#Grab the value of parameter. if settings.IS_JSON: #Grab the value of parameter. value = re.findall(r'\"(.*)\"', parameter) value = ''.join(value) if value != settings.INJECT_TAG: value = re.findall(r'\s*\:\s*\"(.*)\"', parameter) value = ''.join(value) elif settings.IS_XML: #Grab the value of parameter. value = re.findall(r'>(.*)</', parameter) value = ''.join(value) else: _ = [] _.append(parameter) parameter = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameter) value = ''.join(value) if checks.is_empty(multi_parameters, http_request_method): return parameter else: # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) if len(value) == 0: if settings.IS_JSON: parameter = parameter.replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") else: parameter = parameter + settings.INJECT_TAG else: parameter = parameter.replace(value, inject_value)
def do_GET_check(url, http_request_method): # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. url = checks.wildcard_character(url) # Check for REST-ful URLs format. if "?" not in url: if settings.INJECT_TAG not in url and not menu.options.shellshock: if menu.options.level == 3 or menu.options.header or menu.options.headers: return False if menu.options.level == 2: return False else: err_msg = "No parameter(s) found for testing in the provided data. " err_msg += "You must specify the testable parameter or " err_msg += "try to increase '--level' values to perform more tests." print(settings.print_critical_msg(err_msg)) raise SystemExit() elif menu.options.shellshock: return False return [url] else: urls_list = [] if menu.options.shellshock: urls_list.append(url) else: # Find the host part url_part = get_url_part(url) # Find the parameter part parameters = url.split("?")[1] # Split parameters multi_parameters = parameters.split(settings.PARAMETER_DELIMITER) # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s ]) != (len(multi_parameters)): checks.inappropriate_format(multi_parameters) # Check for empty values (in provided parameters). if checks.is_empty(multi_parameters, http_request_method): return urls_list # Grab the value of parameter. _ = [] _.append(parameters) parameters = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameters) value = ''.join(value) # Check if single parameter is supplied. if len(multi_parameters) == 1: if re.search(settings.VALUE_BOUNDARIES, value): value = checks.value_boundaries(value) # Replace the value of parameter with INJECT_HERE tag # Check if defined the INJECT_TAG if settings.INJECT_TAG not in parameters: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(parameters): return urls_list if len(value) == 0: parameters = parameters + settings.INJECT_TAG else: parameters = parameters.replace( value, value + settings.INJECT_TAG) else: # Auto-recognize prefix / suffix if settings.INJECT_TAG in value: if len(value.rsplit(settings.INJECT_TAG, 0)[0]) > 0: menu.options.prefix = value.rsplit( settings.INJECT_TAG, 1)[0] if len(value.rsplit(settings.INJECT_TAG, 1)[1]) > 0: menu.options.suffix = value.rsplit( settings.INJECT_TAG, 1)[1] parameters = parameters.replace( value, value + settings.INJECT_TAG) # Reconstruct the URL url = url_part + "?" + parameters urls_list.append(url) return urls_list else: # Check if multiple parameters are supplied without the "INJECT_HERE" tag. all_params = settings.PARAMETER_DELIMITER.join( multi_parameters) all_params = all_params.split(settings.PARAMETER_DELIMITER) # Check for similarity in provided parameter name and value. all_params = checks.check_similarities(all_params) # Check if defined the "INJECT_HERE" tag if settings.INJECT_TAG not in url: for param in range(0, len(all_params)): if param == 0: old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else: old = value # Grab the value of parameter. value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(all_params[param]): continue if re.search(settings.VALUE_BOUNDARIES, value): value = checks.value_boundaries(value) # Replace the value of parameter with INJECT_HERE tag # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) != 0: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace( settings.INJECT_TAG, "") parameter = settings.PARAMETER_DELIMITER.join( all_params) # Reconstruct the URL url = url_part + "?" + parameter urls_list.append(url) else: if len(value) == 0: all_params[param] = all_params[ param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") parameter = settings.PARAMETER_DELIMITER.join( all_params) # Reconstruct the URL url = url_part + "?" + parameter url = url.replace(settings.RANDOM_TAG, "") urls_list.append(url) else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) parameter = settings.PARAMETER_DELIMITER.join( multi_parameters) # Reconstruct the URL url = url_part + "?" + parameter urls_list.append(url) return urls_list
def do_POST_check(parameter, http_request_method): # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'", "\"") # Check if JSON Object. if checks.is_JSON_check(checks.check_quotes_json_data(parameter)): parameter = checks.check_quotes_json_data(parameter) if not settings.IS_JSON: checks.process_json_data() settings.PARAMETER_DELIMITER = "," # Check if XML Object. elif checks.is_XML_check(parameter): if not settings.IS_XML: checks.process_xml_data() settings.PARAMETER_DELIMITER = "" else: pass parameters_list = [] # Split multiple parameters if settings.IS_XML: parameter = re.sub(r">\s*<", '>\n<', parameter).replace("\\n", "\n") _ = [] parameters = re.findall(r'(.*)', parameter) parameters = [param + "\n" for param in parameters if param] for value in range(0, len(parameters)): _.append(parameters[value]) multi_parameters = _ else: try: multi_parameters = parameter.split(settings.PARAMETER_DELIMITER) multi_parameters = [x for x in multi_parameters if x] except ValueError as err_msg: print(settings.print_critical_msg(err_msg)) raise SystemExit() # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)) and \ not settings.IS_JSON and \ not settings.IS_XML: checks.inappropriate_format(multi_parameters) # Check if single parameter is supplied. if len(multi_parameters) == 1: # Grab the value of parameter. if settings.IS_JSON: # Grab the value of parameter. value = re.findall(r'\"(.*)\"', parameter) value = ''.join(value) if value != settings.INJECT_TAG: value = re.findall(r'\s*\:\s*\"(.*)\"', parameter) value = ''.join(value) elif settings.IS_XML: # Grab the value of parameter. value = re.findall(r'>(.*)</', parameter) value = ''.join(value) else: _ = [] _.append(parameter) parameter = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameter) value = ''.join(value) if checks.is_empty(multi_parameters, http_request_method): return parameter else: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(parameter): return parameter if re.search(settings.VALUE_BOUNDARIES, value): value = checks.value_boundaries(value) # Replace the value of parameter with INJECT_HERE tag if len(value) == 0: if settings.IS_JSON: parameter = parameter.replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") else: parameter = parameter + settings.INJECT_TAG else: parameter = parameter.replace(value, value + settings.INJECT_TAG) return parameter else: # Check if multiple parameters are supplied without the "INJECT_HERE" tag. if settings.IS_XML: all_params = multi_parameters else: all_params = settings.PARAMETER_DELIMITER.join(multi_parameters) # Check for similarity in provided parameter name and value. all_params = all_params.split(settings.PARAMETER_DELIMITER) all_params = checks.check_similarities(all_params) # Check if not defined the "INJECT_HERE" tag in parameter if settings.INJECT_TAG not in parameter: if checks.is_empty(multi_parameters, http_request_method): return parameter for param in range(0, len(all_params)): if param == 0: if settings.IS_JSON: old = re.findall(r'\:(.*)', all_params[param]) old = re.sub(settings.IGNORE_SPECIAL_CHAR_REGEX, '', ''.join(old)) elif settings.IS_XML: old = re.findall(r'>(.*)</', all_params[param]) old = ''.join(old) else: old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else: old = value if settings.IS_JSON: value = re.findall(r'\:(.*)', all_params[param]) if re.findall(r'\\"(.*)\\"', value[0]): value = re.findall(r'\\"(.*)\\"', value[0]) value = re.sub(settings.IGNORE_SPECIAL_CHAR_REGEX, '', ''.join(value)) elif settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(all_params[param]): continue if re.search(settings.VALUE_BOUNDARIES, value): value = checks.value_boundaries(value) # Replace the value of parameter with INJECT_HERE tag # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) != 0: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") parameter = settings.PARAMETER_DELIMITER.join( all_params) else: if len(value) == 0: if settings.IS_JSON: all_params[param] = all_params[param].replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") elif settings.IS_XML: all_params[param] = all_params[param].replace( "></", ">" + settings.INJECT_TAG + "</") else: all_params[param] = all_params[ param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace( value, value + settings.INJECT_TAG) all_params[param - 1] = all_params[param - 1].replace( value, "").replace(settings.INJECT_TAG, "") parameter = settings.PARAMETER_DELIMITER.join(all_params) parameter = parameter.replace(settings.RANDOM_TAG, "") parameters_list.append(parameter) parameter = parameters_list else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. if settings.IS_JSON: value = re.findall(r'\"(.*)\"', multi_parameters[param]) value = ''.join(value) if settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) parameter = settings.PARAMETER_DELIMITER.join(multi_parameters) return parameter
def do_POST_check(parameter): http_request_method = "POST" # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. parameter = checks.wildcard_character(parameter).replace("'", "\"") # Check if JSON Object. if checks.is_JSON_check(parameter): if not settings.IS_JSON: checks.process_json_data() settings.PARAMETER_DELIMITER = "," # Check if XML Object. elif checks.is_XML_check(parameter): if not settings.IS_XML: checks.process_xml_data() settings.PARAMETER_DELIMITER = "" else: pass parameters_list = [] # Split multiple parameters if settings.IS_XML: _ = [] if re.findall(settings.XML_VERSION_ENCODING, parameter): root_tag = re.findall(settings.XML_VERSION_ENCODING, parameter) _.append(root_tag[0][0]) parameters = re.findall(settings.XML_FULL_DATA_EXTRACT, parameter.replace(" ", "")) xml_child_values = re.findall(settings.XML_DATA_EXTRACT, parameter.replace("><", "> <")) parameters = [x for xs in parameters for x in xs] for i in range(0, len(parameters)): if re.findall(settings.XML_DATA_EXTRACT, parameters[i]): for value in range(0, len(xml_child_values)): _.append("<" + xml_child_values[value][0] + ">" + \ xml_child_values[value][1] + "<" + \ xml_child_values[value][2] + ">" ) else: _.append("<" + parameters[i] + ">") multi_parameters = _ else: multi_parameters = parameter.split(settings.PARAMETER_DELIMITER) # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)) and \ not settings.IS_JSON and \ not settings.IS_XML: checks.inappropriate_format(multi_parameters) # Check for empty values (in provided parameters). # Check if single parameter is supplied. if len(multi_parameters) == 1: #Grab the value of parameter. if settings.IS_JSON: #Grab the value of parameter. value = re.findall(r'\"(.*)\"', parameter) value = ''.join(value) if value != settings.INJECT_TAG: value = re.findall(r'\s*\:\s*\"(.*)\"', parameter) value = ''.join(value) elif settings.IS_XML: #Grab the value of parameter. value = re.findall(r'>(.*)</', parameter) value = ''.join(value) else: value = re.findall(r'=(.*)', parameter) value = ''.join(value) if checks.is_empty(multi_parameters, http_request_method): return parameter else: # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) if len(value) == 0: if settings.IS_JSON: parameter = parameter.replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") else: parameter = parameter + settings.INJECT_TAG else: parameter = parameter.replace(value, inject_value) return parameter else: # Check if multiple parameters are supplied without the "INJECT_HERE" tag. if settings.IS_XML: all_params = multi_parameters else: all_params = settings.PARAMETER_DELIMITER.join(multi_parameters) # Check for similarity in provided parameter name and value. all_params = all_params.split(settings.PARAMETER_DELIMITER) all_params = checks.check_similarities(all_params) # Check if not defined the "INJECT_HERE" tag in parameter if settings.INJECT_TAG not in parameter: checks.is_empty(multi_parameters, http_request_method) for param in range(0, len(all_params)): if param == 0: if settings.IS_JSON: old = re.findall(r'\:\"(.*)\"', all_params[param]) old = ''.join(old) elif settings.IS_XML: old = re.findall(r'>(.*)</', all_params[param]) old = ''.join(old) else: old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else: old = value # Grab the value of parameter. if settings.IS_JSON: #Grab the value of parameter. value = re.findall(r'\:\"(.*)\"', all_params[param]) value = ''.join(value) elif settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) == 0: if settings.IS_JSON: #Grab the value of parameter. provided_value = re.findall( r'\"(.*)\"\:', all_params[param]) provided_value = ''.join(provided_value) elif settings.IS_XML: provided_value = re.findall( r'>(.*)</', all_params[param]) provided_value = ''.join(provided_value) else: provided_value = re.findall( r'(.*)=', all_params[param]) provided_value = ''.join(provided_value) else: all_params[param] = all_params[param].replace( value, inject_value) all_params[param - 1] = all_params[param - 1].replace( inject_value, old) parameter = settings.PARAMETER_DELIMITER.join( all_params) parameters_list.append(parameter) parameter = parameters_list else: if len(value) == 0: if settings.IS_JSON: all_params[param] = all_params[param].replace( ":\"\"", ":\"" + settings.INJECT_TAG + "\"") elif settings.IS_XML: all_params[param] = all_params[param].replace( "></", ">" + settings.INJECT_TAG + "</") else: all_params[param] = all_params[ param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace( value, inject_value) all_params[param - 1] = all_params[param - 1].replace( inject_value, old) parameter = settings.PARAMETER_DELIMITER.join(all_params) parameters_list.append(parameter) parameter = parameters_list else: for param in range(0, len(multi_parameters)): # Grab the value of parameter. if settings.IS_JSON: value = re.findall(r'\"(.*)\"', multi_parameters[param]) value = ''.join(value) if settings.IS_XML: value = re.findall(r'>(.*)</', all_params[param]) value = ''.join(value) else: value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) parameter = settings.PARAMETER_DELIMITER.join(multi_parameters) return parameter
def do_GET_check(url): http_request_method = "GET" # Do replacement with the 'INJECT_HERE' tag, if the wild card char is provided. url = checks.wildcard_character(url) # Check for REST-ful URLs format. if "?" not in url: if settings.INJECT_TAG not in url and not menu.options.shellshock: if menu.options.level == 3 or menu.options.headers: return False if menu.options.level == 2 : return False else: err_msg = "No parameter(s) found for testing in the provided data. " err_msg += "You must specify the testable parameter or " err_msg += "try to increase '--level' values to perform more tests." print settings.print_critical_msg(err_msg) raise SystemExit() elif menu.options.shellshock: return False return url else: urls_list = [] if menu.options.shellshock: urls_list.append(url) else: # Find the host part url_part = get_url_part(url) # Find the parameter part parameters = url.split("?")[1] # Split parameters multi_parameters = parameters.split(settings.PARAMETER_DELIMITER) # Check for inappropriate format in provided parameter(s). if len([s for s in multi_parameters if "=" in s]) != (len(multi_parameters)): checks.inappropriate_format(multi_parameters) # Check for empty values (in provided parameters). checks.is_empty(multi_parameters, http_request_method) # Grab the value of parameter. _ = [] _.append(parameters) parameters = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameters) value = ''.join(value) # Check if single parameter is supplied. if len(multi_parameters) == 1: # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) # Check if defined the INJECT_TAG if settings.INJECT_TAG not in parameters: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(parameters): return urls_list if len(value) == 0: parameters = parameters + settings.INJECT_TAG else: parameters = parameters.replace(value, inject_value) else: # Auto-recognize prefix / suffix if settings.INJECT_TAG in value: if len(value.rsplit(settings.INJECT_TAG, 0)[0]) > 0: menu.options.prefix = value.rsplit(settings.INJECT_TAG, 1)[0] if len(value.rsplit(settings.INJECT_TAG, 1)[1]) > 0: menu.options.suffix = value.rsplit(settings.INJECT_TAG, 1)[1] parameters = parameters.replace(value, inject_value) # Reconstruct the URL url = url_part + "?" + parameters urls_list.append(url) return urls_list else: # Check if multiple parameters are supplied without the "INJECT_HERE" tag. all_params = settings.PARAMETER_DELIMITER.join(multi_parameters) all_params = all_params.split(settings.PARAMETER_DELIMITER) # Check for similarity in provided parameter name and value. all_params = checks.check_similarities(all_params) # Check if defined the "INJECT_HERE" tag if settings.INJECT_TAG not in url: for param in range(0,len(all_params)): if param == 0 : old = re.findall(r'=(.*)', all_params[param]) old = ''.join(old) else : old = value # Grab the value of parameter. value = re.findall(r'=(.*)', all_params[param]) value = ''.join(value) # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(all_params[param]): continue # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) # Skip testing the parameter(s) with empty value(s). if menu.options.skip_empty: if len(value) == 0: provided_value = re.findall(r'(.*)=', all_params[param]) provided_value = ''.join(provided_value) else: all_params[param] = all_params[param].replace(value, inject_value) all_params[param-1] = all_params[param-1].replace(inject_value, old) parameter = settings.PARAMETER_DELIMITER.join(all_params) # Reconstruct the URL url = url_part + "?" + parameter urls_list.append(url) else: if len(value) == 0: all_params[param] = all_params[param] + settings.INJECT_TAG else: all_params[param] = all_params[param].replace(value, inject_value) all_params[param-1] = all_params[param-1].replace(inject_value, old) parameter = settings.PARAMETER_DELIMITER.join(all_params) # Reconstruct the URL url = url_part + "?" + parameter urls_list.append(url.replace(settings.IGNORE_TAG,"")) else: for param in range(0,len(multi_parameters)): # Grab the value of parameter. value = re.findall(r'=(.*)', multi_parameters[param]) value = ''.join(value) parameter = settings.PARAMETER_DELIMITER.join(multi_parameters) # Reconstruct the URL url = url_part + "?" + parameter urls_list.append(url) return urls_list
#Grab the value of parameter. if settings.IS_JSON: #Grab the value of parameter. value = re.findall(r'\"(.*)\"', parameter) value = ''.join(value) if value != settings.INJECT_TAG: value = re.findall(r'\s*\:\s*\"(.*)\"', parameter) value = ''.join(value) elif settings.IS_XML: #Grab the value of parameter. value = re.findall(r'>(.*)</', parameter) value = ''.join(value) else: _ = [] _.append(parameter) parameter = ''.join(checks.check_similarities(_)) value = re.findall(r'=(.*)', parameter) value = ''.join(value) if checks.is_empty(multi_parameters, http_request_method): return parameter else: # Ignoring the anti-CSRF parameter(s). if checks.ignore_anticsrf_parameter(parameter): return parameter # Replace the value of parameter with INJECT tag inject_value = value.replace(value, settings.INJECT_TAG) if len(value) == 0: if settings.IS_JSON: parameter = parameter.replace(":\"\"", ":\"" + settings.INJECT_TAG + "\"") else: parameter = parameter + settings.INJECT_TAG