CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Avoid bypass with "http://user:pwd@host.tld"

pull/62/head
Raphaël Vinot 2019-07-05 18:41:23 +02:00
parent bbd573a69c
commit 4c86b65c56
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lookyloo/lookyloo.py
View File

@ -167,12 +167,11 @@ class Lookyloo():
if self.only_global_lookups:
splitted_url = urlsplit(url)
if splitted_url.netloc:
if ':' in splitted_url.netloc:
ip = socket.gethostbyname(splitted_url.netloc.split(':')[0])
else:
ip = socket.gethostbyname(splitted_url.netloc)
ip = socket.gethostbyname(splitted_url.hostname)
if not ipaddress.ip_address(ip).is_global:
return False
else:
return False
items = crawl(self.splash_url, url, depth, user_agent=user_agent, log_enabled=True, log_level='INFO')
if not items: