Beispiel #1
0
    def run(self, url, method, headers=None, payload=None):

        SelfThread.exit_flag = False
        Log.debug(headers)
        request_info = RequestInfo(url, method, headers, payload)
        request_obj = Requests(IP=request_info.hostname, Port=request_info.port)

        inject_config = {
            'Headers': {
                'enabled': eval(DefaultConfig.get_value('System', 'InjectHeaders')),
                'inject_point_list':  request_info.get_header_inject_point(),
                'replace': request_info.header_replace
            },
            'Payloads': {
                'enabled': eval(DefaultConfig.get_value('System', 'InjectPayloads')),
                'inject_point_list':  request_info.get_payload_inject_point(),
                'replace': request_info.payload_replace
            },
            'Parameters': {
                'enabled': eval(DefaultConfig.get_value('System', 'InjectParameters')),
                'inject_point_list':  request_info.get_parameter_inject_point(),
                'replace': request_info.parameter_relpace
            }
        }

        for inject_cls in InjectorBase.injectors:
            injector = inject_cls(request_obj, request_info)
            injector.do_injection(inject_config)
        Log.report('Finish Command Injection Scan.')
Beispiel #2
0
 def gen_calculate_cmd(self, separator, TAG, num1, num2):
     USE_BACKTICKS = eval(DefaultConfig.get_value('Classic',
                                                  'UseBackticks'))
     if USE_BACKTICKS:  # using `
         calculate_cmd = "`expr " + str(num1) + " + " + str(num2) + "`"
         result = "{separator}echo {tag}{cmd}{tag}{tag}".format(
             separator=separator, tag=TAG, cmd=calculate_cmd)
     else:
         calculate_cmd = "$((" + str(num1) + "+" + str(num2) + "))"
         result = "{separator}echo {tag}$(echo {cmd}{tag}){tag}".format(
             separator=separator, tag=TAG, cmd=calculate_cmd)
     return result
    def decision(self, inject_key):
        for separator in self.SEPARATORS:
            temp_path = DefaultConfig.get_value('TempfileBased', 'TmpFolder')
            # change tag each round in case false positive
            self.tag = ''.join(
                random.choice(string.ascii_uppercase) for i in range(6))
            tag_length = len(
                self.tag) + 4  # need to figure out why commix do this
            file = temp_path + self.tag + '.txt'
            for length in xrange(tag_length):
                # check exit flag
                SelfThread.is_exit()
                time.sleep(
                    eval(DefaultConfig.get_value('System', 'RequestDelay')))

                Log.debug(
                    'Start to test with separator: %s, TAG: %s, length: %d, file: %s',
                    separator, self.tag, length, file)
                cmd = self.gen_cmd_for_separator(separator, self.tag, length,
                                                 self.time_sec, file)
                sent_data = self.replace_func(inject_key, cmd)
                inject_info = {
                    'target': self.current_part,
                    'inject_method': self.__class__.__name__,
                    'inject_key': inject_key,
                    'seperator': separator,
                    'tag': self.tag,
                    'command': cmd
                }
                response_info = self.request_obj.serverRestAPI(
                    self.request_info)
                if self.is_inject_success(response_info['res_time']):
                    inject_result = True
                    self.find_injectable(inject_key, cmd,
                                         response_info['res_time'])
                else:
                    inject_result = False
                self.record_traffic_logs(self.request_info.get_record(),
                                         inject_info, response_info,
                                         inject_result)
Beispiel #4
0
 def decision(self, inject_key):
     for separator in self.SEPARATORS:
         for length in xrange(6):
             # check exit flag
             SelfThread.is_exit()
             time.sleep(
                 eval(DefaultConfig.get_value('System', 'RequestDelay')))
             # change tag each round in case false positive
             self.tag = ''.join(
                 random.choice(string.ascii_uppercase) for i in range(6))
             Log.debug(
                 'Start to test with separator: %s, TAG: %s, length: %d',
                 separator, self.tag, length)
             target_server_root = DefaultConfig.get_value(
                 'FileBased', 'ServerRootPath')
             output_file = self.tag + '.txt'
             cmd = self.gen_file_cmd(separator, self.tag,
                                     target_server_root, output_file)
             sent_data = self.replace_func(inject_key, cmd)
             inject_info = {
                 'target': self.current_part,
                 'inject_method': self.__class__.__name__,
                 'inject_key': inject_key,
                 'seperator': separator,
                 'tag': self.tag,
                 'command': cmd
             }
             response_info = self.request_obj.serverRestAPI(
                 self.request_info)
             if self.is_inject_success(response_info):
                 inject_result = True
                 self.find_injectable(inject_key, cmd,
                                      response_info['res_body'])
             else:
                 inject_result = False
             self.record_traffic_logs(self.request_info.get_record(),
                                      inject_info, response_info,
                                      inject_result)
    def __init__(self,
                 window_size,
                 sequences_file=None,
                 pssm_file=None,
                 dssp_file=None,
                 label_file=None,
                 protein_list_file=None):
        super(dataSet, self).__init__()

        self.all_sequences = []
        for seq_file in sequences_file:
            with open(seq_file, "rb") as fp_seq:
                temp_seq = pickle.load(fp_seq)
            self.all_sequences.extend(temp_seq)

        self.all_pssm = []
        for pm_file in pssm_file:
            with open(pm_file, "rb") as fp_pssm:
                temp_pssm = pickle.load(fp_pssm)
            self.all_pssm.extend(temp_pssm)

        self.all_dssp = []
        for dp_file in dssp_file:
            with open(dp_file, "rb") as fp_dssp:
                temp_dssp = pickle.load(fp_dssp)
            self.all_dssp.extend(temp_dssp)

        self.all_label = []
        for lab_file in label_file:
            with open(lab_file, "rb") as fp_label:
                temp_label = pickle.load(fp_label)
            self.all_label.extend(temp_label)

        with open(protein_list_file, "rb") as list_label:
            self.protein_list = pickle.load(list_label)

        self.Config = DefaultConfig()
        self.max_seq_len = self.Config.max_sequence_length
        self.window_size = window_size
Beispiel #6
0
import pickle
import pandas as pd
import numpy as np
import torch
# from torchvision import datasets, transforms
from torch.optim import lr_scheduler
from torch.nn.init import xavier_normal, xavier_normal_
from torch import nn

from utils.config import DefaultConfig
from models.DeepFunc_model import DeepFunc
from data import data_generator
from utils.evaluation import compute_mcc, compute_roc, compute_performance

configs = DefaultConfig()
thresholds = configs.thresholds

path_dir = "./saved_model/DeepFunc"


class AverageMeter(object):
    """
    Computes and stores the average and current value
    Copied from: https://github.com/pytorch/examples/blob/master/imagenet/main.py
    """
    def __init__(self):
        self.reset()

    def reset(self):
        self.val = 0