m4dh4v45b1n 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ac79cf3d5dc4cbfb295974d1924498d26a62fb4bcc8d372b613a866b94f5d4d
-  data.tar.gz: 552fb55fe78cdbf104694000e44f12f43c7e3b15af59997e2df7644410f17080
+  metadata.gz: 4906107520ba8d1e44618a3036aa49372b162ad0298698a6711a3ee91eaa5a19
+  data.tar.gz: 82aff205ae89b27118fc15144076db5cd491e2b30e4291091c00e79354a2c5e5
 SHA512:
-  metadata.gz: 97f7736fca8359dc2ba4183fb1c07a3d7c401a1c3f9c84878e06d0ee0079699020eebf328528a8e0ecf6bc0857c7ee56ae79fc581243dd4b47d5ac2c67f90603
-  data.tar.gz: 6df31c772412e410df1465d501a732665501dd763307804656f4fea95eb48ca269ec914882ac52830056b98c33d212d54b20359359fd0f8ae079eb652d65b2c4
+  metadata.gz: 563388213634d03963aea55ee27c196efd9ea4dc908edf39ea3bc4b8ff09abe518032174feba6554167024300d07e134b6d470f0ad8d2f034fdaf8e7859de6a1
+  data.tar.gz: ae48b871d69ab5053e56c9acb69c8dead5bdb04fa2e8dc75f4bf2673907b5891aab4b6aa99045daf2db2def1d44b495ad8026fd575ddc7a16c838c8a0e3b69c6

data/bin/fuzz-web-dir.rb

@@ -25,6 +25,16 @@ Eg: fuzz-web-dir.rb -e php,txt --hc 303,404  https://example.com\n\n"
     optp.on('-p PAUSE', Float, 'Pause the fuzz for N second.') do |p|
       init.wait = p
     end
+    optp.on('-d' , "Enable decoy for evate the fire wall. add #{FUZZ_WEB_DIR_PROXY_FILE} for default decoy list. x.x.x.x:p format.") do |d|
+      init.decoy = true
+    end
+    optp.on('-D DECOY' , "Use decoy file.") do |d|
+      init.decoy = true
+      init.pfile = d
+    end
+    optp.on('-n', 'Run decoy with out checking it. It may affect the result.') do
+      init.check = false
+    end
     optp.on('-t MAXTHREAD', Integer, "Maximum concurrency. (default:#{FUZZ_WEB_DIR_MAX_THREAD})") do |t|
       init.max_thread = t
     end
@@ -86,4 +96,5 @@ rescue (EOFError) => e
 rescue (Interrupt) => e
   puts "\e[1A\e[C"
 rescue => e
+  puts e
 end

data/lib/m4dh4v45b1n/fuzz-web-dir.rb

@@ -1,6 +1,7 @@
 require_relative 'version'
 require_relative 'rand-util'
 require 'json'
+require 'openssl'
 require 'net/http';
 def wordlist
   Gem::path.map do |p|
@@ -15,9 +16,10 @@ FUZZ_WEB_DIR_DICT= wordlist
 FUZZ_WEB_DIR_HIDE_CODE=['404']
 FUZZ_WEB_DIR_EXT = ['php', 'txt', 'html', 'xml']
 FUZZ_WEB_DIR_HEADER = '{}'
-FUZZ_WEB_DIR_TIMEOUT = 1    # SECONDS
+FUZZ_WEB_DIR_TIMEOUT = 3    # SECONDS
 FUZZ_WEB_DIR_MAX_THREAD = 24
 FUZZ_WEB_DIR_WAIT = 0
+FUZZ_WEB_DIR_PROXY_FILE = "#{ENV['HOME']}/.proxies.txt"
 =begin
 var = Fuzz_web_dir::new
 var.url = "http://example.com"  *
@@ -30,7 +32,7 @@ var.max_thread = 24
 var.ext = ['php','txt']
 =end
 class Fuzz_web_dir
-  attr_accessor :url,:dict,:hide_code,:hide_line,:hide_char,:show_code,:show_line,:show_char,:timeout,:max_thread,:ext,:out,:wait
+  attr_accessor :url,:dict,:hide_code,:hide_line,:hide_char,:show_code,:show_line,:show_char,:timeout,:max_thread,:ext,:out,:wait,:proxy,:decoy,:last_decoy, :pfile,:check
   def initialize()
     @dict = FUZZ_WEB_DIR_DICT
     @hide_code = FUZZ_WEB_DIR_HIDE_CODE
@@ -44,11 +46,42 @@ class Fuzz_web_dir
     @header = FUZZ_WEB_DIR_HEADER
     @ext = FUZZ_WEB_DIR_EXT
     @wait = FUZZ_WEB_DIR_WAIT
+    @decoy = false
+    @check = true
+    @last_decoy = ''
+    @pfile = FUZZ_WEB_DIR_PROXY_FILE
   end
   def show_result(url_)
     begin
       @header['User-Agent'] = rand_user_agent
-      res_ = Net::HTTP::get_response(URI(url_), @header)
+      if @decoy
+        proxy_ = @last_decoy
+        loop do
+          proxy_ = @proxy.shuffle[0]
+          if proxy_[0] != @last_decoy
+            @last_decoy = proxy_[0]+":"+proxy_[1]
+            break
+          end
+        end
+        proxy = Net::HTTP::Proxy(proxy_[0],proxy_[1].to_i)
+        uri = URI url_
+        uri.query = @header.to_s
+        req = Net::HTTP::Get::new(uri.path)
+        @header.keys.map do |k|
+          req[k] = @header[k]
+        end
+        if uri.scheme == 'https'
+          res_ = proxy.start(uri.host,uri.port,:use_ssl=>true,:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http|     
+            http.request(req)
+          end
+        else
+          res_ = proxy.start(uri.host,uri.port) do |http|
+            http.request(req)
+          end
+        end
+      else
+        res_ = Net::HTTP::get_response(URI(url_), @header)
+      end
       line_ = res_.body.split("\n").length
       char_ = res_.body.length
       code_ = res_.code
@@ -61,7 +94,12 @@ class Fuzz_web_dir
       if (@show_line.include? line_);put_it = true;end
       #if (code_ == '301' and char_ == 0 and line_ == 0);url_ += "/";end
       if put_it
-        puts "\r\e[32m#{url_}\e[0m  lines:\e[33m#{line_}\e[0m chrs:\e[35m#{char_}\e[0m status:\e[36m#{code_}\e[0m"
+        finally_ = "\r\e[32m#{url_}\e[0m  lines:\e[33m#{line_}\e[0m chrs:\e[35m#{char_}\e[0m status:\e[36m#{code_}\e[0m"
+        if !res_.header['Location'].nil?
+          finally_ += " \e[33;1m>\e[0m #{res_.header['Location']}"
+        end
+        puts finally_
+
         if !@out.nil?
           @out.write(url_ + "\n")
         end
@@ -73,7 +111,8 @@ class Fuzz_web_dir
         Thread::kill t
       end
     rescue => e
-      print "\rInvalideURL: #{@url}   "
+      print "\r#{e}"
+      #print "\rInvalideURL: #{@url}   "
     end
   end
   def print_status(key,  val)
@@ -91,7 +130,8 @@ class Fuzz_web_dir
       ["pause", "#{@wait}s"],
       ["hide /status/line/char", "#{@hide_code}/#{@hide_line}/#{@hide_char}"],
       ["show /status/line/char", "#{@show_code}/#{@show_line}/#{@show_char}"],
-      ["output", @out]
+      ["output", @out],
+      ["decoy-proxy", @proxy.length]
     ].map {|k,v| print_status(k, v)}
     puts "-"*45
   end
@@ -102,6 +142,10 @@ class Fuzz_web_dir
     @ext = @ext.map {|i| '.'+i }
     @ext.append("")
     @header = JSON::parse(@header)
+    if @decoy
+      @proxy = Pr0xy.new.get_proxies(@pfile,  @check)
+      #@proxy = [["http","127.0.0.1",8080],["http","127.0.0.2", 8081]]
+    end
     print_status_all
     if !@out.nil?
       @out = File.open(@out, "w")
@@ -130,7 +174,7 @@ class Fuzz_web_dir
           sleep(0.01 + @wait)
         end
         if string_line.length < 20
-          print "\r#{' '*50}\r> #{string_line.chomp}"
+          print "\r#{' '*60}\r> #{string_line.chomp}"
         end
       end
     end

data/lib/m4dh4v45b1n/rand-util.rb

@@ -1,3 +1,7 @@
+require 'net/http'
+
+PROXY_CACHE = ENV["HOME"] + "/.cache/m4dh4v45b1n/http-proxy.x7"
+
 USER_AGENTS = [
   "Mozilla/5.0 (X11; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0",
   "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)",
@@ -11,8 +15,82 @@ USER_AGENTS = [
   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.59",
   "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Vivaldi/4.0",
   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Vivaldi/4.0",
-  "Mozilla/5.0 (Linux; Android 11; LM-X420) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.120 Mobile Safari/537.36"
+  "Mozilla/5.0 (Linux; Android 11; LM-X420) AppleWebKit/537.36 (KHTML, likeGecko) Chrome/91.0.4472.120 Mobile Safari/537.36"
 ]
+
 def rand_user_agent
   return USER_AGENTS[rand(USER_AGENTS.length)]
 end
+
+class Pr0xy
+  attr_accessor :tmp, :proto
+  def initialize
+    @tmp = []
+  end
+  def check_if_the_proxy_is_up(host, port)
+    proxy = Net::HTTP::Proxy(
+      host,
+      port
+    )
+    begin
+      Timeout::timeout(10) do
+        uri = URI "http://ifconfig.me/"
+        req = Net::HTTP::Get::new(uri.path)
+        res = proxy.start(uri.host,uri.port) do |http|
+          http.request(req)
+        end
+        if res.code == '200' and
+            res.body.length <= 16 and
+            res.body.length >= 7 and
+            res.body.split(".").length == 4
+          print "."
+          return true
+        end
+      end
+    rescue => e
+    end
+    return false
+  end
+  def get_proxies(file, check)
+    if check
+      print "\e[33;1mChecking Proxy status\e[0m"
+    end
+    if File.file? file
+      File.open(file, "r").readlines.map do |l|
+        sleep 0.02
+        Thread.new do
+          if l.strip[0] != "#"
+            l = l.strip.split(":")
+            if check
+              if check_if_the_proxy_is_up(l[0],l[1])
+                @tmp.append([l[0],l[1]])
+              end
+            else
+              @tmp.append([l[0], l[1]])
+            end
+          end
+        end
+        while Thread::list.length > 100;end
+      end
+    else
+      puts "\rUnable to locate proxy file.'#{file}'"
+      exit
+    end
+    while Thread::list.length > 1;end;puts
+    if @tmp.length < 1
+      print "\rThere is no proxy is alive.\n" +
+        "please add proxy in ~/.proxies.txt to take default"+
+        " or specify fresh list with -D flag.\n"
+      exit
+    elsif @tmp.length <= 5
+      puts "\r#{@tmp.length} decoys are \e[31mDeductable\e[0m.\nAdd More decoy for better evation."
+      sleep 3
+    end
+    return @tmp
+  end
+end
+
+
+
+# test
+#puts  Pr0xy.new.get_proxies("../test/http-proxy.txt")

data/lib/m4dh4v45b1n/version.rb

@@ -1,2 +1,2 @@
 # frozen_string_literal: true
-VERSION = "0.1.3"
+VERSION = "0.1.4"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: m4dh4v45b1n
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - Madhava-mng
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-05 00:00:00.000000000 Z
+date: 2021-07-12 00:00:00.000000000 Z
 dependencies: []
 description: ''
 email: