Pass extra parameters to payloads (refs xmendez#16)

framework/core/facade.py

@@ -240,8 +240,8 @@ def from_options(options):
 	# payload
 	selected_dic = []
 
-	for name, params, encoders in options["payload_options"]["payloads"]:
-	    p = Facade().get_payload(name)(params)
+	for name, params, extra, encoders in options["payload_options"]["payloads"]:
+	    p = Facade().get_payload(name)(params, extra)
 
 	    if encoders:
 		l = []

framework/ui/console/clparser.py

@@ -1,6 +1,7 @@
 import sys
 import getopt
 from collections import defaultdict
+import itertools
 
 from framework.fuzzer.filter import PYPARSING
 from framework.core.facade import Facade
@@ -32,7 +33,7 @@ def show_plugins_help(self, registrant, cols=3, category="$all$"):
     def parse_cl(self):
 	# Usage and command line help
 	try:
-	    opts, args = getopt.getopt(self.argv[1:], "hAZIXvcb:e:R:d:z:r:f:t:w:V:H:m:o:s:p:w:",['oF=','recipe=', 'dump-recipe', 'req-delay=','conn-delay=','sc=','sh=','sl=','sw=','ss=','hc=','hh=','hl=','hw=','hs=','ntlm=','basic=','digest=','follow','script-help=','script=','script-args=','filter=','interact','help','version'])
+	    opts, args = getopt.getopt(self.argv[1:], "hAZIXvcb:e:R:d:z:r:f:t:w:V:H:m:o:s:p:w:",['zE=','oF=','recipe=', 'dump-recipe', 'req-delay=','conn-delay=','sc=','sh=','sl=','sw=','ss=','hc=','hh=','hl=','hw=','hs=','ntlm=','basic=','digest=','follow','script-help=','script=','script-args=','filter=','interact','help','version'])
 	    optsd = defaultdict(list)
 	    for i,j in opts:
 		optsd[i].append(j)
@@ -200,28 +201,30 @@ def _parse_payload(self, optsd, options):
 	)
 	'''
 
-	if "-z" in optsd:
-	    for i in optsd["-z"]:
-		vals = i.split(",")
-		name, params = vals[:2]
+	if len(optsd["--zE"]) > len(optsd["-z"]):
+	    raise FuzzException(FuzzException.FATAL, "zE must be preceded by a -z swith.")
 
-		encoders = None
-		if len(vals) == 3:
-		    encoders = vals[2].split("-")
+	for zpayl, extraparams in itertools.izip_longest(optsd["-z"], optsd["--zE"]):
+	    vals = zpayl.split(",")
+	    name, params = vals[:2]
+
+	    encoders = None
+	    if len(vals) == 3:
+		encoders = vals[2].split("-")
 
-		options["payloads"].append((name, params, encoders))
+	    options["payloads"].append((name, params, extraparams, encoders))
 
 	# Alias por "-z file,Wordlist"
 	if "-w" in optsd:
 	    for i in optsd["-w"]:
-		vals = i.split(",")
+		vals = i.split(",", 1)
 		f, = vals[:1]
 
 		encoders = None
 		if len(vals) == 2:
 		    encoders = vals[1].split("-")
 
-		options["payloads"].append(("file", f, encoders))
+		options["payloads"].append(("file", f, None, encoders))
 
 	if "-m" in optsd:
 	    options["iterator"] = optsd['-m'][0]

framework/ui/console/common.py

@@ -57,6 +57,7 @@
 -z payload		    : Specify a payload for each FUZZ keyword used in the form of type,parameters,encoder.
 			      A list of encoders can be used, ie. md5-sha1. Encoders can be chained, ie. md5@sha1.
 			      Encoders category can be used. ie. url
+--zE <params>		    : Extra arguments for a given payload (it must be preceded by -z).
 -w wordlist		    : Specify a wordlist file (alias for -z file,wordlist).
 -V alltype		    : All parameters bruteforcing (allvars and allpost). No need for FUZZ keyword.
 -X			    : Payload within HTTP methods (ex: "FUZZ HTTP/1.0"). No need for FUZZ keyword.

plugins/payloads.py

@@ -17,7 +17,7 @@ class file:
     category = ["default"]
     priority = 99
 
-    def __init__(self, filename):
+    def __init__(self, filename, extra):
 	try:
 	    self.f = open(filename,"r")
 	except IOError:
@@ -43,7 +43,7 @@ class range:
     category = ["default"]
     priority = 99
 
-    def __init__(self, whatrange):    ## range example --> "23-56"
+    def __init__(self, whatrange, extra):    ## range example --> "23-56"
 	try:
 	    ran = whatrange.split("-")
 	    self.minimum = int(ran[0])
@@ -81,7 +81,7 @@ class hexrange:
     category = ["default"]
     priority = 99
 
-    def __init__(self, prange):    ## range example --> "0-ffa"
+    def __init__(self, prange, extra):    ## range example --> "0-ffa"
 	try:
 	    ran = prange.split("-")
 	    self.minimum = int(ran[0],16)
@@ -119,7 +119,7 @@ class hexrand:
     category = ["default"]
     priority = 99
 
-    def __init__(self, prange):    ## range example --> "0-ffa"
+    def __init__(self, prange, extra):    ## range example --> "0-ffa"
 	try:
 	    ran = prange.split("-")
 	    self.minimum=int(ran[0],16)
@@ -154,7 +154,7 @@ class buffer_overflow:
     category = ["default"]
     priority = 99
 
-    def __init__(self, n):   
+    def __init__(self, n, extra):   
 	self.l = ['A' * int(n)]
 	self.current = 0
 
@@ -180,7 +180,7 @@ class list:
     category = ["default"]
     priority = 99
 
-    def __init__(self, l):   
+    def __init__(self, l, extra):   
 	if l.find("\\") >= 0:
 	    l = l.replace("\\-", "$SEP$")
 	    l = l.replace("\\\\", "$SCAP$")
@@ -218,7 +218,7 @@ class stdin:
     category = ["default"]
     priority = 99
 
-    def __init__(self, deprecated):
+    def __init__(self, deprecated, extra):
 	# stdin is unseekable
 	self.__count = -1
 	#self.__count=len(sys.stdin.readlines())
@@ -244,7 +244,7 @@ class names:
     category = ["default"]
     priority = 99
 
-    def __init__(self, startnames):
+    def __init__(self, startnames, extra):
 	self.startnames = startnames
 	from sets import Set
 	possibleusernames = []
@@ -321,7 +321,7 @@ class permutation:
     category = ["default"]
     priority = 99
 
-    def __init__(self, prange):    ## range example --> "abcdef-4"
+    def __init__(self, prange, extra):    ## range example --> "abcdef-4"
 	self.charset = []
 
 	try:
@@ -379,7 +379,7 @@ class bing:
     category = ["default"]
     priority = 99
 
-    def __init__(self, dork):   
+    def __init__(self, dork, extra):   
 	self.l = search_bing(dork)
 	self.__count = len(self.l)
 	self.current = 0
@@ -406,7 +406,7 @@ class wfuzz:
     category = ["default"]
     priority = 99
 
-    def __init__(self, path):   
+    def __init__(self, path, extra):   
 	pkl_file = None
 	try:
 	    pkl_file = gzip.open(path, 'r+b')