data/msfcrawler/forms.rb

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'pathname'
require 'nokogiri'
require 'uri'

class CrawlerForms < BaseParser

  def parse(request,result)
    return unless result['Content-Type'].include?('text/html')

    doc = Nokogiri::HTML(result.body.to_s)
    doc.css('form').each do |f|
      hr = f['action']

      # Removed because unused
      #fname = f['name']
      #fname = 'NONE' if fname.empty?

      m = (f['method'].empty? ? 'GET' : f['method'].upcase)

      arrdata = []

      f.css('input').each do |p|
        arrdata << "#{p['name']}=#{Rex::Text.uri_encode(p['value'])}"
      end

      data = arrdata.join("&").to_s

      begin
        hreq = urltohash(m, hr, request['uri'], data)
        hreq['ctype'] = 'application/x-www-form-urlencoded'
        insertnewpath(hreq)
      rescue URI::InvalidURIError
        #puts "Parse error"
        #puts "Error: #{link[0]}"
      end

    end
  end
end
more cleanups 2010-05-03 17:13:09 +00:00			`##`
use https for metaploit.com links 2017-07-24 06:26:21 -07:00			`# This module requires Metasploit: https://metasploit.com/download`
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00			`# Current source: https://github.com/rapid7/metasploit-framework`
more cleanups 2010-05-03 17:13:09 +00:00			`##`

start to parse forms 2010-03-26 02:39:19 +00:00			`require 'pathname'`
Replace hpricot by nokogiri 2014-07-17 00:14:07 +02:00			`require 'nokogiri'`
start to parse forms 2010-03-26 02:39:19 +00:00			`require 'uri'`

			`class CrawlerForms < BaseParser`

Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`def parse(request,result)`
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00			`return unless result['Content-Type'].include?('text/html')`
start to parse forms 2010-03-26 02:39:19 +00:00
Replace hpricot by nokogiri 2014-07-17 00:14:07 +02:00			`doc = Nokogiri::HTML(result.body.to_s)`
			`doc.css('form').each do \|f\|`
			`hr = f['action']`
Parsing fixes 2010-04-03 05:52:22 +00:00
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00			`# Removed because unused`
			`#fname = f['name']`
			`#fname = 'NONE' if fname.empty?`
more cleanups 2010-05-03 17:13:09 +00:00
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00			`m = (f['method'].empty? ? 'GET' : f['method'].upcase)`
more cleanups 2010-05-03 17:13:09 +00:00
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`arrdata = []`
more cleanups 2010-05-03 17:13:09 +00:00
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00			`f.css('input').each do \|p\|`
Replace hpricot by nokogiri 2014-07-17 00:14:07 +02:00			`arrdata << "#{p['name']}=#{Rex::Text.uri_encode(p['value'])}"`
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`end`
more cleanups 2010-05-03 17:13:09 +00:00
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`data = arrdata.join("&").to_s`
more cleanups 2010-05-03 17:13:09 +00:00
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`begin`
Replace hpricot by nokogiri 2014-07-17 00:14:07 +02:00			`hreq = urltohash(m, hr, request['uri'], data)`
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`hreq['ctype'] = 'application/x-www-form-urlencoded'`
			`insertnewpath(hreq)`
			`rescue URI::InvalidURIError`
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00			`#puts "Parse error"`
			`#puts "Error: #{link[0]}"`
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`end`
Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00
Retab all the things (except external/) 2013-09-30 13:47:53 -05:00			`end`
			`end`
start to parse forms 2010-03-26 02:39:19 +00:00			`end`