Re evaluate risk level

lib/modules/attacks/injection/ldap.py

@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class LDAP(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def errors(self, data):
         error = (
             "supplied argument is not a valid ldap",

lib/modules/attacks/injection/rfi.py

@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Rfi(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

lib/modules/attacks/injection/sql.py

@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Sql(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def dberror(self, data):
         if re.search(
             r"supplied argument is not a valid MySQL|Column count doesn\'t match value count at row|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right syntax to use|\[MySQL]\[ODBC|Column count doesn\'t match|valid MySQL result|MySqlClient.",

lib/modules/attacks/other/dav.py

@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Dav(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

lib/modules/attacks/vulns/anonymous.py

@@ -3,10 +3,13 @@
 from urllib.parse import urlparse
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Anonymous(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         logger = Services.get("logger")

lib/modules/attacks/vulns/crime.py

@@ -3,10 +3,13 @@
 from urllib.parse import urlparse
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Crime(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         logger = Services.get("logger")
@@ -16,7 +19,6 @@ def process(self, start_url, crawled_urls):
         port = "443"
         try:
             ip += socket.gethostbyname(urlparse(start_url).hostname)
-            print(ip)
             socket.inet_aton(ip)
             r = subprocess.Popen(
                 [

lib/modules/attacks/vulns/shellshock.py

@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Shellshock(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

lib/modules/attacks/vulns/strutsshock.py

@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class StrutsShock(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

lib/modules/fingerprints/cdn/akamai.py

@@ -12,15 +12,15 @@ class Akamai(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         try:
             resolver = Resolver(configure=False)
             resolver.nameservers = [settings.dns_resolver]
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname + ".edgekey.net", 'A')
+            dns_query = resolver.query(hostname + ".edgekey.net", "A")
 
             if len(dns_query) > 0:
                 return "Akamai CDN"

lib/modules/fingerprints/cdn/azure.py

@@ -13,7 +13,7 @@ class Azure(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
 
@@ -23,10 +23,10 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'azureedge\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"azureedge\.net", str(answer), re.I) is not None
             if _:
                 return "Azure CDN"
         except NoAnswer:

lib/modules/fingerprints/cdn/cloudflare.py

@@ -12,14 +12,14 @@ class Cloudflare(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         try:
             resolver = Resolver(configure=False)
             resolver.nameservers = [settings.dns_resolver]
             resolver.timeout = 2
             resolver.lifetime = 2
-            dns_query = resolver.query(hostname + ".cdn.cloudflare.net", 'A')
+            dns_query = resolver.query(hostname + ".cdn.cloudflare.net", "A")
 
             if len(dns_query) > 0:
                 return "Cloudflare CDN"

lib/modules/fingerprints/cdn/cloudfront.py

@@ -13,7 +13,7 @@ class CloudFront(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
         try:
@@ -22,11 +22,11 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
 
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'cloudfront\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"cloudfront\.net", str(answer), re.I) is not None
             if _:
                 return "CloudFront CDN (Amazon)"
         except NoAnswer:

lib/modules/fingerprints/cdn/fastly.py

@@ -13,7 +13,7 @@ class Fastly(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
         try:
@@ -22,10 +22,10 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'fastly\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"fastly\.net", str(answer), re.I) is not None
             if _:
                 return "Fastly CDN"
         except NoAnswer: