ail-framework/bin/modules/LibInjection.py

#!/usr/bin/env python3
# -*-coding:UTF-8 -*

"""
The LibInjection Module
================================

This module is consuming the Redis-list created by the Urls module.

It tries to identify SQL Injections with libinjection.

"""

import os
import sys
import urllib.request
import pylibinjection

from datetime import datetime
from pyfaup.faup import Faup
from urllib.parse import unquote


sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from modules.abstract_module import AbstractModule
from lib.ConfigLoader import ConfigLoader
from lib.objects.Items import Item

class LibInjection(AbstractModule):
    """docstring for LibInjection module."""

    def __init__(self):
        super(LibInjection, self).__init__()

        self.faup = Faup()

        config_loader = ConfigLoader()
        self.server_statistics = config_loader.get_redis_conn("ARDB_Statistics")

        self.redis_logger.info(f"Module: {self.module_name} Launched")

    def compute(self, message):
        url, item_id = message.split()

        self.faup.decode(url)
        url_parsed = self.faup.get()
        # # TODO: # FIXME: remove me
        try:
            resource_path = url_parsed['resource_path'].encode()
        except:
            resource_path = url_parsed['resource_path']

        # # TODO: # FIXME: remove me
        try:
            query_string = url_parsed['query_string'].encode()
        except:
            query_string = url_parsed['query_string']

        result_path = {'sqli': False}
        result_query = {'sqli': False}

        if resource_path is not None:
            result_path = pylibinjection.detect_sqli(resource_path)
            # print(f'path is sqli : {result_path}')

        if query_string is not None:
            result_query = pylibinjection.detect_sqli(query_string)
            # print(f'query is sqli : {result_query}')

        if result_path['sqli'] is True or result_query['sqli'] is True:
            item = Item(item_id)
            item_id = item.get_id()
            print(f"Detected (libinjection) SQL in URL: {item_id}")
            print(unquote(url))

            to_print = f'LibInjection;{item.get_source()};{item.get_date()};{item.get_basename()};Detected SQL in URL;{item_id}'
            self.redis_logger.warning(to_print)

            # Send to duplicate
            self.send_message_to_queue(item_id, 'Duplicate')

            # Add tag
            msg = f'infoleak:automatic-detection="sql-injection";{item_id}'
            self.send_message_to_queue(msg, 'Tags')

            # statistics
            # # TODO: # FIXME: remove me
            try:
                tld = url_parsed['tld'].decode()
            except:
                tld = url_parsed['tld']
            if tld is not None:
                date = datetime.now().strftime("%Y%m")
                self.server_statistics.hincrby(f'SQLInjection_by_tld:{date}', tld, 1)


if __name__ == "__main__":
    module = LibInjection()
    module.run()
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00			`#!/usr/bin/env python3`
			`# --coding:UTF-8 -`

			`"""`
			`The LibInjection Module`
			`================================`

			`This module is consuming the Redis-list created by the Urls module.`

			`It tries to identify SQL Injections with libinjection.`

			`"""`

			`import os`
			`import sys`
			`import urllib.request`
			`import pylibinjection`

			`from datetime import datetime`
			`from pyfaup.faup import Faup`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`from urllib.parse import unquote`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00

			`sys.path.append(os.environ['AIL_BIN'])`
			`##################################`
			`# Import Project packages`
			`##################################`
			`from modules.abstract_module import AbstractModule`
			`from lib.ConfigLoader import ConfigLoader`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`from lib.objects.Items import Item`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00
			`class LibInjection(AbstractModule):`
			`"""docstring for LibInjection module."""`

			`def __init__(self):`
			`super(LibInjection, self).__init__()`

			`self.faup = Faup()`

			`config_loader = ConfigLoader()`
			`self.server_statistics = config_loader.get_redis_conn("ARDB_Statistics")`

			`self.redis_logger.info(f"Module: {self.module_name} Launched")`

			`def compute(self, message):`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`url, item_id = message.split()`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00
			`self.faup.decode(url)`
			`url_parsed = self.faup.get()`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`# # TODO: # FIXME: remove me`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00			`try:`
			`resource_path = url_parsed['resource_path'].encode()`
			`except:`
			`resource_path = url_parsed['resource_path']`

chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`# # TODO: # FIXME: remove me`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00			`try:`
			`query_string = url_parsed['query_string'].encode()`
			`except:`
			`query_string = url_parsed['query_string']`

chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`result_path = {'sqli': False}`
			`result_query = {'sqli': False}`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00
			`if resource_path is not None:`
			`result_path = pylibinjection.detect_sqli(resource_path)`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`# print(f'path is sqli : {result_path}')`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00
			`if query_string is not None:`
			`result_query = pylibinjection.detect_sqli(query_string)`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`# print(f'query is sqli : {result_query}')`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00
			`if result_path['sqli'] is True or result_query['sqli'] is True:`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`item = Item(item_id)`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00			`item_id = item.get_id()`
			`print(f"Detected (libinjection) SQL in URL: {item_id}")`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`print(unquote(url))`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00
			`to_print = f'LibInjection;{item.get_source()};{item.get_date()};{item.get_basename()};Detected SQL in URL;{item_id}'`
			`self.redis_logger.warning(to_print)`

			`# Send to duplicate`
			`self.send_message_to_queue(item_id, 'Duplicate')`

			`# Add tag`
			`msg = f'infoleak:automatic-detection="sql-injection";{item_id}'`
			`self.send_message_to_queue(msg, 'Tags')`

chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`# statistics`
			`# # TODO: # FIXME: remove me`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00			`try:`
			`tld = url_parsed['tld'].decode()`
			`except:`
			`tld = url_parsed['tld']`
			`if tld is not None:`
			`date = datetime.now().strftime("%Y%m")`
			`self.server_statistics.hincrby(f'SQLInjection_by_tld:{date}', tld, 1)`


chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 14:25:19 +00:00			`if __name__ == "__main__":`
chg: [SQLInjectionDetection LibInjection modules] add module class 2021-06-07 14:07:08 +00:00			`module = LibInjection()`
			`module.run()`