def lookAtSessionID(url, sidName, regSession): global sessions handle = getContentDirectURL_GET(url,"") if handle != None: output = handle.read() header = str(handle.info()).split('\n') for h in header: # extract date header information if regDate.match(h): out = regDate.search(h) date = out.group(1) # convert this date into the good GMT number # ie time in seconds since 01/01/1970 00:00:00 gi = time.strptime(normalize_whitespace(date.replace('GMT','')), "%a, %d %b %Y %H:%M:%S") gi = time.mktime(gi) - time.mktime(time.gmtime(0)) output = output.replace('\n','') output = output.replace('\t','') # print output[790:821] output = stripNoneASCII(output) if output.find(sidName) > 0: if regSession.match(output): out = regSession.search(output) ssn = out.group(2) if ssn != None: if gi != None: sessions[ssn] = gi else: sessions[ssn] = ''
def lookAtSessionID(url, sidName, regSession): global sessions handle = getContentDirectURL_GET(url, "") if handle != None: output = handle.read() header = str(handle.info()).split('\n') for h in header: # extract date header information if regDate.match(h): out = regDate.search(h) date = out.group(1) # convert this date into the good GMT number # ie time in seconds since 01/01/1970 00:00:00 gi = time.strptime( normalize_whitespace(date.replace('GMT', '')), "%a, %d %b %Y %H:%M:%S") gi = time.mktime(gi) - time.mktime(time.gmtime(0)) output = output.replace('\n', '') output = output.replace('\t', '') # print output[790:821] output = stripNoneASCII(output) if output.find(sidName) > 0: if regSession.match(output): out = regSession.search(output) ssn = out.group(2) if ssn != None: if gi != None: sessions[ssn] = gi else: sessions[ssn] = ''
def process(urlGlobal, database, attack_list): plop = open('results/xss_GrabberAttacks.xml','w') plop.write("<xssAttacks>\n") for u in database.keys(): if len(database[u]['GET']): for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_GET(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection)) # see the permutations if len(database[u]['GET'].keys()) > 1: print "inside if for get" for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_POST(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams) if handle != None: output = handle.read() if detect_xss(str(instance), output): # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams)) plop.write("\n</xssAttacks>\n") plop.close() return ""
def process(urlGlobal, database, attack_list): plop = open('results/xss_GrabberAttacks.xml','w') plop.write("<xssAttacks>\n") for u in database.keys(): if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_GET(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection)) # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: if instance != "See Below": handle = getContent_POST(u,gParam,instance) if handle != None: output = handle.read() header = handle.info() if detect_xss(str(instance),output): # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams) if handle != None: output = handle.read() if detect_xss(str(instance), output): # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams)) plop.write("\n</xssAttacks>\n") plop.close() return ""
def process(url, database, attack_list): plop = open('results/backup_GrabberAttacks.xml', 'w') plop.write("<backupFiles>\n") for u in database.keys(): if allowed_inUrl(u): for e in ext: url1 = u + e url2 = u + e.upper() try: if len(getContentDirectURL_GET(url1, '').read()) > 0: plop.write(generateOutput(url1)) if len(getContentDirectURL_GET(url2, '').read()) > 0: plop.write(generateOutput(url2)) except AttributeError: continue plop.write("\n</backupFiles>") plop.close() return ""
def process(url, database, attack_list): plop = open('results/backup_GrabberAttacks.xml','w') plop.write("<backupFiles>\n") for u in database.keys(): if allowed_inUrl(u): for e in ext: url1 = u + e url2 = u + e.upper() try: if len(getContentDirectURL_GET(url1,'').read()) > 0: plop.write(generateOutput(url1)) if len(getContentDirectURL_GET(url2,'').read()) > 0: plop.write(generateOutput(url2)) except AttributeError: continue plop.write("\n</backupFiles>") plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>") plop = open('results/sql_GrabberAttacks.xml','w') plop.write("<sqlAttacks>\n") appendToReport(url, '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">'); for u in database.keys(): appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_GET(u,gParam,instance, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection)) appendToReport(u, generateHTMLOutput(u, gParam, instance, "GET", typeOfInjection)) #see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url,txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) appendToReport(u, generateHTMLOutput(u, "ALL", url, "GET", typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for param in database[u]['POST']: if param != gParam: allParams[param] = 'abc' allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection)) appendToReport(u, generateHTMLOutput(u, gParam, instance, "POST", typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams, txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams)) appendToReport(u, generateHTMLOutput(u, "All", instance, "POST", typeOfInjection)) plop.write("\n</sqlAttacks>\n") appendToReport(url, "</div></div>") plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport( url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>" ) plop = open('results/sql_GrabberAttacks.xml', 'w') plop.write("<sqlAttacks>\n") appendToReport( url, '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">' ) for u in database.keys(): appendToReport( u, "<h4><div class='label label-default'><a target='_balnk' href='" + u + "'>" + u + "</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_GET(u, gParam, instance, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write( generateOutput(u, gParam, instance, "GET", typeOfInjection)) appendToReport( u, generateHTMLOutput(u, gParam, instance, "GET", typeOfInjection)) #see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u, url, txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write( generateOutputLong(u, url, "GET", typeOfInjection)) appendToReport( u, generateHTMLOutput(u, "ALL", url, "GET", typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for param in database[u]['POST']: if param != gParam: allParams[param] = 'abc' allParams[gParam] = str(instance) handle = getContentDirectURL_POST( u, allParams, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write( generateOutput(u, gParam, instance, "POST", typeOfInjection)) appendToReport( u, generateHTMLOutput(u, gParam, instance, "POST", typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u, allParams, txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write( generateOutputLong(u, url, "POST", typeOfInjection, allParams)) appendToReport( u, generateHTMLOutput(u, "All", instance, "POST", typeOfInjection)) plop.write("\n</sqlAttacks>\n") appendToReport(url, "</div></div>") plop.close() return ""