def execute_time_based_technique(url, delay, filename, http_request_method, url_time_response): if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) == False: if http_request_method == "GET": print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + Style.RESET_ALL sys.stdout.write(Style.BRIGHT + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + Style.RESET_ALL + "[ " + percent + " ]") sys.stdout.flush() logs.logs_notification(filename) sys.exit(0)
def execute_time_based_technique(url, delay, filename, http_request_method): if tb_handler.exploitation(url, delay, filename, http_request_method) == False: if http_request_method == "GET": print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + Style.RESET_ALL sys.stdout.write(Style.BRIGHT + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + Style.RESET_ALL + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0)
def execute_time_based_technique(url, delay, filename, http_request_method): if tb_handler.exploitation(url, delay, filename, http_request_method) == False: if http_request_method == "GET": print Back.RED + "(x) The url '" + url + "' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '" + parameter + "' parameter appear to be not injectable." + Style.RESET_ALL if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + Style.RESET_ALL sys.stdout.write(Style.BRIGHT + "\r(!) The process of testing the " + menu.options.tech + " injection technique... " + Style.RESET_ALL + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd( ) + "/" + filename + ".txt' \n" sys.exit(0)
def execute_time_based_technique(url, delay, filename, http_request_method, url_time_response): if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) == False: if http_request_method == "GET": print Back.RED + "(x) The url '" + url + "' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '" + parameter + "' parameter appear to be not injectable." + Style.RESET_ALL if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + Style.RESET_ALL sys.stdout.write(Style.BRIGHT + "\r(!) The process of testing the " + menu.options.tech + " injection technique... " + Style.RESET_ALL + "[ " + percent + " ]") sys.stdout.flush() logs.logs_notification(filename) sys.exit(0)
def do_check(url): # Print the findings to log file. parts = url.split('//', 1) host = parts[1].split('/', 1)[0] try: os.stat(settings.OUTPUT_DIR + host + "/") except: os.mkdir(settings.OUTPUT_DIR + host + "/") # The logs filename construction. filename = settings.OUTPUT_DIR + host + "/" + settings.OUTPUT_FILE_NAME output_file = open(filename + ".txt", "a") output_file.write("\n---") output_file.write("\nTime : " + datetime.datetime.fromtimestamp(time.time()).strftime('%H:%M:%S')) output_file.write("\nDate : " + datetime.datetime.fromtimestamp(time.time()).strftime('%m/%d/%Y')) output_file.write("\n---") output_file.write("\nURL : " + url) output_file.write("\n---") output_file.close() # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print colors.BGRED + "(x) Error: You must specify both login panel URL and login parameters.\n" + colors.RESET sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Check if it is vulnerable to classic command injection technique. if menu.options.tech == "classic": if cb_handler.exploitation(url,delay,filename,http_request_method) == None: if http_request_method == "GET": print colors.BGRED + "(x) The url '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) # Check if it is vulnerable to eval-based command injection technique. elif menu.options.tech == "eval-based": if eb_handler.exploitation(url,delay,filename,http_request_method) == None: if http_request_method == "GET": print colors.BGRED + "(x) The url '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) # Check if it is vulnerable to time-based blind command injection technique. elif menu.options.tech == "time-based": if tb_handler.exploitation(url,delay,filename,http_request_method) == None: if http_request_method == "GET": print colors.BGRED + "(x) The url '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) # Check if it is vulnerable to file-based semiblind command injection technique. elif menu.options.tech == "file-based": if fb_handler.exploitation(url,delay,filename,http_request_method) == None: if http_request_method == "GET": print colors.BGRED + "(x) The url '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(!) The process of testing the "+ menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) else: # Automated command injection and exploitation. # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url,delay,filename,http_request_method) == None: classic_state = False else: classic_state = True # Check if eval results-based command injection technique succeeds. if eb_handler.exploitation(url,delay,filename,http_request_method) == None: eval_based_state = False else: eval_based_state = True # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url,delay,filename,http_request_method) == None: time_based_state = False else: time_based_state = True # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url,delay,filename,http_request_method) == None: file_based_state = False else: file_based_state = True if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : if http_request_method == "GET": print colors.BGRED + "(x) The url '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + colors.RESET print "(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) #eof
def do_check(url): # The logs filename construction. filename = logs.create_log_file(url) # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Load modules modules_handler.load_modules(url, http_request_method) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True elif menu.options.tech == "classic": execute_classic_technique(url, delay, filename, http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True elif menu.options.tech == "eval-based": execute_eval_based_technique(url, delay, filename, http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True elif menu.options.tech == "time-based": execute_time_based_technique(url, delay, filename, http_request_method) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True elif menu.options.tech == "file-based": execute_file_based_technique(url, delay, filename, http_request_method) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : if http_request_method == "GET": print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL else: print "(*) The results can be found at '" + os.getcwd() + "/" + filename +".txt'" sys.exit(0) #eof
def do_check(url, filename): classic_state = False eval_based_state = False time_based_state = False file_based_state = False # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is GET or POST. header_name = "" if not menu.options.data: http_request_method = "GET" if not settings.COOKIE_INJECTION \ and not settings.USER_AGENT_INJECTION \ and not settings.REFERER_INJECTION: url = parameters.do_GET_check(url) check_parameter = parameters.vuln_GET_param(url) the_type = " parameter " else: http_request_method = "POST" parameter = menu.options.data parameter = parameters.do_POST_check(parameter) check_parameter = parameters.vuln_POST_param(parameter, url) the_type = " parameter " # Load modules modules_handler.load_modules(url, http_request_method, filename) # Cookie Injection if settings.COOKIE_INJECTION == True: header_name = " Cookie" check_parameter = parameters.specify_cookie_parameter(menu.options.cookie) the_type = " HTTP header " # User-Agent Injection elif settings.USER_AGENT_INJECTION == True: header_name = " User-Agent" check_parameter = "" the_type = " HTTP header " # Referer Injection elif settings.REFERER_INJECTION == True: header_name = " Referer" check_parameter = "" the_type = " HTTP header " else : pass if len(check_parameter) != 0 : check_parameter = " '" + check_parameter + "'" print "(*) Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests." # Estimating the response time (in seconds) delay, url_time_response = requests.estimate_response_time(url, http_request_method, delay) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url, delay, filename, http_request_method) != False: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url, delay, filename, http_request_method) != False: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url, delay, filename, http_request_method) != False: classic_state = True elif menu.options.tech == "classic": cb_handler.exploitation(url, delay, filename, http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url, delay, filename, http_request_method) != False: eval_based_state = True elif menu.options.tech == "eval-based": eb_handler.exploitation(url, delay, filename, http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: time_based_state = True elif menu.options.tech == "time-based": tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: file_based_state = True elif menu.options.tech == "file-based": fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : info_msg = "(x) Critical: The tested (" + http_request_method + ")" + check_parameter +" parameter appear to be not injectable." if not menu.options.alter_shell : info_msg += " Use the option '--alter-shell'" else: info_msg += " Remove the option '--alter-shell'" info_msg += " and/or try to audit the HTTP headers (i.e 'User-Agent', 'Referer', 'Cookie' etc)." print Back.RED + info_msg + Style.RESET_ALL # else: # print "" sys.exit(0)
def do_check(url, filename): classic_state = False eval_based_state = False time_based_state = False file_based_state = False # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is GET or POST. header_name = "" if not menu.options.data: http_request_method = "GET" check_parameter = parameters.vuln_GET_param(url) the_type = " parameter " else: http_request_method = "POST" parameter = menu.options.data check_parameter = parameters.vuln_POST_param(parameter, url) the_type = " parameter " # Load modules modules_handler.load_modules(url, http_request_method, filename) # Cookie Injection if settings.COOKIE_INJECTION == True: header_name = " Cookie" check_parameter = parameters.specify_cookie_parameter(menu.options.cookie) the_type = " HTTP header " # User-Agent Injection elif settings.USER_AGENT_INJECTION == True: header_name = " User-Agent" check_parameter = "" the_type = " HTTP header " # Referer Injection elif settings.REFERER_INJECTION == True: header_name = " Referer" check_parameter = "" the_type = " HTTP header " else : pass if len(check_parameter) != 0 : check_parameter = " '" + check_parameter + "'" print "(*) Setting the " + "(" + http_request_method + ")" + check_parameter + header_name + the_type + "for tests." # Estimating the response time (in seconds) delay, url_time_response = requests.estimate_response_time(url, delay) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url, delay, filename, http_request_method) != False: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url, delay, filename, http_request_method) != False: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url, delay, filename, http_request_method) != False: classic_state = True elif menu.options.tech == "classic": cb_handler.exploitation(url, delay, filename, http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url, delay, filename, http_request_method) != False: eval_based_state = True elif menu.options.tech == "eval-based": eb_handler.exploitation(url, delay, filename, http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: time_based_state = True elif menu.options.tech == "time-based": tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: file_based_state = True elif menu.options.tech == "file-based": fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : if http_request_method == "GET": print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL else: logs.logs_notification(filename) sys.exit(0) #eof
def do_check(url): # The logs filename construction. filename = logs.create_log_file(url) # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Load modules modules_handler.load_modules(url, http_request_method) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len( menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True elif menu.options.tech == "classic": execute_classic_technique(url, delay, filename, http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len( menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True elif menu.options.tech == "eval-based": execute_eval_based_technique(url, delay, filename, http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len( menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True elif menu.options.tech == "time-based": execute_time_based_technique(url, delay, filename, http_request_method) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len( menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True elif menu.options.tech == "file-based": execute_file_based_technique(url, delay, filename, http_request_method) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False: if http_request_method == "GET": print Back.RED + "(x) The url '" + url + "' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '" + parameter + "' parameter appear to be not injectable." + Style.RESET_ALL else: print "(*) The results can be found at '" + os.getcwd( ) + "/" + filename + ".txt'" sys.exit(0) #eof
def do_check(url): # Print the findings to log file. parts = url.split('//', 1) host = parts[1].split('/', 1)[0] try: os.stat(settings.OUTPUT_DIR + host + "/") except: os.mkdir(settings.OUTPUT_DIR + host + "/") # The logs filename construction. filename = settings.OUTPUT_DIR + host + "/" + settings.OUTPUT_FILE_NAME output_file = open(filename + ".txt", "a") output_file.write("\n---") output_file.write("\nTime : " + datetime.datetime.fromtimestamp(time.time()).strftime('%H:%M:%S')) output_file.write("\nDate : " + datetime.datetime.fromtimestamp(time.time()).strftime('%m/%d/%Y')) output_file.write("\n---") output_file.write("\nURL : " + url) output_file.write("\n---") output_file.close() # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Load modules modules_handler.load_modules(url,http_request_method) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url,delay,filename,http_request_method) == False: classic_state = False else: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url,delay,filename,http_request_method) == False: eval_based_state = False else: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url,delay,filename,http_request_method) == False: time_based_state = False else: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url,delay,filename,http_request_method) == False: file_based_state = False else: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url,delay,filename,http_request_method) == False: classic_state = False else: classic_state = True elif menu.options.tech == "classic": execute_classic_technique(url,delay,filename,http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url,delay,filename,http_request_method) == False: eval_based_state = False else: eval_based_state = True elif menu.options.tech == "eval-based": execute_eval_based_technique(url,delay,filename,http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url,delay,filename,http_request_method) == False: time_based_state = False else: time_based_state = True elif menu.options.tech == "time-based": execute_time_based_technique(url,delay,filename,http_request_method) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url,delay,filename,http_request_method) == False: file_based_state = False else: file_based_state = True elif menu.options.tech == "file-based": execute_file_based_technique(url,delay,filename,http_request_method) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : if http_request_method == "GET": print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL else: print "(*) The results can be found at '" + os.getcwd() + "/" + filename +".txt'" sys.exit(0) #eof
def do_check(url): # Print the findings to log file. parts = url.split('//', 1) host = parts[1].split('/', 1)[0] try: os.stat(settings.OUTPUT_DIR + host + "/") except: os.mkdir(settings.OUTPUT_DIR + host + "/") filename = datetime.datetime.fromtimestamp(time.time()).strftime('%Y_%m_%d_%H_%M_%S') filename = settings.OUTPUT_DIR + host + "/" + filename output_file = open(filename + ".txt", "a") output_file.write("\n(+) Host : " + host) output_file.write("\n(+) Date : " + datetime.datetime.fromtimestamp(time.time()).strftime('%m/%d/%Y')) output_file.write("\n(+) Time : " + datetime.datetime.fromtimestamp(time.time()).strftime('%H:%M:%S')) output_file.close() # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print colors.BGRED + "(x) Error: You must specify both login panel URL and login parameters.\n" + colors.RESET sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Check if it is vulnerable to classic command injection technique. if menu.options.tech == "classic": if cb_handler.exploitation(url,delay,filename,http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' appear to be not injectable." + colors.RESET print "(*) The scan has finished successfully!" print "(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) # Check if it is vulnerable to eval-based command injection technique. elif menu.options.tech == "eval-based": if eb_handler.exploitation(url,delay,filename,http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' appear to be not injectable." + colors.RESET print "(*) The scan has finished successfully!" print "(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) # Check if it is vulnerable to time-based blind command injection technique. elif menu.options.tech == "time-based": if tb_handler.exploitation(url,delay,filename,http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' appear to be not injectable." + colors.RESET print "(*) The scan has finished successfully!" print "(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) # Check if it is vulnerable to file-based semiblind command injection technique. elif menu.options.tech == "file-based": if fb_handler.exploitation(url,delay,filename,http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' appear to be not injectable." + colors.RESET print "(*) The scan has finished successfully!" print "(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) else: # Automated command injection and exploitation. if cb_handler.exploitation(url,delay,filename,http_request_method) == False: classic_state = False else: classic_state = True if eb_handler.exploitation(url,delay,filename,http_request_method) == False: eval_based_state = False else: eval_based_state = True if tb_handler.exploitation(url,delay,filename,http_request_method) == False: time_based_state = False else: time_based_state = True if fb_handler.exploitation(url,delay,filename,http_request_method) == False: file_based_state = False else: file_based_state = True if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : if http_request_method == "GET": print colors.BGRED + "(x) The '"+ url +"' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '"+ parameter +"' appear to be not injectable." + colors.RESET print "\n(*) The scan has finished successfully!" print "(*) Results can be found at : '" + os.getcwd() + "/" + filename +".txt' \n" sys.exit(0) #eof
def do_check(url): # Print the findings to log file. parts = url.split('//', 1) host = parts[1].split('/', 1)[0] try: os.stat(settings.OUTPUT_DIR + host + "/") except: os.mkdir(settings.OUTPUT_DIR + host + "/") filename = datetime.datetime.fromtimestamp( time.time()).strftime('%Y_%m_%d_%H_%M_%S') filename = settings.OUTPUT_DIR + host + "/" + filename output_file = open(filename + ".txt", "a") output_file.write("\n(+) Host : " + host) output_file.write( "\n(+) Date : " + datetime.datetime.fromtimestamp(time.time()).strftime('%m/%d/%Y')) output_file.write( "\n(+) Time : " + datetime.datetime.fromtimestamp(time.time()).strftime('%H:%M:%S')) output_file.close() # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print colors.BGRED + "(x) Error: You must specify both login panel URL and login parameters.\n" + colors.RESET sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Check if it is vulnerable to classic command injection technique. if menu.options.tech == "classic": if cb_handler.exploitation(url, delay, filename, http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '" + url + "' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '" + parameter + "' appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(*) The process of testing the " + menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd( ) + "/" + filename + ".txt' \n" sys.exit(0) # Check if it is vulnerable to eval-based command injection technique. elif menu.options.tech == "eval-based": if eb_handler.exploitation(url, delay, filename, http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '" + url + "' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '" + parameter + "' appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(*) The process of testing the " + menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd( ) + "/" + filename + ".txt' \n" sys.exit(0) # Check if it is vulnerable to time-based blind command injection technique. elif menu.options.tech == "time-based": if tb_handler.exploitation(url, delay, filename, http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '" + url + "' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '" + parameter + "' appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(*) The process of testing the " + menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd( ) + "/" + filename + ".txt' \n" sys.exit(0) # Check if it is vulnerable to file-based semiblind command injection technique. elif menu.options.tech == "file-based": if fb_handler.exploitation(url, delay, filename, http_request_method) == False: if http_request_method == "GET": print colors.BGRED + "(x) The '" + url + "' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '" + parameter + "' appear to be not injectable." + colors.RESET if menu.options.verbose: print "\n" percent = colors.PURPLE + "FINISHED" + colors.RESET sys.stdout.write(colors.BOLD + "\r(*) The process of testing the " + menu.options.tech + " injection technique... " + colors.RESET + "[ " + percent + " ]") sys.stdout.flush() print "\n(*) Results can be found at : '" + os.getcwd( ) + "/" + filename + ".txt' \n" sys.exit(0) else: # Automated command injection and exploitation. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False: if http_request_method == "GET": print colors.BGRED + "(x) The '" + url + "' appear to be not injectable." + colors.RESET else: print colors.BGRED + "(x) The '" + parameter + "' appear to be not injectable." + colors.RESET print "(*) Results can be found at : '" + os.getcwd( ) + "/" + filename + ".txt' \n" sys.exit(0) #eof
def do_check(url, filename): classic_state = False eval_based_state = False time_based_state = False file_based_state = False # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Load modules modules_handler.load_modules(url, http_request_method, filename) # Estimating the response time (in seconds) delay, url_time_response = requests.estimate_response_time(url, delay) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url, delay, filename, http_request_method) != False: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url, delay, filename, http_request_method) != False: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len(menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url, delay, filename, http_request_method) != False: classic_state = True elif menu.options.tech == "classic": cb_handler.exploitation(url, delay, filename, http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len(menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url, delay, filename, http_request_method) != False: eval_based_state = True elif menu.options.tech == "eval-based": eb_handler.exploitation(url, delay, filename, http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len(menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: time_based_state = True elif menu.options.tech == "time-based": tb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len(menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) != False: file_based_state = True elif menu.options.tech == "file-based": fb_handler.exploitation(url, delay, filename, http_request_method, url_time_response) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False : if http_request_method == "GET": print Back.RED + "(x) The url '"+ url +"' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '"+ parameter +"' parameter appear to be not injectable." + Style.RESET_ALL else: logs.logs_notification(filename) sys.exit(0) #eof
def do_check(url): # Print the findings to log file. parts = url.split('//', 1) host = parts[1].split('/', 1)[0] try: os.stat(settings.OUTPUT_DIR + host + "/") except: os.mkdir(settings.OUTPUT_DIR + host + "/") # The logs filename construction. filename = settings.OUTPUT_DIR + host + "/" + settings.OUTPUT_FILE_NAME output_file = open(filename + ".txt", "a") output_file.write("\n---") output_file.write( "\nTime : " + datetime.datetime.fromtimestamp(time.time()).strftime('%H:%M:%S')) output_file.write( "\nDate : " + datetime.datetime.fromtimestamp(time.time()).strftime('%m/%d/%Y')) output_file.write("\n---") output_file.write("\nURL : " + url) output_file.write("\n---") output_file.close() # Check if defined "--delay" option. if menu.options.delay: delay = menu.options.delay else: delay = settings.DELAY # Do authentication if needed. if menu.options.auth_url and menu.options.auth_data: authentication.auth_process() elif menu.options.auth_url or menu.options.auth_data: print Back.RED + "(x) Error: You must specify both login panel URL and login parameters.\n" + Style.RESET_ALL sys.exit(0) else: pass # Check if HTTP Method is POST. if not menu.options.data: http_request_method = "GET" else: http_request_method = "POST" parameter = menu.options.data # Load modules modules_handler.load_modules(url, http_request_method) # Check all injection techniques if not menu.options.tech: # Check if it is vulnerable to classic command injection technique. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True # Check if it is vulnerable to eval-based command injection technique. if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True # Check if it is vulnerable to time-based blind command injection technique. if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True # Check if it is vulnerable to file-based semiblind command injection technique. if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True else: # Check if it is vulnerable to classic command injection technique. if "classic" in menu.options.tech or len( menu.options.tech) <= 4 and "c" in menu.options.tech: # Check if classic results-based command injection technique succeeds. if cb_handler.exploitation(url, delay, filename, http_request_method) == False: classic_state = False else: classic_state = True elif menu.options.tech == "classic": execute_classic_technique(url, delay, filename, http_request_method) else: classic_state = False # Check if it is vulnerable to eval-based command injection technique. if "eval-based" in menu.options.tech or len( menu.options.tech) <= 4 and "e" in menu.options.tech: # Check if eval-based command injection technique succeeds. if eb_handler.exploitation(url, delay, filename, http_request_method) == False: eval_based_state = False else: eval_based_state = True elif menu.options.tech == "eval-based": execute_eval_based_technique(url, delay, filename, http_request_method) else: eval_based_state = False # Check if it is vulnerable to time-based blind command injection technique. if "time-based" in menu.options.tech or len( menu.options.tech) <= 4 and "t" in menu.options.tech: # Check if time-based blind command injection technique succeeds. if tb_handler.exploitation(url, delay, filename, http_request_method) == False: time_based_state = False else: time_based_state = True elif menu.options.tech == "time-based": execute_time_based_technique(url, delay, filename, http_request_method) else: time_based_state = False # Check if it is vulnerable to file-based semiblind command injection technique. if "file-based" in menu.options.tech or len( menu.options.tech) <= 4 and "f" in menu.options.tech: # Check if file-based semiblind command injection technique succeeds. if fb_handler.exploitation(url, delay, filename, http_request_method) == False: file_based_state = False else: file_based_state = True elif menu.options.tech == "file-based": execute_file_based_technique(url, delay, filename, http_request_method) else: file_based_state = False if classic_state == False and eval_based_state == False and time_based_state == False and file_based_state == False: if http_request_method == "GET": print Back.RED + "(x) The url '" + url + "' appear to be not injectable." + Style.RESET_ALL else: print Back.RED + "(x) The '" + parameter + "' parameter appear to be not injectable." + Style.RESET_ALL else: print "(*) The results can be found at '" + os.getcwd( ) + "/" + filename + ".txt'" sys.exit(0) #eof