class Headers():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
def execute_all_func(self, target):
self.get_headers(target)
self.check_headers(target)
def get_headers(self, target):
data = ""
try:
req = requests.head(target)
except requests.exceptions.MissingSchema as e:
print("Non valid URL. Please specify a valid URL.")
self.logger.error_log(e)
exit()
except Exception as e:
print("Error occured while accessing headers.Check recon log")
self.logger.recon_log(e)
exit()
for name, value in req.headers.items():
length = len(name)
length = 50 - length
data = data + name + ": ".rjust(length) + value + "\n"
self.Print.printer(0, "Response Headers: ", data)
def check_headers(self, target):
req = requests.head(target)
print("\n")
self.Print.printer(0, "Response header Analysis: ", None)
try:
xssprotect = req.headers['X-XSS-Protection']
if xssprotect != '1; mode=block':
self.Print.printer(
0,
"X-XSS-Protection not set properly, XSS may be possible:",
xssprotect)
except:
self.Print.printer(
0, "X-XSS-Protection not set, XSS may be possible", None)
try:
contenttype = req.headers['X-Content-Type-Options']
if contenttype != 'nosniff':
self.Print.printer(0,
"X-Content-Type-Options not set properly:",
contenttype)
except:
self.Print.printer(0, "X-Content-Type-Options not set", None)
try:
hsts = req.headers['Strict-Transport-Security']
except:
self.Print.printer(
0, "HSTS header not set, MITM attacks may be possible", None)
try:
csp = req.headers['Content-Security-Policy']
self.Print.printer(0, "Content-Security-Policy set: ", csp)
except:
self.Print.printer(0, "Content-Security-Policy missing", None)
class Headers:
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
def execute_all_func(self, target):
self.get_headers(target)
self.check_headers(target)
def get_headers(self, target):
data = ""
try:
req = requests.head(target)
except requests.exceptions.MissingSchema as e:
print("Non valid URL. Please specify a valid URL.")
self.logger.error_log(e)
exit()
except Exception as e:
print("Error occured while accessing headers.Check recon log")
self.logger.recon_log(e)
exit()
for name, value in req.headers.items():
length = len(name)
length = 50 - length
data = data + name + ": ".rjust(length) + value + "\n"
self.Print.printer(0, "Response Headers: ", data)
def check_headers(self, target):
req = requests.head(target)
print("\n")
self.Print.printer(0, "Response header Analysis: ", None)
try:
xssprotect = req.headers["X-XSS-Protection"]
if xssprotect != "1; mode=block":
self.Print.printer(0, "X-XSS-Protection not set properly, XSS may be possible:", xssprotect)
except:
self.Print.printer(0, "X-XSS-Protection not set, XSS may be possible", None)
try:
contenttype = req.headers["X-Content-Type-Options"]
if contenttype != "nosniff":
self.Print.printer(0, "X-Content-Type-Options not set properly:", contenttype)
except:
self.Print.printer(0, "X-Content-Type-Options not set", None)
try:
hsts = req.headers["Strict-Transport-Security"]
except:
self.Print.printer(0, "HSTS header not set, MITM attacks may be possible", None)
try:
csp = req.headers["Content-Security-Policy"]
self.Print.printer(0, "Content-Security-Policy set: ", csp)
except:
self.Print.printer(0, "Content-Security-Policy missing", None)
class HTTPMethods():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
def test_allowed_methods(self, target):
for verb in self.verbs:
try:
req = requests.request(verb, target)
print(verb, req.status_code, req.reason)
if verb == 'TRACE' and 'TRACE / HTTP' in req.text:
self.Print.printer(1, "Cross Site Tracing found", None)
except requests.exceptions.ConnectionError as e:
print("CONNECT :: Connection error occured. Retry using https")
self.logger.recon_log(e)
except Exception as e:
self.logger.recon_log(e)
print("Error while testing allowed methords. Check recon log")
class HTTPMethods():
def __init__(self):
self.Print = Print()
self.logger = LoggingManager()
self.verbs = ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'TRACE']
def test_allowed_methods(self, target):
for verb in self.verbs:
try:
req = requests.request(verb, target)
print(verb, req.status_code, req.reason)
if verb == 'TRACE' and 'TRACE / HTTP' in req.text:
self.Print.printer(1, "Cross Site Tracing found", None)
except requests.exceptions.ConnectionError as e:
print("CONNECT :: Connection error occured. Retry using https")
self.logger.recon_log(e)
except Exception as e:
self.logger.recon_log(e)
print("Error while testing allowed methords. Check recon log")
class Others():
# def __init__(self):
def execute_all_func(self, target):
self.logger = LoggingManager()
self.websocket_tester(target)
def websocket_tester(self, target):
try:
req = requests.get(target)
check = ["ws://", "wss://", "WebSocket"]
flag = str(req.text.encode('ascii', 'ignore'))
except:
print("Error while testing websockets. Check recon log for details\
.")
self.logger.recon_log(e)
for i in range(0, len(check)):
for line in re.finditer(check[i], flag):
print("=======================================================")
print("Possible Attack: \n")
print("Cross-Site WebSocket Hijacking (CSWSH)")
print("Might be handy: http://ironwasp.org/cswsh.html")
return
class Cookies():
""" """
def __init__(self):
self.cookies = ""
self.Print = Print()
self.logger = LoggingManager()
def execute_all_func(self, target):
self.get_cookies(target)
self.base64_check(target)
def get_cookies(self, target):
data = ""
try:
req = requests.get(target)
self.cookies = req.cookies.items()
except Exception as e:
print("Error occured while accessing cookies. Check recon log")
self.logger.recon_log(e)
for name, value in self.cookies:
length = len(name)
length = 25 - length
data = data + name + ": ".rjust(length) + value
self.Print.printer(0, "Cookies: ", data)
def base64_check(self, target):
for name, value in self.cookies:
try:
flag = base64.decodestring(
value.replace("%3D", "=").encode("ascii")).decode("cp437")
length = len(name)
length = 25 - length
data = name + ": ".rjust(length) + flag
self.Print.printer(0, "Base64 Encoded Cookies: (Attention!)",
data)
except binascii.Error as e:
continue
