def print_scan_result(type, response, payload_str, verification, request_info): """ Print Scan Result Args: type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post" response: The response content of request payload_str: The real payload of FI based on parameters, it is a string, e.g. "file=../../../../../../../../../../../../../../../etc/passwd%00" verification: The verification of FI, it can be a string or list request_info: The info of request, it is a dict """ result_fi = "" if response: res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format( request_info['rid'], request_info['host'], request_info['method'], payload_str, verify_fi(response, verification)) result_fi = verify_fi(response, verification) else: res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format( request_info['rid'], request_info['host'], request_info['method'], payload_str, "not vulnerable") result_fi = "not vulnerable" poc_fi = "{}: {}".format(type, payload_str) update_scan_result(request_info['rid'], 'scan_fi', 'result_fi', result_fi, 'poc_fi', poc_fi, 'response_fi', response) print highlight(res, 'green') return result_fi
def print_scan_result(type, response, payload_str, verification, request_info): """ Print Scan Result Args: type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post" response: The response content of request payload_str: The real payload of XSS based on parameters, it is a string, e.g. "value=<script>alert(1)</script>" verification: The verification of XSS, it can be a string or list request_info: The info of request, it is a dict """ result_xss = "" if response: res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format( request_info['rid'], request_info['host'], request_info['method'], payload_str, verify_xss(response, verification)) result_xss = verify_xss(response, verification) else: res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format( request_info['rid'], request_info['host'], request_info['method'], payload_str, "not vulnerable") result_xss = "not vulnerable" poc_xss = "{}: {}".format(type, payload_str) update_scan_result(request_info['rid'], 'scan_xss', 'result_xss', result_xss, 'poc_xss', poc_xss, 'response_xss', response) print highlight(res, 'green') return result_xss
def task_delete(self): url = "{}task/{}/delete".format(self.server, self.taskid) res = json.loads(requests.get(url, timeout = TIME_OUT).text) if res['success']: print highlight('[*] deleted task: {}'.format(self.taskid), 'green') return True else: print highlight('[!] invalid task: {}'.format(self.taskid), 'yellow') return False
def insert_request(request, raw): if raw.startswith('\\r\\n'): raw = raw.lstrip('\\r\\n') try: # feeds = [] # for key, value in request.items(): # if key != 'time': # feeds.append(escape_content(value)) # feeds_str = ",".join(feeds) # rid = hashlib.sha256(feeds_str).hexdigest() rid = getRid(raw) if not is_duplicate('requests', rid): now = str( time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))) table_request = 'requests' request['rid'] = rid request['update_time'] = now request['raw'] = raw table_response = 'responses' args_response = {} args_response['rid'] = rid args_response['update_time'] = now flag = 'insert' else: now = str( time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))) table_request = 'requests' args_request = {} args_request['update_time'] = now cons_request = {} cons_request['rid'] = rid table_response = 'responses' args_response = {} args_response['update_time'] = now cons_response = {} cons_response['rid'] = rid flag = 'update' if flag == 'insert': if db_insert(table_request, request) and db_insert( table_response, args_response): print highlight( '[+] {} request rid: {}, url: {}://{}{}'.format( flag, rid, request['protocol'], request['host'], request['path']), 'green') return True else: return False except Exception, e: print highlight('[!] {}'.format(str(e)), 'red') return False
def task_new(self): url = "{}task/new".format(self.server) res = json.loads(requests.get(url, timeout = TIME_OUT).text) if res['success']: self.taskid = res['taskid'] print highlight('[*] created new task: {}'.format(self.taskid), 'green') print '\t[-]target: {}'.format(self.target) return True else: return False
def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(1)[0]) limit_num = 10000 # Number of limit of requests scan_type = 'scan_sqli' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: scanner(request) else: print highlight("[!] no new request found", 'yellow')
def task_delete(self): url = "{}task/{}/delete".format(self.server, self.taskid) res = json.loads(requests.get(url, timeout=TIME_OUT).text) if res['success']: print highlight('[*] deleted task: {}'.format(self.taskid), 'green') return True else: print highlight('[!] invalid task: {}'.format(self.taskid), 'yellow') return False
def task_new(self): url = "{}task/new".format(self.server) res = json.loads(requests.get(url, timeout=TIME_OUT).text) if res['success']: self.taskid = res['taskid'] print highlight('[*] created new task: {}'.format(self.taskid), 'green') print '\t[-]target: {}'.format(self.target) return True else: return False
def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(2)[0]) # 2 means exclusion type is FI(File Inclusion) limit_num = 10000 # Number of limit of requests scan_type = 'scan_fi' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: try: scanner(request) except Exception, err: print highlight("[!] scanner failed: {}".format(str(err)), 'red') pass
def is_duplicate(table, rid): try: sql = "SELECT COUNT(*) FROM {} where rid ='{}'".format(table, rid.strip()) query_result = db_query(sql) count = [row[0] for row in query_result] if count[0] >= 1: return True else: return False except Exception, e: print highlight('[!] {}'.format(str(e)), 'red') return False
def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(0)[0]) limit_num = 10000 # Number of limit of requests scan_type = 'scan_xss' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: try: scanner(request) except Exception, err: print highlight("[!] scanner failed: {}".format(str(err)), 'red') pass
def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan( 2)[0]) # 2 means exclusion type is FI(File Inclusion) limit_num = 10000 # Number of limit of requests scan_type = 'scan_fi' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: try: #print 'lyue' #print request scanner(request) except Exception, err: print highlight("[!] scanner failed: {}".format(str(err)), 'red') pass
def insert_request(request): try: feeds = [] for key, value in request.items(): if key != 'time': feeds.append(escape_content(value)) feeds_str = ",".join(feeds) rid = hashlib.sha256(feeds_str).hexdigest() if not is_duplicate('requests', rid): now = str(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) table_request = 'requests' request['rid'] = rid request['update_time'] = now table_response = 'responses' args_response = {} args_response['rid'] = rid args_response['update_time'] = now flag = 'insert' else: now = str(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time()))) table_request = 'requests' args_request = {} args_request['update_time'] = now cons_request = {} cons_request['rid'] = rid table_response = 'responses' args_response = {} args_response['update_time'] = now cons_response = {} cons_response['rid'] = rid flag = 'update' if flag == 'insert': if db_insert(table_request, request) and db_insert(table_response, args_response): print highlight('[+] {} request rid: {}, url: {}://{}{}'.format(flag, rid, request['protocol'], request['host'], request['path']), 'green') return True else: return False except Exception, e: print highlight('[!] {}'.format(str(e)), 'red') return False
def main1(): while True: now = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('Requests Analysis', highlight(str(now), 'green'), delim) parse_log('log/burp.log', 'parse_burp_log') time.sleep(5) print delim, '\n'
def print_scan_result(type, response, payload_str, verification, request_info): """ Print Scan Result Args: type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post" response: The response content of request payload_str: The real payload of FI based on parameters, it is a string, e.g. "file=../../../../../../../../../../../../../../../etc/passwd%00" verification: The verification of FI, it can be a string or list request_info: The info of request, it is a dict """ result_fi = "" if response: res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, verify_fi(response, verification)) result_fi = verify_fi(response, verification) else: res = "[FI] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, "not vulnerable") result_fi = "not vulnerable" poc_fi = "{}: {}".format(type, payload_str) update_scan_result(request_info['rid'], 'scan_fi', 'result_fi', result_fi, 'poc_fi', poc_fi, 'response_fi', response) print highlight(res, 'green') return result_fi
def run(self): if not self.task_new(): return False self.option_set() if not self.scan_start(): return False while True: if self.scan_status() == 'running': time.sleep(10) elif self.scan_status() == 'terminated': break else: break print '\t[-] scan time: {}'.format(time.time() - self.start_time) if time.time() - self.start_time > 3000: error = True self.scan_stop() self.scan_kill() break self.scan_data() self.task_delete() print highlight('[*] total scan time: {}'.format(time.time() - self.start_time), 'green')
def print_scan_result(type, response, payload_str, verification, request_info): """ Print Scan Result Args: type: Type of POC, it is a string, e.g. "Cookie", "Path", "Post" response: The response content of request payload_str: The real payload of XSS based on parameters, it is a string, e.g. "value=<script>alert(1)</script>" verification: The verification of XSS, it can be a string or list request_info: The info of request, it is a dict """ result_xss = "" if response: res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, verify_xss(response, verification)) result_xss = verify_xss(response, verification) else: res = "[XSS] request id: {}\n\t[-] host: {}\n\t[-] method: {}\n\t[-] payload: {}\n\n[*] result: {}\n\n".format(request_info['rid'], request_info['host'], request_info['method'], payload_str, "not vulnerable") result_xss = "not vulnerable" poc_xss = "{}: {}".format(type, payload_str) update_scan_result(request_info['rid'], 'scan_xss', 'result_xss', result_xss, 'poc_xss', poc_xss, 'response_xss', response) print highlight(res, 'green') return result_xss
def run(self): if not self.task_new(): return False self.option_set() if not self.scan_start(): return False while True: if self.scan_status() == 'running': time.sleep(10) elif self.scan_status() == 'terminated': break else: break print '\t[-] scan time: {}'.format(time.time() - self.start_time) if time.time() - self.start_time > 3000: error = True self.scan_stop() self.scan_kill() break self.scan_data() self.task_delete() print highlight( '[*] total scan time: {}'.format(time.time() - self.start_time), 'green')
def scan_data(self): url = "{}scan/{}/data".format(self.server, self.taskid) res = json.loads(requests.get(url, timeout = TIME_OUT).text) if res['success']: self.data = res['data'] if len(self.data) == 0: print highlight('[*] not injection!!!', 'red') else: print highlight('[*] injection found:', 'blue') print '\t[-]result: {}'.format(self.data) else: print highlight('[!] invalid scan!!!', 'yellow')
def scan_data(self): url = "{}scan/{}/data".format(self.server, self.taskid) res = json.loads(requests.get(url, timeout=TIME_OUT).text) if res['success']: self.data = res['data'] if len(self.data) == 0: print highlight('[*] not injection!!!', 'red') else: print highlight('[*] injection found:', 'blue') print '\t[-]result: {}'.format(self.data) else: print highlight('[!] invalid scan!!!', 'yellow')
def scan_sqli_request(request_info, sqlmapapi_server): delim = '.............................................\n' try: if not is_checked(request_info['rid'], 'scan_sqli'): print highlight('[*] request id: {}'.format(request_info['rid']), 'green') print highlight('[*] sqlmapapi server: {}'.format(sqlmapapi_server), 'green') run_scan_sqli = HackSqlmapApi(sqlmapapi_server, request_info) run_scan_sqli.run() if len(run_scan_sqli.data) == 0: result_sqli = 'not vulnerable' poc_sqli = '' else: result_sqli = 'vulnerable' poc_sqli = str(run_scan_sqli.data) update_scan_result(request_info['rid'], 'scan_sqli', 'result_sqli', result_sqli, 'poc_sqli', poc_sqli, 'response_sqli', poc_sqli) print delim except Exception, err: print highlight('[!] error: {}'.format(str(err)), 'red') print delim pass
def scan_sqli_request(request_info, sqlmapapi_server): delim = '.............................................\n' try: if not is_checked(request_info['rid'], 'scan_sqli'): print highlight('[*] request id: {}'.format(request_info['rid']), 'green') print highlight( '[*] sqlmapapi server: {}'.format(sqlmapapi_server), 'green') run_scan_sqli = HackSqlmapApi(sqlmapapi_server, request_info) run_scan_sqli.run() if len(run_scan_sqli.data) == 0: result_sqli = 'not vulnerable' poc_sqli = '' else: result_sqli = 'vulnerable' poc_sqli = str(run_scan_sqli.data) update_scan_result(request_info['rid'], 'scan_sqli', 'result_sqli', result_sqli, 'poc_sqli', poc_sqli, 'response_sqli', poc_sqli) print delim except Exception, err: print highlight('[!] error: {}'.format(str(err)), 'red') print delim pass
return requestinfo def parse_log(log_file, excludes): requests = get_file_to_array(log_file) for request in requests: if not is_contained(request, excludes): request_info = request.split( '======================================================')[0] request_info_parsed = parse_request_info(request_info) insert_request( request_info_parsed) # Insert Mitmproxy requests into Database def main(): log_file = sys.argv[1] excludes = get_parse_exclusion_info(fetch_exclusion_parse()[0]) parse_log(log_file, excludes) if __name__ == "__main__": while True: now = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('Requests Analysis', highlight(str(now), 'green'), delim) main() time.sleep(5) print delim, '\n'
request_info = get_request_info(request) if request_info['method'] == "GET": scan_get_request(request_info) elif request_info['method'] == "POST": scan_post_request(request_info) def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(2)[0]) # 2 means exclusion type is FI(File Inclusion) limit_num = 10000 # Number of limit of requests scan_type = 'scan_fi' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: try: scanner(request) except Exception, err: print highlight("[!] scanner failed: {}".format(str(err)), 'red') pass else: print highlight("[!] no new request found", 'yellow') if __name__ == "__main__": while True: now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('LFI/RFI Scan', highlight(str(now), 'green'), delim) main() time.sleep(5) print delim, '\n'
scan_post_request(request_info) def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(0)[0]) limit_num = 10000 # Number of limit of requests scan_type = 'scan_xss' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: try: scanner(request) except Exception, err: print highlight("[!] scanner failed: {}".format(str(err)), 'red') pass else: print highlight("[!] no new request found", 'yellow') if __name__ == "__main__": while True: now = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('XSS Scan', highlight(str(now), 'green'), delim) main() time.sleep(5) print delim, '\n'
sqlmap_info = get_sqlmap_info(sqlmap) sqlmapapi = "http://{}:{}/".format(sqlmap_info['ip'], sqlmap_info['port']) sqlmapapi_servers.append(sqlmapapi) if len(sqlmapapi_servers) > 0: sqlmapapi_server = random.sample(sqlmapapi_servers, 1)[0] else: sqlmapapi_server = 'http://127.0.0.1:8775/' request_info = get_request_info(request) scan_sqli_request(request_info, sqlmapapi_server) def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(1)[0]) limit_num = 10000 # Number of limit of requests scan_type = 'scan_sqli' requests = fetch_request(exclude, scan_type, limit_num) if requests: for request in requests: scanner(request) else: print highlight("[!] no new request found", 'yellow') if __name__ == "__main__": while True: now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('SQL Injection Scan', highlight(str(now), 'green'), delim) main() time.sleep(5) print delim, '\n'
elif request_info['method'] == "POST": scan_post_request(request_info) def main(): exclude = get_scan_exclusion_info(fetch_exclusion_scan(0)[0]) limit_num = 10000 # Number of limit of requests scan_type = 'scan_xss' requests = fetch_request(exclude, scan_type, limit_num) print len(requests) if requests: for request in requests: print 'request:',request try: scanner(request) except Exception, err: print highlight("[!] scanner failed: {}".format(str(err)), 'red') pass else: print highlight("[!] no new request found", 'yellow') if __name__ == "__main__": while True: now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('XSS Scan', highlight(str(now), 'green'), delim) main() time.sleep(5) print delim, '\n'
requestinfo['cookie'] = cookie if requestinfo['method'] == "POST": post_data = lines[-2] requestinfo['post_data'] = post_data return requestinfo def parse_log(log_file, excludes): requests = get_file_to_array(log_file) for request in requests: if not is_contained(request, excludes): url_info = request.split('======================================================')[1] request_info = request.split('======================================================')[2] url_info_parsed = parse_url_info(url_info) request_info_parsed = parse_request_info(request_info) request_parsed = dict(url_info_parsed, **request_info_parsed) insert_request(request_parsed) # Insert Burp requests into Database def main(): log_file = sys.argv[1] excludes = get_parse_exclusion_info(fetch_exclusion_parse()[0]) parse_log(log_file, excludes) if __name__ == "__main__": while True: now = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())) delim = '.............................................' print "[*][{}] Time: {}\n{}".format('Requests Analysis', highlight(str(now), 'green'), delim) main() time.sleep(5) print delim, '\n'