Adding tokenize()

107678b3 · fwkz · 121eed79 · 107678b3 · 107678b3 · 107678b3
Commit 107678b3 authored Apr 16, 2016 by fwkz
Showing with 35 additions and 12 deletions

__init__.py routersploit/__init__.py +1 -0

ar_1004g_password_disclosure.py ...it/modules/exploits/asmax/ar_1004g_password_disclosure.py +8 -12

utils.py routersploit/utils.py +26 -0

No files found.
--- a/routersploit/__init__.py
+++ b/routersploit/__init__.py
@@ -7,6 +7,7 @@ from routersploit.utils import (
    sanitize_url,
    LockedIterator,
    http_request,
+    tokenize,
 )

 from routersploit import exploits

--- a/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
+++ b/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
-import re
-
 from routersploit import (
    exploits,
    sanitize_url,
@@ -7,6 +5,7 @@ from routersploit import (
    print_error,
    print_success,
    print_table,
+    tokenize,
    http_request,
 )

@@ -44,17 +43,14 @@ class Exploit(exploits.Exploit):
        except AttributeError:
            return

-        admin = re.findall("pwdAdmin = '(.+?)'", response)
-        if admin:
-            creds.append(('Admin', admin[0]))
-
-        support = re.findall("pwdSupport = '(.+?)'", response)
-        if support:
-            creds.append(('Support', support[0]))
+        tokens = [
+            ("Admin", r"pwdAdmin = '(.+?)'"),
+            ("Support", r"pwdSupport = '(.+?)'"),
+            ("User", r"pwdUser = '(.+?)'")
+        ]

-        user = re.findall("pwdUser = '(.+?)'", response)
-        if user:
-            creds.append(('User', user[0]))
+        for token in tokenize(tokens, response):
+            creds.append((token.typ, token.value))

        if creds:
            print_success("Credentials found!")

--- a/routersploit/utils.py
+++ b/routersploit/utils.py
@@ -2,6 +2,8 @@ from __future__ import print_function
 import threading
 from functools import wraps
 import sys
+import re
+import collections

 import requests

@@ -259,3 +261,27 @@ def http_request(method, url, **kwargs):
    except requests.RequestException as error:
        print_error(error)
        return
+
+
+def tokenize(token_specification, text):
+    Token = collections.namedtuple('Token', ['typ', 'value', 'line', 'column', 'mo'])
+
+    token_specification.extend((
+        ('NEWLINE', r'\n'),          # Line endings
+        ('SKIP', r'.'),              # Any other character
+    ))
+
+    tok_regex = '|'.join('(?P<%s>%s)' % pair for pair in token_specification)
+    line_num = 1
+    line_start = 0
+    for mo in re.finditer(tok_regex, text):
+        kind = mo.lastgroup
+        value = mo.group(kind)
+        if kind == 'NEWLINE':
+            line_start = mo.end()
+            line_num += 1
+        elif kind == 'SKIP':
+            pass
+        else:
+            column = mo.start() - line_start
+            yield Token(kind, value, line_num, column, mo)