fix: different python versions have different behaviors on ipaddress library

Author: 13ph03nix

pocsuite3/lib/core/common.py

@@ -387,16 +387,31 @@ def get_file_items(filename, comment_prefix='#', unicode=True, lowercase=False,
 def parse_target(address, additional_ports=[]):
     # parse IPv4/IPv6 CIDR
     targets = OrderedSet()
+    is_ipv6 = False
     try:
-        for ip in ip_network(address, strict=False).hosts():
+        hosts = list(ip_network(address, strict=False).hosts())
+        '''
+        fix https://github.com/knownsec/pocsuite3/issues/319
+        different python versions have different behaviors on ipaddress library
+        '''
+        try:
+            t = ip_address(address.replace('/32', '').replace('/128', ''))
+            if t not in hosts:
+                hosts.append(t)
+        except ValueError:
+            pass
+
+        for ip in hosts:
 
             if ip.version == 6:
+                is_ipv6 = True
+            if is_ipv6 and 'ipv6' in conf:
                 conf.ipv6 = True
 
             targets.add(str(ip))
 
             for port in additional_ports:
-                targets.add(f'[{ip}]:{port}' if conf.ipv6 else f'{ip}:{port}')
+                targets.add(f'[{ip}]:{port}' if is_ipv6 else f'{ip}:{port}')
 
         return targets
 
@@ -406,6 +421,8 @@ def parse_target(address, additional_ports=[]):
     # URL
     try:
         if ip_address(urlparse(address).hostname).version == 6:
+            is_ipv6 = True
+        if is_ipv6 and 'ipv6' in conf:
             conf.ipv6 = True
     except ValueError:
         pass
@@ -415,7 +432,7 @@ def parse_target(address, additional_ports=[]):
     try:
         pr = urlparse(address)
         for port in additional_ports:
-            netloc = f'[{pr.hostname}]:{port}' if conf.ipv6 else f'{pr.hostname}:{port}'
+            netloc = f'[{pr.hostname}]:{port}' if is_ipv6 else f'{pr.hostname}:{port}'
             t = pr._replace(netloc=netloc).geturl()
             if t.startswith('tcp://'):
                 t = t.lstrip('tcp://')

tests/test_parse_target.py

@@ -0,0 +1,107 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import unittest
+from pocsuite3.lib.core.common import parse_target
+from pocsuite3.lib.core.common import OrderedSet
+
+
+class TestCase(unittest.TestCase):
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def test_domain(self):
+        result = OrderedSet()
+        result.add('example.com')
+        self.assertEqual(parse_target('example.com'), result)
+
+    def test_domain_url(self):
+        result = OrderedSet()
+        result.add('https://example.com/cgi-bin/test.cgi?a=b&c=d')
+        self.assertEqual(parse_target('https://example.com/cgi-bin/test.cgi?a=b&c=d'), result)
+
+    def test_domain_url_with_additional_ports(self):
+        result = OrderedSet()
+        result.add('https://example.com/cgi-bin/test.cgi?a=b&c=d')
+        result.add('https://example.com:8080/cgi-bin/test.cgi?a=b&c=d')
+        result.add('https://example.com:8443/cgi-bin/test.cgi?a=b&c=d')
+        self.assertEqual(parse_target('https://example.com/cgi-bin/test.cgi?a=b&c=d', [8080, 8443]), result)
+
+    def test_ipv4_url(self):
+        result = OrderedSet()
+        result.add('172.16.218.1/cgi-bin')
+        self.assertEqual(parse_target('172.16.218.1/cgi-bin'), result)
+
+    def test_ipv6_url(self):
+        result = OrderedSet()
+        result.add('https://[fd12:3456:789a:1::f0]:8443/test')
+        self.assertEqual(parse_target('https://[fd12:3456:789a:1::f0]:8443/test'), result)
+
+    def test_ipv4(self):
+        result = OrderedSet()
+        result.add('192.168.1.1')
+        self.assertEqual(parse_target('192.168.1.1'), result)
+
+    def test_ipv4_cidr(self):
+        result = OrderedSet()
+        result.add('192.168.1.0')
+        result.add('192.168.1.1')
+        self.assertEqual(parse_target('192.168.1.1/31'), result)
+
+    def test_ipv4_cidr_with_host_32(self):
+        result = OrderedSet()
+        result.add('192.168.1.1')
+        self.assertEqual(parse_target('192.168.1.1/32'), result)
+
+    def test_ipv4_with_additional_ports(self):
+        result = OrderedSet()
+        result.add('172.16.218.0')
+        result.add('172.16.218.0:8080')
+        result.add('172.16.218.0:8443')
+        result.add('172.16.218.1')
+        result.add('172.16.218.1:8080')
+        result.add('172.16.218.1:8443')
+        self.assertEqual(parse_target('172.16.218.1/31', [8080, 8443]), result)
+
+    def test_ipv6(self):
+        result = OrderedSet()
+        result.add('fd12:3456:789a:1::1')
+        self.assertEqual(parse_target('fd12:3456:789a:1::1'), result)
+
+    def test_ipv6_cidr(self):
+        result = OrderedSet()
+        result.add('fd12:3456:789a:1::1')
+        result.add('fd12:3456:789a:1::2')
+        result.add('fd12:3456:789a:1::3')
+        self.assertEqual(parse_target('fd12:3456:789a:1::/126'), result)
+
+    def test_ipv6_cidr_with_host_128(self):
+        result = OrderedSet()
+        result.add('fd12:3456:789a:1::')
+        self.assertEqual(parse_target('fd12:3456:789a:1::/128'), result)
+
+    def test_ipv6_with_additional_ports(self):
+        result = OrderedSet()
+        result.add('fd12:3456:789a:1::1')
+        result.add('[fd12:3456:789a:1::1]:8080')
+        result.add('[fd12:3456:789a:1::1]:8443')
+        result.add('fd12:3456:789a:1::2')
+        result.add('[fd12:3456:789a:1::2]:8080')
+        result.add('[fd12:3456:789a:1::2]:8443')
+        result.add('fd12:3456:789a:1::3')
+        result.add('[fd12:3456:789a:1::3]:8080')
+        result.add('[fd12:3456:789a:1::3]:8443')
+        self.assertEqual(parse_target('fd12:3456:789a:1::/126', [8080, 8443]), result)
+
+    def test_localhost(self):
+        result = OrderedSet()
+        result.add('localhost')
+        self.assertEqual(parse_target('localhost'), result)
+
+    def test_random_str(self):
+        result = OrderedSet()
+        result.add('!@#$%^&*()_-+=:::::<>""{}[]:::8080')
+        self.assertEqual(parse_target('!@#$%^&*()_-+=:::::<>""{}[]:::8080'), result)