Example #1
0
class Crlf_injection():
    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()
        self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__),
                                        '../..'))

    def test_crlf_injection(self, target):
        payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r')
        if (target[:-1].endswith('/')) == False:
            target += "/"
        try:
            flag = requests.get(target)
            for i in payload.readlines()[1:]:
                req = requests.get(target + i)
                if req.text == flag.text:
                    continue
                    status = req.status_code
                    if status != 404 and status != 403 and status != 400:
                        poc = "POC: " + target + i
                        self.Print.printer(3, "CRLF header Injection",
                                           data, status, poc)
        except Exception as e:
            print("Error occured while checking for crlf injection. Check module\
                  log for details")
            self.logger.module_log(e)
        return
Example #2
0
class Crlf_injection():
    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()
        self.filepath = os.path.abspath(
            os.path.join(os.path.dirname(__file__), '../..'))

    def test_crlf_injection(self, target):
        payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r')
        if (target[:-1].endswith('/')) == False:
            target += "/"
        try:
            flag = requests.get(target)
            for i in payload.readlines()[1:]:
                req = requests.get(target + i)
                if req.text == flag.text:
                    continue
                    status = req.status_code
                    if status != 404 and status != 403 and status != 400:
                        poc = "POC: " + target + i
                        self.Print.printer(3, "CRLF header Injection", data,
                                           status, poc)
        except Exception as e:
            print(
                "Error occured while checking for crlf injection. Check module\
                  log for details")
            self.logger.module_log(e)
        return
Example #3
0
class Apache2_tests():
    def __init__(self):
        self.logger = LoggingManager()
        self.Print = Print()

    def currentTime(self):
        return int(round(time.time() * 1000))

    def execute_all_func(self, target):
        self.rangeInjection(target)
        self.mod_negotiation(target)

    def rangeInjection(self, target):
        timer = 0
        avgTime = 0
        rangeBuf = 'bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15,5-16,5-17,5-18,5-19,5-20,5-21,5-22,5-23,5-24,5-25,5-26,5-27,5-28,5-29,5-30,5-31,5-32,5-33,5-34,5-35,5-36,5-37,5-38,5-39,5-40,5-41,5-42,5-43,5-44,5-45,5-46,5-47,5-48,5-49,5-50,5-51,5-52,5-53,5-54,5-55,5-56,5-57,5-58,5-59,5-60,5-61,5-62,5-63,5-64,5-65,5-66,5-67,5-68,5-69,5-70,5-71,5-72,5-73,5-74,5-75,5-76,5-77,5-78,5-79,5-80,5-81,5-82,5-83,5-84,5-85,5-86,5-87,5-88,5-89,5-90,5-91,5-92,5-93,5-94,5-95,5-96,5-97,5-98,5-99,5-100,5-101,5-102,5-103,5-104,5-105,5-106,5-107,5-108,5-109,5-110,5-111,5-112,5-113,5-114,5-115,5-116,5-117,5-118,5-119,5-120,5-121,5-122,5-123,5-124,5-125,5-126,5-127,5-128,5-129,5-130,5-131,5-132,5-133,5-134,5-135,5-136,5-137,5-138,5-139,5-140,5-141,5-142,5-143,5-144,5-145,5-146,5-147,5-148,5-149,5-150,5-151,5-152,5-153,5-154,5-155,5-156,5-157,5-158,5-159,5-160,5-161,5-162,5-163,5-164,5-165,5-166,5-167,5-168,5-169,5-170,5-171,5-172,5-173,5-174,5-175,5-176,5-177,5-178,5-179,5-180,5-181,5-182,5-183,5-184,5-185,5-186,5-187,5-188,5-189,5-190,5-191,5-192,5-193,5-194,5-195,5-196,5-197,5-198,5-199,5-200,5-201,5-202,5-203,5-204,5-205,5-206,5-207,5-208,5-209,5-210,5-211,5-212,5-213,5-214,5-215,5-216,5-217,5-218,5-219,5-220,5-221,5-222,5-223,5-224,5-225,5-226,5-227,5-228,5-229,5-230,5-231,5-232,5-233,5-234,5-235,5-236,5-237,5-238,5-239,5-240,5-241,5-242,5-243,5-244,5-245,5-246,5-247,5-248,5-249,5-250,5-251,5-252,5-253,5-254,5-255,5-256,5-257,5-258,5-259,5-260,5-261,5-262,5-263,5-264,5-265,5-266,5-267,5-268,5-269,5-270,5-271,5-272,5-273,5-274,5-275,5-276,5-277,5-278,5-279,5-280,5-281,5-282,5-283,5-284,5-285,5-286,5-287,5-288,5-289,5-290,5-291,5-292,5-293,5-294,5-295,5-296,5-297,5-298,5-299,5-300,5-301,5-302,5-303,5-304,5-305,5-306,5-307,5-308,5-309,5-310,5-311,5-312,5-313,5-314,5-315,5-316,5-317,5-318,5-319,5-320,5-321,5-322,5-323,5-324,5-325,5-326,5-327,5-328,5-329,5-330,5-331,5-332,5-333,5-334,5-335,5-336,5-337,5-338,5-339,5-340,5-341,5-342,5-343,5-344,5-345,5-346,5-347,5-348,5-349,5-350,5-351,5-352,5-353,5-354,5-355,5-356,5-357,5-358,5-359,5-360,5-361,5-362,5-363,5-364,5-365,5-366,5-367,5-368,5-369,5-370,5-371,5-372,5-373,5-374,5-375,5-376,5-377,5-378,5-379,5-380,5-381,5-382,5-383,5-384,5-385,5-386,5-387,5-388,5-389,5-390,5-391,5-392,5-393,5-394,5-395,5-396,5-397,5-398,5-399,5-400,5-401,5-402,5-403,5-404,5-405,5-406,5-407,5-408,5-409,5-410,5-411,5-412,5-413,5-414,5-415,5-416,5-417,5-418,5-419,5-420,5-421,5-422,5-423,5-424,5-425,5-426,5-427,5-428,5-429,5-430,5-431,5-432,5-433,5-434,5-435,5-436,5-437,5-438,5-439,5-440,5-441,5-442,5-443,5-444,5-445,5-446,5-447,5-448,5-449,5-450,5-451,5-452,5-453,5-454,5-455,5-456,5-457,5-458,5-459,5-460,5-461,5-462,5-463,5-464,5-465,5-466,5-467,5-468,5-469,5-470,5-471,5-472,5-473,5-474,5-475,5-476,5-477,5-478,5-479,5-480,5-481,5-482,5-483,5-484,5-485,5-486,5-487,5-488,5-489,5-490,5-491,5-492,5-493,5-494,5-495,5-496,5-497,5-498,5-499,5-500,5-501,5-502,5-503,5-504,5-505,5-506,5-507,5-508,5-509,5-510,5-511,5-512,5-513,5-514,5-515,5-516,5-517,5-518,5-519,5-520,5-521,5-522,5-523,5-524,5-525,5-526,5-527,5-528,5-529,5-530,5-531,5-532,5-533,5-534,5-535,5-536,5-537,5-538,5-539,5-540,5-541,5-542,5-543,5-544,5-545,5-546,5-547,5-548,5-549,5-550,5-551,5-552,5-553,5-554,5-555,5-556,5-557,5-558,5-559,5-560,5-561,5-562,5-563,5-564,5-565,5-566,5-567,5-568,5-569,5-570,5-571,5-572,5-573,5-574,5-575,5-576,5-577,5-578,5-579,5-580,5-581,5-582,5-583,5-584,5-585,5-586,5-587,5-588,5-589,5-590,5-591,5-592,5-593,5-594,5-595,5-596,5-597,5-598,5-599,5-600,5-601,5-602,5-603,5-604,5-605,5-606,5-607,5-608,5-609,5-610,5-611,5-612,5-613,5-614,5-615,5-616,5-617,5-618,5-619,5-620,5-621,5-622,5-623,5-624,5-625,5-626,5-627,5-628,5-629,5-630,5-631,5-632,5-633,5-634,5-635,5-636,5-637,5-638,5-639,5-640,5-641,5-642,5-643,5-644,5-645,5-646,5-647,5-648,5-649,5-650,5-651,5-652,5-653,5-654,5-655,5-656,5-657,5-658,5-659,5-660,5-661,5-662,5-663,5-664,5-665,5-666,5-667,5-668,5-669,5-670,5-671,5-672,5-673,5-674,5-675,5-676,5-677,5-678,5-679,5-680,5-681,5-682,5-683,5-684,5-685,5-686,5-687,5-688,5-689,5-690,5-691,5-692,5-693,5-694,5-695,5-696,5-697,5-698,5-699,5-700,5-701,5-702,5-703,5-704,5-705,5-706,5-707,5-708,5-709,5-710,5-711,5-712,5-713,5-714,5-715,5-716,5-717,5-718,5-719,5-720,5-721,5-722,5-723,5-724,5-725,5-726,5-727,5-728,5-729,5-730,5-731,5-732,5-733,5-734,5-735,5-736,5-737,5-738,5-739,5-740,5-741,5-742,5-743,5-744,5-745,5-746,5-747,5-748,5-749,5-750,5-751,5-752,5-753,5-754,5-755,5-756,5-757,5-758,5-759,5-760,5-761,5-762,5-763,5-764,5-765,5-766,5-767,5-768,5-769,5-770,5-771,5-772,5-773,5-774,5-775,5-776,5-777,5-778,5-779,5-780,5-781,5-782,5-783,5-784,5-785,5-786,5-787,5-788,5-789,5-790,5-791,5-792,5-793,5-794,5-795,5-796,5-797,5-798,5-799,5-800,5-801,5-802,5-803,5-804,5-805,5-806,5-807,5-808,5-809,5-810,5-811,5-812,5-813,5-814,5-815,5-816,5-817,5-818,5-819,5-820,5-821,5-822,5-823,5-824,5-825,5-826,5-827,5-828,5-829,5-830,5-831,5-832,5-833,5-834,5-835,5-836,5-837,5-838,5-839,5-840,5-841,5-842,5-843,5-844,5-845,5-846,5-847,5-848,5-849,5-850,5-851,5-852,5-853,5-854,5-855,5-856,5-857,5-858,5-859,5-860,5-861,5-862,5-863,5-864,5-865,5-866,5-867,5-868,5-869,5-870,5-871,5-872,5-873,5-874,5-875,5-876,5-877,5-878,5-879,5-880,5-881,5-882,5-883,5-884,5-885,5-886,5-887,5-888,5-889,5-890,5-891,5-892,5-893,5-894,5-895,5-896,5-897,5-898,5-899,5-900,5-901,5-902,5-903,5-904,5-905,5-906,5-907,5-908,5-909,5-910,5-911,5-912,5-913,5-914,5-915,5-916,5-917,5-918,5-919,5-920,5-921,5-922,5-923,5-924,5-925,5-926,5-927,5-928,5-929,5-930,5-931,5-932,5-933,5-934,5-935,5-936,5-937,5-938,5-939,5-940,5-941,5-942,5-943,5-944,5-945,5-946,5-947,5-948,5-949,5-950,5-951,5-952,5-953,5-954,5-955,5-956,5-957,5-958,5-959,5-960,5-961,5-962,5-963,5-964,5-965,5-966,5-967,5-968,5-969,5-970,5-971,5-972,5-973,5-974,5-975,5-976,5-977,5-978,5-979,5-980,5-981,5-982,5-983,5-984,5-985,5-986,5-987,5-988,5-989,5-990,5-991,5-992,5-993,5-994,5-995,5-996,5-997,5-998,5-999,5-1000,5-1001,5-1002,5-1003,5-1004,5-1005,5-1006,5-1007,5-1008,5-1009,5-1010,5-1011,5-1012,5-1013,5-1014,5-1015,5-1016,5-1017,5-1018,5-1019,5-1020,5-1021,5-1022,5-1023,5-1024,5-1025,5-1026,5-1027,5-1028,5-1029,5-1030,5-1031,5-1032,5-1033,5-1034,5-1035,5-1036,5-1037,5-1038,5-1039,5-1040,5-1041,5-1042,5-1043,5-1044,5-1045,5-1046,5-1047,5-1048,5-1049,5-1050,5-1051,5-1052,5-1053,5-1054,5-1055,5-1056,5-1057,5-1058,5-1059,5-1060,5-1061,5-1062,5-1063,5-1064,5-1065,5-1066,5-1067,5-1068,5-1069,5-1070,5-1071,5-1072,5-1073,5-1074,5-1075,5-1076,5-1077,5-1078,5-1079,5-1080,5-1081,5-1082,5-1083,5-1084,5-1085,5-1086,5-1087,5-1088,5-1089,5-1090,5-1091,5-1092,5-1093,5-1094,5-1095,5-1096,5-1097,5-1098,5-1099,5-1100,5-1101,5-1102,5-1103,5-1104,5-1105,5-1106,5-1107,5-1108,5-1109,5-1110,5-1111,5-1112,5-1113,5-1114,5-1115,5-1116,5-1117,5-1118,5-1119,5-1120,5-1121,5-1122,5-1123,5-1124,5-1125,5-1126,5-1127,5-1128,5-1129,5-1130,5-1131,5-1132,5-1133,5-1134,5-1135,5-1136,5-1137,5-1138,5-1139,5-1140,5-1141,5-1142,5-1143,5-1144,5-1145,5-1146,5-1147,5-1148,5-1149,5-1150,5-1151,5-1152,5-1153,5-1154,5-1155,5-1156,5-1157,5-1158,5-1159,5-1160,5-1161,5-1162,5-1163,5-1164,5-1165,5-1166,5-1167,5-1168,5-1169,5-1170,5-1171,5-1172,5-1173,5-1174,5-1175,5-1176,5-1177,5-1178,5-1179,5-1180,5-1181,5-1182,5-1183,5-1184,5-1185,5-1186,5-1187,5-1188,5-1189,5-1190,5-1191,5-1192,5-1193,5-1194,5-1195,5-1196,5-1197,5-1198,5-1199,5-1200,5-1201,5-1202,5-1203,5-1204,5-1205,5-1206,5-1207,5-1208,5-1209,5-1210,5-1211,5-1212,5-1213,5-1214,5-1215,5-1216,5-1217,5-1218,5-1219,5-1220,5-1221,5-1222,5-1223,5-1224,5-1225,5-1226,5-1227,5-1228,5-1229,5-1230,5-1231,5-1232,5-1233,5-1234,5-1235,5-1236,5-1237,5-1238,5-1239,5-1240,5-1241,5-1242,5-1243,5-1244,5-1245,5-1246,5-1247,5-1248,5-1249,5-1250,5-1251,5-1252,5-1253,5-1254,5-1255,5-1256,5-1257,5-1258,5-1259,5-1260,5-1261,5-1262,5-1263,5-1264,5-1265,5-1266,5-1267,5-1268,5-1269,5-1270,5-1271,5-1272,5-1273,5-1274,5-1275,5-1276,5-1277,5-1278,5-1279,5-1280,5-1281,5-1282,5-1283,5-1284,5-1285,5-1286,5-1287,5-1288,5-1289,5-1290,5-1291,5-1292,5-1293,5-1294,5-1295,5-1296,5-1297,5-1298,5-1299'
        host = "www.google.com"
        headers = {
            'X-Forwarded-Host': host,
            'Accept-Encoding': 'gzip , deflate',
            'Connection': 'keep-alive',
            'Range': rangeBuf
        }

        timer = self.currentTime()
        req = requests.get(target)
        timer = self.currentTime() - timer
        avgTime = timer
        for i in range(4):
            timer = self.currentTime()
            req = requests.get(target)
            timer = self.currentTime() - timer
            avgTime = timer + avgTime / 2

        realTime = avgTime

        timer = self.currentTime()
        req = requests.get(target, headers=headers)
        timer = self.currentTime() - timer
        avgTime = timer
        for i in range(4):
            timer = self.currentTime()
            req = requests.get(target, headers=headers)
            timer = self.currentTime() - timer
            avgTime = timer + avgTime / 2

        if ((avgTime / realTime) > 5):
            self.Print.printer(2, "Apache2 Range Header DOS: ", None)
            # self.Print.printer(0, "Response time without range: " + realTime,
            #                   None, req.status_code)
        #    self.Print.printer(0, "Response time with range: " + avgTime,
        #                       None, req.status_code)

    def mod_negotiation(self, target):
        headers = {'Accept': 'webxploiter/test'}
        req = requests.get(target + "/index", headers=headers)
        if req.status_code == 406:
            self.Print.printer(2, "Apache Mod Negotiation vulnerability",
                               req.headers['alternates'], req.status_code)
Example #4
0
class Apache2_tests:
    def __init__(self):
        self.logger = LoggingManager()
        self.Print = Print()

    def currentTime(self):
        return int(round(time.time() * 1000))

    def execute_all_func(self, target):
        self.rangeInjection(target)
        self.mod_negotiation(target)

    def rangeInjection(self, target):
        timer = 0
        avgTime = 0
        rangeBuf = "bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15,5-16,5-17,5-18,5-19,5-20,5-21,5-22,5-23,5-24,5-25,5-26,5-27,5-28,5-29,5-30,5-31,5-32,5-33,5-34,5-35,5-36,5-37,5-38,5-39,5-40,5-41,5-42,5-43,5-44,5-45,5-46,5-47,5-48,5-49,5-50,5-51,5-52,5-53,5-54,5-55,5-56,5-57,5-58,5-59,5-60,5-61,5-62,5-63,5-64,5-65,5-66,5-67,5-68,5-69,5-70,5-71,5-72,5-73,5-74,5-75,5-76,5-77,5-78,5-79,5-80,5-81,5-82,5-83,5-84,5-85,5-86,5-87,5-88,5-89,5-90,5-91,5-92,5-93,5-94,5-95,5-96,5-97,5-98,5-99,5-100,5-101,5-102,5-103,5-104,5-105,5-106,5-107,5-108,5-109,5-110,5-111,5-112,5-113,5-114,5-115,5-116,5-117,5-118,5-119,5-120,5-121,5-122,5-123,5-124,5-125,5-126,5-127,5-128,5-129,5-130,5-131,5-132,5-133,5-134,5-135,5-136,5-137,5-138,5-139,5-140,5-141,5-142,5-143,5-144,5-145,5-146,5-147,5-148,5-149,5-150,5-151,5-152,5-153,5-154,5-155,5-156,5-157,5-158,5-159,5-160,5-161,5-162,5-163,5-164,5-165,5-166,5-167,5-168,5-169,5-170,5-171,5-172,5-173,5-174,5-175,5-176,5-177,5-178,5-179,5-180,5-181,5-182,5-183,5-184,5-185,5-186,5-187,5-188,5-189,5-190,5-191,5-192,5-193,5-194,5-195,5-196,5-197,5-198,5-199,5-200,5-201,5-202,5-203,5-204,5-205,5-206,5-207,5-208,5-209,5-210,5-211,5-212,5-213,5-214,5-215,5-216,5-217,5-218,5-219,5-220,5-221,5-222,5-223,5-224,5-225,5-226,5-227,5-228,5-229,5-230,5-231,5-232,5-233,5-234,5-235,5-236,5-237,5-238,5-239,5-240,5-241,5-242,5-243,5-244,5-245,5-246,5-247,5-248,5-249,5-250,5-251,5-252,5-253,5-254,5-255,5-256,5-257,5-258,5-259,5-260,5-261,5-262,5-263,5-264,5-265,5-266,5-267,5-268,5-269,5-270,5-271,5-272,5-273,5-274,5-275,5-276,5-277,5-278,5-279,5-280,5-281,5-282,5-283,5-284,5-285,5-286,5-287,5-288,5-289,5-290,5-291,5-292,5-293,5-294,5-295,5-296,5-297,5-298,5-299,5-300,5-301,5-302,5-303,5-304,5-305,5-306,5-307,5-308,5-309,5-310,5-311,5-312,5-313,5-314,5-315,5-316,5-317,5-318,5-319,5-320,5-321,5-322,5-323,5-324,5-325,5-326,5-327,5-328,5-329,5-330,5-331,5-332,5-333,5-334,5-335,5-336,5-337,5-338,5-339,5-340,5-341,5-342,5-343,5-344,5-345,5-346,5-347,5-348,5-349,5-350,5-351,5-352,5-353,5-354,5-355,5-356,5-357,5-358,5-359,5-360,5-361,5-362,5-363,5-364,5-365,5-366,5-367,5-368,5-369,5-370,5-371,5-372,5-373,5-374,5-375,5-376,5-377,5-378,5-379,5-380,5-381,5-382,5-383,5-384,5-385,5-386,5-387,5-388,5-389,5-390,5-391,5-392,5-393,5-394,5-395,5-396,5-397,5-398,5-399,5-400,5-401,5-402,5-403,5-404,5-405,5-406,5-407,5-408,5-409,5-410,5-411,5-412,5-413,5-414,5-415,5-416,5-417,5-418,5-419,5-420,5-421,5-422,5-423,5-424,5-425,5-426,5-427,5-428,5-429,5-430,5-431,5-432,5-433,5-434,5-435,5-436,5-437,5-438,5-439,5-440,5-441,5-442,5-443,5-444,5-445,5-446,5-447,5-448,5-449,5-450,5-451,5-452,5-453,5-454,5-455,5-456,5-457,5-458,5-459,5-460,5-461,5-462,5-463,5-464,5-465,5-466,5-467,5-468,5-469,5-470,5-471,5-472,5-473,5-474,5-475,5-476,5-477,5-478,5-479,5-480,5-481,5-482,5-483,5-484,5-485,5-486,5-487,5-488,5-489,5-490,5-491,5-492,5-493,5-494,5-495,5-496,5-497,5-498,5-499,5-500,5-501,5-502,5-503,5-504,5-505,5-506,5-507,5-508,5-509,5-510,5-511,5-512,5-513,5-514,5-515,5-516,5-517,5-518,5-519,5-520,5-521,5-522,5-523,5-524,5-525,5-526,5-527,5-528,5-529,5-530,5-531,5-532,5-533,5-534,5-535,5-536,5-537,5-538,5-539,5-540,5-541,5-542,5-543,5-544,5-545,5-546,5-547,5-548,5-549,5-550,5-551,5-552,5-553,5-554,5-555,5-556,5-557,5-558,5-559,5-560,5-561,5-562,5-563,5-564,5-565,5-566,5-567,5-568,5-569,5-570,5-571,5-572,5-573,5-574,5-575,5-576,5-577,5-578,5-579,5-580,5-581,5-582,5-583,5-584,5-585,5-586,5-587,5-588,5-589,5-590,5-591,5-592,5-593,5-594,5-595,5-596,5-597,5-598,5-599,5-600,5-601,5-602,5-603,5-604,5-605,5-606,5-607,5-608,5-609,5-610,5-611,5-612,5-613,5-614,5-615,5-616,5-617,5-618,5-619,5-620,5-621,5-622,5-623,5-624,5-625,5-626,5-627,5-628,5-629,5-630,5-631,5-632,5-633,5-634,5-635,5-636,5-637,5-638,5-639,5-640,5-641,5-642,5-643,5-644,5-645,5-646,5-647,5-648,5-649,5-650,5-651,5-652,5-653,5-654,5-655,5-656,5-657,5-658,5-659,5-660,5-661,5-662,5-663,5-664,5-665,5-666,5-667,5-668,5-669,5-670,5-671,5-672,5-673,5-674,5-675,5-676,5-677,5-678,5-679,5-680,5-681,5-682,5-683,5-684,5-685,5-686,5-687,5-688,5-689,5-690,5-691,5-692,5-693,5-694,5-695,5-696,5-697,5-698,5-699,5-700,5-701,5-702,5-703,5-704,5-705,5-706,5-707,5-708,5-709,5-710,5-711,5-712,5-713,5-714,5-715,5-716,5-717,5-718,5-719,5-720,5-721,5-722,5-723,5-724,5-725,5-726,5-727,5-728,5-729,5-730,5-731,5-732,5-733,5-734,5-735,5-736,5-737,5-738,5-739,5-740,5-741,5-742,5-743,5-744,5-745,5-746,5-747,5-748,5-749,5-750,5-751,5-752,5-753,5-754,5-755,5-756,5-757,5-758,5-759,5-760,5-761,5-762,5-763,5-764,5-765,5-766,5-767,5-768,5-769,5-770,5-771,5-772,5-773,5-774,5-775,5-776,5-777,5-778,5-779,5-780,5-781,5-782,5-783,5-784,5-785,5-786,5-787,5-788,5-789,5-790,5-791,5-792,5-793,5-794,5-795,5-796,5-797,5-798,5-799,5-800,5-801,5-802,5-803,5-804,5-805,5-806,5-807,5-808,5-809,5-810,5-811,5-812,5-813,5-814,5-815,5-816,5-817,5-818,5-819,5-820,5-821,5-822,5-823,5-824,5-825,5-826,5-827,5-828,5-829,5-830,5-831,5-832,5-833,5-834,5-835,5-836,5-837,5-838,5-839,5-840,5-841,5-842,5-843,5-844,5-845,5-846,5-847,5-848,5-849,5-850,5-851,5-852,5-853,5-854,5-855,5-856,5-857,5-858,5-859,5-860,5-861,5-862,5-863,5-864,5-865,5-866,5-867,5-868,5-869,5-870,5-871,5-872,5-873,5-874,5-875,5-876,5-877,5-878,5-879,5-880,5-881,5-882,5-883,5-884,5-885,5-886,5-887,5-888,5-889,5-890,5-891,5-892,5-893,5-894,5-895,5-896,5-897,5-898,5-899,5-900,5-901,5-902,5-903,5-904,5-905,5-906,5-907,5-908,5-909,5-910,5-911,5-912,5-913,5-914,5-915,5-916,5-917,5-918,5-919,5-920,5-921,5-922,5-923,5-924,5-925,5-926,5-927,5-928,5-929,5-930,5-931,5-932,5-933,5-934,5-935,5-936,5-937,5-938,5-939,5-940,5-941,5-942,5-943,5-944,5-945,5-946,5-947,5-948,5-949,5-950,5-951,5-952,5-953,5-954,5-955,5-956,5-957,5-958,5-959,5-960,5-961,5-962,5-963,5-964,5-965,5-966,5-967,5-968,5-969,5-970,5-971,5-972,5-973,5-974,5-975,5-976,5-977,5-978,5-979,5-980,5-981,5-982,5-983,5-984,5-985,5-986,5-987,5-988,5-989,5-990,5-991,5-992,5-993,5-994,5-995,5-996,5-997,5-998,5-999,5-1000,5-1001,5-1002,5-1003,5-1004,5-1005,5-1006,5-1007,5-1008,5-1009,5-1010,5-1011,5-1012,5-1013,5-1014,5-1015,5-1016,5-1017,5-1018,5-1019,5-1020,5-1021,5-1022,5-1023,5-1024,5-1025,5-1026,5-1027,5-1028,5-1029,5-1030,5-1031,5-1032,5-1033,5-1034,5-1035,5-1036,5-1037,5-1038,5-1039,5-1040,5-1041,5-1042,5-1043,5-1044,5-1045,5-1046,5-1047,5-1048,5-1049,5-1050,5-1051,5-1052,5-1053,5-1054,5-1055,5-1056,5-1057,5-1058,5-1059,5-1060,5-1061,5-1062,5-1063,5-1064,5-1065,5-1066,5-1067,5-1068,5-1069,5-1070,5-1071,5-1072,5-1073,5-1074,5-1075,5-1076,5-1077,5-1078,5-1079,5-1080,5-1081,5-1082,5-1083,5-1084,5-1085,5-1086,5-1087,5-1088,5-1089,5-1090,5-1091,5-1092,5-1093,5-1094,5-1095,5-1096,5-1097,5-1098,5-1099,5-1100,5-1101,5-1102,5-1103,5-1104,5-1105,5-1106,5-1107,5-1108,5-1109,5-1110,5-1111,5-1112,5-1113,5-1114,5-1115,5-1116,5-1117,5-1118,5-1119,5-1120,5-1121,5-1122,5-1123,5-1124,5-1125,5-1126,5-1127,5-1128,5-1129,5-1130,5-1131,5-1132,5-1133,5-1134,5-1135,5-1136,5-1137,5-1138,5-1139,5-1140,5-1141,5-1142,5-1143,5-1144,5-1145,5-1146,5-1147,5-1148,5-1149,5-1150,5-1151,5-1152,5-1153,5-1154,5-1155,5-1156,5-1157,5-1158,5-1159,5-1160,5-1161,5-1162,5-1163,5-1164,5-1165,5-1166,5-1167,5-1168,5-1169,5-1170,5-1171,5-1172,5-1173,5-1174,5-1175,5-1176,5-1177,5-1178,5-1179,5-1180,5-1181,5-1182,5-1183,5-1184,5-1185,5-1186,5-1187,5-1188,5-1189,5-1190,5-1191,5-1192,5-1193,5-1194,5-1195,5-1196,5-1197,5-1198,5-1199,5-1200,5-1201,5-1202,5-1203,5-1204,5-1205,5-1206,5-1207,5-1208,5-1209,5-1210,5-1211,5-1212,5-1213,5-1214,5-1215,5-1216,5-1217,5-1218,5-1219,5-1220,5-1221,5-1222,5-1223,5-1224,5-1225,5-1226,5-1227,5-1228,5-1229,5-1230,5-1231,5-1232,5-1233,5-1234,5-1235,5-1236,5-1237,5-1238,5-1239,5-1240,5-1241,5-1242,5-1243,5-1244,5-1245,5-1246,5-1247,5-1248,5-1249,5-1250,5-1251,5-1252,5-1253,5-1254,5-1255,5-1256,5-1257,5-1258,5-1259,5-1260,5-1261,5-1262,5-1263,5-1264,5-1265,5-1266,5-1267,5-1268,5-1269,5-1270,5-1271,5-1272,5-1273,5-1274,5-1275,5-1276,5-1277,5-1278,5-1279,5-1280,5-1281,5-1282,5-1283,5-1284,5-1285,5-1286,5-1287,5-1288,5-1289,5-1290,5-1291,5-1292,5-1293,5-1294,5-1295,5-1296,5-1297,5-1298,5-1299"
        host = "www.google.com"
        headers = {
            "X-Forwarded-Host": host,
            "Accept-Encoding": "gzip , deflate",
            "Connection": "keep-alive",
            "Range": rangeBuf,
        }

        timer = self.currentTime()
        req = requests.get(target)
        timer = self.currentTime() - timer
        avgTime = timer
        for i in range(4):
            timer = self.currentTime()
            req = requests.get(target)
            timer = self.currentTime() - timer
            avgTime = timer + avgTime / 2

        realTime = avgTime

        timer = self.currentTime()
        req = requests.get(target, headers=headers)
        timer = self.currentTime() - timer
        avgTime = timer
        for i in range(4):
            timer = self.currentTime()
            req = requests.get(target, headers=headers)
            timer = self.currentTime() - timer
            avgTime = timer + avgTime / 2

        if (avgTime / realTime) > 5:
            self.Print.printer(2, "Apache2 Range Header DOS: ", None)
            # self.Print.printer(0, "Response time without range: " + realTime,
            #                   None, req.status_code)
        #    self.Print.printer(0, "Response time with range: " + avgTime,
        #                       None, req.status_code)

    def mod_negotiation(self, target):
        headers = {"Accept": "webxploiter/test"}
        req = requests.get(target + "/index", headers=headers)
        if req.status_code == 406:
            self.Print.printer(2, "Apache Mod Negotiation vulnerability", req.headers["alternates"], req.status_code)
Example #5
0
class Sql_injection():
    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()
        self.filepath = os.path.abspath(
            os.path.join(os.path.dirname(__file__), '../..'))

    def execute_all_func(self, target):
        try:
            self.check_cookies(target)
        except Exception as e:
            print("Error while checking cookies.Check module log for details")
            self.logger.module_log(e)
        try:
            self.check_user_agent(target)
        except Exception as e:
            print(
                "Error while checking user agent.Check module log for details."
            )
            self.logger.module_log(e)
        return

    def check_cookies(self, target):
        session = requests.Session()
        req = session.get(target)
        payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r')
        check = ["MySQL server version", "have an error", "SQL syntax"]
        for i in payload.readlines():
            i = i.strip("\n")
            for cookie in session.cookies:
                cookie.value += i
                r = session.get(target)
                for j in range(0, len(check)):
                    if check[j] in r.text:
                        poc = "POC: " + cookie.name + ": " + cookie.value
                        self.Print.printer(3, "Error Based SQLi(Cookie Based)",
                                           None, req.status_code, poc)
                        return

    def check_user_agent(self, target):
        payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r')
        for i in payload.readlines():
            user_agent = {
                'User-agent':
                'Mozilla/5.0 (X11; Ubuntu; Linux' +
                'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
            }
            user_agent['User-agent'] += i
            req = urllib.request.Request(target, headers=user_agent)
            flag = str(urllib.request.urlopen(req).read())
            check = ["MySQL server version", "have an error", "SQL syntax"]
            for j in range(0, len(check)):
                for line in re.finditer(check[j], flag):
                    self.Print.printer(3, "Error Based SQLi(User Agent)", None,
                                       None, None)
                    return
class Info_disclosure:
    def __init__(self):
        self.Print = Print()

    def check(self, target):
        req = requests.get(target + "/robots.txt")
        if req.status_code != 404:
            with closing(requests.get(target + "/robots.txt")) as stream:
                data = stream.text
                self.Print.printer(0, "Robots.txt analysis: ", data,
                                   req.status_code)

        req = requests.get(target + "/server-status")
        if req.status_code != 404:
            with closing(requests.get(target + "/server-status")) as stream:
                data = stream.text
            self.Print.printer(1, "server-status analysis: ", None,
                               req.status_code)

        req = requests.get(target + "/.svn/entries")
        if req.status_code != 404:
            with closing(requests.get(target + "/.svn/entries")) as stream:
                data = stream.text
            self.Print.printer(1, "Svn entries analysis: ", None,
                               req.status_code)

        req = requests.get(target + "/.htaccess")
        if req.status_code != 404:
            with closing(requests.get(target + "/.htaccess")) as stream:
                data = stream.text
            self.Print.printer(1, ".htaccess analysis: ", None,
                               req.status_code)
        url = target.split('/')[2]
        httplib.HTTPSConnection._http_vsn = 10
        httplib.HTTPSConnection._http_vsn_str = 'HTTP/1.0'
        req = httplib.HTTPSConnection(url)
        try:
            req.request("GET", "/")
            response = req.getresponse()
            if response.getheader('location'):
                location = response.getheader('Location')
                pieces = location.strip('https://').strip('http://').split('.')
                if len(pieces) >= 3 and self.hasNumbers(location):
                    self.Print.printer(2, "Internal IP disclosure", location)
                req.close()
        except Exception as e:
            pass

    def hasNumbers(self, inputString):
        return any(char.isdigit() for char in inputString)
Example #7
0
class Info_disclosure:
    def __init__(self):
        self.Print = Print()

    def check(self, target):
        req = requests.get(target+"/robots.txt")
        if req.status_code != 404:
            with closing(requests.get(target+"/robots.txt")) as stream:
                data = stream.text
                self.Print.printer(0, "Robots.txt analysis: ", data,
                                   req.status_code)

        req = requests.get(target+"/server-status")
        if req.status_code != 404:
            with closing(requests.get(target+"/server-status")) as stream:
                data = stream.text
            self.Print.printer(1, "server-status analysis: ", None,
                               req.status_code)

        req = requests.get(target+"/.svn/entries")
        if req.status_code != 404:
            with closing(requests.get(target+"/.svn/entries")) as stream:
                data = stream.text
            self.Print.printer(1, "Svn entries analysis: ", None,
                               req.status_code)

        req = requests.get(target+"/.htaccess")
        if req.status_code != 404:
            with closing(requests.get(target+"/.htaccess")) as stream:
                data = stream.text
            self.Print.printer(1, ".htaccess analysis: ", None,
                               req.status_code)
        url = target.split('/')[2]
        httplib.HTTPSConnection._http_vsn = 10
        httplib.HTTPSConnection._http_vsn_str = 'HTTP/1.0'
        req = httplib.HTTPSConnection(url)
        try:
            req.request("GET", "/")
            response = req.getresponse()
            if response.getheader('location'):
                location = response.getheader('Location')
                pieces = location.strip('https://').strip('http://').split('.')
                if len(pieces) >= 3 and self.hasNumbers(location):
                    self.Print.printer(2, "Internal IP disclosure", location)
                req.close()
        except Exception as e:
            pass

    def hasNumbers(self, inputString):
        return any(char.isdigit() for char in inputString)
Example #8
0
class WebXploit():
    def __init__(self):
        self.target_url = ""
        self.target_port = ""
        self.target_host = ""
        self.logger = logger
        self.recon_headers = Headers()
        self.recon_cookies = Cookies()
        self.recon_methods = HTTPMethods()
        self.recon_others = Others()

        self.sql = Sql_injection()
        self.crlf = Crlf_injection()
        self.host = Host_injection()


        self.apache = Apache2_tests()
        self.wordpress = Wordpress()

        self.Print = Print()

    def parse_target(self, target):
        try:
            self.target_url = target
            flag = urlparse(target)
            self.target_host = flag.scheme + "://" + flag.netloc
            print("Target"+str(self.target_host))
            self.target_port = flag.port
        except Exception as e:
            self.logger.error_log(e)
        self.Print.printer(None, self.target_url, None)

    def launch(self):
        os.system("toilet -F metal WebXploit - Recon")

    def get_headers(self, target):
        self.recon_headers.execute_all_func(self.target_url)

    def get_cookies(self, target):
        self.recon_cookies.execute_all_func(target)

    def execute_random_vulns(self, target):
        self.recon_others.execute_all_func(target)

    def get_HTTP_methods(self, target):
        self.recon_methods.test_allowed_methods(target)
Example #9
0
class WebXploit():
    def __init__(self):
        self.target_url = ""
        self.target_port = ""
        self.target_host = ""
        self.logger = logger
        self.recon_headers = Headers()
        self.recon_cookies = Cookies()
        self.recon_methods = HTTPMethods()
        self.recon_others = Others()

        self.sql = Sql_injection()
        self.crlf = Crlf_injection()
        self.host = Host_injection()

        self.apache = Apache2_tests()
        self.wordpress = Wordpress()

        self.Print = Print()

    def parse_target(self, target):
        try:
            self.target_url = target
            flag = urlparse(target)
            self.target_host = flag.scheme + "://" + flag.netloc
            print("Target" + str(self.target_host))
            self.target_port = flag.port
        except Exception as e:
            self.logger.error_log(e)
        self.Print.printer(None, self.target_url, None)

    def launch(self):
        os.system("toilet -F metal WebXploit - Recon")

    def get_headers(self, target):
        self.recon_headers.execute_all_func(self.target_url)

    def get_cookies(self, target):
        self.recon_cookies.execute_all_func(target)

    def execute_random_vulns(self, target):
        self.recon_others.execute_all_func(target)

    def get_HTTP_methods(self, target):
        self.recon_methods.test_allowed_methods(target)
Example #10
0
class HTTPMethods():
    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()
        self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']

    def test_allowed_methods(self, target):
        for verb in self.verbs:
            try:
                req = requests.request(verb, target)
                print(verb, req.status_code, req.reason)
                if verb == 'TRACE' and 'TRACE / HTTP' in req.text:
                    self.Print.printer(1, "Cross Site Tracing found", None)
            except requests.exceptions.ConnectionError as e:
                print("CONNECT :: Connection error occured. Retry using https")
                self.logger.recon_log(e)
            except Exception as e:
                self.logger.recon_log(e)
                print("Error while testing allowed methords. Check recon log")
Example #11
0
class HTTPMethods():

    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()
        self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']

    def test_allowed_methods(self, target):
        for verb in self.verbs:
            try:
                req = requests.request(verb, target)
                print(verb, req.status_code, req.reason)
                if verb == 'TRACE' and 'TRACE / HTTP' in req.text:
                    self.Print.printer(1, "Cross Site Tracing found", None)
            except requests.exceptions.ConnectionError as e:
                print("CONNECT :: Connection error occured. Retry using https")
                self.logger.recon_log(e)
            except Exception as e:
                self.logger.recon_log(e)
                print("Error while testing allowed methords. Check recon log")
Example #12
0
class Cookies():
    """ """
    def __init__(self):
        self.cookies = ""
        self.Print = Print()
        self.logger = LoggingManager()

    def execute_all_func(self, target):
        self.get_cookies(target)
        self.base64_check(target)

    def get_cookies(self, target):
        data = ""
        try:
            req = requests.get(target)
            self.cookies = req.cookies.items()
        except Exception as e:
            print("Error occured while accessing cookies. Check recon log")
            self.logger.recon_log(e)
        for name, value in self.cookies:
            length = len(name)
            length = 25 - length
            data = data + name + ": ".rjust(length) + value
        self.Print.printer(0, "Cookies: ", data)

    def base64_check(self, target):
        for name, value in self.cookies:
            try:
                flag = base64.decodestring(
                    value.replace("%3D", "=").encode("ascii")).decode("cp437")
                length = len(name)
                length = 25 - length
                data = name + ": ".rjust(length) + flag
                self.Print.printer(0, "Base64 Encoded Cookies: (Attention!)",
                                   data)
            except binascii.Error as e:
                continue
Example #13
0
class Host_injection():
    def __init__(self):
        self.logger = LoggingManager()
        self.Print = Print()

    def host_header_inj(self, target):
        headers = {'Host': 'www.google.com'}
        header = {'X-Forwarded-Host': 'www.google.com'}
        check_host = "google.com"
        try:
            req = requests.get(target, headers=headers, allow_redirects=False)
            if req.status_code == 302 or req.status_code == 301:
                location = req.headers['Location']
                if check_host in location:
                    self.Print.printer(1, "Host Header injection", target,
                                       req.status_code)

            req = requests.get(target, headers=header, allow_redirects=False)
            if req.status_code == 302 or req.status_code == 301:
                location = req.headers['Location']
                if check_host in location:
                    self.Print.printer(1, "Host Header injection", target,
                                       req.status_code)

        except SSLError as e:
            self.Print.printer(-1,
                               "Host Header injection: Manual check needed",
                               target, req.status_code)

        except ConnectionError:
            self.Print.printer(-1, "Host Header injection: ConnectionError",
                               target, req.status_code)

        except Exception as e:
            self.logger.module_log(e)
            print("Error occured while checking host header injection. Check\
                  module log for details")
Example #14
0
class Host_injection():
    def __init__(self):
        self.logger = LoggingManager()
        self.Print = Print()

    def host_header_inj(self, target):
        headers = {'Host': 'www.google.com'}
        header = {'X-Forwarded-Host': 'www.google.com'}
        check_host = "google.com"
        try:
            req = requests.get(target, headers=headers, allow_redirects=False)
            if req.status_code == 302 or req.status_code == 301:
                location = req.headers['Location']
                if check_host in location:
                    self.Print.printer(1, "Host Header injection",
                                       target, req.status_code)

            req = requests.get(target, headers=header, allow_redirects=False)
            if req.status_code == 302 or req.status_code == 301:
                location = req.headers['Location']
                if check_host in location:
                    self.Print.printer(1, "Host Header injection",
                                       target, req.status_code)

        except SSLError as e:
            self.Print.printer(-1, "Host Header injection: Manual check needed",
                               target, req.status_code)

        except ConnectionError:
            self.Print.printer(-1, "Host Header injection: ConnectionError",
                               target, req.status_code)

        except Exception as e:
            self.logger.module_log(e)
            print("Error occured while checking host header injection. Check\
                  module log for details")
Example #15
0
class Headers():
    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()

    def execute_all_func(self, target):
        self.get_headers(target)
        self.check_headers(target)

    def get_headers(self, target):
        data = ""
        try:
            req = requests.head(target)
        except requests.exceptions.MissingSchema as e:
            print("Non valid URL. Please specify a valid URL.")
            self.logger.error_log(e)
            exit()
        except Exception as e:
            print("Error occured while accessing headers.Check recon log")
            self.logger.recon_log(e)
            exit()
        for name, value in req.headers.items():
            length = len(name)
            length = 50 - length
            data = data + name + ": ".rjust(length) + value + "\n"
        self.Print.printer(0, "Response Headers: ", data)

    def check_headers(self, target):
        req = requests.head(target)
        print("\n")
        self.Print.printer(0, "Response header Analysis: ", None)
        try:
            xssprotect = req.headers['X-XSS-Protection']
            if xssprotect != '1; mode=block':
                self.Print.printer(
                    0,
                    "X-XSS-Protection not set properly, XSS may be possible:",
                    xssprotect)
        except:
            self.Print.printer(
                0, "X-XSS-Protection not set, XSS may be possible", None)
        try:
            contenttype = req.headers['X-Content-Type-Options']
            if contenttype != 'nosniff':
                self.Print.printer(0,
                                   "X-Content-Type-Options not set properly:",
                                   contenttype)
        except:
            self.Print.printer(0, "X-Content-Type-Options not set", None)
        try:
            hsts = req.headers['Strict-Transport-Security']
        except:
            self.Print.printer(
                0, "HSTS header not set, MITM attacks may be possible", None)
        try:
            csp = req.headers['Content-Security-Policy']
            self.Print.printer(0, "Content-Security-Policy set: ", csp)
        except:
            self.Print.printer(0, "Content-Security-Policy missing", None)
Example #16
0
class Headers:
    def __init__(self):
        self.Print = Print()
        self.logger = LoggingManager()

    def execute_all_func(self, target):
        self.get_headers(target)
        self.check_headers(target)

    def get_headers(self, target):
        data = ""
        try:
            req = requests.head(target)
        except requests.exceptions.MissingSchema as e:
            print("Non valid URL. Please specify a valid URL.")
            self.logger.error_log(e)
            exit()
        except Exception as e:
            print("Error occured while accessing headers.Check recon log")
            self.logger.recon_log(e)
            exit()
        for name, value in req.headers.items():
            length = len(name)
            length = 50 - length
            data = data + name + ": ".rjust(length) + value + "\n"
        self.Print.printer(0, "Response Headers: ", data)

    def check_headers(self, target):
        req = requests.head(target)
        print("\n")
        self.Print.printer(0, "Response header Analysis: ", None)
        try:
            xssprotect = req.headers["X-XSS-Protection"]
            if xssprotect != "1; mode=block":
                self.Print.printer(0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect)
        except:
            self.Print.printer(0, "X-XSS-Protection not set, XSS may be possible", None)
        try:
            contenttype = req.headers["X-Content-Type-Options"]
            if contenttype != "nosniff":
                self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype)
        except:
            self.Print.printer(0, "X-Content-Type-Options not set", None)
        try:
            hsts = req.headers["Strict-Transport-Security"]
        except:
            self.Print.printer(0, "HSTS header not set, MITM attacks may be possible", None)
        try:
            csp = req.headers["Content-Security-Policy"]
            self.Print.printer(0, "Content-Security-Policy set: ", csp)
        except:
            self.Print.printer(0, "Content-Security-Policy missing", None)