def __set_lists(self, data: Data):
"""
This function sets the black and white lists.
@param data: The data object of the program.
@type data: Classes.Data
@return: None
"""
def set_list(file: str, black: bool):
"""
Inner function to set a list by it's file path.
@param file: The file path of the list.
@type file: str
@param black: True - black list, False - white list.
@type black: bool
@return: None
"""
if not file:
# No file was specified.
return
if os.path.exists(file):
# If the file exists.
with open(file, "r") as f:
current_list = f.read()
else:
# The file does not exists.
COLOR_MANAGER.print_error(f"The file {file} was not found",
"\t")
return
current_list = current_list.replace("\n", "").replace(
" ", "") # Removing "\n"s and spaces.
current_list = [
word for word in current_list.split(",") if len(word)
] # List of words.
if current_list:
# Everything is fine.
COLOR_MANAGER.print_success(
f"The file {file} has been"
f" added to the filtering process.", "\t")
if black:
self.__black_list = current_list
else:
self.__white_list = current_list
else:
# Empty file.
COLOR_MANAGER.print_error(
f"The file {file} is not in the"
f" format of <word1>, <word2>.", "\t")
set_list(data.blacklist, True) # Setting black list.
set_list(data.whitelist, False) # Setting white list.
if self.__white_list and self.__black_list:
# The user specified valid data for both.
COLOR_MANAGER.print_warning(
"The process will filter"
" the pages only by the white list.", "\t")
print(COLOR_MANAGER.ENDC)
def set_list(file: str, black: bool):
"""
Inner function to set a list by it's file path.
@param file: The file path of the list.
@type file: str
@param black: True - black list, False - white list.
@type black: bool
@return: None
"""
if not file:
# No file was specified.
return
if os.path.exists(file):
# If the file exists.
with open(file, "r") as f:
current_list = f.read()
else:
# The file does not exists.
COLOR_MANAGER.print_error(f"The file {file} was not found",
"\t")
return
current_list = current_list.replace("\n", "").replace(
" ", "") # Removing "\n"s and spaces.
current_list = [
word for word in current_list.split(",") if len(word)
] # List of words.
if current_list:
# Everything is fine.
COLOR_MANAGER.print_success(
f"The file {file} has been"
f" added to the filtering process.", "\t")
if black:
self.__black_list = current_list
else:
self.__white_list = current_list
else:
# Empty file.
COLOR_MANAGER.print_error(
f"The file {file} is not in the"
f" format of <word1>, <word2>.", "\t")
def main():
"""
This function connects the different managers together.
@return: None
"""
try:
# Initiate manager classes instances.
data = Data()
function_order = [
FlagManager.FlagManager(
).logic, # Get arguments from command line.
AddressManager.AddressManager().logic, # Check specified address.
print_data, # Print given arguments.
PageManager.PageManager(
).logic, # Get all the pages from the website.
PluginManager.PluginManager(
).logic, # Generate the `Check Device` in our directory.
VulnerabilityManager.VulnerabilityManager().
logic # Run plugins with the `Check Device`.
]
# Starting the process.
for function in function_order:
# Executing every function.
function(data)
print(COLOR_MANAGER.ENDC)
except KeyboardInterrupt:
# The user pressed ctrl+c.
COLOR_MANAGER.print_warning(
"You have decided to close the process, please wait few seconds...\n",
"\n\t")
except Exception as e:
if len(e.args) == 2:
COLOR_MANAGER.print_error(str(e.args[0]), str(e.args[1]))
else:
COLOR_MANAGER.print_error(str(e))
finally:
# Every time the program has finished it's run we clean up.
finishing_up()
#!/usr/bin/python3
from colors import COLOR_MANAGER
import Classes
import Methods
# --------------- {Consts} ---------------
COLOR = COLOR_MANAGER.rgb(255, 255, 0)
# -------------------------------- {Global variables} ---------------------------------
curr_text_input = dict()
curr_char = ""
blind_problem = Classes.CheckResult(
"These text inputs allowed blind Command injection, "
f"the query ' ping -c {Methods.WAITING_TIME} 127.0.0.1' "
f"has slowed down the server's response.", "",
"The plugin submits the action form with the query "
f"' ping -c {Methods.WAITING_TIME} 127.0.0.1',\n"
f"if the server's response is delayed, "
f"it must indicate of Command injection vulnerability.")
non_blind_problem = Classes.CheckResult(
"These text inputs *may* have allowed Command injection,"
" the plugin has detected an echo message that "
f"indicate about a Command injection vulnerability.", "",
"The plugin submits the action form with a 'echo check' "
"in each of the text inputs,\n"
"and counting the amount of 'check' strings in compare of the amount of 'echo' "
"strings in the DOM of the resulted page.\n"
"If there are more 'check' than 'echo' it might indicate of a non blind "
"Command injection.")
def __get_final_args(self, data: Data, args: argparse.Namespace):
"""
This function gets the arguments from the argparse namespace and inserts
them into a Data object which is returned to the main program.
@param data: The data object of the program.
@type data: Data
@param args: All the command line arguments.
@type args: argparse.Namespace
@return: The returned data object, will be processed furthermore in the Main Core.
@rtype: Data
"""
# Set the `Username and Password`.
if type(args.login) is not None:
if len(args.login) == 2:
data.username = self.__char_arr_to_string(args.login[0])
data.password = self.__char_arr_to_string(args.login[1])
# Set the `cookies`.
data.cookies = args.cookies
# Set the `Host IP` Address.
data.ip = args.ip
# Set the `Website URL`.
data.url = args.url
# Check if `all_ports` flag is set.
if args.all_ports:
data.port = 0
else:
# Set the `Host Port`.
data.port = args.port
# Set the `maximum number of pages`.
if args.number_of_pages and args.number_of_pages <= 0:
# If the given number is invalid.
COLOR_MANAGER.print_error(
"Invalid number of pages! Running with unlimited pages.")
data.max_pages = None
else:
# If the number wasn't specified or it was specified and is valid.
data.max_pages = args.number_of_pages
# Set the `output file` name and path.
data.output = args.output
# Set `blacklist` file path.
if args.blacklist is not None:
if args.blacklist.endswith(".txt"):
data.blacklist = args.blacklist
else:
data.blacklist = args.blacklist + ".txt"
else:
data.blacklist = args.blacklist
# Set `whitelist` file path.
if args.whitelist is not None:
if args.whitelist.endswith(".txt"):
data.whitelist = args.whitelist
else:
data.whitelist = args.whitelist + ".txt"
else:
data.whitelist = args.whitelist
# Set `recursive` flag.
data.recursive = args.recursive
# Set `verbose` flag.
data.verbose = args.verbose
if args.verbose:
# Print startup logo and current time.
print(startup())
print(
f"{COLOR_MANAGER.GREEN}Started on: {datetime.datetime.now()}{COLOR_MANAGER.ENDC}"
)
# Set `aggressive` flag.
data.aggressive = args.aggressive
#!/usr/bin/python3
from colors import COLOR_MANAGER
import Classes
import Methods
# ---------------------------------- {Consts} --------------------------
COLOR = COLOR_MANAGER.rgb(100, 100, 255)
OUTSIDE_URL = "https://google.com"
# ---------------------------- {Global variables} ----------------------------
current_referer = None
problem_get = Classes.CheckResult("The use of GET request when submitting the form might be vulnerable.",
"You can change the method of the request to POST.",
"The plugin checks the DOM of the action form,\n"
"in case of GET method, we recommend to change it or make sure it is secure.\n"
"For a CSRF attacker it will be much harder to use this form for his attack"
" if the form uses POST method.")
problem_referer = Classes.CheckResult("The form submission did not detect the 'Referer' header,"
" which was not the same page that has the vulnerable form.",
"You can validate the 'Referer' header of the request,"
" so it will perform only actions from the current page.",
"The plugin submits the action form with 3 different referer header values,\n"
"first one is the URL of the page, the second one is https://google.com, "
"and the third one is another page from the session, with the same domain.\n"
"If the first result is the same as the other results, "
"it might point out that the action form is letting other sources to use it.")
success_message = ""
def check(data):
"""
#!/usr/bin/python3
from colors import COLOR_MANAGER
import Classes
import Methods
# ----------------- {Consts} ---------------------
COLOR = COLOR_MANAGER.rgb(255, 0, 128)
MINIMUM_ATTEMPTS = 3
MAXIMUM_ATTEMPTS = 3
ERROR_WORDS = ["error", "fail"]
QUERY_WORDS = ["sleep", "limit"]
# ----------------------- {Global variables} ------------------------------
comments = {
"#": [f"sleep({Methods.WAITING_TIME})"],
"-- ": [f"sleep({Methods.WAITING_TIME})"],
"--": [
f"dbms_pipe.receive_message(('a'),{Methods.WAITING_TIME})",
f"WAITFOR DELAY '0:0:{Methods.WAITING_TIME}'",
f"pg_sleep({Methods.WAITING_TIME})"
]
}
query = str()
non_blind_problem = Classes.CheckResult(
"", "",
"The plugin submits the action forms and check for 'error' or 'fail'"
" words in the resulted page, it might indicate false positives,"
" it made for sleep function blocking.\n"
"You can check yourself if these are just irrelevant error messages.")
blind_problem = Classes.CheckResult(
"", "", "The plugin uses the sleep function of SQL "