mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 05:01:32 +03:00 
			
		
		
		
	Minor colorization of WAF Detectify
This commit is contained in:
		
							parent
							
								
									9e892e93f3
								
							
						
					
					
						commit
						74d2b60cf3
					
				|  | @ -19,11 +19,12 @@ import urlparse | ||||||
| 
 | 
 | ||||||
| sys.dont_write_bytecode = True | sys.dont_write_bytecode = True | ||||||
| 
 | 
 | ||||||
| NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "Miroslav Stampar (@stamparm)" | NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "sqlmap developers (@sqlmap)" | ||||||
| TIMEOUT = 10 | TIMEOUT = 10 | ||||||
| HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"} | HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"} | ||||||
| SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")) | SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")) | ||||||
| SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf") | SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf") | ||||||
|  | LEVEL_COLORS = {"o": "\033[00;94m", "x": "\033[00;91m", "!": "\033[00;93m", "i": "\033[00;92m"} | ||||||
| CACHE = {} | CACHE = {} | ||||||
| WAF_FUNCTIONS = [] | WAF_FUNCTIONS = [] | ||||||
| 
 | 
 | ||||||
|  | @ -41,7 +42,9 @@ def get_page(get=None, url=None, host=None, data=None): | ||||||
| 
 | 
 | ||||||
|     try: |     try: | ||||||
|         req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS) |         req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS) | ||||||
|         page = urllib2.urlopen(req, timeout=TIMEOUT).read() |         conn = urllib2.urlopen(req, timeout=TIMEOUT) | ||||||
|  |         page = conn.read() | ||||||
|  |         headers = conn.info() | ||||||
|     except Exception, ex: |     except Exception, ex: | ||||||
|         code = getattr(ex, "code", None) |         code = getattr(ex, "code", None) | ||||||
|         page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") |         page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") | ||||||
|  | @ -50,13 +53,21 @@ def get_page(get=None, url=None, host=None, data=None): | ||||||
| 
 | 
 | ||||||
|     return result |     return result | ||||||
| 
 | 
 | ||||||
|  | def colorize(message): | ||||||
|  |     if not subprocess.mswindows: | ||||||
|  |         message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message) | ||||||
|  |         message = message.replace("@sqlmap", "\033[00;96m@sqlmap\033[00;49m") | ||||||
|  |         message = message.replace(NAME, "\033[00;93m%s\033[00;49m" % NAME) | ||||||
|  | 
 | ||||||
|  |     return message | ||||||
|  | 
 | ||||||
| def main(): | def main(): | ||||||
|     global WAF_FUNCTIONS |     global WAF_FUNCTIONS | ||||||
| 
 | 
 | ||||||
|     print "%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR) |     print colorize("%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR)) | ||||||
| 
 | 
 | ||||||
|     if len(sys.argv) < 2: |     if len(sys.argv) < 2: | ||||||
|         exit("[x] usage: python %s <hostname>" % os.path.split(__file__)[-1]) |         exit(colorize("[x] usage: python %s <hostname>" % os.path.split(__file__)[-1])) | ||||||
| 
 | 
 | ||||||
|     cookie_jar = cookielib.CookieJar() |     cookie_jar = cookielib.CookieJar() | ||||||
|     opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar)) |     opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar)) | ||||||
|  | @ -79,17 +90,17 @@ def main(): | ||||||
|                 del sys.modules[filename[:-3]] |                 del sys.modules[filename[:-3]] | ||||||
|             module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8")) |             module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8")) | ||||||
|         except ImportError, msg: |         except ImportError, msg: | ||||||
|             exit("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg)) |             exit(colorize("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg))) | ||||||
| 
 | 
 | ||||||
|         _ = dict(inspect.getmembers(module)) |         _ = dict(inspect.getmembers(module)) | ||||||
|         if "detect" not in _: |         if "detect" not in _: | ||||||
|             exit("[x] missing function 'detect(get_page)' in WAF script '%s'" % found) |             exit(colorize("[x] missing function 'detect(get_page)' in WAF script '%s'" % found)) | ||||||
|         else: |         else: | ||||||
|             WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3]))) |             WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3]))) | ||||||
| 
 | 
 | ||||||
|     WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower()) |     WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower()) | ||||||
| 
 | 
 | ||||||
|     print "[i] %d (sqlmap's) WAF scripts loaded" % len(WAF_FUNCTIONS) |     print colorize("[i] %d WAF scripts loaded" % len(WAF_FUNCTIONS)) | ||||||
| 
 | 
 | ||||||
|     found = False |     found = False | ||||||
|     for function, product in WAF_FUNCTIONS: |     for function, product in WAF_FUNCTIONS: | ||||||
|  | @ -97,11 +108,11 @@ def main(): | ||||||
|             continue |             continue | ||||||
| 
 | 
 | ||||||
|         if function(get_page): |         if function(get_page): | ||||||
|             print "[!] WAF/IPS/IDS identified as '%s'" % product |             print colorize("[!] WAF/IPS/IDS identified as '%s'" % product) | ||||||
|             found = True |             found = True | ||||||
| 
 | 
 | ||||||
|     if not found: |     if not found: | ||||||
|         print "[o] nothing found" |         print colorize("[o] nothing found") | ||||||
| 
 | 
 | ||||||
| if __name__ == "__main__": | if __name__ == "__main__": | ||||||
|     main() |     main() | ||||||
|  |  | ||||||
|  | @ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME | ||||||
| from lib.core.enums import OS | from lib.core.enums import OS | ||||||
| 
 | 
 | ||||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||||
| VERSION = "1.2.8.24" | VERSION = "1.2.8.25" | ||||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||||
|  |  | ||||||
|  | @ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247  extra/shutils/newlines.py | ||||||
| 1e5532ede194ac9c083891c2f02bca93  extra/sqlharvest/__init__.py | 1e5532ede194ac9c083891c2f02bca93  extra/sqlharvest/__init__.py | ||||||
| b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py | b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py | ||||||
| 1e5532ede194ac9c083891c2f02bca93  extra/wafdetectify/__init__.py | 1e5532ede194ac9c083891c2f02bca93  extra/wafdetectify/__init__.py | ||||||
| cf646f49087ff56d752dc831d2245a51  extra/wafdetectify/wafdetectify.py | 85ca5478dc2bd9db40772e52dad2f84a  extra/wafdetectify/wafdetectify.py | ||||||
| 3459c562a6abb9b4bdcc36925f751f3e  lib/controller/action.py | 3459c562a6abb9b4bdcc36925f751f3e  lib/controller/action.py | ||||||
| 7493c782345a60f6c00c9281d51a494e  lib/controller/checks.py | 7493c782345a60f6c00c9281d51a494e  lib/controller/checks.py | ||||||
| c414cecdb0472c92cf50ed5b01e4438c  lib/controller/controller.py | c414cecdb0472c92cf50ed5b01e4438c  lib/controller/controller.py | ||||||
|  | @ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py | ||||||
| 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py | 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py | ||||||
| a7db43859b61569b601b97f187dd31c5  lib/core/revision.py | a7db43859b61569b601b97f187dd31c5  lib/core/revision.py | ||||||
| fcb74fcc9577523524659ec49e2e964b  lib/core/session.py | fcb74fcc9577523524659ec49e2e964b  lib/core/session.py | ||||||
| 4ecbe8858ce030877cb3e00f437ac87a  lib/core/settings.py | 13758369fddb4d7e791e989966908ee6  lib/core/settings.py | ||||||
| dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py | dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py | ||||||
| a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py | a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py | ||||||
| 815d1cf27f0f8738d81531e73149867d  lib/core/target.py | 815d1cf27f0f8738d81531e73149867d  lib/core/target.py | ||||||
|  | @ -415,7 +415,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6  waf/dosarrest.py | ||||||
| 7ec3f2a90914b501100685aa66aadf02  waf/edgecast.py | 7ec3f2a90914b501100685aa66aadf02  waf/edgecast.py | ||||||
| 954bebd4a246d8b88794de00ccaecd3b  waf/expressionengine.py | 954bebd4a246d8b88794de00ccaecd3b  waf/expressionengine.py | ||||||
| a2ce6cde682f78e1fd561dc40611877e  waf/fortiweb.py | a2ce6cde682f78e1fd561dc40611877e  waf/fortiweb.py | ||||||
| eb56ac34775cc3c5f721ec967d04b283  waf/generic.py | ade1299c435db7b9e35cf1166ed9d859  waf/generic.py | ||||||
| 1c70655551b8296ceeb19292a342e620  waf/hyperguard.py | 1c70655551b8296ceeb19292a342e620  waf/hyperguard.py | ||||||
| 51aed66945f95641cb45c840e7132e3b  waf/incapsula.py | 51aed66945f95641cb45c840e7132e3b  waf/incapsula.py | ||||||
| 1e5532ede194ac9c083891c2f02bca93  waf/__init__.py | 1e5532ede194ac9c083891c2f02bca93  waf/__init__.py | ||||||
|  |  | ||||||
|  | @ -26,7 +26,7 @@ def detect(get_page): | ||||||
| 
 | 
 | ||||||
|         if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))): |         if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))): | ||||||
|             if code is not None: |             if code is not None: | ||||||
|                 kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in headers.headers or [] if not _.startswith("URI")), page) |                 kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), page) | ||||||
| 
 | 
 | ||||||
|             retval = True |             retval = True | ||||||
|             break |             break | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user