Comments (11)
Sure thing, here it is:
def rm_ansi(line):
ansi_escape = re.compile(r'\x1b\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]')
plain_text = ansi_escape.sub('', line)
return plain_text
Haven't tested it in every situation, but worked well in the cases i needed it.
from lfimap.
Tested it now. That seems like it fixed it. Tried it as you did, with outputting to a file and also tried it with subprocess.run and Popen and piping the stdout to other scripts or areas. Thank you very much! Amazing work!
from lfimap.
Hello, thank You for taking interest in LFImap.
I have reproduced this issue and will provide the fix ASAP, perhaps with the new switch to allow users to output to a specified file.
from lfimap.
I think the best option is to replace print(...)
which is used to print things out with a logging
module, this can allow you to switch between printing to console
and "print" to a file (or both) without much more than a configuration setting during runtime
I can work on it if you give me the green light
BTW: I strongly suggest to consider linting, many lines of work are very long (way over 100 characters), some are written in if .. something ... else
without newlines, making streamline reading difficult
from lfimap.
You can see a basic print(
to logging.info
replacement here:
#55
And the outcome of it that creates example.log
:
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
----------------------------------------
LFImap finished with execution.
INFO:root:Parameters tested: 1
INFO:root:Requests sent: 14
INFO:root:Vulnerabilities found: 4
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
----------------------------------------
LFImap finished with execution.
INFO:root:Parameters tested: 1
INFO:root:Requests sent: 14
INFO:root:Vulnerabilities found: 4
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
----------------------------------------
LFImap finished with execution.
INFO:root:Parameters tested: 1
INFO:root:Requests sent: 14
INFO:root:Vulnerabilities found: 4
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
----------------------------------------
LFImap finished with execution.
INFO:root:Parameters tested: 1
INFO:root:Requests sent: 14
INFO:root:Vulnerabilities found: 4
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:
�[93m[i]�[0m Testing GET 'page' parameter...
INFO:root:�[92m[+]�[0m LFI -> 'http://localhost:4280/vulnerabilities/fi/?page=php%3A%2F%2Ffilter%2Fresource%3D%2Fetc%2Fpasswd'
INFO:root:�[92m[+]�[0m RCE -> 'http://localhost:4280/vulnerabilities/fi/?page=php%3a%2f%2finput&cmd=cat%20%2Fetc%2Fpasswd' -> HTTP POST -> '<?php echo(shell_exec($_GET['cmd']));?>'
INFO:root:�[92m[+]�[0m LFI -> 'http://localhost:4280/vulnerabilities/fi/?page=file%3A%2F%2F%2Fetc%2Fpasswd'
INFO:root:�[92m[+]�[0m LFI -> 'http://localhost:4280/vulnerabilities/fi/?page=/etc/passwd'
INFO:root:
----------------------------------------
LFImap finished with execution.
INFO:root:Parameters tested: 1
INFO:root:Requests sent: 14
INFO:root:Vulnerabilities found: 4
There is more work to do though, like color removal, understand why it prints the outcome a few times, etc
from lfimap.
Hey, first of, thanks for the suggestion.
This would be great, however we would need to account the ANSI escape sequences, which color the certain output in a colored way. Logging library will print these ANSI strings (unformatted) directly to the file.
With that said, planning to continue to have the colored output support, because when the user tests large amount of URLs, the output is too clustered. The colors solve this problem. Additionally, in the future there will be command-line switches so that user can output to the XML, HTML, and TXT files sort of like a output 'report'. The TXT switch would output the LFImap output as is to the specified file location.
from lfimap.
For me at least, the ANSI part wouldn't be a problem, as I have already written a small function that deletes any ANSI sequences in a string, I could put it here if it's any help. What I really needed was a way to capture the exact output of the script and process it in some way.
from lfimap.
@X-l-l-l Of course, if you have it already written and ready, mind pasting it here? Thanks. :)
from lfimap.
The problem is identified as incorrect buffering done by the python for some unknown reasons (Guessing because we use ANSI escape sequences, buffers are not flushed correctly -> not a hundred percent on that).
However, executing export PYTHONUNBUFFERED=1
before running the script, outputs STDOUT correctly and confirms the issue is related to buffering.
from lfimap.
@X-l-l-l Could you git pull the latest update and test if it now works for you?
Added flushing after printing to STDOUT - should fix the problem.
Default colored:
No colors:
from lfimap.
👍 Thanks for raising this
from lfimap.
Related Issues (20)
- TODO: JSON POST parameter parsing support
- 'black' linter HOT 2
- When 404 code is expected response, LFImap just stops. Testing request fails to notice alive endpoint. HOT 6
- Circular dependency in code HOT 3
- RCE false positive when parameter is vulnerable to XSS HOT 2
- Unhandled Exception when command injection is possible + '-x' for reverse shell HOT 1
- Multiple fixes to `src/utils/parseurl.py` HOT 2
- Move global `args` to a class/object/non-global HOT 5
- Lack of `timeout` in requests calls HOT 1
- Add newest User-Agents to possibly avoid detection
- '-t' RCE modules are not initialized at all HOT 1
- Missing files causing false negative HOT 4
- Cannot init pip package bad main() call logic -> from lfimap import main HOT 1
- Implement default .gitignore HOT 1
- -x no longer works HOT 2
- -R module again points at wrong files on GH
- TODO: Improve RFI testing via SMB protocol
- Callback bug
- -R module doesn't warn users to check if HTTPS is required by the site
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lfimap.