def run(self, url, method, headers=None, payload=None): SelfThread.exit_flag = False Log.debug(headers) request_info = RequestInfo(url, method, headers, payload) request_obj = Requests(IP=request_info.hostname, Port=request_info.port) inject_config = { 'Headers': { 'enabled': eval(DefaultConfig.get_value('System', 'InjectHeaders')), 'inject_point_list': request_info.get_header_inject_point(), 'replace': request_info.header_replace }, 'Payloads': { 'enabled': eval(DefaultConfig.get_value('System', 'InjectPayloads')), 'inject_point_list': request_info.get_payload_inject_point(), 'replace': request_info.payload_replace }, 'Parameters': { 'enabled': eval(DefaultConfig.get_value('System', 'InjectParameters')), 'inject_point_list': request_info.get_parameter_inject_point(), 'replace': request_info.parameter_relpace } } for inject_cls in InjectorBase.injectors: injector = inject_cls(request_obj, request_info) injector.do_injection(inject_config) Log.report('Finish Command Injection Scan.')
def gen_calculate_cmd(self, separator, TAG, num1, num2): USE_BACKTICKS = eval(DefaultConfig.get_value('Classic', 'UseBackticks')) if USE_BACKTICKS: # using ` calculate_cmd = "`expr " + str(num1) + " + " + str(num2) + "`" result = "{separator}echo {tag}{cmd}{tag}{tag}".format( separator=separator, tag=TAG, cmd=calculate_cmd) else: calculate_cmd = "$((" + str(num1) + "+" + str(num2) + "))" result = "{separator}echo {tag}$(echo {cmd}{tag}){tag}".format( separator=separator, tag=TAG, cmd=calculate_cmd) return result
def decision(self, inject_key): for separator in self.SEPARATORS: temp_path = DefaultConfig.get_value('TempfileBased', 'TmpFolder') # change tag each round in case false positive self.tag = ''.join( random.choice(string.ascii_uppercase) for i in range(6)) tag_length = len( self.tag) + 4 # need to figure out why commix do this file = temp_path + self.tag + '.txt' for length in xrange(tag_length): # check exit flag SelfThread.is_exit() time.sleep( eval(DefaultConfig.get_value('System', 'RequestDelay'))) Log.debug( 'Start to test with separator: %s, TAG: %s, length: %d, file: %s', separator, self.tag, length, file) cmd = self.gen_cmd_for_separator(separator, self.tag, length, self.time_sec, file) sent_data = self.replace_func(inject_key, cmd) inject_info = { 'target': self.current_part, 'inject_method': self.__class__.__name__, 'inject_key': inject_key, 'seperator': separator, 'tag': self.tag, 'command': cmd } response_info = self.request_obj.serverRestAPI( self.request_info) if self.is_inject_success(response_info['res_time']): inject_result = True self.find_injectable(inject_key, cmd, response_info['res_time']) else: inject_result = False self.record_traffic_logs(self.request_info.get_record(), inject_info, response_info, inject_result)
def decision(self, inject_key): for separator in self.SEPARATORS: for length in xrange(6): # check exit flag SelfThread.is_exit() time.sleep( eval(DefaultConfig.get_value('System', 'RequestDelay'))) # change tag each round in case false positive self.tag = ''.join( random.choice(string.ascii_uppercase) for i in range(6)) Log.debug( 'Start to test with separator: %s, TAG: %s, length: %d', separator, self.tag, length) target_server_root = DefaultConfig.get_value( 'FileBased', 'ServerRootPath') output_file = self.tag + '.txt' cmd = self.gen_file_cmd(separator, self.tag, target_server_root, output_file) sent_data = self.replace_func(inject_key, cmd) inject_info = { 'target': self.current_part, 'inject_method': self.__class__.__name__, 'inject_key': inject_key, 'seperator': separator, 'tag': self.tag, 'command': cmd } response_info = self.request_obj.serverRestAPI( self.request_info) if self.is_inject_success(response_info): inject_result = True self.find_injectable(inject_key, cmd, response_info['res_body']) else: inject_result = False self.record_traffic_logs(self.request_info.get_record(), inject_info, response_info, inject_result)
def __init__(self, window_size, sequences_file=None, pssm_file=None, dssp_file=None, label_file=None, protein_list_file=None): super(dataSet, self).__init__() self.all_sequences = [] for seq_file in sequences_file: with open(seq_file, "rb") as fp_seq: temp_seq = pickle.load(fp_seq) self.all_sequences.extend(temp_seq) self.all_pssm = [] for pm_file in pssm_file: with open(pm_file, "rb") as fp_pssm: temp_pssm = pickle.load(fp_pssm) self.all_pssm.extend(temp_pssm) self.all_dssp = [] for dp_file in dssp_file: with open(dp_file, "rb") as fp_dssp: temp_dssp = pickle.load(fp_dssp) self.all_dssp.extend(temp_dssp) self.all_label = [] for lab_file in label_file: with open(lab_file, "rb") as fp_label: temp_label = pickle.load(fp_label) self.all_label.extend(temp_label) with open(protein_list_file, "rb") as list_label: self.protein_list = pickle.load(list_label) self.Config = DefaultConfig() self.max_seq_len = self.Config.max_sequence_length self.window_size = window_size
import pickle import pandas as pd import numpy as np import torch # from torchvision import datasets, transforms from torch.optim import lr_scheduler from torch.nn.init import xavier_normal, xavier_normal_ from torch import nn from utils.config import DefaultConfig from models.DeepFunc_model import DeepFunc from data import data_generator from utils.evaluation import compute_mcc, compute_roc, compute_performance configs = DefaultConfig() thresholds = configs.thresholds path_dir = "./saved_model/DeepFunc" class AverageMeter(object): """ Computes and stores the average and current value Copied from: https://github.com/pytorch/examples/blob/master/imagenet/main.py """ def __init__(self): self.reset() def reset(self): self.val = 0