sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor patching of logics in WAF scripts

Browse Source
This commit is contained in:
Miroslav Stampar 2019-04-16 13:37:02 +02:00
parent faf154d2b3
commit 9043d9dd05
77 changed files with 96 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.4.12"
VERSION = "1.3.4.13"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

2
waf/360.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = headers.get("X-Powered-By-360wzb") is not None
retval |= headers.get("X-Powered-By-360wzb") is not None
retval |= code == 493 and "/wzws-waf-cgi/" in (page or "")
retval |= all(_ in (page or "") for _ in ("eventID", "If you are the Webmaster", "<title>493</title>"))
if retval:

2
waf/aesecure.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = headers.get("aeSecure-code") is not None
retval |= headers.get("aeSecure-code") is not None
retval |= all(_ in (page or "") for _ in ("aeSecure", "aesecure_denied.png"))
if retval:
break

2
waf/airlock.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\AAL[_-]?(SESS|LB)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\AAL[_-]?(SESS|LB)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= all(_ in (page or "") for _ in ("The server detected a syntax error in your request", "Check your request and all parameters", "Bad Request", "Your request ID was"))
if retval:
break

2
waf/anquanbao.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code == 405 and any(_ in (page or "") for _ in ("/aqb_cc/error/", "hidden_intercept_time"))
retval |= code == 405 and any(_ in (page or "") for _ in ("/aqb_cc/error/", "hidden_intercept_time"))
if retval:
break

2
waf/approach.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"Approach Web Application Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"Approach Web Application Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"Approach(</b>)? Web Application Firewall", page or "", re.I) is not None
retval |= " Your IP address has been logged and this information could be used by authorities to track you." in (page or "")
retval |= all(_ in (page or "") for _ in ("Sorry for the inconvenience!", "If this was an legitimate request please contact us with details!"))

2
waf/armor.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "This request has been blocked by website protection from Armor" in (page or "")
retval |= "This request has been blocked by website protection from Armor" in (page or "")
if retval:
break

2
waf/asm.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = "The requested URL was rejected. Please consult with your administrator." in (page or "")
retval |= "The requested URL was rejected. Please consult with your administrator." in (page or "")
retval |= all(_ in (page or "") for _ in ("security.f5aas.com", "Please enable JavaScript to view the page content"))
if retval:
break

2
waf/aws.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code == 403 and re.search(r"\bAWS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code == 403 and re.search(r"\bAWS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/barracuda.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= "when this page occurred and the event ID found at the bottom of the page" in (page or "")
if retval:

2
waf/bekchy.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("<title>Bekchy - Access Denided</title>", "<a class=\"btn\" href=\"https://bekchy.com/report\">"))
retval |= any(_ in (page or "") for _ in ("<title>Bekchy - Access Denided</title>", "<a class=\"btn\" href=\"https://bekchy.com/report\">"))
if retval:
break

2
waf/bitninja.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("alt=\"BitNinja|Security check by BitNinja", "your IP will be removed from BitNinja", "<title>Visitor anti-robot validation</title>"))
retval |= any(_ in (page or "") for _ in ("alt=\"BitNinja|Security check by BitNinja", "your IP will be removed from BitNinja", "<title>Visitor anti-robot validation</title>"))
if retval:
break

2
waf/bluedon.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"BDWAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"BDWAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"Bluedon Web Application Firewall", page or "", re.I) is not None
if retval:
break

2
waf/cerber.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("We're sorry, you are not allowed to proceed", "Your request looks suspicious or similar to automated requests from spam posting software"))
retval |= any(_ in (page or "") for _ in ("We're sorry, you are not allowed to proceed", "Your request looks suspicious or similar to automated requests from spam posting software"))
if retval:
break

2
waf/chinacache.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code >= 400 and headers.get("Powered-By-ChinaCache") is not None
retval |= code >= 400 and headers.get("Powered-By-ChinaCache") is not None
if retval:
break

2
waf/ciscoacexml.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

4
waf/cloudbric.py
View File

@ -14,6 +14,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
retval |= code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
if retval:
break
return retval

4
waf/cloudfront.py
View File

@ -14,9 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = all(_ in (page or "") for _ in ("Generated by cloudfront", "Request blocked"))
retval |= all(_ in (page or "") for _ in ("Generated by cloudfront", "Request blocked"))
if retval:
break

2
waf/comodo.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"Protected by COMODO WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"Protected by COMODO WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

4
waf/crawlprotect.py
View File

@ -14,7 +14,9 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, code = get_page(get=vector)
retval = code >= 400 and "This site is protected by CrawlProtect" in (page or "")
retval |= code >= 400 and "This site is protected by CrawlProtect" in (page or "")
retval |= "<title>CrawlProtect" in (page or "")
if retval:
break
return retval

2
waf/distil.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = headers.get("x-distil-cs") is not None
retval |= headers.get("x-distil-cs") is not None
retval |= any(_ in (page or "") for _ in ("distilCaptchaForm", "distilCallbackGuard", "cdn.distilnetworks.com/images/anomaly-detected.png"))
if retval:
break

2
waf/dotdefender.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = headers.get("X-dotDefender-denied", "") == "1"
retval |= headers.get("X-dotDefender-denied", "") == "1"
retval |= any(_ in (page or "") for _ in ("dotDefender Blocked Your Request", '<meta name="description" content="Applicure is the leading provider of web application security', "Please contact the site administrator, and provide the following Reference ID:"))
if retval:
break

2
waf/edgecast.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, code = get_page(get=vector)
retval = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/expressionengine.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = any((page or "").strip() == _ for _ in ("Invalid GET Data", "Invalid URI")) and re.search(r"\bexp_last_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= any((page or "").strip() == _ for _ in ("Invalid GET Data", "Invalid URI")) and re.search(r"\bexp_last_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval:
break

2
waf/fortiweb.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= all(_ in (page or "") for _ in (".fgd_icon", ".blocked", ".authenticate"))
if retval:
break

4
waf/godaddy.py
View File

@ -14,6 +14,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("Access Denied - GoDaddy Website Firewall", "<title>GoDaddy Security - Access Denied</title>"))
retval |= any(_ in (page or "") for _ in ("Access Denied - GoDaddy Website Firewall", "<title>GoDaddy Security - Access Denied</title>"))
if retval:
break
return retval

2
waf/greywizard.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\Agreywizard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\Agreywizard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("We've detected attempted attack or non standard traffic from your IP address", "<title>Grey Wizard</title>"))
if retval:
break

4
waf/imunify360.py
View File

@ -17,8 +17,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\Aimunify360", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval = any(_ in (page or "") for _ in ("protected by Imunify360", "Powered by Imunify360", "imunify360 preloader"))
retval |= re.search(r"\Aimunify360", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("protected by Imunify360", "Powered by Imunify360", "imunify360 preloader"))
if retval:
break

2
waf/incapsula.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None
retval |= "Incapsula incident ID" in (page or "")
retval |= all(_ in (page or "") for _ in ("Error code 15", "This request was blocked by the security rules"))

2
waf/janusec.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = all(_ in (page or "") for _ in ("Reason:", "by Janusec Application Gateway"))
retval |= all(_ in (page or "") for _ in ("Reason:", "by Janusec Application Gateway"))
if retval:
break

2
waf/jiasule.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"jsl_tracking", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page or "", re.I) is not None

2
waf/knownsec.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = re.search(r"url\('/ks-waf-error\.png'\)", page or "", re.I) is not None
retval |= re.search(r"url\('/ks-waf-error\.png'\)", page or "", re.I) is not None
if retval:
break

2
waf/kona.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

4
waf/malcare.py
View File

@ -16,7 +16,9 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "Blocked because of Malicious Activities" in (page or "")
retval |= "Blocked because of Malicious Activities" in (page or "")
retval |= re.search(r"Firewall(<[^>]+>)*powered by(<[^>]+>)*MalCare", page or "") is not None
if retval:
break
return retval

2
waf/modsecurity.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "Protected by Mod Security"))
if retval:
break

2
waf/naxsi.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"naxsi/waf", headers.get(HTTP_HEADER.X_DATA_ORIGIN, ""), re.I) is not None
retval |= re.search(r"naxsi/waf", headers.get(HTTP_HEADER.X_DATA_ORIGIN, ""), re.I) is not None
if retval:
break

2
waf/newdefend.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"NewDefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"NewDefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("/nd_block/", "http://www.newdefend.com/feedback/misinformation/"))
if retval:
break

4
waf/ninjafirewall.py
View File

@ -14,7 +14,9 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "<title>NinjaFirewall: 403 Forbidden" in (page or "")
retval |= "<title>NinjaFirewall: 403 Forbidden" in (page or "")
retval |= all(_ in (page or "") for _ in ("For security reasons, it was blocked and logged", "NinjaFirewall"))
if retval:
break
return retval

2
waf/onmessageshield.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"onMessage Shield", headers.get("X-Engine", ""), re.I) is not None
retval |= re.search(r"onMessage Shield", headers.get("X-Engine", ""), re.I) is not None
retval |= "This site is protected by an enhanced security system to ensure a safe browsing experience" in (page or "")
retval |= "onMessage SHIELD" in (page or "")
if retval:

2
waf/paloalto.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = re.search(r"has been blocked in accordance with company policy", page or "", re.I) is not None
retval |= re.search(r"has been blocked in accordance with company policy", page or "", re.I) is not None
retval |= all(_ in (page or "") for _ in ("Palo Alto Next Generation Security Platform", "Download Blocked"))
if retval:
break

4
waf/perimeterx.py
View File

@ -14,6 +14,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "https://www.perimeterx.com/whywasiblocked" in (page or "")
retval |= "https://www.perimeterx.com/whywasiblocked" in (page or "")
if retval:
break
return retval

2
waf/profense.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"Profense", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/radware.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page or "", re.I | re.S) is not None
retval |= re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page or "", re.I | re.S) is not None
retval |= headers.get("X-SL-CompState") is not None
if retval:
break

2
waf/reblaze.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"Reblaze Secure Web Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= all(_ in (page or "") for _ in ("Current session has been terminated", "For further information, do not hesitate to contact us", "Access denied (403)"))
if retval:

2
waf/requestvalidationmode.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, code = get_page(get=vector)
retval = "ASP.NET has detected data in the request that is potentially dangerous" in (page or "")
retval |= "ASP.NET has detected data in the request that is potentially dangerous" in (page or "")
retval |= "Request Validation has detected a potentially dangerous client input value" in (page or "")
retval |= code == 500 and "HttpRequestValidationException" in page
if retval:

4
waf/rsfirewall.py
View File

@ -14,6 +14,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("COM_RSFIREWALL_403_FORBIDDEN", "COM_RSFIREWALL_EVENT"))
retval |= any(_ in (page or "") for _ in ("COM_RSFIREWALL_403_FORBIDDEN", "COM_RSFIREWALL_EVENT"))
if retval:
break
return retval

2
waf/safe3.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
retval |= re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= all(_ in (page or "") for _ in ("403 Forbidden", "Safe3waf/"))
if retval:

2
waf/safedog.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
retval |= re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
retval |= re.search(r"Safedog", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"safedog", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("safedogsite/broswer_logo.jpg", "404.safedog.cn/sitedog_stat.html"))

2
waf/safeline.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = all(_ in (page or "") for _ in ("SafeLine", "<!-- event_id:"))
retval |= all(_ in (page or "") for _ in ("SafeLine", "<!-- event_id:"))
if retval:
break

2
waf/secureentry.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/secureiis.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = re.search(r"SecureIIS[^<]+Web Server Protection", page or "") is not None
retval |= re.search(r"SecureIIS[^<]+Web Server Protection", page or "") is not None
retval |= "http://www.eeye.com/SecureIIS/" in (page or "")
retval |= re.search(r"\?subject=[^>]*SecureIIS Error", page or "") is not None
if retval:

2
waf/securesphere.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = re.search(r"<H2>Error</H2>.+?#FEEE7A.+?<STRONG>Error</STRONG>|Contact support for additional information.<br/>The incident ID is: (\\d{19}|N/A)", page or "", re.I) is not None
retval |= re.search(r"<H2>Error</H2>.+?#FEEE7A.+?<STRONG>Error</STRONG>|Contact support for additional information.<br/>The incident ID is: (\\d{19}|N/A)", page or "", re.I) is not None
if retval:
break

2
waf/senginx.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "SENGINX-ROBOT-MITIGATION" in (page or "")
retval |= "SENGINX-ROBOT-MITIGATION" in (page or "")
if retval:
break

4
waf/shieldsecurity.py
View File

@ -14,6 +14,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "Something in the URL, Form or Cookie data wasn't appropriate" in (page or "")
retval |= "Something in the URL, Form or Cookie data wasn't appropriate" in (page or "")
if retval:
break
return retval

2
waf/siteground.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "The page you are trying to access is restricted due to a security rule" in (page or "")
retval |= "The page you are trying to access is restricted due to a security rule" in (page or "")
if retval:
break

2
waf/siteguard.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("Powered by SiteGuard", "The server refuse to browse the page"))
retval |= any(_ in (page or "") for _ in ("Powered by SiteGuard", "The server refuse to browse the page"))
if retval:
break

2
waf/sitelock.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("SiteLock Incident ID", '<span class="value INCIDENT_ID">'))
retval |= any(_ in (page or "") for _ in ("SiteLock Incident ID", '<span class="value INCIDENT_ID">'))
if retval:
break

2
waf/sonicwall.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = "This request is blocked by the SonicWALL" in (page or "")
retval |= "This request is blocked by the SonicWALL" in (page or "")
retval |= all(_ in (page or "") for _ in ("#shd", "#nsa_banner"))
retval |= re.search(r"Web Site Blocked.+\bnsa_banner", page or "", re.I) is not None
retval |= re.search(r"SonicWALL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None

2
waf/sophos.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = "Powered by UTM Web Protection" in (page or "")
retval |= "Powered by UTM Web Protection" in (page or "")
if retval:
break

2
waf/squarespace.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = all(_ in (page or "") for _ in ("BRICK-50", " @ ", "404 Not Found"))
retval |= all(_ in (page or "") for _ in ("BRICK-50", " @ ", "404 Not Found"))
if retval:
break

2
waf/stackpath.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = all(_ in (page or "") for _ in ("You performed an action that triggered the service and blocked your request",))
retval |= all(_ in (page or "") for _ in ("You performed an action that triggered the service and blocked your request",))
if retval:
break

2
waf/sucuri.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= "Access Denied - Sucuri Website Firewall" in (page or "")
retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "")
retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None

2
waf/tencent.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, code = get_page(get=vector)
retval = code == 405 and "waf.tencent-cloud.com" in (page or "")
retval |= code == 405 and "waf.tencent-cloud.com" in (page or "")
if retval:
break

2
waf/trafficshield.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\AASINFO=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval:
break

2
waf/urlmaster.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, code = get_page(get=vector)
retval = code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
retval |= code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
if retval:
break

2
waf/urlscan.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None
retval |= re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None
retval |= code != 200 and re.search(r"/Rejected-By-UrlScan", page or "", re.I) is not None
if retval:
break

2
waf/varnish.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, code = get_page(get=vector)
retval = code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
if retval:
break

4
waf/virusdie.py
View File

@ -14,6 +14,8 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("| Virusdie</title>", "http://cdn.virusdie.ru/splash/firewallstop.png", "&copy; Virusdie.ru</p>", '<meta name="FW_BLOCK"'))
retval |= any(_ in (page or "") for _ in ("| Virusdie</title>", "http://cdn.virusdie.ru/splash/firewallstop.png", "&copy; Virusdie.ru</p>", '<meta name="FW_BLOCK"'))
if retval:
break
return retval

2
waf/wallarm.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"nginx-wallarm", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"nginx-wallarm", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/watchguard.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= "Request denied by WatchGuard Firewall" in (page or "")
if retval:
break

2
waf/webknight.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code == 999
retval |= code == 999
retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("WebKnight Application Firewall Alert", "AQTRONIX WebKnight"))
if retval:

2
waf/webseal.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"WebSEAL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"WebSEAL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("This is a WebSEAL error message template file", "The Access Manager WebSEAL server received an invalid HTTP request"))
if retval:
break

2
waf/wordfence.py
View File

@ -14,7 +14,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
retval = any(_ in (page or "") for _ in ("A potentially unsafe operation has been detected in your request to this site", "Generated by Wordfence", "Your access to this site has been limited", "This response was generated by Wordfence"))
retval |= any(_ in (page or "") for _ in ("A potentially unsafe operation has been detected in your request to this site", "Generated by Wordfence", "Your access to this site has been limited", "This response was generated by Wordfence"))
if retval:
break

2
waf/wts.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = ">WTS-WAF" in (page or "")
retval |= ">WTS-WAF" in (page or "")
retval |= re.search(r"\Awts/", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

2
waf/yundun.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"YUNDUN", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"YUNDUN", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"YUNDUN", headers.get("X-Cache", ""), re.I) is not None
retval |= "Blocked by YUNDUN Cloud WAF" in (page or "")
if retval:

2
waf/yunsuo.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = re.search(r"<img class=\"yunsuologo\"", page, re.I) is not None
retval |= re.search(r"<img class=\"yunsuologo\"", page, re.I) is not None
retval |= re.search(r"yunsuo_session", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval:
break

2
waf/zenedge.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/"))
if retval:
break