Splunk XML API

web_service_finder.py

@@ -8,7 +8,9 @@ import urllib.parse
 from hackingscripts import util
 from bs4 import BeautifulSoup
 
-class WebServicecFinder:
+requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
+
+class WebServiceFinder:
 
     def __init__(self, args):
         self.parseUrl(args.url)
@@ -52,7 +54,7 @@ class WebServicecFinder:
         if self.verbose:
             sys.stdout.write("GET %s: " % uri)
 
-        res = self.session.get(uri, headers=self.headers, cookies=self.cookies, **args)
+        res = self.session.get(uri, headers=self.headers, cookies=self.cookies, verify=False, **args)
         if self.verbose:
             sys.stdout.write("%d %s\n" % (res.status_code, res.reason))
 
@@ -87,7 +89,11 @@ class WebServicecFinder:
                 break
 
         self.analyseHeaders(startPage)
-        self.analyseHtml(startPage)
+        if "text/html" in startPage.headers["Content-Type"]:
+            self.analyseHtml(startPage)
+        elif "text/xml" in startPage.headers["Content-Type"]:
+            self.analyseXml(startPage)
+
         self.analyseRobots()
         self.analyseSitemap()
         self.analyseChangelog()
@@ -125,6 +131,19 @@ class WebServicecFinder:
 
         return "%s (%d)" % (versionStr, v)
 
+    def analyseXml(self,res):
+        soup = BeautifulSoup(res.text, "lxml")
+
+        title = soup.find("title")
+        if title:
+            print("[+] Found XML title:", title.text.strip())
+
+        generator = soup.find("generator")
+        if generator:
+            if generator.has_attr("version"):
+                print("[+] Found XML Generator version:", generator["version"])
+
+
     def analyseHtml(self, res):
         soup = BeautifulSoup(res.text, "html.parser")
 
@@ -208,5 +227,5 @@ if __name__ == "__main__":
 
     banner()
 
-    client = WebServicecFinder(args)
+    client = WebServiceFinder(args)
     client.scan()