@@ -133,85 +133,91 @@ def run
133133 hydra = Typhoeus ::Hydra . new ( :max_concurrency => num_threads )
134134 resolve = Ethon ::Curl . slist_append ( nil , "#{ vhost } #{ rport } #{ rhost } )
135135
136- while testdir = queue . pop ( true )
137- testurl = "#{ ( ssl ? 'https' : 'http' ) } #{ vhost } #{ rport } #{ base_path } #{ testdir }
136+ begin
137+ while testdir = queue . pop ( true )
138+ testurl = "#{ ( ssl ? 'https' : 'http' ) } #{ vhost } #{ rport } #{ base_path } #{ testdir }
139+
140+ request = Typhoeus ::Request . new (
141+ testurl ,
142+ resolve : resolve ,
143+ method : 'GET' ,
144+ followlocation : false ,
145+ connecttimeout : 5 ,
146+ timeout : 10 ,
147+ ssl_verifyhost : 0 ,
148+ ssl_verifypeer : false
149+ )
150+
151+ request . on_complete do |response |
152+ if response . timed_out?
153+ print_error ( "Unable to connect to #{ testurl } #{ rhost } )
154+ return
155+ end
138156
139- request = Typhoeus ::Request . new (
140- testurl ,
141- resolve : resolve ,
142- method : 'GET' ,
143- followlocation : false ,
144- connecttimeout : 5 ,
145- timeout : 10 ,
146- ssl_verifyhost : 0 ,
147- ssl_verifypeer : false
148- )
157+ if response . code . zero?
158+ print_error ( "Unable to connect to #{ testurl } #{ rhost } )
159+ return
160+ end
149161
150- request . on_complete do |response |
151- if response . timed_out?
152- print_error ( "Unable to connect to #{ testurl } #{ rhost } )
153- return
154- end
162+ msg = "#{ response . code || "ERR" } #{ rhost } #{ testurl }
163+
164+ # check if 404 or error code
165+ if ( response . code == ecode ) || ( emesg && response . body . index ( emesg ) )
166+ vprint_status ( msg )
167+ return
168+ else
169+ report_web_vuln (
170+ :host => rhost ,
171+ :port => rport ,
172+ :vhost => vhost ,
173+ :ssl => ssl ,
174+ :path => "#{ base_path } #{ testdir } ,
175+ :method => 'GET' ,
176+ :pname => '' ,
177+ :proof => "Res code: #{ response . code . to_s } ,
178+ :risk => 0 ,
179+ :confidence => 100 ,
180+ :category => 'directory' ,
181+ :description => 'Directory found.' ,
182+ :name => 'directory'
183+ )
155184
156- if response . code . zero?
157- print_error ( "Unable to connect to #{ testurl } #{ rhost } )
158- return
159- end
185+ print_good ( msg )
160186
161- msg = "#{ response . code || "ERR" } #{ rhost } #{ testurl }
187+ if response . code . to_i == 401
188+ print_status ( "#{ wmap_base_url } #{ base_path } #{ testdir } #{ response . headers [ 'WWW-Authenticate' ] } #{ wmap_target_host } )
162189
163- # check if 404 or error code
164- if ( response . code == ecode ) || ( emesg && response . body . index ( emesg ) )
165- vprint_status ( msg )
166- return
167- else
168- report_web_vuln (
169- :host => rhost ,
170- :port => rport ,
171- :vhost => vhost ,
172- :ssl => ssl ,
173- :path => "#{ base_path } #{ testdir } ,
174- :method => 'GET' ,
175- :pname => '' ,
176- :proof => "Res code: #{ response . code . to_s } ,
177- :risk => 0 ,
178- :confidence => 100 ,
179- :category => 'directory' ,
180- :description => 'Directory found.' ,
181- :name => 'directory'
182- )
183-
184- print_good ( msg )
185-
186- if response . code . to_i == 401
187- print_status ( "#{ wmap_base_url } #{ base_path } #{ testdir } #{ response . headers [ 'WWW-Authenticate' ] } #{ wmap_target_host } )
188-
189- report_note (
190- :host => rhost ,
191- :port => rport ,
192- :proto => 'tcp' ,
193- :sname => ( ssl ? 'https' : 'http' ) ,
194- :type => 'WWW_AUTHENTICATE' ,
195- :data => "#{ wmap_base_url } #{ base_path } #{ testdir } #{ response . headers [ 'WWW-Authenticate' ] } ,
196- :update => :unique_data
197- )
198- end
190+ report_note (
191+ :host => rhost ,
192+ :port => rport ,
193+ :proto => 'tcp' ,
194+ :sname => ( ssl ? 'https' : 'http' ) ,
195+ :type => 'WWW_AUTHENTICATE' ,
196+ :data => "#{ wmap_base_url } #{ base_path } #{ testdir } #{ response . headers [ 'WWW-Authenticate' ] } ,
197+ :update => :unique_data
198+ )
199+ end
199200
200- # Report a valid website and webpage to the database
201- report ( testurl , response )
201+ # Report a valid website and webpage to the database
202+ report ( testurl , response )
202203
203- if recursive
204- File . open ( datastore [ 'DICTIONARY' ] , 'rb' ) . each_line do |testd |
205- dir = testd . strip # remove newline characters
206- dir += '/' if dir [ -1 , 1 ] != '/' # add trailing slash if it doesn't exist
207- dir = dir [ 1 ..-1 ] if dir [ 0 , 1 ] == '/' # remove leading slash if it exists
208- queue . push "#{ testdir } #{ dir }
204+ if recursive
205+ File . open ( datastore [ 'DICTIONARY' ] , 'rb' ) . each_line do |testd |
206+ dir = testd . strip # remove newline characters
207+ dir += '/' if dir [ -1 , 1 ] != '/' # add trailing slash if it doesn't exist
208+ dir = dir [ 1 ..-1 ] if dir [ 0 , 1 ] == '/' # remove leading slash if it exists
209+ queue . push "#{ testdir } #{ dir }
210+ end
209211 end
210212 end
211213 end
212- end
213214
214- hydra . queue request
215+ hydra . queue request
216+ end
217+ rescue ThreadError
218+ rescue => e
219+ puts e . backtrace
220+ raise
215221 end
216222
217223 hydra . run
0 commit comments