mirror of
https://github.com/ail-project/ail-framework.git
synced 2025-01-19 00:36:14 +00:00
Slight refacto + sql comments are now placed in injection suspision.
This commit is contained in:
parent
b249676fe9
commit
feafa8ffe2
1 changed files with 16 additions and 24 deletions
|
@ -1,15 +1,11 @@
|
|||
#!/usr/bin/env python2
|
||||
# -*-coding:UTF-8 -*
|
||||
"""
|
||||
Template for new modules
|
||||
Sql Injection module
|
||||
"""
|
||||
|
||||
import time
|
||||
import sys
|
||||
import string
|
||||
import datetime
|
||||
import redis
|
||||
import os
|
||||
import urllib2
|
||||
import re
|
||||
from pubsublogger import publisher
|
||||
|
@ -21,6 +17,7 @@ from pyfaup.faup import Faup
|
|||
|
||||
regex_injection = []
|
||||
word_injection = []
|
||||
word_injection_suspect = []
|
||||
|
||||
# Classic atome injection
|
||||
regex_injection1 = "([[AND |OR ]+[\'|\"]?[0-9a-zA-Z]+[\'|\"]?=[\'|\"]?[0-9a-zA-Z]+[\'|\"]?])"
|
||||
|
@ -35,21 +32,21 @@ regex_injection.append(regex_injection2)
|
|||
word_injection1 = [" IF ", " ELSE ", " CASE ", " WHEN ", " END ", " UNION ", "SELECT ", " FROM ", " ORDER BY ", " WHERE ", " DELETE ", " DROP ", " UPDATE ", " EXEC "]
|
||||
word_injection.append(word_injection1)
|
||||
|
||||
# Comment
|
||||
word_injection2 = ["--", "#", "/*"]
|
||||
# Database special keywords
|
||||
word_injection2 = ["@@version", "POW(", "BITAND(", "SQUARE("]
|
||||
word_injection.append(word_injection2)
|
||||
|
||||
# Database special keywords
|
||||
word_injection3 = ["@@version", "POW(", "BITAND(", "SQUARE("]
|
||||
# Html keywords
|
||||
word_injection3 = ["<script>"]
|
||||
word_injection.append(word_injection3)
|
||||
|
||||
# Html keywords
|
||||
word_injection4 = ["<script>"]
|
||||
word_injection.append(word_injection4)
|
||||
|
||||
# Suspect char
|
||||
word_injection_suspect = ["\'", "\"", ";", "<", ">"]
|
||||
word_injection_suspect1 = ["\'", "\"", ";", "<", ">"]
|
||||
word_injection_suspect.append(word_injection_suspect1)
|
||||
|
||||
# Comment
|
||||
word_injection_suspect2 = ["--", "#", "/*"]
|
||||
word_injection_suspect.append(word_injection_suspect2)
|
||||
|
||||
def analyse(url, path):
|
||||
faup.decode(url)
|
||||
|
@ -85,6 +82,8 @@ def analyse(url, path):
|
|||
publisher.info(to_print)
|
||||
|
||||
|
||||
# Try to detect if the url passed might be an sql injection by appliying the regex
|
||||
# defined above on it.
|
||||
def is_sql_injection(url_parsed):
|
||||
line = urllib2.unquote(url_parsed)
|
||||
line = string.upper(line)
|
||||
|
@ -134,13 +133,6 @@ if __name__ == '__main__':
|
|||
# Sent to the logging a description of the module
|
||||
publisher.info("Try to detect SQL injection")
|
||||
|
||||
# REDIS #
|
||||
r_serv1 = redis.StrictRedis(
|
||||
host=p.config.get("Redis_Level_DB", "host"),
|
||||
port=p.config.get("Redis_Level_DB", "port"),
|
||||
db=p.config.get("Redis_Level_DB", "db"))
|
||||
|
||||
|
||||
faup = Faup()
|
||||
|
||||
# Endless loop getting messages from the input queue
|
||||
|
@ -156,4 +148,4 @@ if __name__ == '__main__':
|
|||
else:
|
||||
# Do something with the message from the queue
|
||||
url, date, path = message.split()
|
||||
analyse(url, path) #Scheme analysis
|
||||
analyse(url, path)
|
||||
|
|
Loading…
Add table
Reference in a new issue