Example #1
0
 def __init__(self, HTTP, reportGen):
     self.HTTP = HTTP
     self.logVuln = reportGen.logVulnerability
     self.logAnom = reportGen.logAnomaly
     self.auxText = AuxText()
     self.attackedGET = []
     self.attackedPOST = []
Example #2
0
 def __init__(self,HTTP,reportGen):
     self.HTTP = HTTP
     self.reportGen = reportGen
     self.auxText = AuxText()
Example #3
0
class Attack:
    """
    This class represents an attack, it must be extended
    for any class which implements a new type of attack
    """
    verbose = 0
    color   = 0

    name = "attack"
    
    reportGen = None
    HTTP      = None
    auxText   = None

    doGET = True
    doPOST = True

    # List of modules (strs) that must be launched before the current module
    # Must be defined in the code of the module
    require = []
    # List of modules (objects) that must be launched before the current module
    # Must be left empty in the code
    deps = []
    
    # List of attack's url already launched in the current module
    attackedGET  = []
    attackedPOST = []

    vulnerableGET  = []
    vulnerablePOST = []

    CONFIG_DIR = ""
    if os.path.isdir("/usr/local/share/doc/packages/wapiti"):
        CONFIG_DIR = "/usr/local/share/doc/packages/wapiti/config/attacks"
    else:
      BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__),'../..'))
      CONFIG_DIR = BASE_DIR + "/" + "config/attacks"

    # Color codes
    STD = "\033[0;0m"
    RED = "\033[1;31m"
    YELLOW = "\033[1;33m"
    CYAN = "\033[1;36m"
    GB = "\033[0;30m\033[47m"

    allowed = ['php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm',
              'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm',
              'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm',
              'cfml', 'py']

    # The priority of the module, from 0 (first) to 10 (last). Default is 5
    PRIORITY = 5
    
    def __init__(self,HTTP,reportGen):
        self.HTTP = HTTP
        self.reportGen = reportGen
        self.auxText = AuxText()

    def setVerbose(self,verbose):
        self.verbose = verbose

    def setColor(self):
        self.color = 1
        
    def loadPayloads(self,fileName):
        """This method loads the payloads for an attack from the specified file"""
        return self.auxText.readLines(fileName)

    def attackGET(self, page, dict, headers = {}):
      return

    def attackPOST(self, form):
      return

    def loadRequire(self, obj = []):
      self.deps = obj

    def attack(self, urls, forms):
      if self.doGET == True:
        for url, headers in urls.items():
          dictio = {}
          params = []
          page = url

          if url.find("?") >= 0:
            page = url.split('?')[0]
            query = url.split('?')[1]
            params = query.split('&')
            if query.find("=") >= 0:
              for param in params:
                dictio[param.split('=')[0]] = param.split('=')[1]

          if self.verbose == 1:
            print "+ " + _("attackGET") + " "+url
            if params != []:
              print "  ", params

          try:
            self.attackGET(page, dictio, headers)
          except socket.error, se:
            print 'error: %s while attacking %s' % (repr(str(se[1])), url)

      if self.doPOST == True:
        for form in forms:
          if form[1] != {}:
            self.attackPOST(form)
Example #4
0
class Attack:
    """
    This class represents an attack, it must be extended
    for any class which implements a new type of attack
    """
    verbose = 0
    color = 0

    name = "attack"

    logVuln = None
    logAnom = None
    HTTP = None
    auxText = None

    doGET = True
    doPOST = True

    # List of modules (strs) that must be launched before the current module
    # Must be defined in the code of the module
    require = []
    # List of modules (objects) that must be launched before the current module
    # Must be left empty in the code
    deps = []

    # List of attack's url already launched in the current module
    attackedGET = []
    attackedPOST = []

    vulnerableGET = []
    vulnerablePOST = []

    CONFIG_DIR = ""
    if os.path.isdir("/usr/local/share/doc/packages/wapiti"):
        CONFIG_DIR = "/usr/local/share/doc/packages/wapiti/config/attacks"
    else:
        BASE_DIR = os.path.normpath(
            os.path.join(os.path.abspath(__file__), '../..'))
        CONFIG_DIR = BASE_DIR + "/" + "config/attacks"

    # Color codes
    STD = "\033[0;0m"
    RED = "\033[0;31m"
    GREEN = "\033[0;32m"
    ORANGE = "\033[0;33m"
    YELLOW = "\033[1;33m"
    BLUE = "\033[1;34m"
    MAGENTA = "\033[0;35m"
    CYAN = "\033[0;36m"
    GB = "\033[0;30m\033[47m"

    allowed = [
        'php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx',
        'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml',
        'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py'
    ]

    # The priority of the module, from 0 (first) to 10 (last). Default is 5
    PRIORITY = 5

    def __init__(self, HTTP, reportGen):
        self.HTTP = HTTP
        self.logVuln = reportGen.logVulnerability
        self.logAnom = reportGen.logAnomaly
        self.auxText = AuxText()
        self.attackedGET = []
        self.attackedPOST = []

    def setVerbose(self, verbose):
        self.verbose = verbose

    def setColor(self):
        self.color = 1

    def loadPayloads(self, fileName):
        """Load the payloads from the specified file"""
        return self.auxText.readLines(fileName)

    def attackGET(self, page, params_list, headers={}):
        return

    def attackPOST(self, form):
        return

    def loadRequire(self, obj=[]):
        self.deps = obj

    def log(self, fmt_string, *args):
        if len(args) == 0:
            print(fmt_string)
        else:
            print(fmt_string.format(*args))
        if self.color:
            sys.stdout.write(self.STD)

    def logR(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.RED)
        self.log(fmt_string, *args)

    def logG(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.GREEN)
        self.log(fmt_string, *args)

    def logY(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.YELLOW)
        self.log(fmt_string, *args)

    def logC(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.CYAN)
        self.log(fmt_string, *args)

    def logW(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.GB)
        self.log(fmt_string, *args)

    def logM(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.MAGENTA)
        self.log(fmt_string, *args)

    def logB(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.BLUE)
        self.log(fmt_string, *args)

    def logO(self, fmt_string, *args):
        if self.color:
            sys.stdout.write(self.ORANGE)
        self.log(fmt_string, *args)

    def attack(self, http_resources, forms):
        if self.doGET is True:
            for http_res in http_resources:
                url = http_res.url

                if self.verbose == 1:
                    self.log(_("+ attackGET {0}"), url)

                try:
                    self.attackGET(http_res)
                except socket.error, se:
                    self.log(_('error: {0} while attacking {1}'),
                             repr(str(se[0])), url)
                except requests.exceptions.Timeout:
                    self.log(_('error: timeout while attacking {0}'), url)
Example #5
0
 def __init__(self, HTTP):
     self.HTTP = HTTP
     #self.reportGen = reportGen
     self.auxText = AuxText()
Example #6
0
class Attack_XSS(object):
    """
    This class represents an attack, it must be extended
    for any class which implements a new type of attack
    """
    verbose = 0
    color = 0

    name = "attack"

    reportGen = None
    HTTP = None
    auxText = None

    doGET = True
    doPOST = True

    require = []

    deps = []

    attackedGET = []
    attackedPOST = []

    vulnerableGET = []
    vulnerablePOST = []

    CONFIG_DIR_NAME = "config/attacks"
    BASE_DIR = os.path.normpath(
        os.path.join(os.path.abspath(__file__), '../..'))
    CONFIG_DIR = BASE_DIR + "/" + CONFIG_DIR_NAME

    # Color codes
    STD = "\033[0;0m"
    RED = "\033[1;31m"
    YELLOW = "\033[1;33m"
    CYAN = "\033[1;36m"
    GB = "\033[0;30m\033[47m"

    allowed = [
        'php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx',
        'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml',
        'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py'
    ]

    PRIORITY = 5

    def __init__(self, HTTP):
        self.HTTP = HTTP
        #self.reportGen = reportGen
        self.auxText = AuxText()

    def setVerbose(self, verbose):
        self.verbose = verbose

    def setColor(self):
        self.color = 1

    def loadPayloads(self, fileName):
        """This method loads the payloads for an attack from the specified file"""
        return self.auxText.readLines(fileName)

    def attackGET(self, page, dict, headers={}):
        return

    def attackPOST(self, form):
        return

    def loadRequire(self, obj=[]):
        self.deps = obj

    def attack(self, urls, forms):
        tmp = []
        if self.doGET == True:
            for url, headers in urls.items():
                dictio = {}
                params = []
                page = url

                if url.find("?") >= 0:
                    page = url.split('?')[0]
                    query = url.split('?')[1]
                    params = query.split('&')
                    if query.find("=") >= 0:
                        for param in params:
                            dictio[param.split('=')[0]] = param.split('=')[1]

                if self.verbose == 1:
                    print "+ " + _("attackGET") + " " + url
                    if params != []:
                        print "  ", params
                #start
                xss = mod_xss(self.HTTP)
                xss.attackGET(page, dictio, headers)

                tmp.append(xss.forPerXSSGET())

        if self.doPOST == True:
            for form in forms:
                if form[1] != {}:
                    xss = mod_xss(self.HTTP)
                    xss.attackPOST(form)

                    tmp.append(xss.forPerXSSPOST())

        #print tmp[0].keys()
        return tmp
Example #7
0
class Attack_permanentXSS(object):
    """
    This class represents an attack, it must be extended
    for any class which implements a new type of attack
    """

    verbose = 0
    color = 0

    name = "attack"

    reportGen = None
    HTTP = None
    auxText = None

    doGET = True
    doPOST = True

    # List of modules (strs) that must be launched before the current module
    # Must be defined in the code of the module
    require = []
    # List of modules (objects) that must be launched before the current module
    # Must be left empty in the code
    deps = []

    # List of attack's url already launched in the current module
    attackedGET = []
    attackedPOST = []

    vulnerableGET = []
    vulnerablePOST = []

    CONFIG_DIR_NAME = "config/attacks"
    BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__), "../.."))
    CONFIG_DIR = BASE_DIR + "/" + CONFIG_DIR_NAME

    # Color codes
    STD = "\033[0;0m"
    RED = "\033[1;31m"
    YELLOW = "\033[1;33m"
    CYAN = "\033[1;36m"
    GB = "\033[0;30m\033[47m"

    allowed = [
        "php",
        "html",
        "htm",
        "xml",
        "xhtml",
        "xht",
        "xhtm",
        "asp",
        "aspx",
        "php3",
        "php4",
        "php5",
        "txt",
        "shtm",
        "shtml",
        "phtm",
        "phtml",
        "jhtml",
        "pl",
        "jsp",
        "cfm",
        "cfml",
        "py",
    ]

    # The priority of the module, from 0 (first) to 10 (last). Default is 5
    PRIORITY = 5

    def __init__(self, HTTP):
        self.HTTP = HTTP
        # self.reportGen = reportGen
        self.auxText = AuxText()

    def setVerbose(self, verbose):
        self.verbose = verbose

    def setColor(self):
        self.color = 1

    def loadPayloads(self, fileName):
        """This method loads the payloads for an attack from the specified file"""
        return self.auxText.readLines(fileName)

    def attackGET(self, page, dict, headers={}):
        return

    def attackPOST(self, form):
        return

    def loadRequire(self, obj=[]):
        self.deps = obj

    def attack_p(self, urls, forms, tmp):
        p_xss = mod_permanentxss(self.HTTP)
        p_xss.set_XSS(tmp)
        p_xss.attack(urls, forms)

    def attack(self, urls, forms):

        if self.doGET == True:
            for url, headers in urls.items():
                dictio = {}
                params = []
                page = url

                if url.find("?") >= 0:
                    page = url.split("?")[0]
                    query = url.split("?")[1]
                    params = query.split("&")
                    if query.find("=") >= 0:
                        for param in params:
                            dictio[param.split("=")[0]] = param.split("=")[1]

                if self.verbose == 1:
                    print "+ " + _("attackGET") + " " + url
                    if params != []:
                        print "  ", params

                self.attackGET(page, dictio, headers)

        if self.doPOST == True:
            for form in forms:
                if form[1] != {}:
                    self.attackPOST(form)
Example #8
0
class Attack_permanentXSS(object):
    verbose = 0
    color   = 0

    name = "attack"
    
    reportGen = None
    HTTP      = None
    auxText   = None

    doGET = True
    doPOST = True


    require = []

    deps = []

    attackedGET  = []
    attackedPOST = []

    vulnerableGET  = []
    vulnerablePOST = []

    CONFIG_DIR_NAME = "config/attacks"
    BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__),'../..'))
    CONFIG_DIR = BASE_DIR+"/"+CONFIG_DIR_NAME

    # Color codes
    STD = "\033[0;0m"
    RED = "\033[1;31m"
    YELLOW = "\033[1;33m"
    CYAN = "\033[1;36m"
    GB = "\033[0;30m\033[47m"

    allowed = ['php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm',
              'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm',
              'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm',
              'cfml', 'py']

    # The priority of the module, from 0 (first) to 10 (last). Default is 5
    PRIORITY = 5
    
    def __init__(self,HTTP):
        self.HTTP = HTTP
        #self.reportGen = reportGen
        self.auxText = AuxText()

    def setVerbose(self,verbose):
        self.verbose = verbose

    def setColor(self):
        self.color = 1
        
    def loadPayloads(self,fileName):
        """This method loads the payloads for an attack from the specified file"""
        return self.auxText.readLines(fileName)

    def attackGET(self, page, dict, headers = {}):
      return

    def attackPOST(self, form):
      return

    def loadRequire(self, obj = []):
      self.deps = obj
      
    def attack_p(self, urls, forms, tmp):
      p_xss = mod_permanentxss(self.HTTP)
      p_xss.set_XSS(tmp)
      p_xss.attack(urls, forms)
        

    def attack(self, urls, forms):
        
      if self.doGET == True:
        for url, headers in urls.items():
          dictio = {}
          params = []
          page = url

          if url.find("?") >= 0:
            page = url.split('?')[0]
            query = url.split('?')[1]
            params = query.split('&')
            if query.find("=") >= 0:
              for param in params:
                dictio[param.split('=')[0]] = param.split('=')[1]

          if self.verbose == 1:
            print "+ " + _("attackGET") + " "+url
            if params != []:
              print "  ", params

          self.attackGET(page, dictio, headers)

      if self.doPOST == True:
        for form in forms:
          if form[1] != {}:
            self.attackPOST(form)
Example #9
0
class Attack_XSS(object):
    """
    This class represents an attack, it must be extended
    for any class which implements a new type of attack
    """

    verbose = 0
    color = 0

    name = "attack"

    reportGen = None
    HTTP = None
    auxText = None

    doGET = True
    doPOST = True

    require = []

    deps = []

    attackedGET = []
    attackedPOST = []

    vulnerableGET = []
    vulnerablePOST = []

    CONFIG_DIR_NAME = "config/attacks"
    BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__), "../.."))
    CONFIG_DIR = BASE_DIR + "/" + CONFIG_DIR_NAME

    # Color codes
    STD = "\033[0;0m"
    RED = "\033[1;31m"
    YELLOW = "\033[1;33m"
    CYAN = "\033[1;36m"
    GB = "\033[0;30m\033[47m"

    allowed = [
        "php",
        "html",
        "htm",
        "xml",
        "xhtml",
        "xht",
        "xhtm",
        "asp",
        "aspx",
        "php3",
        "php4",
        "php5",
        "txt",
        "shtm",
        "shtml",
        "phtm",
        "phtml",
        "jhtml",
        "pl",
        "jsp",
        "cfm",
        "cfml",
        "py",
    ]

    PRIORITY = 5

    def __init__(self, HTTP):
        self.HTTP = HTTP
        # self.reportGen = reportGen
        self.auxText = AuxText()

    def setVerbose(self, verbose):
        self.verbose = verbose

    def setColor(self):
        self.color = 1

    def loadPayloads(self, fileName):
        """This method loads the payloads for an attack from the specified file"""
        return self.auxText.readLines(fileName)

    def attackGET(self, page, dict, headers={}):
        return

    def attackPOST(self, form):
        return

    def loadRequire(self, obj=[]):
        self.deps = obj

    def attack(self, urls, forms):
        tmp = []
        if self.doGET == True:
            for url, headers in urls.items():
                dictio = {}
                params = []
                page = url

                if url.find("?") >= 0:
                    page = url.split("?")[0]
                    query = url.split("?")[1]
                    params = query.split("&")
                    if query.find("=") >= 0:
                        for param in params:
                            dictio[param.split("=")[0]] = param.split("=")[1]

                if self.verbose == 1:
                    print "+ " + _("attackGET") + " " + url
                    if params != []:
                        print "  ", params
                # start
                xss = mod_xss(self.HTTP)
                xss.attackGET(page, dictio, headers)

                tmp.append(xss.forPerXSSGET())

        if self.doPOST == True:
            for form in forms:
                if form[1] != {}:
                    xss = mod_xss(self.HTTP)
                    xss.attackPOST(form)

                    tmp.append(xss.forPerXSSPOST())

        # print tmp[0].keys()
        return tmp