From 4f586e5cf8713176c9ccd2779fd60b0fe9030994 Mon Sep 17 00:00:00 2001 From: javi Date: Sun, 25 Mar 2018 21:05:39 +0200 Subject: [PATCH 1/6] removes / from setup.py fixes #69 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 4c1cde5b..f6116659 100644 --- a/setup.py +++ b/setup.py @@ -15,7 +15,7 @@ setup( name = "wfuzz", packages=find_packages(where='src'), - package_dir={'wfuzz': 'src/wfuzz/'}, + package_dir={'wfuzz': 'src/wfuzz'}, entry_points={ 'console_scripts': [ 'wfuzz = wfuzz.wfuzz:main', From 2d6f249a65fcc0ff7e9d38eb93dea692064136fa Mon Sep 17 00:00:00 2001 From: javi Date: Sun, 25 Mar 2018 21:10:57 +0200 Subject: [PATCH 2/6] check for pycurl path_as_is and warn instead of exception, fixes #71 --- src/wfuzz/__init__.py | 3 +++ src/wfuzz/externals/reqresp/Request.py | 10 +++++++++- src/wfuzz/fuzzobjects.py | 5 +---- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/wfuzz/__init__.py b/src/wfuzz/__init__.py index c8ee22c7..9af9cd96 100644 --- a/src/wfuzz/__init__.py +++ b/src/wfuzz/__init__.py @@ -23,6 +23,9 @@ if "openssl".lower() not in pycurl.version.lower(): print "\nWarning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.\n" + if hasattr(pycurl, "PATH_AS_IS"): + print "\nWarning: Pycurl and/or libcurl version is old. PATH_AS_IS option is missing. Wfuzz might not correctly fuzz URLS with '..'.\n" + except ImportError, e: print "\nFatal exception: Wfuzz needs pycurl to run. Pycurl could be installed using the following command:\n\npip install pycurl" sys.exit(1) diff --git a/src/wfuzz/externals/reqresp/Request.py b/src/wfuzz/externals/reqresp/Request.py index 70efb3a5..1c383242 100644 --- a/src/wfuzz/externals/reqresp/Request.py +++ b/src/wfuzz/externals/reqresp/Request.py @@ -17,6 +17,12 @@ except: pass + +PYCURL_PATH_AS_IS = True +if not hasattr(pycurl, "PATH_AS_IS"): + PYCURL_PATH_AS_IS = False + + class Request: def __init__(self): self.__host=None # www.google.com:80 @@ -270,7 +276,9 @@ def to_pycurl_object(c, req): c.setopt(pycurl.SSL_VERIFYPEER, False) c.setopt(pycurl.SSL_VERIFYHOST, 0) - c.setopt(pycurl.PATH_AS_IS, 1) + if PYCURL_PATH_AS_IS: + c.setopt(pycurl.PATH_AS_IS, 1) + c.setopt(pycurl.URL,req.completeUrl) if req.getConnTimeout(): diff --git a/src/wfuzz/fuzzobjects.py b/src/wfuzz/fuzzobjects.py index 0750758d..f33ef560 100644 --- a/src/wfuzz/fuzzobjects.py +++ b/src/wfuzz/fuzzobjects.py @@ -377,10 +377,7 @@ def perform(self): return Facade().http_pool.perform(res) def to_http_object(self, c): - try: - return Request.to_pycurl_object(c, self._request) - except AttributeError: - raise FuzzExceptBadInstall("Minimum pycurl required version is 7.43.0") + return Request.to_pycurl_object(c, self._request) def from_http_object(self, c, bh, bb): return self._request.response_from_conn_object(c, bh, bb) From 6a225eca388835bf98b302451fab38afbbed7f0b Mon Sep 17 00:00:00 2001 From: javi Date: Sun, 25 Mar 2018 21:12:41 +0200 Subject: [PATCH 3/6] add dev requirements --- setup.py | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/setup.py b/setup.py index f6116659..3dddc6a9 100644 --- a/setup.py +++ b/setup.py @@ -10,10 +10,19 @@ open('src/wfuzz/__init__.py').read(), re.M ).group(1) - - + + +dev_requires = [ + 'pymiproxy==1.0', +] + +install_requires = [ + 'pycurl>=7.43.0.1', + 'pyparsing>=2.2.0', +] + setup( - name = "wfuzz", + name="wfuzz", packages=find_packages(where='src'), package_dir={'wfuzz': 'src/wfuzz'}, entry_points={ @@ -26,13 +35,13 @@ 'wxfuzz = wfuzz.wfuzz:main_gui', ] }, - version = version, - description = "Wfuzz - The web fuzzer", - long_description = long_descr, - author = "Xavi Mendez (@x4vi_mendez)", - url = "http://wfuzz.org", - install_requires=[ - 'pycurl>=7.43.0', - 'pyparsing', - ], + version=version, + description="Wfuzz - The web fuzzer", + long_description=long_descr, + author="Xavi Mendez (@x4vi_mendez)", + url="http://wfuzz.org", + install_requires=install_requires, + extras_require={ + 'dev': dev_requires, + } ) From 8f57cdc650c52d83845cc53c7c3ecd23fc5edc98 Mon Sep 17 00:00:00 2001 From: javi Date: Sun, 25 Mar 2018 21:16:25 +0200 Subject: [PATCH 4/6] register httppool. fixes #75 --- docs/library/guide.rst | 1 + src/wfuzz/options.py | 1 + src/wfuzz/wfuzz.py | 1 + 3 files changed, 3 insertions(+) diff --git a/docs/library/guide.rst b/docs/library/guide.rst index 3dc8f228..72cc1059 100644 --- a/docs/library/guide.rst +++ b/docs/library/guide.rst @@ -74,6 +74,7 @@ The FuzzSession object allows you to persist certain parameters across fuzzing s 00060: C=301 7 L 12 W 184 Ch "admin" 00183: C=403 10 L 29 W 263 Ch "cgi-bin" ... + >>> s.close() FuzzSession can also be used as context manager:: diff --git a/src/wfuzz/options.py b/src/wfuzz/options.py index 9d6c4368..eddde705 100644 --- a/src/wfuzz/options.py +++ b/src/wfuzz/options.py @@ -255,6 +255,7 @@ def compile(self): if not self.http_pool: self.http_pool = HttpPool(self) + self.http_pool.register() # filter options self.data["compiled_filter"] = FuzzResFilter.from_options(self) diff --git a/src/wfuzz/wfuzz.py b/src/wfuzz/wfuzz.py index e8bb8052..e8241414 100644 --- a/src/wfuzz/wfuzz.py +++ b/src/wfuzz/wfuzz.py @@ -55,6 +55,7 @@ def main(): except Exception, e: print "\nUnhandled exception: %s" % str(e) finally: + if session_options: session_options.close() if kb: kb.cancel_job() Facade().sett.save() From aa490fe44a4e32b2249260f922b764bc9c492bbd Mon Sep 17 00:00:00 2001 From: javi Date: Sun, 25 Mar 2018 21:19:24 +0200 Subject: [PATCH 5/6] update version --- src/wfuzz/__init__.py | 2 +- src/wfuzz/ui/console/common.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/wfuzz/__init__.py b/src/wfuzz/__init__.py index 9af9cd96..9a02c28c 100644 --- a/src/wfuzz/__init__.py +++ b/src/wfuzz/__init__.py @@ -1,5 +1,5 @@ __title__ = 'wfuzz' -__version__ = "2.2.9" +__version__ = "2.2.11" __build__ = 0x023000 __author__ = 'Xavier Mendez' __license__ = 'GPL 2.0' diff --git a/src/wfuzz/ui/console/common.py b/src/wfuzz/ui/console/common.py index 0ed8aa08..d82c1b92 100644 --- a/src/wfuzz/ui/console/common.py +++ b/src/wfuzz/ui/console/common.py @@ -10,22 +10,22 @@ \twfuzz --script=robots -z list,robots.txt http://www.webscantest.com/FUZZ''' exec_banner = '''********************************************************\r -* Wfuzz %s - The Web Fuzzer *\r +* Wfuzz %s - The Web Fuzzer *\r ********************************************************\r\n''' % version help_banner = '''******************************************************** -* Wfuzz %s - The Web Fuzzer * +* Wfuzz %s - The Web Fuzzer * * * * Version up to 1.4c coded by: * * Christian Martorella (cmartorella@edge-security.com) * * Carlos del ojo (deepbit@gmail.com) * * * -* Version 1.4d to %s coded by: * +* Version 1.4d to %s coded by: * * Xavier Mendez (xmendez@edge-security.com) * ********************************************************\r\n''' % (version, version) help_banner2 = '''******************************************************** -* Wfuzz %s - The Web Fuzzer * +* Wfuzz %s - The Web Fuzzer * * * * Coded by: * * * From 2dc40bdb6245aebdbf44f72f1c19c7c36f5310b6 Mon Sep 17 00:00:00 2001 From: javi Date: Sun, 25 Mar 2018 21:26:24 +0200 Subject: [PATCH 6/6] path as is test --- src/wfuzz/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wfuzz/__init__.py b/src/wfuzz/__init__.py index 9a02c28c..237f9a45 100644 --- a/src/wfuzz/__init__.py +++ b/src/wfuzz/__init__.py @@ -23,7 +23,7 @@ if "openssl".lower() not in pycurl.version.lower(): print "\nWarning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.\n" - if hasattr(pycurl, "PATH_AS_IS"): + if not hasattr(pycurl, "PATH_AS_IS"): print "\nWarning: Pycurl and/or libcurl version is old. PATH_AS_IS option is missing. Wfuzz might not correctly fuzz URLS with '..'.\n" except ImportError, e: