mirror of https://github.com/OWASP/Nettacker.git
Correct the issue with port scanner output (#978)
The issue caused the program to erroneously run a regex pattern on HTML content instead of the request data. This was because the port number wasn't displayed in the HTML's body content. The commit rectifies this problem, ensuring that regex operates on the correct data.
This commit is contained in:
tanaydin sirin
GitHub
parent
f65f9bc972
commit
9aaa7033a5
|
|
@ -233,10 +233,12 @@ class SocketEngine(BaseEngine):
|
|||
return response
|
||||
if sub_step["method"] == "tcp_connect_send_and_receive":
|
||||
if response:
|
||||
received_content = response["response"]
|
||||
for condition in conditions:
|
||||
regex = re.findall(
|
||||
re.compile(conditions[condition]["regex"]), received_content
|
||||
re.compile(conditions[condition]["regex"]),
|
||||
response["response"]
|
||||
if condition != "open_port"
|
||||
else str(response["peer_name"][1]),
|
||||
)
|
||||
reverse = conditions[condition]["reverse"]
|
||||
condition_results[condition] = reverse_and_regex_condition(regex, reverse)
|
||||
|
|
|
|||
|
|
@ -1028,7 +1028,7 @@ payloads:
|
|||
condition_type: or
|
||||
conditions:
|
||||
open_port:
|
||||
regex: ""
|
||||
regex: \d{{1,5}}
|
||||
reverse: false
|
||||
|
||||
ftp: &ftp
|
||||
|
|
|
|||
|
|
@ -9,6 +9,10 @@ class Responses:
|
|||
|
||||
tcp_connect_send_and_receive = {
|
||||
"response": 'HTTP/1.1 400 Bad Request\r\nServer: Apache/2.4.62 (Debian)\r\nContent-Length: 302\r\nConnection: close\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n<hr>\n<address>Apache/2.4.62 (Debian)</address>\n</body></html>\n',
|
||||
"peer_name": (
|
||||
"127.0.0.1",
|
||||
80,
|
||||
),
|
||||
"ssl_flag": True,
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue