struts built_potential_url's now use map function to save code
This commit is contained in:
parent
b07e70855c
commit
84fb96d0de
|
@ -38,22 +38,8 @@ class Struts2Exploiter(WebRCE):
|
|||
:param extensions: What subdirectories to scan. www.domain.com[/extension]
|
||||
:return: Array of url's to try and attack
|
||||
"""
|
||||
url_list = []
|
||||
if extensions:
|
||||
extensions = [(e[1:] if '/' == e[0] else e) for e in extensions]
|
||||
else:
|
||||
extensions = [""]
|
||||
for port in ports:
|
||||
for extension in extensions:
|
||||
if port[1]:
|
||||
protocol = "https"
|
||||
else:
|
||||
protocol = "http"
|
||||
url = join(("%s://%s:%s/" % (protocol, self.host.ip_addr, port[0])), extension)
|
||||
redirected_url = self.get_redirected(url)
|
||||
url_list.append(redirected_url)
|
||||
if not url_list:
|
||||
LOG.info("No attack url's were built")
|
||||
url_list = super(Struts2Exploiter, self).build_potential_urls(ports)
|
||||
url_list = list(map(self.get_redirected, url_list))
|
||||
return url_list
|
||||
|
||||
@staticmethod
|
||||
|
|
Loading…
Reference in New Issue