Merge pull request #215 from buixor/master

[WIP] LibInjection Module
add: LibInjection Module
This commit is contained in:
Thirion Aurélien 2018-07-16 15:36:43 +02:00 committed by GitHub
commit 1a653dec47
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 95 additions and 0 deletions

88
bin/LibInjection.py Executable file
View file

@ -0,0 +1,88 @@
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
The LibInjection Module
================================
This module is consuming the Redis-list created by the Web module.
It tries to identify SQL Injections with libinjection.
"""
import time
import string
import urllib.request
import re
import pylibinjection
import pprint
from pubsublogger import publisher
from Helper import Process
from packages import Paste
from pyfaup.faup import Faup
def analyse(url, path):
faup.decode(url)
url_parsed = faup.get()
pprint.pprint(url_parsed)
resource_path = url_parsed['resource_path']
query_string = url_parsed['query_string']
result_path = {'sqli' : False}
result_query = {'sqli' : False}
if resource_path is not None:
result_path = pylibinjection.detect_sqli(resource_path)
print("path is sqli : {0}".format(result_path))
if query_string is not None:
result_query = pylibinjection.detect_sqli(query_string)
print("query is sqli : {0}".format(result_query))
if result_path['sqli'] is True or result_query['sqli'] is True:
paste = Paste.Paste(path)
print("Detected (libinjection) SQL in URL: ")
print(urllib.request.unquote(url))
to_print = 'LibInjection;{};{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, "Detected SQL in URL", paste.p_path)
publisher.warning(to_print)
#Send to duplicate
p.populate_set_out(path, 'Duplicate')
#send to Browse_warning_paste
p.populate_set_out('sqlinjection;{}'.format(path), 'alertHandler')
msg = 'infoleak:automatic-detection="sql-injection";{}'.format(path)
p.populate_set_out(msg, 'Tags')
if __name__ == '__main__':
# If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh)
# Port of the redis instance used by pubsublogger
publisher.port = 6380
# Script is the default channel used for the modules.
publisher.channel = 'Script'
# Section name in bin/packages/modules.cfg
config_section = 'LibInjection'
# Setup the I/O queues
p = Process(config_section)
# Sent to the logging a description of the module
publisher.info("Try to detect SQL injection with LibInjection")
faup = Faup()
# Endless loop getting messages from the input queue
while True:
# Get one message from the input queue
message = p.get_from_set()
if message is None:
publisher.debug("{} queue is empty, waiting".format(config_section))
time.sleep(10)
continue
else:
# Do something with the message from the queue
url, date, path = message.split()
analyse(url, path)

View file

@ -70,6 +70,10 @@ publish = Redis_Url,ZMQ_Url
[WebStats]
subscribe = Redis_Url
[LibInjection]
subscribe = Redis_Url
publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags
[SQLInjectionDetection]
subscribe = Redis_Url
publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags

View file

@ -67,3 +67,6 @@ https://github.com/trolldbois/python3-adns/archive/master.zip
https://github.com/trolldbois/python-cymru-services/archive/master.zip
https://github.com/saffsd/langid.py/archive/master.zip
#LibInjection bindings
pylibinjection