sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor colorization of WAF Detectify

Browse Source
This commit is contained in:
Miroslav Stampar 2018-08-30 15:18:42 +02:00
parent 9e892e93f3
commit 74d2b60cf3
4 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
extra/wafdetectify/wafdetectify.py
View File

@ -19,11 +19,12 @@ import urlparse
sys.dont_write_bytecode = True sys.dont_write_bytecode = True
NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "Miroslav Stampar (@stamparm)" NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "sqlmap developers (@sqlmap)"
TIMEOUT = 10 TIMEOUT = 10
HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"} HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"}
SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")) SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", ".."))
SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf") SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf")
LEVEL_COLORS = {"o": "\033[00;94m", "x": "\033[00;91m", "!": "\033[00;93m", "i": "\033[00;92m"}
CACHE = {} CACHE = {}
WAF_FUNCTIONS = [] WAF_FUNCTIONS = []
@ -41,7 +42,9 @@ def get_page(get=None, url=None, host=None, data=None):
try: try:
req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS) req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS)
page = urllib2.urlopen(req, timeout=TIMEOUT).read() conn = urllib2.urlopen(req, timeout=TIMEOUT)
page = conn.read()
headers = conn.info()
except Exception, ex: except Exception, ex:
code = getattr(ex, "code", None) code = getattr(ex, "code", None)
page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "")
@ -50,13 +53,21 @@ def get_page(get=None, url=None, host=None, data=None):
return result return result
def colorize(message):
if not subprocess.mswindows:
message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message)
message = message.replace("@sqlmap", "\033[00;96m@sqlmap\033[00;49m")
message = message.replace(NAME, "\033[00;93m%s\033[00;49m" % NAME)
return message
def main(): def main():
global WAF_FUNCTIONS global WAF_FUNCTIONS
print "%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR) print colorize("%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR))
if len(sys.argv) < 2: if len(sys.argv) < 2:
exit("[x] usage: python %s <hostname>" % os.path.split(__file__)[-1]) exit(colorize("[x] usage: python %s <hostname>" % os.path.split(__file__)[-1]))
cookie_jar = cookielib.CookieJar() cookie_jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar)) opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
@ -79,17 +90,17 @@ def main():
del sys.modules[filename[:-3]] del sys.modules[filename[:-3]]
module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8")) module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8"))
except ImportError, msg: except ImportError, msg:
exit("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg)) exit(colorize("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg)))
_ = dict(inspect.getmembers(module)) _ = dict(inspect.getmembers(module))
if "detect" not in _: if "detect" not in _:
exit("[x] missing function 'detect(get_page)' in WAF script '%s'" % found) exit(colorize("[x] missing function 'detect(get_page)' in WAF script '%s'" % found))
else: else:
WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3]))) WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3])))
WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower()) WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower())
print "[i] %d (sqlmap's) WAF scripts loaded" % len(WAF_FUNCTIONS) print colorize("[i] %d WAF scripts loaded" % len(WAF_FUNCTIONS))
found = False found = False
for function, product in WAF_FUNCTIONS: for function, product in WAF_FUNCTIONS:
@ -97,11 +108,11 @@ def main():
continue continue
if function(get_page): if function(get_page):
print "[!] WAF/IPS/IDS identified as '%s'" % product print colorize("[!] WAF/IPS/IDS identified as '%s'" % product)
found = True found = True
if not found: if not found:
print "[o] nothing found" print colorize("[o] nothing found")
if __name__ == "__main__": if __name__ == "__main__":
main() main()

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.8.24" VERSION = "1.2.8.25"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

6
txt/checksum.md5
View File

@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py
1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py
b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py
cf646f49087ff56d752dc831d2245a51 extra/wafdetectify/wafdetectify.py 85ca5478dc2bd9db40772e52dad2f84a extra/wafdetectify/wafdetectify.py
3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py
7493c782345a60f6c00c9281d51a494e lib/controller/checks.py 7493c782345a60f6c00c9281d51a494e lib/controller/checks.py
c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py
@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py
4ecbe8858ce030877cb3e00f437ac87a lib/core/settings.py 13758369fddb4d7e791e989966908ee6 lib/core/settings.py
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
815d1cf27f0f8738d81531e73149867d lib/core/target.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py
@ -415,7 +415,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py
7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py 7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py
954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py 954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py
a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py
eb56ac34775cc3c5f721ec967d04b283 waf/generic.py ade1299c435db7b9e35cf1166ed9d859 waf/generic.py
1c70655551b8296ceeb19292a342e620 waf/hyperguard.py 1c70655551b8296ceeb19292a342e620 waf/hyperguard.py
51aed66945f95641cb45c840e7132e3b waf/incapsula.py 51aed66945f95641cb45c840e7132e3b waf/incapsula.py
1e5532ede194ac9c083891c2f02bca93 waf/__init__.py 1e5532ede194ac9c083891c2f02bca93 waf/__init__.py

2
waf/generic.py
View File

@ -26,7 +26,7 @@ def detect(get_page):
if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))): if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
if code is not None: if code is not None:
kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in headers.headers or [] if not _.startswith("URI")), page) kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), page)
retval = True retval = True
break break