void do_scan(){ load_features(); load_tests(); load_aho_corasick_triggers(); load_feature_selections(); add_post_rules(); struct timeval tv; gettimeofday(&tv, NULL); u64 st_time; u32 last_req=0; u64 last_time, last_h_time; st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000; last_time=st_time; last_h_time=st_time; enable_trap=1; maybe_queue_more_hosts(); u64 run_time; while ((next_from_queue() && !stop_soon)) { u64 end_time; struct timeval tv_tmp; gettimeofday(&tv_tmp, NULL); end_time = tv_tmp.tv_sec * 1000LL + tv_tmp.tv_usec / 1000; run_time = end_time - st_time; if(max_time && run_time>(max_time * 1000LL * 60LL)){ warn("Max time reached!"); stop_soon=1; } if(progress && ((end_time-last_time)>(1000*progress))){ req_sec = ((req_count - queue_cur)-last_req) * 1000.0 / ((end_time-last_time) + 1); last_time=end_time; last_req=(req_count - queue_cur); http_stats(st_time); } if((end_time-last_h_time)>500){ last_h_time=end_time; maybe_queue_more_hosts(); } } printf("FINISHED (avg req/s = %f)\n", ((req_count - queue_cur) * 1000.0) / (run_time + 1)); if(train || force_save) save_all(); if(store_successes) save_successes(); }
main() { register long j, k, mask; putenv("_=fl_dump"); /* name to environ */ chdir(getenv("HOME")); /* insure in home directory */ load_features(); /* get the features table */ printf("Current Features in %s\n\n", fl_table_name); for (k = 0; k < 8; k++) { printf("%-36s = %s\n", name[k], fl.fword[k]); } printf("\nAll Done\n"); }
void parse_opts(int argc, char** argv){ int longIndex; int mode=MODE_ATTACK; int i; unsigned int f; int t=0; int recent=0; int code=0; int query_all=0; char *post_key=NULL; char *url=NULL; char *mime=NULL; char *trigger=NULL; char *feature=NULL; char *description=""; char *upload_file=NULL; unsigned int flags=0; struct option long_options[] = { /* long options array. Items are all caSe SensiTivE! */ { "add-url", no_argument, &mode, MODE_ADD_URL }, { "add-trigger", no_argument, &mode, MODE_ADD_TRIGGER}, { "brute-backup", required_argument, NULL, MODE_BRUTE_BACKUP}, { "brute-backup-days", required_argument, NULL, BRUTE_BACKUP_DAYS}, { "brute-backup-pattern", required_argument, NULL, BRUTE_BACKUP_PATTERN}, { "brute-backup-no-stop", no_argument, &backup_bruteforce_stop, 0}, { "brute-backup-no-slash", no_argument, &backup_bruteforce_slash, 0}, { "store-successes", no_argument, NULL, 'S'}, { "query", no_argument, &mode, MODE_QUERY}, { "all", no_argument, &query_all, 1}, { "code", required_argument, NULL, CODE}, { "post-key", required_argument, NULL, POST_KEY}, { "mime-type", required_argument, NULL, MIME}, { "recent", required_argument, NULL, RECENT}, { "no-async-resolve", no_argument, &async_dns, 0}, { "trigger", required_argument,NULL, TRIGGER}, { "max-hosts", required_argument,NULL, 'n'}, { "idle-timeout", required_argument,NULL, RESP_TIMEOUT}, { "rw-timeout", required_argument,NULL, RW_TIMEOUT}, { "conn-timeout", required_argument,NULL, CONN_TIMEOUT}, { "max-connections", required_argument,NULL, 'c'}, { "max-requests", required_argument,NULL, 'r'}, { "max-time", required_argument,NULL, MAX_TIME}, { "progress", required_argument, NULL, 'P' }, { "file", required_argument, NULL, 'f' }, { "statistics", no_argument, NULL, STATISTICS }, { "browser", required_argument, NULL, 'B' }, { "train", optional_argument, NULL, 'T' }, { "feature", required_argument,NULL, FEATURE}, { "url", required_argument, NULL, URL }, { "flags", required_argument, NULL, FLAGS }, { "help", required_argument, NULL, 'h' }, { "skip-sig", no_argument, &skip_sig, 1}, { "skip-other-probes", no_argument, &skip_other_probes, 1}, { "skip-blacklist-success", no_argument, &blacklist_success, 0}, { "force-save", no_argument, &force_save, 1}, { "analyze", no_argument, &mode, MODE_ANALYZE}, { "find-uploaded-file", required_argument, NULL, MODE_FIND_UPLOAD }, { 0, 0, 0, 0 } /* terminating -0 item */ }; int opt; struct t_list *target; while((opt=getopt_long( argc, argv, "-n:Sf:P:c:B:h:r:T::", long_options, &longIndex ))!=-1){ switch(opt){ case 1: target=calloc(sizeof(struct t_list),1); target->host=(unsigned char *) optarg; unqueued_hosts++; LL_APPEND(target_list,target); t++; break; case MODE_BRUTE_BACKUP: backup_bruteforce_url=optarg; mode=MODE_BRUTE_BACKUP; break; case BRUTE_BACKUP_DAYS: backup_bruteforce_days_back=atoi(optarg); break; case RESP_TIMEOUT: resp_tmout=atoi(optarg); break; case RW_TIMEOUT: rw_tmout=atoi(optarg); break; case MAX_TIME: max_time=atoi(optarg); break; case CONN_TIMEOUT: idle_tmout=atoi(optarg); break; case BRUTE_BACKUP_PATTERN: backup_bruteforce_pattern=optarg; break; case 'B': if (!strcasecmp("metal",optarg)) browser_type=BROWSER_METAL; else if (!strcasecmp("minimal",optarg)) browser_type=BROWSER_FAST; else if (!strcasecmp("firefox",optarg)) browser_type=BROWSER_FFOX; else if (!strcasecmp("explorer",optarg)) browser_type=BROWSER_MSIE; else if (!strcasecmp("iphone",optarg)) browser_type=BROWSER_PHONE; else { printf("ERROR: Browser type '%s' is not supported.\n",optarg); exit(1); } break; case 'h': usage(); exit(0); case 'S': store_successes=1; break; case URL: url=optarg; break; case 'c': max_conn_host=atoi(optarg); break; case 'f': if(!strcmp("-",optarg)) file=stdin; else{ if(!(file=fopen(optarg,"r"))){ printf("Can't open '%s' for reading!",optarg); exit(1); } } int fd = fileno(file); int fflags = fcntl(fd, F_GETFL, 0); fflags |= O_NONBLOCK; fcntl(fd, F_SETFL, fflags); t++; case 'r': max_requests=atoi(optarg); break; case 'P': progress=atoi(optarg); break; case STATISTICS: load_tests(); load_features(); show_feature_predictive_values(); exit(0); break; case 'T': train=1; if(optarg) max_train_count=atoi(optarg); break; case 'n': max_hosts=atoi(optarg); break; case FEATURE: feature=optarg; break; case POST_KEY: post_key=optarg; break; case MIME: mime=optarg; break; case CODE: code=atoi(optarg); break; case RECENT: recent=atoi(optarg); break; case TRIGGER: trigger=optarg; break; case FLAGS: for(i=0; i<strlen(optarg); i++){ f=tolower(optarg[i]); switch(f){ case 'c': flags|=F_CRITICAL; break; case 'i': flags|=F_INFO; break; case 'd': flags|=F_DIRECTORY; break; case 'g': flags|=F_CGI; break; default: fprintf (stderr, "Unknown flag: '%c'",f ); exit(1); } } break; case MODE_FIND_UPLOAD: mode=MODE_FIND_UPLOAD; upload_file=optarg; break; } } if(train){ /* force aggressive 404 pruning */ max_requests=0; blacklist_success=1; skip_other_probes=0; } switch(mode){ case MODE_FIND_UPLOAD: do { struct target *tar; if(!t){ fprintf(stderr, "You must specify a host\n"); exit(1); } skip_other_probes=1; tar=add_target(target_list->host) ; /* first target only */ no_add_from_queue=1; if(!tar){ fprintf(stderr,"Couldn't create target '%s'\n",target_list->host); exit(1); } tar->upload_file=upload_file; tar->after_probes=start_find_uploaded_file; do_scan(); } while(0); break; case MODE_ADD_URL: add_or_update_url(url, description, flags); exit(0); break; case MODE_ATTACK: if(!t){ usage(); exit(0); } max_connections=max_hosts * max_conn_host; scan_flags=flags; do_scan(); exit(0); break; case MODE_ADD_TRIGGER: add_aho_corasick_trigger(trigger, feature); exit(0); break; case MODE_QUERY: do { if(!url && !code && !mime && !flags && !recent && !post_key && !query_all){ fprintf(stderr,"You must specify at least one attribute to search on (or --all)\n"); exit(1); } struct query *q=ck_alloc(sizeof(struct query)); q->url=url; q->code=code; q->mime=mime; q->flags=flags; q->recent=recent; q->post_key=post_key; store_successes=0; do_query(q); exit(0); break; } while(0); case MODE_ANALYZE: load_tests(); load_features(); info("performing feature selection..."); do_feature_selection(); exit(0); case MODE_BRUTE_BACKUP: do { struct target *tar; skip_other_probes=1; tar=add_target(backup_bruteforce_url); if(!tar) exit(1); tar->after_probes=start_bruteforce_backup; do_scan(); } while(0); break; } }
void FeatureRepository::init() { load_features(); }