8282from lib .core .log import LOGGER_HANDLER
8383from lib .core .optiondict import optDict
8484from lib .core .settings import BOLD_PATTERNS
85+ from lib .core .settings import BRUTE_DOC_ROOT_PREFIXES
86+ from lib .core .settings import BRUTE_DOC_ROOT_SUFFIXES
87+ from lib .core .settings import BRUTE_DOC_ROOT_TARGET_MARK
8588from lib .core .settings import CUSTOM_INJECTION_MARK_CHAR
8689from lib .core .settings import DBMS_DIRECTORY_DICT
8790from lib .core .settings import DEFAULT_COOKIE_DELIMITER
99102from lib .core .settings import HOST_ALIASES
100103from lib .core .settings import INFERENCE_UNKNOWN_CHAR
101104from lib .core .settings import INVALID_UNICODE_CHAR_FORMAT
105+ from lib .core .settings import IP_ADDRESS_REGEX
102106from lib .core .settings import ISSUES_PAGE
103107from lib .core .settings import IS_WIN
104108from lib .core .settings import LARGE_OUTPUT_THRESHOLD
@@ -644,38 +648,48 @@ def getDocRoot():
644648
645649 docRoot = []
646650
647- message = "do you want to provide a text file with a list of "
648- message += "directories to try? [y/N] "
649- answer = readInput (message , default = "N" )
651+ message = "what do you want to use for web server document root?\n "
652+ message += "[1] common location(s) '%s' (default)\n " % ", " .join (root for root in defaultDocRoot )
653+ message += "[2] custom location\n "
654+ message += "[3] custom directory list file\n "
655+ message += "[4] brute force search\n "
656+ choice = readInput (message , default = "1" ).strip ()
657+
658+ if choice == "2" :
659+ message = "please provide the web server document root: "
660+ docRoot = readInput (message ).split (',' )
661+ elif choice == "3" :
662+ message = "what's the list file location?\n "
663+ listPath = readInput (message )
664+ checkFile (listPath )
665+ docRoot = getFileItems (listPath )
666+ elif choice == "4" :
667+ targets = set ([conf .hostname ])
668+ _ = conf .hostname .split ('.' )
669+
670+ if _ [0 ] == "www" :
671+ targets .add ('.' .join (_ [1 :]))
672+ targets .add ('.' .join (_ [1 :- 1 ]))
673+ else :
674+ targets .add ('.' .join (_ [:- 1 ]))
650675
651- if answer and answer .lower () == "y" :
652- message = "please provide the directories list file to try: "
653- dirFilePath = readInput (message )
676+ targets = filter (None , targets )
654677
655- if dirFilePath :
656- if os . path . isfile ( dirFilePath ):
657- fd = codecs . open ( dirFilePath , "rb" , UNICODE_ENCODING )
678+ for prefix in BRUTE_DOC_ROOT_PREFIXES . get ( Backend . getOs (), DEFAULT_DOC_ROOTS [ OS . LINUX ]) :
679+ if BRUTE_DOC_ROOT_TARGET_MARK in prefix and re . match ( IP_ADDRESS_REGEX , conf . hostname ):
680+ continue
658681
659- for filepath in fd .readlines ():
660- docRoot .append (normalizePath (filepath ))
682+ for suffix in BRUTE_DOC_ROOT_SUFFIXES :
683+ for target in targets :
684+ item = "%s/%s" % (prefix , suffix )
685+ item = item .replace (BRUTE_DOC_ROOT_TARGET_MARK , target ).replace ("//" , "/" )
686+ docRoot .append (item )
661687
662- else :
663- errMsg = "provided directory list file %s " % dirFilePath
664- errMsg += "is not a valid file"
665- logger .error (errMsg )
666-
667- if len (docRoot ) == 0 :
668- message = "please provide the web server document root "
669- message += "[%s]: " % ", " .join (root for root in defaultDocRoot )
670- inputDocRoot = readInput (message , default = defaultDocRoot )
671-
672- if inputDocRoot :
673- if isinstance (inputDocRoot , basestring ):
674- docRoot = inputDocRoot .split (',' )
675- else :
676- docRoot = inputDocRoot
677- else :
678- docRoot = defaultDocRoot
688+ if BRUTE_DOC_ROOT_TARGET_MARK not in prefix :
689+ break
690+
691+ else :
692+ docRoot = defaultDocRoot
679693
680694 return docRoot
681695
@@ -700,19 +714,6 @@ def getDirs():
700714 if webDir :
701715 directories .add (webDir )
702716
703- message = "please provide additional comma separated file paths to "
704- message += "try to upload the agent inside the possible document: "
705- message += "root%s [Enter for None]: " % "s" if len (kb .docRoot ) > 1 else ""
706- inputDirs = readInput (message )
707-
708- if inputDirs :
709- inputDirs = inputDirs .replace (", " , "," )
710- inputDirs = inputDirs .split ("," )
711-
712- for inputDir in inputDirs :
713- if inputDir :
714- directories .add (inputDir )
715-
716717 return list (directories )
717718
718719def filePathToSafeString (filePath ):
0 commit comments