Ejemplo n.º 1
0
	def save_handler(self, req, req_body, res, res_body):
		#check res.status
		if re.match(config.filter_code, str(res.status)): return
		#check host
		if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return
		if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return
		#check fileext
		if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return
		#check query, get must have query string or url-rewrited
		#GET method, have ext and  do not have query string
		if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return

		#prepare request
		req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers)

		if req.command == 'GET':
			request = req_header_text + '\n'
			keystr = req.path
		else:
			request = req_header_text + '\n' + req_body
			a = req_body
			b = a.split('&')
			c = []
			for i in b:
				if i.find('=') > 0:
					arr = i.split('=')
					c.append(arr[0])
					keystr = "%s%s"%(req.path,''.join(sorted(c)))
			else:
				request = req_header_text + '\n'
				keystr = req.path
		
		#post请求时把postdata放入检测
		#print req_body

		#avoid same params multi test
		sig = self.make_sig(req.path)
		if self.check_history(sig):
			return

		self.query_log[sig] = True

		fname = str(uuid.uuid4())

		f = open(config.save_path + '/' + fname, 'w')
		f.write(request)
		f.close()
		
		#print req.headers.get('Cookie')

		if req_body:
			payload = {'url':req.path,'data':req_body,'cookie':req.headers.get('Cookie')}
		else:
			payload = {'url':req.path,'cookie':req.headers.get('Cookie')}
		
		#通过类传参,把payload传入检测队列
		i = SqlmapAPIWrapper(fname,payload)
		if i.scan_start():
			self.q.put((fname,i.taskid,payload,time.time()))
Ejemplo n.º 2
0
    def save_handler(self, req, req_body, res, res_body):
        #check res.status
        if re.match(config.filter_code, str(res.status)): return
        #check host
        if not len([
                h for h in config.included_host
                if req.headers.get('Host', '').endswith(h)
        ]):
            return
        if len([
                h for h in config.excluded_host
                if req.headers.get('Host', '').endswith(h)
        ]):
            return
        #check fileext
        if len([
                h for h in config.filter_file
                if urlparse.urlparse(req.path).path.endswith(h)
        ]):
            return
        #check query, get must have query string or url-rewrited
        #GET method, have ext and  do not have query string
        if os.path.splitext(
                req.path
        )[1] and req.command == 'GET' and not urlparse.urlparse(
                req.path).query:
            return

        #prepare request
        req_header_text = "%s %s %s\n%s" % (req.command, req.path,
                                            req.request_version, req.headers)

        if req.command == 'GET':
            request = req_header_text + '\n'
        else:
            request = req_header_text + '\n' + req_body

        #avoid same params multi test
        sig = self.make_sig(req.path)
        if self.check_history(sig):
            return

        self.query_log[sig] = True

        fname = str(uuid.uuid4())

        f = open(config.save_path + '/' + fname, 'w')
        f.write(request)
        f.close()

        i = SqlmapAPIWrapper(fname)
        if i.scan_start():
            config.queue.put((fname, i.taskid, req.path, time.time()))
Ejemplo n.º 3
0
	def save_handler(self, req, req_body, res, res_body):
		#check res.status
		if re.match(config.filter_code, str(res.status)): return
		#check host
		if not len([h for h in config.included_host if req.headers.get('Host', '').endswith(h)]): return
		if len([h for h in config.excluded_host if req.headers.get('Host', '').endswith(h)]): return
		#check fileext
		if len([h for h in config.filter_file if urlparse.urlparse(req.path).path.endswith(h)]): return
		#check query, get must have query string or url-rewrited
		#GET method, have ext and  do not have query string
		if os.path.splitext(req.path)[1] and req.command == 'GET' and not urlparse.urlparse(req.path).query: return

		#prepare request
		req_header_text = "%s %s %s\n%s" % (req.command, req.path, req.request_version, req.headers)

		if req.command == 'GET':
			request = req_header_text + '\n'
		else:
			request = req_header_text + '\n' + req_body

		#avoid same params multi test
		sig = self.make_sig(req.path)
		if self.check_history(sig):
			return

		self.query_log[sig] = True

		fname = str(uuid.uuid4())

		f = open(config.save_path + '/' + fname, 'w')
		f.write(request)
		f.close()

		i = SqlmapAPIWrapper(fname)
		if i.scan_start():
			config.queue.put((fname,i.taskid,req.path,time.time()))
Ejemplo n.º 4
0
    def run(self):
        while True:
            try:
                (fname, taskid, url, start_time) = config.queue.get(timeout=1)
                injector = SqlmapAPIWrapper(fname)
                injector.settaskid(taskid)

                if not injector.terminal():
                    if time.time() - start_time > config.sqlmap_tasktimeout:
                        injector.clear()
                        continue
                    config.queue.put((fname, taskid, url, start_time))
                    time.sleep(3)
                    continue

                if injector.vulnerable():
                    print with_color(
                        32,
                        "#%s [VulUrl] %s" % (time.strftime("%H:%M:%S"), url))
                    print with_color(
                        32, "#%s [Exploit] sqlmap -r %s" %
                        (time.strftime("%H:%M:%S"),
                         config.save_path + '/' + fname))
                    sys.stdout.flush()
                    injector.delete()
                else:
                    injector.clear()
            except Empty:
                time.sleep(3)
            except KeyboardInterrupt:
                return
Ejemplo n.º 5
0
	def run(self):
		while True:
			try:
				(fname,taskid,url,start_time) = config.queue.get(timeout=1)
				injector = SqlmapAPIWrapper(fname)
				injector.settaskid(taskid)

				if not injector.terminal():
					if time.time()-start_time>config.sqlmap_tasktimeout:
						injector.clear()
						continue
					config.queue.put((fname,taskid,url,start_time))
					time.sleep(3)
					continue

				if injector.vulnerable():
					print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),url))
					print with_color(32, "#%s [Exploit] sqlmap -r %s"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname))
					sys.stdout.flush()
					injector.delete()
				else:
					injector.clear()
			except Empty:
				time.sleep(3)
			except KeyboardInterrupt:
				return
Ejemplo n.º 6
0
    def run(self):
        while True:
            try:
                (fname, taskid, payload, start_time,
                 hostname) = config.queue.get(timeout=1)
                #print (fname,taskid,payload,start_time)

                injector = SqlmapAPIWrapper(fname, payload)
                injector.settaskid(taskid)

                #当sqlmapapi检测结束后...
                if not injector.terminal():
                    if time.time() - start_time > config.sqlmap_tasktimeout:
                        injector.clear()
                        continue
                    config.queue.put(
                        (fname, taskid, payload, start_time, hostname))
                    time.sleep(5)
                    continue

                if injector.vulnerable():
                    print with_color(
                        32, "#%s [VulUrl] %s" %
                        (time.strftime("%H:%M:%S"), payload['url']))
                    print with_color(
                        32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3" %
                        (time.strftime("%H:%M:%S"),
                         config.save_path + '/' + fname))
                    vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3" % (
                        time.strftime("%H:%M:%S"), payload['url'],
                        time.strftime("%H:%M:%S"),
                        config.save_path + '/' + fname)
                    writelog(vlu_str,
                             "%s_%s" % (hostname, time.strftime("%Y-%m-%d")))
                    sys.stdout.flush()
                    injector.delete()
                else:
                    injector.clear()

            except Empty:
                time.sleep(3)
                pass
            except KeyboardInterrupt:
                return
Ejemplo n.º 7
0
	def run(self):
		while True:
			try:
				(fname,taskid,payload,start_time) = config.queue.get(timeout=1)
				#print (fname,taskid,payload,start_time)
				
				injector = SqlmapAPIWrapper(fname,payload)
				injector.settaskid(taskid)
	
				#当sqlmapapi检测结束后...
				if not injector.terminal():
					if time.time()-start_time>config.sqlmap_tasktimeout:
						injector.clear()
						continue
					config.queue.put((fname,taskid,payload,start_time))
					time.sleep(5)
					continue

				if injector.vulnerable():
					print with_color(32, "#%s [VulUrl] %s"%(time.strftime("%H:%M:%S"),payload['url']))
					print with_color(32, "#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"), config.save_path + '/' + fname))
					vlu_str = "#%s [VulUrl] %s \n#%s [Exploit] sqlmap -r %s -v 3 --level 3"%(time.strftime("%H:%M:%S"),payload['url'],time.strftime("%H:%M:%S"), config.save_path + '/' + fname)
					writelog(vlu_str,time.strftime("%Y-%m-%d"))
					sys.stdout.flush()
					injector.delete()
				else:
					injector.clear()
					
			except Empty:
				time.sleep(3)
				pass
			except KeyboardInterrupt:
				return
Ejemplo n.º 8
0
    def save_handler(self, req, req_body, res, res_body):
        #check res.status
        if re.match(config.filter_code, str(res.status)): return
        #check host
        if not len([
                h for h in config.included_host
                if req.headers.get('Host', '').endswith(h)
        ]):
            return
        if len([
                h for h in config.excluded_host
                if req.headers.get('Host', '').endswith(h)
        ]):
            return
        #check fileext
        if len([
                h for h in config.filter_file
                if urlparse.urlparse(req.path).path.endswith(h)
        ]):
            return
        #check query, get must have query string or url-rewrited
        #GET method, have ext and  do not have query string
        if os.path.splitext(
                req.path
        )[1] and req.command == 'GET' and not urlparse.urlparse(
                req.path).query:
            return

        #prepare request
        req_header_text = "%s %s %s\n%s" % (req.command, req.path,
                                            req.request_version, req.headers)

        if req.command == 'GET':
            request = req_header_text + '\n'
            keystr = req.path
        else:
            #POST
            if req_body:
                request = req_header_text + '\n' + str(req_body)
                a = str(req_body)
                #分割post data参数
                b = a.split('&')
                c = []
                for i in b:
                    if i.find('=') > 0:
                        arr = i.split('=')
                        c.append(arr[0])
                        keystr = "%s/%s" % (req.path, ''.join(sorted(c)))

        #修改某些Post请求为空时出错
        #else:
            request = req_header_text + '\n' + str(req_body)
            keystr = req.path

        #post请求时把postdata放入检测
        #print req_body

        #avoid same params multi test
        sig = self.make_sig(keystr)
        if self.check_history(sig):
            return

        self.query_log[sig] = True

        fname = str(uuid.uuid4())

        f = open(config.save_path + '/' + fname, 'w')
        f.write(request)
        f.close()

        #print req.headers.get('Cookie')

        if req_body:
            payload = {
                'url': req.path,
                'data': req_body,
                'cookie': req.headers.get('Cookie'),
                'agent': req.headers.get('User-Agent'),
                'level': 3
            }
        else:
            payload = {
                'url': req.path,
                'cookie': req.headers.get('Cookie'),
                'agent': req.headers.get('User-Agent'),
                'level': 3
            }

        #通过类传参,把payload传入检测队列
        i = SqlmapAPIWrapper(fname, payload)
        if i.scan_start():
            self.q.put((fname, i.taskid, payload, time.time()))