Update for WAF scripts

2025-03-03 11:45:46 +03:00 · 2013-02-26 15:30:11 +01:00 · 2013-02-26 15:30:11 +01:00 · e5835dc74f
commit e5835dc74f
parent 6c38afab35
10 changed files with 73 additions and 6 deletions
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -153,6 +153,7 @@ class HTTPHEADER:
    SERVER = "Server"
    USER_AGENT = "User-Agent"
    TRANSFER_ENCODING = "Transfer-Encoding"
+    VIA = "Via"

 class EXPECTED:
    BOOL = "bool"
--- a/waf/binarysec.py
+++ b/waf/binarysec.py
@ -13,4 +13,7 @@ __product__ = "BinarySEC Web Application Firewall (BinarySEC)"

 def detect(get_page):
    page, headers, code = get_page()
-    return re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    retval = re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    if not retval:
+        retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache"))
+    return retval
--- a/waf/cloudflare.py
+++ b/waf/cloudflare.py
@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "CloudFlare Web Application Firewall (CloudFlare)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"cloudflare-nginx", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+        retval |= re.search(r"\A__cfduid=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval
--- a/waf/dotdefender.py
+++ b/waf/dotdefender.py
@ -14,7 +14,7 @@ def detect(get_page):

    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        retVal = headers.get("X-dotDefender-denied", "") == 1
+        retVal = headers.get("X-dotDefender-denied", "") == "1"
        if retVal:
            break

--- a/waf/isaserver.py
+++ b/waf/isaserver.py
@ -11,4 +11,6 @@ __product__ = "ISA Server (Microsoft)"

 def detect(get_page):
    page, headers, code = get_page(host=randomInt(6))
-    return "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator" in page
+    retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "")
+    retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "")
+    return retval
--- a/waf/modsecurity.py
+++ b/waf/modsecurity.py
@ -5,6 +5,9 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import re
+
+from lib.core.enums import HTTPHEADER
 from lib.core.settings import WAF_ATTACK_VECTORS

 __product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)"
@ -14,8 +17,9 @@ def detect(get_page):

    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
-        if code == 501:
-            retval = True
+        retval = code == 501
+        retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+        if retval:
            break

    return retval
--- a/waf/netscaler.py
+++ b/waf/netscaler.py
@ -15,6 +15,7 @@ __product__ = "NetScaler (Citrix Systems)"
 def detect(get_page):
    page, headers, code = get_page()
    retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+    retval |= re.search(r"\ANS-CACHE", headers.get(HTTPHEADER.VIA, ""), re.I) is not None

    if not retval:
        for vector in WAF_ATTACK_VECTORS:
--- a/waf/profense.py
+++ b/waf/profense.py
@ -13,4 +13,7 @@ __product__ = "Profense Web Application Firewall (Armorlogic)"

 def detect(get_page):
    page, headers, code = get_page()
-    return re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    retval = re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    if not retval:
+        retval = re.search(r"\APLBSID=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+    return retval
--- a/waf/uspses.py
+++ b/waf/uspses.py
@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "USP Secure Entry Server (United Security Providers)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"Secure Entry Server", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval
--- a/waf/webknight.py
+++ b/waf/webknight.py
@ -5,6 +5,9 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import re
+
+from lib.core.enums import HTTPHEADER
 from lib.core.settings import WAF_ATTACK_VECTORS

 __product__ = "WebKnight Application Firewall (AQTRONIX)"
@ -15,6 +18,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
        retVal = code == 999
+        retval |= re.search(r"WebKnight", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
        if retVal:
            break