From 90b0ac37c8819263dd44ad0741a38b9130e74df9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 1 Dec 2016 23:09:06 +0100 Subject: [PATCH] New WAF script (AWS WAF) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 3 ++- waf/aws.py | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 waf/aws.py diff --git a/lib/core/settings.py b/lib/core/settings.py index b1caa99d8..68441dfb6 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.0.12.1" +VERSION = "1.0.12.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5b46bc56e..6188a122c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py -e777e700b2a6e9b82993f8be46db45ac lib/core/settings.py +36df24ce03ae666431af14bf24f4c953 lib/core/settings.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py @@ -385,6 +385,7 @@ ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqlud deb8dd4543177479b185af8b383a8bdf waf/airlock.py 0da662422cde266dd47cea3f5be6a309 waf/anquanbao.py 012b4acd41f0c12df88cf0276c2afd1a waf/armor.py +64415c1d49defb6a931db731f4a9d972 waf/aws.py 757fe0f66a24719fa596cb974ee6ae71 waf/baidu.py 8a26fe9e0ae48e8f28272769aa7dc16e waf/barracuda.py 826b64868a10caf1229d3bfcbbb4d594 waf/bigip.py diff --git a/waf/aws.py b/waf/aws.py new file mode 100644 index 000000000..894666b44 --- /dev/null +++ b/waf/aws.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Amazon Web Services Web Application Firewall (Amazon)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = code == 403 and re.search(r"\bAWS", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + if retval: + break + + return retval