From 9a0a80302573865c6ebf4495d4a0f31e0bf03fea Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 23 Apr 2019 00:31:20 +0200 Subject: [PATCH] Adding new WAF script (based on identYwaf update) --- lib/core/settings.py | 2 +- waf/astra.py | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 waf/astra.py diff --git a/lib/core/settings.py b/lib/core/settings.py index d4d6d1e2c..044113e04 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.4.32" +VERSION = "1.3.4.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/waf/astra.py b/waf/astra.py new file mode 100644 index 000000000..b979c7732 --- /dev/null +++ b/waf/astra.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python2 + +""" +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Astra (Czar Securities)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval |= all(_ in (page or "") for _ in ("unfortunately our website protection system", "//www.getastra.com")) + if retval: + break + + return retval