AIL/ail-framework
8
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2025-01-31 14:36:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Slight refacto + sql comments are now placed in injection suspision.

Browse source
This commit is contained in:
Mokaddem 2016-08-10 09:06:37 +02:00
parent b249676fe9
commit feafa8ffe2
1 changed files with 16 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
bin/SQLInjectionDetection.py
View file

@ -1,15 +1,11 @@
#!/usr/bin/env python2 #!/usr/bin/env python2
# -*-coding:UTF-8 -* # -*-coding:UTF-8 -*
""" """
Template for new modules Sql Injection module
""" """
import time import time
import sys
import string import string
import datetime
import redis
import os
import urllib2 import urllib2
import re import re
from pubsublogger import publisher from pubsublogger import publisher
@ -21,6 +17,7 @@ from pyfaup.faup import Faup
regex_injection = [] regex_injection = []
word_injection = [] word_injection = []
word_injection_suspect = []
# Classic atome injection # Classic atome injection
regex_injection1 = "([[AND |OR ]+[\'|\"]?[0-9a-zA-Z]+[\'|\"]?=[\'|\"]?[0-9a-zA-Z]+[\'|\"]?])" regex_injection1 = "([[AND |OR ]+[\'|\"]?[0-9a-zA-Z]+[\'|\"]?=[\'|\"]?[0-9a-zA-Z]+[\'|\"]?])"
@ -35,21 +32,21 @@ regex_injection.append(regex_injection2)
word_injection1 = [" IF ", " ELSE ", " CASE ", " WHEN ", " END ", " UNION ", "SELECT ", " FROM ", " ORDER BY ", " WHERE ", " DELETE ", " DROP ", " UPDATE ", " EXEC "] word_injection1 = [" IF ", " ELSE ", " CASE ", " WHEN ", " END ", " UNION ", "SELECT ", " FROM ", " ORDER BY ", " WHERE ", " DELETE ", " DROP ", " UPDATE ", " EXEC "]
word_injection.append(word_injection1) word_injection.append(word_injection1)
# Comment # Database special keywords
word_injection2 = ["--", "#", "/*"] word_injection2 = ["@@version", "POW(", "BITAND(", "SQUARE("]
word_injection.append(word_injection2) word_injection.append(word_injection2)
# Database special keywords # Html keywords
word_injection3 = ["@@version", "POW(", "BITAND(", "SQUARE("] word_injection3 = ["<script>"]
word_injection.append(word_injection3) word_injection.append(word_injection3)
# Html keywords
word_injection4 = ["<script>"]
word_injection.append(word_injection4)
# Suspect char # Suspect char
word_injection_suspect = ["\'", "\"", ";", "<", ">"] word_injection_suspect1 = ["\'", "\"", ";", "<", ">"]
word_injection_suspect.append(word_injection_suspect1)
# Comment
word_injection_suspect2 = ["--", "#", "/*"]
word_injection_suspect.append(word_injection_suspect2)
def analyse(url, path): def analyse(url, path):
faup.decode(url) faup.decode(url)
@ -85,6 +82,8 @@ def analyse(url, path):
publisher.info(to_print) publisher.info(to_print)
# Try to detect if the url passed might be an sql injection by appliying the regex
# defined above on it.
def is_sql_injection(url_parsed): def is_sql_injection(url_parsed):
line = urllib2.unquote(url_parsed) line = urllib2.unquote(url_parsed)
line = string.upper(line) line = string.upper(line)
@ -134,13 +133,6 @@ if __name__ == '__main__':
# Sent to the logging a description of the module # Sent to the logging a description of the module
publisher.info("Try to detect SQL injection") publisher.info("Try to detect SQL injection")
# REDIS #
r_serv1 = redis.StrictRedis(
host=p.config.get("Redis_Level_DB", "host"),
port=p.config.get("Redis_Level_DB", "port"),
db=p.config.get("Redis_Level_DB", "db"))
faup = Faup() faup = Faup()
# Endless loop getting messages from the input queue # Endless loop getting messages from the input queue
@ -156,4 +148,4 @@ if __name__ == '__main__':
else: else:
# Do something with the message from the queue # Do something with the message from the queue
url, date, path = message.split() url, date, path = message.split()
analyse(url, path) #Scheme analysis analyse(url, path)