def process(url, database, attack_list, txheaders): appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>") plop = open('results/sql_GrabberAttacks.xml','w') plop.write("<sqlAttacks>\n") appendToReport(url, '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">'); for u in database.keys(): appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_GET(u,gParam,instance, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write(generateOutput(u,gParam,instance,"GET",typeOfInjection)) appendToReport(u, generateHTMLOutput(u, gParam, instance, "GET", typeOfInjection)) #see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url,txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) appendToReport(u, generateHTMLOutput(u, "ALL", url, "GET", typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for param in database[u]['POST']: if param != gParam: allParams[param] = 'abc' allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write(generateOutput(u,gParam,instance,"POST",typeOfInjection)) appendToReport(u, generateHTMLOutput(u, gParam, instance, "POST", typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u,allParams, txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"POST",typeOfInjection, allParams)) appendToReport(u, generateHTMLOutput(u, "All", instance, "POST", typeOfInjection)) plop.write("\n</sqlAttacks>\n") appendToReport(url, "</div></div>") plop.close() return ""
# default to localhost ? archives_url = "http://localhost" if option_url: archives_url = option_url root = archives_url createStructure() depth = 1 generateReport(archives_url, False) filename = "file:///Applications/XAMPP/xamppfiles/htdocs/grabber/results/report.html" webbrowser.get('macosx').open(filename, 0, False) definition_headers(option_cookie) if option_cookie != None: appendToReport( archives_url, "<h4><div class='label label-default'>Cookie: " + escape(option_cookie) + "</div></h4>") try: depth = int(option_spider.strip().split()[0]) except (ValueError, IndexError, AttributeError): depth = 0 try: try: spider(archives_url, txheaders, depth) except IOError, e: print "Cannot open the url = %s" % archives_url print e.strerror sys.exit(1) if len(database.keys()) < 1: print "No information found!"
def process(url, database, attack_list, txheaders): appendToReport(url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>") plop = open('results/bsql_GrabberAttacks.xml','w') plop.write("<bsqlAttacks>\n") appendToReport(url, '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">'); for u in database.keys(): appendToReport(u, "<h4><div class='label label-default'><a target='_balnk' href='"+ u +"'>"+ u +"</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u,gParam,defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_GET(u,gParam,andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_GET(u,gParam,'', txheaders) overflowErS = getContent_GET(u,gParam,overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_GET(u,gParam,instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write(generateOutput(u,gParam,instance,"GET",key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write(generateOutput(u,gParam,"99999...99999","GET","Overflow")) """ # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) """ if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u,gParam,defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_POST(u,gParam,andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_POST(u,gParam,'', txheaders) overflowErS = getContent_POST(u,gParam,overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_POST(u,gParam,instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write(generateOutput(u,gParam,instance,"POST",key)) else: # report a overflow possible error plop.write(generateOutput(u,gParam,"99999...99999","POST","Overflow")) plop.write("\n</bsqlAttacks>\n") appendToReport(url, "</div></div>"); plop.close() return ""
def process(url, database, attack_list, txheaders): appendToReport( url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseSql' href='#collapseSql'>SQL Injection Attacks </a></h3></div>" ) plop = open('results/sql_GrabberAttacks.xml', 'w') plop.write("<sqlAttacks>\n") appendToReport( url, '<div id="collapseSql" class="panel-collapse collapse in"><div class="panel-body">' ) for u in database.keys(): appendToReport( u, "<h4><div class='label label-default'><a target='_balnk' href='" + u + "'>" + u + "</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u for gParam in database[u]['GET']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: handle = getContent_GET(u, gParam, instance, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write( generateOutput(u, gParam, instance, "GET", typeOfInjection)) appendToReport( u, generateHTMLOutput(u, gParam, instance, "GET", typeOfInjection)) #see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u, url, txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write( generateOutputLong(u, url, "GET", typeOfInjection)) appendToReport( u, generateHTMLOutput(u, "ALL", url, "GET", typeOfInjection)) if len(database[u]['POST']): print "Method = POST ", u for gParam in database[u]['POST']: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for param in database[u]['POST']: if param != gParam: allParams[param] = 'abc' allParams[gParam] = str(instance) handle = getContentDirectURL_POST( u, allParams, txheaders) if handle != None: output = handle.read() header = handle.info() if detect_sql(output): # generate the info... plop.write( generateOutput(u, gParam, instance, "POST", typeOfInjection)) appendToReport( u, generateHTMLOutput(u, gParam, instance, "POST", typeOfInjection)) # see the permutations if len(database[u]['POST'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: allParams = {} for gParam in database[u]['POST']: allParams[gParam] = str(instance) handle = getContentDirectURL_POST(u, allParams, txheaders) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write( generateOutputLong(u, url, "POST", typeOfInjection, allParams)) appendToReport( u, generateHTMLOutput(u, "All", instance, "POST", typeOfInjection)) plop.write("\n</sqlAttacks>\n") appendToReport(url, "</div></div>") plop.close() return ""
def spider(entryUrl, headers, depth = 0): print entryUrl global root,outSpiderFile global txheaders txheaders = headers """ Retrieve every links """ if depth > 0: root = makeRoot(entryUrl) else: root = entryUrl # test if the spider has already be done on this website try: f = open("local/spiderSite.xml", 'r') firstLine = f.readline() f.close() if firstLine.count(root) > 0: alreadyScanned = True else: alreadyScanned = False except IOError: alreadyScanned = False print "Start scanning...", root appendToReport("Indexing - " + entryUrl, "", False) if depth == 0: scan(root) else: if not alreadyScanned: outSpiderFile = open("local/spiderSite.xml","w") outSpiderFile.write("<spider root='%s' depth='%d'>\n" % (root,depth) ) runSpiderScan(root, depth) if len(dumb_params) > 0: outSpiderFile.write("<dumb_parameters>\n") for d in dumb_params: outSpiderFile.write("\t<dumb>%s</dumb>\n" % (d)) outSpiderFile.write("</dumb_parameters>\n") outSpiderFile.write("\n</spider>") outSpiderFile.close() else: print "Loading the previous spider results from 'local/spiderSite.xml'" # load the XML file regUrl = re.compile(r'(.*)<entryURL>(.*)</entryURL>(.*)',re.I) regDmb = re.compile(r'(.*)<dumb>(.*)</dumb>(.*)',re.I) f = open("local/spiderSite.xml", 'r') for l in f.readlines(): if regUrl.match(l): out = regUrl.search(l) url = out.group(2) database_url.append(url) if regDmb.match(l): out = regDmb.search(l) param = out.group(2) dumb_params.append(param) f.close() # scan every url for currentURL in database_url: try: archives_hDl = getContentDirectURL_GET(currentURL,'') except IOError: log <= ("IOError @ %s" % currentURL) continue try: htmlContent= archives_hDl.read() except IOError, e: continue except AttributeError, e: continue parseHtmlParams(currentURL,htmlContent)
def process(url, database, attack_list, txheaders): appendToReport( url, "<div class='panel panel-info'><div class='panel-heading'><h3 class='panel-title'> <a data-toggle='collapse' data-target='#collapseBSql' href='#collapseBSql'>Blind SQL Injection Attacks </a></h3></div>" ) plop = open('results/bsql_GrabberAttacks.xml', 'w') plop.write("<bsqlAttacks>\n") appendToReport( url, '<div id="collapseBSql" class="panel-collapse collapse in"><div class="panel-body">' ) for u in database.keys(): appendToReport( u, "<h4><div class='label label-default'><a target='_balnk' href='" + u + "'>" + u + "</a></div></h4>") if len(database[u]['GET']): print "Method = GET ", u # single parameter testing for gParam in database[u]['GET']: defaultValue = database[u]['GET'][gParam] defaultReturn = getContent_GET(u, gParam, defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_GET(u, gParam, andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_GET(u, gParam, '', txheaders) overflowErS = getContent_GET(u, gParam, overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_GET( u, gParam, instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error # print u,gParam,instance plop.write( generateOutput( u, gParam, instance, "GET", key)) else: # report a overflow possible error #print u,gParam, "overflow" plop.write( generateOutput(u, gParam, "99999...99999", "GET", "Overflow")) """ # see the permutations if len(database[u]['GET'].keys()) > 1: for typeOfInjection in attack_list: for instance in attack_list[typeOfInjection]: url = "" for gParam in database[u]['GET']: url += ("%s=%s&" % (gParam, single_urlencode(str(instance)))) handle = getContentDirectURL_GET(u,url) if handle != None: output = handle.read() if detect_sql(output): # generate the info... plop.write(generateOutputLong(u,url,"GET",typeOfInjection)) """ if len(database[u]['POST']): print "Method = POST ", u # single parameter testing for gParam in database[u]['POST']: defaultValue = database[u]['POST'][gParam] defaultReturn = getContent_POST(u, gParam, defaultValue, txheaders) if defaultReturn == None: continue # get the AND statments for andSQL in attack_list['AND']: tmpError = getContent_POST(u, gParam, andSQL, txheaders) if tmpError == None: continue if equal(defaultReturn.read(), tmpError.read()): # dive here :) basicError = getContent_POST(u, gParam, '', txheaders) overflowErS = getContent_POST(u, gParam, overflowStr, txheaders) if basicError == None or overflowErS == None: continue if equal(basicError.read(), overflowErS.read()): for key in orderBSQL[orderBSQL['AND']]: for instance in attack_list[key]: tmpError = getContent_POST( u, gParam, instance, txheaders) if tmpError == None: continue if equal(basicError.read(), tmpError.read()): # should be an error plop.write( generateOutput( u, gParam, instance, "POST", key)) else: # report a overflow possible error plop.write( generateOutput(u, gParam, "99999...99999", "POST", "Overflow")) plop.write("\n</bsqlAttacks>\n") appendToReport(url, "</div></div>") plop.close() return ""
def spider(entryUrl, headers, depth=0): print entryUrl global root, outSpiderFile global txheaders txheaders = headers """ Retrieve every links """ if depth > 0: root = makeRoot(entryUrl) else: root = entryUrl # test if the spider has already be done on this website try: f = open("local/spiderSite.xml", 'r') firstLine = f.readline() f.close() if firstLine.count(root) > 0: alreadyScanned = True else: alreadyScanned = False except IOError: alreadyScanned = False print "Start scanning...", root appendToReport("Indexing - " + entryUrl, "", False) if depth == 0: scan(root) else: if not alreadyScanned: outSpiderFile = open("local/spiderSite.xml", "w") outSpiderFile.write("<spider root='%s' depth='%d'>\n" % (root, depth)) runSpiderScan(root, depth) if len(dumb_params) > 0: outSpiderFile.write("<dumb_parameters>\n") for d in dumb_params: outSpiderFile.write("\t<dumb>%s</dumb>\n" % (d)) outSpiderFile.write("</dumb_parameters>\n") outSpiderFile.write("\n</spider>") outSpiderFile.close() else: print "Loading the previous spider results from 'local/spiderSite.xml'" # load the XML file regUrl = re.compile(r'(.*)<entryURL>(.*)</entryURL>(.*)', re.I) regDmb = re.compile(r'(.*)<dumb>(.*)</dumb>(.*)', re.I) f = open("local/spiderSite.xml", 'r') for l in f.readlines(): if regUrl.match(l): out = regUrl.search(l) url = out.group(2) database_url.append(url) if regDmb.match(l): out = regDmb.search(l) param = out.group(2) dumb_params.append(param) f.close() # scan every url for currentURL in database_url: try: archives_hDl = getContentDirectURL_GET(currentURL, '') except IOError: log <= ("IOError @ %s" % currentURL) continue try: htmlContent = archives_hDl.read() except IOError, e: continue except AttributeError, e: continue parseHtmlParams(currentURL, htmlContent)
# default to localhost ? archives_url = "http://localhost" if option_url: archives_url = option_url root = archives_url createStructure() depth = 1 generateReport(archives_url, False) filename = "file:///Applications/XAMPP/xamppfiles/htdocs/grabber/results/report.html" webbrowser.get("macosx").open(filename, 0, False) definition_headers(option_cookie) if option_cookie != None: appendToReport( archives_url, "<h4><div class='label label-default'>Cookie: " + escape(option_cookie) + "</div></h4>" ) try: depth = int(option_spider.strip().split()[0]) except (ValueError, IndexError, AttributeError): depth = 0 try: try: spider(archives_url, txheaders, depth) except IOError, e: print "Cannot open the url = %s" % archives_url print e.strerror sys.exit(1) if len(database.keys()) < 1: print "No information found!"