def process(urlGlobal, database, attack_list): plop = open('results/xss_GrabberAttacks.xml','w') plop.write("<xssAttacks>\n") for u in database.keys(): if len(database[u]['GET']): for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_GET(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection)) # see the permutations if len(database[u]['GET'].keys()) > 1: print "inside if for get" for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_POST(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams) if handle != None: output = handle.read() if detect_xss(str(instance), output): # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams)) plop.write("\n</xssAttacks>\n") plop.close() return ""
def process(urlGlobal, database, attack_list): plop = open('results/xss_GrabberAttacks.xml','w') plop.write("<xssAttacks>\n") for u in database.keys(): if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_GET(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection)) # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_POST(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams) if handle != None: output = handle.read() if detect_xss(str(instance), output): # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams)) plop.write("\n</xssAttacks>\n") plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>") plop = open('results/bsql_GrabberAttacks.xml','w') plop.write("<bsqlAttacks>\n") appendToReport(url, '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">'); for u in database.keys(): appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u,gParam,defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_GET(u,gParam,andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_GET(u,gParam,'', txheaders) overflowErS = getContent_GET(u,gParam,overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_GET(u,gParam,instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write(generateOutput(u,gParam,instance,"GET",key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write(generateOutput(u,gParam,"99999...99999","GET","Overflow")) """ # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) """ if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u,gParam,defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_POST(u,gParam,andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_POST(u,gParam,'', txheaders) overflowErS = getContent_POST(u,gParam,overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_POST(u,gParam,instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write(generateOutput(u,gParam,instance,"POST",key)) else: # report a overflow possible error plop.write(generateOutput(u,gParam,"99999...99999","POST","Overflow")) plop.write("\n</bsqlAttacks>\n") appendToReport(url, "</div></div>"); plop.close() return ""
def process(url, database, attack_list): plop = open('results/bsql_GrabberAttacks.xml', 'w') plop.write("<bsqlAttacks>\n") for u in database.keys(): if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u, gParam, defaultValue) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_GET(u, gParam, andSQL) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_GET(u, gParam, '') overflowErS = getContent_GET(u, gParam, overflowStr) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_GET( u, gParam, instance) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write( generateOutput( u, gParam, instance, "GET", key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write( generateOutput(u, gParam, "99999...99999", "GET", "Overflow")) """ # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) """ if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u, gParam, defaultValue) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_POST(u, gParam, andSQL) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_POST(u, gParam, '') overflowErS = getContent_POST(u, gParam, overflowStr) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_POST( u, gParam, instance) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write( generateOutput( u, gParam, instance, "POST", key)) else: # report a overflow possible error plop.write( generateOutput(u, gParam, "99999...99999", "POST", "Overflow")) plop.write("\n</bsqlAttacks>\n") plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport( url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseInclude' href='#collapseInclude'>File Injection Attacks </a></h3></div>" ) plop = open('results/files_GrabberAttacks.xml', 'w') plop.write("<filesAttacks>\n") appendToReport( url, '<div id="collapseInclude" class="panel-collapse collapse in"><div class="panel-body">' ) for u in database.keys(): appendToReport( u, "<h4><div class='label label-default'><a target='_balnk' href='" + u + "'>" + u + "</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_GET(u, gParam, instance, txheaders) if handle != None: output = handle.read() header = handle.info() k = detect_file(output) if k > 0: # generate the info... plop.write( generateOutput(u, gParam, instance, "GET", typeOfInjection, k)) appendToReport( u, generateHTMLOutput(u, gParam, "GET", typeOfInjection, instance)) # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u, url, txheaders) if handle != None: output = handle.read() k = detect_file(output) if k > 0: # generate the info... plop.write( generateOutputLong(u, url, "GET", typeOfInjection, k)) appendToReport( u, generateHTMLOutput(u, url, "GET", typeOfInjection, instance)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_POST(u, gParam, instance, txheaders) if handle != None: output = handle.read() header = handle.info() k = detect_file(output) if k > 0: # generate the info... plop.write( generateOutput(u, gParam, instance, "POST", typeOfInjection, k)) appendToReport( u, generateHTMLOutput(u, gParam, "POST", typeOfInjection, instance)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST( u, allParams, txheaders) if handle != None: output = handle.read() k = detect_file(output) if k > 0: # generate the info... plop.write( generateOutputLong(u, url, "POST", typeOfInjection, k, allParams)) appendToReport( u, generateHTMLOutput(u, url, "POST", typeOfInjection, instance, allparams)) plop.write("\n</filesAttacks>") appendToReport(url, "</div></div>") plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport( url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>" ) plop = open('results/bsql_GrabberAttacks.xml', 'w') plop.write("<bsqlAttacks>\n") appendToReport( url, '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">' ) for u in database.keys(): appendToReport( u, "<h4><div class='label label-default'><a target='_balnk' href='" + u + "'>" + u + "</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u, gParam, defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_GET(u, gParam, andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_GET(u, gParam, '', txheaders) overflowErS = getContent_GET(u, gParam, overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_GET( u, gParam, instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write( generateOutput( u, gParam, instance, "GET", key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write( generateOutput(u, gParam, "99999...99999", "GET", "Overflow")) """ # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) """ if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u, gParam, defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_POST(u, gParam, andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_POST(u, gParam, '', txheaders) overflowErS = getContent_POST(u, gParam, overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_POST( u, gParam, instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write( generateOutput( u, gParam, instance, "POST", key)) else: # report a overflow possible error plop.write( generateOutput(u, gParam, "99999...99999", "POST", "Overflow")) plop.write("\n</bsqlAttacks>\n") appendToReport(url, "</div></div>") plop.close() return ""
def process(url, database, attack_list): plop = open('results/bsql_GrabberAttacks.xml','w') plop.write("<bsqlAttacks>\n") for u in database.keys(): if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u,gParam,defaultValue) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_GET(u,gParam,andSQL) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_GET(u,gParam,'') overflowErS = getContent_GET(u,gParam,overflowStr) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_GET(u,gParam,instance) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write(generateOutput(u,gParam,instance,"GET",key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write(generateOutput(u,gParam,"99999...99999","GET","Overflow")) """ # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) """ if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u,gParam,defaultValue) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_POST(u,gParam,andSQL) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_POST(u,gParam,'') overflowErS = getContent_POST(u,gParam,overflowStr) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_POST(u,gParam,instance) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write(generateOutput(u,gParam,instance,"POST",key)) else: # report a overflow possible error plop.write(generateOutput(u,gParam,"99999...99999","POST","Overflow")) plop.write("\n</bsqlAttacks>\n") plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseInclude' href='#collapseInclude'>File Injection Attacks </a></h3></div>") plop = open('results/files_GrabberAttacks.xml','w') plop.write("<filesAttacks>\n") appendToReport(url, '<div id="collapseInclude" class="panel-collapse collapse in"><div class="panel-body">'); for u in database.keys(): appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_GET(u,gParam,instance, txheaders) if handle != None: output = handle.read() header = handle.info() k = detect_file(output) if k > 0: # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection, k)) appendToReport(u, generateHTMLOutput(u, gParam, "GET", typeOfInjection, instance)) # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url, txheaders) if handle != None: output = handle.read() k = detect_file(output) if k > 0: # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection,k)) appendToReport(u, generateHTMLOutput(u, url, "GET", typeOfInjection, instance)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_POST(u,gParam,instance, txheaders) if handle != None: output = handle.read() header = handle.info() k = detect_file(output) if k > 0: # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection,k)) appendToReport(u, generateHTMLOutput(u, gParam, "POST", typeOfInjection, instance)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams, txheaders) if handle != None: output = handle.read() k = detect_file(output) if k > 0: # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection,k,allParams)) appendToReport(u ,generateHTMLOutput(u, url, "POST", typeOfInjection, instance, allparams)) plop.write("\n</filesAttacks>") appendToReport(url, "</div></div>"); plop.close() return ""
def process(url, database, attack_list): plop = open('results/commandInjection_GrabberAttacks.xml','w') plop.write("<CommandInjectionAttacks>\n") for u in database.keys(): if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u,gParam,defaultValue) if defaultReturn == None: continue # check with the attack list for cmd in attack_list: tmpError = getContent_GET(u,gParam,cmd) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): basicError = getContent_GET(u,gParam,'') overflowErS = getContent_GET(u,gParam,overflowStr) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderCommand: for instance in attack_list[key]: tmpError = getContent_GET(u,gParam,instance) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write(generateOutput(u,gParam,instance,"GET",key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write(generateOutput(u,gParam,"Overflow in Command Injection","GET","Overflow")) if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u,gParam,defaultValue) if defaultReturn == None: continue # check with the attack list for cmd in attack_list: tmpError = getContent_POST(u,gParam,cmd) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): basicError = getContent_POST(u,gParam,'') overflowErS = getContent_POST(u,gParam,overflowStr) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderCommand: for instance in attack_list[key]: tmpError = getContent_POST(u,gParam,instance) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write(generateOutput(u,gParam,instance,"POST",key)) else: # report a overflow possible error plop.write(generateOutput(u,gParam,"Overflow in Command Injection","POST","Overflow")) plop.write("\n</CommandInjectionAttacks>\n") plop.close() return ""