Adding new WAF scripts (merging from identYwaf - same author)

This commit is contained in:
Miroslav Stampar 2019-01-15 00:41:00 +01:00
parent 6cdb90ddf8
commit 40f067aa17
9 changed files with 119 additions and 7 deletions

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.1.49" VERSION = "1.3.1.50"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py
9a7d68d5fa01561500423791f15cc676 lib/core/replication.py 9a7d68d5fa01561500423791f15cc676 lib/core/replication.py
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
4f9aafb24e5b12eb078b1b68719d9afe lib/core/settings.py 80cfb89595be410e564c7501c530c58e lib/core/settings.py
a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py
5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py 5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py
eec3080ba5baca44c6de4595f1c92a0d lib/core/target.py eec3080ba5baca44c6de4595f1c92a0d lib/core/target.py
@ -404,8 +404,9 @@ b6bc83ae9ea69cf96e9389bde8250c7c waf/airlock.py
425f2599f57ab81b4fff67e6b442cccc waf/armor.py 425f2599f57ab81b4fff67e6b442cccc waf/armor.py
33b6e6793ed3add457d7c909ec599ad3 waf/asm.py 33b6e6793ed3add457d7c909ec599ad3 waf/asm.py
9dbec5d674ed4c762ffc9bc3ab402739 waf/aws.py 9dbec5d674ed4c762ffc9bc3ab402739 waf/aws.py
4fd9a8e3aac364fe5509b23e7eb5a448 waf/barracuda.py e57a22864477ad23ae6a3d308f9b5410 waf/barracuda.py
742f8c9b7f3a858e11dfd2ce3df65c6e waf/binarysec.py 742f8c9b7f3a858e11dfd2ce3df65c6e waf/binarysec.py
1712d76bd4adb705f3317ff5908acdcd waf/bitninja.py
2608fbe2c80fae99bb09db1f93d80cdd waf/bluedon.py 2608fbe2c80fae99bb09db1f93d80cdd waf/bluedon.py
8385218d8a1863dbfd4274db36880dfe waf/cerber.py 8385218d8a1863dbfd4274db36880dfe waf/cerber.py
5ae64cad95b7f904c350cc81230c3bd1 waf/chinacache.py 5ae64cad95b7f904c350cc81230c3bd1 waf/chinacache.py
@ -423,10 +424,12 @@ a8412619d7f26ed6bc9e0b20a57b2324 waf/edgecast.py
588d2f9a8f201e120e74e508564cb487 waf/fortiweb.py 588d2f9a8f201e120e74e508564cb487 waf/fortiweb.py
0e9eb20967d2dde941cca8c663a63e1f waf/generic.py 0e9eb20967d2dde941cca8c663a63e1f waf/generic.py
4ea580dd1b9679bd733866976ad5d81e waf/godaddy.py 4ea580dd1b9679bd733866976ad5d81e waf/godaddy.py
27385b15477031a3aff25df601a1ff51 waf/greywizard.py
256a7ea2c1cd2745fe788cf8f6123f8a waf/imunify360.py 256a7ea2c1cd2745fe788cf8f6123f8a waf/imunify360.py
4c4d480c155ae99262043c80a76ec1d5 waf/incapsula.py f4e3fb185b92483832d14b532f467b35 waf/incapsula.py
fb6be55d21a70765e35549af2484f762 waf/__init__.py fb6be55d21a70765e35549af2484f762 waf/__init__.py
a3ee375714987acccc26d1b07c2e8af7 waf/isaserver.py a3ee375714987acccc26d1b07c2e8af7 waf/isaserver.py
e6994165497cef25d7a785cd3d4a3c64 waf/janusec.py
ce9cf35919a92d65347bb74ca0c5c86f waf/jiasule.py ce9cf35919a92d65347bb74ca0c5c86f waf/jiasule.py
f44ed04eeb4287c11ce277703ec7d72d waf/knownsec.py f44ed04eeb4287c11ce277703ec7d72d waf/knownsec.py
8c3977c543ca4ec6d4231f604217cf94 waf/kona.py 8c3977c543ca4ec6d4231f604217cf94 waf/kona.py
@ -434,11 +437,13 @@ d4f36e44f496f4d51baa3241eabc60fd waf/malcare.py
509af267f45485f3cb1c839fa040ff07 waf/modsecurity.py 509af267f45485f3cb1c839fa040ff07 waf/modsecurity.py
78af8e791207db9723a14bddeb7524af waf/naxsi.py 78af8e791207db9723a14bddeb7524af waf/naxsi.py
504ade4d32bdbbd2932eebb07f57c3eb waf/netcontinuum.py 504ade4d32bdbbd2932eebb07f57c3eb waf/netcontinuum.py
8004b57e9b8e19060aae5b82ecb87472 waf/netscaler.py
96e1902b7e4297173d519b00c86f6a02 waf/newdefend.py 96e1902b7e4297173d519b00c86f6a02 waf/newdefend.py
d03dfe93a14c966b88f5baf59ce2b091 waf/ninjafirewall.py d03dfe93a14c966b88f5baf59ce2b091 waf/ninjafirewall.py
69fc40e85751279e9018d643742db04e waf/nsfocus.py 69fc40e85751279e9018d643742db04e waf/nsfocus.py
a59aff03a5b3fb40ea0feb3489677040 waf/onmessageshield.py a59aff03a5b3fb40ea0feb3489677040 waf/onmessageshield.py
532b6f8de357a9b88a313944e1756538 waf/paloalto.py 532b6f8de357a9b88a313944e1756538 waf/paloalto.py
f9de9375ffd0447ba93b215493d327a1 waf/perimeterx.py
2979bb64c24256a83625d75a385dde9b waf/profense.py 2979bb64c24256a83625d75a385dde9b waf/profense.py
8de0d46738335a4e498c4ac9038ac3c3 waf/proventia.py 8de0d46738335a4e498c4ac9038ac3c3 waf/proventia.py
ac60456fe7af4eb501d448910e98ee4b waf/radware.py ac60456fe7af4eb501d448910e98ee4b waf/radware.py

View File

@ -16,9 +16,10 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector) page, headers, _ = get_page(get=vector)
retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= "when this page occurred and the event ID found at the bottom of the page" in (page or "")
if retval: if retval:
break break

21
waf/bitninja.py Normal file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "BitNinja (BitNinja)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("alt=\"BitNinja|Security check by BitNinja", "your IP will be removed from BitNinja", "<title>Visitor anti-robot validation</title>"))
if retval:
break
return retval

25
waf/greywizard.py Normal file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.enums import HTTP_HEADER
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Greywizard (Grey Wizard)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\Agreywizard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("We've detected attempted attack or non standard traffic from your IP address", "<title>Grey Wizard</title>"))
if retval:
break
return retval

View File

@ -19,8 +19,7 @@ def detect(get_page):
page, headers, _ = get_page(get=vector) page, headers, _ = get_page(get=vector)
retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("Incapsula incident ID", "_Incapsula_Resource?", "?subject=WAF Block Page:")) retval |= "Incapsula incident ID" in (page or "")
retval |= all(_ in (page or "") for _ in ("Application Firewall Error", "If you feel you have been blocked in error, please contact Customer Support"))
retval |= all(_ in (page or "") for _ in ("Error code 15", "This request was blocked by the security rules")) retval |= all(_ in (page or "") for _ in ("Error code 15", "This request was blocked by the security rules"))
retval |= re.search(r"(?i)incident.{1,100}?\b\d{19}\-\d{17}\b", page or "") is not None retval |= re.search(r"(?i)incident.{1,100}?\b\d{19}\-\d{17}\b", page or "") is not None
retval |= headers.get("X-Iinfo") is not None retval |= headers.get("X-Iinfo") is not None

21
waf/janusec.py Normal file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Janusec Application Gateway (Janusec)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = all(_ in (page or "") for _ in ("Reason:", "by Janusec Application Gateway"))
if retval:
break
return retval

21
waf/netscaler.py Normal file
View File

@ -0,0 +1,21 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "NetScaler AppFirewall (Citrix)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval |= any(_ in (page or "") for _ in ("<title>Application Firewall Block Page</title>", "Violation Category: APPFW_", "AppFW Session ID", "Access has been blocked - if you feel this is in error, please contact the site administrators quoting the following"))
if retval:
break
return retval

19
waf/perimeterx.py Normal file
View File

@ -0,0 +1,19 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "PerimeterX (PerimeterX, Inc.)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "https://www.perimeterx.com/whywasiblocked" in (page or "")
return retval