def get_request(url, http_request_method, filename, delay):
#if not settings.COOKIE_INJECTION:
found_url = parameters.do_GET_check(url)
if found_url != False:
check_parameters = []
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
check_parameters.append(check_parameter)
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method,
header_name)
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method,
filename, delay)
# Enable Cookie Injection
if menu.options.level > 1 and menu.options.cookie:
settings.COOKIE_INJECTION = True
def get_request(url, http_request_method, filename, delay):
#if not settings.COOKIE_INJECTION:
found_url = parameters.do_GET_check(url)
if found_url != False:
check_parameters = []
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
check_parameters.append(check_parameter)
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
# Enable Cookie Injection
if menu.options.level > settings.DEFAULT_INJECTION_LEVEL and menu.options.cookie:
settings.COOKIE_INJECTION = True
def post_request(url, http_request_method, filename, timesec):
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
if settings.IS_XML:
# Remove junk data
found_parameter = [x for x in found_parameter if settings.INJECT_TAG in x]
else:
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
check_parameters = []
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
check_parameters.append(check_parameter)
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(found_parameter)):
if settings.INJECT_TAG in found_parameter[i]:
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if check_parameter != parameter:
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TESTABLE_PARAMETER) > 0:
if menu.options.test_parameter != None:
param_counter = 0
for check_parameter in check_parameters:
if check_parameter in "".join(settings.TEST_PARAMETER).split(","):
menu.options.data = found_parameter[param_counter]
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, timesec)
param_counter += 1
break
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, timesec)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, timesec)
# Enable Cookie Injection
if menu.options.level > settings.DEFAULT_INJECTION_LEVEL and menu.options.cookie:
settings.COOKIE_INJECTION = True
def cookie_injection(url, http_request_method, filename, timesec):
settings.COOKIE_INJECTION = True
# Cookie Injection
if settings.COOKIE_INJECTION == True:
cookie_value = menu.options.cookie
header_name = " cookie"
settings.HTTP_HEADER = header_name[1:].lower()
cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
if type(cookie_parameters) is str:
cookie_parameters_list = []
cookie_parameters_list.append(cookie_parameters)
cookie_parameters = cookie_parameters_list
# Remove whitespaces
cookie_parameters = [x.replace(" ", "") for x in cookie_parameters]
check_parameters = []
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
check_parameters.append(check_parameter)
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(cookie_parameters)):
parameter = menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(parameter)
if check_parameter != parameter:
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if menu.options.test_parameter != None:
param_counter = 0
for check_parameter in check_parameters:
if check_parameter in "".join(settings.TEST_PARAMETER).split(","):
menu.options.cookie = cookie_parameters[param_counter]
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, timesec)
param_counter += 1
break
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, timesec)
if settings.COOKIE_INJECTION == True:
# Restore cookie value
menu.options.cookie = cookie_value
# Disable cookie injection
settings.COOKIE_INJECTION = False
def get_request(url, http_request_method, filename, timesec):
#if not settings.COOKIE_INJECTION:
found_url = parameters.do_GET_check(url)
if found_url != False:
check_parameters = []
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
check_parameters.append(check_parameter)
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method,
header_name)
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
if check_parameter != url:
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TESTABLE_PARAMETER) > 0:
if menu.options.test_parameter != None:
url_counter = 0
for check_parameter in check_parameters:
if check_parameter in "".join(
settings.TEST_PARAMETER).split(","):
url = found_url[url_counter]
# Check for session file
check_for_stored_sessions(
url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method,
filename, timesec)
url_counter += 1
break
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename,
timesec)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename, timesec)
# Enable Cookie Injection
if menu.options.level > settings.DEFAULT_INJECTION_LEVEL and menu.options.cookie:
settings.COOKIE_INJECTION = True
def cookie_injection(url, http_request_method, filename, delay):
settings.COOKIE_INJECTION = True
# Cookie Injection
if settings.COOKIE_INJECTION == True:
cookie_value = menu.options.cookie
header_name = " cookie"
settings.HTTP_HEADER = header_name[1:].lower()
cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
if type(cookie_parameters) is str:
cookie_parameters_list = []
cookie_parameters_list.append(cookie_parameters)
cookie_parameters = cookie_parameters_list
# Remove whitespaces
cookie_parameters = [x.replace(" ", "") for x in cookie_parameters]
check_parameters = []
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
check_parameters.append(check_parameter)
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
if settings.COOKIE_INJECTION == True:
# Restore cookie value
menu.options.cookie = cookie_value
# Disable cookie injection
settings.COOKIE_INJECTION = False
def post_request(url, http_request_method, filename, delay):
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
check_parameters = []
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
check_parameters.append(check_parameter)
#if not menu.options.level > 1:
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method,
header_name)
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method,
filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method,
filename, delay)
def post_request(url, http_request_method, filename, delay):
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
check_parameters = []
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
check_parameters.append(check_parameter)
#if not menu.options.level > 1:
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
def do_check(url, filename):
check_http_headers = False
# Check if defined "--delay" option.
if menu.options.delay:
delay = menu.options.delay
else:
delay = settings.DELAY
# Check if authentication is needed.
if menu.options.auth_url and menu.options.auth_data:
# Do the authentication process.
authentication.authentication_process()
# Check if authentication page is the same with the next (injection) URL
if urllib2.urlopen(url).read() == urllib2.urlopen(menu.options.auth_url).read():
err_msg = "It seems that the authentication procedure has failed."
print settings.print_error_msg(err_msg)
sys.exit(0)
elif menu.options.auth_url or menu.options.auth_data:
err_msg = "You must specify both login panel URL and login parameters."
print settings.print_error_msg(err_msg)
sys.exit(0)
else:
pass
# Check if HTTP Method is GET.
if not menu.options.data:
http_request_method = "GET"
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2 :
check_parameter = ""
stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)
if not menu.options.shellshock:
#if not settings.COOKIE_INJECTION:
found_url = parameters.do_GET_check(url)
if found_url != False:
check_parameters = []
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
check_parameters.append(check_parameter)
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
# Enable Cookie Injection
if menu.options.level > 1 and menu.options.cookie:
settings.COOKIE_INJECTION = True
else:
menu.options.level = 3
# Check if HTTP Method is POST.
else:
http_request_method = "POST"
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2 :
check_parameter = ""
stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
check_parameters = []
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
check_parameters.append(check_parameter)
#if not menu.options.level > 1:
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
# Enable Cookie Injection
if menu.options.cookie and menu.options.level > 1:
settings.COOKIE_INJECTION = True
# Cookie Injection
if settings.COOKIE_INJECTION == True:
cookie_value = menu.options.cookie
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2 :
check_parameter = ""
stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)
header_name = " cookie"
settings.HTTP_HEADER = header_name[1:].lower()
cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
if type(cookie_parameters) is str:
cookie_parameters_list = []
cookie_parameters_list.append(cookie_parameters)
cookie_parameters = cookie_parameters_list
# Remove whitespaces
cookie_parameters = [x.replace(" ", "") for x in cookie_parameters]
check_parameters = []
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
check_parameters.append(check_parameter)
checks.print_non_listed_params(check_parameters, http_request_method, header_name)
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(menu.options.cookie)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
if settings.COOKIE_INJECTION == True:
# Restore cookie value
menu.options.cookie = cookie_value
# Disable cookie injection
settings.COOKIE_INJECTION = False
# Custom header Injection
if settings.CUSTOM_HEADER_INJECTION == True:
check_parameter = header_name = " " + settings.CUSTOM_HEADER_NAME
settings.HTTP_HEADER = header_name[1:].lower()
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename, delay)
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2 :
check_parameter = ""
check_http_headers = True
stored_http_header_injection(url, check_parameter, check_http_headers, http_request_method, filename, delay)
# All injection techniques seems to be failed!
if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False :
err_msg = "All tested parameters "
if menu.options.level > 2:
err_msg += "and headers "
err_msg += "appear to be not injectable."
if not menu.options.alter_shell :
err_msg += " Try to use the option '--alter-shell'"
else:
err_msg += " Try to remove the option '--alter-shell'"
if menu.options.level < 3 :
err_msg += " and/or try to increase '--level' values to perform"
err_msg += " more tests (i.e 'User-Agent', 'Referer', 'Cookie' etc)"
err_msg += "."
print settings.print_critical_msg(err_msg)
sys.exit(0)
#eof
def do_check(url, filename):
check_http_headers = False
# Check if defined "--delay" option.
if menu.options.delay:
delay = menu.options.delay
else:
delay = settings.DELAY
# Check if authentication is needed.
if menu.options.auth_url and menu.options.auth_data:
# Do the authentication process.
authentication.authentication_process()
# Check if authentication page is the same with the next (injection) URL
if urllib2.urlopen(url).read() == urllib2.urlopen(
menu.options.auth_url).read():
err_msg = "It seems that the authentication procedure has failed."
print settings.print_error_msg(err_msg)
sys.exit(0)
elif menu.options.auth_url or menu.options.auth_data:
err_msg = "You must specify both login panel URL and login parameters."
print settings.print_error_msg(err_msg)
sys.exit(0)
else:
pass
# Check if HTTP Method is GET.
if not menu.options.data:
http_request_method = "GET"
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2:
check_parameter = ""
stored_http_header_injection(url, check_parameter,
check_http_headers,
http_request_method, filename, delay)
if not menu.options.shellshock:
#if not settings.COOKIE_INJECTION:
found_url = parameters.do_GET_check(url)
if found_url != False:
check_parameters = []
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
check_parameters.append(check_parameter)
header_name = ""
checks.print_non_listed_params(check_parameters,
http_request_method,
header_name)
for i in range(0, len(found_url)):
url = found_url[i]
check_parameter = parameters.vuln_GET_param(url)
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename,
delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename,
delay)
# Enable Cookie Injection
if menu.options.level > 1 and menu.options.cookie:
settings.COOKIE_INJECTION = True
else:
menu.options.level = 3
# Check if HTTP Method is POST.
else:
http_request_method = "POST"
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2:
check_parameter = ""
stored_http_header_injection(url, check_parameter,
check_http_headers,
http_request_method, filename, delay)
# Check if HTTP Method is POST.
parameter = menu.options.data
found_parameter = parameters.do_POST_check(parameter)
# Check if singe entry parameter
if type(found_parameter) is str:
found_parameter_list = []
found_parameter_list.append(found_parameter)
found_parameter = found_parameter_list
# Remove whitespaces
found_parameter = [x.replace(" ", "") for x in found_parameter]
# Check if multiple parameters
check_parameters = []
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
check_parameters.append(check_parameter)
#if not menu.options.level > 1:
header_name = ""
checks.print_non_listed_params(check_parameters, http_request_method,
header_name)
for i in range(0, len(found_parameter)):
parameter = menu.options.data = found_parameter[i]
check_parameter = parameters.vuln_POST_param(parameter, url)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method,
filename, delay)
# Enable Cookie Injection
if menu.options.cookie and menu.options.level > 1:
settings.COOKIE_INJECTION = True
# Cookie Injection
if settings.COOKIE_INJECTION == True:
cookie_value = menu.options.cookie
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2:
check_parameter = ""
stored_http_header_injection(url, check_parameter,
check_http_headers,
http_request_method, filename, delay)
header_name = " cookie"
settings.HTTP_HEADER = header_name[1:].lower()
cookie_parameters = parameters.do_cookie_check(menu.options.cookie)
if type(cookie_parameters) is str:
cookie_parameters_list = []
cookie_parameters_list.append(cookie_parameters)
cookie_parameters = cookie_parameters_list
# Remove whitespaces
cookie_parameters = [x.replace(" ", "") for x in cookie_parameters]
check_parameters = []
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(
menu.options.cookie)
check_parameters.append(check_parameter)
checks.print_non_listed_params(check_parameters, http_request_method,
header_name)
for i in range(0, len(cookie_parameters)):
menu.options.cookie = cookie_parameters[i]
check_parameter = parameters.specify_cookie_parameter(
menu.options.cookie)
if len(check_parameter) > 0:
settings.TESTABLE_PARAMETER = check_parameter
# Check if testable parameter(s) are provided
if len(settings.TEST_PARAMETER) > 0:
if check_parameter in settings.TEST_PARAMETER:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter,
http_request_method, filename, delay)
else:
# Check for session file
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method,
filename, delay)
if settings.COOKIE_INJECTION == True:
# Restore cookie value
menu.options.cookie = cookie_value
# Disable cookie injection
settings.COOKIE_INJECTION = False
# Custom header Injection
if settings.CUSTOM_HEADER_INJECTION == True:
check_parameter = header_name = " " + settings.CUSTOM_HEADER_NAME
settings.HTTP_HEADER = header_name[1:].lower()
check_for_stored_sessions(url, http_request_method)
injection_proccess(url, check_parameter, http_request_method, filename,
delay)
# Check for stored injections on User-agent / Referer headers (if level > 2).
if menu.options.level > 2:
check_parameter = ""
check_http_headers = True
stored_http_header_injection(url, check_parameter, check_http_headers,
http_request_method, filename, delay)
# All injection techniques seems to be failed!
if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False:
err_msg = "All tested parameters "
if menu.options.level > 2:
err_msg += "and headers "
err_msg += "appear to be not injectable."
if not menu.options.alter_shell:
err_msg += " Try to use the option '--alter-shell'"
else:
err_msg += " Try to remove the option '--alter-shell'"
if menu.options.level < 3:
err_msg += " and/or try to increase '--level' values to perform"
err_msg += " more tests (i.e 'User-Agent', 'Referer', 'Cookie' etc)"
err_msg += "."
print settings.print_critical_msg(err_msg)
sys.exit(0)
#eof
