diff --git a/lib/core/settings.py b/lib/core/settings.py index 89512e3c3..bd4a25fbe 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.4.12" +VERSION = "1.3.4.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/waf/360.py b/waf/360.py index d801b66fb..0953434aa 100644 --- a/waf/360.py +++ b/waf/360.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = headers.get("X-Powered-By-360wzb") is not None + retval |= headers.get("X-Powered-By-360wzb") is not None retval |= code == 493 and "/wzws-waf-cgi/" in (page or "") retval |= all(_ in (page or "") for _ in ("eventID", "If you are the Webmaster", "493")) if retval: diff --git a/waf/aesecure.py b/waf/aesecure.py index 980d3bfeb..5b871463d 100644 --- a/waf/aesecure.py +++ b/waf/aesecure.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = headers.get("aeSecure-code") is not None + retval |= headers.get("aeSecure-code") is not None retval |= all(_ in (page or "") for _ in ("aeSecure", "aesecure_denied.png")) if retval: break diff --git a/waf/airlock.py b/waf/airlock.py index a6ffbd749..5a6990961 100644 --- a/waf/airlock.py +++ b/waf/airlock.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"\AAL[_-]?(SESS|LB)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\AAL[_-]?(SESS|LB)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= all(_ in (page or "") for _ in ("The server detected a syntax error in your request", "Check your request and all parameters", "Bad Request", "Your request ID was")) if retval: break diff --git a/waf/anquanbao.py b/waf/anquanbao.py index 24a528e17..33b2dcd5d 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code == 405 and any(_ in (page or "") for _ in ("/aqb_cc/error/", "hidden_intercept_time")) + retval |= code == 405 and any(_ in (page or "") for _ in ("/aqb_cc/error/", "hidden_intercept_time")) if retval: break diff --git a/waf/approach.py b/waf/approach.py index cdb58d863..fe7103b85 100644 --- a/waf/approach.py +++ b/waf/approach.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"Approach Web Application Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"Approach Web Application Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"Approach()? Web Application Firewall", page or "", re.I) is not None retval |= " Your IP address has been logged and this information could be used by authorities to track you." in (page or "") retval |= all(_ in (page or "") for _ in ("Sorry for the inconvenience!", "If this was an legitimate request please contact us with details!")) diff --git a/waf/armor.py b/waf/armor.py index 6f8e79ea1..6f20b7806 100644 --- a/waf/armor.py +++ b/waf/armor.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "This request has been blocked by website protection from Armor" in (page or "") + retval |= "This request has been blocked by website protection from Armor" in (page or "") if retval: break diff --git a/waf/asm.py b/waf/asm.py index cbbb31a00..dbd105b20 100644 --- a/waf/asm.py +++ b/waf/asm.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = "The requested URL was rejected. Please consult with your administrator." in (page or "") + retval |= "The requested URL was rejected. Please consult with your administrator." in (page or "") retval |= all(_ in (page or "") for _ in ("security.f5aas.com", "Please enable JavaScript to view the page content")) if retval: break diff --git a/waf/aws.py b/waf/aws.py index 0d577fefa..cc2137dda 100644 --- a/waf/aws.py +++ b/waf/aws.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code == 403 and re.search(r"\bAWS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code == 403 and re.search(r"\bAWS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/barracuda.py b/waf/barracuda.py index 33b72e2d6..8305d6eb3 100644 --- a/waf/barracuda.py +++ b/waf/barracuda.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= "when this page occurred and the event ID found at the bottom of the page" in (page or "") if retval: diff --git a/waf/bekchy.py b/waf/bekchy.py index 4bd8ba8f4..0db7b2d27 100644 --- a/waf/bekchy.py +++ b/waf/bekchy.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("Bekchy - Access Denided", "")) + retval |= any(_ in (page or "") for _ in ("Bekchy - Access Denided", "")) if retval: break diff --git a/waf/bitninja.py b/waf/bitninja.py index 7fb14017f..fc82310a6 100644 --- a/waf/bitninja.py +++ b/waf/bitninja.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("alt=\"BitNinja|Security check by BitNinja", "your IP will be removed from BitNinja", "Visitor anti-robot validation")) + retval |= any(_ in (page or "") for _ in ("alt=\"BitNinja|Security check by BitNinja", "your IP will be removed from BitNinja", "Visitor anti-robot validation")) if retval: break diff --git a/waf/bluedon.py b/waf/bluedon.py index 3ddd3960e..2ae369042 100644 --- a/waf/bluedon.py +++ b/waf/bluedon.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"BDWAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"BDWAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"Bluedon Web Application Firewall", page or "", re.I) is not None if retval: break diff --git a/waf/cerber.py b/waf/cerber.py index a05060271..404b4eed4 100644 --- a/waf/cerber.py +++ b/waf/cerber.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("We're sorry, you are not allowed to proceed", "Your request looks suspicious or similar to automated requests from spam posting software")) + retval |= any(_ in (page or "") for _ in ("We're sorry, you are not allowed to proceed", "Your request looks suspicious or similar to automated requests from spam posting software")) if retval: break diff --git a/waf/chinacache.py b/waf/chinacache.py index f7369b04e..35fc66c1b 100644 --- a/waf/chinacache.py +++ b/waf/chinacache.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code >= 400 and headers.get("Powered-By-ChinaCache") is not None + retval |= code >= 400 and headers.get("Powered-By-ChinaCache") is not None if retval: break diff --git a/waf/ciscoacexml.py b/waf/ciscoacexml.py index e9c017720..7ab2d9b4b 100644 --- a/waf/ciscoacexml.py +++ b/waf/ciscoacexml.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval = re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/cloudbric.py b/waf/cloudbric.py index 78d4a1777..8693009e6 100644 --- a/waf/cloudbric.py +++ b/waf/cloudbric.py @@ -14,6 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected")) + retval |= code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected")) + if retval: + break return retval diff --git a/waf/cloudfront.py b/waf/cloudfront.py index fe5921f0d..8c1e22ceb 100644 --- a/waf/cloudfront.py +++ b/waf/cloudfront.py @@ -14,9 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - - retval = all(_ in (page or "") for _ in ("Generated by cloudfront", "Request blocked")) - + retval |= all(_ in (page or "") for _ in ("Generated by cloudfront", "Request blocked")) if retval: break diff --git a/waf/comodo.py b/waf/comodo.py index 12cb108ff..786db3059 100644 --- a/waf/comodo.py +++ b/waf/comodo.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval = re.search(r"Protected by COMODO WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"Protected by COMODO WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/crawlprotect.py b/waf/crawlprotect.py index 2e14828ad..975480a1b 100644 --- a/waf/crawlprotect.py +++ b/waf/crawlprotect.py @@ -14,7 +14,9 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, code = get_page(get=vector) - retval = code >= 400 and "This site is protected by CrawlProtect" in (page or "") + retval |= code >= 400 and "This site is protected by CrawlProtect" in (page or "") retval |= "CrawlProtect" in (page or "") + if retval: + break return retval diff --git a/waf/distil.py b/waf/distil.py index 210779400..b2b6e2602 100644 --- a/waf/distil.py +++ b/waf/distil.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = headers.get("x-distil-cs") is not None + retval |= headers.get("x-distil-cs") is not None retval |= any(_ in (page or "") for _ in ("distilCaptchaForm", "distilCallbackGuard", "cdn.distilnetworks.com/images/anomaly-detected.png")) if retval: break diff --git a/waf/dotdefender.py b/waf/dotdefender.py index b6b1999d4..a7b8ad555 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = headers.get("X-dotDefender-denied", "") == "1" + retval |= headers.get("X-dotDefender-denied", "") == "1" retval |= any(_ in (page or "") for _ in ("dotDefender Blocked Your Request", '<meta name="description" content="Applicure is the leading provider of web application security', "Please contact the site administrator, and provide the following Reference ID:")) if retval: break diff --git a/waf/edgecast.py b/waf/edgecast.py index 7964a7ba5..ea3b4dd57 100644 --- a/waf/edgecast.py +++ b/waf/edgecast.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, code = get_page(get=vector) - retval = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/expressionengine.py b/waf/expressionengine.py index 53e1f14f4..9b1589173 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = any((page or "").strip() == _ for _ in ("Invalid GET Data", "Invalid URI")) and re.search(r"\bexp_last_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= any((page or "").strip() == _ for _ in ("Invalid GET Data", "Invalid URI")) and re.search(r"\bexp_last_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/fortiweb.py b/waf/fortiweb.py index 34af5972f..0af1290f6 100644 --- a/waf/fortiweb.py +++ b/waf/fortiweb.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= all(_ in (page or "") for _ in (".fgd_icon", ".blocked", ".authenticate")) if retval: break diff --git a/waf/godaddy.py b/waf/godaddy.py index cfba8cf62..6ccef66b7 100644 --- a/waf/godaddy.py +++ b/waf/godaddy.py @@ -14,6 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("Access Denied - GoDaddy Website Firewall", "<title>GoDaddy Security - Access Denied")) + retval |= any(_ in (page or "") for _ in ("Access Denied - GoDaddy Website Firewall", "GoDaddy Security - Access Denied")) + if retval: + break return retval diff --git a/waf/greywizard.py b/waf/greywizard.py index ff38fc329..b39b36288 100644 --- a/waf/greywizard.py +++ b/waf/greywizard.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"\Agreywizard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"\Agreywizard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= any(_ in (page or "") for _ in ("We've detected attempted attack or non standard traffic from your IP address", "Grey Wizard")) if retval: break diff --git a/waf/imunify360.py b/waf/imunify360.py index 0fd8d604c..9826ed919 100644 --- a/waf/imunify360.py +++ b/waf/imunify360.py @@ -17,8 +17,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"\Aimunify360", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval = any(_ in (page or "") for _ in ("protected by Imunify360", "Powered by Imunify360", "imunify360 preloader")) + retval |= re.search(r"\Aimunify360", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= any(_ in (page or "") for _ in ("protected by Imunify360", "Powered by Imunify360", "imunify360 preloader")) if retval: break diff --git a/waf/incapsula.py b/waf/incapsula.py index 720f9efa5..97ba89e09 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None retval |= "Incapsula incident ID" in (page or "") retval |= all(_ in (page or "") for _ in ("Error code 15", "This request was blocked by the security rules")) diff --git a/waf/janusec.py b/waf/janusec.py index 43ed78ede..05228895f 100644 --- a/waf/janusec.py +++ b/waf/janusec.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = all(_ in (page or "") for _ in ("Reason:", "by Janusec Application Gateway")) + retval |= all(_ in (page or "") for _ in ("Reason:", "by Janusec Application Gateway")) if retval: break diff --git a/waf/jiasule.py b/waf/jiasule.py index 42be6b500..9f592503b 100644 --- a/waf/jiasule.py +++ b/waf/jiasule.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"jsl_tracking", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page or "", re.I) is not None diff --git a/waf/knownsec.py b/waf/knownsec.py index 91b807e25..bb8116f24 100644 --- a/waf/knownsec.py +++ b/waf/knownsec.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"url\('/ks-waf-error\.png'\)", page or "", re.I) is not None + retval |= re.search(r"url\('/ks-waf-error\.png'\)", page or "", re.I) is not None if retval: break diff --git a/waf/kona.py b/waf/kona.py index 21f9bc424..59a4c3d1a 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/malcare.py b/waf/malcare.py index 8932a4608..4dad73739 100644 --- a/waf/malcare.py +++ b/waf/malcare.py @@ -16,7 +16,9 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "Blocked because of Malicious Activities" in (page or "") + retval |= "Blocked because of Malicious Activities" in (page or "") retval |= re.search(r"Firewall(<[^>]+>)*powered by(<[^>]+>)*MalCare", page or "") is not None + if retval: + break return retval diff --git a/waf/modsecurity.py b/waf/modsecurity.py index 5a0b27783..9c619c0b9 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "Protected by Mod Security")) if retval: break diff --git a/waf/naxsi.py b/waf/naxsi.py index b714f4528..5423b0b6f 100644 --- a/waf/naxsi.py +++ b/waf/naxsi.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval = re.search(r"naxsi/waf", headers.get(HTTP_HEADER.X_DATA_ORIGIN, ""), re.I) is not None + retval |= re.search(r"naxsi/waf", headers.get(HTTP_HEADER.X_DATA_ORIGIN, ""), re.I) is not None if retval: break diff --git a/waf/newdefend.py b/waf/newdefend.py index 9291821df..2984d26ac 100644 --- a/waf/newdefend.py +++ b/waf/newdefend.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"NewDefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"NewDefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= any(_ in (page or "") for _ in ("/nd_block/", "http://www.newdefend.com/feedback/misinformation/")) if retval: break diff --git a/waf/ninjafirewall.py b/waf/ninjafirewall.py index 001702d89..126d72f04 100644 --- a/waf/ninjafirewall.py +++ b/waf/ninjafirewall.py @@ -14,7 +14,9 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "NinjaFirewall: 403 Forbidden" in (page or "") + retval |= "<title>NinjaFirewall: 403 Forbidden" in (page or "") retval |= all(_ in (page or "") for _ in ("For security reasons, it was blocked and logged", "NinjaFirewall")) + if retval: + break return retval diff --git a/waf/onmessageshield.py b/waf/onmessageshield.py index c3f23d031..9b0df5426 100644 --- a/waf/onmessageshield.py +++ b/waf/onmessageshield.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"onMessage Shield", headers.get("X-Engine", ""), re.I) is not None + retval |= re.search(r"onMessage Shield", headers.get("X-Engine", ""), re.I) is not None retval |= "This site is protected by an enhanced security system to ensure a safe browsing experience" in (page or "") retval |= "onMessage SHIELD" in (page or "") if retval: diff --git a/waf/paloalto.py b/waf/paloalto.py index b0aefc53d..56944f4d6 100644 --- a/waf/paloalto.py +++ b/waf/paloalto.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"has been blocked in accordance with company policy", page or "", re.I) is not None + retval |= re.search(r"has been blocked in accordance with company policy", page or "", re.I) is not None retval |= all(_ in (page or "") for _ in ("Palo Alto Next Generation Security Platform", "Download Blocked")) if retval: break diff --git a/waf/perimeterx.py b/waf/perimeterx.py index 9d7a59606..d8415292f 100644 --- a/waf/perimeterx.py +++ b/waf/perimeterx.py @@ -14,6 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "https://www.perimeterx.com/whywasiblocked" in (page or "") + retval |= "https://www.perimeterx.com/whywasiblocked" in (page or "") + if retval: + break return retval diff --git a/waf/profense.py b/waf/profense.py index b8b8e9609..22c6592e7 100644 --- a/waf/profense.py +++ b/waf/profense.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval = re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Profense", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/radware.py b/waf/radware.py index 2b3f834ad..a233ddaab 100644 --- a/waf/radware.py +++ b/waf/radware.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page or "", re.I | re.S) is not None + retval |= re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page or "", re.I | re.S) is not None retval |= headers.get("X-SL-CompState") is not None if retval: break diff --git a/waf/reblaze.py b/waf/reblaze.py index 85f6f12ff..60cc80fab 100644 --- a/waf/reblaze.py +++ b/waf/reblaze.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Reblaze Secure Web Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= all(_ in (page or "") for _ in ("Current session has been terminated", "For further information, do not hesitate to contact us", "Access denied (403)")) if retval: diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py index 7bec15a27..94c4ef03d 100644 --- a/waf/requestvalidationmode.py +++ b/waf/requestvalidationmode.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, code = get_page(get=vector) - retval = "ASP.NET has detected data in the request that is potentially dangerous" in (page or "") + retval |= "ASP.NET has detected data in the request that is potentially dangerous" in (page or "") retval |= "Request Validation has detected a potentially dangerous client input value" in (page or "") retval |= code == 500 and "HttpRequestValidationException" in page if retval: diff --git a/waf/rsfirewall.py b/waf/rsfirewall.py index de9a5ed47..adbdb232c 100644 --- a/waf/rsfirewall.py +++ b/waf/rsfirewall.py @@ -14,6 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("COM_RSFIREWALL_403_FORBIDDEN", "COM_RSFIREWALL_EVENT")) + retval |= any(_ in (page or "") for _ in ("COM_RSFIREWALL_403_FORBIDDEN", "COM_RSFIREWALL_EVENT")) + if retval: + break return retval diff --git a/waf/safe3.py b/waf/safe3.py index ed2496f34..487a0b330 100644 --- a/waf/safe3.py +++ b/waf/safe3.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None + retval |= re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= all(_ in (page or "") for _ in ("403 Forbidden", "Safe3waf/")) if retval: diff --git a/waf/safedog.py b/waf/safedog.py index cedd59c4d..448aaa5e2 100644 --- a/waf/safedog.py +++ b/waf/safedog.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None + retval |= re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval |= re.search(r"Safedog", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"safedog", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= any(_ in (page or "") for _ in ("safedogsite/broswer_logo.jpg", "404.safedog.cn/sitedog_stat.html")) diff --git a/waf/safeline.py b/waf/safeline.py index 7058832d1..aaf59154e 100644 --- a/waf/safeline.py +++ b/waf/safeline.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = all(_ in (page or "") for _ in ("SafeLine", "<!-- event_id:")) + retval |= all(_ in (page or "") for _ in ("SafeLine", "<!-- event_id:")) if retval: break diff --git a/waf/secureentry.py b/waf/secureentry.py index e0c46646f..8160f9e05 100644 --- a/waf/secureentry.py +++ b/waf/secureentry.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/secureiis.py b/waf/secureiis.py index 6f4968495..5202cfc26 100644 --- a/waf/secureiis.py +++ b/waf/secureiis.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"SecureIIS[^<]+Web Server Protection", page or "") is not None + retval |= re.search(r"SecureIIS[^<]+Web Server Protection", page or "") is not None retval |= "http://www.eeye.com/SecureIIS/" in (page or "") retval |= re.search(r"\?subject=[^>]*SecureIIS Error", page or "") is not None if retval: diff --git a/waf/securesphere.py b/waf/securesphere.py index be73464d8..cdd6d0a40 100644 --- a/waf/securesphere.py +++ b/waf/securesphere.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"<H2>Error</H2>.+?#FEEE7A.+?<STRONG>Error</STRONG>|Contact support for additional information.<br/>The incident ID is: (\\d{19}|N/A)", page or "", re.I) is not None + retval |= re.search(r"<H2>Error</H2>.+?#FEEE7A.+?<STRONG>Error</STRONG>|Contact support for additional information.<br/>The incident ID is: (\\d{19}|N/A)", page or "", re.I) is not None if retval: break diff --git a/waf/senginx.py b/waf/senginx.py index 3700a5f36..244a9a045 100644 --- a/waf/senginx.py +++ b/waf/senginx.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "SENGINX-ROBOT-MITIGATION" in (page or "") + retval |= "SENGINX-ROBOT-MITIGATION" in (page or "") if retval: break diff --git a/waf/shieldsecurity.py b/waf/shieldsecurity.py index a757620a1..fdbc750fa 100644 --- a/waf/shieldsecurity.py +++ b/waf/shieldsecurity.py @@ -14,6 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "Something in the URL, Form or Cookie data wasn't appropriate" in (page or "") + retval |= "Something in the URL, Form or Cookie data wasn't appropriate" in (page or "") + if retval: + break return retval diff --git a/waf/siteground.py b/waf/siteground.py index 967a9f44d..075cc5b1c 100644 --- a/waf/siteground.py +++ b/waf/siteground.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "The page you are trying to access is restricted due to a security rule" in (page or "") + retval |= "The page you are trying to access is restricted due to a security rule" in (page or "") if retval: break diff --git a/waf/siteguard.py b/waf/siteguard.py index 586dfee3b..34179ffaa 100644 --- a/waf/siteguard.py +++ b/waf/siteguard.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("Powered by SiteGuard", "The server refuse to browse the page")) + retval |= any(_ in (page or "") for _ in ("Powered by SiteGuard", "The server refuse to browse the page")) if retval: break diff --git a/waf/sitelock.py b/waf/sitelock.py index aa532d389..b218ea5d9 100644 --- a/waf/sitelock.py +++ b/waf/sitelock.py @@ -15,7 +15,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("SiteLock Incident ID", '<span class="value INCIDENT_ID">')) + retval |= any(_ in (page or "") for _ in ("SiteLock Incident ID", '<span class="value INCIDENT_ID">')) if retval: break diff --git a/waf/sonicwall.py b/waf/sonicwall.py index 2ddaa995b..bd8e9a89e 100644 --- a/waf/sonicwall.py +++ b/waf/sonicwall.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = "This request is blocked by the SonicWALL" in (page or "") + retval |= "This request is blocked by the SonicWALL" in (page or "") retval |= all(_ in (page or "") for _ in ("#shd", "#nsa_banner")) retval |= re.search(r"Web Site Blocked.+\bnsa_banner", page or "", re.I) is not None retval |= re.search(r"SonicWALL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None diff --git a/waf/sophos.py b/waf/sophos.py index 35c101659..b0063d199 100644 --- a/waf/sophos.py +++ b/waf/sophos.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "Powered by UTM Web Protection" in (page or "") + retval |= "Powered by UTM Web Protection" in (page or "") if retval: break diff --git a/waf/squarespace.py b/waf/squarespace.py index 94ddff714..69bea6782 100644 --- a/waf/squarespace.py +++ b/waf/squarespace.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = all(_ in (page or "") for _ in ("BRICK-50", " @ ", "404 Not Found")) + retval |= all(_ in (page or "") for _ in ("BRICK-50", " @ ", "404 Not Found")) if retval: break diff --git a/waf/stackpath.py b/waf/stackpath.py index 212125b05..a4c46809f 100644 --- a/waf/stackpath.py +++ b/waf/stackpath.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = all(_ in (page or "") for _ in ("You performed an action that triggered the service and blocked your request",)) + retval |= all(_ in (page or "") for _ in ("You performed an action that triggered the service and blocked your request",)) if retval: break diff --git a/waf/sucuri.py b/waf/sucuri.py index 837e7820c..172dae0be 100644 --- a/waf/sucuri.py +++ b/waf/sucuri.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= "Access Denied - Sucuri Website Firewall" in (page or "") retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "") retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None diff --git a/waf/tencent.py b/waf/tencent.py index c068c6a1f..f9eb6a2e0 100644 --- a/waf/tencent.py +++ b/waf/tencent.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, code = get_page(get=vector) - retval = code == 405 and "waf.tencent-cloud.com" in (page or "") + retval |= code == 405 and "waf.tencent-cloud.com" in (page or "") if retval: break diff --git a/waf/trafficshield.py b/waf/trafficshield.py index 3b642255a..89e109977 100644 --- a/waf/trafficshield.py +++ b/waf/trafficshield.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval = re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\AASINFO=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/urlmaster.py b/waf/urlmaster.py index 55fdbcbc1..95cecabe6 100644 --- a/waf/urlmaster.py +++ b/waf/urlmaster.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, code = get_page(get=vector) - retval = code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck")) + retval |= code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck")) if retval: break diff --git a/waf/urlscan.py b/waf/urlscan.py index 523ba5389..d2a5c0b0c 100644 --- a/waf/urlscan.py +++ b/waf/urlscan.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None + retval |= re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None retval |= code != 200 and re.search(r"/Rejected-By-UrlScan", page or "", re.I) is not None if retval: break diff --git a/waf/varnish.py b/waf/varnish.py index 440937a29..8c8690357 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, code = get_page(get=vector) - retval = code >= 400 and "Request rejected by xVarnish-WAF" in (page or "") + retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "") if retval: break diff --git a/waf/virusdie.py b/waf/virusdie.py index 2f5bd77da..6cc8e5a93 100644 --- a/waf/virusdie.py +++ b/waf/virusdie.py @@ -14,6 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("| Virusdie", "http://cdn.virusdie.ru/splash/firewallstop.png", "© Virusdie.ru

", '", "http://cdn.virusdie.ru/splash/firewallstop.png", "© Virusdie.ru

", '= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= "Request denied by WatchGuard Firewall" in (page or "") if retval: break diff --git a/waf/webknight.py b/waf/webknight.py index f4141686b..40471dd7f 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code == 999 + retval |= code == 999 retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= any(_ in (page or "") for _ in ("WebKnight Application Firewall Alert", "AQTRONIX WebKnight")) if retval: diff --git a/waf/webseal.py b/waf/webseal.py index b32c81285..661ec72bc 100644 --- a/waf/webseal.py +++ b/waf/webseal.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"WebSEAL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"WebSEAL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= any(_ in (page or "") for _ in ("This is a WebSEAL error message template file", "The Access Manager WebSEAL server received an invalid HTTP request")) if retval: break diff --git a/waf/wordfence.py b/waf/wordfence.py index 473273c77..fa9ee698e 100644 --- a/waf/wordfence.py +++ b/waf/wordfence.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = any(_ in (page or "") for _ in ("A potentially unsafe operation has been detected in your request to this site", "Generated by Wordfence", "Your access to this site has been limited", "This response was generated by Wordfence")) + retval |= any(_ in (page or "") for _ in ("A potentially unsafe operation has been detected in your request to this site", "Generated by Wordfence", "Your access to this site has been limited", "This response was generated by Wordfence")) if retval: break diff --git a/waf/wts.py b/waf/wts.py index 493a3b196..eebe28288 100644 --- a/waf/wts.py +++ b/waf/wts.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = ">WTS-WAF" in (page or "") + retval |= ">WTS-WAF" in (page or "") retval |= re.search(r"\Awts/", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/yundun.py b/waf/yundun.py index 3a5fb2672..62dfc6f01 100644 --- a/waf/yundun.py +++ b/waf/yundun.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"YUNDUN", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"YUNDUN", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"YUNDUN", headers.get("X-Cache", ""), re.I) is not None retval |= "Blocked by YUNDUN Cloud WAF" in (page or "") if retval: diff --git a/waf/yunsuo.py b/waf/yunsuo.py index 543b4c505..93f41d655 100644 --- a/waf/yunsuo.py +++ b/waf/yunsuo.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/")) if retval: break