added --scope feature regarding Feature #105

This commit is contained in:
Miroslav Stampar 2010-01-09 20:44:50 +00:00
parent f316e722c1
commit d58ba7ee6d
4 changed files with 16 additions and 3 deletions

View File

@ -162,7 +162,10 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
elif method is not None and method == "POST" and "=" in line:
data = line
params = True
if conf.scope:
getPostReq &= re.search(conf.scope, host) is not None
if getPostReq and params:
if not url.startswith("http"):
url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url)

View File

@ -45,7 +45,9 @@ optDict = {
"proxy": "string",
"threads": "integer",
"delay": "float",
"timeout": "float"
"timeout": "float",
"retries": "integer",
"scope": "string"
},
"Injection": {
@ -63,6 +65,7 @@ optDict = {
"Techniques": {
"stackedTest": "boolean",
"timeTest": "boolean",
"timesec": "integer",
"unionTest": "boolean",
"uTech": "string",
"unionUse": "boolean"

View File

@ -117,6 +117,9 @@ def cmdLineParser():
request.add_option("--retries", dest="retries", type="int", default=3,
help="Retries when the connection timeouts "
"(default 3)")
request.add_option("--scope", dest="scope",
help="Regex expression for filtering targets "
"from provided Burp or WebScarab log")
# Injection options
injection = OptionGroup(parser, "Injection", "These options can be "

View File

@ -95,6 +95,10 @@ timeout = 30
# Default: 3
retries = 3
# Regex expression for filtering targets
# from provided Burp or WebScarab log (e.g. (google|yahoo))
scope = None
[Injection]
@ -415,4 +419,4 @@ cleanup = False
# 4: Show also HTTP responses headers
# 5: Show also HTTP responses page content
# Default: 1
verbose = 1
verbose = 1