一个low逼的boofuzz脚本生成器
直接贴代码
def do_body(line):global scriptt=line.split('&')for i in range(len(t)):m,n=t[i].split('=')script+='\t\ts_static("%s=")\r\n' %(m)script+='\t\ts_string("%s", max_len=1024)\r\n' %(n)if i!=len(t)-1:script+='\t\ts_static("&")\r\n'IP='ihome.360.cn'
PORT=80script='from boofuzz import *\r\n'
script+='def main():\r\n'
script+='\tsession = Session(target=Target(connection=TCPSocketConnection("%s", %d)),)\r\n' %(IP,PORT)
script+='\ts_initialize(name="Post")\r\n'
script+='\twith s_block("Post-Line"):\r\n'f=open('C:/Users/wei/Desktop/fuzz/post.txt','rb')
Fscript=open('C:/Users/wei/Desktop/fuzz/FuzzScript.py','wb')
line=f.readline()while line:if line=='\r\n':line=f.readline()script+='\ts_static("\\r\\n", "Request-CRLF")\r\n'script+='\twith s_block("Body-Content"):\r\n'do_body(line)script+='\tsession.connect(s_get("Post"))\r\n'script+='\tsession.fuzz()\r\n'script+='if __name__ == "__main__":\r\n'script+='\tmain()\r\n'f.seek(0)all_file=f.read()script+='\r\n\'\'\'\r\n'+all_file+'\r\n\'\'\''else:t=line.split(' ')for i in range(len(t)):if '\r\n' in t[i]:tt=t[i].split('\r\n')#print ttif i!=0:script+='\t\ts_delim(" ")\r\n'script+='\t\ts_static("%s")\r\n' %(tt[0])script+='\t\ts_static("\\r\\n")\r\n'else:if i!=0:script+='\t\ts_delim(" ")\r\n'script+='\t\ts_static("%s")\r\n' %(t[i]) line=f.readline()script+='\r\n'
Fscript.write(script)
Fscript.close()
f.close()
post是这样子的
POST /app/universal_app/led_ctrl_set.cgi HTTP/1.1
Host: ihome.360.cn
Content-Length: 122
Accept: */*
Origin: http://ihome.360.cn
X-Requested-With: XMLHttpRequest
token_id: 473a100f2461ce8d66c7669b1ef753fe
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360SE
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://ihome.360.cn/app/led_ctrl/webs/index.html?t=1597391805452
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: __huid=11lM5QC7M8%2BV1m3gpUbZxqvmp7coC1eB9CCPwMYIxdv38%3D; __guid=132730903.1862459395348000300.1571113487520.2976; v=o14)R.-Hwi:T1ZCsB878; Qs_lvt_317691=1571458567%2C1571458709; Qs_pv_317691=2053859005725308000%2C2143554520725135600; bad_id73963b90-5cf1-11e9-9a78-b1dd2463a67d=71c7cc71-f729-11e9-bad4-935ebcb55de6; __DC_gid=65863720.124356338.1571407940111.1576040598488.23; Qs_lvt_327145=1576040593%2C1576040598; Qs_pv_327145=3877702283560961000%2C2235936494817687300%2C1812823523483131100%2C1983296644454798300; Qs_lvt_299978=1577692531; Qs_pv_299978=3121754979306215400; _ga=GA1.2.1911454275.1577692533; __gid=65863720.124356338.1571407940111.1584088558934.86; Qihoo_360_login=3aba4d3d59d988db817a2e4674375f9a; monitor_count=1
Connection: closestart_hour=23&start_minute=00&end_hour=07&end_minute=00&timer_day=1%202%203%204%205%206%207&timer_enable=1&action=add&idx=
生成出来是这样子的
from boofuzz import *
def main():session = Session(target=Target(connection=TCPSocketConnection("ihome.360.cn", 80)),)s_initialize(name="Post")with s_block("Post-Line"):s_static("POST")s_delim(" ")s_static("/app/universal_app/led_ctrl_set.cgi")s_delim(" ")s_static("HTTP/1.1")s_static("\r\n")s_static("Host:")s_delim(" ")s_static("ihome.360.cn")s_static("\r\n")s_static("Content-Length:")s_delim(" ")s_static("122")s_static("\r\n")s_static("Accept:")s_delim(" ")s_static("*/*")s_static("\r\n")s_static("Origin:")s_delim(" ")s_static("http://ihome.360.cn")s_static("\r\n")s_static("X-Requested-With:")s_delim(" ")s_static("XMLHttpRequest")s_static("\r\n")s_static("token_id:")s_delim(" ")s_static("473a100f2461ce8d66c7669b1ef753fe")s_static("\r\n")s_static("User-Agent:")s_delim(" ")s_static("Mozilla/5.0")s_delim(" ")s_static("(Windows")s_delim(" ")s_static("NT")s_delim(" ")s_static("10.0;")s_delim(" ")s_static("WOW64)")s_delim(" ")s_static("AppleWebKit/537.36")s_delim(" ")s_static("(KHTML,")s_delim(" ")s_static("like")s_delim(" ")s_static("Gecko)")s_delim(" ")s_static("Chrome/78.0.3904.108")s_delim(" ")s_static("Safari/537.36")s_delim(" ")s_static("QIHU")s_delim(" ")s_static("360SE")s_static("\r\n")s_static("Content-Type:")s_delim(" ")s_static("application/x-www-form-urlencoded;")s_delim(" ")s_static("charset=UTF-8")s_static("\r\n")s_static("Referer:")s_delim(" ")s_static("http://ihome.360.cn/app/led_ctrl/webs/index.html?t=1597391805452")s_static("\r\n")s_static("Accept-Encoding:")s_delim(" ")s_static("gzip,")s_delim(" ")s_static("deflate")s_static("\r\n")s_static("Accept-Language:")s_delim(" ")s_static("zh-CN,zh;q=0.9")s_static("\r\n")s_static("Cookie:")s_delim(" ")s_static("__huid=11lM5QC7M8%2BV1m3gpUbZxqvmp7coC1eB9CCPwMYIxdv38%3D;")s_delim(" ")s_static("__guid=132730903.1862459395348000300.1571113487520.2976;")s_delim(" ")s_static("v=o14)R.-Hwi:T1ZCsB878;")s_delim(" ")s_static("Qs_lvt_317691=1571458567%2C1571458709;")s_delim(" ")s_static("Qs_pv_317691=2053859005725308000%2C2143554520725135600;")s_delim(" ")s_static("bad_id73963b90-5cf1-11e9-9a78-b1dd2463a67d=71c7cc71-f729-11e9-bad4-935ebcb55de6;")s_delim(" ")s_static("__DC_gid=65863720.124356338.1571407940111.1576040598488.23;")s_delim(" ")s_static("Qs_lvt_327145=1576040593%2C1576040598;")s_delim(" ")s_static("Qs_pv_327145=3877702283560961000%2C2235936494817687300%2C1812823523483131100%2C1983296644454798300;")s_delim(" ")s_static("Qs_lvt_299978=1577692531;")s_delim(" ")s_static("Qs_pv_299978=3121754979306215400;")s_delim(" ")s_static("_ga=GA1.2.1911454275.1577692533;")s_delim(" ")s_static("__gid=65863720.124356338.1571407940111.1584088558934.86;")s_delim(" ")s_static("Qihoo_360_login=3aba4d3d59d988db817a2e4674375f9a;")s_delim(" ")s_static("monitor_count=1")s_static("\r\n")s_static("Connection:")s_delim(" ")s_static("close")s_static("\r\n")s_static("\r\n", "Request-CRLF")with s_block("Body-Content"):s_static("start_hour=")s_string("23", max_len=1024)s_static("&")s_static("start_minute=")s_string("00", max_len=1024)s_static("&")s_static("end_hour=")s_string("07", max_len=1024)s_static("&")s_static("end_minute=")s_string("00", max_len=1024)s_static("&")s_static("timer_day=")s_string("1%202%203%204%205%206%207", max_len=1024)s_static("&")s_static("timer_enable=")s_string("1", max_len=1024)s_static("&")s_static("action=")s_string("add", max_len=1024)s_static("&")s_static("idx=")s_string("", max_len=1024)session.connect(s_get("Post"))session.fuzz()
if __name__ == "__main__":main()'''
POST /app/universal_app/led_ctrl_set.cgi HTTP/1.1
Host: ihome.360.cn
Content-Length: 122
Accept: */*
Origin: http://ihome.360.cn
X-Requested-With: XMLHttpRequest
token_id: 473a100f2461ce8d66c7669b1ef753fe
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 QIHU 360SE
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://ihome.360.cn/app/led_ctrl/webs/index.html?t=1597391805452
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: __huid=11lM5QC7M8%2BV1m3gpUbZxqvmp7coC1eB9CCPwMYIxdv38%3D; __guid=132730903.1862459395348000300.1571113487520.2976; v=o14)R.-Hwi:T1ZCsB878; Qs_lvt_317691=1571458567%2C1571458709; Qs_pv_317691=2053859005725308000%2C2143554520725135600; bad_id73963b90-5cf1-11e9-9a78-b1dd2463a67d=71c7cc71-f729-11e9-bad4-935ebcb55de6; __DC_gid=65863720.124356338.1571407940111.1576040598488.23; Qs_lvt_327145=1576040593%2C1576040598; Qs_pv_327145=3877702283560961000%2C2235936494817687300%2C1812823523483131100%2C1983296644454798300; Qs_lvt_299978=1577692531; Qs_pv_299978=3121754979306215400; _ga=GA1.2.1911454275.1577692533; __gid=65863720.124356338.1571407940111.1584088558934.86; Qihoo_360_login=3aba4d3d59d988db817a2e4674375f9a; monitor_count=1
Connection: closestart_hour=23&start_minute=00&end_hour=07&end_minute=00&timer_day=1%202%203%204%205%206%207&timer_enable=1&action=add&idx=
'''
对sulley 那些语法一窍不通照着模板写了个,貌似fuzz的时候能连接成功!
脚本像坨shi,生成的脚本也像坨shi
主要起个抛砖引玉的效果,大佬们别骂了
一个low逼的boofuzz脚本生成器相关推荐
- python中脚本是指什么_你用Python写过最牛逼的程序/脚本是什么?
有网友在 Quora 上提问,「你用 Python 写过最牛逼的程序/脚本是什么?」.本文摘编了 3 个国外程序员的多个小项目,含代码. Manoj Memana Jayakumar, 3000+ 顶 ...
- python写简单的脚本-你用 Python 写过哪些牛逼的程序/脚本?
原标题:你用 Python 写过哪些牛逼的程序/脚本? [导读]:有网友在 Quora 上提问,「你用 Python 写过最牛逼的程序/脚本是什么?」.本文摘编了 3 个国外程序员的多个小项目,含代码 ...
- python能写什么脚本_你用 Python 写过哪些牛逼的程序/脚本?
原标题:你用 Python 写过哪些牛逼的程序/脚本? [导读]:有网友在 Quora 上提问,「你用 Python 写过最牛逼的程序/脚本是什么?」.本文摘编了 3 个国外程序员的多个小项目,含代码 ...
- Qt实现一个简单的编译器(软件生成器)
Qt实现一个简单的编译器(软件生成器) 本文章只记录如何用Qt实现一个简单编译器,即点击本软件中的按钮便可在另一目录中生成一个新的软件(与本软件不冲突). 文章目录 Qt实现一个简单的编译器(软件生成 ...
- 如何成为一个牛逼的程序猿
各种设计模式,用不用没关系,要会吹 各种数据结构,各种树,堆,栈,图,名字都要记住了,越拗口的越重要 各种奇葩算法,都要心中有数,名字听起来越是不知所云的,越要烂熟于胸 千万别和人争框架,一争,就lo ...
- 【Autosar vLinkGen 链接器脚本生成器】
Autosar vLinkGen 链接器脚本生成器 1. 概述 2. 在AUTOSAR架构中的位置 3. 支持的编译器 4. 内存分区 4.1 内存分配细节 4.2 数据段初始化 5. 集成或生成文件 ...
- Data2SQL数据脚本生成器
前几天,因一个项目部署,要将一个SQL SERVER数据库中的用户.组织机构.权限,复制到客户服务器上去,所以用Delphi写了这个工具,自我感觉还可以.之前也用过一个将SQL SERVER数据导成S ...
- 推荐一个基于 Python + Vue 的海报生成器
推荐一个基于 Vue.js 的海报生成器开源项目,像海报编辑器此类的低代码平台更多的开发量在前端,所以说这是前端工程师不错的练手项目,实现起来比管理系统有趣多了. 01. 海报生成器 前几天也推荐过 ...
- 分享一个笑傲江湖高清服脚本辅助工具(以及随机数源码)
游戏脚本基本只能做到和真实玩家一样的事情,只是不怕苦不怕累,能一直干活而已.由于不涉及修改游戏信息,因此也没有外挂的那些法律风险,而且上手也简单啊,毕竟我这种半路出家的都能用按键精灵之类的第三方软件去 ...
- pythongui登录界面密码显示_用python写一个带有gui界面的密码生成器
需要用到的库: tkinter:构建gui界面 pyperclip:复制功能 random:生成随机数 string:处理字符串 代码: from tkinter import * import ra ...
最新文章
- Centos7 设置DNS 服务器
- 弱类型、强类型、动态类型、静态类型语言的区别是什么?
- uva 156 Ananagrams
- @class、#import
- VBScript 教程之数据库篇
- UDT协议实现分析——连接的建立
- ipython和jupyter哪个好_对Python开发者而言,IPython仍然是Jupyter Notebook的核心
- 2019-05-27 Java学习日记 day17
- Papervision3D对象
- kali系统支持那些手机_将kali安装到手机上作为便携式系统启动盘的方法
- java 从服务器下载文件并保存到本地
- 开闭原则(Open-closed principle)
- 山寨google, 新做了1个网站 googler.cc ,做的很山寨 喜欢的朋友可以去看看哈
- 【整理】CRISPR-Cas9用于病毒性传染病防控的最新进展
- iOS-检查版本更新
- wps单文件版_微软Office手机版来了!完全免费+三合一!你还会用WPS吗?1分钟带你了解两者的不同!...
- Push failed Dst refspec V1.0.0 matches more than one.
- FTP在电脑和安卓设备间的妙用!
- linux tar解压压缩,linux下压缩解压tar 详解
- rda-摘自metalink[ID 414966.1]
热门文章
- 【ACWing】1137. 选择最佳线路
- Kent Beck : 领导的敏捷潮
- 双ip的oracle集群该怎么连接,如何配置电信联通双线双IP接入
- 今日卢布美元汇率换算
- 手把手教你高效快捷的创建Swift Framework
- ndo2db: Warning: Retrying message send. This can occur
- Content type ‘application/json;charset=UTF-8‘ not supp...
- Docker中什么是宿主机?
- Cocos2d-x3.2刀塔创奇三消游戏源码,跑酷游戏源码,塔防游戏源码
- 认识kata-containers