New action: Bold/Highlight

[g0tmi1k]

Currently there are the following actions in Patator: ignore, retry, free & quit. Could there be a new one called 'bold'?

This could be then used to highlight results, making it easier to locate certain responses.

The result could be in bold/or a different text colour.

[lanjelot]

that's a cool idea, do you wanna have a crack at implementing it?

[g0tmi1k]

I've given it a shot - but was unable todo it. Needs someone who has a lot more python knowledge then me

[hvqzao]

@g0tmi1k, you mean like this?

--- patator.py.orig 2016-01-23 22:52:36.947595860 +0100
+++ patator.py  2016-01-23 22:52:26.291596061 +0100
@@ -1209,6 +1209,7 @@
     ('retry', 'try payload again'),
     ('free', 'dismiss future similar payloads'),
     ('quit', 'terminate execution now'),
+    ('color', 'highlight specific part'),
     )

   available_encodings = {
@@ -1503,6 +1504,9 @@
   def lookup_actions(self, resp):
     actions = {}
     for action, conditions in self.ns.actions.items():
+      if action == 'color':
+          actions[action] = conditions[0][0][0][0]
+          continue
       for condition, opts in conditions:
         for key, val in condition:
           if key[-1] == '!':
@@ -1846,6 +1850,11 @@
           actions = {'fail': None}

         actions.update(self.lookup_actions(resp))
+
+        if 'color' in actions:
+            match = actions['color']
+            resp.mesg = resp.mesg.replace(match, '\033[31;1m{}\033[00m'.format(match))
+
         report_queue.put((actions, pp_prod, resp, time() - start_time))

         for name in self.module_actions:

[g0tmi1k]

@hvqzao That works for me! Wasn't exactly what I had in mind - however I think that fits in 'better' with the project overall =).

What I panned was to highlight the whole row, rather than the selected phrase (which is what triggers the selection).

/me tips hat. Looking forward to the PR =)

[hvqzao]

@lanjelot would above diff work for you as well? I looked at it again and did few more changes toward applying color in Response_Base class (code below). Will you apply the patch (one that fits best) or should I issue a pull request?

--- patator.py.orig 2016-01-23 22:52:36.947595860 +0100
+++ patator.py  2016-01-24 10:13:10.559908667 +0100
@@ -1209,6 +1209,7 @@
     ('retry', 'try payload again'),
     ('free', 'dismiss future similar payloads'),
     ('quit', 'terminate execution now'),
+    ('color', 'highlight specific part'),
     )

   available_encodings = {
@@ -1503,6 +1504,11 @@
   def lookup_actions(self, resp):
     actions = {}
     for action, conditions in self.ns.actions.items():
+      if action == 'color':
+          while not isinstance(conditions, str):
+              conditions = conditions[0]
+          resp.color = conditions
+          continue
       for condition, opts in conditions:
         for key, val in condition:
           if key[-1] == '!':
@@ -2056,11 +2062,14 @@
     self.time = timing.time if isinstance(timing, Timing) else timing
     self.size = len(mesg)
     self.trace = trace
+    self.color = None

   def indicators(self):
     return self.code, self.size, '%.3f' % self.time

   def __str__(self):
+    if self.color:
+        return self.mesg.replace(self.color, '\033[31;1m{}\033[00m'.format(self.color))
     return self.mesg

   def match(self, key, val):

[g0tmi1k]

I know its going off topic, but I just found out about coloredlogs (https://pypi.python.org/pypi/coloredlogs). Views on putting this into Patator?

[lanjelot]

Thanks for your inputs guys. You've had me thinking of adding a --color option where patator would have every result of the same code & size in the same color (% fuzzy hash or something).

[g0tmi1k]

Liking the sound of it! Makes analysing the data that little bit easier =)