def print_scan_result(type, response, payload_str, verification, request_info):
""" Print Scan Result
Args:
type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post"
response: The response content of request
payload_str: The real payload of FI based on parameters, it is a string, e.g. "file=../../../../../../../../../../../../../../../etc/passwd%00"
verification: The verification of FI, it can be a string or list
request_info: The info of request, it is a dict
"""
result_fi = ""
if response:
res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(
request_info['rid'], request_info['host'], request_info['method'],
payload_str, verify_fi(response, verification))
result_fi = verify_fi(response, verification)
else:
res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(
request_info['rid'], request_info['host'], request_info['method'],
payload_str, "not vulnerable")
result_fi = "not vulnerable"
poc_fi = "{}: {}".format(type, payload_str)
update_scan_result(request_info['rid'], 'scan_fi', 'result_fi', result_fi,
'poc_fi', poc_fi, 'response_fi', response)
print highlight(res, 'green')
return result_fi
def print_scan_result(type, response, payload_str, verification, request_info):
""" Print Scan Result
Args:
type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post"
response: The response content of request
payload_str: The real payload of XSS based on parameters, it is a string, e.g. "value=<script>alert(1)</script>"
verification: The verification of XSS, it can be a string or list
request_info: The info of request, it is a dict
"""
result_xss = ""
if response:
res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(
request_info['rid'], request_info['host'], request_info['method'],
payload_str, verify_xss(response, verification))
result_xss = verify_xss(response, verification)
else:
res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(
request_info['rid'], request_info['host'], request_info['method'],
payload_str, "not vulnerable")
result_xss = "not vulnerable"
poc_xss = "{}: {}".format(type, payload_str)
update_scan_result(request_info['rid'], 'scan_xss', 'result_xss',
result_xss, 'poc_xss', poc_xss, 'response_xss',
response)
print highlight(res, 'green')
return result_xss
def task_delete(self):
url = "{}task/{}/delete".format(self.server, self.taskid)
res = json.loads(requests.get(url, timeout = TIME_OUT).text)
if res['success']:
print highlight('[*] deleted task: {}'.format(self.taskid), 'green')
return True
else:
print highlight('[!] invalid task: {}'.format(self.taskid), 'yellow')
return False
def insert_request(request, raw):
if raw.startswith('\\r\\n'):
raw = raw.lstrip('\\r\\n')
try:
# feeds = []
# for key, value in request.items():
# if key != 'time':
# feeds.append(escape_content(value))
# feeds_str = ",".join(feeds)
# rid = hashlib.sha256(feeds_str).hexdigest()
rid = getRid(raw)
if not is_duplicate('requests', rid):
now = str(
time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
table_request = 'requests'
request['rid'] = rid
request['update_time'] = now
request['raw'] = raw
table_response = 'responses'
args_response = {}
args_response['rid'] = rid
args_response['update_time'] = now
flag = 'insert'
else:
now = str(
time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
table_request = 'requests'
args_request = {}
args_request['update_time'] = now
cons_request = {}
cons_request['rid'] = rid
table_response = 'responses'
args_response = {}
args_response['update_time'] = now
cons_response = {}
cons_response['rid'] = rid
flag = 'update'
if flag == 'insert':
if db_insert(table_request, request) and db_insert(
table_response, args_response):
print highlight(
'[+] {} request rid: {}, url: {}://{}{}'.format(
flag, rid, request['protocol'], request['host'],
request['path']), 'green')
return True
else:
return False
except Exception, e:
print highlight('[!] {}'.format(str(e)), 'red')
return False
def task_new(self):
url = "{}task/new".format(self.server)
res = json.loads(requests.get(url, timeout = TIME_OUT).text)
if res['success']:
self.taskid = res['taskid']
print highlight('[*] created new task: {}'.format(self.taskid), 'green')
print '\t[-]target: {}'.format(self.target)
return True
else:
return False
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(1)[0])
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_sqli'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
scanner(request)
else:
print highlight("[!] no new request found", 'yellow')
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(1)[0])
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_sqli'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
scanner(request)
else:
print highlight("[!] no new request found", 'yellow')
def task_delete(self):
url = "{}task/{}/delete".format(self.server, self.taskid)
res = json.loads(requests.get(url, timeout=TIME_OUT).text)
if res['success']:
print highlight('[*] deleted task: {}'.format(self.taskid),
'green')
return True
else:
print highlight('[!] invalid task: {}'.format(self.taskid),
'yellow')
return False
def task_new(self):
url = "{}task/new".format(self.server)
res = json.loads(requests.get(url, timeout=TIME_OUT).text)
if res['success']:
self.taskid = res['taskid']
print highlight('[*] created new task: {}'.format(self.taskid),
'green')
print '\t[-]target: {}'.format(self.target)
return True
else:
return False
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(2)[0]) # 2 means exclusion type is FI(File Inclusion)
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_fi'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
try:
scanner(request)
except Exception, err:
print highlight("[!] scanner failed: {}".format(str(err)), 'red')
pass
def is_duplicate(table, rid):
try:
sql = "SELECT COUNT(*) FROM {} where rid ='{}'".format(table, rid.strip())
query_result = db_query(sql)
count = [row[0] for row in query_result]
if count[0] >= 1:
return True
else:
return False
except Exception, e:
print highlight('[!] {}'.format(str(e)), 'red')
return False
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(0)[0])
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_xss'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
try:
scanner(request)
except Exception, err:
print highlight("[!] scanner failed: {}".format(str(err)), 'red')
pass
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(
2)[0]) # 2 means exclusion type is FI(File Inclusion)
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_fi'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
try:
#print 'lyue'
#print request
scanner(request)
except Exception, err:
print highlight("[!] scanner failed: {}".format(str(err)),
'red')
pass
def insert_request(request):
try:
feeds = []
for key, value in request.items():
if key != 'time':
feeds.append(escape_content(value))
feeds_str = ",".join(feeds)
rid = hashlib.sha256(feeds_str).hexdigest()
if not is_duplicate('requests', rid):
now = str(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())))
table_request = 'requests'
request['rid'] = rid
request['update_time'] = now
table_response = 'responses'
args_response = {}
args_response['rid'] = rid
args_response['update_time'] = now
flag = 'insert'
else:
now = str(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())))
table_request = 'requests'
args_request = {}
args_request['update_time'] = now
cons_request = {}
cons_request['rid'] = rid
table_response = 'responses'
args_response = {}
args_response['update_time'] = now
cons_response = {}
cons_response['rid'] = rid
flag = 'update'
if flag == 'insert':
if db_insert(table_request, request) and db_insert(table_response, args_response):
print highlight('[+] {} request rid: {}, url: {}://{}{}'.format(flag, rid, request['protocol'], request['host'], request['path']), 'green')
return True
else:
return False
except Exception, e:
print highlight('[!] {}'.format(str(e)), 'red')
return False
def main1():
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('Requests Analysis',
highlight(str(now), 'green'),
delim)
parse_log('log/burp.log', 'parse_burp_log')
time.sleep(5)
print delim, '\n'
def print_scan_result(type, response, payload_str, verification, request_info):
""" Print Scan Result
Args:
type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post"
response: The response content of request
payload_str: The real payload of FI based on parameters, it is a string, e.g. "file=../../../../../../../../../../../../../../../etc/passwd%00"
verification: The verification of FI, it can be a string or list
request_info: The info of request, it is a dict
"""
result_fi = ""
if response:
res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, verify_fi(response, verification))
result_fi = verify_fi(response, verification)
else:
res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, "not vulnerable")
result_fi = "not vulnerable"
poc_fi = "{}: {}".format(type, payload_str)
update_scan_result(request_info['rid'], 'scan_fi', 'result_fi', result_fi, 'poc_fi', poc_fi, 'response_fi', response)
print highlight(res, 'green')
return result_fi
def run(self):
if not self.task_new():
return False
self.option_set()
if not self.scan_start():
return False
while True:
if self.scan_status() == 'running':
time.sleep(10)
elif self.scan_status() == 'terminated':
break
else:
break
print '\t[-] scan time: {}'.format(time.time() - self.start_time)
if time.time() - self.start_time > 3000:
error = True
self.scan_stop()
self.scan_kill()
break
self.scan_data()
self.task_delete()
print highlight('[*] total scan time: {}'.format(time.time() - self.start_time), 'green')
def print_scan_result(type, response, payload_str, verification, request_info):
""" Print Scan Result
Args:
type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post"
response: The response content of request
payload_str: The real payload of XSS based on parameters, it is a string, e.g. "value=<script>alert(1)</script>"
verification: The verification of XSS, it can be a string or list
request_info: The info of request, it is a dict
"""
result_xss = ""
if response:
res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, verify_xss(response, verification))
result_xss = verify_xss(response, verification)
else:
res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, "not vulnerable")
result_xss = "not vulnerable"
poc_xss = "{}: {}".format(type, payload_str)
update_scan_result(request_info['rid'], 'scan_xss', 'result_xss', result_xss, 'poc_xss', poc_xss, 'response_xss', response)
print highlight(res, 'green')
return result_xss
def run(self):
if not self.task_new():
return False
self.option_set()
if not self.scan_start():
return False
while True:
if self.scan_status() == 'running':
time.sleep(10)
elif self.scan_status() == 'terminated':
break
else:
break
print '\t[-] scan time: {}'.format(time.time() - self.start_time)
if time.time() - self.start_time > 3000:
error = True
self.scan_stop()
self.scan_kill()
break
self.scan_data()
self.task_delete()
print highlight(
'[*] total scan time: {}'.format(time.time() - self.start_time),
'green')
def scan_data(self):
url = "{}scan/{}/data".format(self.server, self.taskid)
res = json.loads(requests.get(url, timeout = TIME_OUT).text)
if res['success']:
self.data = res['data']
if len(self.data) == 0:
print highlight('[*] not injection!!!', 'red')
else:
print highlight('[*] injection found:', 'blue')
print '\t[-]result: {}'.format(self.data)
else:
print highlight('[!] invalid scan!!!', 'yellow')
def scan_data(self):
url = "{}scan/{}/data".format(self.server, self.taskid)
res = json.loads(requests.get(url, timeout=TIME_OUT).text)
if res['success']:
self.data = res['data']
if len(self.data) == 0:
print highlight('[*] not injection!!!', 'red')
else:
print highlight('[*] injection found:', 'blue')
print '\t[-]result: {}'.format(self.data)
else:
print highlight('[!] invalid scan!!!', 'yellow')
def scan_sqli_request(request_info, sqlmapapi_server):
delim = '.............................................\n'
try:
if not is_checked(request_info['rid'], 'scan_sqli'):
print highlight('[*] request id: {}'.format(request_info['rid']), 'green')
print highlight('[*] sqlmapapi server: {}'.format(sqlmapapi_server), 'green')
run_scan_sqli = HackSqlmapApi(sqlmapapi_server, request_info)
run_scan_sqli.run()
if len(run_scan_sqli.data) == 0:
result_sqli = 'not vulnerable'
poc_sqli = ''
else:
result_sqli = 'vulnerable'
poc_sqli = str(run_scan_sqli.data)
update_scan_result(request_info['rid'], 'scan_sqli', 'result_sqli', result_sqli, 'poc_sqli', poc_sqli, 'response_sqli', poc_sqli)
print delim
except Exception, err:
print highlight('[!] error: {}'.format(str(err)), 'red')
print delim
pass
def scan_sqli_request(request_info, sqlmapapi_server):
delim = '.............................................\n'
try:
if not is_checked(request_info['rid'], 'scan_sqli'):
print highlight('[*] request id: {}'.format(request_info['rid']),
'green')
print highlight(
'[*] sqlmapapi server: {}'.format(sqlmapapi_server), 'green')
run_scan_sqli = HackSqlmapApi(sqlmapapi_server, request_info)
run_scan_sqli.run()
if len(run_scan_sqli.data) == 0:
result_sqli = 'not vulnerable'
poc_sqli = ''
else:
result_sqli = 'vulnerable'
poc_sqli = str(run_scan_sqli.data)
update_scan_result(request_info['rid'], 'scan_sqli', 'result_sqli',
result_sqli, 'poc_sqli', poc_sqli,
'response_sqli', poc_sqli)
print delim
except Exception, err:
print highlight('[!] error: {}'.format(str(err)), 'red')
print delim
pass
return requestinfo
def parse_log(log_file, excludes):
requests = get_file_to_array(log_file)
for request in requests:
if not is_contained(request, excludes):
request_info = request.split(
'======================================================')[0]
request_info_parsed = parse_request_info(request_info)
insert_request(
request_info_parsed) # Insert Mitmproxy requests into Database
def main():
log_file = sys.argv[1]
excludes = get_parse_exclusion_info(fetch_exclusion_parse()[0])
parse_log(log_file, excludes)
if __name__ == "__main__":
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('Requests Analysis',
highlight(str(now), 'green'),
delim)
main()
time.sleep(5)
print delim, '\n'
request_info = get_request_info(request)
if request_info['method'] == "GET":
scan_get_request(request_info)
elif request_info['method'] == "POST":
scan_post_request(request_info)
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(2)[0]) # 2 means exclusion type is FI(File Inclusion)
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_fi'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
try:
scanner(request)
except Exception, err:
print highlight("[!] scanner failed: {}".format(str(err)), 'red')
pass
else:
print highlight("[!] no new request found", 'yellow')
if __name__ == "__main__":
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('LFI/RFI Scan', highlight(str(now), 'green'), delim)
main()
time.sleep(5)
print delim, '\n'
scan_post_request(request_info)
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(0)[0])
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_xss'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
try:
scanner(request)
except Exception, err:
print highlight("[!] scanner failed: {}".format(str(err)),
'red')
pass
else:
print highlight("[!] no new request found", 'yellow')
if __name__ == "__main__":
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('XSS Scan',
highlight(str(now), 'green'),
delim)
main()
time.sleep(5)
print delim, '\n'
sqlmap_info = get_sqlmap_info(sqlmap)
sqlmapapi = "http://{}:{}/".format(sqlmap_info['ip'], sqlmap_info['port'])
sqlmapapi_servers.append(sqlmapapi)
if len(sqlmapapi_servers) > 0:
sqlmapapi_server = random.sample(sqlmapapi_servers, 1)[0]
else:
sqlmapapi_server = 'http://127.0.0.1:8775/'
request_info = get_request_info(request)
scan_sqli_request(request_info, sqlmapapi_server)
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(1)[0])
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_sqli'
requests = fetch_request(exclude, scan_type, limit_num)
if requests:
for request in requests:
scanner(request)
else:
print highlight("[!] no new request found", 'yellow')
if __name__ == "__main__":
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('SQL Injection Scan', highlight(str(now), 'green'), delim)
main()
time.sleep(5)
print delim, '\n'
elif request_info['method'] == "POST":
scan_post_request(request_info)
def main():
exclude = get_scan_exclusion_info(fetch_exclusion_scan(0)[0])
limit_num = 10000 # Number of limit of requests
scan_type = 'scan_xss'
requests = fetch_request(exclude, scan_type, limit_num)
print len(requests)
if requests:
for request in requests:
print 'request:',request
try:
scanner(request)
except Exception, err:
print highlight("[!] scanner failed: {}".format(str(err)), 'red')
pass
else:
print highlight("[!] no new request found", 'yellow')
if __name__ == "__main__":
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('XSS Scan', highlight(str(now), 'green'), delim)
main()
time.sleep(5)
print delim, '\n'
requestinfo['cookie'] = cookie
if requestinfo['method'] == "POST":
post_data = lines[-2]
requestinfo['post_data'] = post_data
return requestinfo
def parse_log(log_file, excludes):
requests = get_file_to_array(log_file)
for request in requests:
if not is_contained(request, excludes):
url_info = request.split('======================================================')[1]
request_info = request.split('======================================================')[2]
url_info_parsed = parse_url_info(url_info)
request_info_parsed = parse_request_info(request_info)
request_parsed = dict(url_info_parsed, **request_info_parsed)
insert_request(request_parsed) # Insert Burp requests into Database
def main():
log_file = sys.argv[1]
excludes = get_parse_exclusion_info(fetch_exclusion_parse()[0])
parse_log(log_file, excludes)
if __name__ == "__main__":
while True:
now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))
delim = '.............................................'
print "[*][{}] Time: {}\n{}".format('Requests Analysis', highlight(str(now), 'green'), delim)
main()
time.sleep(5)
print delim, '\n'
