class Crlf_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath(os.path.join(os.path.dirname(__file__), '../..')) def test_crlf_injection(self, target): payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r') if (target[:-1].endswith('/')) == False: target += "/" try: flag = requests.get(target) for i in payload.readlines()[1:]: req = requests.get(target + i) if req.text == flag.text: continue status = req.status_code if status != 404 and status != 403 and status != 400: poc = "POC: " + target + i self.Print.printer(3, "CRLF header Injection", data, status, poc) except Exception as e: print("Error occured while checking for crlf injection. Check module\ log for details") self.logger.module_log(e) return
class Crlf_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..')) def test_crlf_injection(self, target): payload = open(self.filepath + '/Fuzzdatabase/crlf_fuzzer.txt', 'r') if (target[:-1].endswith('/')) == False: target += "/" try: flag = requests.get(target) for i in payload.readlines()[1:]: req = requests.get(target + i) if req.text == flag.text: continue status = req.status_code if status != 404 and status != 403 and status != 400: poc = "POC: " + target + i self.Print.printer(3, "CRLF header Injection", data, status, poc) except Exception as e: print( "Error occured while checking for crlf injection. Check module\ log for details") self.logger.module_log(e) return
class Sql_injection(): def __init__(self): self.Print = Print() self.logger = LoggingManager() self.filepath = os.path.abspath( os.path.join(os.path.dirname(__file__), '../..')) def execute_all_func(self, target): try: self.check_cookies(target) except Exception as e: print("Error while checking cookies.Check module log for details") self.logger.module_log(e) try: self.check_user_agent(target) except Exception as e: print( "Error while checking user agent.Check module log for details." ) self.logger.module_log(e) return def check_cookies(self, target): session = requests.Session() req = session.get(target) payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r') check = ["MySQL server version", "have an error", "SQL syntax"] for i in payload.readlines(): i = i.strip("\n") for cookie in session.cookies: cookie.value += i r = session.get(target) for j in range(0, len(check)): if check[j] in r.text: poc = "POC: " + cookie.name + ": " + cookie.value self.Print.printer(3, "Error Based SQLi(Cookie Based)", None, req.status_code, poc) return def check_user_agent(self, target): payload = open(self.filepath + '/Fuzzdatabase/error_sql.txt', 'r') for i in payload.readlines(): user_agent = { 'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' + 'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0' } user_agent['User-agent'] += i req = urllib.request.Request(target, headers=user_agent) flag = str(urllib.request.urlopen(req).read()) check = ["MySQL server version", "have an error", "SQL syntax"] for j in range(0, len(check)): for line in re.finditer(check[j], flag): self.Print.printer(3, "Error Based SQLi(User Agent)", None, None, None) return
class Host_injection(): def __init__(self): self.logger = LoggingManager() self.Print = Print() def host_header_inj(self, target): headers = {'Host': 'www.google.com'} header = {'X-Forwarded-Host': 'www.google.com'} check_host = "google.com" try: req = requests.get(target, headers=headers, allow_redirects=False) if req.status_code == 302 or req.status_code == 301: location = req.headers['Location'] if check_host in location: self.Print.printer(1, "Host Header injection", target, req.status_code) req = requests.get(target, headers=header, allow_redirects=False) if req.status_code == 302 or req.status_code == 301: location = req.headers['Location'] if check_host in location: self.Print.printer(1, "Host Header injection", target, req.status_code) except SSLError as e: self.Print.printer(-1, "Host Header injection: Manual check needed", target, req.status_code) except ConnectionError: self.Print.printer(-1, "Host Header injection: ConnectionError", target, req.status_code) except Exception as e: self.logger.module_log(e) print("Error occured while checking host header injection. Check\ module log for details")