python 如何构建一个拆分和更新后的字符串？

6yjfywim 于 2023-04-19 发布在 Python

关注(0)|答案(3)|浏览(145)

我用下面的代码分割一个字符串，创建一个列表，并给定一个特定的模式，用另一个字符替换一个随机字符

comando = "/bin/cat /etc/passwd"
payloadMUT1 = comando
payloadMUT3 = re.split(r'/', payloadMUT1)
filteredarray = []

for i in payloadMUT3:
    #i don't want special chars to get involved in the substitution process
    filteredarray.extend(re.findall(r'\b[^\W\d_]+\b', i))
    
for a in filteredarray:
    
    randomIndex = int(random.random() * len(a))
    randomChar = a[randomIndex]  
    payloadMUT4 = a.replace(randomChar, '?')

输出：

?in
ca?
et?
pa??wd

我如何将所有这些值组合起来构建整个（更新后的）字符串？
这是我正在寻找的输出：

/?in/ca? /et?/pa??wd

ps：/bin/cat /etc/passwd只是一个例子;它可以是其他任何东西，也可以是一个带有多个斜杠和空格的字符串
更多示例：

/bin/find . -type f -iname "*.stuff" -exec egrep -H -i '[a-z]\.[a-z]\.[a-z]' {} \; -> /b?n/fi?d . -type f -iname "*.stuff" -exec egrep -H -i '[a-z]\.[a-z]\.[a-z]' {} \;
/usr/bin/ls | /bin/grep "something" -> /?sr/b?n/l? | /bi?/gre? "something"
/bin/curl http://111.111.111.111:1111/ -X POST -d "a=a&b=b" -> /?in/cur? http://111.111.111.111:1111/ -X POST -d "a=a&b=b"

python

来源：https://stackoverflow.com/questions/76045287/how-to-build-back-a-splitted-and-updated-string

3条答案

按热度按时间

4szc88ey1#

可以使用字符串连接来连接filteredarray中的所有值，并使用'/'字符将它们连接起来，形成更新后的字符串。

import re
import random

comando = "/bin/cat /etc/passwd"
payloadMUT1 = comando
payloadMUT3 = re.split(r'/', payloadMUT1)
filteredarray = []

for i in payloadMUT3:
    filteredarray.extend(re.findall(r'\b[^\W\d_]+\b', i))

# Create the updated string
    updated_str = ''
for i, a in enumerate(filteredarray):
    if i == 1:
        updated_str += a + ' '
    else:
        updated_str += a.replace(random.choice(a), '?') + '/'

updated_str = updated_str[:-1] # remove the last '/'
print(updated_str)

赞(0）回复(0）举报 2023-04-19

wnrlj8wa2#

你可以先用空格分割字符串，然后再用斜杠分割。这样，你就可以重新组合路径，然后再用空格连接它们。但是，它确实需要多几行，因为二维数组存储每个路径。

comando = "/bin/cat /etc/passwd"
payloadMUT1 = comando
paths = payloadMUT1.split(' ')
strings = list(map(lambda p: re.split(r'/', p), paths))
print(strings)
filtered_paths = []
new_paths = []
for string_arr in strings:
    #i don't want special chars to get involved in the substitution process
    arr = []
    for string in string_arr:
        if string == '':
            arr.append(string)
            continue    
        arr.extend(re.findall(r'\b[^\W\d_]+\b', string))
    filtered_paths.append(arr)
    
for path_arr in filtered_paths:
    arr = []
    for a in path_arr:
        if a == '':
            arr.append(a)
            continue
        randomIndex = int(random.random() * len(a))
        randomChar = a[randomIndex]  
        payloadMUT4 = a.replace(randomChar, '?')
        arr.append(payloadMUT4)
    new_paths.append(arr)
new_paths = list(map(lambda e: '/'.join(e), new_paths))
print(' '.join(new_paths))

赞(0）回复(0）举报 2023-04-19

v440hwme3#

您可以添加另一个存储修改值的列表（这里称为'new_array'），然后使用join方法再次将所有内容连接在一起

comando = "/bin/cat /etc/passwd"
payloadMUT1 = comando
payloadMUT3 = re.split(r'/', payloadMUT1)
filteredarray = []

for i in payloadMUT3:
    #i don't want special chars to get involved in the substitution process
    filteredarray.extend(re.findall(r'\b[^\W\d_]+\b', i))
#     Add a list where to store the new values
    new_array = []
for a in filteredarray:
    
    randomIndex = int(random.random() * len(a))
    randomChar = a[randomIndex]  
    payloadMUT4 = a.replace(randomChar, '?')
    new_array.append(payloadMUT4)
    
# Use the string join operation to join together
print('/'.join(new_array))
>>> Out
?in/c?t/?tc/pa??wd

赞(0）回复(0）举报 2023-04-19

我来回答

python 如何构建一个拆分和更新后的字符串？

3条答案

相关问题

热门标签

最新问答