temp

solanav · Jan 15, 2024 · 93cc812 · 93cc812
1 parent cd5d339
commit 93cc812
Show file tree

Hide file tree

Showing 7 changed files with 374 additions and 25 deletions.
diff --git a/.vscode/alive/fasl/tmp.lisp b/.vscode/alive/fasl/tmp.lisp
@@ -0,0 +1,24 @@
+Vocabulario:
+
+(1) Spamtrap
+(2) Trapcode
+(3) Takedown
+(4) ISP
+(5) ASN
+(6) Registrar
+(7) Hosting
+(8) Phisher
+(9) Python
+(10) HTML
+(11) Endpoint
+(12) OSINT
+(13) Foros underground
+(14) Repositorio Git
+(15) Codigo libre
+(16) Script
+(17) CERT
+(18) Typosquatting
+(19) Cybersquatting
+(20) Servidor
+(21) Cliente
+(22) Proxy
diff --git a/phishflood/__main__.py b/phishflood/__main__.py
@@ -29,7 +29,7 @@ def hash_inputs(inputs: List[Input]) -> str:
 
 
 def flood_page(
-    page: Page, last_hash: str = ""
+    page: Page, last_hash: str = "", page_num: int = 0
 ) -> Optional[Tuple[str, InputList, Actions]]:
     """Returns a unique string identifying the inputs in the website"""
 
@@ -38,7 +38,11 @@ def flood_page(
     screenshot(page)
 
     # Get html and extract the inputs
-    html = page.content()
+    try:
+        html = page.content()
+    except:
+        return None
+
     res = extract_inputs(html)
     if len(res) > 0:
         fi, form, inputs = res[0]
@@ -81,6 +85,7 @@ def flood_page(
                 actions.append(
                     {
                         "action": "fill",
+                        "page": page_num,
                         "form": form.meta_id,
                         "input": inp.meta_id,
                         "value": text,
@@ -92,6 +97,7 @@ def flood_page(
                 actions.append(
                     {
                         "action": "fill",
+                        "page": page_num,
                         "form": form.meta_id,
                         "input": inp.meta_id,
                         "value": text,
@@ -103,6 +109,7 @@ def flood_page(
             actions.append(
                 {
                     "action": "ignore",
+                    "page": page_num,
                     "form": form.meta_id,
                     "input": inp.meta_id,
                     "value": "",
@@ -116,7 +123,7 @@ def flood_page(
 
     # Submit the form and continue
     form_locator.press("Enter")
-
+    
     return input_hash, res, actions
 
 
@@ -139,24 +146,27 @@ def extract_inputs_from_url(url: str) -> Optional[Dict[str, Any]]:
             return None
         print(f"Result: {res.status}")
 
+        page_num = 0
         forms = []
         actions = []
 
         # Flood the initial page
-        res = flood_page(page)
+        res = flood_page(page, "", page_num)
         if res is None:
             return None
         else:
             uid, inputs, acts = res
             actions += acts
             for _, f, i in inputs:
                 d = f.to_dict()
+                d["page"] = page_num
                 d["inputs"] = [x.to_dict() for x in i]
                 forms.append(d)
 
         # Flood the next 5 pages too
         for _ in range(5):
-            res = flood_page(page, uid)
+            page_num += 1
+            res = flood_page(page, uid, page_num)
             if res is None:
                 print("No more forms to flood")
                 break
@@ -165,6 +175,7 @@ def extract_inputs_from_url(url: str) -> Optional[Dict[str, Any]]:
                 actions += acts
                 for _, f, i in inputs:
                     d = f.to_dict()
+                    d["page"] = page_num
                     d["inputs"] = [x.to_dict() for x in i]
                     forms.append(d)
 
@@ -188,13 +199,23 @@ def extract_inputs_from_url(url: str) -> Optional[Dict[str, Any]]:
         os.system("rm -f samples/*.png")
 
         auth_headers = {"Authorization": f"Token {general_conf.TOKEN}"}
-
-        phishing_id = sha256(url.encode()).hexdigest()
+
+        from pprint import pprint; pprint(forms)
+
+        print(f"Uploading phishing {url}")
+        res = requests.post(
+            general_conf.API_URL + "phishing/",
+            json={"url": url},
+            headers=auth_headers,
+        )
+        phishing_id = res.json()["id"]
+        print(f"Uploaded phishing: {phishing_id}")
 
         # Post forms and inputs to the API
         for form in forms:
             raw_form = {
                 "phishing": phishing_id,
+                "page": form["page"],
                 "meta_id": form["meta_id"],
                 "html_id": form["id"],
                 "html_action": form["action"],
@@ -215,7 +236,7 @@ def extract_inputs_from_url(url: str) -> Optional[Dict[str, Any]]:
                 res = requests.post(
                     general_conf.API_URL + "input/",
                     json={
-                        "form": f"{phishing_id}-{form['meta_id']}",
+                        "form": f"{phishing_id}-{form['page']}-{form['meta_id']}",
                         "meta_id": input_["meta_id"],
                         "html_id": input_["id"],
                         "html_name": input_["name"],
@@ -233,8 +254,8 @@ def extract_inputs_from_url(url: str) -> Optional[Dict[str, Any]]:
                 general_conf.API_URL + "action/",
                 json={
                     "phishing": phishing_id,
-                    "form": f"{phishing_id}-{action['form']}",
-                    "input": f"{phishing_id}-{action['form']}-{action['input']}",
+                    "form": f"{phishing_id}-{action['page']}-{action['form']}",
+                    "input": f"{phishing_id}-{action['page']}-{action['form']}-{action['input']}",
                     "action": action["action"],
                     "value": action["value"],
                     "status": action["status"],

diff --git a/phishings/migrations/0005_alter_action_value_alter_phishing_url.py b/phishings/migrations/0005_alter_action_value_alter_phishing_url.py
@@ -0,0 +1,22 @@
+# Generated by Django 5.0 on 2024-01-15 12:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("phishings", "0004_alter_form_id_alter_input_id"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="action",
+            name="value",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AlterField(
+            model_name="phishing",
+            name="url",
+            field=models.URLField(max_length=512),
+        ),
+    ]
diff --git a/phishings/migrations/0006_form_page.py b/phishings/migrations/0006_form_page.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.0 on 2024-01-15 15:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("phishings", "0005_alter_action_value_alter_phishing_url"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="form",
+            name="page",
+            field=models.IntegerField(default=0),
+            preserve_default=False,
+        ),
+    ]
diff --git a/phishings/models.py b/phishings/models.py
@@ -18,20 +18,19 @@ class Form(models.Model):
     id = models.CharField(
         max_length=255, primary_key=True, default=None, editable=False
     )
-
     phishing = models.ForeignKey(
         Phishing, on_delete=models.CASCADE, related_name="forms"
     )
-
     meta_id = models.IntegerField()
+    page = models.IntegerField()
 
     html_id = models.CharField(max_length=255, null=True)
     html_action = models.CharField(max_length=255, null=True)
     html_method = models.CharField(max_length=255, null=True)
     html_type = models.CharField(max_length=255, null=True)
 
     def save(self, *args, **kwargs):
-        self.id = f"{self.phishing.id}-{self.meta_id}"
+        self.id = f"{self.phishing.id}-{self.page}-{self.meta_id}"
         super(Form, self).save(*args, **kwargs)