From 51d3faf2cf9e2070cbd03187b1fc6a291150dd96 Mon Sep 17 00:00:00 2001
From: Batard Florent <florent.batard@gmail.com>
Date: Wed, 14 Aug 2019 11:39:29 +0900
Subject: [PATCH 1/4] Add the default python3.6 version to tests

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 1706285..3557194 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,6 +5,7 @@ dist: xenial
 language: python
 python:
   - "3.5"
+  - "3.6"
   - "3.6.6"
   - "3.7"
 

From 662597c0966cd44fb62bd858709b5f9c71d2b077 Mon Sep 17 00:00:00 2001
From: Batard Florent <florent.batard@gmail.com>
Date: Wed, 14 Aug 2019 11:50:57 +0900
Subject: [PATCH 2/4] Remove the custom build for python 3.6.6

---
 .travis.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 3557194..6ae4202 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,7 +6,6 @@ language: python
 python:
   - "3.5"
   - "3.6"
-  - "3.6.6"
   - "3.7"
 
 # Test website to run attack

From 8f5032abb63167c68a19eadb843c5e739d1b2745 Mon Sep 17 00:00:00 2001
From: Batard Florent <florent.batard@gmail.com>
Date: Wed, 14 Aug 2019 12:14:51 +0900
Subject: [PATCH 3/4] Re evaluate risk level

---
 lib/modules/attacks/injection/ldap.py      | 3 +++
 lib/modules/attacks/injection/rfi.py       | 3 +++
 lib/modules/attacks/injection/sql.py       | 3 +++
 lib/modules/attacks/other/dav.py           | 3 +++
 lib/modules/attacks/vulns/anonymous.py     | 3 +++
 lib/modules/attacks/vulns/crime.py         | 4 +++-
 lib/modules/attacks/vulns/shellshock.py    | 3 +++
 lib/modules/attacks/vulns/strutsshock.py   | 3 +++
 lib/modules/fingerprints/cdn/akamai.py     | 4 ++--
 lib/modules/fingerprints/cdn/azure.py      | 6 +++---
 lib/modules/fingerprints/cdn/cloudflare.py | 4 ++--
 lib/modules/fingerprints/cdn/cloudfront.py | 6 +++---
 lib/modules/fingerprints/cdn/fastly.py     | 6 +++---
 13 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/lib/modules/attacks/injection/ldap.py b/lib/modules/attacks/injection/ldap.py
index 4e1b6b1..e40c7b4 100644
--- a/lib/modules/attacks/injection/ldap.py
+++ b/lib/modules/attacks/injection/ldap.py
@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class LDAP(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def errors(self, data):
         error = (
             "supplied argument is not a valid ldap",
diff --git a/lib/modules/attacks/injection/rfi.py b/lib/modules/attacks/injection/rfi.py
index 928f184..c02d267 100644
--- a/lib/modules/attacks/injection/rfi.py
+++ b/lib/modules/attacks/injection/rfi.py
@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Rfi(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")
diff --git a/lib/modules/attacks/injection/sql.py b/lib/modules/attacks/injection/sql.py
index 0cb90d9..9dda589 100644
--- a/lib/modules/attacks/injection/sql.py
+++ b/lib/modules/attacks/injection/sql.py
@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Sql(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def dberror(self, data):
         if re.search(
             r"supplied argument is not a valid MySQL|Column count doesn\'t match value count at row|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right syntax to use|\[MySQL]\[ODBC|Column count doesn\'t match|valid MySQL result|MySqlClient.",
diff --git a/lib/modules/attacks/other/dav.py b/lib/modules/attacks/other/dav.py
index 3f8d349..8a894f3 100644
--- a/lib/modules/attacks/other/dav.py
+++ b/lib/modules/attacks/other/dav.py
@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Dav(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")
diff --git a/lib/modules/attacks/vulns/anonymous.py b/lib/modules/attacks/vulns/anonymous.py
index 55f886a..a474383 100644
--- a/lib/modules/attacks/vulns/anonymous.py
+++ b/lib/modules/attacks/vulns/anonymous.py
@@ -3,10 +3,13 @@
 from urllib.parse import urlparse
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Anonymous(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         logger = Services.get("logger")
diff --git a/lib/modules/attacks/vulns/crime.py b/lib/modules/attacks/vulns/crime.py
index 1c1eb22..0f58a2c 100644
--- a/lib/modules/attacks/vulns/crime.py
+++ b/lib/modules/attacks/vulns/crime.py
@@ -3,10 +3,13 @@
 from urllib.parse import urlparse
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Crime(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         logger = Services.get("logger")
@@ -16,7 +19,6 @@ def process(self, start_url, crawled_urls):
         port = "443"
         try:
             ip += socket.gethostbyname(urlparse(start_url).hostname)
-            print(ip)
             socket.inet_aton(ip)
             r = subprocess.Popen(
                 [
diff --git a/lib/modules/attacks/vulns/shellshock.py b/lib/modules/attacks/vulns/shellshock.py
index 6af3850..ed81c3f 100644
--- a/lib/modules/attacks/vulns/shellshock.py
+++ b/lib/modules/attacks/vulns/shellshock.py
@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Shellshock(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")
diff --git a/lib/modules/attacks/vulns/strutsshock.py b/lib/modules/attacks/vulns/strutsshock.py
index 7cb8a73..916b00e 100644
--- a/lib/modules/attacks/vulns/strutsshock.py
+++ b/lib/modules/attacks/vulns/strutsshock.py
@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class StrutsShock(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")
diff --git a/lib/modules/fingerprints/cdn/akamai.py b/lib/modules/fingerprints/cdn/akamai.py
index cef1ac2..cb30a14 100644
--- a/lib/modules/fingerprints/cdn/akamai.py
+++ b/lib/modules/fingerprints/cdn/akamai.py
@@ -12,7 +12,7 @@ class Akamai(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         try:
             resolver = Resolver(configure=False)
@@ -20,7 +20,7 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname + ".edgekey.net", 'A')
+            dns_query = resolver.query(hostname + ".edgekey.net", "A")
 
             if len(dns_query) > 0:
                 return "Akamai CDN"
diff --git a/lib/modules/fingerprints/cdn/azure.py b/lib/modules/fingerprints/cdn/azure.py
index b1b37cf..a172111 100644
--- a/lib/modules/fingerprints/cdn/azure.py
+++ b/lib/modules/fingerprints/cdn/azure.py
@@ -13,7 +13,7 @@ class Azure(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
 
@@ -23,10 +23,10 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'azureedge\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"azureedge\.net", str(answer), re.I) is not None
             if _:
                 return "Azure CDN"
         except NoAnswer:
diff --git a/lib/modules/fingerprints/cdn/cloudflare.py b/lib/modules/fingerprints/cdn/cloudflare.py
index 8ba0270..b670fb8 100644
--- a/lib/modules/fingerprints/cdn/cloudflare.py
+++ b/lib/modules/fingerprints/cdn/cloudflare.py
@@ -12,14 +12,14 @@ class Cloudflare(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         try:
             resolver = Resolver(configure=False)
             resolver.nameservers = [settings.dns_resolver]
             resolver.timeout = 2
             resolver.lifetime = 2
-            dns_query = resolver.query(hostname + ".cdn.cloudflare.net", 'A')
+            dns_query = resolver.query(hostname + ".cdn.cloudflare.net", "A")
 
             if len(dns_query) > 0:
                 return "Cloudflare CDN"
diff --git a/lib/modules/fingerprints/cdn/cloudfront.py b/lib/modules/fingerprints/cdn/cloudfront.py
index c1c611a..625a054 100644
--- a/lib/modules/fingerprints/cdn/cloudfront.py
+++ b/lib/modules/fingerprints/cdn/cloudfront.py
@@ -13,7 +13,7 @@ class CloudFront(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
         try:
@@ -22,11 +22,11 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
 
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'cloudfront\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"cloudfront\.net", str(answer), re.I) is not None
             if _:
                 return "CloudFront CDN (Amazon)"
         except NoAnswer:
diff --git a/lib/modules/fingerprints/cdn/fastly.py b/lib/modules/fingerprints/cdn/fastly.py
index 7b7cff8..03c3d68 100644
--- a/lib/modules/fingerprints/cdn/fastly.py
+++ b/lib/modules/fingerprints/cdn/fastly.py
@@ -13,7 +13,7 @@ class Fastly(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
         try:
@@ -22,10 +22,10 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'fastly\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"fastly\.net", str(answer), re.I) is not None
             if _:
                 return "Fastly CDN"
         except NoAnswer:

From 90e48872b22e4eba0e8386e7fb0d7245069234a1 Mon Sep 17 00:00:00 2001
From: Batard Florent <florent.batard@gmail.com>
Date: Mon, 19 Aug 2019 14:16:55 +0900
Subject: [PATCH 4/4] Update the issue template

---
 .github/ISSUE_TEMPLATE/bug_report.md | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index b6a9144..9aec5d3 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,12 +7,20 @@ assignees: shenril
 
 ---
 
-**Environment :**
- - OS: [e.g. Windows,Linux,Mac]
- - Python version - Version [e.g. 22]
+## Environment
 
-**Describe the bug**
-A clear and concise description of what the bug is.
+- OS: [e.g. Windows,Linux,Mac]
+- Python version [e.g. 3.5, 3.6]
+- Sitadel version
+
+## Expected Behavior
+
+Tell us what should happen
+
+## Current Behavior
+
+Tell us what happens instead of the expected behavior
+
+## To Reproduce
 
-**To Reproduce**
 Steps to reproduce the behavior: