Minor refactoring

2024-11-22 01:26:42 +03:00 · 2012-07-24 01:21:32 +02:00 · 2012-07-24 01:21:32 +02:00 · 7f4fa7c27d
commit 7f4fa7c27d
parent b820975217
11 changed files with 23 additions and 23 deletions
--- a/tamper/apostrophemask.py
+++ b/tamper/apostrophemask.py
@ -27,4 +27,4 @@ def tamper(payload):
        * http://lukasz.pilorz.net/testy/full_width_utf/index.phps
    """

-    return payload.replace('\'', '%EF%BC%87') if payload else payload
+    return payload.replace('\'', "%EF%BC%87") if payload else payload
--- a/tamper/apostrophenullencode.py
+++ b/tamper/apostrophenullencode.py
@ -21,4 +21,4 @@ def tamper(payload):
        * Output: AND %00%271%00%27=%00%271%00%27
    """

-    return payload.replace('\'', '%00%27') if payload else payload
+    return payload.replace('\'', "%00%27") if payload else payload
--- a/tamper/chardoubleencode.py
+++ b/tamper/chardoubleencode.py
@ -40,7 +40,7 @@ def tamper(payload):
                retVal += payload[i:i+3]
                i += 3
            else:
-                retVal += '%%25%X' % ord(payload[i])
+                retVal += '%%25%.2X' % ord(payload[i])
                i += 1

    return retVal
--- a/tamper/charencode.py
+++ b/tamper/charencode.py
@ -47,7 +47,7 @@ def tamper(payload):
                retVal += payload[i:i+3]
                i += 3
            else:
-                retVal += '%%%X' % ord(payload[i])
+                retVal += '%%%.2X' % ord(payload[i])
                i += 1

    return retVal
--- a/tamper/charunicodeencode.py
+++ b/tamper/charunicodeencode.py
@ -52,7 +52,7 @@ def tamper(payload):
                retVal += "%%u00%s" % payload[i+1:i+3]
                i += 3
            else:
-                retVal += '%%u00%X' % ord(payload[i])
+                retVal += '%%u%.4X' % ord(payload[i])
                i += 1

    return retVal
--- a/tamper/equaltolike.py
+++ b/tamper/equaltolike.py
@ -38,7 +38,7 @@ def tamper(payload):

    def process(match):
        word = match.group()
-        word = "%sLIKE%s" % (" " if word[0]!=" " else "", " " if word[-1]!=" " else "")
+        word = "%sLIKE%s" % (" " if word[0] != " " else "", " " if word[-1] != " " else "")

        return word

--- a/tamper/ifnull2ifisnull.py
+++ b/tamper/ifnull2ifisnull.py
@ -36,27 +36,27 @@ def tamper(payload):
    if payload and payload.find("IFNULL") > -1:
        while payload.find("IFNULL(") > -1:
            index = payload.find("IFNULL(")
-            deepness = 1
+            depth = 1
            comma, end = None, None

            for i in xrange(index + len("IFNULL("), len(payload)):
-                if deepness == 1 and payload[i] == ',':
+                if depth == 1 and payload[i] == ',':
                    comma = i

-                elif deepness == 1 and payload[i] == ')':
+                elif depth == 1 and payload[i] == ')':
                    end = i
                    break

                elif payload[i] == '(':
-                    deepness += 1
+                    depth += 1

                elif payload[i] == ')':
-                    deepness -= 1
+                    depth -= 1

            if comma and end:
-                A = payload[index + len("IFNULL("):comma]
-                B = payload[comma + 1:end]
-                newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
+                _ = payload[index + len("IFNULL("):comma]
+                __ = payload[comma + 1:end]
+                newVal = "IF(ISNULL(%s),%s,%s)" % (_, __, _)
                payload = payload[:index] + newVal + payload[end+1:]
            else:
                break
--- a/tamper/randomcase.py
+++ b/tamper/randomcase.py
@ -43,11 +43,11 @@ def tamper(payload):
            word = match.group()

            if word.upper() in kb.keywords:
-                newWord = str()
+                _ = str()

                for i in xrange(len(word)):
-                    newWord += word[i].upper() if randomRange(0, 1) else word[i].lower()
+                    _ += word[i].upper() if randomRange(0, 1) else word[i].lower()

-                retVal = retVal.replace(word, newWord)
+                retVal = retVal.replace(word, _)

    return retVal
--- a/tamper/randomcomments.py
+++ b/tamper/randomcomments.py
@ -29,12 +29,12 @@ def tamper(payload):
                continue

            if word.upper() in kb.keywords:
-                newWord = word[0]
+                _ = word[0]

                for i in xrange(1, len(word) - 1):
-                    newWord += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])
+                    _ += "%s%s" % ("/**/" if randomRange(0, 1) else "", word[i])

-                newWord += word[-1]
-                retVal = retVal.replace(word, newWord)
+                _ += word[-1]
+                retVal = retVal.replace(word, _)

    return retVal
--- a/tamper/space2mssqlblank.py
+++ b/tamper/space2mssqlblank.py
@ -53,7 +53,7 @@ def tamper(payload):
    #   CR      0D      carriage return                
    #   SO      0E      shift out 
    #   SI      0F      shift in
-    blanks = ['%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A']
+    blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A')
    retVal = payload

    if payload:
--- a/tamper/space2mysqlblank.py
+++ b/tamper/space2mysqlblank.py
@ -43,7 +43,7 @@ def tamper(payload):
    #   CR      0D      carriage return
    #   VT      0B      vertical TAB        (MySQL and Microsoft SQL Server only)
    #   -       A0      -                   (MySQL only)
-    blanks = ['%09', '%0A', '%0C', '%0D', '%0B', '%A0']
+    blanks = ('%09', '%0A', '%0C', '%0D', '%0B', '%A0')
    retVal = payload

    if payload: