New WAF script

2024-11-22 17:46:37 +03:00 · 2019-01-12 01:56:18 +01:00 · 2019-01-12 01:56:18 +01:00 · 660036c38b
commit 660036c38b
parent 0a3144ebb5
6 changed files with 48 additions and 4 deletions
--- a/extra/wafdetectify/wafdetectify.py
+++ b/extra/wafdetectify/wafdetectify.py
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.1.44"
+VERSION = "1.3.1.45"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3  lib/core/patch.py
 9a7d68d5fa01561500423791f15cc676  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-b5217540e886d7e5f9eb813288401923  lib/core/settings.py
+848552f020168105797ed2e9b7538666  lib/core/settings.py
 a8a7501d1e6b21669b858a62e921d191  lib/core/shell.py
 5dc606fdf0afefd4b305169c21ab2612  lib/core/subprocessng.py
 eec3080ba5baca44c6de4595f1c92a0d  lib/core/target.py
@ -431,10 +431,11 @@ ce9cf35919a92d65347bb74ca0c5c86f  waf/jiasule.py
 f44ed04eeb4287c11ce277703ec7d72d  waf/knownsec.py
 8c3977c543ca4ec6d4231f604217cf94  waf/kona.py
 d4f36e44f496f4d51baa3241eabc60fd  waf/malcare.py
-4397c299d27a500851726444fb89759e  waf/modsecurity.py
+509af267f45485f3cb1c839fa040ff07  waf/modsecurity.py
 78af8e791207db9723a14bddeb7524af  waf/naxsi.py
 504ade4d32bdbbd2932eebb07f57c3eb  waf/netcontinuum.py
 84e9c68b6ecffafb5ec8cd96acaf62b9  waf/newdefend.py
+9217767400caaf2c09379b694e0038e5  waf/nginx.py
 d03dfe93a14c966b88f5baf59ce2b091  waf/ninjafirewall.py
 69fc40e85751279e9018d643742db04e  waf/nsfocus.py
 a59aff03a5b3fb40ea0feb3489677040  waf/onmessageshield.py
@ -451,6 +452,7 @@ d2d9718de217dd07d9e66b2e6ad61380  waf/safe3.py
 ac0728ddb7a15b46b0eabd78cd661f8c  waf/secureiis.py
 ba37e1c37fa0e3688873f74183a9cb9c  waf/senginx.py
 2602a8baed4da643e606a379e4dc75db  waf/shieldsecurity.py
+fc21ce1e6e597e44818c03d9cb859e83  waf/siteground.py
 332f27cfa02abca513719851850c782e  waf/siteguard.py
 c842d298e61a87b32668c8402a0d87b5  waf/sitelock.py
 a840fcd2bb042694f9aab2859e7c9b30  waf/sonicwall.py
--- a/waf/modsecurity.py
+++ b/waf/modsecurity.py
@ -18,7 +18,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
        retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
-        retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule", "Protected by Mod Security"))
+        retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "Protected by Mod Security"))
        if retval:
            break

--- a/waf/nginx.py
+++ b/waf/nginx.py
@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "NGINX Web Application Firewall (NGINX Inc.)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, _, _ = get_page(get=vector)
+        retval = all(_ in (page or "") for _ in ("<center><h1>403 Forbidden</h1></center>", "<center>nginx</center>"))
+        if retval:
+            break
+
+    return retval
--- a/waf/siteground.py
+++ b/waf/siteground.py
@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "SiteGround Web Application Firewall (SiteGround)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, _, _ = get_page(get=vector)
+        retval =  "The page you are trying to access is restricted due to a security rule" in (page or "")
+        if retval:
+            break
+
+    return retval