mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-27 00:07:16 +00:00
Merge pull request #215 from buixor/master
[WIP] LibInjection Module add: LibInjection Module
This commit is contained in:
commit
1a653dec47
3 changed files with 95 additions and 0 deletions
88
bin/LibInjection.py
Executable file
88
bin/LibInjection.py
Executable file
|
@ -0,0 +1,88 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*-coding:UTF-8 -*
|
||||||
|
|
||||||
|
"""
|
||||||
|
The LibInjection Module
|
||||||
|
================================
|
||||||
|
|
||||||
|
This module is consuming the Redis-list created by the Web module.
|
||||||
|
|
||||||
|
It tries to identify SQL Injections with libinjection.
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
import time
|
||||||
|
import string
|
||||||
|
import urllib.request
|
||||||
|
import re
|
||||||
|
import pylibinjection
|
||||||
|
import pprint
|
||||||
|
|
||||||
|
from pubsublogger import publisher
|
||||||
|
from Helper import Process
|
||||||
|
from packages import Paste
|
||||||
|
from pyfaup.faup import Faup
|
||||||
|
|
||||||
|
def analyse(url, path):
|
||||||
|
faup.decode(url)
|
||||||
|
url_parsed = faup.get()
|
||||||
|
pprint.pprint(url_parsed)
|
||||||
|
resource_path = url_parsed['resource_path']
|
||||||
|
query_string = url_parsed['query_string']
|
||||||
|
|
||||||
|
result_path = {'sqli' : False}
|
||||||
|
result_query = {'sqli' : False}
|
||||||
|
|
||||||
|
if resource_path is not None:
|
||||||
|
result_path = pylibinjection.detect_sqli(resource_path)
|
||||||
|
print("path is sqli : {0}".format(result_path))
|
||||||
|
|
||||||
|
if query_string is not None:
|
||||||
|
result_query = pylibinjection.detect_sqli(query_string)
|
||||||
|
print("query is sqli : {0}".format(result_query))
|
||||||
|
|
||||||
|
if result_path['sqli'] is True or result_query['sqli'] is True:
|
||||||
|
paste = Paste.Paste(path)
|
||||||
|
print("Detected (libinjection) SQL in URL: ")
|
||||||
|
print(urllib.request.unquote(url))
|
||||||
|
to_print = 'LibInjection;{};{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, "Detected SQL in URL", paste.p_path)
|
||||||
|
publisher.warning(to_print)
|
||||||
|
#Send to duplicate
|
||||||
|
p.populate_set_out(path, 'Duplicate')
|
||||||
|
#send to Browse_warning_paste
|
||||||
|
p.populate_set_out('sqlinjection;{}'.format(path), 'alertHandler')
|
||||||
|
msg = 'infoleak:automatic-detection="sql-injection";{}'.format(path)
|
||||||
|
p.populate_set_out(msg, 'Tags')
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
# If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh)
|
||||||
|
# Port of the redis instance used by pubsublogger
|
||||||
|
publisher.port = 6380
|
||||||
|
# Script is the default channel used for the modules.
|
||||||
|
publisher.channel = 'Script'
|
||||||
|
|
||||||
|
# Section name in bin/packages/modules.cfg
|
||||||
|
config_section = 'LibInjection'
|
||||||
|
|
||||||
|
# Setup the I/O queues
|
||||||
|
p = Process(config_section)
|
||||||
|
|
||||||
|
# Sent to the logging a description of the module
|
||||||
|
publisher.info("Try to detect SQL injection with LibInjection")
|
||||||
|
|
||||||
|
faup = Faup()
|
||||||
|
|
||||||
|
# Endless loop getting messages from the input queue
|
||||||
|
while True:
|
||||||
|
# Get one message from the input queue
|
||||||
|
message = p.get_from_set()
|
||||||
|
|
||||||
|
if message is None:
|
||||||
|
publisher.debug("{} queue is empty, waiting".format(config_section))
|
||||||
|
time.sleep(10)
|
||||||
|
continue
|
||||||
|
|
||||||
|
else:
|
||||||
|
# Do something with the message from the queue
|
||||||
|
url, date, path = message.split()
|
||||||
|
analyse(url, path)
|
|
@ -70,6 +70,10 @@ publish = Redis_Url,ZMQ_Url
|
||||||
[WebStats]
|
[WebStats]
|
||||||
subscribe = Redis_Url
|
subscribe = Redis_Url
|
||||||
|
|
||||||
|
[LibInjection]
|
||||||
|
subscribe = Redis_Url
|
||||||
|
publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags
|
||||||
|
|
||||||
[SQLInjectionDetection]
|
[SQLInjectionDetection]
|
||||||
subscribe = Redis_Url
|
subscribe = Redis_Url
|
||||||
publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags
|
publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags
|
||||||
|
|
|
@ -67,3 +67,6 @@ https://github.com/trolldbois/python3-adns/archive/master.zip
|
||||||
https://github.com/trolldbois/python-cymru-services/archive/master.zip
|
https://github.com/trolldbois/python-cymru-services/archive/master.zip
|
||||||
|
|
||||||
https://github.com/saffsd/langid.py/archive/master.zip
|
https://github.com/saffsd/langid.py/archive/master.zip
|
||||||
|
|
||||||
|
#LibInjection bindings
|
||||||
|
pylibinjection
|
||||||
|
|
Loading…
Reference in a new issue