixes . --suffixes ~ --skip-on-status 404 -m POST -d test=1 --crawl --min-response-size 9 diff --git a/CHANGELOG.md b/CHANGELOG.md index cd1f9030c..d519bc5dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ # Changelog ## [Unreleased] +- Ability to use multiple output formats +- MySQL and PostgreSQL report formats +- Support variables in file path and SQL table name for saving results ## [0.4.3] - October 2nd, 2022 - Automatically detect the URI scheme (`http` or `https`) if no scheme is provided diff --git a/config.ini b/config.ini index 14c449603..75434f112 100644 --- a/config.ini +++ b/config.ini @@ -13,18 +13,18 @@ exclude-subdirs = %%ff/,.;/,..;/,;/,./,../,%%2e/,%%2e%%2e/ random-user-agents = False max-time = 0 exit-on-error = False -# subdirs = /,api/ -# include-status = 200-299,401 -# exclude-status = 400,500-999 -# exclude-sizes = 0b,123gb -# exclude-texts = [ -# "Not found", -# "404" -# ] -# exclude-regex = "^403$" -# exclude-redirect = "*/error.html" -# exclude-response = 404.html -# skip-on-status = 429,999 +#subdirs = /,api/ +#include-status = 200-299,401 +#exclude-status = 400,500-999 +#exclude-sizes = 0b,123gb +#exclude-texts = [ +# "Not found", +# "404" +#] +#exclude-regex = "^403$" +#exclude-redirect = "*/error.html" +#exclude-response = 404.html +#skip-on-status = 429,999 [dictionary] default-extensions = php,aspx,jsp,html,js @@ -32,33 +32,33 @@ force-extensions = False overwrite-extensions = False lowercase = False uppercase = False -capitalization = False -# exclude-extensions = old,log -# prefixes = .,admin -# suffixes = ~,.bak -# wordlists = /path/to/wordlist1.txt,/path/to/wordlist2.txt +capital = False +#exclude-extensions = old,log +#prefixes = .,admin +#suffixes = ~,.bak +#wordlists = /path/to/wordlist1.txt,/path/to/wordlist2.txt [request] http-method = get follow-redirects = False -# headers = [ -# "Header1: Value", -# "Header2: Value" -# ] -# headers-file = /path/to/headers.txt -# user-agent = MyUserAgent -# cookie = SESSIONID=123 +#headers = [ +# "Header1: Value", +# "Header2: Value" +#] +#headers-file = /path/to/headers.txt +#user-agent = MyUserAgent +#cookie = SESSIONID=123 [connection] timeout = 7.5 delay = 0 max-rate = 0 max-retries = 1 -## By disabling `scheme` variable, dirsearch will automatically identify the URI scheme -# scheme = http -# proxies = ["localhost:8080"] -# proxies-file = /path/to/proxies.txt -# replay-proxy = localhost:8000 +# By disabling `scheme` variable, dirsearch will automatically identify the URI scheme +#scheme = http +#proxies = ["localhost:8080"] +#proxies-file = /path/to/proxies.txt +#replay-proxy = localhost:8000 [advanced] crawl = False @@ -70,9 +70,21 @@ color = True show-redirects-history = False [output] -## Support: plain, simple, json, xml, md, csv, html, sqlite, mysql, postgresql -report-format = plain -autosave-report = True -autosave-report-folder = reports/ -# log-file = /path/to/dirsearch.log -# log-file-size = 50000000 +# Available: simple, plain, json, xml, md, csv, html, sqlite, mysql, postgresql +output-formats = plain +# Supported variables for 'output-file and 'output-sql-table': +# - {extension}: File extension of the report, for 'output-file' only (e.g. txt, json) +# - {format}: Output format (e.g. plain, simple, xml) +# - {host}: Target hostname or IP (e.g. example.com) +# - {scheme}: URI scheme (http or https) +# - {port}: Port number (e.g. 443) +# - {date}: Scan date, format: DD-MM-YYYY (e.g. 07-10-2022) +# +# For output formats other than PostgreSQL and MySQL +#output-file = reports/{host}/{scheme}_{port}.{extension} +# For PostgreSQL and MySQL output formats +#output-url = mysql://user:password@localhost/database +# Table to be used for SQL output +output-sql-table = {scheme}_{host}:{port} +#log-file = /path/to/dirsearch.log +#log-file-size = 50000000 diff --git a/lib/connection/response.py b/lib/connection/response.py index 73f05d2b5..631aed6e5 100755 --- a/lib/connection/response.py +++ b/lib/connection/response.py @@ -16,16 +16,19 @@ # # Author: Mauro Soria +import time + from lib.core.settings import ( DEFAULT_ENCODING, ITER_CHUNK_SIZE, MAX_RESPONSE_SIZE, UNKNOWN, ) from lib.parse.url import clean_path, parse_path -from lib.utils.common import is_binary +from lib.utils.common import get_readable_size, is_binary class Response: def __init__(self, response): + self.datetime = time.strftime("%Y-%m-%d %H:%M:%S") self.url = response.url self.full_path = parse_path(response.url) self.path = clean_path(self.full_path) @@ -63,6 +66,10 @@ def length(self): except TypeError: return len(self.body) + @property + def size(self): + return get_readable_size(self.length) + def __hash__(self): return hash(self.body) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index ad1fb47e4..bd0f52b1f 100755 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -47,23 +47,13 @@ EXTENSION_RECOGNITION_REGEX, MAX_CONSECUTIVE_REQUEST_ERRORS, NEW_LINE, - SCRIPT_PATH, STANDARD_PORTS, UNKNOWN, ) from lib.parse.rawrequest import parse_raw from lib.parse.url import clean_path, parse_path -from lib.reports.csv_report import CSVReport -from lib.reports.html_report import HTMLReport -from lib.reports.json_report import JSONReport -from lib.reports.markdown_report import MarkdownReport -from lib.reports.mysql_report import MySQLReport -from lib.reports.plain_text_report import PlainTextReport -from lib.reports.postgresql_report import PostgreSQLReport -from lib.reports.simple_report import SimpleReport -from lib.reports.sqlite_report import SQLiteReport -from lib.reports.xml_report import XMLReport -from lib.utils.common import get_valid_filename, lstrip_once +from lib.report.manager import ReportManager +from lib.utils.common import lstrip_once from lib.utils.file import FileUtils from lib.utils.pickle import pickle, unpickle from lib.utils.schemedet import detect_scheme @@ -130,12 +120,9 @@ def setup(self): self.requester = Requester() self.dictionary = Dictionary(files=options["wordlists"]) - self.results = [] self.start_time = time.time() self.passed_urls = set() self.directories = [] - self.report = None - self.batch = False self.jobs_processed = 0 self.errors = 0 self.consecutive_errors = 0 @@ -162,27 +149,11 @@ def setup(self): ) exit(1) - if options["autosave_report"]: - self.report_path = options["output_path"] or FileUtils.build_path( - SCRIPT_PATH, "reports" - ) - - try: - FileUtils.create_dir(self.report_path) - if not FileUtils.can_write(self.report_path): - raise Exception - - except Exception: - interface.error( - f"Couldn't create report folder at {self.report_path}" - ) - exit(1) - interface.header(BANNER) interface.config(len(self.dictionary)) try: - self.setup_reports() + self.reporter = ReportManager(options["output_formats"]) except ( InvalidURLException, mysql.connector.Error, @@ -202,7 +173,7 @@ def run(self): # error_callbacks callback values: # - *args[0]: exception match_callbacks = ( - self.match_callback, self.reset_consecutive_errors + self.match_callback, self.reporter.save, self.reset_consecutive_errors ) not_found_callbacks = ( self.update_progress_bar, self.reset_consecutive_errors @@ -229,6 +200,7 @@ def run(self): if not self.old_session: interface.target(self.url) + self.reporter.prepare(self.url) self.start() except ( @@ -244,6 +216,7 @@ def run(self): interface.error(str(e)) except QuitInterrupt as e: + self.reporter.finish() interface.error(e.args[0]) exit(0) @@ -251,6 +224,7 @@ def run(self): options["urls"].pop(0) interface.warning("\nTask Completed") + self.reporter.finish() if options["session_file"]: try: @@ -342,93 +316,6 @@ def set_target(self, url): self.requester.set_url(self.url) - def setup_batch_reports(self): - """Create batch report folder""" - - self.batch = True - current_time = time.strftime("%y-%m-%d_%H-%M-%S") - batch_session = f"BATCH-{current_time}" - batch_directory_path = FileUtils.build_path(self.report_path, batch_session) - - try: - FileUtils.create_dir(batch_directory_path) - except Exception: - interface.error(f"Couldn't create batch folder at {batch_directory_path}") - exit(1) - - return batch_directory_path - - def get_output_extension(self): - if options["output_format"] in ("plain", "simple"): - return "txt" - - return {options["output_format"]} - - def setup_reports(self): - """Create report file""" - - output = options["output"] - - if options["autosave_report"] and not output and options["output_format"] not in ("mysql", "postgresql"): - if len(options["urls"]) > 1: - directory_path = self.setup_batch_reports() - filename = "BATCH." + self.get_output_extension() - else: - parsed = urlparse(options["urls"][0]) - - if not parsed.netloc: - parsed = urlparse(f"//{options['urls'][0]}") - - filename = get_valid_filename(f"{parsed.path}_") - filename += time.strftime("%y-%m-%d_%H-%M-%S") - filename += f".{self.get_output_extension()}" - directory_path = FileUtils.build_path( - self.report_path, get_valid_filename(f"{parsed.scheme}_{parsed.netloc}") - ) - - output = FileUtils.get_abs_path((FileUtils.build_path(directory_path, filename))) - - if FileUtils.exists(output): - i = 2 - while FileUtils.exists(f"{output}_{i}"): - i += 1 - - output += f"_{i}" - - try: - FileUtils.create_dir(directory_path) - except Exception: - interface.error( - f"Couldn't create the reports folder at {directory_path}" - ) - exit(1) - - if not output: - return - - if options["output_format"] == "plain": - self.report = PlainTextReport(output) - elif options["output_format"] == "json": - self.report = JSONReport(output) - elif options["output_format"] == "xml": - self.report = XMLReport(output) - elif options["output_format"] == "md": - self.report = MarkdownReport(output) - elif options["output_format"] == "csv": - self.report = CSVReport(output) - elif options["output_format"] == "html": - self.report = HTMLReport(output) - elif options["output_format"] == "sqlite": - self.report = SQLiteReport(output) - elif options["output_format"] == "mysql": - self.report = MySQLReport(output) - elif options["output_format"] == "postgresql": - self.report = PostgreSQLReport(output) - else: - self.report = SimpleReport(output) - - interface.output_location(output) - def reset_consecutive_errors(self, response): self.consecutive_errors = 0 @@ -463,9 +350,6 @@ def match_callback(self, response): # Replay the request with new proxy self.requester.request(response.full_path, proxy=options["replay_proxy"]) - if self.report: - self.results.append(response) - self.report.save(self.results) def update_progress_bar(self, response): jobs_count = ( diff --git a/lib/core/fuzzer.py b/lib/core/fuzzer.py index 5e78ccd37..01bbe9aa3 100755 --- a/lib/core/fuzzer.py +++ b/lib/core/fuzzer.py @@ -30,7 +30,7 @@ WILDCARD_TEST_POINT_MARKER, ) from lib.parse.url import clean_path -from lib.utils.common import human_size, lstrip_once +from lib.utils.common import get_readable_size, lstrip_once from lib.utils.crawl import Crawler @@ -200,7 +200,7 @@ def is_excluded(self, resp): ): return True - if human_size(resp.length).rstrip() in options["exclude_sizes"]: + if get_readable_size(resp.length).rstrip() in options["exclude_sizes"]: return True if resp.length < options["minimum_response_size"]: diff --git a/lib/core/options.py b/lib/core/options.py index f4866c9e2..5d23a4b29 100755 --- a/lib/core/options.py +++ b/lib/core/options.py @@ -31,7 +31,7 @@ def parse_options(): - opt = parse_config(parse_arguments()) + opt = merge_config(parse_arguments()) if opt.session_file: return vars(opt) @@ -162,11 +162,16 @@ def parse_options(): "that has already in the extension list") exit(1) - if opt.output_format not in OUTPUT_FORMATS: - print("Select one of the following output formats: " - f"{', '.join(OUTPUT_FORMATS)}") + opt.output_formats = [format.strip() for format in opt.output_formats.split(",")] + invalid_formats = set(opt.output_formats).difference(OUTPUT_FORMATS) + + if invalid_formats: + print(f"Invalid output format(s): {', '.join(invalid_formats)}") exit(1) + if "mysql" in opt.output_formats and "postgresql" in opt.output_formats: + print("Can't use both mysql and postgresql output formats at the same time") + return vars(opt) @@ -207,7 +212,7 @@ def _access_file(path): return fd -def parse_config(opt): +def merge_config(opt): config = ConfigParser() config.read(opt.config) @@ -277,8 +282,8 @@ def parse_config(opt): opt.suffixes = opt.suffixes or config.safe_get("dictionary", "suffixes", "") opt.lowercase = opt.lowercase or config.safe_getboolean("dictionary", "lowercase") opt.uppercase = opt.uppercase or config.safe_getboolean("dictionary", "uppercase") - opt.capitalization = opt.capitalization or config.safe_getboolean( - "dictionary", "capitalization" + opt.capital = opt.capital or config.safe_getboolean( + "dictionary", "capital" ) # Request @@ -318,12 +323,13 @@ def parse_config(opt): ) # Output - opt.output_path = config.safe_get("output", "autosave-report-folder") - opt.autosave_report = config.safe_getboolean("output", "autosave-report") - opt.log_file_size = config.safe_getint("output", "log-file-size") - opt.log_file = opt.log_file or config.safe_get("output", "log-file") - opt.output_format = opt.output_format or config.safe_get( - "output", "report-format", "plain", OUTPUT_FORMATS + opt.output_file = opt.output_file or config.safe_get("output", "output-file") + opt.output_url = opt.output_url or config.safe_get("output", "output-url") + opt.output_table = config.safe_get("output", "output-sql-table") + opt.output_formats = opt.output_formats or config.safe_get( + "output", "output-format", "plain" ) + opt.log_file = opt.log_file or config.safe_get("output", "log-file") + opt.log_file_size = config.safe_getint("output", "log-file-size") return opt diff --git a/lib/core/settings.py b/lib/core/settings.py index 95becf003..fb4d9e3a0 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,6 +19,7 @@ import os import sys import string +import time from lib.utils.file import FileUtils @@ -30,6 +31,12 @@ (_||| _) (/_(_|| (_| ) """ +COMMAND = " ".join(sys.argv) + +START_TIME = time.strftime("%Y-%m-%d %H:%M:%S") + +START_DATETIME = time.strftime("%Y-%m-%d") + SCRIPT_PATH = FileUtils.parent(__file__, 3) OPTIONS_FILE = "options.ini" @@ -62,8 +69,6 @@ STANDARD_PORTS = {"http": 80, "https": 443} -INSECURE_CSV_CHARS = ("+", "-", "=", "@") - DEFAULT_TEST_PREFIXES = (".",) DEFAULT_TEST_SUFFIXES = ("/",) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 4fdea4001..d65101bb2 100755 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -87,7 +87,7 @@ def parse_arguments(): "--extensions", action="store", dest="extensions", - help="Extension list separated by commas (e.g. php,asp)", + help="Extension list, separated by commas (e.g. php,asp)", ) dictionary.add_option( "-f", @@ -97,7 +97,6 @@ def parse_arguments(): help="Add extensions to the end of every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions", ) dictionary.add_option( - "-O", "--overwrite-extensions", action="store_true", dest="overwrite_extensions", @@ -108,7 +107,7 @@ def parse_arguments(): action="store", dest="exclude_extensions", metavar="EXTENSIONS", - help="Exclude extension list separated by commas (e.g. asp,jsp)", + help="Exclude extension list, separated by commas (e.g. asp,jsp)", ) dictionary.add_option( "--remove-extensions", @@ -146,7 +145,7 @@ def parse_arguments(): "-C", "--capital", action="store_true", - dest="capitalization", + dest="capital", help="Capital wordlist", ) @@ -485,18 +484,26 @@ def parse_arguments(): output = OptionGroup(parser, "Output Settings") output.add_option( "-o", - "--output", + "--output-file", action="store", - dest="output", - metavar="PATH/URL", - help="Output file or MySQL/PostgreSQL URL (Format: scheme://[username:password@]host[:port]/database-name)", + dest="output_file", + metavar="PATH", + help="Output file location", + ) + output.add_option( + "-O", + "--output-url", + action="store", + dest="output_url", + metavar="URL", + help="MySQL/PostgreSQL URL (Format: scheme://[username:password@]host[:port]/database-name)", ) output.add_option( - "--format", + "--output-formats", action="store", - dest="output_format", + dest="output_formats", metavar="FORMAT", - help=f"Report format (Available: {','.join(OUTPUT_FORMATS)})", + help=f"Report formats, separated by commas (Available: {', '.join(OUTPUT_FORMATS)})", ) output.add_option( "--log", action="store", dest="log_file", metavar="PATH", help="Log file" diff --git a/lib/reports/__init__.py b/lib/report/__init__.py similarity index 100% rename from lib/reports/__init__.py rename to lib/report/__init__.py diff --git a/lib/report/csv_report.py b/lib/report/csv_report.py new file mode 100755 index 000000000..4fdde4dea --- /dev/null +++ b/lib/report/csv_report.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# Author: Mauro Soria + +from defusedcsv import csv + +from lib.core.decorators import locked +from lib.report.factory import BaseReport, FileReportMixin + +from lib.utils.file import FileUtils + + +class CSVReport(FileReportMixin, BaseReport): + __format__ = "csv" + __extension__ = "csv" + + def new(self): + return [["URL", "Status", "Size", "Content Type", "Redirection"]] + + def parse(self, file): + with open(file) as fh: + return list(csv.reader(csv_file, delimiter=",", quotechar='"')) + + @locked + def save(self, file, result): + rows = self.parse(file) + rows.append([result.url, result.status, result.length, result.type, result.redirect]) + self.write(file, rows) + + def write(self, file, rows): + with open(file, "w") as fh: + writer = csv.writer(fh, delimiter=",", quotechar='"') + + for row in rows: + writer.writerow(result) diff --git a/lib/report/factory.py b/lib/report/factory.py new file mode 100755 index 000000000..a36170ed0 --- /dev/null +++ b/lib/report/factory.py @@ -0,0 +1,118 @@ +# -*- coding: utf-8 -*- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# Author: Mauro Soria + +from abc import ABC, abstractmethod + +from lib.core.decorators import locked +from lib.utils.file import FileUtils + + +class BaseReport(ABC): + @abstractmethod + def initiate(self): + raise NotImplementedError + + @abstractmethod + def save(self, result): + raise NotImplementedError + + +class FileReportMixin: + def initiate(self, file): + self.cleanup(file) + self.write(file, self.new()) + + def cleanup(self, file): + open(file, "w").close() + + def parse(self, file): + return open(file, "r").read() + + def write(self, file, data): + with open(file, "w") as fh: + fh.write(data) + + def finish(self): + pass + + +class SQLReportMixin: + # Re-use the connection + _conn = None + + def get_connection(database): + # Re-use old connection + if not self.__reuse: + return self.connect(database) + + if not self._conn: + self._conn = self.connect(database) + + return self._conn + + def get_drop_table_query(self, table): + return (f'''DROP TABLE IF EXISTS "{table}";''',) + + def get_create_table_query(self, table): + return (f'''CREATE TABLE "{table}" ( + time TIMESTAMP, + url TEXT, + status_code INTEGER, + content_length INTEGER, + content_type TEXT, + redirect TEXT + );''',) + + def get_insert_table_query(self, table, values): + return (f'''INSERT INTO "{table}" (time, url, status_code, content_length, content_type, redirect) + VALUES + (%s, %s, %s, %s, %s, %s);''', values) + + def initiate(self, database, table): + conn = self.get_connection(database) + cursor = conn.cursor() + + cursor.execute( + self.get_drop_table_query(table), + self.get_create_table_query(table), + ) + conn.commit() + + @locked + def save(self, database, table, result): + conn = self.get_connection(database) + cursor = conn.cursor() + + cursor.execute( + self.get_insert_table_query( + table, + ( + result.datetime, + result.url, + result.status, + result.length, + result.type, + result.redirect, + ), + ) + ) + conn.commit() + + def finish(self): + if self._conn: + self._conn.close() diff --git a/lib/report/html_report.py b/lib/report/html_report.py new file mode 100755 index 000000000..1a4ccdba1 --- /dev/null +++ b/lib/report/html_report.py @@ -0,0 +1,64 @@ +# -*- coding: utf-8 -*- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# Author: Mauro Soria + +import os + +from jinja2 import Environment, FileSystemLoader + +from lib.core.decorators import locked +from lib.core.settings import COMMAND, START_TIME +from lib.report.factory import BaseReport, FileReportMixin + + +class HTMLReport(FileReportMixin, BaseReport): + __format__ = "html" + __extension__ = "html" + + def new(self): + return generate({}) + + def parse(self, file): + with open(file) as fh: + while 1: + line = fh.readline() + # Gotta be the worst way to parse it but I don't know a better way:P + if line.startswith(" resources: "): + return json.loads(line[19:-1]) + + @locked + def save(self, file, result): + results = self.parse(file) + results.append({ + "url": result.url, + "status": result.status, + "contentLength": result.length, + "contentType": result.type, + "redirect": result.redirect, + }) + self.write(self.generate) + + def generate(self, results): + file_loader = FileSystemLoader( + os.path.dirname(os.path.realpath(__file__)) + "/templates/" + ) + env = Environment(loader=file_loader) + template = env.get_template("html_report_template.html") + return template.render( + metadata={"command": COMMAND, "date": START_TIME}, + results=results, + ) diff --git a/lib/report/json_report.py b/lib/report/json_report.py new file mode 100755 index 000000000..adf61aa68 --- /dev/null +++ b/lib/report/json_report.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# Author: Mauro Soria + +import json + +from lib.core.decorators import locked +from lib.core.settings import COMMAND, START_TIME +from lib.report.factory import BaseReport, FileReportMixin + + +class JSONReport(FileReportMixin, BaseReport): + __format__ = "json" + __extension__ = "json" + + def new(self): + return { + "info": {"args": COMMAND, "time": START_TIME}, + "results": [], + } + + def parse(self, file): + with open(file) as fh: + return json.load(fh) + + @locked + def save(self, file, result): + data = self.parse(file) + data["results"].append({ + "url": result.url, + "status": result.status, + "contentLength": result.length, + "contentType": result.type, + "redirect": result.redirect, + }) + self.write(file, data) + + def write(self, file, data): + with open(file, "w") as fh: + json.dump(data, fh, sort_keys=True, indent=4) diff --git a/lib/report/manager.py b/lib/report/manager.py new file mode 100755 index 000000000..a0771cd1d --- /dev/null +++ b/lib/report/manager.py @@ -0,0 +1,93 @@ +# -*- coding: utf-8 -*- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# Author: Mauro Soria + +from urllib.parse import urlparse + +from lib.core.data import options +from lib.core.settings import STANDARD_PORTS, START_DATETIME +from lib.report.csv_report import CSVReport +from lib.report.html_report import HTMLReport +from lib.report.json_report import JSONReport +from lib.report.markdown_report import MarkdownReport +from lib.report.mysql_report import MySQLReport +from lib.report.plain_text_report import PlainTextReport +from lib.report.postgresql_report import PostgreSQLReport +from lib.report.simple_report import SimpleReport +from lib.report.sqlite_report import SQLiteReport +from lib.report.xml_report import XMLReport + + +output_handlers = { + "simple": (SimpleReport, [options["output_file"]]), + "plain": (PlainTextReport, [options["output_file"]]), + "json": (JSONReport, [options["output_file"]]), + "xml": (XMLReport, [options["output_file"]]), + "md": (MarkdownReport, [options["output_file"]]), + "csv": (CSVReport, [options["output_file"]]), + "html": (HTMLReport, [options["output_file"]]), + "sqlite": (SQLiteReport, [options["output_file"], options["output_table"]]), + "mysql": (MySQLReport, [options["output_url"], options["output_table"]]), + "postgresql": (PostgreSQLReport, [options["output_url"], options["output_table"]]), +} + + +class ReportManager: + def __init__(self, formats): + self.reports = [] + + for format in formats: + # No output location provided + if any(not _ for _ in output_handlers[format][1]): + continue + self.reports.append((output_handlers[format][0](), output_handlers[format][1])) + + def prepare(self, target): + for reporter, sources in self.reports: + reporter.initiate( + *map( + lambda s: self.format(s, target, reporter), + sources, + ) + ) + + def save(self, result): + for reporter, sources in self.reports: + reporter.save( + *map( + lambda s: self.format(s, result.url, reporter), + sources, + ), + result, + ) + + def finish(self): + for reporter, sources in self.reports: + reporter.finish() + + def format(self, string, target, handler): + parsed = urlparse(target) + + return string.format( + # Get date from datetime string + date=START_DATETIME.split()[0], + host=parsed.hostname, + scheme=parsed.scheme, + port=parsed.port or STANDARD_PORTS[parsed.scheme], + format=handler.__format__, + extension=handler.__extension__, + ) diff --git a/lib/reports/markdown_report.py b/lib/report/markdown_report.py similarity index 63% rename from lib/reports/markdown_report.py rename to lib/report/markdown_report.py index 7075b886a..e2d5e715a 100755 --- a/lib/reports/markdown_report.py +++ b/lib/report/markdown_report.py @@ -16,28 +16,31 @@ # # Author: Mauro Soria -import time -import sys +from lib.core.decorators import locked +from lib.core.settings import ( + COMMAND, + NEW_LINE, + START_TIME, +) +from lib.report.factory import BaseReport, FileReportMixin -from lib.core.settings import NEW_LINE -from lib.reports.base import FileBaseReport +class MarkdownReport(FileReportMixin, BaseReport): + __format__ = "markdown" + __extension__ = "md" -class MarkdownReport(FileBaseReport): - def get_header(self): + def new(self): header = "### Information" + NEW_LINE - header += f"Command: {chr(32).join(sys.argv)}" + header += f"Command: {COMMAND}" header += NEW_LINE - header += f"Time: {time.ctime()}" + header += f"Time: {START_TIME}" header += NEW_LINE * 2 header += "URL | Status | Size | Content Type | Redirection" + NEW_LINE header += "----|--------|------|--------------|------------" + NEW_LINE return header - def generate(self, entries): - output = self.get_header() - - for entry in entries: - output += f"{entry.url} | {entry.status} | {entry.length} | {entry.type} | {entry.redirect}" + NEW_LINE - - return output + @locked + def save(self, file, result): + md = self.parse(file) + md += f"{result.url} | {result.status} | {result.length} | {result.type} | {result.redirect}" + NEW_LINE + self.write(file, md) diff --git a/lib/reports/mysql_report.py b/lib/report/mysql_report.py similarity index 75% rename from lib/reports/mysql_report.py rename to lib/report/mysql_report.py index 246b30e85..097cf2776 100755 --- a/lib/reports/mysql_report.py +++ b/lib/report/mysql_report.py @@ -21,23 +21,31 @@ from mysql.connector.constants import SQLMode from urllib.parse import urlparse +from lib.core.decorators import locked from lib.core.exceptions import InvalidURLException -from lib.reports.base import SQLBaseReport +from lib.report.factory import BaseReport, SQLReportMixin -class MySQLReport(SQLBaseReport): - def connect(self, url): - parsed = urlparse(url) +class MySQLReport(SQLReportMixin, BaseReport): + __format__ = "sql" + __extension__ = None + __reuse = True + + def is_valid(self, url): + return url.startswith("mysql://") - if not parsed.scheme == "mysql": + def connect(self, url): + if not self.is_valid(url): raise InvalidURLException("Provided MySQL URL does not start with mysql://") - self.conn = mysql.connector.connect( + parsed = urlparse(url) + conn = mysql.connector.connect( host=parsed.hostname, port=parsed.port or 3306, user=parsed.username, password=parsed.password, database=parsed.path.lstrip("/"), ) - self.conn.sql_mode = [SQLMode.ANSI_QUOTES] - self.cursor = self.conn.cursor() + conn.sql_mode = [SQLMode.ANSI_QUOTES] + + return conn diff --git a/lib/reports/plain_text_report.py b/lib/report/plain_text_report.py similarity index 50% rename from lib/reports/plain_text_report.py rename to lib/report/plain_text_report.py index c078e1808..89105e181 100755 --- a/lib/reports/plain_text_report.py +++ b/lib/report/plain_text_report.py @@ -16,28 +16,32 @@ # # Author: Mauro Soria -import time -import sys +from lib.core.decorators import locked +from lib.core.settings import ( + COMMAND, + NEW_LINE, + START_TIME, +) +from lib.report.factory import BaseReport, FileReportMixin +from lib.utils.common import get_readable_size -from lib.core.settings import NEW_LINE -from lib.reports.base import FileBaseReport -from lib.utils.common import human_size +class PlainTextReport(FileReportMixin, BaseReport): + __format__ = "plain" + __extension__ = "txt" -class PlainTextReport(FileBaseReport): - def get_header(self): - return f"# Dirsearch started {time.ctime()} as: {chr(32).join(sys.argv)}" + NEW_LINE * 2 + def new(self): + return f"# Dirsearch started {START_TIME} as: {COMMAND}" + NEW_LINE * 2 - def generate(self, entries): - output = self.get_header() + @locked + def save(self, file, result): + readable_size = get_readable_size(result.length) + data = self.parse(file) + data += f"{result.status} {readable_size.rjust(6, chr(32))} {result.url}" - for entry in entries: - readable_size = human_size(entry.length) - output += f"{entry.status} {readable_size.rjust(6, chr(32))} {entry.url}" + if result.redirect: + data += f" -> {result.redirect}" - if entry.redirect: - output += f" -> REDIRECTS TO: {entry.redirect}" + data += NEW_LINE - output += NEW_LINE - - return output + self.write(file, data) diff --git a/lib/reports/postgresql_report.py b/lib/report/postgresql_report.py similarity index 71% rename from lib/reports/postgresql_report.py rename to lib/report/postgresql_report.py index 68c67962c..a999a5a4e 100755 --- a/lib/reports/postgresql_report.py +++ b/lib/report/postgresql_report.py @@ -18,14 +18,21 @@ import psycopg +from lib.core.decorators import locked from lib.core.exceptions import InvalidURLException -from lib.reports.base import SQLBaseReport +from lib.report.factory import BaseReport, SQLReportMixin -class PostgreSQLReport(SQLBaseReport): +class PostgreSQLReport(SQLReportMixin, BaseReport): + __format__ = "sql" + __extension__ = None + __reuse = True + + def is_valid(self, url): + return url.startswith(("postgres://", "postgresql://")) + def connect(self, url): - if not url.startswith("postgresql://"): + if not self.is_valid(url): raise InvalidURLException("Provided PostgreSQL URL does not start with postgresql://") - self.conn = psycopg.connect(url) - self.cursor = self.conn.cursor() + return psycopg.connect(url) diff --git a/lib/reports/simple_report.py b/lib/report/simple_report.py similarity index 70% rename from lib/reports/simple_report.py rename to lib/report/simple_report.py index d0bb00717..c49d5ffc3 100755 --- a/lib/reports/simple_report.py +++ b/lib/report/simple_report.py @@ -16,10 +16,19 @@ # # Author: Mauro Soria +from lib.core.decorators import locked from lib.core.settings import NEW_LINE -from lib.reports.base import FileBaseReport +from lib.report.factory import BaseReport, FileReportMixin -class SimpleReport(FileBaseReport): - def generate(self, entries): - return NEW_LINE.join(entry.url for entry in entries) +class SimpleReport(FileReportMixin, BaseReport): + __format__ = "simple" + __extension__ = "txt" + + def new(self): + return "" + + @locked + def save(self, file, result): + data = self.parse(file) + self.write(file, data) diff --git a/lib/reports/sqlite_report.py b/lib/report/sqlite_report.py similarity index 62% rename from lib/reports/sqlite_report.py rename to lib/report/sqlite_report.py index 7c9d2c27b..b36981ff2 100755 --- a/lib/reports/sqlite_report.py +++ b/lib/report/sqlite_report.py @@ -18,17 +18,20 @@ import sqlite3 -from lib.reports.base import SQLBaseReport +from lib.core.decorators import locked +from lib.report.factory import BaseReport, SQLReportMixin +from lib.utils.file import FileUtils -class SQLiteReport(SQLBaseReport): - def connect(self, output_file): - self.conn = sqlite3.connect(output_file, check_same_thread=False) - self.cursor = self.conn.cursor() - def create_table_query(self, table): +class SQLiteReport(SQLReportMixin, BaseReport): + __format__ = "sql" + __extension__ = "sqlite" + __reuse = False + + def get_create_table_query(self, table): return (f'''CREATE TABLE "{table}" ( - time DATETIME DEFAULT CURRENT_TIMESTAMP, + time DATETIME, url TEXT, status_code INTEGER, content_length INTEGER, @@ -36,7 +39,10 @@ def create_table_query(self, table): redirect TEXT );''',) - def insert_table_query(self, table, values): - return (f'''INSERT INTO "{table}" (url, status_code, content_length, content_type, redirect) - VALUES - (?, ?, ?, ?, ?)''', values) + def get_insert_table_query(self, table, values): + return (f'INSERT INTO "{table}" VALUES (?, ?, ?, ?, ?, ?);', values) + + def connect(self, file): + FileUtils.create_dir(FileUtils.parent(file)) + + return sqlite3.connect(file, check_same_thread=False) diff --git a/lib/reports/templates/html_report_template.html b/lib/report/templates/html_report_template.html similarity index 83% rename from lib/reports/templates/html_report_template.html rename to lib/report/templates/html_report_template.html index 94760f1ff..84538274b 100644 --- a/lib/reports/templates/html_report_template.html +++ b/lib/report/templates/html_report_template.html @@ -39,6 +39,8 @@