Re: [W3af-develop] dir_bruter redundant brute force

Thu, 27 Sep 2012 16:57:00 -0700 

Tomas,

    Thanks for the patch! I've been working on improvements in my
threading2 branch, where I think this was fixed [0], could you please
verify?

[0] 
http://sourceforge.net/apps/trac/w3af/browser/branches/threading2/plugins/crawl/dir_bruter.py

On Tue, Sep 25, 2012 at 9:27 PM, Tomas Velazquez
<tomas.velazqu...@gmail.com> wrote:
> Hi list,
>
> I see that dir_bruter brute force the same folder more than once. This
> redundancy increases if you add other plugins like webSpider.
>
> Regards,
>
>
> Possible patch:
>
> Index: dir_bruter.py
> ===================================================================
> --- dir_bruter.py       (revision 5824)
> +++ dir_bruter.py       (working copy)
> @@ -53,6 +53,7 @@
>          # Internal variables
>          self._fuzzable_requests = []
>          self._tested_base_url = False
> +        self._already_done = []
>
>      def discover(self, fuzzableRequest ):
>          '''
> @@ -82,6 +83,9 @@
>                  to_test.append( domain_path )
>
>              for base_path in to_test:
> +              # Check if the url is a folder and if the url already been
> bruteforced
> +              if base_path.url_string.endswith('/') and filter(lambda x:
> x.url_string==base_path.url_string,self._already_done) == []:
> +                self._already_done.append(base_path)
>                  # Send the requests using threads:
>                  self._run_async(
>                              meth=self._bruteforce_directories,
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-develop mailing list
> W3af-develop@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://ad.doubleclick.net/clk;258768047;13503038;j?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to