void do_scan(){
load_features();
load_tests();
load_aho_corasick_triggers();
load_feature_selections();
add_post_rules();
struct timeval tv;
gettimeofday(&tv, NULL);
u64 st_time;
u32 last_req=0;
u64 last_time, last_h_time;
st_time = tv.tv_sec * 1000LL + tv.tv_usec / 1000;
last_time=st_time;
last_h_time=st_time;
enable_trap=1;
maybe_queue_more_hosts();
u64 run_time;
while ((next_from_queue() && !stop_soon)) {
u64 end_time;
struct timeval tv_tmp;
gettimeofday(&tv_tmp, NULL);
end_time = tv_tmp.tv_sec * 1000LL + tv_tmp.tv_usec / 1000;
run_time = end_time - st_time;
if(max_time && run_time>(max_time * 1000LL * 60LL)){
warn("Max time reached!");
stop_soon=1;
}
if(progress && ((end_time-last_time)>(1000*progress))){
req_sec = ((req_count - queue_cur)-last_req) * 1000.0 / ((end_time-last_time) + 1);
last_time=end_time;
last_req=(req_count - queue_cur);
http_stats(st_time);
}
if((end_time-last_h_time)>500){
last_h_time=end_time;
maybe_queue_more_hosts();
}
}
printf("FINISHED (avg req/s = %f)\n", ((req_count - queue_cur) * 1000.0) / (run_time + 1));
if(train || force_save) save_all();
if(store_successes) save_successes();
}
main()
{
register long j, k, mask;
putenv("_=fl_dump"); /* name to environ */
chdir(getenv("HOME")); /* insure in home directory */
load_features(); /* get the features table */
printf("Current Features in %s\n\n", fl_table_name);
for (k = 0; k < 8; k++)
{
printf("%-36s = %s\n", name[k], fl.fword[k]);
}
printf("\nAll Done\n");
}
void parse_opts(int argc, char** argv){
int longIndex;
int mode=MODE_ATTACK;
int i;
unsigned int f;
int t=0;
int recent=0;
int code=0;
int query_all=0;
char *post_key=NULL;
char *url=NULL;
char *mime=NULL;
char *trigger=NULL;
char *feature=NULL;
char *description="";
char *upload_file=NULL;
unsigned int flags=0;
struct option long_options[] = { /* long options array. Items are all caSe SensiTivE! */
{ "add-url", no_argument, &mode, MODE_ADD_URL },
{ "add-trigger", no_argument, &mode, MODE_ADD_TRIGGER},
{ "brute-backup", required_argument, NULL, MODE_BRUTE_BACKUP},
{ "brute-backup-days", required_argument, NULL, BRUTE_BACKUP_DAYS},
{ "brute-backup-pattern", required_argument, NULL, BRUTE_BACKUP_PATTERN},
{ "brute-backup-no-stop", no_argument, &backup_bruteforce_stop, 0},
{ "brute-backup-no-slash", no_argument, &backup_bruteforce_slash, 0},
{ "store-successes", no_argument, NULL, 'S'},
{ "query", no_argument, &mode, MODE_QUERY},
{ "all", no_argument, &query_all, 1},
{ "code", required_argument, NULL, CODE},
{ "post-key", required_argument, NULL, POST_KEY},
{ "mime-type", required_argument, NULL, MIME},
{ "recent", required_argument, NULL, RECENT},
{ "no-async-resolve", no_argument, &async_dns, 0},
{ "trigger", required_argument,NULL, TRIGGER},
{ "max-hosts", required_argument,NULL, 'n'},
{ "idle-timeout", required_argument,NULL, RESP_TIMEOUT},
{ "rw-timeout", required_argument,NULL, RW_TIMEOUT},
{ "conn-timeout", required_argument,NULL, CONN_TIMEOUT},
{ "max-connections", required_argument,NULL, 'c'},
{ "max-requests", required_argument,NULL, 'r'},
{ "max-time", required_argument,NULL, MAX_TIME},
{ "progress", required_argument, NULL, 'P' },
{ "file", required_argument, NULL, 'f' },
{ "statistics", no_argument, NULL, STATISTICS },
{ "browser", required_argument, NULL, 'B' },
{ "train", optional_argument, NULL, 'T' },
{ "feature", required_argument,NULL, FEATURE},
{ "url", required_argument, NULL, URL },
{ "flags", required_argument, NULL, FLAGS },
{ "help", required_argument, NULL, 'h' },
{ "skip-sig", no_argument, &skip_sig, 1},
{ "skip-other-probes", no_argument, &skip_other_probes, 1},
{ "skip-blacklist-success", no_argument, &blacklist_success, 0},
{ "force-save", no_argument, &force_save, 1},
{ "analyze", no_argument, &mode, MODE_ANALYZE},
{ "find-uploaded-file", required_argument, NULL, MODE_FIND_UPLOAD },
{ 0, 0, 0, 0 } /* terminating -0 item */
};
int opt;
struct t_list *target;
while((opt=getopt_long( argc, argv, "-n:Sf:P:c:B:h:r:T::", long_options, &longIndex ))!=-1){
switch(opt){
case 1:
target=calloc(sizeof(struct t_list),1);
target->host=(unsigned char *) optarg;
unqueued_hosts++;
LL_APPEND(target_list,target);
t++;
break;
case MODE_BRUTE_BACKUP:
backup_bruteforce_url=optarg;
mode=MODE_BRUTE_BACKUP;
break;
case BRUTE_BACKUP_DAYS:
backup_bruteforce_days_back=atoi(optarg);
break;
case RESP_TIMEOUT:
resp_tmout=atoi(optarg);
break;
case RW_TIMEOUT:
rw_tmout=atoi(optarg);
break;
case MAX_TIME:
max_time=atoi(optarg);
break;
case CONN_TIMEOUT:
idle_tmout=atoi(optarg);
break;
case BRUTE_BACKUP_PATTERN:
backup_bruteforce_pattern=optarg;
break;
case 'B':
if (!strcasecmp("metal",optarg)) browser_type=BROWSER_METAL;
else if (!strcasecmp("minimal",optarg)) browser_type=BROWSER_FAST;
else if (!strcasecmp("firefox",optarg)) browser_type=BROWSER_FFOX;
else if (!strcasecmp("explorer",optarg)) browser_type=BROWSER_MSIE;
else if (!strcasecmp("iphone",optarg)) browser_type=BROWSER_PHONE;
else {
printf("ERROR: Browser type '%s' is not supported.\n",optarg);
exit(1);
}
break;
case 'h':
usage();
exit(0);
case 'S':
store_successes=1;
break;
case URL:
url=optarg;
break;
case 'c':
max_conn_host=atoi(optarg);
break;
case 'f':
if(!strcmp("-",optarg)) file=stdin;
else{
if(!(file=fopen(optarg,"r"))){
printf("Can't open '%s' for reading!",optarg);
exit(1);
}
}
int fd = fileno(file);
int fflags = fcntl(fd, F_GETFL, 0);
fflags |= O_NONBLOCK;
fcntl(fd, F_SETFL, fflags);
t++;
case 'r':
max_requests=atoi(optarg);
break;
case 'P':
progress=atoi(optarg);
break;
case STATISTICS:
load_tests();
load_features();
show_feature_predictive_values();
exit(0);
break;
case 'T':
train=1;
if(optarg) max_train_count=atoi(optarg);
break;
case 'n':
max_hosts=atoi(optarg);
break;
case FEATURE:
feature=optarg;
break;
case POST_KEY:
post_key=optarg;
break;
case MIME:
mime=optarg;
break;
case CODE:
code=atoi(optarg);
break;
case RECENT:
recent=atoi(optarg);
break;
case TRIGGER:
trigger=optarg;
break;
case FLAGS:
for(i=0; i<strlen(optarg); i++){
f=tolower(optarg[i]);
switch(f){
case 'c':
flags|=F_CRITICAL;
break;
case 'i':
flags|=F_INFO;
break;
case 'd':
flags|=F_DIRECTORY;
break;
case 'g':
flags|=F_CGI;
break;
default:
fprintf (stderr, "Unknown flag: '%c'",f );
exit(1);
}
}
break;
case MODE_FIND_UPLOAD:
mode=MODE_FIND_UPLOAD;
upload_file=optarg;
break;
}
}
if(train){
/* force aggressive 404 pruning */
max_requests=0;
blacklist_success=1;
skip_other_probes=0;
}
switch(mode){
case MODE_FIND_UPLOAD:
do {
struct target *tar;
if(!t){
fprintf(stderr, "You must specify a host\n");
exit(1);
}
skip_other_probes=1;
tar=add_target(target_list->host) ; /* first target only */
no_add_from_queue=1;
if(!tar){
fprintf(stderr,"Couldn't create target '%s'\n",target_list->host);
exit(1);
}
tar->upload_file=upload_file;
tar->after_probes=start_find_uploaded_file;
do_scan();
} while(0);
break;
case MODE_ADD_URL:
add_or_update_url(url, description, flags);
exit(0);
break;
case MODE_ATTACK:
if(!t){
usage();
exit(0);
}
max_connections=max_hosts * max_conn_host;
scan_flags=flags;
do_scan();
exit(0);
break;
case MODE_ADD_TRIGGER:
add_aho_corasick_trigger(trigger, feature);
exit(0);
break;
case MODE_QUERY:
do {
if(!url && !code && !mime && !flags && !recent && !post_key && !query_all){
fprintf(stderr,"You must specify at least one attribute to search on (or --all)\n");
exit(1);
}
struct query *q=ck_alloc(sizeof(struct query));
q->url=url;
q->code=code;
q->mime=mime;
q->flags=flags;
q->recent=recent;
q->post_key=post_key;
store_successes=0;
do_query(q);
exit(0);
break;
} while(0);
case MODE_ANALYZE:
load_tests();
load_features();
info("performing feature selection...");
do_feature_selection();
exit(0);
case MODE_BRUTE_BACKUP:
do {
struct target *tar;
skip_other_probes=1;
tar=add_target(backup_bruteforce_url);
if(!tar) exit(1);
tar->after_probes=start_bruteforce_backup;
do_scan();
} while(0);
break;
}
}
void FeatureRepository::init()
{
load_features();
}
