added common substrings test

bolt.py

@@ -30,7 +30,7 @@ def banner():
 
 import core.config
 from core.entropy import isRandom
-from core.config import token
+from core.config import tokenPattern
 from core.datanize import datanize
 from core.prompt import prompt
 from core.photon import photon
@@ -39,7 +39,7 @@ def banner():
 from core.ranger import ranger
 from core.zetanize import zetanize
 from core.requester import requester
-from core.utils import extractHeaders, strength, isProtected, stringToBinary
+from core.utils import extractHeaders, strength, isProtected, stringToBinary, longestCommonSubstring
 
 parser = argparse.ArgumentParser()
 parser.add_argument('-u', help='target url', dest='target')
@@ -115,7 +115,7 @@ def banner():
 matches = []
 for element in hashPatterns:
     pattern = element['regex']
-    if re.match(pattern, aToken):
+    if re.match(tokenPattern, aToken):
         for name in element['matches']:
             matches.append(name)
 if matches:
@@ -146,6 +146,27 @@ def fuzzy(tokens):
     print ('%s No CSRF protection to test' % bad)
     quit()
 
+def staticParts(allTokens):
+    strings = list(set(allTokens.copy()))
+    commonSubstrings = {}
+    for theString in strings:
+        strings.remove(theString)
+        for string in strings:
+            commonSubstring = longestCommonSubstring(theString, string)
+            if commonSubstring not in commonSubstrings:
+                commonSubstrings[commonSubstring] = []
+            if len(commonSubstring) > 2:
+                if theString not in commonSubstrings[commonSubstring]:
+                    commonSubstrings[commonSubstring].append(theString)
+                if string not in commonSubstrings[commonSubstring]:
+                    commonSubstrings[commonSubstring].append(string)
+    return commonSubstrings
+result = {k: v for k, v in staticParts(allTokens).items() if v}
+
+if result:
+    print ('%s Common substring found')
+    print (json.dumps(result, indent=4))
+
 simTokens = []
 
 print (' %s Phase: Observing %s[%s4/6%s]%s' % (lightning, green, end, green, end))

core/config.py

@@ -2,7 +2,7 @@
 email = '[email protected]'
 strings = ['red', 'bob', 'admin', 'alex', 'testing', 'test', 'lol', 'yes', 'dragon', 'bad']
 commonNames = ['csrf', 'auth', 'token', 'verify', 'hash']
-token = r'^[\w\-_+=/]{14,256}$'
+tokenPattern = r'^[\w\-_+=/]{14,256}$'
 
 headers = {  # default headers
     'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',

core/datanize.py

@@ -1,7 +1,7 @@
 import random
 import re
 
-from core.config import password, email, token, strings
+from core.config import password, email, tokenPattern, strings
 
 def datanize(forms, tolerate=False):
     parsedForms = list(forms.values())
@@ -16,7 +16,7 @@ def datanize(forms, tolerate=False):
             name = inp['name']
             kind = inp['type']
             value = inp['value']
-            if re.match(token, value):
+            if re.match(tokenPattern, value):
                 protected = True
             if kind == 'password':
                 data[name] = password

core/tweaker.py

@@ -1,4 +1,4 @@
-from core.config import token
+from core.config import tokenPattern
 import random
 import re
 
@@ -8,24 +8,24 @@ def tweaker(data, strategy, index=0, seeds=[None, None]):
 	newData = {}
 	if strategy == 'clear':
 		for name, value in data.items():
-			if re.match(token, value):
+			if re.match(tokenPattern, value):
 				value = ''
 			newData[name] = value
 		return newData
 	elif strategy == 'remove':
 		for name, value in data.items():
-			if not re.match(token, value):
+			if not re.match(tokenPattern, value):
 				newData[name] = value
 	elif strategy == 'break':
 		for name, value in data.items():
-			if re.match(token, value):
+			if re.match(tokenPattern, value):
 				value = value[:index]
 				for i in index:
 					value += random.choice(digits + alphabets)
 			newData[name] = value
 	elif strategy == 'generate':
 		for name, value in data.items():
-			if re.match(token, value):
+			if re.match(tokenPattern, value):
 				newToken = ''
 				for char in list(value):
 					if char in digits:
@@ -39,6 +39,6 @@ def tweaker(data, strategy, index=0, seeds=[None, None]):
 				newData[name] = value
 	elif strategy == 'replace':
 		for name, value in data.items():
-			if re.match(token, value):
+			if re.match(tokenPattern, value):
 				value
-	return newData
+	return newData

core/utils.py

@@ -1,5 +1,6 @@
 import re
-from core.config import token
+import math
+from core.config import tokenPattern
 
 def longestCommonSubstring(s1, s2):
    m = [[0] * (1 + len(s2)) for i in range(1 + len(s1))]
@@ -36,7 +37,7 @@ def isProtected(parsed):
             name = inp['name']
             kind = inp['type']
             value = inp['value']
-            if re.match(token, value):
+            if re.match(tokenPattern, value):
                 protected = True
     return protected
 
@@ -76,4 +77,4 @@ def getParams(url, data, GET):
             params[each[0]] = each[1]
         except IndexError:
             params = None
-    return params
+    return params