def look_for_admin_login(requestlist):
alerts_admin = []
alerts_patterns = get_attack_patterns("admin")
for req in requestlist:
url = req.url
if url is not None:
for k, v in alerts_patterns.items():
if v in url:
a = Alert(AlertType.Pattern, AlertReason.ADMINSITE, req.raw_request)
alerts_admin.append(a)
return alerts_admin
def look_for_common_misconfigs(requestlist):
alerts_misconf = []
alerts_patterns = get_attack_patterns("misconf")
for req in requestlist:
url = req.url
if url is not None:
for k, v in alerts_patterns.items():
if v in url:
a = Alert(AlertType.Pattern, AlertReason.MISCONF, req.raw_request)
alerts_misconf.append(a)
return alerts_misconf
def look_for_sqli(requestlist):
alerts_sqli=[]
sqli_patterns = get_attack_patterns("sqli")
for req in requestlist:
url = req.url
if url is not None:
for k, v in sqli_patterns.items():
if v in url:
a = Alert(AlertType.Pattern, AlertReason.SQLI, req.raw_request)
alerts_sqli.append(a)
return alerts_sqli
def look_for_cmd_inj(requestlist):
alerts_cmdinj = []
alerts_patterns = get_attack_patterns("cmd_inj")
for req in requestlist:
url = req.url
if url is not None:
for k, v in alerts_patterns.items():
if v in url:
a = Alert(AlertType.Pattern, AlertReason.CMD_INJ, req.raw_request)
alerts_cmdinj.append(a)
return alerts_cmdinj
def look_for_backdoors(requestlist):
alerts_backdoors = []
alerts_patterns = get_attack_patterns("backdoor")
for req in requestlist:
url = req.url
if url is not None:
for k, v in alerts_patterns.items():
if v in url:
a = Alert(AlertType.Pattern, AlertReason.BACKDOOR, req.raw_request)
alerts_backdoors.append(a)
return alerts_backdoors
def look_for_path_traversal(requestlist):
alerts_pathtrav = []
alerts_patterns = get_attack_patterns("path_traversal")
for req in requestlist:
url = req.url
if url is not None:
for k, v in alerts_patterns.items():
encod="%"+v
if encod in url:
a = Alert(AlertType.Pattern, AlertReason.PATH_TRAV, req.raw_request)
alerts_pathtrav.append(a)
return alerts_pathtrav