Example #1
0
def exploitation(url, delay, filename, http_request_method, url_time_response):
    if url_time_response >= settings.SLOW_TARGET_RESPONSE:
        print Fore.YELLOW + settings.WARNING_SIGN + "It is highly recommended, due to serious response delays, to skip the time-based (blind) technique and to continue with the file-based (semiblind) technique." + Style.RESET_ALL
        go_back = False
        while True:
            if go_back == True:
                return False
            proceed_option = raw_input(
                settings.QUESTION_SIGN +
                "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
            ).lower()
            if proceed_option.lower() in settings.CHOICE_PROCEED:
                if proceed_option.lower() == "s":
                    from src.core.injections.semiblind.techniques.file_based import fb_handler
                    fb_handler.exploitation(url, delay, filename,
                                            http_request_method,
                                            url_time_response)
                elif proceed_option.lower() == "c":
                    if tb_injection_handler(url, delay, filename,
                                            http_request_method,
                                            url_time_response) == False:
                        return False
                elif proceed_option.lower() == "q":
                    raise SystemExit()
            else:
                if proceed_option == "":
                    proceed_option = "enter"
                print Back.RED + settings.ERROR_SIGN + "'" + proceed_option + "' is not a valid answer." + Style.RESET_ALL + "\n"
                pass
    else:
        if tb_injection_handler(url, delay, filename, http_request_method,
                                url_time_response) == False:
            return False
Example #2
0
def exploitation(url, delay, filename, http_request_method, url_time_response):
  if url_time_response >= settings.SLOW_TARGET_RESPONSE:
    print Fore.YELLOW + "(^) Warning: It is highly recommended, due to serious response delays, to skip the time-based (blind) technique and to continue with the file-based (semiblind) technique." + Style.RESET_ALL 
    go_back = False
    while True:
      if go_back == True:
        return False
      proceed_option = raw_input("(?) How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > ").lower()
      if proceed_option.lower() in settings.CHOISE_PROCEED :
        if proceed_option.lower() == "s":
          from src.core.injections.semiblind.techniques.file_based import fb_handler
          fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
        elif proceed_option.lower() == "c":
          if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
            return False
        elif proceed_option.lower() == "q":
          raise SystemExit()
      else:
        if proceed_option == "":
          proceed_option = "enter"
        print Back.RED + "(x) Error: '" + proceed_option + "' is not a valid answer." + Style.RESET_ALL
        pass
  else:
    if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
      return False
#eof
#eof
Example #3
0
def exploitation(url, delay, filename, http_request_method, url_time_response):
  if url_time_response >= settings.SLOW_TARGET_RESPONSE:
    warn_msg = "It is highly recommended, due to serious response delays, "
    warn_msg += "to skip the time-based (blind) technique and to continue "
    warn_msg += "with the file-based (semiblind) technique."
    print settings.print_warning_msg(warn_msg)
    go_back = False
    while True:
      if go_back == True:
        return False
      question_msg = "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
      proceed_option = raw_input(settings.print_question_msg(question_msg)).lower()
      if proceed_option.lower() in settings.CHOICE_PROCEED :
        if proceed_option.lower() == "s":
          from src.core.injections.semiblind.techniques.file_based import fb_handler
          fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
        elif proceed_option.lower() == "c":
          if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
            return False
        elif proceed_option.lower() == "q":
          raise SystemExit()
      else:
        if proceed_option == "":
          proceed_option = "enter"
        err_msg = "'" + proceed_option + "' is not a valid answer."
        print settings.print_error_msg(err_msg) + "\n"
        pass
  else:
    if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
      return False
Example #4
0
def exploitation(url, delay, filename, http_request_method, url_time_response):
  # Check if attack is based on time delays.
  if not settings.TIME_RELATIVE_ATTACK :
    settings.TIME_RELATIVE_ATTACK = True
  if url_time_response >= settings.SLOW_TARGET_RESPONSE:
    warn_msg = "It is highly recommended, due to serious response delays, "
    warn_msg += "to skip the time-based (blind) technique and to continue "
    warn_msg += "with the file-based (semiblind) technique."
    print settings.print_warning_msg(warn_msg)
    go_back = False
    while True:
      if go_back == True:
        return False
      question_msg = "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
      sys.stdout.write(settings.print_question_msg(question_msg))
      proceed_option = sys.stdin.readline().replace("\n","").lower()
      if proceed_option.lower() in settings.CHOICE_PROCEED :
        if proceed_option.lower() == "s":
          from src.core.injections.semiblind.techniques.file_based import fb_handler
          fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
        elif proceed_option.lower() == "c":
          if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
            return False
        elif proceed_option.lower() == "q":
          raise SystemExit()
      else:
        if proceed_option == "":
          proceed_option = "enter"
        err_msg = "'" + proceed_option + "' is not a valid answer."
        print settings.print_error_msg(err_msg)
        pass
  else:
    if tb_injection_handler(url, delay, filename, http_request_method, url_time_response) == False:
      settings.TIME_RELATIVE_ATTACK = False
      return False
Example #5
0
def exploitation(url, timesec, filename, http_request_method,
                 url_time_response, injection_type, technique):
    # Check if attack is based on time delays.
    if not settings.TIME_RELATIVE_ATTACK:
        warn_msg = "It is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions."
        print(settings.print_warning_msg(warn_msg) + Style.RESET_ALL)
        settings.TIME_RELATIVE_ATTACK = True

    if url_time_response >= settings.SLOW_TARGET_RESPONSE:
        warn_msg = "It is highly recommended, due to serious response delays, "
        warn_msg += "to skip the time-based (blind) technique and to continue "
        warn_msg += "with the file-based (semiblind) technique."
        print(settings.print_warning_msg(warn_msg))
        go_back = False
        while True:
            if go_back == True:
                return False
            if not menu.options.batch:
                question_msg = "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
                proceed_option = _input(
                    settings.print_question_msg(question_msg))
            else:
                proceed_option = ""
            if len(proceed_option) == 0:
                proceed_option = "c"
            if proceed_option.lower() in settings.CHOICE_PROCEED:
                if proceed_option.lower() == "s":
                    from src.core.injections.semiblind.techniques.file_based import fb_handler
                    fb_handler.exploitation(url, timesec, filename,
                                            http_request_method,
                                            url_time_response)
                elif proceed_option.lower() == "c":
                    if tb_injection_handler(url, timesec, filename,
                                            http_request_method,
                                            url_time_response, injection_type,
                                            technique) == False:
                        return False
                elif proceed_option.lower() == "q":
                    raise SystemExit()
            else:
                err_msg = "'" + proceed_option + "' is not a valid answer."
                print(settings.print_error_msg(err_msg))
                pass
    else:
        if tb_injection_handler(url, timesec, filename, http_request_method,
                                url_time_response, injection_type,
                                technique) == False:
            settings.TIME_RELATIVE_ATTACK = False
            return False
Example #6
0
def injection_proccess(url, check_parameter, http_request_method, filename, delay):

  # User-Agent Injection / Referer Injection / Custom header Injection 
  if check_parameter.startswith(" "):
    header_name = ""
    the_type = " HTTP header "
  else:
    if settings.COOKIE_INJECTION: 
      header_name = " cookie"
    else:
      header_name = ""
    the_type = " parameter "
    check_parameter = " '" + check_parameter + "'"

  # Load modules
  modules_handler.load_modules(url, http_request_method, filename)

  if not settings.LOAD_SESSION:
    info_msg = "Setting the " + "(" + http_request_method 
    info_msg += ")" + check_parameter + header_name + the_type + "for tests."
    print settings.print_info_msg(info_msg)

  # Estimating the response time (in seconds)
  delay, url_time_response = requests.estimate_response_time(url, http_request_method, delay)

  # Check if it is vulnerable to classic command injection technique.
  if not menu.options.tech or "c" in menu.options.tech:
    if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
      settings.CLASSIC_STATE = True
  else:
    settings.CLASSIC_STATE = False

  # Check if it is vulnerable to eval-based code injection technique.
  if not menu.options.tech or "e" in menu.options.tech:
    if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
      settings.EVAL_BASED_STATE = True
  else:
    settings.EVAL_BASED_STATE = False

  # Check if it is vulnerable to time-based blind command injection technique.
  if not menu.options.tech or "t" in menu.options.tech:
    if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      settings.TIME_BASED_STATE = True
  else:
    settings.TIME_BASED_STATE = False

  # Check if it is vulnerable to file-based semiblind command injection technique.
  if not menu.options.tech or "f" in menu.options.tech:
    if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      settings.FILE_BASED_STATE = True
  else:
    settings.FILE_BASED_STATE = False

  # All injection techniques seems to be failed!
  if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False :
    warn_msg = "The tested (" + http_request_method + ")" 
    warn_msg += check_parameter + header_name + the_type 
    warn_msg += "seems to be not injectable."
    print settings.print_warning_msg(warn_msg)  
Example #7
0
def exploitation(url, timesec, filename, http_request_method, url_time_response):
  # Check if attack is based on time delays.
  if not settings.TIME_RELATIVE_ATTACK :
    settings.TIME_RELATIVE_ATTACK = True
  if url_time_response >= settings.SLOW_TARGET_RESPONSE:
    warn_msg = "It is highly recommended, due to serious response delays, "
    warn_msg += "to skip the time-based (blind) technique and to continue "
    warn_msg += "with the file-based (semiblind) technique."
    print settings.print_warning_msg(warn_msg)
    go_back = False
    while True:
      if go_back == True:
        return False
      if not menu.options.batch:
        question_msg = "How do you want to proceed? [(C)ontinue/(s)kip/(q)uit] > "
        sys.stdout.write(settings.print_question_msg(question_msg))
        proceed_option = sys.stdin.readline().replace("\n","").lower()
      else:
        proceed_option = ""  
      if len(proceed_option) == 0:
         proceed_option = "c"
      if proceed_option.lower() in settings.CHOICE_PROCEED :
        if proceed_option.lower() == "s":
          from src.core.injections.semiblind.techniques.file_based import fb_handler
          fb_handler.exploitation(url, timesec, filename, http_request_method, url_time_response)
        elif proceed_option.lower() == "c":
          if tb_injection_handler(url, timesec, filename, http_request_method, url_time_response) == False:
            return False
        elif proceed_option.lower() == "q":
          raise SystemExit()
      else:
        err_msg = "'" + proceed_option + "' is not a valid answer."
        print settings.print_error_msg(err_msg)
        pass
  else:
    if tb_injection_handler(url, timesec, filename, http_request_method, url_time_response) == False:
      settings.TIME_RELATIVE_ATTACK = False
      return False
Example #8
0
def filebased_command_injection_technique(url, timesec, filename, http_request_method, url_time_response):
  injection_type = "semi-blind command injection"
  technique = "file-based command injection technique"
  if not settings.SKIP_COMMAND_INJECTIONS:
    if (len(menu.options.tech) == 0 or "f" in menu.options.tech):
      settings.FILE_BASED_STATE = None
      if fb_handler.exploitation(url, timesec, filename, http_request_method, url_time_response, injection_type, technique) != False:
        settings.FILE_BASED_STATE = True
      else:
        settings.FILE_BASED_STATE = False
    else:
      if settings.VERBOSITY_LEVEL != 0:   
        debug_msg = "Skipping test the " + "(" + injection_type.split(" ")[0] + ") " + technique + ". "
        print(settings.print_debug_msg(debug_msg))
Example #9
0
def do_check(url, filename):

    classic_state = False
    eval_based_state = False
    time_based_state = False
    file_based_state = False

    # Check if defined "--delay" option.
    if menu.options.delay:
        delay = menu.options.delay
    else:
        delay = settings.DELAY

    # Check if authentication is needed.
    if menu.options.auth_url and menu.options.auth_data:
        # Do the authentication process.
        authentication.authentication_process()
        # Check if authentication page is the same with the next (injection) URL
        if urllib2.urlopen(url).read() == urllib2.urlopen(
                menu.options.auth_url).read():
            print Back.RED + settings.ERROR_SIGN + "It seems that the authentication procedure has failed." + Style.RESET_ALL
            sys.exit(0)
    elif menu.options.auth_url or menu.options.auth_data:
        print Back.RED + settings.ERROR_SIGN + "You must specify both login panel URL and login parameters." + Style.RESET_ALL
        sys.exit(0)
    else:
        pass

    # Check if HTTP Method is GET or POST.
    header_name = ""
    if not menu.options.data:
        http_request_method = "GET"
        if not settings.COOKIE_INJECTION \
        and not settings.USER_AGENT_INJECTION \
        and not settings.REFERER_INJECTION:
            url = parameters.do_GET_check(url)
        check_parameter = parameters.vuln_GET_param(url)
        the_type = " parameter "

    else:
        http_request_method = "POST"
        parameter = menu.options.data
        parameter = parameters.do_POST_check(parameter)
        check_parameter = parameters.vuln_POST_param(parameter, url)
        the_type = " parameter "

    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)

    # Cookie Injection
    if settings.COOKIE_INJECTION == True:
        header_name = " Cookie"
        settings.HTTP_HEADER = header_name[1:].lower()
        check_parameter = parameters.specify_cookie_parameter(
            menu.options.cookie)
        the_type = " HTTP header "

    # User-Agent Injection
    elif settings.USER_AGENT_INJECTION == True:
        header_name = " User-Agent"
        settings.HTTP_HEADER = header_name[1:].replace("-", "").lower()
        check_parameter = ""
        the_type = " HTTP header "

    # Referer Injection
    elif settings.REFERER_INJECTION == True:
        header_name = " Referer"
        settings.HTTP_HEADER = header_name[1:].lower()
        check_parameter = ""
        the_type = " HTTP header "

    if len(check_parameter) > 0:
        settings.TESTABLE_PARAMETER = check_parameter

    # Check for session file
    if not menu.options.ignore_session:
        if os.path.isfile(settings.SESSION_FILE):
            if not menu.options.tech:
                menu.options.tech = session_handler.applied_techniques(
                    url, http_request_method)
            if session_handler.check_stored_parameter(url,
                                                      http_request_method):
                settings.LOAD_SESSION = True

    if menu.options.flush_session:
        session_handler.flush(url)

    if len(check_parameter) != 0:
        check_parameter = " '" + check_parameter + "'"

    print settings.INFO_SIGN + "Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."

    # Estimating the response time (in seconds)
    delay, url_time_response = requests.estimate_response_time(
        url, http_request_method, delay)

    # Check if it is vulnerable to classic command injection technique.
    if not menu.options.tech or "c" in menu.options.tech:
        if cb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            classic_state = True
    else:
        classic_state = False

    # Check if it is vulnerable to eval-based code injection technique.
    if not menu.options.tech or "e" in menu.options.tech:
        if eb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            eval_based_state = True
    else:
        eval_based_state = False

    # Check if it is vulnerable to time-based blind command injection technique.
    if not menu.options.tech or "t" in menu.options.tech:
        if tb_handler.exploitation(url, delay, filename, http_request_method,
                                   url_time_response) != False:
            time_based_state = True
    else:
        time_based_state = False

    # Check if it is vulnerable to file-based semiblind command injection technique.
    if not menu.options.tech or "f" in menu.options.tech:
        if fb_handler.exploitation(url, delay, filename, http_request_method,
                                   url_time_response) != False:
            file_based_state = True
    else:
        file_based_state = False

    if classic_state == eval_based_state == time_based_state == file_based_state == False:
        info_msg = settings.CRITICAL_SIGN + "The tested (" + http_request_method + ")" + check_parameter + " parameter appear to be not injectable."
        if not menu.options.alter_shell:
            info_msg += " Use the option '--alter-shell'"
        else:
            info_msg += " Remove the option '--alter-shell'"
        info_msg += " and/or try to audit the HTTP headers (i.e 'User-Agent', 'Referer', 'Cookie' etc)."
        print Back.RED + info_msg + Style.RESET_ALL

    sys.exit(0)
Example #10
0
def injection_proccess(url, check_parameter, http_request_method, filename,
                       timesec):

    # Skipping specific injection techniques.
    if settings.SKIP_TECHNIQUES:
        menu.options.tech = "".join(settings.AVAILABLE_TECHNIQUES)
        for skip_tech_name in settings.AVAILABLE_TECHNIQUES:
            if skip_tech_name in menu.options.skip_tech:
                menu.options.tech = menu.options.tech.replace(
                    skip_tech_name, "")
        if len(menu.options.tech) == 0:
            err_msg = "Detection procedure was aborted due to skipping all injection techniques."
            print settings.print_critical_msg(err_msg)
            raise SystemExit

    # User-Agent Injection / Referer Injection / Custom header Injection
    if check_parameter.startswith(" "):
        header_name = ""
        the_type = " HTTP header"
    else:
        if settings.COOKIE_INJECTION:
            header_name = " cookie"
        else:
            header_name = ""
        the_type = " parameter"
        check_parameter = " '" + check_parameter + "'"

    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)

    if not settings.LOAD_SESSION:
        info_msg = "Setting the"
        if not header_name == " cookie" and not the_type == " HTTP header":
            info_msg += " " + http_request_method + ""
        info_msg += the_type + header_name + check_parameter + " for tests."
        print settings.print_info_msg(info_msg)

    # Estimating the response time (in seconds)
    timesec, url_time_response = requests.estimate_response_time(url, timesec)

    skip_code_injections = False
    skip_command_injections = False

    # Procced with file-based semiblind command injection technique,
    # once the user provides the path of web server's root directory.
    if menu.options.web_root and not "f" in menu.options.tech:
        if not menu.options.web_root.endswith("/"):
            menu.options.web_root = menu.options.web_root + "/"
        if checks.procced_with_file_based_technique():
            menu.options.tech = "f"

    # Check if it is vulnerable to classic command injection technique.
    if not menu.options.tech or "c" in menu.options.tech:
        settings.CLASSIC_STATE = None
        if cb_handler.exploitation(url, timesec, filename,
                                   http_request_method) != False:
            if not menu.options.tech or "e" in menu.options.tech:
                if not menu.options.batch:
                    settings.CLASSIC_STATE = True
                    question_msg = "Due to results, "
                    question_msg += "skipping of code injection checks is recommended. "
                    question_msg += "Do you agree? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    procced_option = sys.stdin.readline().replace("\n",
                                                                  "").lower()
                else:
                    procced_option = ""
                if len(procced_option) == 0:
                    procced_option = "y"
                if procced_option in settings.CHOICE_YES:
                    skip_code_injections = True
                elif procced_option in settings.CHOICE_NO:
                    pass
                elif procced_option in settings.CHOICE_QUIT:
                    sys.exit(0)
                else:
                    err_msg = "'" + procced_option + "' is not a valid answer."
                    print settings.print_error_msg(err_msg)
                    pass
        else:
            settings.CLASSIC_STATE = False

    # Check if it is vulnerable to eval-based code injection technique.
    if not menu.options.tech or "e" in menu.options.tech:
        if not skip_code_injections:
            settings.EVAL_BASED_STATE = None
            if eb_handler.exploitation(url, timesec, filename,
                                       http_request_method) != False:
                if not menu.options.batch:
                    settings.EVAL_BASED_STATE = True
                    question_msg = "Due to results, "
                    question_msg += "skipping of further command injection checks is recommended. "
                    question_msg += "Do you agree? [Y/n] > "
                    sys.stdout.write(settings.print_question_msg(question_msg))
                    procced_option = sys.stdin.readline().replace("\n",
                                                                  "").lower()
                else:
                    procced_option = ""
                if len(procced_option) == 0:
                    procced_option = "y"
                if procced_option in settings.CHOICE_YES:
                    skip_command_injections = True
                elif procced_option in settings.CHOICE_NO:
                    pass
                elif procced_option in settings.CHOICE_QUIT:
                    sys.exit(0)
                else:
                    err_msg = "'" + procced_option + "' is not a valid answer."
                    print settings.print_error_msg(err_msg)
                    pass
            else:
                settings.EVAL_BASED_STATE = False

    if not skip_command_injections:
        # Check if it is vulnerable to time-based blind command injection technique.
        if not menu.options.tech or "t" in menu.options.tech:
            settings.TIME_BASED_STATE = None
            if tb_handler.exploitation(url, timesec, filename,
                                       http_request_method,
                                       url_time_response) != False:
                settings.TIME_BASED_STATE = True
            else:
                settings.TIME_BASED_STATE = False

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if not menu.options.tech or "f" in menu.options.tech and not skip_command_injections:
            settings.FILE_BASED_STATE = None
            if fb_handler.exploitation(url, timesec, filename,
                                       http_request_method,
                                       url_time_response) != False:
                settings.FILE_BASED_STATE = True
            else:
                settings.FILE_BASED_STATE = False

    # All injection techniques seems to be failed!
    if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False:
        warn_msg = "The tested"
        if not header_name == " cookie" and not the_type == " HTTP header":
            warn_msg += " " + http_request_method + ""
        warn_msg += the_type + header_name + check_parameter
        warn_msg += " seems to be not injectable."
        print settings.print_warning_msg(warn_msg) + Style.RESET_ALL
Example #11
0
def injection_proccess(url, check_parameter, http_request_method, filename,
                       delay):

    # User-Agent Injection / Referer Injection / Custom header Injection
    if check_parameter.startswith(" "):
        header_name = ""
        the_type = " HTTP header"
    else:
        if settings.COOKIE_INJECTION:
            header_name = " cookie"
        else:
            header_name = ""
        the_type = " parameter"
        check_parameter = " '" + check_parameter + "'"

    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)

    if not settings.LOAD_SESSION:
        info_msg = "Setting the"
        if not header_name == " cookie" and not the_type == " HTTP header":
            info_msg += " " + http_request_method + ""
        info_msg += the_type + header_name + check_parameter + " for tests."
        print settings.print_info_msg(info_msg)

    # Estimating the response time (in seconds)
    delay, url_time_response = requests.estimate_response_time(
        url, http_request_method, delay)

    # Check if it is vulnerable to classic command injection technique.
    if not menu.options.tech or "c" in menu.options.tech:
        settings.CLASSIC_STATE = None
        if cb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            settings.CLASSIC_STATE = True
        else:
            settings.CLASSIC_STATE = False

    # Check if it is vulnerable to eval-based code injection technique.
    if not menu.options.tech or "e" in menu.options.tech:
        settings.EVAL_BASED_STATE = None
        if eb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            settings.EVAL_BASED_STATE = True
        else:
            settings.EVAL_BASED_STATE = False

    # Check if it is vulnerable to time-based blind command injection technique.
    if not menu.options.tech or "t" in menu.options.tech:
        settings.TIME_BASED_STATE = None
        if tb_handler.exploitation(url, delay, filename, http_request_method,
                                   url_time_response) != False:
            settings.TIME_BASED_STATE = True
        else:
            settings.TIME_BASED_STATE = False

    # Check if it is vulnerable to file-based semiblind command injection technique.
    if not menu.options.tech or "f" in menu.options.tech:
        settings.FILE_BASED_STATE = None
        if fb_handler.exploitation(url, delay, filename, http_request_method,
                                   url_time_response) != False:
            settings.FILE_BASED_STATE = True
        else:
            settings.FILE_BASED_STATE = False

    # All injection techniques seems to be failed!
    if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False:
        warn_msg = "The tested"
        if not header_name == " cookie" and not the_type == " HTTP header":
            warn_msg += " " + http_request_method + ""
        warn_msg += the_type + header_name + check_parameter
        warn_msg += " seems to be not injectable."
        print settings.print_warning_msg(warn_msg) + Style.RESET_ALL
Example #12
0
def injection_proccess(url, check_parameter, http_request_method, filename,
                       timesec):

    if menu.options.ignore_code:
        info_msg = "Ignoring '" + str(
            menu.options.ignore_code) + "' HTTP error code. "
        print(settings.print_info_msg(info_msg))

    # Skipping specific injection techniques.
    if settings.SKIP_TECHNIQUES:
        menu.options.tech = "".join(settings.AVAILABLE_TECHNIQUES)
        for skip_tech_name in settings.AVAILABLE_TECHNIQUES:
            if skip_tech_name in menu.options.skip_tech:
                menu.options.tech = menu.options.tech.replace(
                    skip_tech_name, "")
        if len(menu.options.tech) == 0:
            err_msg = "Detection procedure was aborted due to skipping all injection techniques."
            print(settings.print_critical_msg(err_msg))
            raise SystemExit

    # User-Agent HTTP header / Referer HTTP header /
    # Host HTTP header / Custom HTTP header Injection(s)
    if check_parameter.startswith(" "):
        header_name = ""
        the_type = " HTTP header"
    else:
        if settings.COOKIE_INJECTION:
            header_name = " cookie"
        else:
            header_name = ""
        the_type = " parameter"
        check_parameter = " '" + check_parameter + "'"

    # Estimating the response time (in seconds)
    timesec, url_time_response = requests.estimate_response_time(url, timesec)
    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)
    # Check for identified warnings
    url = heuristic_basic(url, http_request_method)
    if settings.IDENTIFIED_WARNINGS:
        if not settings.SKIP_COMMAND_INJECTIONS:
            ci = "command injection techniques"
            ce = "code injection technique"
            if not menu.options.batch:
                question_msg = "Do you want to skip test payloads for "
                question_msg += ci + "? [Y/n] > "
                procced_option = _input(
                    settings.print_question_msg(question_msg))
            else:
                procced_option = ""
            if procced_option in settings.CHOICE_YES or len(
                    procced_option) == 0:
                if settings.VERBOSITY_LEVEL >= 1:
                    debug_msg = "Skipping " + ci + "."
                    print(settings.print_debug_msg(debug_msg))
                settings.CLASSIC_STATE = settings.TIME_BASED_STATE = settings.FILE_BASED_STATE = False
                settings.EVAL_BASED_STATE = settings.SKIP_COMMAND_INJECTIONS = True
            elif procced_option in settings.CHOICE_NO:
                if settings.VERBOSITY_LEVEL >= 1:
                    debug_msg = "Skipping " + ce + "."
                    print(settings.print_debug_msg(debug_msg))
                settings.SKIP_CODE_INJECTIONS = True
                settings.EVAL_BASED_STATE = settings.SKIP_COMMAND_INJECTIONS = False
            elif procced_option in settings.CHOICE_QUIT:
                raise SystemExit()
            else:
                err_msg = "'" + procced_option + "' is not a valid answer."
                print(settings.print_error_msg(err_msg))
                pass

    if not settings.LOAD_SESSION:
        info_msg = "Setting the"
        if not header_name == " cookie" and not the_type == " HTTP header":
            info_msg += " " + http_request_method + ""
        info_msg += ('', ' (JSON)')[settings.IS_JSON] + (
            '', ' (SOAP/XML)')[settings.IS_XML]
        if header_name == " cookie":
            info_msg += header_name + the_type + check_parameter + " for tests."
        else:
            info_msg += the_type + header_name + check_parameter + " for tests."
        print(settings.print_info_msg(info_msg))

    if menu.options.failed_tries and \
       menu.options.tech and not "f" in menu.options.tech and not \
       menu.options.failed_tries:
        warn_msg = "Due to the provided (unsuitable) injection technique"
        warn_msg += "s"[len(menu.options.tech) == 1:][::-1] + ", "
        warn_msg += "the option '--failed-tries' will be ignored."
        print(settings.print_warning_msg(warn_msg)) + Style.RESET_ALL

    # Procced with file-based semiblind command injection technique,
    # once the user provides the path of web server's root directory.
    if menu.options.web_root and \
       menu.options.tech and not "f" in menu.options.tech:
        if not menu.options.web_root.endswith("/"):
            menu.options.web_root = menu.options.web_root + "/"
        if checks.procced_with_file_based_technique():
            menu.options.tech = "f"

    if not menu.options.tech:
        menu.options.tech = ""
    if len(menu.options.tech) == 0 or "c" in menu.options.tech:
        settings.CLASSIC_STATE = True
    if len(menu.options.tech) == 0 or "e" in menu.options.tech:
        settings.EVAL_BASED_STATE = True
    if len(menu.options.tech) == 0 or "t" in menu.options.tech:
        settings.TIME_BASED_STATE = True
    if len(menu.options.tech) == 0 or "f" in menu.options.tech:
        settings.FILE_BASED_STATE = True

    # Check if it is vulnerable to classic command injection technique.
    if not settings.SKIP_COMMAND_INJECTIONS and settings.CLASSIC_STATE:
        settings.CLASSIC_STATE = None
        if cb_handler.exploitation(url, timesec, filename,
                                   http_request_method) != False:
            if settings.EVAL_BASED_STATE:
                if not menu.options.batch:
                    settings.CLASSIC_STATE = True
                    question_msg = "Due to results, "
                    question_msg += "skipping of code injection checks is recommended. "
                    question_msg += "Do you agree? [Y/n] > "
                    procced_option = _input(
                        settings.print_question_msg(question_msg))
                else:
                    procced_option = ""
                if len(procced_option) == 0:
                    procced_option = "Y"
                if procced_option in settings.CHOICE_YES:
                    if settings.VERBOSITY_LEVEL >= 1:
                        debug_msg = "Skipping code injection checks."
                        print(settings.print_debug_msg(debug_msg))
                    settings.SKIP_CODE_INJECTIONS = True
                elif procced_option in settings.CHOICE_NO:
                    pass
                elif procced_option in settings.CHOICE_QUIT:
                    raise SystemExit()
                else:
                    err_msg = "'" + procced_option + "' is not a valid answer."
                    print(settings.print_error_msg(err_msg))
                    pass
        else:
            settings.CLASSIC_STATE = False

    # Check if it is vulnerable to eval-based code injection technique.
    if not settings.SKIP_CODE_INJECTIONS and settings.EVAL_BASED_STATE:
        settings.EVAL_BASED_STATE = None
        if eb_handler.exploitation(url, timesec, filename,
                                   http_request_method) != False:
            if not menu.options.batch:
                settings.EVAL_BASED_STATE = True
                question_msg = "Due to results, "
                question_msg += "skipping of further command injection checks is recommended. "
                question_msg += "Do you agree? [Y/n] > "
                procced_option = _input(
                    settings.print_question_msg(question_msg))
            else:
                procced_option = ""
            if len(procced_option) == 0:
                procced_option = "Y"
            if procced_option in settings.CHOICE_YES:
                if settings.VERBOSITY_LEVEL >= 1:
                    debug_msg = "Skipping command injection checks."
                    print(settings.print_debug_msg(debug_msg))
                settings.SKIP_COMMAND_INJECTIONS = True
            elif procced_option in settings.CHOICE_NO:
                pass
            elif procced_option in settings.CHOICE_QUIT:
                raise SystemExit()
            else:
                err_msg = "'" + procced_option + "' is not a valid answer."
                print(settings.print_error_msg(err_msg))
                pass
        else:
            settings.EVAL_BASED_STATE = False

    if not settings.SKIP_COMMAND_INJECTIONS:
        # Check if it is vulnerable to time-based blind command injection technique.
        if settings.TIME_BASED_STATE:
            settings.TIME_BASED_STATE = None
            if tb_handler.exploitation(url, timesec, filename,
                                       http_request_method,
                                       url_time_response) != False:
                settings.TIME_BASED_STATE = True
            else:
                settings.TIME_BASED_STATE = False

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if settings.FILE_BASED_STATE:
            settings.FILE_BASED_STATE = None
            if fb_handler.exploitation(url, timesec, filename,
                                       http_request_method,
                                       url_time_response) != False:
                settings.FILE_BASED_STATE = True
            else:
                settings.FILE_BASED_STATE = False

    # All injection techniques seems to be failed!
    if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False:
        warn_msg = "The tested"
        if not header_name == " cookie" and not the_type == " HTTP header":
            warn_msg += " " + http_request_method + ""
        warn_msg += the_type + header_name + check_parameter
        warn_msg += " seems to be not injectable."
        print(settings.print_warning_msg(warn_msg)) + Style.RESET_ALL
Example #13
0
def injection_proccess(url, check_parameter, http_request_method, filename,
                       delay):

    # User-Agent Injection / Referer Injection / Custom header Injection
    if check_parameter.startswith(" "):
        header_name = ""
        the_type = " HTTP header"
    else:
        if settings.COOKIE_INJECTION:
            header_name = " cookie"
        else:
            header_name = ""
        the_type = " parameter"
        check_parameter = " '" + check_parameter + "'"

    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)

    if not settings.LOAD_SESSION:
        info_msg = "Setting the"
        if not header_name == " cookie" and not the_type == " HTTP header":
            info_msg += " " + http_request_method + ""
        info_msg += the_type + header_name + check_parameter + " for tests."
        print settings.print_info_msg(info_msg)

    # Estimating the response time (in seconds)
    delay, url_time_response = requests.estimate_response_time(url, delay)

    skip_code_injections = False
    skip_command_injections = False

    # Check if it is vulnerable to classic command injection technique.
    if not menu.options.tech or "c" in menu.options.tech:
        settings.CLASSIC_STATE = None
        if cb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            settings.CLASSIC_STATE = True
            question_msg = "Due to resuts "
            question_msg += "skipping of code injection checks is recommended. "
            question_msg += "Do you agree? [Y/n/q] > "
            sys.stdout.write(settings.print_question_msg(question_msg))
            procced_option = sys.stdin.readline().replace("\n", "").lower()
            if len(procced_option) == 0:
                procced_option = "y"
            if procced_option in settings.CHOICE_YES:
                skip_code_injections = True
            elif procced_option in settings.CHOICE_NO:
                pass
            elif procced_option in settings.CHOICE_QUIT:
                sys.exit(0)
            else:
                err_msg = "'" + procced_option + "' is not a valid answer."
                print settings.print_error_msg(err_msg)
                pass
        else:
            settings.CLASSIC_STATE = False

    # Check if it is vulnerable to eval-based code injection technique.
    if not menu.options.tech or "e" in menu.options.tech:
        if not skip_code_injections:
            settings.EVAL_BASED_STATE = None
            if eb_handler.exploitation(url, delay, filename,
                                       http_request_method) != False:
                settings.EVAL_BASED_STATE = True
                question_msg = "Due to resuts, "
                question_msg += "skipping of further command injection checks is recommended. "
                question_msg += "Do you agree? [Y/n/q] > "
                sys.stdout.write(settings.print_question_msg(question_msg))
                procced_option = sys.stdin.readline().replace("\n", "").lower()
                if len(procced_option) == 0:
                    procced_option = "y"
                if procced_option in settings.CHOICE_YES:
                    skip_command_injections = True
                elif procced_option in settings.CHOICE_NO:
                    pass
                elif procced_option in settings.CHOICE_QUIT:
                    sys.exit(0)
                else:
                    err_msg = "'" + procced_option + "' is not a valid answer."
                    print settings.print_error_msg(err_msg)
                    pass
            else:
                settings.EVAL_BASED_STATE = False

    if not skip_command_injections:

        # Check if it is vulnerable to time-based blind command injection technique.
        if not menu.options.tech or "t" in menu.options.tech:
            settings.TIME_BASED_STATE = None
            if tb_handler.exploitation(url, delay, filename,
                                       http_request_method,
                                       url_time_response) != False:
                settings.TIME_BASED_STATE = True
            else:
                settings.TIME_BASED_STATE = False

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if not menu.options.tech or "f" in menu.options.tech and not skip_command_injections:
            settings.FILE_BASED_STATE = None
            if fb_handler.exploitation(url, delay, filename,
                                       http_request_method,
                                       url_time_response) != False:
                settings.FILE_BASED_STATE = True
            else:
                settings.FILE_BASED_STATE = False

    # All injection techniques seems to be failed!
    if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False:
        warn_msg = "The tested"
        if not header_name == " cookie" and not the_type == " HTTP header":
            warn_msg += " " + http_request_method + ""
        warn_msg += the_type + header_name + check_parameter
        warn_msg += " seems to be not injectable."
        print settings.print_warning_msg(warn_msg) + Style.RESET_ALL
Example #14
0
def do_check(url, filename):

    classic_state = False
    eval_based_state = False
    time_based_state = False
    file_based_state = False

    # Check if defined "--delay" option.
    if menu.options.delay:
        delay = menu.options.delay
    else:
        delay = settings.DELAY

    # Do authentication if needed.
    if menu.options.auth_url and menu.options.auth_data:
        authentication.auth_process()
    elif menu.options.auth_url or menu.options.auth_data:
        print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL
        sys.exit(0)
    else:
        pass

    # Check if HTTP Method is GET or POST.
    header_name = ""
    if not menu.options.data:
        http_request_method = "GET"
        if not settings.COOKIE_INJECTION and not settings.USER_AGENT_INJECTION and not settings.REFERER_INJECTION:
            url = parameters.do_GET_check(url)
        check_parameter = parameters.vuln_GET_param(url)
        the_type = " parameter "

    else:
        http_request_method = "POST"
        parameter = menu.options.data
        parameter = parameters.do_POST_check(parameter)
        check_parameter = parameters.vuln_POST_param(parameter, url)
        the_type = " parameter "

    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)

    # Cookie Injection
    if settings.COOKIE_INJECTION == True:
        header_name = " Cookie"
        check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
        the_type = " HTTP header "

    # User-Agent Injection
    elif settings.USER_AGENT_INJECTION == True:
        header_name = " User-Agent"
        check_parameter = ""
        the_type = " HTTP header "

    # Referer Injection
    elif settings.REFERER_INJECTION == True:
        header_name = " Referer"
        check_parameter = ""
        the_type = " HTTP header "

    else:
        pass

    if len(check_parameter) != 0:
        check_parameter = " '" + check_parameter + "'"

    print "(*) Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."

    # Estimating the response time (in seconds)
    delay, url_time_response = requests.estimate_response_time(url, http_request_method, delay)

    # Check all injection techniques
    if not menu.options.tech:
        # Check if it is vulnerable to classic command injection technique.
        if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
            classic_state = True

        # Check if it is vulnerable to eval-based command injection technique.
        if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
            eval_based_state = True

        # Check if it is vulnerable to time-based blind command injection technique.
        if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
            time_based_state = True

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
            file_based_state = True

    else:
        # Check if it is vulnerable to classic command injection technique.
        if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech:
            # Check if classic results-based command injection technique succeeds.
            if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
                classic_state = True
        elif menu.options.tech == "classic":
            cb_handler.exploitation(url, delay, filename, http_request_method)
        else:
            classic_state = False

        # Check if it is vulnerable to eval-based command injection technique.
        if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech:
            # Check if eval-based command injection technique succeeds.
            if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
                eval_based_state = True
        elif menu.options.tech == "eval-based":
            eb_handler.exploitation(url, delay, filename, http_request_method)
        else:
            eval_based_state = False

        # Check if it is vulnerable to time-based blind command injection technique.
        if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech:
            # Check if time-based blind command injection technique succeeds.
            if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
                time_based_state = True
        elif menu.options.tech == "time-based":
            tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
        else:
            time_based_state = False

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech:
            # Check if file-based semiblind command injection technique succeeds.
            if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
                file_based_state = True
        elif menu.options.tech == "file-based":
            fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response)
        else:
            file_based_state = False

    if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False:
        info_msg = (
            "(x) Critical: The tested ("
            + http_request_method
            + ")"
            + check_parameter
            + " parameter appear to be not injectable."
        )
        if not menu.options.alter_shell:
            info_msg += " Use the option '--alter-shell'"
        else:
            info_msg += " Remove the option '--alter-shell'"
        info_msg += " and/or try to audit the HTTP headers (i.e 'User-Agent', 'Referer', 'Cookie' etc)."
        print Back.RED + info_msg + Style.RESET_ALL

    # else:
    #   print ""
    sys.exit(0)
Example #15
0
def do_check(url, filename):

  classic_state = False
  eval_based_state = False
  time_based_state = False
  file_based_state = False

  # Check if defined "--delay" option.
  if menu.options.delay:
    delay = menu.options.delay
  else:
    delay = settings.DELAY

  # Check if authentication is needed.
  if menu.options.auth_url and menu.options.auth_data:
    # Do the authentication process.
    authentication.authentication_process()
    # Check if authentication page is the same with the next (injection) URL
    if urllib2.urlopen(url).read() == urllib2.urlopen(menu.options.auth_url).read():
      print Back.RED + settings.ERROR_SIGN + "It seems that the authentication procedure has failed." + Style.RESET_ALL
      sys.exit(0)
  elif menu.options.auth_url or menu.options.auth_data: 
    print Back.RED + settings.ERROR_SIGN + "You must specify both login panel URL and login parameters." + Style.RESET_ALL
    sys.exit(0)
  else:
    pass

  # Check if HTTP Method is GET or POST.
  header_name = ""
  if not menu.options.data:
    http_request_method = "GET"
    if not settings.COOKIE_INJECTION \
    and not settings.USER_AGENT_INJECTION \
    and not settings.REFERER_INJECTION:
      url = parameters.do_GET_check(url)
    check_parameter = parameters.vuln_GET_param(url)
    the_type = " parameter "

  else:
    http_request_method = "POST"
    parameter = menu.options.data
    parameter = parameters.do_POST_check(parameter)
    check_parameter = parameters.vuln_POST_param(parameter, url)
    the_type = " parameter " 
  
  # Load modules
  modules_handler.load_modules(url, http_request_method, filename)

  # Cookie Injection
  if settings.COOKIE_INJECTION == True:
    header_name = " Cookie"
    settings.HTTP_HEADER = header_name[1:].lower()
    check_parameter  = parameters.specify_cookie_parameter(menu.options.cookie)
    the_type = " HTTP header "
            
  # User-Agent Injection
  elif settings.USER_AGENT_INJECTION == True:
    header_name = " User-Agent"
    settings.HTTP_HEADER = header_name[1:].replace("-","").lower()
    check_parameter  = ""
    the_type = " HTTP header "

  # Referer Injection
  elif settings.REFERER_INJECTION == True:
    header_name = " Referer"
    settings.HTTP_HEADER = header_name[1:].lower()
    check_parameter  = ""
    the_type = " HTTP header "

  if len(check_parameter) > 0:
    settings.TESTABLE_PARAMETER = check_parameter

  # Check for session file 
  if not menu.options.ignore_session:
    if os.path.isfile(settings.SESSION_FILE):
      if not menu.options.tech:
          menu.options.tech = session_handler.applied_techniques(url, http_request_method)
      if session_handler.check_stored_parameter(url, http_request_method):
        settings.LOAD_SESSION = True
        
  if menu.options.flush_session:
    session_handler.flush(url)

  if len(check_parameter) != 0 :
    check_parameter = " '" + check_parameter + "'"

  print settings.INFO_SIGN + "Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."

  # Estimating the response time (in seconds)
  delay, url_time_response = requests.estimate_response_time(url, http_request_method, delay)

  # Check if it is vulnerable to classic command injection technique.
  if not menu.options.tech or "c" in menu.options.tech:
    if cb_handler.exploitation(url, delay, filename, http_request_method) != False:
      classic_state = True
  else:
    classic_state = False

  # Check if it is vulnerable to eval-based code injection technique.
  if not menu.options.tech or "e" in menu.options.tech:
    if eb_handler.exploitation(url, delay, filename, http_request_method) != False:
      eval_based_state = True
  else:
    eval_based_state = False

  # Check if it is vulnerable to time-based blind command injection technique.
  if not menu.options.tech or "t" in menu.options.tech:
    if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      time_based_state = True
  else:
    time_based_state = False

  # Check if it is vulnerable to file-based semiblind command injection technique.
  if not menu.options.tech or "f" in menu.options.tech:
    if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False:
      file_based_state = True
  else:
    file_based_state = False

  if classic_state == eval_based_state == time_based_state == file_based_state == False :
    info_msg = settings.CRITICAL_SIGN + "The tested (" + http_request_method + ")" + check_parameter + " parameter appear to be not injectable."
    if not menu.options.alter_shell :
      info_msg += " Use the option '--alter-shell'"
    else:
      info_msg += " Remove the option '--alter-shell'"
    info_msg += " and/or try to audit the HTTP headers (i.e 'User-Agent', 'Referer', 'Cookie' etc)."
    print Back.RED + info_msg + Style.RESET_ALL  

  sys.exit(0)
Example #16
0
def do_check(url, filename):

    classic_state = False
    eval_based_state = False
    time_based_state = False
    file_based_state = False

    # Check if defined "--delay" option.
    if menu.options.delay:
        delay = menu.options.delay
    else:
        delay = settings.DELAY

    # Check if authentication is needed.
    if menu.options.auth_url and menu.options.auth_data:
        # Do the authentication process.
        authentication.authentication_process()
        # Check if authentication page is the same with the next (injection) URL
        if urllib2.urlopen(url).read() == urllib2.urlopen(
                menu.options.auth_url).read():
            print Back.RED + "(x) Error: It seems that the authentication procedure has failed." + Style.RESET_ALL
            sys.exit(0)
    elif menu.options.auth_url or menu.options.auth_data:
        print Back.RED + "(x) Error: You must specify both login panel URL and login parameters." + Style.RESET_ALL
        sys.exit(0)
    else:
        pass

    # Check if HTTP Method is GET or POST.
    header_name = ""
    if not menu.options.data:
        http_request_method = "GET"
        if not settings.COOKIE_INJECTION \
        and not settings.USER_AGENT_INJECTION \
        and not settings.REFERER_INJECTION:
            url = parameters.do_GET_check(url)
        check_parameter = parameters.vuln_GET_param(url)
        the_type = " parameter "

    else:
        http_request_method = "POST"
        parameter = menu.options.data
        parameter = parameters.do_POST_check(parameter)
        check_parameter = parameters.vuln_POST_param(parameter, url)
        the_type = " parameter "

    # Load modules
    modules_handler.load_modules(url, http_request_method, filename)

    # Cookie Injection
    if settings.COOKIE_INJECTION == True:
        header_name = " Cookie"
        check_parameter = parameters.specify_cookie_parameter(
            menu.options.cookie)
        the_type = " HTTP header "

    # User-Agent Injection
    elif settings.USER_AGENT_INJECTION == True:
        header_name = " User-Agent"
        check_parameter = ""
        the_type = " HTTP header "

    # Referer Injection
    elif settings.REFERER_INJECTION == True:
        header_name = " Referer"
        check_parameter = ""
        the_type = " HTTP header "

    else:
        pass

    if len(check_parameter) != 0:
        check_parameter = " '" + check_parameter + "'"

    print "(*) Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests."

    # Estimating the response time (in seconds)
    delay, url_time_response = requests.estimate_response_time(
        url, http_request_method, delay)

    # Check all injection techniques
    if not menu.options.tech:
        # Check if it is vulnerable to classic command injection technique.
        if cb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            classic_state = True

        # Check if it is vulnerable to eval-based command injection technique.
        if eb_handler.exploitation(url, delay, filename,
                                   http_request_method) != False:
            eval_based_state = True

        # Check if it is vulnerable to time-based blind command injection technique.
        if tb_handler.exploitation(url, delay, filename, http_request_method,
                                   url_time_response) != False:
            time_based_state = True

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if fb_handler.exploitation(url, delay, filename, http_request_method,
                                   url_time_response) != False:
            file_based_state = True

    else:
        # Check if it is vulnerable to classic command injection technique.
        if "classic" in menu.options.tech or len(
                menu.options.tech) <= 4 and "c" in menu.options.tech:
            # Check if classic results-based command injection technique succeeds.
            if cb_handler.exploitation(url, delay, filename,
                                       http_request_method) != False:
                classic_state = True
        elif menu.options.tech == "classic":
            cb_handler.exploitation(url, delay, filename, http_request_method)
        else:
            classic_state = False

        # Check if it is vulnerable to eval-based command injection technique.
        if "eval-based" in menu.options.tech or len(
                menu.options.tech) <= 4 and "e" in menu.options.tech:
            # Check if eval-based command injection technique succeeds.
            if eb_handler.exploitation(url, delay, filename,
                                       http_request_method) != False:
                eval_based_state = True
        elif menu.options.tech == "eval-based":
            eb_handler.exploitation(url, delay, filename, http_request_method)
        else:
            eval_based_state = False

        # Check if it is vulnerable to time-based blind command injection technique.
        if "time-based" in menu.options.tech or len(
                menu.options.tech) <= 4 and "t" in menu.options.tech:
            # Check if time-based blind command injection technique succeeds.
            if tb_handler.exploitation(url, delay, filename,
                                       http_request_method,
                                       url_time_response) != False:
                time_based_state = True
        elif menu.options.tech == "time-based":
            tb_handler.exploitation(url, delay, filename, http_request_method,
                                    url_time_response)
        else:
            time_based_state = False

        # Check if it is vulnerable to file-based semiblind command injection technique.
        if "file-based" in menu.options.tech or len(
                menu.options.tech) <= 4 and "f" in menu.options.tech:
            # Check if file-based semiblind command injection technique succeeds.
            if fb_handler.exploitation(url, delay, filename,
                                       http_request_method,
                                       url_time_response) != False:
                file_based_state = True
        elif menu.options.tech == "file-based":
            fb_handler.exploitation(url, delay, filename, http_request_method,
                                    url_time_response)
        else:
            file_based_state = False

    if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False:
        info_msg = "(x) Critical: The tested (" + http_request_method + ")" + check_parameter + " parameter appear to be not injectable."
        if not menu.options.alter_shell:
            info_msg += " Use the option '--alter-shell'"
        else:
            info_msg += " Remove the option '--alter-shell'"
        info_msg += " and/or try to audit the HTTP headers (i.e 'User-Agent', 'Referer', 'Cookie' etc)."
        print Back.RED + info_msg + Style.RESET_ALL

    # else:
    #   print ""
    sys.exit(0)