class Crlf_injection():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(
os.path.join(os.path.dirname(__file__), '../..'))
def test_crlf_injection(self, target):
payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r')
if (target[:-1].endswith('/')) == False:
target += "/"
try:
flag = requests.get(target)
for i in payload.readlines()[1:]:
req = requests.get(target + i)
if req.text == flag.text:
continue
status = req.status_code
if status != 404 and status != 403 and status != 400:
poc = "POC: " + target + i
self.Print.printer(3, "CRLF header Injection", data,
status, poc)
except Exception as e:
print(
"Error occured while checking for crlf injection. Check module\
log for details")
self.logger.module_log(e)
return
class Crlf_injection():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__),
'../..'))
def test_crlf_injection(self, target):
payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r')
if (target[:-1].endswith('/')) == False:
target += "/"
try:
flag = requests.get(target)
for i in payload.readlines()[1:]:
req = requests.get(target + i)
if req.text == flag.text:
continue
status = req.status_code
if status != 404 and status != 403 and status != 400:
poc = "POC: " + target + i
self.Print.printer(3, "CRLF header Injection",
data, status, poc)
except Exception as e:
print("Error occured while checking for crlf injection. Check module\
log for details")
self.logger.module_log(e)
return
class Headers():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
def execute_all_func(self, target):
self.get_headers(target)
self.check_headers(target)
def get_headers(self, target):
data = ""
try:
req = requests.head(target)
except requests.exceptions.MissingSchema as e:
print("Non valid URL. Please specify a valid URL.")
self.logger.error_log(e)
exit()
except Exception as e:
print("Error occured while accessing headers.Check recon log")
self.logger.recon_log(e)
exit()
for name, value in req.headers.items():
length = len(name)
length = 50 - length
data = data + name + ": ".rjust(length) + value + "\n"
self.Print.printer(0, "Response Headers: ", data)
def check_headers(self, target):
req = requests.head(target)
print("\n")
self.Print.printer(0, "Response header Analysis: ", None)
try:
xssprotect = req.headers['X-XSS-Protection']
if xssprotect != '1; mode=block':
self.Print.printer(
0,
"X-XSS-Protection not set properly, XSS may be possible:",
xssprotect)
except:
self.Print.printer(
0, "X-XSS-Protection not set, XSS may be possible", None)
try:
contenttype = req.headers['X-Content-Type-Options']
if contenttype != 'nosniff':
self.Print.printer(0,
"X-Content-Type-Options not set properly:",
contenttype)
except:
self.Print.printer(0, "X-Content-Type-Options not set", None)
try:
hsts = req.headers['Strict-Transport-Security']
except:
self.Print.printer(
0, "HSTS header not set, MITM attacks may be possible", None)
try:
csp = req.headers['Content-Security-Policy']
self.Print.printer(0, "Content-Security-Policy set: ", csp)
except:
self.Print.printer(0, "Content-Security-Policy missing", None)
class Sql_injection():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(
os.path.join(os.path.dirname(__file__), '../..'))
def execute_all_func(self, target):
try:
self.check_cookies(target)
except Exception as e:
print("Error while checking cookies.Check module log for details")
self.logger.module_log(e)
try:
self.check_user_agent(target)
except Exception as e:
print(
"Error while checking user agent.Check module log for details."
)
self.logger.module_log(e)
return
def check_cookies(self, target):
session = requests.Session()
req = session.get(target)
payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r')
check = ["MySQL server version", "have an error", "SQL syntax"]
for i in payload.readlines():
i = i.strip("\n")
for cookie in session.cookies:
cookie.value += i
r = session.get(target)
for j in range(0, len(check)):
if check[j] in r.text:
poc = "POC: " + cookie.name + ": " + cookie.value
self.Print.printer(3, "Error Based SQLi(Cookie Based)",
None, req.status_code, poc)
return
def check_user_agent(self, target):
payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r')
for i in payload.readlines():
user_agent = {
'User-agent':
'Mozilla/5.0 (X11; Ubuntu; Linux' +
'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
}
user_agent['User-agent'] += i
req = urllib.request.Request(target, headers=user_agent)
flag = str(urllib.request.urlopen(req).read())
check = ["MySQL server version", "have an error", "SQL syntax"]
for j in range(0, len(check)):
for line in re.finditer(check[j], flag):
self.Print.printer(3, "Error Based SQLi(User Agent)", None,
None, None)
return
class Headers:
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
def execute_all_func(self, target):
self.get_headers(target)
self.check_headers(target)
def get_headers(self, target):
data = ""
try:
req = requests.head(target)
except requests.exceptions.MissingSchema as e:
print("Non valid URL. Please specify a valid URL.")
self.logger.error_log(e)
exit()
except Exception as e:
print("Error occured while accessing headers.Check recon log")
self.logger.recon_log(e)
exit()
for name, value in req.headers.items():
length = len(name)
length = 50 - length
data = data + name + ": ".rjust(length) + value + "\n"
self.Print.printer(0, "Response Headers: ", data)
def check_headers(self, target):
req = requests.head(target)
print("\n")
self.Print.printer(0, "Response header Analysis: ", None)
try:
xssprotect = req.headers["X-XSS-Protection"]
if xssprotect != "1; mode=block":
self.Print.printer(0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect)
except:
self.Print.printer(0, "X-XSS-Protection not set, XSS may be possible", None)
try:
contenttype = req.headers["X-Content-Type-Options"]
if contenttype != "nosniff":
self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype)
except:
self.Print.printer(0, "X-Content-Type-Options not set", None)
try:
hsts = req.headers["Strict-Transport-Security"]
except:
self.Print.printer(0, "HSTS header not set, MITM attacks may be possible", None)
try:
csp = req.headers["Content-Security-Policy"]
self.Print.printer(0, "Content-Security-Policy set: ", csp)
except:
self.Print.printer(0, "Content-Security-Policy missing", None)
class HTTPMethods():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
def test_allowed_methods(self, target):
for verb in self.verbs:
try:
req = requests.request(verb, target)
print(verb, req.status_code, req.reason)
if verb == 'TRACE' and 'TRACE / HTTP' in req.text:
self.Print.printer(1, "Cross Site Tracing found", None)
except requests.exceptions.ConnectionError as e:
print("CONNECT :: Connection error occured. Retry using https")
self.logger.recon_log(e)
except Exception as e:
self.logger.recon_log(e)
print("Error while testing allowed methords. Check recon log")
class HTTPMethods():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
def test_allowed_methods(self, target):
for verb in self.verbs:
try:
req = requests.request(verb, target)
print(verb, req.status_code, req.reason)
if verb == 'TRACE' and 'TRACE / HTTP' in req.text:
self.Print.printer(1, "Cross Site Tracing found", None)
except requests.exceptions.ConnectionError as e:
print("CONNECT :: Connection error occured. Retry using https")
self.logger.recon_log(e)
except Exception as e:
self.logger.recon_log(e)
print("Error while testing allowed methords. Check recon log")
class Others():
# def __init__(self):
def execute_all_func(self, target):
self.logger = LoggingManager()
self.websocket_tester(target)
def websocket_tester(self, target):
try:
req = requests.get(target)
check = ["ws://", "wss://", "WebSocket"]
flag = str(req.text.encode('ascii', 'ignore'))
except:
print("Error while testing websockets. Check recon log for details\
.")
self.logger.recon_log(e)
for i in range(0, len(check)):
for line in re.finditer(check[i], flag):
print("=======================================================")
print("Possible Attack: \n")
print("Cross-Site WebSocket Hijacking (CSWSH)")
print("Might be handy: http://ironwasp.org/cswsh.html")
return
class Host_injection():
def __init__(self):
self.logger = LoggingManager()
self.Print = Print()
def host_header_inj(self, target):
headers = {'Host': 'www.google.com'}
header = {'X-Forwarded-Host': 'www.google.com'}
check_host = "google.com"
try:
req = requests.get(target, headers=headers, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection", target,
req.status_code)
req = requests.get(target, headers=header, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection", target,
req.status_code)
except SSLError as e:
self.Print.printer(-1,
"Host Header injection: Manual check needed",
target, req.status_code)
except ConnectionError:
self.Print.printer(-1, "Host Header injection: ConnectionError",
target, req.status_code)
except Exception as e:
self.logger.module_log(e)
print("Error occured while checking host header injection. Check\
module log for details")
class Cookies():
""" """
def __init__(self):
self.cookies = ""
self.Print = Print()
self.logger = LoggingManager()
def execute_all_func(self, target):
self.get_cookies(target)
self.base64_check(target)
def get_cookies(self, target):
data = ""
try:
req = requests.get(target)
self.cookies = req.cookies.items()
except Exception as e:
print("Error occured while accessing cookies. Check recon log")
self.logger.recon_log(e)
for name, value in self.cookies:
length = len(name)
length = 25 - length
data = data + name + ": ".rjust(length) + value
self.Print.printer(0, "Cookies: ", data)
def base64_check(self, target):
for name, value in self.cookies:
try:
flag = base64.decodestring(
value.replace("%3D", "=").encode("ascii")).decode("cp437")
length = len(name)
length = 25 - length
data = name + ": ".rjust(length) + flag
self.Print.printer(0, "Base64 Encoded Cookies: (Attention!)",
data)
except binascii.Error as e:
continue
class Host_injection():
def __init__(self):
self.logger = LoggingManager()
self.Print = Print()
def host_header_inj(self, target):
headers = {'Host': 'www.google.com'}
header = {'X-Forwarded-Host': 'www.google.com'}
check_host = "google.com"
try:
req = requests.get(target, headers=headers, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection",
target, req.status_code)
req = requests.get(target, headers=header, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection",
target, req.status_code)
except SSLError as e:
self.Print.printer(-1, "Host Header injection: Manual check needed",
target, req.status_code)
except ConnectionError:
self.Print.printer(-1, "Host Header injection: ConnectionError",
target, req.status_code)
except Exception as e:
self.logger.module_log(e)
print("Error occured while checking host header injection. Check\
module log for details")
def main():
logger=LoggingManager()
install = Install()
try:
install.install_os_tools()
except Exception as e:
logger.install_log(e)
print("Error while installing os tools. Check install log.")
exit()
try:
install.install_pip_tools()
except Exception as e:
logger.install_log(e)
print("Error while installing python pip tools. Check install log.")
exit()
from Modules.A1_injection.sql import Sql_injection
from Modules.A1_injection.crlf import Crlf_injection
from Modules.A1_injection.host import Host_injection
from Modules.A9_cwkv.wordpress import Wordpress
from Modules.A9_cwkv.apache import Apache2_tests
from Modules.loggingManager.logging_manager import LoggingManager
"""For appending the directory path"""
abs_path = os.path.abspath(os.path.dirname(__file__))
sys.path.append(abs_path+'/')
__author__ = 'Anirudh Anand <*****@*****.**>'
logger = LoggingManager()
class WebXploit():
def __init__(self):
self.target_url = ""
self.target_port = ""
self.target_host = ""
self.logger = logger
self.recon_headers = Headers()
self.recon_cookies = Cookies()
self.recon_methods = HTTPMethods()
self.recon_others = Others()
self.sql = Sql_injection()
self.crlf = Crlf_injection()
def execute_all_func(self, target):
self.logger = LoggingManager()
self.websocket_tester(target)
def __init__(self):
self.logger = LoggingManager()
self.Print = Print()
from Modules.A1_injection.sql import Sql_injection
from Modules.A1_injection.crlf import Crlf_injection
from Modules.A1_injection.host import Host_injection
from Modules.A9_cwkv.wordpress import Wordpress
from Modules.A9_cwkv.apache import Apache2_tests
from Modules.loggingManager.logging_manager import LoggingManager
"""For appending the directory path"""
abs_path = os.path.abspath(os.path.dirname(__file__))
sys.path.append(abs_path + '/')
__author__ = 'Anirudh Anand <*****@*****.**>'
logger = LoggingManager()
class WebXploit():
def __init__(self):
self.target_url = ""
self.target_port = ""
self.target_host = ""
self.logger = logger
self.recon_headers = Headers()
self.recon_cookies = Cookies()
self.recon_methods = HTTPMethods()
self.recon_others = Others()
self.sql = Sql_injection()
self.crlf = Crlf_injection()
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(
os.path.join(os.path.dirname(__file__), '../..'))
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__),
'../..'))
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
