maxrp · August 29, 2015 14:03
diff --git a/null_request_check.py b/null_request_check.py
 #!/usr/bin/env python

 from contextlib import closing
 from hashlib import sha1

 import sys
 import urllib2

 def hash_page(content):
    page_hash = sha1()
    page_hash.update(content[0:100]) # only use the first 100 chars
    return page_hash.hexdigest()

 def main(base):
    url = "{0}\x00".format(base)
    second_digest = first_digest = None

    print("Checking base URL...")
    try:
        with closing(urllib2.urlopen(base)) as request:
            first_digest = hash_page(request.read())
            print("\tHost responded HTTP {0}, content hash: {1}".format(request.code, first_digest))
    except urllib2.HTTPError, err:
        print("\tHost responded with non-200 code: '{0}'".format(err))

    print("Checking base URL with extraneous null appended...")
    try:
        with closing(urllib2.urlopen(url)) as request:
            second_digest = hash_page(request.read())
            print("\tHost responded HTTP {0}, content hash: {1}".format(request.code, second_digest))
    except urllib2.HTTPError, err:
        print("\tHost responded with non-200 code: '{0}'".format(err))

    print("\n**Conclusions:")
    if not first_digest and second_digest:
        print("\t! Server responded with additional content on NULL-appended request!")

    if first_digest == second_digest:
        print("\t+ Server responded consistently on both requests.")
    
    if first_digest != second_digest:
        print("\t! Server responded inconsistently on NULL-appended request!")

    if second_digest == '7f2fac480a5574b27f35b68e8bfafcfd0f485a18':
        print("\t. . . and it was probably a directory index page this time :(")

 if __name__ == '__main__':
    if not len(sys.argv) > 1:                                                   
        print("Usage:\n\t{0} http://example.com".format(sys.argv[0]))
    else:
        main(sys.argv[1])
	#!/usr/bin/env python

	from contextlib import closing
	from hashlib import sha1

	import sys
	import urllib2

	def hash_page(content):
	page_hash = sha1()
	page_hash.update(content[0:100]) # only use the first 100 chars
	return page_hash.hexdigest()

	def main(base):
	url = "{0}\x00".format(base)
	second_digest = first_digest = None

	print("Checking base URL...")
	try:
	with closing(urllib2.urlopen(base)) as request:
	first_digest = hash_page(request.read())
	print("\tHost responded HTTP {0}, content hash: {1}".format(request.code, first_digest))
	except urllib2.HTTPError, err:
	print("\tHost responded with non-200 code: '{0}'".format(err))

	print("Checking base URL with extraneous null appended...")
	try:
	with closing(urllib2.urlopen(url)) as request:
	second_digest = hash_page(request.read())
	print("\tHost responded HTTP {0}, content hash: {1}".format(request.code, second_digest))
	except urllib2.HTTPError, err:
	print("\tHost responded with non-200 code: '{0}'".format(err))

	print("\n**Conclusions:")
	if not first_digest and second_digest:
	print("\t! Server responded with additional content on NULL-appended request!")

	if first_digest == second_digest:
	print("\t+ Server responded consistently on both requests.")

	if first_digest != second_digest:
	print("\t! Server responded inconsistently on NULL-appended request!")

	if second_digest == '7f2fac480a5574b27f35b68e8bfafcfd0f485a18':
	print("\t. . . and it was probably a directory index page this time :(")

	if __name__ == '__main__':
	if not len(sys.argv) > 1:
	print("Usage:\n\t{0} http://example.com".format(sys.argv[0]))
	else:
	main(sys.argv[1])