sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2016-01-07 21:58:10 +01:00
parent c5d3198101
commit b43c1747e0
41 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
waf/360.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"wangzhan\.360\.cn", headers.get("X-Powered-By-360wzb", ""), re.I) is not None retval = re.search(r"wangzhan\.360\.cn", headers.get("X-Powered-By-360wzb", ""), re.I) is not None
if retval: if retval:
break break

2
waf/airlock.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\AAL[_-]?(SESS|LB)=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\AAL[_-]?(SESS|LB)=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:
break break

2
waf/anquanbao.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None
if retval: if retval:
break break

2
waf/baidu.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None
retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None
if retval: if retval:

2
waf/barracuda.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\Abarra_counter_session=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"(\A|\b)barracuda_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:

2
waf/bigip.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = headers.get("X-Cnection", "").lower() == "close" retval = headers.get("X-Cnection", "").lower() == "close"
retval |= re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None

2
waf/binarysec.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache")) retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache"))
retval |= re.search(r"BinarySec", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"BinarySec", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:

2
waf/blockdos.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"BlockDos\.net", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"BlockDos\.net", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:
break break

2
waf/ciscoacexml.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"ACE XML Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:
break break

2
waf/cloudflare.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:

2
waf/datapower.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\A(OK|FAIL)", headers.get("X-Backside-Transport", ""), re.I) is not None retval = re.search(r"\A(OK|FAIL)", headers.get("X-Backside-Transport", ""), re.I) is not None
if retval: if retval:
break break

2
waf/dotdefender.py
View File

@ -13,7 +13,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retVal = headers.get("X-dotDefender-denied", "") == "1" retVal = headers.get("X-dotDefender-denied", "") == "1"
if retVal: if retVal:
break break

2
waf/edgecast.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retVal = False retVal = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, code = get_page(get=vector)
retVal = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retVal = code == 400 and re.search(r"\AECDF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retVal: if retVal:
break break

2
waf/expressionengine.py
View File

@ -13,7 +13,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, _, _ = get_page(get=vector)
retval = "Invalid GET Data" in page retval = "Invalid GET Data" in page
if retval: if retval:
break break

2
waf/fortiweb.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:
break break

2
waf/hyperguard.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\AODSESSION=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\AODSESSION=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:
break break

2
waf/incapsula.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None
if retval: if retval:

2
waf/isaserver.py
View File

@ -10,7 +10,7 @@ from lib.core.common import randomInt
__product__ = "ISA Server (Microsoft)" __product__ = "ISA Server (Microsoft)"
def detect(get_page): def detect(get_page):
page, headers, code = get_page(host=randomInt(6)) page, _, _ = get_page(host=randomInt(6))
retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "") retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "")
retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "") retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "")
return retval return retval

2
waf/jiasule.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, headers, _ = get_page(get=vector)
retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None

2
waf/knownsec.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, _, _ = get_page(get=vector)
retval = re.search(r"url\('/ks-waf-error\.png'\)", page, re.I) is not None retval = re.search(r"url\('/ks-waf-error\.png'\)", page, re.I) is not None
if retval: if retval:
break break

2
waf/kona.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, _, code = get_page(get=vector)
retval = code in (400, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is not None retval = code in (400, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is not None
if retval: if retval:
break break

2
waf/netcontinuum.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\ANCI__SessionId=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\ANCI__SessionId=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:
break break

2
waf/netscaler.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\Aclose", headers.get("Cneonction", "") or headers.get("nnCoection", ""), re.I) is not None retval = re.search(r"\Aclose", headers.get("Cneonction", "") or headers.get("nnCoection", ""), re.I) is not None
retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"\ANS-CACHE", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None retval |= re.search(r"\ANS-CACHE", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None

2
waf/Newdefend.py → waf/newdefend.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"newdefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"newdefend", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:
break break

2
waf/paloalto.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, _, _ = get_page(get=vector)
retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page, re.I) is not None retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page, re.I) is not None
if retval: if retval:
break break

2
waf/profense.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\APLBSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"Profense", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"Profense", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:

4
waf/proventia.py
View File

@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
__product__ = "Proventia Web Application Security (IBM)" __product__ = "Proventia Web Application Security (IBM)"
def detect(get_page): def detect(get_page):
page, headers, code = get_page() page, _, _ = get_page()
if page is None: if page is None:
return False return False
page, headers, code = get_page(url="/Admin_Files/") page, _, _ = get_page(url="/Admin_Files/")
return page is None return page is None

2
waf/radware.py
View File

@ -15,7 +15,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, headers, _ = get_page(get=vector)
retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None
retval |= headers.get("X-SL-CompState") is not None retval |= headers.get("X-SL-CompState") is not None
if retval: if retval:

2
waf/requestvalidationmode.py
View File

@ -13,7 +13,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, _, _ = get_page(get=vector)
retval = "ASP.NET has detected data in the request that is potentially dangerous" in page retval = "ASP.NET has detected data in the request that is potentially dangerous" in page
retval |= "Request Validation has detected a potentially dangerous client input value" in page retval |= "Request Validation has detected a potentially dangerous client input value" in page
if retval: if retval:

2
waf/safe3.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:

2
waf/safedog.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None retval = re.search(r"WAF/2\.0", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
retval |= re.search(r"Safedog", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"Safedog", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"safedog", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"safedog", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None

4
waf/secureiis.py
View File

@ -10,8 +10,8 @@ from lib.core.enums import HTTP_HEADER
__product__ = "SecureIIS Web Server Security (BeyondTrust)" __product__ = "SecureIIS Web Server Security (BeyondTrust)"
def detect(get_page): def detect(get_page):
page, headers, code = get_page() _, _, code = get_page()
retval = code != 404 retval = code != 404
page, headers, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"}) _, _, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"})
retval = retval and code == 404 retval = retval and code == 404
return retval return retval

2
waf/senginx.py
View File

@ -13,7 +13,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, _, _ = get_page(get=vector)
retval = "SENGINX-ROBOT-MITIGATION" in page retval = "SENGINX-ROBOT-MITIGATION" in page
if retval: if retval:
break break

2
waf/sucuri.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retVal = False retVal = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, code = get_page(get=vector)
retVal = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retVal = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retVal: if retVal:
break break

2
waf/teros.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"\Ast8(id|_wat|_wlf)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\Ast8(id|_wat|_wlf)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:
break break

2
waf/trafficshield.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"F5-TrafficShield", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\AASINFO=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"\AASINFO=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
if retval: if retval:

2
waf/urlscan.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None retval = re.search(r"Rejected-By-UrlScan", headers.get(HTTP_HEADER.LOCATION, ""), re.I) is not None
if retval: if retval:
break break

2
waf/uspses.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval = re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:
break break

2
waf/varnish.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = headers.get("X-Varnish") is not None retval = headers.get("X-Varnish") is not None
retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None
if retval: if retval:

4
waf/webappsecure.py
View File

@ -8,8 +8,8 @@ See the file 'doc/COPYING' for copying permission
__product__ = "webApp.secure (webScurity)" __product__ = "webApp.secure (webScurity)"
def detect(get_page): def detect(get_page):
page, headers, code = get_page() _, _, code = get_page()
if code == 403: if code == 403:
return False return False
page, headers, code = get_page(get="nx=@@") _, _, code = get_page(get="nx=@@")
return code == 403 return code == 403

2
waf/webknight.py
View File

@ -16,7 +16,7 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) _, headers, code = get_page(get=vector)
retVal = code == 999 retVal = code == 999
retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retVal: if retVal: