From d49c58bee1ee4b75080a9b0fdae16feb6468dab4 Mon Sep 17 00:00:00 2001 From: Olivier Cervello Date: Tue, 21 Nov 2023 11:43:39 +0000 Subject: [PATCH 1/2] fix ANSI processing --- web/reNgine/tasks.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py index 6e6e67d04..53e29cf55 100644 --- a/web/reNgine/tasks.py +++ b/web/reNgine/tasks.py @@ -4123,15 +4123,21 @@ def stream_command(cmd, cwd=None, shell=False, history_file=None, encoding='utf- process = subprocess.Popen( command, stdout=subprocess.PIPE, - stderr=subprocess.PIPE, + stderr=subprocess.STDOUT, + universal_newlines=True, shell=shell) # Log the output in real-time to the database output = "" # Process the output - for line in iter(lambda: process.stdout.readline() or process.stderr.readline(), b''): - line = re.sub(r'\x1b[^m]*m', '', line.decode('utf-8').strip()) + for line in iter(lambda: process.stdout.readline(), b''): + if not line: + break + line = line.strip() + ansi_escape = re.compile(r'\x1B(?:[@-Z\\-_]|\[[0-?]*[ -/]*[@-~])') + line = ansi_escape.sub('', line) + line = line.replace('\\x0d\\x0a', '\n') if trunc_char and line.endswith(trunc_char): line = line[:-1] item = line From 862f667f62d7683d7fd3a275e3be0137467f4eb1 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Wed, 22 Nov 2023 10:51:10 +0530 Subject: [PATCH 2/2] fix ffuf extensions --- web/reNgine/definitions.py | 42 +++++++++++++++++++------------------- web/reNgine/tasks.py | 6 ++++-- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/web/reNgine/definitions.py b/web/reNgine/definitions.py index 4897b8571..754071d7d 100644 --- a/web/reNgine/definitions.py +++ b/web/reNgine/definitions.py @@ -398,27 +398,27 @@ # Default Dir File Fuzz Params DEFAULT_DIR_FILE_FUZZ_EXTENSIONS = [ - 'html', - 'php', - 'git', - 'yaml', - 'conf', - 'cnf', - 'config', - 'gz', - 'env', - 'log', - 'db', - 'mysql', - 'bak', - 'asp', - 'aspx', - 'txt', - 'conf', - 'sql', - 'json', - 'yml', - 'pdf', + '.html', + '.php', + '.git', + '.yaml', + '.conf', + '.cnf', + '.config', + '.gz', + '.env', + '.log', + '.db', + '.mysql', + '.bak', + '.asp', + '.aspx', + '.txt', + '.conf', + '.sql', + '.json', + '.yml', + '.pdf', ] # Roles and Permissions diff --git a/web/reNgine/tasks.py b/web/reNgine/tasks.py index 53e29cf55..436b8e2be 100644 --- a/web/reNgine/tasks.py +++ b/web/reNgine/tasks.py @@ -1575,6 +1575,8 @@ def dir_file_fuzz(self, ctx={}, description=None): enable_http_crawl = config.get(ENABLE_HTTP_CRAWL, DEFAULT_ENABLE_HTTP_CRAWL) rate_limit = config.get(RATE_LIMIT) or self.yaml_configuration.get(RATE_LIMIT, DEFAULT_RATE_LIMIT) extensions = config.get(EXTENSIONS, DEFAULT_DIR_FILE_FUZZ_EXTENSIONS) + # prepend . on extensions + extensions = [ext if ext.startswith('.') else '.' + ext for ext in extensions] extensions_str = ','.join(map(str, extensions)) follow_redirect = config.get(FOLLOW_REDIRECT, FFUF_DEFAULT_FOLLOW_REDIRECT) max_time = config.get(MAX_TIME, 0) @@ -3176,7 +3178,7 @@ def parse_nmap_results(xml_file, output_file=None): if hostnames_dict: # Ensure that hostnames['hostname'] is a list for consistency hostnames_list = hostnames_dict['hostname'] if isinstance(hostnames_dict['hostname'], list) else [hostnames_dict['hostname']] - + # Extract all the @name values from the list of dictionaries hostnames = [entry.get('@name') for entry in hostnames_list] else: @@ -3511,7 +3513,7 @@ def record_exists(model, data, exclude_keys=[]): Returns: bool: True if the record exists, False otherwise. """ - + # Extract the keys that will be used for the lookup lookup_fields = {key: data[key] for key in data if key not in exclude_keys}