diff --git a/waf/360.py b/waf/360.py index a8ddd08d6..f14814b9b 100644 --- a/waf/360.py +++ b/waf/360.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"wangzhan\.360\.cn", headers.get("X-Powered-By-360wzb", ""), re.I) is not None if retval: break diff --git a/waf/airlock.py b/waf/airlock.py index 33a56cbc6..481a89ca3 100644 --- a/waf/airlock.py +++ b/waf/airlock.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\AAL[_-]?(SESS|LB)=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/anquanbao.py b/waf/anquanbao.py index e8733f469..319460de8 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None if retval: break diff --git a/waf/baidu.py b/waf/baidu.py index 8c7fcac1e..799d10de8 100644 --- a/waf/baidu.py +++ b/waf/baidu.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None if retval: diff --git a/waf/barracuda.py b/waf/barracuda.py index 194bacc45..619605837 100644 --- a/waf/barracuda.py +++ b/waf/barracuda.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: diff --git a/waf/bigip.py b/waf/bigip.py index 5ea449fb2..b34697130 100644 --- a/waf/bigip.py +++ b/waf/bigip.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = headers.get("X-Cnection", "").lower() == "close" retval |= re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None diff --git a/waf/binarysec.py b/waf/binarysec.py index 0eeb681d7..152944cf8 100644 --- a/waf/binarysec.py +++ b/waf/binarysec.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache")) retval |= re.search(r"BinarySec", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: diff --git a/waf/blockdos.py b/waf/blockdos.py index 44a8bc6ab..27c145125 100644 --- a/waf/blockdos.py +++ b/waf/blockdos.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"BlockDos\.net", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/ciscoacexml.py b/waf/ciscoacexml.py index 7900c0c06..0387089dd 100644 --- a/waf/ciscoacexml.py +++ b/waf/ciscoacexml.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/cloudflare.py b/waf/cloudflare.py index 0f1323f34..a0e595af4 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: diff --git a/waf/datapower.py b/waf/datapower.py index 11972cbd8..a0ae18da3 100644 --- a/waf/datapower.py +++ b/waf/datapower.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\A(OK|FAIL)", headers.get("X-Backside-Transport", ""), re.I) is not None if retval: break diff --git a/waf/dotdefender.py b/waf/dotdefender.py index 648ff321b..2bc0959ea 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retVal = headers.get("X-dotDefender-denied", "") == "1" if retVal: break diff --git a/waf/edgecast.py b/waf/edgecast.py index 40b6a8b71..f30f1e996 100644 --- a/waf/edgecast.py +++ b/waf/edgecast.py @@ -16,7 +16,7 @@ def detect(get_page): retVal = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, code = get_page(get=vector) retVal = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retVal: break diff --git a/waf/expressionengine.py b/waf/expressionengine.py index c5ca7a892..4a7e89791 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = "Invalid GET Data" in page if retval: break diff --git a/waf/fortiweb.py b/waf/fortiweb.py index 3a0bd4a5a..0500ed0a7 100644 --- a/waf/fortiweb.py +++ b/waf/fortiweb.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/hyperguard.py b/waf/hyperguard.py index a73f07102..8f14a69a3 100644 --- a/waf/hyperguard.py +++ b/waf/hyperguard.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\AODSESSION=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/incapsula.py b/waf/incapsula.py index c70b71a0d..51aa320c6 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None if retval: diff --git a/waf/isaserver.py b/waf/isaserver.py index 1923756cd..b7fb5dc79 100644 --- a/waf/isaserver.py +++ b/waf/isaserver.py @@ -10,7 +10,7 @@ from lib.core.common import randomInt __product__ = "ISA Server (Microsoft)" def detect(get_page): - page, headers, code = get_page(host=randomInt(6)) + page, _, _ = get_page(host=randomInt(6)) retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "") retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "") return retval diff --git a/waf/jiasule.py b/waf/jiasule.py index 8944160dd..ecafcc986 100644 --- a/waf/jiasule.py +++ b/waf/jiasule.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, headers, _ = get_page(get=vector) retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None diff --git a/waf/knownsec.py b/waf/knownsec.py index 682fa37cb..b21d79a29 100644 --- a/waf/knownsec.py +++ b/waf/knownsec.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = re.search(r"url\('/ks-waf-error\.png'\)", page, re.I) is not None if retval: break diff --git a/waf/kona.py b/waf/kona.py index a6b2ae703..2636ce5b0 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, code = get_page(get=vector) retval = code in (400, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is not None if retval: break diff --git a/waf/netcontinuum.py b/waf/netcontinuum.py index 19d1131cc..a2c7354af 100644 --- a/waf/netcontinuum.py +++ b/waf/netcontinuum.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\ANCI__SessionId=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/netscaler.py b/waf/netscaler.py index 4a2945915..6ea470862 100644 --- a/waf/netscaler.py +++ b/waf/netscaler.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\Aclose", headers.get("Cneonction", "") or headers.get("nnCoection", ""), re.I) is not None retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"\ANS-CACHE", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None diff --git a/waf/Newdefend.py b/waf/newdefend.py similarity index 91% rename from waf/Newdefend.py rename to waf/newdefend.py index dd18b5b80..0aa596633 100644 --- a/waf/Newdefend.py +++ b/waf/newdefend.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"newdefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/paloalto.py b/waf/paloalto.py index 29101b7be..96355166a 100644 --- a/waf/paloalto.py +++ b/waf/paloalto.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page, re.I) is not None if retval: break diff --git a/waf/profense.py b/waf/profense.py index 3a492e2c8..bb8ee92d1 100644 --- a/waf/profense.py +++ b/waf/profense.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Profense", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: diff --git a/waf/proventia.py b/waf/proventia.py index 4cba7bda5..6625f151c 100644 --- a/waf/proventia.py +++ b/waf/proventia.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission __product__ = "Proventia Web Application Security (IBM)" def detect(get_page): - page, headers, code = get_page() + page, _, _ = get_page() if page is None: return False - page, headers, code = get_page(url="/Admin_Files/") + page, _, _ = get_page(url="/Admin_Files/") return page is None diff --git a/waf/radware.py b/waf/radware.py index f7c27f4fd..aa09658a5 100644 --- a/waf/radware.py +++ b/waf/radware.py @@ -15,7 +15,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, headers, _ = get_page(get=vector) retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None retval |= headers.get("X-SL-CompState") is not None if retval: diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py index 95f676d48..b0f8a9e74 100644 --- a/waf/requestvalidationmode.py +++ b/waf/requestvalidationmode.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = "ASP.NET has detected data in the request that is potentially dangerous" in page retval |= "Request Validation has detected a potentially dangerous client input value" in page if retval: diff --git a/waf/safe3.py b/waf/safe3.py index 8a80d8d4e..c49b434b3 100644 --- a/waf/safe3.py +++ b/waf/safe3.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: diff --git a/waf/safedog.py b/waf/safedog.py index e287045bf..0f77deffc 100644 --- a/waf/safedog.py +++ b/waf/safedog.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval |= re.search(r"Safedog", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"safedog", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None diff --git a/waf/secureiis.py b/waf/secureiis.py index 3f1592b31..77f467db3 100644 --- a/waf/secureiis.py +++ b/waf/secureiis.py @@ -10,8 +10,8 @@ from lib.core.enums import HTTP_HEADER __product__ = "SecureIIS Web Server Security (BeyondTrust)" def detect(get_page): - page, headers, code = get_page() + _, _, code = get_page() retval = code != 404 - page, headers, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"}) + _, _, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"}) retval = retval and code == 404 return retval diff --git a/waf/senginx.py b/waf/senginx.py index ad81754a7..1c59bd74c 100644 --- a/waf/senginx.py +++ b/waf/senginx.py @@ -13,7 +13,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + page, _, _ = get_page(get=vector) retval = "SENGINX-ROBOT-MITIGATION" in page if retval: break diff --git a/waf/sucuri.py b/waf/sucuri.py index 3aca84296..b2d6e51cd 100644 --- a/waf/sucuri.py +++ b/waf/sucuri.py @@ -16,7 +16,7 @@ def detect(get_page): retVal = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, code = get_page(get=vector) retVal = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retVal: break diff --git a/waf/teros.py b/waf/teros.py index ff4808397..bef0313f3 100644 --- a/waf/teros.py +++ b/waf/teros.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"\Ast8(id|_wat|_wlf)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/trafficshield.py b/waf/trafficshield.py index 7ac3f6533..fed2cadee 100644 --- a/waf/trafficshield.py +++ b/waf/trafficshield.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\AASINFO=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: diff --git a/waf/urlscan.py b/waf/urlscan.py index 2574e25a2..e41db1cc7 100644 --- a/waf/urlscan.py +++ b/waf/urlscan.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None if retval: break diff --git a/waf/uspses.py b/waf/uspses.py index 70ecf5f2c..10dedd56e 100644 --- a/waf/uspses.py +++ b/waf/uspses.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/varnish.py b/waf/varnish.py index f630ccd96..434874100 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, _ = get_page(get=vector) retval = headers.get("X-Varnish") is not None retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None if retval: diff --git a/waf/webappsecure.py b/waf/webappsecure.py index 0f22aef51..060c1999d 100644 --- a/waf/webappsecure.py +++ b/waf/webappsecure.py @@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission __product__ = "webApp.secure (webScurity)" def detect(get_page): - page, headers, code = get_page() + _, _, code = get_page() if code == 403: return False - page, headers, code = get_page(get="nx=@@") + _, _, code = get_page(get="nx=@@") return code == 403 diff --git a/waf/webknight.py b/waf/webknight.py index 9a8a6ef36..048ea278c 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -16,7 +16,7 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, headers, code = get_page(get=vector) + _, headers, code = get_page(get=vector) retVal = code == 999 retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retVal: