def requester(url, data, headers, GET, delay, timeout): if getVar('jsonData'): data = converter(data) elif getVar('path'): url = converter(data, url) data = [] GET, POST = True, False time.sleep(delay) user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'] if ('User-Agent' not in headers) or (headers['User-Agent'] == '$'): headers['User-Agent'] = random.choice(user_agents) logger.debug('Requester url: {}'.format(url)) logger.debug('Requester GET: {}'.format(GET)) logger.debug_json('Requester data:', data) logger.debug_json('Requester headers:', headers) try: if GET: response = requests.get(url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) elif getVar('jsonData'): response = requests.post(url, json=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = requests.post(url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) return response except ProtocolError: logger.warning('WAF is dropping suspicious requests.') logger.warning('Scanning will continue after 10 minutes.') time.sleep(600)
def requester(url,data,headers,GET,delay,timeout): if url == 'https://portal.biznetgio.net/signout': print("URL CHANGED") url = 'https://portal.biznetgio.net/dashboard' print("====================URL=====================") print(url) print("============================================") webdriver = container.vars['driver'] if getVar('jsonData'): data = converter(data) elif getVar('path'): url = converter(data, url) data = [] GET, POST = True, False time.sleep(delay) user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36' 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991'] if 'User-Agent' not in headers: headers['User-Agent'] = random.choice(user_agents) elif headers['User-Agent'] == '$': headers['User-Agent'] = random.choice(user_agents) logger.debug('Requester url: {}'.format(url)) logger.debug('Requester GET: {}'.format(GET)) logger.debug_json('Requester data:', data) logger.debug_json('Requester headers:', headers) try: if GET: response = webdriver.request('GET',url, params=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) elif getVar('jsonData'): response = webdriver.request('POST',url, json=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) else: response = webdriver.request('POST',url, data=data, headers=headers, timeout=timeout, verify=False, proxies=core.config.proxies) if url == 'https://portal.biznetgio.net/other-services': print("==================================RESPONSE======================================") print(response.text) print("===============================RESPONSE END=====================================") print("==================================Container======================================") print(container.vars) print("===============================Cookies END=====================================") return response except ProtocolError: logger.warning('WAF is dropping suspicious requests.') logger.warning('Scanning will continue after 10 minutes.') time.sleep(600) except Exception as e: print("LAH ERROR") print(str(e))
def retireJs(url, response): vulnerable_component = list() scripts = js_extractor(response) for index, script in enumerate(scripts): if script not in getVar('checkedScripts'): updateVar('checkedScripts', script, 'add') uri = handle_anchor(url, script) response = requester(uri, '', getVar('headers'), True, getVar('delay'), getVar('timeout')).text result = main_scanner(uri, response) if result: component_report = dict() logger.red_line() logger.good('Vulnerable component: ' + result['component'] + ' v' + result['version']) logger.info('Component location: %s' % uri) details = result['vulnerabilities'] logger.info('Total vulnerabilities: %i' % len(details)) component_report['vulnerable_component'] = result[ 'component'] + ' v' + result['version'] component_report['component_location'] = uri component_report['total_vulnerabilities'] = len(details) component_report['details'] = list() for detail in details: detail_report = dict() identifiers = detail['identifiers'] summary = identifiers.get('summary', "None") severity = identifiers.get('severity', "None") _cve = identifiers.get('CVE', ["None"]) cve = _cve[0] logger.info('%sSummary:%s %s' % (green, end, summary)) logger.info('Severity: %s' % severity) logger.info('CVE: %s' % cve) detail_report['summary'] = summary detail_report['severity'] = severity detail_report['cve'] = cve component_report['details'].append(detail_report) logger.red_line() print("\n{}\n".format(component_report)) vulnerable_component.append(component_report) return vulnerable_component
def retireJs(url, response): scripts = js_extractor(response) for script in scripts: if script not in getVar('checkedScripts'): updateVar('checkedScripts', script, 'add') uri = handle_anchor(url, script) response = requester(uri, '', getVar('headers'), True, getVar('delay'), getVar('timeout')).text result = main_scanner(uri, response) if result: logger.red_line() logger.good('Vulnerable component: ' + result['component'] + ' v' + result['version']) logger.info('Component location: %s' % uri) details = result['vulnerabilities'] logger.info('Total vulnerabilities: %i' % len(details)) for detail in details: logger.info('%sSummary:%s %s' % (green, end, detail['identifiers']['summary'])) logger.info('Severity: %s' % detail['severity']) logger.info('CVE: %s' % detail['identifiers']['CVE'][0]) logger.red_line()
def main_scanner(uri, response): definitions = getVar('definitions') uri_scan_result = scan_uri(uri, definitions) filecontent = response filecontent_scan_result = scan_file_content(filecontent, definitions) uri_scan_result.extend(filecontent_scan_result) result = {} if uri_scan_result: result['component'] = uri_scan_result[0]['component'] result['version'] = uri_scan_result[0]['version'] result['vulnerabilities'] = [] vulnerabilities = set() for i in uri_scan_result: k = set() try: for j in i['vulnerabilities']: vulnerabilities.add(str(j)) except KeyError: pass for vulnerability in vulnerabilities: result['vulnerabilities'].append( json.loads(vulnerability.replace('\'', '"'))) return result