def process(url, database, attack_list, txheaders):
appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>")
plop = open('results/sql_GrabberAttacks.xml','w')
plop.write("<sqlAttacks>\n")
appendToReport(url, '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">');
for u in database.keys():
appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>")
if len(database[u]['GET']):
print "Method = GET ", u
for gParam in database[u]['GET']:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
handle = getContent_GET(u,gParam,instance, txheaders)
if handle != None:
output = handle.read()
header = handle.info()
if detect_sql(output):
# generate the info...
plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection))
appendToReport(u, generateHTMLOutput(u, gParam, instance, "GET", typeOfInjection))
#see the permutations
if len(database[u]['GET'].keys()) > 1:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
url = ""
for gParam in database[u]['GET']:
url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
handle = getContentDirectURL_GET(u,url,txheaders)
if handle != None:
output = handle.read()
if detect_sql(output):
# generate the info...
plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
appendToReport(u, generateHTMLOutput(u, "ALL", url, "GET", typeOfInjection))
if len(database[u]['POST']):
print "Method = POST ", u
for gParam in database[u]['POST']:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
allParams = {}
for param in database[u]['POST']:
if param != gParam:
allParams[param] = 'abc'
allParams[gParam] = str(instance)
handle = getContentDirectURL_POST(u,allParams, txheaders)
if handle != None:
output = handle.read()
header = handle.info()
if detect_sql(output):
# generate the info...
plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection))
appendToReport(u, generateHTMLOutput(u, gParam, instance, "POST", typeOfInjection))
# see the permutations
if len(database[u]['POST'].keys()) > 1:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
allParams = {}
for gParam in database[u]['POST']:
allParams[gParam] = str(instance)
handle = getContentDirectURL_POST(u,allParams, txheaders)
if handle != None:
output = handle.read()
if detect_sql(output):
# generate the info...
plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams))
appendToReport(u, generateHTMLOutput(u, "All", instance, "POST", typeOfInjection))
plop.write("\n</sqlAttacks>\n")
appendToReport(url, "</div></div>")
plop.close()
return ""
# default to localhost ?
archives_url = "http://localhost"
if option_url:
archives_url = option_url
root = archives_url
createStructure()
depth = 1
generateReport(archives_url, False)
filename = "file:///Applications/XAMPP/xamppfiles/htdocs/grabber/results/report.html"
webbrowser.get('macosx').open(filename, 0, False)
definition_headers(option_cookie)
if option_cookie != None:
appendToReport(
archives_url, "<h4><div class='label label-default'>Cookie: " +
escape(option_cookie) + "</div></h4>")
try:
depth = int(option_spider.strip().split()[0])
except (ValueError, IndexError, AttributeError):
depth = 0
try:
try:
spider(archives_url, txheaders, depth)
except IOError, e:
print "Cannot open the url = %s" % archives_url
print e.strerror
sys.exit(1)
if len(database.keys()) < 1:
print "No information found!"
def process(url, database, attack_list, txheaders):
appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>")
plop = open('results/bsql_GrabberAttacks.xml','w')
plop.write("<bsqlAttacks>\n")
appendToReport(url, '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">');
for u in database.keys():
appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>")
if len(database[u]['GET']):
print "Method = GET ", u
# single parameter testing
for gParam in database[u]['GET']:
defaultValue = database[u]['GET'][gParam]
defaultReturn = getContent_GET(u,gParam,defaultValue, txheaders)
if defaultReturn == None:
continue
# get the AND statments
for andSQL in attack_list['AND']:
tmpError = getContent_GET(u,gParam,andSQL, txheaders)
if tmpError == None:
continue
if equal(defaultReturn.read(), tmpError.read()):
# dive here :)
basicError = getContent_GET(u,gParam,'', txheaders)
overflowErS = getContent_GET(u,gParam,overflowStr, txheaders)
if basicError == None or overflowErS == None:
continue
if equal(basicError.read(), overflowErS.read()):
for key in orderBSQL[orderBSQL['AND']]:
for instance in attack_list[key]:
tmpError = getContent_GET(u,gParam,instance, txheaders)
if tmpError == None:
continue
if equal(basicError.read(), tmpError.read()):
# should be an error
# print u,gParam,instance
plop.write(generateOutput(u,gParam,instance,"GET",key))
else:
# report a overflow possible error
#print u,gParam, "overflow"
plop.write(generateOutput(u,gParam,"99999...99999","GET","Overflow"))
"""
# see the permutations
if len(database[u]['GET'].keys()) > 1:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
url = ""
for gParam in database[u]['GET']:
url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
handle = getContentDirectURL_GET(u,url)
if handle != None:
output = handle.read()
if detect_sql(output):
# generate the info...
plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
"""
if len(database[u]['POST']):
print "Method = POST ", u
# single parameter testing
for gParam in database[u]['POST']:
defaultValue = database[u]['POST'][gParam]
defaultReturn = getContent_POST(u,gParam,defaultValue, txheaders)
if defaultReturn == None:
continue
# get the AND statments
for andSQL in attack_list['AND']:
tmpError = getContent_POST(u,gParam,andSQL, txheaders)
if tmpError == None:
continue
if equal(defaultReturn.read(), tmpError.read()):
# dive here :)
basicError = getContent_POST(u,gParam,'', txheaders)
overflowErS = getContent_POST(u,gParam,overflowStr, txheaders)
if basicError == None or overflowErS == None:
continue
if equal(basicError.read(), overflowErS.read()):
for key in orderBSQL[orderBSQL['AND']]:
for instance in attack_list[key]:
tmpError = getContent_POST(u,gParam,instance, txheaders)
if tmpError == None:
continue
if equal(basicError.read(), tmpError.read()):
# should be an error
plop.write(generateOutput(u,gParam,instance,"POST",key))
else:
# report a overflow possible error
plop.write(generateOutput(u,gParam,"99999...99999","POST","Overflow"))
plop.write("\n</bsqlAttacks>\n")
appendToReport(url, "</div></div>");
plop.close()
return ""
def process(url, database, attack_list, txheaders):
appendToReport(
url,
"<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>"
)
plop = open('results/sql_GrabberAttacks.xml', 'w')
plop.write("<sqlAttacks>\n")
appendToReport(
url,
'<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">'
)
for u in database.keys():
appendToReport(
u,
"<h4><div class='label label-default'><a target='_balnk' href='" +
u + "'>" + u + "</a></div></h4>")
if len(database[u]['GET']):
print "Method = GET ", u
for gParam in database[u]['GET']:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
handle = getContent_GET(u, gParam, instance, txheaders)
if handle != None:
output = handle.read()
header = handle.info()
if detect_sql(output):
# generate the info...
plop.write(
generateOutput(u, gParam, instance, "GET",
typeOfInjection))
appendToReport(
u,
generateHTMLOutput(u, gParam, instance,
"GET", typeOfInjection))
#see the permutations
if len(database[u]['GET'].keys()) > 1:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
url = ""
for gParam in database[u]['GET']:
url += ("%s=%s&" %
(gParam, single_urlencode(str(instance))))
handle = getContentDirectURL_GET(u, url, txheaders)
if handle != None:
output = handle.read()
if detect_sql(output):
# generate the info...
plop.write(
generateOutputLong(u, url, "GET",
typeOfInjection))
appendToReport(
u,
generateHTMLOutput(u, "ALL", url, "GET",
typeOfInjection))
if len(database[u]['POST']):
print "Method = POST ", u
for gParam in database[u]['POST']:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
allParams = {}
for param in database[u]['POST']:
if param != gParam:
allParams[param] = 'abc'
allParams[gParam] = str(instance)
handle = getContentDirectURL_POST(
u, allParams, txheaders)
if handle != None:
output = handle.read()
header = handle.info()
if detect_sql(output):
# generate the info...
plop.write(
generateOutput(u, gParam, instance, "POST",
typeOfInjection))
appendToReport(
u,
generateHTMLOutput(u, gParam, instance,
"POST",
typeOfInjection))
# see the permutations
if len(database[u]['POST'].keys()) > 1:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
allParams = {}
for gParam in database[u]['POST']:
allParams[gParam] = str(instance)
handle = getContentDirectURL_POST(u, allParams, txheaders)
if handle != None:
output = handle.read()
if detect_sql(output):
# generate the info...
plop.write(
generateOutputLong(u, url, "POST",
typeOfInjection, allParams))
appendToReport(
u,
generateHTMLOutput(u, "All", instance, "POST",
typeOfInjection))
plop.write("\n</sqlAttacks>\n")
appendToReport(url, "</div></div>")
plop.close()
return ""
def spider(entryUrl, headers, depth = 0):
print entryUrl
global root,outSpiderFile
global txheaders
txheaders = headers
"""
Retrieve every links
"""
if depth > 0:
root = makeRoot(entryUrl)
else:
root = entryUrl
# test if the spider has already be done on this website
try:
f = open("local/spiderSite.xml", 'r')
firstLine = f.readline()
f.close()
if firstLine.count(root) > 0:
alreadyScanned = True
else:
alreadyScanned = False
except IOError:
alreadyScanned = False
print "Start scanning...", root
appendToReport("Indexing - " + entryUrl, "", False)
if depth == 0:
scan(root)
else:
if not alreadyScanned:
outSpiderFile = open("local/spiderSite.xml","w")
outSpiderFile.write("<spider root='%s' depth='%d'>\n" % (root,depth) )
runSpiderScan(root, depth)
if len(dumb_params) > 0:
outSpiderFile.write("<dumb_parameters>\n")
for d in dumb_params:
outSpiderFile.write("\t<dumb>%s</dumb>\n" % (d))
outSpiderFile.write("</dumb_parameters>\n")
outSpiderFile.write("\n</spider>")
outSpiderFile.close()
else:
print "Loading the previous spider results from 'local/spiderSite.xml'"
# load the XML file
regUrl = re.compile(r'(.*)<entryURL>(.*)</entryURL>(.*)',re.I)
regDmb = re.compile(r'(.*)<dumb>(.*)</dumb>(.*)',re.I)
f = open("local/spiderSite.xml", 'r')
for l in f.readlines():
if regUrl.match(l):
out = regUrl.search(l)
url = out.group(2)
database_url.append(url)
if regDmb.match(l):
out = regDmb.search(l)
param = out.group(2)
dumb_params.append(param)
f.close()
# scan every url
for currentURL in database_url:
try:
archives_hDl = getContentDirectURL_GET(currentURL,'')
except IOError:
log <= ("IOError @ %s" % currentURL)
continue
try:
htmlContent= archives_hDl.read()
except IOError, e:
continue
except AttributeError, e:
continue
parseHtmlParams(currentURL,htmlContent)
def process(url, database, attack_list, txheaders):
appendToReport(
url,
"<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>"
)
plop = open('results/bsql_GrabberAttacks.xml', 'w')
plop.write("<bsqlAttacks>\n")
appendToReport(
url,
'<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">'
)
for u in database.keys():
appendToReport(
u,
"<h4><div class='label label-default'><a target='_balnk' href='" +
u + "'>" + u + "</a></div></h4>")
if len(database[u]['GET']):
print "Method = GET ", u
# single parameter testing
for gParam in database[u]['GET']:
defaultValue = database[u]['GET'][gParam]
defaultReturn = getContent_GET(u, gParam, defaultValue,
txheaders)
if defaultReturn == None:
continue
# get the AND statments
for andSQL in attack_list['AND']:
tmpError = getContent_GET(u, gParam, andSQL, txheaders)
if tmpError == None:
continue
if equal(defaultReturn.read(), tmpError.read()):
# dive here :)
basicError = getContent_GET(u, gParam, '', txheaders)
overflowErS = getContent_GET(u, gParam, overflowStr,
txheaders)
if basicError == None or overflowErS == None:
continue
if equal(basicError.read(), overflowErS.read()):
for key in orderBSQL[orderBSQL['AND']]:
for instance in attack_list[key]:
tmpError = getContent_GET(
u, gParam, instance, txheaders)
if tmpError == None:
continue
if equal(basicError.read(),
tmpError.read()):
# should be an error
# print u,gParam,instance
plop.write(
generateOutput(
u, gParam, instance, "GET",
key))
else:
# report a overflow possible error
#print u,gParam, "overflow"
plop.write(
generateOutput(u, gParam, "99999...99999",
"GET", "Overflow"))
"""
# see the permutations
if len(database[u]['GET'].keys()) > 1:
for typeOfInjection in attack_list:
for instance in attack_list[typeOfInjection]:
url = ""
for gParam in database[u]['GET']:
url += ("%s=%s&" % (gParam, single_urlencode(str(instance))))
handle = getContentDirectURL_GET(u,url)
if handle != None:
output = handle.read()
if detect_sql(output):
# generate the info...
plop.write(generateOutputLong(u,url,"GET",typeOfInjection))
"""
if len(database[u]['POST']):
print "Method = POST ", u
# single parameter testing
for gParam in database[u]['POST']:
defaultValue = database[u]['POST'][gParam]
defaultReturn = getContent_POST(u, gParam, defaultValue,
txheaders)
if defaultReturn == None:
continue
# get the AND statments
for andSQL in attack_list['AND']:
tmpError = getContent_POST(u, gParam, andSQL, txheaders)
if tmpError == None:
continue
if equal(defaultReturn.read(), tmpError.read()):
# dive here :)
basicError = getContent_POST(u, gParam, '', txheaders)
overflowErS = getContent_POST(u, gParam, overflowStr,
txheaders)
if basicError == None or overflowErS == None:
continue
if equal(basicError.read(), overflowErS.read()):
for key in orderBSQL[orderBSQL['AND']]:
for instance in attack_list[key]:
tmpError = getContent_POST(
u, gParam, instance, txheaders)
if tmpError == None:
continue
if equal(basicError.read(),
tmpError.read()):
# should be an error
plop.write(
generateOutput(
u, gParam, instance, "POST",
key))
else:
# report a overflow possible error
plop.write(
generateOutput(u, gParam, "99999...99999",
"POST", "Overflow"))
plop.write("\n</bsqlAttacks>\n")
appendToReport(url, "</div></div>")
plop.close()
return ""
def spider(entryUrl, headers, depth=0):
print entryUrl
global root, outSpiderFile
global txheaders
txheaders = headers
"""
Retrieve every links
"""
if depth > 0:
root = makeRoot(entryUrl)
else:
root = entryUrl
# test if the spider has already be done on this website
try:
f = open("local/spiderSite.xml", 'r')
firstLine = f.readline()
f.close()
if firstLine.count(root) > 0:
alreadyScanned = True
else:
alreadyScanned = False
except IOError:
alreadyScanned = False
print "Start scanning...", root
appendToReport("Indexing - " + entryUrl, "", False)
if depth == 0:
scan(root)
else:
if not alreadyScanned:
outSpiderFile = open("local/spiderSite.xml", "w")
outSpiderFile.write("<spider root='%s' depth='%d'>\n" %
(root, depth))
runSpiderScan(root, depth)
if len(dumb_params) > 0:
outSpiderFile.write("<dumb_parameters>\n")
for d in dumb_params:
outSpiderFile.write("\t<dumb>%s</dumb>\n" % (d))
outSpiderFile.write("</dumb_parameters>\n")
outSpiderFile.write("\n</spider>")
outSpiderFile.close()
else:
print "Loading the previous spider results from 'local/spiderSite.xml'"
# load the XML file
regUrl = re.compile(r'(.*)<entryURL>(.*)</entryURL>(.*)', re.I)
regDmb = re.compile(r'(.*)<dumb>(.*)</dumb>(.*)', re.I)
f = open("local/spiderSite.xml", 'r')
for l in f.readlines():
if regUrl.match(l):
out = regUrl.search(l)
url = out.group(2)
database_url.append(url)
if regDmb.match(l):
out = regDmb.search(l)
param = out.group(2)
dumb_params.append(param)
f.close()
# scan every url
for currentURL in database_url:
try:
archives_hDl = getContentDirectURL_GET(currentURL, '')
except IOError:
log <= ("IOError @ %s" % currentURL)
continue
try:
htmlContent = archives_hDl.read()
except IOError, e:
continue
except AttributeError, e:
continue
parseHtmlParams(currentURL, htmlContent)
# default to localhost ?
archives_url = "http://localhost"
if option_url:
archives_url = option_url
root = archives_url
createStructure()
depth = 1
generateReport(archives_url, False)
filename = "file:///Applications/XAMPP/xamppfiles/htdocs/grabber/results/report.html"
webbrowser.get("macosx").open(filename, 0, False)
definition_headers(option_cookie)
if option_cookie != None:
appendToReport(
archives_url, "<h4><div class='label label-default'>Cookie: " + escape(option_cookie) + "</div></h4>"
)
try:
depth = int(option_spider.strip().split()[0])
except (ValueError, IndexError, AttributeError):
depth = 0
try:
try:
spider(archives_url, txheaders, depth)
except IOError, e:
print "Cannot open the url = %s" % archives_url
print e.strerror
sys.exit(1)
if len(database.keys()) < 1:
print "No information found!"
