Adding WAF script for SecureIIS

2025-02-03 05:04:11 +03:00 · 2013-02-21 21:34:26 +01:00 · 2013-02-21 21:34:26 +01:00 · 6acb2480b8
commit 6acb2480b8
parent c555120c1f
3 changed files with 21 additions and 1 deletions
--- a/lib/core/decorators.py
+++ b/lib/core/decorators.py
@ -13,7 +13,7 @@ def cachedmethod(f, cache={}):
    """

    def _(*args, **kwargs):
-        key = (f, tuple(args), frozenset(kwargs.items()))
+        key = (f, tuple(args), str(kwargs))
        if key not in cache:
            cache[key] = f(*args, **kwargs)
        return cache[key]
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -152,6 +152,7 @@ class HTTPHEADER:
    REFERER = "Referer"
    SERVER = "Server"
    USER_AGENT = "User-Agent"
+    TRANSFER_ENCODING = "Transfer-Encoding"

 class EXPECTED:
    BOOL = "bool"
--- a/waf/secureiis.py
+++ b/waf/secureiis.py
@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "SecureIIS Web Server Security (BeyondTrust)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    retval = code != 404
+    page, headers, code = get_page(auxHeaders={HTTPHEADER.TRANSFER_ENCODING: 'a' * 1025, HTTPHEADER.ACCEPT_ENCODING: "identity"})
+    retval = retval and code == 404
+    return retval