def process(self, headers, content):
if 'set-cookie' in headers:
cookie = headers['set-cookie']
else:
cookie = None
if cookie is not None:
if re.search(r'domain=\S*', cookie, re.I):
Output().finding(
'Cookies are only accessible to this domain: %s' %
re.findall(r'domain=(.+?)[\;]', cookie, re.I)[0])
if not re.search('httponly', cookie, re.I):
Output().finding('Cookies created without HTTPOnly Flag.')
if not re.search('secure', cookie, re.I):
Output().finding('Cookies created without Secure Flag.')
def test_attack_launcher():
# Add services container for running
Services.register("output", Output())
Services.register("logger", logging.getLogger("sitadelLog"))
f = Attacks(None, None)
if not hasattr(f, "run"):
raise AssertionError
def test_current_plugins():
test_url = "http://localhost"
settings.from_yaml("tests/lib/config/test_attack_config.yml")
Services.register("datastore", Datastore(settings.datastore))
Services.register("logger", logging.getLogger("sitadelLog"))
Services.register("output", Output())
Services.register("request_factory", SingleRequest(url=test_url, agent="Sitadel"))
plugins = settings.attack_plugins
Attacks(test_url, [test_url]).run(plugins)
def process(self, headers, content):
fields = ('Accept', 'Accept-Charset', 'Accept-Encoding',
'Accept-Language', 'Accept-Datetime', 'Authorization',
'Connection', 'Cookie', 'Content-Length', 'Content-MD5',
'Content-Type', 'Expect', 'From', 'Host', 'If-Match',
'If-Modified-Since', 'If-None-Match', 'If-Range',
'If-Unmodified-Since', 'Max-Forwards', 'Origin', 'Pragma',
'Proxy-Authorization', 'Range', 'Referer', 'User-Agent',
'Upgrade', 'Via', 'Warning', 'X-Requested-With',
'X-Forwarded-For', 'X-Forwarded-Host', 'X-Forwarded-Proto',
'Front-End-Https', 'X-Http-Method-Override',
'X-ATT-DeviceId', 'X-Wap-Profile', 'Proxy-Connection',
'Accept-Ranges', 'Age', 'Allow', 'Cache-Control',
'Content-Encoding', 'Content-Language', 'Content-Length',
'Content-Location', 'Content-MD5', 'Content-Disposition',
'Content-Range', 'Content-Type', 'Date', 'ETag', 'Expires',
'Last-Modified', 'Link', 'Location', 'Proxy-Authenticate',
'Refresh', 'Retry-After', 'Server', 'Set-Cookie', 'Status',
'Strict-Transport-Security', 'Trailer', 'Transfer-Encoding',
'Vary', 'WWW-Authenticate', 'X-Frame-Options',
'Public-Key-Pins', 'X-XSS-Protection',
'Content-Security-Policy', 'X-Content-Security-Policy',
'X-WebKit-CSP', 'X-Content-Type-Options', 'X-Powered-By',
'Keep-Alive', 'Content-language', 'X-UA-Compatible')
if not re.search(r'X-Frame-Options', str(headers.keys()), re.I):
Output().finding('X-Frame-Options header is not present.')
if not re.search(r'Strict-Transport-Security', str(headers.keys()),
re.I):
Output().finding(
'Strict-Transport-Security header is not present.')
if not re.search(r'x-xss-protection', str(headers.keys()), re.I):
Output().finding('X-XSS-Protection header is not present.')
try:
for key in headers.keys():
if key not in fields:
Output().finding(
'Uncommon header "%s" found, with contents: %s' %
(key, headers[key]))
except Exception as e:
print(e)
def test_current_plugins():
test_url = "http://localhost"
settings.from_yaml("tests/lib/config/test_fingerprint_config.yml")
Services.register("logger", logging.getLogger("sitadelLog"))
Services.register("output", Output())
Services.register("request_factory", SingleRequest(url=test_url, agent="Sitadel"))
plugins = settings.fingerprint_plugins
Fingerprints(
url=test_url,
cookie=None,
).run(plugins)
def test_request():
Services.register("output", Output())
r = SingleRequest()
if not hasattr(r, "send"):
raise AssertionError
r1 = SingleRequest(url="test",
agent="agent",
proxy="proxy",
redirect="redirect",
timeout="timeout")
if r1.url != "test":
raise AssertionError
if r1.agent != "agent":
raise AssertionError
if r1.proxy != "proxy":
raise AssertionError
if r1.redirect != "redirect":
raise AssertionError
if r1.timeout != "timeout":
raise AssertionError
if not isinstance(r1.ruagent, str):
raise AssertionError
def main(self):
parser = argparse.ArgumentParser(
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
usage=self.bn.banner())
# Prepare the possible values for risk levels
risk_values = [r.value for r in Risk]
# Add arguments
parser.add_argument("url", help="URL of the website to scan")
parser.add_argument("-r",
"--risk",
type=int,
help="Level of risk allowed for the scan",
choices=risk_values)
parser.add_argument("-ua",
"--user-agent",
default="Linguini " + __version__,
help="User-agent to set for the scan requests")
parser.add_argument(
"--redirect",
dest='redirect',
help="Whether or not the scan should follow redirection",
action="store_true")
parser.add_argument(
"--no-redirect",
dest='redirect',
help="Whether or not the scan should follow redirection",
action="store_false")
parser.set_defaults(redirect=True)
parser.add_argument("-t",
"--timeout",
type=int,
help="Timeout to set for the scan HTTP requests")
parser.add_argument("-c",
"--cookie",
help="Cookie to set for the scan HTTP requests")
parser.add_argument("-p",
"--proxy",
help="Proxy to set for the scan HTTP requests")
parser.add_argument("-f",
"--fingerprint",
nargs='+',
help="Fingerprint modules to activate")
parser.add_argument("-a",
"--attack",
nargs='+',
help="Attack modules to activate")
parser.add_argument("--config",
help="Path to the config file",
default="config/config.yml")
parser.add_argument("-v",
"--verbosity",
action="count",
default=0,
help="Increase output verbosity")
parser.add_argument('--version',
action='version',
version=self.bn.version())
args = parser.parse_args()
# Verify the target URL
self.url = validator.validate_target(args.url)
# Reading configuration
settings.from_yaml(args.config)
if args.risk is not None:
settings.risk = Risk(args.risk)
# Register services
Services.register("datastore", Datastore(settings.datastore))
Services.register("logger", logging.getLogger("sitadelLog"))
Services.register("output", Output())
Services.register(
"request_factory",
Request(url=self.url,
agent=args.user_agent,
proxy=args.proxy,
redirect=args.redirect,
timeout=args.timeout))
# Display target and scan starting time
self.bn.preamble(self.url)
# Run the fingerprint modules
self.ma.fingerprints(args.fingerprint, args.user_agent, args.proxy,
args.redirect, args.timeout, self.url,
args.cookie)
# Run the crawler to discover urls
discovered_urls = self.ma.crawler(self.url, args.user_agent)
# Run the attack modules on discovered urls
self.ma.attacks(args.attack, self.url, discovered_urls)
def test_attack_launcher():
# Add services container for running
Services.register("output", Output())
f = Attacks(None, None)
assert hasattr(f, 'run')
from lib.utils.output import Output
Output().info(
"For better waf detection we recommend you to run with --no-redirect")
def main(self):
parser = argparse.ArgumentParser(
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
usage=self.bn.banner(),
)
# Prepare the possible values for risk levels
risk_values = [r.value for r in Risk]
# Add arguments
parser.add_argument("url", help="URL of the website to scan")
parser.add_argument(
"-r",
"--risk",
type=int,
help="Level of risk allowed for the scan",
choices=risk_values,
)
parser.add_argument(
"-ua",
"--user-agent",
default="Sitadel " + __version__,
help="User-agent to set for the scan requests",
)
parser.add_argument(
"--redirect",
dest="redirect",
help="Whether or not the scan should follow redirection",
action="store_true",
)
parser.add_argument(
"--no-redirect",
dest="redirect",
help="Whether or not the scan should follow redirection",
action="store_false",
)
parser.set_defaults(redirect=True)
parser.add_argument(
"-t",
"--timeout",
type=int,
default=30,
help="Timeout to set for the scan HTTP requests",
)
parser.add_argument("-c",
"--cookie",
help="Cookie to set for the scan HTTP requests")
parser.add_argument("-p",
"--proxy",
help="Proxy to set for the scan HTTP requests")
parser.add_argument("-f",
"--fingerprint",
nargs="+",
help="Fingerprint modules to activate")
parser.add_argument("-a",
"--attack",
nargs="+",
help="Attack modules to activate")
parser.add_argument("--config",
help="Path to the config file",
default="config/config.yml")
parser.add_argument(
"-v",
"--verbosity",
action="count",
default=0,
help="Increase output verbosity",
)
parser.add_argument("--version",
action="version",
version=self.bn.version())
args = parser.parse_args()
# Verify the target URL
self.url = validator.validate_target(args.url)
# Reading configuration
settings.from_yaml(args.config)
if args.risk is not None:
settings.risk = Risk(args.risk)
# Setting up the logger
logger = logging.getLogger("sitadelLog")
logging.basicConfig(
filename="sitadel.log",
filemode="w",
format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
datefmt="%d-%b-%y %H:%M:%S",
level=(logging.CRITICAL - (args.verbosity * 10)),
)
# Create handlers
console_handler = logging.StreamHandler()
console_handler.setLevel(logging.WARNING)
file_handler = logging.FileHandler("sitadel.log")
file_handler.setLevel(level=(logging.CRITICAL - (args.verbosity * 10)))
# Create formatters and add it to handlers
console_format = logging.Formatter(
"%(name)s - %(levelname)s - %(message)s")
console_handler.setFormatter(console_format)
file_format = logging.Formatter(
"%(asctime)s - %(name)s - %(levelname)s - %(message)s")
file_handler.setFormatter(file_format)
# Add handlers to the logger
logger.addHandler(console_handler)
logger.addHandler(file_handler)
# Register services
Services.register("datastore", Datastore(settings.datastore))
Services.register("logger", logger)
Services.register("output", Output())
Services.register(
"request_factory",
SingleRequest(
url=self.url,
agent=args.user_agent,
proxy=args.proxy,
redirect=args.redirect,
timeout=args.timeout,
),
)
# Display target and scan starting time
self.bn.preamble(self.url)
try:
# Run the fingerprint modules
self.ma.fingerprints(
args.fingerprint,
self.url,
args.cookie,
)
# Run the crawler to discover urls
discovered_urls = self.ma.crawler(self.url, args.user_agent)
# Hotfix on KeyboardInterrupt being redirected to scrapy crawler process
signal.signal(signal.SIGINT, signal.default_int_handler)
# Run the attack modules on discovered urls
self.ma.attacks(args.attack, self.url, discovered_urls)
except KeyboardInterrupt:
raise
finally:
self.bn.postscript()
def test_fingerprint_launcher():
Services.register("output", Output())
Services.register("request_factory", SingleRequest())
f = Fingerprints(None, None)
if not hasattr(f, "run"):
raise AssertionError