Attribute errors, and outputting

johnnyaustin · Dec-08-2017, 11:27 PM

Hi,

I am writing (well.. trying) a script for security researchers to use, to identify and verify particular vulnerabilities automatically, to save them time and patch up ASAP. However, I am very new to Python.

At the moment, I have:

 print " Loading payloads.. "
        time.sleep(2)

        payloads = ["lots", "of", "payloads", "removed", "them", "for", "your", "eyes", "protection"]

        print " Payloads loaded.. "

        findings = []

        print "\n"
        url = raw_input(" Enter direct URL to SWF file: ")
        if 'https://' in url:
            pass
        if 'http://' in url:
            pass
        time.sleep(3)
        print " Scanning initiated on:", url
        time.sleep(1)
        req = urllib2.Request(url + urllib2.quote(payloads))
        data = req.read()
        if "alert" in data or "xss" in data or "XSS" in data or "1337" in data:
            print " Found possible XSS in " + url

But I am getting the following when inputting an URL:

Error:Traceback (most recent call last):
  File "/home/six/PycharmProjects/myfile/myfile.py", line 208, in <module>
    req = urllib2.Request(url + urllib2.quote(payloads))
  File "/usr/lib64/python2.7/urllib.py", line 1296, in quote
    if not s.rstrip(safe):
AttributeError: 'list' object has no attribute 'rstrip'

The aim is to load a URL, a SWF file more specifically, and add the payloads on the end - then read the response to verify if there was an alert popup or such from the payloads. However I'm getting errors and quite frankly, I've no idea how to do this.

Any help on fixing this error, and general advice/guidance on how to achieve what I want will be appreciated. Thanks!

**buran** · Dec-09-2017, 06:20 AM

urllib2.quote obviously expects str, not list

johnnyaustin · Dec-09-2017, 11:50 AM

(Dec-09-2017, 06:20 AM)buran Wrote: urllib2.quote obviously expects str, not list

Hey,

Yeah I'd guessed so from the error. How would I go about instead sending a request (URL) with one individual piece of a list one at a time?

E.G my site I choose is google.com/lol.swf

The list is:

Exampe = ["?example1", "example2", "example3"] etc.

So it'd send requests to the following one at a time, and read the response and echo it back if there is certain strings in the response:

google.com/lol.swf?example1
google.com/lol.swf?example2
google.com/lol.swf?example3

Etc.... I hope this makes sense and I appreciate your reply.

**buran** · (This post was last modified: Dec-09-2017, 02:59 PM by buran.)

Loop over items in payload and pass them to url for search one by one.
Also I would recommend using requests package instead of urllib2

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Reading a directory and outputting as sound	loungeroom	0	1,227	Jul-30-2021, 09:26 PM Last Post: loungeroom
	Opening file and outputting its text content example	leodavinci1990	1	1,880	Oct-12-2020, 05:33 AM Last Post: buran
	Outputting Sorted Text files Help	charlieroberrts	1	1,729	Jul-05-2020, 08:37 PM Last Post: menator01
	Outputting results into other program	ancient650	1	1,858	Jun-11-2019, 02:49 PM Last Post: gontajones
	Python only outputting "101"	Spuffle	4	9,261	Jan-09-2019, 10:07 AM Last Post: buran
	Outputting a float value in a print() statement	RedSkeleton007	2	3,517	Jan-11-2018, 09:23 AM Last Post: buran
	Code is Outputting Incorrectly	mikerosz94	0	2,079	Sep-01-2017, 01:28 PM Last Post: mikerosz94
	isinstance not outputting anything	mikerosz94	3	3,409	Aug-31-2017, 03:07 PM Last Post: mikerosz94
	Repost isinstance not outputting any statements	mikerosz94	1	2,925	Aug-31-2017, 12:46 PM Last Post: sparkz_alot

Attribute errors, and outputting

User Panel Messages

Announcements