diff --git a/lib/modules/attacks/bruteforce/bdir.py b/lib/modules/attacks/bruteforce/bdir.py index 9cc5da6..f7afc83 100644 --- a/lib/modules/attacks/bruteforce/bdir.py +++ b/lib/modules/attacks/bruteforce/bdir.py @@ -25,14 +25,14 @@ def check_url(self, url): def process(self, start_url, crawled_urls): self.output.info("Checking common backup dirs..") db = self.datastore.open("bdir.txt", "r") - backupdir = [x for x in db.readlines()] + backupdir = [x.strip() for x in db.readlines()] db1 = self.datastore.open("cdir.txt", "r") - commondir = [x for x in db1.readlines()] + commondir = [x.strip() for x in db1.readlines()] urls = [] for d in commondir: for b in backupdir: - bdir = b.replace("[name]", d.strip()) + bdir = b.replace("[name]", d) urls.append(urljoin(str(start_url), str(bdir))) # We launch ThreadPoolExecutor with max_workers to None to get default optimization # https://docs.python.org/3/library/concurrent.futures.html diff --git a/lib/modules/attacks/bruteforce/bfile.py b/lib/modules/attacks/bruteforce/bfile.py index 3355f9e..3e687f3 100644 --- a/lib/modules/attacks/bruteforce/bfile.py +++ b/lib/modules/attacks/bruteforce/bfile.py @@ -25,13 +25,13 @@ def check_url(self, url): def process(self, start_url, crawled_urls): self.output.info("Checking common backup files..") db = self.datastore.open("bfile.txt", "r") - dbfiles = [x for x in db.readlines()] + dbfiles = [x.strip() for x in db.readlines()] db1 = self.datastore.open("cfile.txt", "r") - dbfiles1 = [x for x in db1.readlines()] + dbfiles1 = [x.strip() for x in db1.readlines()] urls = [] for b in dbfiles: for d in dbfiles1: - bdir = b.replace("[name]", d.strip()) + bdir = b.replace("[name]", d) urls.append(urljoin(str(start_url), str(bdir))) # We launch ThreadPoolExecutor with max_workers to None to get default optimization # https://docs.python.org/3/library/concurrent.futures.html