0

我在 Windows 7 中使用 python 3.3.0。我有两个文件:dork.txt 和 fuzz.py

dork.txt 包含以下内容:

/about.php?id=1
/en/company/news/full.php?Id=232
/music.php?title=11

fuzz.py 包含以下内容:

srcurl = "ANY-WEBSITE"
drkfuz = open("dorks.txt", "r").readlines()
print("\n[+] Number of dork names to be fuzzed:",len(drkfuz))

for dorks in drkfuz:
    dorks = dorks.rstrip("\n")
    srcurl = "http://"+srcurl+dorks

    requrl = urllib.request.Request(srcurl) 

    #httpreq = urllib.request.urlopen(requrl)

    # Starting the request
    try:
        httpreq = urllib.request.urlopen(requrl)
    except urllib.error.HTTPError as  e:
        print ("[!] Error code: ",  e.code)
        print("")
        #sys.exit(1)

    except urllib.error.URLError as  e:
        print ("[!] Reason: ",  e.reason)
        print("")
        #sys.exit(1)  

    #if e.code != 404:
    if httpreq.getcode() == 200:
        print("\n*****srcurl********\n",srcurl)
        return srcurl

因此,当我输入正确的网站名称时/about.php?id=1,它可以正常工作。但是当我提供具有 的网站时/en/company/news/full.php?Id=232,它首先打印Error code: 404然后给我以下错误:UnboundLocalError: local variable 'e' referenced before assignmentUnboundLocalError: local variable 'httpreq' referenced before assignment

我可以理解,如果网站没有包含的页面/about.php?id=1,它会给出Error code: 404但为什么它不返回for循环来检查文本文件中剩余的傻瓜???为什么它停在这里并抛出错误?

我想制作一个脚本来从一个网站地址中找出有效页面,例如:www.xyz.com

4

2 回答 2

2

当行urllib.request.urlopen(requrl)表达式抛出异常时,httpreq永远不会设置变量。您可以将其设置为语句None之前try,然后测试它是否还在None之后:

httpreq = None

try:
    httpreq = urllib.request.urlopen(requrl)

# ...

if httpreq is not None and httpreq.getcode() == 200:
于 2013-02-28T13:17:50.110 回答
0 
srcurl = "ANY-WEBSITE"
drkfuz = open("dorks.txt", "r").readlines()
print("\n[+] Number of dork names to be fuzzed:",len(drkfuz))

for dorks in drkfuz:
    dorks = dorks.rstrip("\n")
    srcurl = "http://"+srcurl+dorks

    try:
        requrl = urllib.request.Request(srcurl)
        if requrl != None and len(requrl) > 0:
            try:
                httpreq = urllib.request.urlopen(requrl)
                if httpreq.getcode() == 200:
                    print("\n*****srcurl********\n",srcurl)
                    return srcurl
            except:
                # Handle exception
                pass
    except:
        # Handle your exception
        print "Exception"

未经测试的代码,但它会在逻辑上工作。

于 2013-02-28T13:42:51.223 回答