From 89dfe4e1ac8ca77f44b8a9ff29cd95e6aada35ec Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 27 May 2016 11:58:18 +0200 Subject: [PATCH] Adding wallarm WAF script (and couple of other WAF script updates) --- lib/core/settings.py | 2 +- waf/anquanbao.py | 3 ++- waf/cloudflare.py | 3 ++- waf/modsecurity.py | 2 +- waf/varnish.py | 4 +++- waf/wallarm.py | 24 ++++++++++++++++++++++++ 6 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 waf/wallarm.py diff --git a/lib/core/settings.py b/lib/core/settings.py index b498576d7..ee517fa92 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.5.82" +VERSION = "1.0.5.85" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") diff --git a/waf/anquanbao.py b/waf/anquanbao.py index 319460de8..512819a9a 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -15,8 +15,9 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - _, headers, _ = get_page(get=vector) + page, headers, code = get_page(get=vector) retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None + retval |= code == 405 and "/aqb_cc/error/" in (page or "") if retval: break diff --git a/waf/cloudflare.py b/waf/cloudflare.py index dad80a122..82aab695a 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -16,10 +16,11 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - _, headers, _ = get_page(get=vector) + page, headers, code = get_page(get=vector) retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= headers.get("cf-ray") is not None + retval |= code == 403 and re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None if retval: break diff --git a/waf/modsecurity.py b/waf/modsecurity.py index f2685fdf3..5dd8b7f49 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -19,7 +19,7 @@ def detect(get_page): page, headers, code = get_page(get=vector) retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is None retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval |= "This error was generated by Mod_Security" in page + retval |= code == 406 and "This error was generated by Mod_Security" in page if retval: break diff --git a/waf/varnish.py b/waf/varnish.py index 434874100..b62a3b516 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -16,9 +16,11 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - _, headers, _ = get_page(get=vector) + page, headers, code = get_page(get=vector) retval = headers.get("X-Varnish") is not None retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None + retval |= re.search(r"varnish", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code == 404 and re.search(r"\bXID: \d+", page or "") is not None if retval: break diff --git a/waf/wallarm.py b/waf/wallarm.py new file mode 100644 index 000000000..1618007c4 --- /dev/null +++ b/waf/wallarm.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Wallarm Web Application Firewall (Wallarm)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + _, headers, _ = get_page(get=vector) + retval = re.search(r"nginx-wallarm", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + if retval: + break + + return retval