DamnWebScanner/Server/server.py

114 lines
3.2 KiB
Python
Raw Permalink Normal View History

#!/usr/bin/python
# -*- coding: utf-8 -*-
from flask import Flask, request, jsonify
from ghost import Ghost
2017-09-11 16:46:58 +00:00
from scans import *
import requests
2016-12-27 13:00:55 +00:00
import datetime
import re
app = Flask(__name__)
""" Route /ping
Description: Simple ping implementation to check if the server is up via the extension
"""
@app.route('/ping',methods=['GET'])
def ping():
return "pong"
""" Template
Description: Basic template, will be used in the next features
"""
@app.route('/template', methods=['GET', 'POST'])
def template():
return render_template('index.html')
""" Route /
Description: main route for the flask application, every scan is launched from here
"""
@app.route('/',methods=['GET'])
def index():
2016-12-27 21:40:20 +00:00
vulns = {'rce': 0, 'xss': 0, 'sql': 0, 'lfi': 0, 'list':''}
2017-09-11 16:46:58 +00:00
# Parse requests - extract arguments
args = request.args
url = args['url']
useragent = args['useragent']
methods = args['method']
data = args['data']
method = ''
matches = []
data_requests = {}
# Parse args for GET
if "?" in url:
method = 'GET'
# Parse cookies strings - string like name:username|value:admin
cookies_requests = {}
cookies_ghost = ""
for cookie in args['cookies'].split('\n'):
c = cookie.split('|')
if c != '' and c != None:
if len(c) != 1:
name = str(c[0]).replace('name:','')
value = str(c[1]).replace('value:','')
cookies_requests[name] = value
cookies_ghost += " "+cookie.replace('name:','').replace('value:','=').replace('|','') + ";"
2017-09-11 16:46:58 +00:00
# Parse GET data (in url)
params = url.split('?')[1]
regex = re.compile('([a-zA-Z0-9\-_]*?)=')
matches = regex.findall(params)
2016-12-27 13:00:55 +00:00
# Parse args for POST
if data != '':
method = 'POST'
# Parse document.cookie for Ghost and Requests
cookies_requests = {} #dict
cookies_ghost = "" #string header
for cookie in args['cookies'].split(';'):
c = cookie.split('=')
if c != '' and c != None:
if len(c) != 1:
name = c[0]
value = c[1]
cookies_requests[name] = value
cookies_ghost += " "+cookie.replace('name:','').replace('value:','=').replace('|','') + ";"
# Parse POST data (in data parameter)
data_requests = {}
for post_data in data.split('|'):
d = post_data.split(':')
if d != '' and d != None:
if len(d) != 1:
name = str(d[0])
value = str(d[1])
data_requests[name] = value
# Convert dict(data_requests) to list(matches)
matches = data_requests.keys()
# Launch scans - iterate through all parameters
for fuzz in matches:
2017-09-11 16:46:58 +00:00
print ("\n---[ " + method + " - New parameter " + fuzz + " for url: " + url + " ]---")
scan_xss(method, vulns, url, fuzz, cookies_ghost, useragent, data_requests)
scan_lfi(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
scan_sql_error(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
scan_sql_blind_time(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
scan_rce(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
2017-09-11 16:46:58 +00:00
# Display results as a json
return jsonify(vulns)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=True) # Seems to crash the server with the following options, threaded=True, passthrough_errors=False)