diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 77b661e..362c24d 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -7,16 +7,30 @@ assignees: shenril --- +<<<<<<< HEAD **Environment :** - OS: [e.g. Windows,Linux,Mac] - Python version [e.g. 3.5, 3.6] - Sitadel version +======= +## Environment +>>>>>>> master -**Describe the bug** -A clear and concise description of what the bug is. +- OS: [e.g. Windows,Linux,Mac] +- Python version [e.g. 3.5, 3.6] +- Sitadel version + +## Expected Behavior + +Tell us what should happen + +## Current Behavior + +Tell us what happens instead of the expected behavior + +## To Reproduce -**To Reproduce** Steps to reproduce the behavior: - Step1 diff --git a/.travis.yml b/.travis.yml index 1706285..6ae4202 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,7 +5,7 @@ dist: xenial language: python python: - "3.5" - - "3.6.6" + - "3.6" - "3.7" # Test website to run attack diff --git a/lib/modules/attacks/injection/ldap.py b/lib/modules/attacks/injection/ldap.py index 4e1b6b1..e40c7b4 100644 --- a/lib/modules/attacks/injection/ldap.py +++ b/lib/modules/attacks/injection/ldap.py @@ -2,10 +2,13 @@ from urllib.parse import parse_qsl, urlencode, urlsplit from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class LDAP(AttackPlugin): + level = Risk.DANGEROUS + def errors(self, data): error = ( "supplied argument is not a valid ldap", diff --git a/lib/modules/attacks/injection/rfi.py b/lib/modules/attacks/injection/rfi.py index 928f184..c02d267 100644 --- a/lib/modules/attacks/injection/rfi.py +++ b/lib/modules/attacks/injection/rfi.py @@ -2,10 +2,13 @@ from urllib.parse import parse_qsl, urlencode, urlsplit from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class Rfi(AttackPlugin): + level = Risk.DANGEROUS + def process(self, start_url, crawled_urls): output = Services.get("output") request = Services.get("request_factory") diff --git a/lib/modules/attacks/injection/sql.py b/lib/modules/attacks/injection/sql.py index 0cb90d9..9dda589 100644 --- a/lib/modules/attacks/injection/sql.py +++ b/lib/modules/attacks/injection/sql.py @@ -2,10 +2,13 @@ from urllib.parse import parse_qsl, urlencode, urlsplit from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class Sql(AttackPlugin): + level = Risk.DANGEROUS + def dberror(self, data): if re.search( r"supplied argument is not a valid MySQL|Column count doesn\'t match value count at row|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right syntax to use|\[MySQL]\[ODBC|Column count doesn\'t match|valid MySQL result|MySqlClient.", diff --git a/lib/modules/attacks/other/dav.py b/lib/modules/attacks/other/dav.py index 3f8d349..8a894f3 100644 --- a/lib/modules/attacks/other/dav.py +++ b/lib/modules/attacks/other/dav.py @@ -1,10 +1,13 @@ import re from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class Dav(AttackPlugin): + level = Risk.DANGEROUS + def process(self, start_url, crawled_urls): output = Services.get("output") request = Services.get("request_factory") diff --git a/lib/modules/attacks/vulns/anonymous.py b/lib/modules/attacks/vulns/anonymous.py index 55f886a..a474383 100644 --- a/lib/modules/attacks/vulns/anonymous.py +++ b/lib/modules/attacks/vulns/anonymous.py @@ -3,10 +3,13 @@ from urllib.parse import urlparse from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class Anonymous(AttackPlugin): + level = Risk.DANGEROUS + def process(self, start_url, crawled_urls): output = Services.get("output") logger = Services.get("logger") diff --git a/lib/modules/attacks/vulns/crime.py b/lib/modules/attacks/vulns/crime.py index 1c1eb22..0f58a2c 100644 --- a/lib/modules/attacks/vulns/crime.py +++ b/lib/modules/attacks/vulns/crime.py @@ -3,10 +3,13 @@ from urllib.parse import urlparse from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class Crime(AttackPlugin): + level = Risk.DANGEROUS + def process(self, start_url, crawled_urls): output = Services.get("output") logger = Services.get("logger") @@ -16,7 +19,6 @@ def process(self, start_url, crawled_urls): port = "443" try: ip += socket.gethostbyname(urlparse(start_url).hostname) - print(ip) socket.inet_aton(ip) r = subprocess.Popen( [ diff --git a/lib/modules/attacks/vulns/shellshock.py b/lib/modules/attacks/vulns/shellshock.py index 6af3850..ed81c3f 100644 --- a/lib/modules/attacks/vulns/shellshock.py +++ b/lib/modules/attacks/vulns/shellshock.py @@ -1,10 +1,13 @@ import re from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class Shellshock(AttackPlugin): + level = Risk.DANGEROUS + def process(self, start_url, crawled_urls): output = Services.get("output") request = Services.get("request_factory") diff --git a/lib/modules/attacks/vulns/strutsshock.py b/lib/modules/attacks/vulns/strutsshock.py index 7cb8a73..916b00e 100644 --- a/lib/modules/attacks/vulns/strutsshock.py +++ b/lib/modules/attacks/vulns/strutsshock.py @@ -1,10 +1,13 @@ import re from lib.utils.container import Services +from lib.config.settings import Risk from .. import AttackPlugin class StrutsShock(AttackPlugin): + level = Risk.DANGEROUS + def process(self, start_url, crawled_urls): output = Services.get("output") request = Services.get("request_factory") diff --git a/lib/modules/fingerprints/cdn/akamai.py b/lib/modules/fingerprints/cdn/akamai.py index cef1ac2..cb30a14 100644 --- a/lib/modules/fingerprints/cdn/akamai.py +++ b/lib/modules/fingerprints/cdn/akamai.py @@ -12,7 +12,7 @@ class Akamai(FingerprintPlugin): level = Risk.NO_DANGER def process(self, headers, content): - request = Services.get('request_factory') + request = Services.get("request_factory") hostname = urlparse(request.url).hostname try: resolver = Resolver(configure=False) @@ -20,7 +20,7 @@ def process(self, headers, content): resolver.timeout = 2 resolver.lifetime = 2 - dns_query = resolver.query(hostname + ".edgekey.net", 'A') + dns_query = resolver.query(hostname + ".edgekey.net", "A") if len(dns_query) > 0: return "Akamai CDN" diff --git a/lib/modules/fingerprints/cdn/azure.py b/lib/modules/fingerprints/cdn/azure.py index b1b37cf..a172111 100644 --- a/lib/modules/fingerprints/cdn/azure.py +++ b/lib/modules/fingerprints/cdn/azure.py @@ -13,7 +13,7 @@ class Azure(FingerprintPlugin): level = Risk.NO_DANGER def process(self, headers, content): - request = Services.get('request_factory') + request = Services.get("request_factory") hostname = urlparse(request.url).hostname _ = False @@ -23,10 +23,10 @@ def process(self, headers, content): resolver.timeout = 2 resolver.lifetime = 2 - dns_query = resolver.query(hostname, 'CNAME') + dns_query = resolver.query(hostname, "CNAME") if len(dns_query) > 0: for answer in dns_query: - _ |= re.search(r'azureedge\.net', str(answer), re.I) is not None + _ |= re.search(r"azureedge\.net", str(answer), re.I) is not None if _: return "Azure CDN" except NoAnswer: diff --git a/lib/modules/fingerprints/cdn/cloudflare.py b/lib/modules/fingerprints/cdn/cloudflare.py index 8ba0270..b670fb8 100644 --- a/lib/modules/fingerprints/cdn/cloudflare.py +++ b/lib/modules/fingerprints/cdn/cloudflare.py @@ -12,14 +12,14 @@ class Cloudflare(FingerprintPlugin): level = Risk.NO_DANGER def process(self, headers, content): - request = Services.get('request_factory') + request = Services.get("request_factory") hostname = urlparse(request.url).hostname try: resolver = Resolver(configure=False) resolver.nameservers = [settings.dns_resolver] resolver.timeout = 2 resolver.lifetime = 2 - dns_query = resolver.query(hostname + ".cdn.cloudflare.net", 'A') + dns_query = resolver.query(hostname + ".cdn.cloudflare.net", "A") if len(dns_query) > 0: return "Cloudflare CDN" diff --git a/lib/modules/fingerprints/cdn/cloudfront.py b/lib/modules/fingerprints/cdn/cloudfront.py index c1c611a..625a054 100644 --- a/lib/modules/fingerprints/cdn/cloudfront.py +++ b/lib/modules/fingerprints/cdn/cloudfront.py @@ -13,7 +13,7 @@ class CloudFront(FingerprintPlugin): level = Risk.NO_DANGER def process(self, headers, content): - request = Services.get('request_factory') + request = Services.get("request_factory") hostname = urlparse(request.url).hostname _ = False try: @@ -22,11 +22,11 @@ def process(self, headers, content): resolver.timeout = 2 resolver.lifetime = 2 - dns_query = resolver.query(hostname, 'CNAME') + dns_query = resolver.query(hostname, "CNAME") if len(dns_query) > 0: for answer in dns_query: - _ |= re.search(r'cloudfront\.net', str(answer), re.I) is not None + _ |= re.search(r"cloudfront\.net", str(answer), re.I) is not None if _: return "CloudFront CDN (Amazon)" except NoAnswer: diff --git a/lib/modules/fingerprints/cdn/fastly.py b/lib/modules/fingerprints/cdn/fastly.py index 7b7cff8..03c3d68 100644 --- a/lib/modules/fingerprints/cdn/fastly.py +++ b/lib/modules/fingerprints/cdn/fastly.py @@ -13,7 +13,7 @@ class Fastly(FingerprintPlugin): level = Risk.NO_DANGER def process(self, headers, content): - request = Services.get('request_factory') + request = Services.get("request_factory") hostname = urlparse(request.url).hostname _ = False try: @@ -22,10 +22,10 @@ def process(self, headers, content): resolver.timeout = 2 resolver.lifetime = 2 - dns_query = resolver.query(hostname, 'CNAME') + dns_query = resolver.query(hostname, "CNAME") if len(dns_query) > 0: for answer in dns_query: - _ |= re.search(r'fastly\.net', str(answer), re.I) is not None + _ |= re.search(r"fastly\.net", str(answer), re.I) is not None if _: return "Fastly CDN" except NoAnswer: