2018-08-30 15:54:15 +03:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
"""
|
|
|
|
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|
|
|
See the file 'LICENSE' for copying permission
|
|
|
|
"""
|
|
|
|
|
|
|
|
import cookielib
|
|
|
|
import glob
|
|
|
|
import httplib
|
|
|
|
import inspect
|
|
|
|
import os
|
|
|
|
import re
|
|
|
|
import subprocess
|
|
|
|
import sys
|
|
|
|
import urllib2
|
|
|
|
|
|
|
|
sys.dont_write_bytecode = True
|
|
|
|
|
2018-08-30 16:18:42 +03:00
|
|
|
NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "sqlmap developers (@sqlmap)"
|
2018-08-30 15:54:15 +03:00
|
|
|
TIMEOUT = 10
|
|
|
|
HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"}
|
|
|
|
SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", ".."))
|
|
|
|
SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf")
|
2018-08-30 16:18:42 +03:00
|
|
|
LEVEL_COLORS = {"o": "\033[00;94m", "x": "\033[00;91m", "!": "\033[00;93m", "i": "\033[00;92m"}
|
2018-08-30 15:54:15 +03:00
|
|
|
CACHE = {}
|
|
|
|
WAF_FUNCTIONS = []
|
|
|
|
|
|
|
|
def get_page(get=None, url=None, host=None, data=None):
|
|
|
|
key = (get, url, host, data)
|
|
|
|
|
|
|
|
if key in CACHE:
|
|
|
|
return CACHE[key]
|
|
|
|
|
|
|
|
page, headers, code = None, {}, httplib.OK
|
|
|
|
|
|
|
|
url = url or ("%s%s%s" % (sys.argv[1], '?' if '?' not in sys.argv[1] else '&', get) if get else sys.argv[1])
|
|
|
|
if not url.startswith("http"):
|
|
|
|
url = "http://%s" % url
|
|
|
|
|
|
|
|
try:
|
|
|
|
req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS)
|
2018-08-30 16:18:42 +03:00
|
|
|
conn = urllib2.urlopen(req, timeout=TIMEOUT)
|
|
|
|
page = conn.read()
|
|
|
|
headers = conn.info()
|
2018-08-30 15:54:15 +03:00
|
|
|
except Exception, ex:
|
|
|
|
code = getattr(ex, "code", None)
|
|
|
|
page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "")
|
2018-08-30 16:50:17 +03:00
|
|
|
headers = ex.info() if hasattr(ex, "info") else {}
|
2018-08-30 15:54:15 +03:00
|
|
|
|
|
|
|
result = CACHE[key] = page, headers, code
|
|
|
|
|
|
|
|
return result
|
|
|
|
|
2018-08-30 16:18:42 +03:00
|
|
|
def colorize(message):
|
2018-08-30 16:21:46 +03:00
|
|
|
if not subprocess.mswindows and sys.stdout.isatty():
|
2018-08-30 16:18:42 +03:00
|
|
|
message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message)
|
|
|
|
message = message.replace("@sqlmap", "\033[00;96m@sqlmap\033[00;49m")
|
|
|
|
message = message.replace(NAME, "\033[00;93m%s\033[00;49m" % NAME)
|
|
|
|
|
|
|
|
return message
|
|
|
|
|
2018-08-30 15:54:15 +03:00
|
|
|
def main():
|
|
|
|
global WAF_FUNCTIONS
|
|
|
|
|
2018-08-30 16:18:42 +03:00
|
|
|
print colorize("%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR))
|
2018-08-30 15:54:15 +03:00
|
|
|
|
|
|
|
if len(sys.argv) < 2:
|
2018-08-30 16:18:42 +03:00
|
|
|
exit(colorize("[x] usage: python %s <hostname>" % os.path.split(__file__)[-1]))
|
2018-08-30 15:54:15 +03:00
|
|
|
|
|
|
|
cookie_jar = cookielib.CookieJar()
|
|
|
|
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
|
|
|
|
urllib2.install_opener(opener)
|
|
|
|
|
|
|
|
sys.path.insert(0, SQLMAP_DIR)
|
|
|
|
|
|
|
|
for found in glob.glob(os.path.join(SCRIPTS_DIR, "*.py")):
|
|
|
|
dirname, filename = os.path.split(found)
|
|
|
|
dirname = os.path.abspath(dirname)
|
|
|
|
|
|
|
|
if filename == "__init__.py":
|
|
|
|
continue
|
|
|
|
|
|
|
|
if dirname not in sys.path:
|
|
|
|
sys.path.insert(0, dirname)
|
|
|
|
|
|
|
|
try:
|
|
|
|
if filename[:-3] in sys.modules:
|
|
|
|
del sys.modules[filename[:-3]]
|
|
|
|
module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8"))
|
|
|
|
except ImportError, msg:
|
2018-08-30 16:18:42 +03:00
|
|
|
exit(colorize("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg)))
|
2018-08-30 15:54:15 +03:00
|
|
|
|
|
|
|
_ = dict(inspect.getmembers(module))
|
|
|
|
if "detect" not in _:
|
2018-08-30 16:18:42 +03:00
|
|
|
exit(colorize("[x] missing function 'detect(get_page)' in WAF script '%s'" % found))
|
2018-08-30 15:54:15 +03:00
|
|
|
else:
|
|
|
|
WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3])))
|
|
|
|
|
|
|
|
WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower())
|
|
|
|
|
2018-08-30 16:18:42 +03:00
|
|
|
print colorize("[i] %d WAF scripts loaded" % len(WAF_FUNCTIONS))
|
2018-08-30 15:54:15 +03:00
|
|
|
|
|
|
|
found = False
|
|
|
|
for function, product in WAF_FUNCTIONS:
|
|
|
|
if found and "unknown" in product.lower():
|
|
|
|
continue
|
|
|
|
|
|
|
|
if function(get_page):
|
2018-09-14 11:01:31 +03:00
|
|
|
print colorize("[!] WAF/IPS identified as '%s'" % product)
|
2018-08-30 15:54:15 +03:00
|
|
|
found = True
|
|
|
|
|
|
|
|
if not found:
|
2018-08-30 16:18:42 +03:00
|
|
|
print colorize("[o] nothing found")
|
2018-08-30 15:54:15 +03:00
|
|
|
|
2018-08-30 16:21:46 +03:00
|
|
|
print
|
|
|
|
|
2018-08-30 15:54:15 +03:00
|
|
|
if __name__ == "__main__":
|
|
|
|
main()
|