p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

struts built_potential_url's now use map function to save code

This commit is contained in:
Vakaris 2018-08-23 13:51:11 +03:00
parent b07e70855c
commit 84fb96d0de
1 changed files with 2 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
infection_monkey/exploit/struts2.py
View File

@ -38,22 +38,8 @@ class Struts2Exploiter(WebRCE):
:param extensions: What subdirectories to scan. www.domain.com[/extension] :param extensions: What subdirectories to scan. www.domain.com[/extension]
:return: Array of url's to try and attack :return: Array of url's to try and attack
""" """
url_list = [] url_list = super(Struts2Exploiter, self).build_potential_urls(ports)
if extensions: url_list = list(map(self.get_redirected, url_list))
extensions = [(e[1:] if '/' == e[0] else e) for e in extensions]
else:
extensions = [""]
for port in ports:
for extension in extensions:
if port[1]:
protocol = "https"
else:
protocol = "http"
url = join(("%s://%s:%s/" % (protocol, self.host.ip_addr, port[0])), extension)
redirected_url = self.get_redirected(url)
url_list.append(redirected_url)
if not url_list:
LOG.info("No attack url's were built")
return url_list return url_list
@staticmethod @staticmethod