class Crlf_injection():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__),
'../..'))
def test_crlf_injection(self, target):
payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r')
if (target[:-1].endswith('/')) == False:
target += "/"
try:
flag = requests.get(target)
for i in payload.readlines()[1:]:
req = requests.get(target + i)
if req.text == flag.text:
continue
status = req.status_code
if status != 404 and status != 403 and status != 400:
poc = "POC: " + target + i
self.Print.printer(3, "CRLF header Injection",
data, status, poc)
except Exception as e:
print("Error occured while checking for crlf injection. Check module\
log for details")
self.logger.module_log(e)
return
class Crlf_injection():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(
os.path.join(os.path.dirname(__file__), '../..'))
def test_crlf_injection(self, target):
payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r')
if (target[:-1].endswith('/')) == False:
target += "/"
try:
flag = requests.get(target)
for i in payload.readlines()[1:]:
req = requests.get(target + i)
if req.text == flag.text:
continue
status = req.status_code
if status != 404 and status != 403 and status != 400:
poc = "POC: " + target + i
self.Print.printer(3, "CRLF header Injection", data,
status, poc)
except Exception as e:
print(
"Error occured while checking for crlf injection. Check module\
log for details")
self.logger.module_log(e)
return
class Sql_injection():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.filepath = os.path.abspath(
os.path.join(os.path.dirname(__file__), '../..'))
def execute_all_func(self, target):
try:
self.check_cookies(target)
except Exception as e:
print("Error while checking cookies.Check module log for details")
self.logger.module_log(e)
try:
self.check_user_agent(target)
except Exception as e:
print(
"Error while checking user agent.Check module log for details."
)
self.logger.module_log(e)
return
def check_cookies(self, target):
session = requests.Session()
req = session.get(target)
payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r')
check = ["MySQL server version", "have an error", "SQL syntax"]
for i in payload.readlines():
i = i.strip("\n")
for cookie in session.cookies:
cookie.value += i
r = session.get(target)
for j in range(0, len(check)):
if check[j] in r.text:
poc = "POC: " + cookie.name + ": " + cookie.value
self.Print.printer(3, "Error Based SQLi(Cookie Based)",
None, req.status_code, poc)
return
def check_user_agent(self, target):
payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r')
for i in payload.readlines():
user_agent = {
'User-agent':
'Mozilla/5.0 (X11; Ubuntu; Linux' +
'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'
}
user_agent['User-agent'] += i
req = urllib.request.Request(target, headers=user_agent)
flag = str(urllib.request.urlopen(req).read())
check = ["MySQL server version", "have an error", "SQL syntax"]
for j in range(0, len(check)):
for line in re.finditer(check[j], flag):
self.Print.printer(3, "Error Based SQLi(User Agent)", None,
None, None)
return
class Host_injection():
def __init__(self):
self.logger = LoggingManager()
self.Print = Print()
def host_header_inj(self, target):
headers = {'Host': 'www.google.com'}
header = {'X-Forwarded-Host': 'www.google.com'}
check_host = "google.com"
try:
req = requests.get(target, headers=headers, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection", target,
req.status_code)
req = requests.get(target, headers=header, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection", target,
req.status_code)
except SSLError as e:
self.Print.printer(-1,
"Host Header injection: Manual check needed",
target, req.status_code)
except ConnectionError:
self.Print.printer(-1, "Host Header injection: ConnectionError",
target, req.status_code)
except Exception as e:
self.logger.module_log(e)
print("Error occured while checking host header injection. Check\
module log for details")
class Host_injection():
def __init__(self):
self.logger = LoggingManager()
self.Print = Print()
def host_header_inj(self, target):
headers = {'Host': 'www.google.com'}
header = {'X-Forwarded-Host': 'www.google.com'}
check_host = "google.com"
try:
req = requests.get(target, headers=headers, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection",
target, req.status_code)
req = requests.get(target, headers=header, allow_redirects=False)
if req.status_code == 302 or req.status_code == 301:
location = req.headers['Location']
if check_host in location:
self.Print.printer(1, "Host Header injection",
target, req.status_code)
except SSLError as e:
self.Print.printer(-1, "Host Header injection: Manual check needed",
target, req.status_code)
except ConnectionError:
self.Print.printer(-1, "Host Header injection: ConnectionError",
target, req.status_code)
except Exception as e:
self.logger.module_log(e)
print("Error occured while checking host header injection. Check\
module log for details")
