User Controls
Python Selenium shenanigans.
-
2017-02-26 at 12:52 PM UTCOk so i had this project cooking a while back, then i forgot all about it and then i remembered. But i also had a bug please see my source below.
#!/usr/bin/env python2.7
import re
import argparse
import sys
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
# Check for args, print logo and usage
if not len(sys.argv[1:]):
print """
__ _ ___
| \ ___ _ _| |_| __|__ _ _ __ _ ___
| |) / _ \ '_| / / _/ _ \ '_/ _` / -_)
|___/\___/_| |_\_\_|\___/_| \__, \___|
|___/
Welcome to DorkForge.
To start using this script please provide one or more command
line arguments and their corresponding value, where applicable.
To display all options available use -h or --help.
Example:
DorkForge.py -h
DorkForge.py -d inurl:show.php?id= --verbose\n"""
sys.exit(0)
# Handle command line arguments
parser = argparse.ArgumentParser(description="Use this script and dorks to find vulnerable web applications.")
group = parser.add_mutually_exclusive_group()
group.add_argument("-d", "--dork", help="specify the dork you wish to use\n")
group.add_argument("-l", "--list", help="specify path to list with dorks\n")
parser.add_argument("-p", "--pages", default=1, type=int, help="specify amount of pages to check\n")
parser.add_argument("-v", "--verbose", help="toggle verbosity\n")
args = parser.parse_args()
dork_list = []
# If list, read item in
if args.list:
try:
with open(args.list, "r") as ins:
for line in ins:
dork_list.append(line)
except IOError:
print "Could not read dork list"
if args.verbose == True:
print "An IO Error was raised with the following error message: "
print "\n", e
else:
dork_list.append(args.dork)
# Dork list processing/searching
def search():
driver = webdriver.Firefox()
for int in range(args.pages):
driver.get("http://google.com")
assert "Google" in driver.title
for items in dork_list:
elem = driver.find_element_by_name("q")
elem.clear()
elem.send_keys(items)
elem.send_keys(Keys.RETURN)
assert "No results found." not in driver.page_source
links = driver.find_elements_by_xpath("//a[@href]")
for elem in links:
link_list = []
link_list.append(links)
#link_list.append(elem.get_attribute("href"))
#try:
# source = driver.page_source()
# handler = open("page_source.html", "rw") # Needs unique names
# handler.write(source)
# handler.close()
#except IOError as e:
# print "Could not write page source"
# if args.verbose == True:
# print "An IO Error was raised with the following error message: "
# print "\n", e
driver.close()
return link_list
# Link list processing
proc_one = search()
for sorted_url in proc_one:
final = []
if "stackoverflow" or "github" not in sorted_url:
final.append(sorted_url)
print final
So when i print `final`, i just get a list of what appears to be selenium objects instead of actual links. Haven't done any extensive testing/debugging yet but i figured i would just throw this out there in case anyone felt like helping. I will be employing regex somehow to grab just the links when i get them. I fucking suck at regex though.
Post last edited by Sophie at 2017-02-26T13:02:53.140218+00:00 -
2017-02-26 at 10:14 PM UTCYee, .find_elements_by_xpath() returns a list of element objects. If you just want the URLs that the links on the page point to you can use `link_list.append(elem.get_attribute("href"))` which appears to be commented out.
-
2017-02-27 at 10:40 AM UTC
Originally posted by Lanny Yee, .find_elements_by_xpath() returns a list of element objects. If you just want the URLs that the links on the page point to you can use `link_list.append(elem.get_attribute("href"))` which appears to be commented out.
Yeah that is what i thought but if i comment out link_list.append(links) and uncomment elem.get_by_xpath i get the following error message.
Traceback (most recent call last):
File "dorkbot.py", line 95, in <module>
proc_one = search()
File "dorkbot.py", line 76, in search
link_list.append(elem.get_attribute("href"))
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webelement.py", line 139, in get_attribute
self, name)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 465, in execute_script
'args': converted_args})['value']
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 236, in execute
self.error_handler.check_response(response)
File "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/errorhandler.py", line 192, in check_response
raise exception_class(message, screen, stacktrace)
selenium.common.exceptions.StaleElementReferenceException: Message: The element reference is stale. Either the element is no longer attached to the DOM or the page has been refreshed. -
2017-02-27 at 4:47 PM UTCInfowars.com Infowars.com
-
2017-02-28 at 3:09 AM UTCShutup RisiR.
This is the code that worked for me:
#!/usr/bin/env python2.7
import re
import argparse
import sys
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
# Check for args, print logo and usage
if not len(sys.argv[1:]):
print """
__ _ ___
| \ ___ _ _| |_| __|__ _ _ __ _ ___
| |) / _ \ '_| / / _/ _ \ '_/ _` / -_)
|___/\___/_| |_\_\_|\___/_| \__, \___|
|___/
Welcome to DorkForge.
To start using this script please provide one or more command
line arguments and their corresponding value, where applicable.
To display all options available use -h or --help.
Example:
DorkForge.py -h
DorkForge.py -d inurl:show.php?id= --verbose\n"""
sys.exit(0)
# Handle command line arguments
parser = argparse.ArgumentParser(description="Use this script and dorks to find vulnerable web applications.")
group = parser.add_mutually_exclusive_group()
group.add_argument("-d", "--dork", help="specify the dork you wish to use\n")
group.add_argument("-l", "--list", help="specify path to list with dorks\n")
parser.add_argument("-p", "--pages", default=1, type=int, help="specify amount of pages to check\n")
parser.add_argument("-v", "--verbose", help="toggle verbosity\n")
args = parser.parse_args()
dork_list = []
# If list, read item in
if args.list:
try:
with open(args.list, "r") as ins:
for line in ins:
dork_list.append(line)
except IOError:
print "Could not read dork list"
if args.verbose == True:
print "An IO Error was raised with the following error message: "
print "\n", e
else:
dork_list.append(args.dork)
# Dork list processing/searching
def search():
driver = webdriver.Firefox()
link_list = []
for int in range(args.pages):
driver.get("http://google.com")
assert "Google" in driver.title
for items in dork_list:
elem = driver.find_element_by_name("q")
elem.clear()
elem.send_keys(items)
elem.send_keys(Keys.RETURN)
assert "No results found." not in driver.page_source
WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.CLASS_NAME, "r")))
links = driver.find_elements_by_xpath("//h3//a[@href]")
for elem in links:
link_list.append(elem.get_attribute("href"))
#try:
# source = driver.page_source()
# handler = open("page_source.html", "rw") # Needs unique names
# handler.write(source)
# handler.close()
#except IOError as e:
# print "Could not write page source"
# if args.verbose == True:
# print "An IO Error was raised with the following error message: "
# print "\n", e
driver.close()
return link_list
# Link list processing
proc_one = search()
for sorted_url in proc_one:
final = []
if "stackoverflow" or "github" not in sorted_url:
final.append(sorted_url)
print final
A few changes, the biggest being the introduction of a wait. There's non-zero time between simulating pressing enter and results being available on the page, so we need to wait for search results to be available by polling. I changed the xpath to find links to get less garbage on the page that isn't results. Also this:
for elem in links:
link_list = []
Empties link_list on every iteration so I brought it up to the top of search()The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-28 at 12:45 PM UTC
Originally posted by Lanny Shutup RisiR.
This is the code that worked for me:
#!/usr/bin/env python2.7
import re
import argparse
import sys
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
# Check for args, print logo and usage
if not len(sys.argv[1:]):
print """
__ _ ___
| \ ___ _ _| |_| __|__ _ _ __ _ ___
| |) / _ \ '_| / / _/ _ \ '_/ _` / -_)
|___/\___/_| |_\_\_|\___/_| \__, \___|
|___/
Welcome to DorkForge.
To start using this script please provide one or more command
line arguments and their corresponding value, where applicable.
To display all options available use -h or --help.
Example:
DorkForge.py -h
DorkForge.py -d inurl:show.php?id= --verbose\n"""
sys.exit(0)
# Handle command line arguments
parser = argparse.ArgumentParser(description="Use this script and dorks to find vulnerable web applications.")
group = parser.add_mutually_exclusive_group()
group.add_argument("-d", "--dork", help="specify the dork you wish to use\n")
group.add_argument("-l", "--list", help="specify path to list with dorks\n")
parser.add_argument("-p", "--pages", default=1, type=int, help="specify amount of pages to check\n")
parser.add_argument("-v", "--verbose", help="toggle verbosity\n")
args = parser.parse_args()
dork_list = []
# If list, read item in
if args.list:
try:
with open(args.list, "r") as ins:
for line in ins:
dork_list.append(line)
except IOError:
print "Could not read dork list"
if args.verbose == True:
print "An IO Error was raised with the following error message: "
print "\n", e
else:
dork_list.append(args.dork)
# Dork list processing/searching
def search():
driver = webdriver.Firefox()
link_list = []
for int in range(args.pages):
driver.get("http://google.com")
assert "Google" in driver.title
for items in dork_list:
elem = driver.find_element_by_name("q")
elem.clear()
elem.send_keys(items)
elem.send_keys(Keys.RETURN)
assert "No results found." not in driver.page_source
WebDriverWait(driver, 10).until(
EC.presence_of_element_located((By.CLASS_NAME, "r")))
links = driver.find_elements_by_xpath("//h3//a[@href]")
for elem in links:
link_list.append(elem.get_attribute("href"))
#try:
# source = driver.page_source()
# handler = open("page_source.html", "rw") # Needs unique names
# handler.write(source)
# handler.close()
#except IOError as e:
# print "Could not write page source"
# if args.verbose == True:
# print "An IO Error was raised with the following error message: "
# print "\n", e
driver.close()
return link_list
# Link list processing
proc_one = search()
for sorted_url in proc_one:
final = []
if "stackoverflow" or "github" not in sorted_url:
final.append(sorted_url)
print final
A few changes, the biggest being the introduction of a wait. There's non-zero time between simulating pressing enter and results being available on the page, so we need to wait for search results to be available by polling. I changed the xpath to find links to get less garbage on the page that isn't results. Also this:
for elem in links:
link_list = []
Empties link_list on every iteration so I brought it up to the top of search()
Awesome as usual. Thanks fam. Now i'll need to do some regex to get just the URLs, maybe write results out to a textfile, then load the textfile as target list for further fuzzing with SQLmap in example. Auto pwner ftw. -
2017-02-28 at 11:42 PM UTCSweet it's done and it works. I just write my results out to a textfile and can process that textfile with other tools from there. I will be adding a few more features before i put it on github though. Or some minor changes, IDK pretty pleased with it so far.
#!/usr/bin/env python2.7
import argparse
import sys
import time
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
# Check for args, print logo and usage
if not len(sys.argv[1:]):
print """
____ _ _____ _
| \ ___ ___| |_| | |___| |_
| | | . | _| '_| | | | -_| _|
|____/|___|_| |_,_|_|___|___|_|
Welcome to DorkNet.
To start using this script please provide one or more command
line arguments and their corresponding value, where applicable.
To display all options available use -h or --help.
Example:
DorkNet.py -h
DorkNet.py -d inurl:show.php?id= --verbose\n"""
sys.exit(0)
# Handle command line arguments
parser = argparse.ArgumentParser(description="Use this script and dorks to find vulnerable web applications.")
group = parser.add_mutually_exclusive_group()
group.add_argument("-d", "--dork", help=" specify the dork you wish to use\n")
group.add_argument("-l", "--list", help=" specify path to list with dorks\n")
parser.add_argument("-v", "--verbose", action="store_true", help=" toggle verbosity\n")
args = parser.parse_args()
dork_list = []
# Dork list processing
if args.list:
print "\n[+]Reading in list from: " + args.list + "\n\n"
try:
with open(args.list, "r") as ins:
for line in ins:
dork_list.append(line)
if args.verbose == True:
print "[~]" + line
except IOError as e:
print "\n[!]Could not read dork list"
if args.verbose == True:
print "\nAn IO Error was raised with the following error message: "
print "\n %s" % e
else:
dork_list.append(args.dork)
print "\nWould you like DorkNet to proxy it's connection to the search engine?"
query = raw_input("[Y]es/[N]o: ")
if query == 'y':
IP = raw_input("\nPlease enter the proxy host IP: ")
PORT = raw_input("\nPlease enter the proxy port: ")
set_proxy = True
elif query == 'n':
print "\nEstablishing unproxied connection..."
set_proxy = False
else:
print "\n[!]Unhandled option, defaulting to unproxied connection..."
set_proxy = False
# Web Driver Proxy
def proxy(PROXY_HOST,PROXY_PORT):
fp = webdriver.FirefoxProfile()
print "Proxy host set to: " + PROXY_HOST
print "Proxy port set to: " + PROXY_PORT
print "\nEstablishing connection..."
fp.set_preference("network.proxy.type", 1)
fp.set_preference("network.proxy.http",PROXY_HOST)
fp.set_preference("network.proxy.http_port",int(PROXY_PORT))
fp.set_preference("general.useragent.override","'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36'")
fp.update_preferences()
return webdriver.Firefox(firefox_profile=fp)
# Function to generate and process results based on input
def search():
link_list = []
if set_proxy == True:
driver = proxy(IP, PORT)
else:
driver = webdriver.Firefox()
for int in range(1):
try:
driver.get("http://google.com")
except Exception as e:
print "\nA connection could not be established"
if args.verbose == True:
print "An error was raised with the following error message: "
print "\n %s" % e
assert "Google" in driver.title
for items in dork_list:
elem = driver.find_element_by_name("q")
elem.clear()
elem.send_keys(items)
elem.send_keys(Keys.RETURN)
time.sleep(1)
try:
WebDriverWait(driver, 10).until(EC.presence_of_element_located((By.CLASS_NAME, "r")))
except Exception as e:
driver.quit()
print "\n[!]Detecting page source elements failed/timed out.\n"
if args.verbose == True:
print "An error was raised with the following error message: "
print "\n %s" % e
time.sleep(1)
continue
assert "No results found" not in driver.page_source
if "No results found." in driver.page_source:
driver.quit()
continue
links = driver.find_elements_by_xpath("//h3//a[@href]")
for elem in links:
link_list.append(elem.get_attribute("href"))
driver.quit()
return link_list
proc_one = search()
with open("results.log", "w") as outfile:
for item in proc_one:
outfile.write("%s\n" % item)
with open("results.log", "r") as infile:
for line in infile:
print "\n[~]" + line
print "\n\nDone. Results have been saved to a textfile, in the current directory as %s for further processing." % outfile
Post last edited by Sophie at 2017-03-01T13:41:33.742721+00:00 -
2017-03-01 at 1:42 PM UTCUpdated.
