PageRenderTime 46ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/src/pentest/grabber/spider.py

https://github.com/sullivanmatt/Raspberry-Pwn
Python | 578 lines | 554 code | 11 blank | 13 comment | 21 complexity | d6a70c3c3a3252c548f5dffa8f73aabf MD5 | raw file
Possible License(s): BSD-3-Clause, AGPL-1.0, MPL-2.0-no-copyleft-exception, GPL-2.0, GPL-3.0 
    

  1. #!/usr/bin/env python

    2. 

  2. """

    3. 

  3. 	Spider Module for Grabber v0.1

    4. 

  4. 	Copyright (C) 2006 - Romain Gaucher - http://rgaucher.info

    5. 

  5. """

    6. 

  6. import urllib

    7. 

  7. import time

    8. 

  8. import re,sys,os,string

    9. 

  9. from BeautifulSoup import BeautifulSoup,SoupStrainer

    10. 

  10. from urllib2 import URLError, HTTPError

    11. 

  11. COOKIEFILE = 'cookies.lwp'          # the path and filename that you want to use to save your cookies in

    12. 

  12. import os.path

    13. 

  13. cj = None

    14. 

  14. ClientCookie = None

    15. 

  15. cookielib = None

    16. 

  16. 

    17. 

  17. import cookielib

    18. 

  18. import urllib2

    19. 

  19. urlopen = urllib2.urlopen

    20. 

  20. cj = cookielib.LWPCookieJar()       # This is a subclass of FileCookieJar that has useful load and save methods

    21. 

  21. Request = urllib2.Request

    22. 

  22. txdata = None

    23. 

  23. refererUrl = "http://google.com/?q=you!"

    24. 

  24. txheaders = {'User-agent' : 'Grabber/0.1 (X11; U; Linux i686; en-US; rv:1.7)', 'Referer' : refererUrl}

    25. 

  25. 

    26. 

  26. allowed=['php','html','htm','xml','xhtml','xht','xhtm',

    27. 

  27.          'asp','aspx','msp','mspx','php3','php4','php5','txt','shtm',

    28. 

  28. 	    'shtml','phtm','phtml','jhtml','pl','jsp','cfm','cfml','do','py',

    29. 

  29. 		'js', 'css']

    30. 

  30. database     = {}

    31. 

  31. database_url = []

    32. 

  32. database_css = []

    33. 

  33. database_js  = []

    34. 

  34. database_ext = [] # database of unsecure external links

    35. 

  35. local_url    = []

    36. 

  36. dumb_params  = [] # if there is no parameters associated with a given URL, associate this list of "whatever looks like"

    37. 

  37. root = "http://localhost"

    38. 

  38. 

    39. 

  39. 

    40. 

  40. outSpiderFile = None

    41. 

  41. 

    42. 

  42. """

    43. 

  43. 	database = {

    44. 

  44. 	 u"URL" : {'GET' : {'param1':value}, 'POST' : { 'param2' : value }},

    45. 

  45. 	 u"URL" : {'GET' : {'param1':value}, 'POST' : { 'param2' : value }},

    46. 

  46. 	 u"URL" : {'GET' : {'param1':value}, 'POST' : { 'param2' : value }}

    47. 

  47. 	}

    48. 

  48. """

    49. 

  49. _urlEncode = {}

    50. 

  50. for i in range(256):

    51. 

  51. 	_urlEncode[chr(i)] = '%%%02x' % i

    52. 

  52. for c in string.letters + string.digits + '_,.-/':

    53. 

  53. 	_urlEncode[c] = c

    54. 

  54. _urlEncode[' '] = '+'

    55. 

  55. 

    56. 

  56. 

    57. 

  57. def urlEncode(s):

    58. 

  58. 	""" 

    59. 

  59. 		Returns the encoded version of the given string, safe for using as a URL. 

    60. 

  60. 	"""

    61. 

  61. 	return string.join(map(lambda c: _urlEncode[c], list(s)), '')

    62. 

  62. 

    63. 

  63. 

    64. 

  64. 

    65. 

  65. def urlDecode(s):

    66. 

  66. 	""" 

    67. 

  67. 		Returns the decoded version of the given string. Note that invalid URLs will throw exceptons. 

    68. 

  68. 		For example, a URL whose % coding is incorrect. 

    69. 

  69. 	"""

    70. 

  70. 	mychr = chr

    71. 

  71. 	atoi = string.atoi

    72. 

  72. 	parts = string.split(string.replace(s, '+', ' '), '%')

    73. 

  73. 	for i in range(1, len(parts)):

    74. 

  74. 		part = parts[i]

    75. 

  75. 		parts[i] = mychr(atoi(part[:2], 16)) + part[2:]

    76. 

  76. 	return string.join(parts, '')

    77. 

  77. 

    78. 

  78. 

    79. 

  79. 

    80. 

  80. def htmlencode(s):

    81. 

  81. 	"""

    82. 

  82. 		Escaping the HTML special characters

    83. 

  83. 	"""

    84. 

  84.  	s = s.replace("&", "&")

    85. 

  85. 	s = s.replace("<", "&lt;")

    86. 

  86. 	s = s.replace(">", "&gt;")

    87. 

  87. 	s = s.replace("\"","&quot;")

    88. 

  88. 	s = s.replace("'", "&apos;")

    89. 

  89. 	return s

    90. 

  90. 

    91. 

  91. 

    92. 

  92. 

    93. 

  93. def htmldecode(s):

    94. 

  94. 	"""

    95. 

  95. 		Unescaping the HTML special characters

    96. 

  96. 	"""

    97. 

  97. 	s = s.replace("&lt;", "<")

    98. 

  98. 	s = s.replace("&gt;", ">")

    99. 

  99. 	s = s.replace("&quot;", "\"")

    100. 

  100. 	s = s.replace("&apos;","'")

    101. 

  101. 	s = s.replace("&amp;", "&")

    102. 

  102. 	return s

    103. 

  103. 

    104. 

  104. 

    105. 

  105. 

    106. 

  106. def getContentDirectURL_GET(url, string):

    107. 

  107. 	"""

    108. 

  108. 		Get the content of the url by GET method

    109. 

  109. 	"""

    110. 

  110. 	ret = ""

    111. 

  111. 	try:

    112. 

  112. 		if len(string) > 0:

    113. 

  113. 			url = url + "?" + (string)

    114. 

  114. 		opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))

    115. 

  115. 		urllib2.install_opener(opener)

    116. 

  116. 		req = Request(url, None, txheaders) # create a request object

    117. 

  117. 		ret = urlopen(req)                     # and open it to return a handle on the url

    118. 

  118. 	except HTTPError, e:

    119. 

  119. 		return

    120. 

  120. 	except URLError, e:

    121. 

  121. 		return

    122. 

  122. 	except IOError:

    123. 

  123. 		return

    124. 

  124. 	return ret

    125. 

  125. 

    126. 

  126. 

    127. 

  127. 

    128. 

  128. def scan(currentURL):

    129. 

  129. 	"""

    130. 

  130. 		The Scanner is the first part of Grabber.

    131. 

  131. 		It retrieves every information of the HTML page

    132. 

  132. 		TODO:

    133. 

  133. 			Reading in every href='' element for CSS and src='' for JavaScript / Image

    134. 

  134. 	"""

    135. 

  135. 	try:

    136. 

  136. 		archives_hDl = getContentDirectURL_GET(currentURL,'')

    137. 

  137. 	except IOError:

    138. 

  138. 		log <= ("IOError @ %s" % currentURL)

    139. 

  139. 	try:

    140. 

  140. 		htmlContent= archives_hDl.read()

    141. 

  141. 	except IOError, e:

    142. 

  142. 		print "Cannot open the file,",(e.strerror)

    143. 

  143. 		return

    144. 

  144. 	except AttributeError:

    145. 

  145. 		print ("Grabber cannot retrieve the given url: %s" % currentURL)

    146. 

  146. 		return

    147. 

  147. 	parseHtmlLinks (currentURL,htmlContent)

    148. 

  148. 	parseHtmlParams(currentURL,htmlContent)

    149. 

  149. 

    150. 

  150. def allowedExtensions(plop):

    151. 

  151. 	for e in allowed:

    152. 

  152. 		if '.'+e in plop:

    153. 

  153. 			return True

    154. 

  154. 	return False

    155. 

  155. 

    156. 

  156. 

    157. 

  157. 

    158. 

  158. def makeRoot(urlLocal):

    159. 

  159. 	if allowedExtensions(urlLocal):

    160. 

  160. 		return urlLocal[0:urlLocal.rfind('/')+1]

    161. 

  161. 	return urlLocal

    162. 

  162. 

    163. 

  163. 

    164. 

  164. 

    165. 

  165. def giveGoodURL(href, urlLocal):

    166. 

  166. 	"""

    167. 

  167. 		It should return a good url...

    168. 

  168. 		href = argument retrieven from the href...

    169. 

  169. 	"""

    170. 

  170. 	if 'javascript' in href:

    171. 

  171. 		return htmldecode(urlLocal)

    172. 

  172. 	if 'http://' in href or 'https://' in href:

    173. 

  173. 		if urlLocal in href:

    174. 

  174. 			return htmldecode(href)

    175. 

  175. 		else:

    176. 

  176. 			return urlLocal

    177. 

  177. 	if len(href) < 1:

    178. 

  178. 		return htmldecode(urlLocal)

    179. 

  179. 	if href[0] == '?' and '?' not in urlLocal and not allowedExtensions(urlLocal):

    180. 

  180. 		for e in allowed:

    181. 

  181. 			if '.'+e in urlLocal:

    182. 

  182. 				return htmldecode(urlLocal + href)

    183. 

  183. 		return htmldecode(urlLocal + '/' + href)

    184. 

  184. 	else:

    185. 

  185. 		# simple name

    186. 

  186. 		if allowedExtensions(urlLocal) or '?' in urlLocal:

    187. 

  187. 			return htmldecode(urlLocal[0:urlLocal.rfind('/')+1] + href)

    188. 

  188. 		else:

    189. 

  189. 			return htmldecode(urlLocal + '/' + href)

    190. 

  190. 	return htmldecode(href)

    191. 

  191. 

    192. 

  192. 

    193. 

  193. def dl(fileAdress, destFile):

    194. 

  194. 	"""

    195. 

  195. 		Download the file

    196. 

  196. 	"""

    197. 

  197. 	try:

    198. 

  198. 		f =  urllib.urlopen(fileAdress)

    199. 

  199. 		g = f.read()

    200. 

  200. 		file = open(os.path.join('./', destFile), "wb")

    201. 

  201. 	except IOError:

    202. 

  202. 		return False

    203. 

  203. 	file.write(g)

    204. 

  204. 	file.close()

    205. 

  205. 	return True

    206. 

  206. 

    207. 

  207. 

    208. 

  208. def removeSESSID(urlssid):

    209. 

  209. 	"""

    210. 

  210. 		Remove the phpsessid information... don't care about it now

    211. 

  211. 	"""

    212. 

  212. 	k = urlssid.find('PHPSESSID')

    213. 

  213. 	if k > 0:

    214. 

  214. 		return urlssid[0:k-1]

    215. 

  215. 	k = urlssid.find('sid')

    216. 

  216. 	if k > 0:

    217. 

  217. 		return urlssid[0:k-1]

    218. 

  218. 	return urlssid

    219. 

  219. 

    220. 

  220. def parseHtmlLinks(currentURL,htmlContent):

    221. 

  221. 	global database_url,database_js,database_css

    222. 

  222. 	"""

    223. 

  223. 		Parse the HTML/XHTML code to get JS, CSS, links etc.

    224. 

  224. 	"""

    225. 

  225. 	links = SoupStrainer('a')

    226. 

  226. 	# listAnchors = [tag['href'] for tag in BeautifulSoup(htmlContent, parseOnlyThese=links)]

    227. 

  227. 	listAnchors = []

    228. 

  228. 	for tag in BeautifulSoup(htmlContent, parseOnlyThese=links):

    229. 

  229. 		try:

    230. 

  230. 			string = str(tag).lower()

    231. 

  231. 			if string.count("href") > 0:

    232. 

  232. 				listAnchors.append(tag['href'])

    233. 

  233. 		except TypeError:

    234. 

  234. 			continue

    235. 

  235. 		except KeyError:

    236. 

  236. 			continue

    237. 

  237. 

    238. 

  238. 	for a in listAnchors:

    239. 

  239. 		goodA = giveGoodURL(a,currentURL)

    240. 

  240. 		goodA = removeSESSID(goodA)

    241. 

  241. 		if (root in goodA) and (goodA not in database_url):

    242. 

  242. 			database_url.append(goodA)

    243. 

  243. 

    244. 

  244. 	# parse the CSS and the JavaScript

    245. 

  245. 	script = SoupStrainer('script')

    246. 

  246. 	#listScripts = [tag['src'] for tag in BeautifulSoup(htmlContent, parseOnlyThese=script)]

    247. 

  247. 	listScripts = []

    248. 

  248. 	for tag in BeautifulSoup(htmlContent, parseOnlyThese=script):

    249. 

  249. 		try:

    250. 

  250. 			string = str(tag).lower()

    251. 

  251. 			if string.count("src") > 0 and string.count(".src") < 1:

    252. 

  252. 				listScripts.append(tag['src'])

    253. 

  253. 		except TypeError:

    254. 

  254. 			continue

    255. 

  255. 		except KeyError:

    256. 

  256. 			continue

    257. 

  257. 

    258. 

  258. 	for a in listScripts:

    259. 

  259. 		sc = giveGoodURL(a,currentURL)

    260. 

  260. 		if sc not in database_js:

    261. 

  261. 			database_js.append(sc)

    262. 

  262. 		if sc == currentURL:

    263. 

  263. 			# remote script

    264. 

  264. 			database_ext.append(sc)

    265. 

  265. 	parseJavaScriptCalls()

    266. 

  266. 

    267. 

  267. 	link = SoupStrainer('link')

    268. 

  268. 	# listLinks = [tag['href'] for tag in BeautifulSoup(htmlContent, parseOnlyThese=link)]

    269. 

  269. 	listLinks = []

    270. 

  270. 	for tag in BeautifulSoup(htmlContent, parseOnlyThese=link):

    271. 

  271. 		try:

    272. 

  272. 			string = str(tag).lower()

    273. 

  273. 			if string.count("href") > 0:

    274. 

  274. 				listLinks.append(tag['href'])

    275. 

  275. 		except TypeError:

    276. 

  276. 			continue

    277. 

  277. 		except KeyError:

    278. 

  278. 			continue

    279. 

  279. 

    280. 

  280. 	for a in listLinks:

    281. 

  281. 		sc = giveGoodURL(a,currentURL)

    282. 

  282. 		if sc not in database_css:

    283. 

  283. 			database_css.append(sc)

    284. 

  284. 	return True

    285. 

  285. 

    286. 

  286. jsChars = ["'",'"']

    287. 

  287. 

    288. 

  288. def rfindFirstJSChars(string):

    289. 

  289. 	b = [string.rfind(k) for k in jsChars]

    290. 

  290. 	return max(b)

    291. 

  291. 

    292. 

  292. regDumbParam = re.compile(r'(\w+)')

    293. 

  293. regDumbParamNumber = re.compile(r'(\d+)')

    294. 

  294. 

    295. 

  295. jsParams = ["'",'"','=','+','%','\\',')','(','^','*','-']

    296. 

  296. 

    297. 

  297. def cleanListDumbParams(listDumb):

    298. 

  298. 	newDumbList = []

    299. 

  299. 	for w in listDumb:

    300. 

  300. 		w = w.replace(' ','')

    301. 

  301. 		w = w.replace('\n','')

    302. 

  302. 		#l = [c for c in jsParams if c in w] # no jsParams

    303. 

  303. 		if len(w) > 0 and regDumbParam.match(w) and not regDumbParamNumber.match(w):

    304. 

  304. 			newDumbList.append(w)

    305. 

  305. 	return newDumbList

    306. 

  306. 

    307. 

  307. def unique(L):

    308. 

  308. 	noDupli=[]

    309. 

  309. 	[noDupli.append(i) for i in L if not noDupli.count(i)]

    310. 

  310. 	return noDupli

    311. 

  311. 

    312. 

  312. def flatten(L):

    313. 

  313. 	if type(L) != type([]):

    314. 

  314. 		return [L]

    315. 

  315. 	if L == []:

    316. 

  316. 		return L

    317. 

  317. 	return reduce(lambda L1,L2:L1+L2,map(flatten,L))

    318. 

  318. 

    319. 

  319. 

    320. 

  320. def parseJavaScriptContent(jsContent):

    321. 

  321. 	global database_url, database_ext, dumb_params

    322. 

  322. 	"""

    323. 

  323. 		Parse the content of a JavaScript file

    324. 

  324. 	"""

    325. 

  325. 	for l in jsContent.readlines():

    326. 

  326. 		for e in allowed:

    327. 

  327. 			if l.count('.'+e) > 0:

    328. 

  328. 				# we found an external a call

    329. 

  329. 				if l.count('http://') > 0 and l.count(root) < 1:

    330. 

  330. 					# External link

    331. 

  331. 					et= '.'+e

    332. 

  332. 					b1 = l.find('http://')

    333. 

  333. 					b2 = l.find(et) + len(et)

    334. 

  334. 					database_ext.append(l[b1:b2])

    335. 

  335. 				else:

    336. 

  336. 					# Internal link

    337. 

  337. 					et= '.'+e

    338. 

  338. 					b2 = l.find(et) + len(et)

    339. 

  339. 					b1 = rfindFirstJSChars(l[:b2])+1

    340. 

  340. 					database_url.append(giveGoodURL(l[b1:b2],root))

    341. 

  341. 		# try to get a parameter

    342. 

  342. 		k = l.find('?')

    343. 

  343. 		if k > 0:

    344. 

  344. 			results = l[k:].split('?')

    345. 

  345. 			plop = []

    346. 

  346. 			for a in results:

    347. 

  347. 				plop.append(cleanListDumbParams(regDumbParam.split(a)))

    348. 

  348. 			dumb_params.append(flatten(plop))

    349. 

  349. 		k = l.find('&')

    350. 

  350. 		if k > 0:

    351. 

  351. 			results = l[k:].split('&')

    352. 

  352. 			plop = []

    353. 

  353. 			for a in results:

    354. 

  354. 				plop.append(cleanListDumbParams(regDumbParam.split(a)))

    355. 

  355. 			plop = flatten(plop)

    356. 

  356. 			dumb_params.append(flatten(plop))

    357. 

  357. 	dumb_params = unique(flatten(dumb_params))

    358. 

  358. 

    359. 

  359. def parseJavaScriptCalls():

    360. 

  360. 	global database_js

    361. 

  361. 	"""

    362. 

  362. 		Parse the JavaScript and download the files

    363. 

  363. 	"""

    364. 

  364. 	for j in database_js:

    365. 

  365. 		jsName = j[j.rfind('/')+1:]

    366. 

  366. 		if not os.path.exists('local/js/' + jsName):

    367. 

  367. 			# first download the file

    368. 

  368. 			dl(j,'local/js/' + jsName)

    369. 

  369. 			try:

    370. 

  370. 				jsContent = open('local/js/' + jsName, 'r')

    371. 

  371. 			except IOError:

    372. 

  372. 				continue

    373. 

  373. 			parseJavaScriptContent(jsContent)

    374. 

  374. 			jsContent.close()

    375. 

  375. 

    376. 

  376. def splitQuery(query_string):

    377. 

  377. 	"""

    378. 

  378. 		Split the num=plop&truc=kikoo&o=42 into

    379. 

  379. 		a dictionary

    380. 

  380. 	"""

    381. 

  381. 	try:

    382. 

  382. 		d = dict([x.split('=') for x in query_string.split('&') ])

    383. 

  383. 	except ValueError:

    384. 

  384. 		d = {}

    385. 

  385. 	return d

    386. 

  386. 

    387. 

  387. def dict_add(d1,d2):

    388. 

  388. 	"""

    389. 

  389. 		Flatten 2 dictionaries

    390. 

  390. 	"""

    391. 

  391. 	d={}

    392. 

  392. 	if len(d1):

    393. 

  393. 		for s in d1.keys():

    394. 

  394. 			d[s] = d1[s]

    395. 

  395. 	if len(d2):

    396. 

  396. 		for s in d2.keys():

    397. 

  397. 			d[s] = d2[s]

    398. 

  398. 	return d

    399. 

  399. 

    400. 

  400. def dict_add_list(d1,l1):

    401. 

  401. 	d={}

    402. 

  402. 	if len(d1):

    403. 

  403. 		for s in d1.keys():

    404. 

  404. 			d[s] = d1[s]

    405. 

  405. 	if len(l1):

    406. 

  406. 		for s in l1:

    407. 

  407. 			d[s] = 'bar'

    408. 

  408. 	return d

    409. 

  409. 

    410. 

  410. def parseHtmlParams(currentURL, htmlContent):

    411. 

  411. 	global database, database_css, database_js

    412. 

  412. 	"""

    413. 

  413. 		Parse html to get args

    414. 

  414. 	"""

    415. 

  415. 	for url in database_url:

    416. 

  416. 		k = url.find('?')

    417. 

  417. 		if k > 0:

    418. 

  418. 			keyUrl = url[0:k-1]

    419. 

  419. 			query = url[k+1:]

    420. 

  420. 			if not keyUrl in database:

    421. 

  421. 				database[keyUrl] = {}

    422. 

  422. 				database[keyUrl]['GET']  = {}

    423. 

  423. 				database[keyUrl]['POST'] = {}

    424. 

  424. 			lG = database[keyUrl]['GET']

    425. 

  425. 			lG = dict_add(lG,splitQuery(query))

    426. 

  426. 			database[keyUrl]['GET']  = lG

    427. 

  427. 		elif len(dumb_params) > 0:

    428. 

  428. 			keyUrl = url

    429. 

  429. 			# no params in the URL... let's assign the dumb_params

    430. 

  430. 			if not keyUrl in database:

    431. 

  431. 				database[keyUrl] = {}

    432. 

  432. 				database[keyUrl]['GET']  = {}

    433. 

  433. 				database[keyUrl]['POST'] = {}

    434. 

  434. 			lG = database[keyUrl]['GET']

    435. 

  435. 			lP = database[keyUrl]['POST']

    436. 

  436. 			lG = dict_add_list(lG,dumb_params)

    437. 

  437. 			lP = dict_add_list(lP,dumb_params)

    438. 

  438. 			database[keyUrl]['GET']  = lG

    439. 

  439. 			database[keyUrl]['POST'] = lP

    440. 

  440. 

    441. 

  441. 	# then, parse the forms

    442. 

  442. 	forms = SoupStrainer('form')

    443. 

  443. 	input = SoupStrainer('input')

    444. 

  444. 	listForm = [tag for tag in BeautifulSoup(htmlContent, parseOnlyThese=forms)]

    445. 

  445. 	for f in listForm:

    446. 

  446. 		method = 'GET'

    447. 

  447. 		if 'method' in f or 'METHOD' in f:

    448. 

  448. 			method = f['method'].upper()

    449. 

  449. 		action = currentURL

    450. 

  450. 		if 'action' in f or 'ACTION' in f:

    451. 

  451. 			action = f['action']

    452. 

  452. 		keyUrl = giveGoodURL(action,currentURL)

    453. 

  453. 		listInput = [tag for tag in BeautifulSoup(str(f), parseOnlyThese=input)]

    454. 

  454. 		for i in listInput:

    455. 

  455. 			if not keyUrl in database:

    456. 

  456. 				database[keyUrl] = {}

    457. 

  457. 				database[keyUrl]['GET']  = {}

    458. 

  458. 				database[keyUrl]['POST'] = {}

    459. 

  459. 			try:

    460. 

  460. 				value = i['value']

    461. 

  461. 			except KeyError:

    462. 

  462. 				value = '42'

    463. 

  463. 			try:

    464. 

  464. 				name = i['name']

    465. 

  465. 			except KeyError:

    466. 

  466. 				name = 'foo'

    467. 

  467. 				value= 'bar'

    468. 

  468. 				continue

    469. 

  469. 			lGP = database[keyUrl][method]

    470. 

  470. 			lGP = dict_add(lGP,{name : value})

    471. 

  471. 			database[keyUrl][method] = lGP

    472. 

  472. 	return True

    473. 

  473. 

    474. 

  474. 

    475. 

  475. def runSpiderScan(entryUrl, depth = 0):

    476. 

  476. 	global outSpiderFile

    477. 

  477. 	print "runSpiderScan @ ", entryUrl, " |   #",depth

    478. 

  478. 	if outSpiderFile:

    479. 

  479. 		outSpiderFile.write("\t\t<entryURL>%s</entryURL>\n" % entryUrl)

    480. 

  480. 	scan(entryUrl)

    481. 

  481. 	if depth > 0 and len(database_url) > 0:

    482. 

  482. 		for a in database_url:

    483. 

  483. 			runSpiderScan(a, depth-1)

    484. 

  484. 		return False

    485. 

  485. 	return True

    486. 

  486. 

    487. 

  487. 

    488. 

  488. def spider(entryUrl, depth = 0):

    489. 

  489. 	global root,outSpiderFile

    490. 

  490. 	"""

    491. 

  491. 		Retrieve every links

    492. 

  492. 	"""

    493. 

  493. 	if depth > 0:

    494. 

  494. 		root = makeRoot(entryUrl)

    495. 

  495. 	else:

    496. 

  496. 		root = entryUrl

    497. 

  497. 	

    498. 

  498. 	# test if the spider has already be done on this website

    499. 

  499. 	try:

    500. 

  500. 		f = open("local/spiderSite.xml", 'r')

    501. 

  501. 		firstLine = f.readline()

    502. 

  502. 		f.close()

    503. 

  503. 		if firstLine.count(root) > 0:

    504. 

  504. 			alreadyScanned = True

    505. 

  505. 		else:

    506. 

  506. 			alreadyScanned = False

    507. 

  507. 	except IOError:

    508. 

  508. 		alreadyScanned = False

    509. 

  509. 

    510. 

  510. 	print "Start scanning...", root

    511. 

  511. 	if depth == 0:

    512. 

  512. 		scan(root)

    513. 

  513. 	else:

    514. 

  514. 		if not alreadyScanned:

    515. 

  515. 			outSpiderFile = open("local/spiderSite.xml","w")

    516. 

  516. 			outSpiderFile.write("<spider root='%s' depth='%d'>\n" % (root,depth) )

    517. 

  517. 			runSpiderScan(root, depth)

    518. 

  518. 			if len(dumb_params) > 0:

    519. 

  519. 				outSpiderFile.write("<dumb_parameters>\n")

    520. 

  520. 				for d in dumb_params:

    521. 

  521. 					outSpiderFile.write("\t<dumb>%s</dumb>\n" % (d))

    522. 

  522. 				outSpiderFile.write("</dumb_parameters>\n")

    523. 

  523. 			outSpiderFile.write("\n</spider>")

    524. 

  524. 			outSpiderFile.close()

    525. 

  525. 		else:

    526. 

  526. 			print "Loading the previous spider results from 'local/spiderSite.xml'"

    527. 

  527. 			# load the XML file

    528. 

  528. 			regUrl = re.compile(r'(.*)<entryURL>(.*)</entryURL>(.*)',re.I)

    529. 

  529. 			regDmb = re.compile(r'(.*)<dumb>(.*)</dumb>(.*)',re.I)

    530. 

  530. 

    531. 

  531. 			f = open("local/spiderSite.xml", 'r')

    532. 

  532. 			for l in f.readlines():

    533. 

  533. 				if regUrl.match(l):

    534. 

  534. 					out = regUrl.search(l)

    535. 

  535. 					url = out.group(2)

    536. 

  536. 					database_url.append(url)

    537. 

  537. 				if regDmb.match(l):

    538. 

  538. 					out = regDmb.search(l)

    539. 

  539. 					param = out.group(2)

    540. 

  540. 					dumb_params.append(param)

    541. 

  541. 			f.close()

    542. 

  542. 

    543. 

  543. 			# scan every url

    544. 

  544. 			for currentURL in database_url:

    545. 

  545. 				try:

    546. 

  546. 					archives_hDl = getContentDirectURL_GET(currentURL,'')

    547. 

  547. 				except IOError:

    548. 

  548. 					log <= ("IOError @ %s" % currentURL)

    549. 

  549. 					continue

    550. 

  550. 				try:

    551. 

  551. 					htmlContent= archives_hDl.read()

    552. 

  552. 				except IOError, e:

    553. 

  553. 					continue

    554. 

  554. 				except AttributeError, e:

    555. 

  555. 					continue

    556. 

  556. 				parseHtmlParams(currentURL,htmlContent)

    557. 

  557. 

    558. 

  558. 

    559. 

  559. 	outSpiderFile = open("results/touchFiles.xml","w")

    560. 

  560. 	outSpiderFile.write("<spider root='%s'>\n" % root)

    561. 

  561. 	for i in database_url:

    562. 

  562. 		outSpiderFile.write("\t<url type='anchor'>%s</url>\n" % i)

    563. 

  563. 	for i in database_js:

    564. 

  564. 		outSpiderFile.write("\t<url type='JavaScript'>%s</url>\n" % i)

    565. 

  565. 	for i in database_css:

    566. 

  566. 		outSpiderFile.write("\t<url type='MetaLink'>%s</url>\n" % i)

    567. 

  567. 	outSpiderFile.write("</spider>")

    568. 

  568. 	outSpiderFile.close()

    569. 

  569. 

    570. 

  570. 	if len(database_ext) > 0:

    571. 

  571. 		# alert of External calls

    572. 

  572. 		outSpiderFile = open("results/externalCalls.xml","w")

    573. 

  573. 		outSpiderFile.write("<external>\n")

    574. 

  574. 		for i in database_ext:

    575. 

  575. 			outSpiderFile.write("\t<call severity='high'>%s</call>\n" % i)

    576. 

  576. 		outSpiderFile.write("</external>")

    577. 

  577. 		outSpiderFile.close()

    578. 

  578. 

    579. 

  579.