class Crlf_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..')) def test_crlf_injection(self, target): payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r') if (target[:-1].endswith('/')) == False: target += "/" try: flag = requests.get(target) for i in payload.readlines()[1:]: req = requests.get(target + i) if req.text == flag.text: continue status = req.status_code if status != 404 and status != 403 and status != 400: poc = "POC: " + target + i self.Print.printer(3, "CRLF header Injection", data, status, poc) except Exception as e: print( "Error occured while checking for crlf injection. Check module\ log for details") self.logger.module_log(e) return
class Crlf_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__), '../..')) def test_crlf_injection(self, target): payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r') if (target[:-1].endswith('/')) == False: target += "/" try: flag = requests.get(target) for i in payload.readlines()[1:]: req = requests.get(target + i) if req.text == flag.text: continue status = req.status_code if status != 404 and status != 403 and status != 400: poc = "POC: " + target + i self.Print.printer(3, "CRLF header Injection", data, status, poc) except Exception as e: print("Error occured while checking for crlf injection. Check module\ log for details") self.logger.module_log(e) return
class Headers(): def __init__(self): self.Print = Print() self.logger = LoggingManager() def execute_all_func(self, target): self.get_headers(target) self.check_headers(target) def get_headers(self, target): data = "" try: req = requests.head(target) except requests.exceptions.MissingSchema as e: print("Non valid URL. Please specify a valid URL.") self.logger.error_log(e) exit() except Exception as e: print("Error occured while accessing headers.Check recon log") self.logger.recon_log(e) exit() for name, value in req.headers.items(): length = len(name) length = 50 - length data = data + name + ": ".rjust(length) + value + "\n" self.Print.printer(0, "Response Headers: ", data) def check_headers(self, target): req = requests.head(target) print("\n") self.Print.printer(0, "Response header Analysis: ", None) try: xssprotect = req.headers['X-XSS-Protection'] if xssprotect != '1; mode=block': self.Print.printer( 0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect) except: self.Print.printer( 0, "X-XSS-Protection not set, XSS may be possible", None) try: contenttype = req.headers['X-Content-Type-Options'] if contenttype != 'nosniff': self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype) except: self.Print.printer(0, "X-Content-Type-Options not set", None) try: hsts = req.headers['Strict-Transport-Security'] except: self.Print.printer( 0, "HSTS header not set, MITM attacks may be possible", None) try: csp = req.headers['Content-Security-Policy'] self.Print.printer(0, "Content-Security-Policy set: ", csp) except: self.Print.printer(0, "Content-Security-Policy missing", None)
class Sql_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..')) def execute_all_func(self, target): try: self.check_cookies(target) except Exception as e: print("Error while checking cookies.Check module log for details") self.logger.module_log(e) try: self.check_user_agent(target) except Exception as e: print( "Error while checking user agent.Check module log for details." ) self.logger.module_log(e) return def check_cookies(self, target): session = requests.Session() req = session.get(target) payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r') check = ["MySQL server version", "have an error", "SQL syntax"] for i in payload.readlines(): i = i.strip("\n") for cookie in session.cookies: cookie.value += i r = session.get(target) for j in range(0, len(check)): if check[j] in r.text: poc = "POC: " + cookie.name + ": " + cookie.value self.Print.printer(3, "Error Based SQLi(Cookie Based)", None, req.status_code, poc) return def check_user_agent(self, target): payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r') for i in payload.readlines(): user_agent = { 'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' + 'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0' } user_agent['User-agent'] += i req = urllib.request.Request(target, headers=user_agent) flag = str(urllib.request.urlopen(req).read()) check = ["MySQL server version", "have an error", "SQL syntax"] for j in range(0, len(check)): for line in re.finditer(check[j], flag): self.Print.printer(3, "Error Based SQLi(User Agent)", None, None, None) return
class Headers: def __init__(self): self.Print = Print() self.logger = LoggingManager() def execute_all_func(self, target): self.get_headers(target) self.check_headers(target) def get_headers(self, target): data = "" try: req = requests.head(target) except requests.exceptions.MissingSchema as e: print("Non valid URL. Please specify a valid URL.") self.logger.error_log(e) exit() except Exception as e: print("Error occured while accessing headers.Check recon log") self.logger.recon_log(e) exit() for name, value in req.headers.items(): length = len(name) length = 50 - length data = data + name + ": ".rjust(length) + value + "\n" self.Print.printer(0, "Response Headers: ", data) def check_headers(self, target): req = requests.head(target) print("\n") self.Print.printer(0, "Response header Analysis: ", None) try: xssprotect = req.headers["X-XSS-Protection"] if xssprotect != "1; mode=block": self.Print.printer(0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect) except: self.Print.printer(0, "X-XSS-Protection not set, XSS may be possible", None) try: contenttype = req.headers["X-Content-Type-Options"] if contenttype != "nosniff": self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype) except: self.Print.printer(0, "X-Content-Type-Options not set", None) try: hsts = req.headers["Strict-Transport-Security"] except: self.Print.printer(0, "HSTS header not set, MITM attacks may be possible", None) try: csp = req.headers["Content-Security-Policy"] self.Print.printer(0, "Content-Security-Policy set: ", csp) except: self.Print.printer(0, "Content-Security-Policy missing", None)
class HTTPMethods(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE'] def test_allowed_methods(self, target): for verb in self.verbs: try: req = requests.request(verb, target) print(verb, req.status_code, req.reason) if verb == 'TRACE' and 'TRACE / HTTP' in req.text: self.Print.printer(1, "Cross Site Tracing found", None) except requests.exceptions.ConnectionError as e: print("CONNECT :: Connection error occured. Retry using https") self.logger.recon_log(e) except Exception as e: self.logger.recon_log(e) print("Error while testing allowed methords. Check recon log")
class Others(): # def __init__(self): def execute_all_func(self, target): self.logger = LoggingManager() self.websocket_tester(target) def websocket_tester(self, target): try: req = requests.get(target) check = ["ws://", "wss://", "WebSocket"] flag = str(req.text.encode('ascii', 'ignore')) except: print("Error while testing websockets. Check recon log for details\ .") self.logger.recon_log(e) for i in range(0, len(check)): for line in re.finditer(check[i], flag): print("=======================================================") print("Possible Attack: \n") print("Cross-Site WebSocket Hijacking (CSWSH)") print("Might be handy: http://ironwasp.org/cswsh.html") return
class Host_injection(): def __init__(self): self.logger = LoggingManager() self.Print = Print() def host_header_inj(self, target): headers = {'Host': 'www.google.com'} header = {'X-Forwarded-Host': 'www.google.com'} check_host = "google.com" try: req = requests.get(target, headers=headers, allow_redirects=False) if req.status_code == 302 or req.status_code == 301: location = req.headers['Location'] if check_host in location: self.Print.printer(1, "Host Header injection", target, req.status_code) req = requests.get(target, headers=header, allow_redirects=False) if req.status_code == 302 or req.status_code == 301: location = req.headers['Location'] if check_host in location: self.Print.printer(1, "Host Header injection", target, req.status_code) except SSLError as e: self.Print.printer(-1, "Host Header injection: Manual check needed", target, req.status_code) except ConnectionError: self.Print.printer(-1, "Host Header injection: ConnectionError", target, req.status_code) except Exception as e: self.logger.module_log(e) print("Error occured while checking host header injection. Check\ module log for details")
class Cookies(): """ """ def __init__(self): self.cookies = "" self.Print = Print() self.logger = LoggingManager() def execute_all_func(self, target): self.get_cookies(target) self.base64_check(target) def get_cookies(self, target): data = "" try: req = requests.get(target) self.cookies = req.cookies.items() except Exception as e: print("Error occured while accessing cookies. Check recon log") self.logger.recon_log(e) for name, value in self.cookies: length = len(name) length = 25 - length data = data + name + ": ".rjust(length) + value self.Print.printer(0, "Cookies: ", data) def base64_check(self, target): for name, value in self.cookies: try: flag = base64.decodestring( value.replace("%3D", "=").encode("ascii")).decode("cp437") length = len(name) length = 25 - length data = name + ": ".rjust(length) + flag self.Print.printer(0, "Base64 Encoded Cookies: (Attention!)", data) except binascii.Error as e: continue
def main(): logger=LoggingManager() install = Install() try: install.install_os_tools() except Exception as e: logger.install_log(e) print("Error while installing os tools. Check install log.") exit() try: install.install_pip_tools() except Exception as e: logger.install_log(e) print("Error while installing python pip tools. Check install log.") exit()
from Modules.A1_injection.sql import Sql_injection from Modules.A1_injection.crlf import Crlf_injection from Modules.A1_injection.host import Host_injection from Modules.A9_cwkv.wordpress import Wordpress from Modules.A9_cwkv.apache import Apache2_tests from Modules.loggingManager.logging_manager import LoggingManager """For appending the directory path""" abs_path = os.path.abspath(os.path.dirname(__file__)) sys.path.append(abs_path+'/') __author__ = 'Anirudh Anand <*****@*****.**>' logger = LoggingManager() class WebXploit(): def __init__(self): self.target_url = "" self.target_port = "" self.target_host = "" self.logger = logger self.recon_headers = Headers() self.recon_cookies = Cookies() self.recon_methods = HTTPMethods() self.recon_others = Others() self.sql = Sql_injection() self.crlf = Crlf_injection()
def execute_all_func(self, target): self.logger = LoggingManager() self.websocket_tester(target)
def __init__(self): self.logger = LoggingManager() self.Print = Print()
from Modules.A1_injection.sql import Sql_injection from Modules.A1_injection.crlf import Crlf_injection from Modules.A1_injection.host import Host_injection from Modules.A9_cwkv.wordpress import Wordpress from Modules.A9_cwkv.apache import Apache2_tests from Modules.loggingManager.logging_manager import LoggingManager """For appending the directory path""" abs_path = os.path.abspath(os.path.dirname(__file__)) sys.path.append(abs_path + '/') __author__ = 'Anirudh Anand <*****@*****.**>' logger = LoggingManager() class WebXploit(): def __init__(self): self.target_url = "" self.target_port = "" self.target_host = "" self.logger = logger self.recon_headers = Headers() self.recon_cookies = Cookies() self.recon_methods = HTTPMethods() self.recon_others = Others() self.sql = Sql_injection() self.crlf = Crlf_injection()
def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..'))
def __init__(self): self.Print = Print() self.logger = LoggingManager() self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__), '../..'))
def __init__(self): self.Print = Print() self.logger = LoggingManager()