DamnWebScanner/Server/server.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
from flask import Flask, request, jsonify
from ghost import Ghost
from scans import * 
import requests
import datetime
import re

app     = Flask(__name__)
firefox = Ghost()

""" Route /ping
Description: Simple ping implementation to check if the server is up via the extension
"""
@app.route('/ping',methods=['GET'])
def ping():
	return "pong"


""" Route /
Description: main route for the flask application, every scan is launched from here
"""
@app.route('/',methods=['GET'])
def index():
	vulns = {'rce': 0, 'xss': 0, 'sql': 0, 'lfi': 0, 'list':''}
	
	# Parse requests - extract arguments
	args          = request.args
	url           = args['url']
	useragent     = args['useragent']
	methods       = args['method']
	data          = args['data']
	method        = ''
	matches       = []
	data_requests = {}

	# Parse args for GET
	if "?" in url:
		method  = 'GET'

		# Parse cookies strings - string like name:username|value:admin
		cookies_requests = {}
		cookies_ghost    = ""
		for cookie in args['cookies'].split('\n'):

			c = cookie.split('|')
			if c != '' and c != None:
				if len(c) != 1:
					name  = str(c[0]).replace('name:','')
					value = str(c[1]).replace('value:','')
					cookies_requests[name] = value
					cookies_ghost += " "+cookie.replace('name:','').replace('value:','=').replace('|','') + ";"

		# Parse GET data (in url)	
		params  = url.split('?')[1]
		regex   = re.compile('([a-zA-Z0-9\-_]*?)=')
		matches = regex.findall(params)


	# Parse args for POST
	if data != '':
		method = 'POST'

		# Parse document.cookie for Ghost and Requests
		cookies_requests = {} #dict
		cookies_ghost    = "" #string header
		for cookie in args['cookies'].split(';'):
			c = cookie.split('=')
			if c != '' and c != None:
				if len(c) != 1:
					name  = c[0]
					value = c[1]
					cookies_requests[name] = value
					cookies_ghost += " "+cookie.replace('name:','').replace('value:','=').replace('|','') + ";"


		# Parse POST data (in data parameter)
		data_requests = {}
		for post_data in data.split('|'):
			d = post_data.split(':')
			if d != '' and d != None:
				if len(d) != 1:
					name  = str(d[0])
					value = str(d[1])
					data_requests[name] = value

		# Convert dict(data_requests) to list(matches)
		matches = data_requests.keys()


	# Launch scans - iterate through all parameters
	for fuzz in matches:
		print "\n---[ " + method + " - New parameter " + fuzz + " for url: " + url + " ]---"
		scan_xss(method, vulns, url, fuzz, cookies_ghost, useragent, firefox, data_requests)
		scan_lfi(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
		scan_sql_error(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
		scan_sql_blind_time(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
		scan_rce(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)
	

	# Display results as a json
	return jsonify(vulns)

if __name__ == '__main__':
	app.run(port=8000, threaded=True, passthrough_errors=False)
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00			`#!/usr/bin/python`
			`# -- coding: utf-8 --`
			`from flask import Flask, request, jsonify`
			`from ghost import Ghost`
Refactoring 2 - scans.py and scan_sql for POST 2016-12-29 23:03:16 +00:00			`from scans import *`
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00			`import requests`
TimeBased SQL injection scanner 2016-12-27 13:00:55 +00:00			`import datetime`
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00			`import re`

			`app = Flask(__name__)`
			`firefox = Ghost()`

			`""" Route /ping`
			`Description: Simple ping implementation to check if the server is up via the extension`
			`"""`
			`@app.route('/ping',methods=['GET'])`
			`def ping():`
			`return "pong"`


			`""" Route /`
			`Description: main route for the flask application, every scan is launched from here`
			`"""`
			`@app.route('/',methods=['GET'])`
			`def index():`
RCE scanner added - TODO: Bugfix 2016-12-27 21:40:20 +00:00			`vulns = {'rce': 0, 'xss': 0, 'sql': 0, 'lfi': 0, 'list':''}`
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00
			`# Parse requests - extract arguments`
Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`args = request.args`
			`url = args['url']`
			`useragent = args['useragent']`
			`methods = args['method']`
			`data = args['data']`
			`method = ''`
			`matches = []`
			`data_requests = {}`

POST requests detected, WIP: cookie for post, scanners for post 2016-12-29 19:03:58 +00:00			`# Parse args for GET`
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00			`if "?" in url:`
Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`method = 'GET'`
POST requests detected, WIP: cookie for post, scanners for post 2016-12-29 19:03:58 +00:00
			`# Parse cookies strings - string like name:username\|value:admin`
			`cookies_requests = {}`
			`cookies_ghost = ""`
			`for cookie in args['cookies'].split('\n'):`

			`c = cookie.split('\|')`
			`if c != '' and c != None:`
			`if len(c) != 1:`
			`name = str(c[0]).replace('name:','')`
			`value = str(c[1]).replace('value:','')`
			`cookies_requests[name] = value`
			`cookies_ghost += " "+cookie.replace('name:','').replace('value:','=').replace('\|','') + ";"`

Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`# Parse GET data (in url)`
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00			`params = url.split('?')[1]`
			`regex = re.compile('([a-zA-Z0-9\-_]*?)=')`
			`matches = regex.findall(params)`

TimeBased SQL injection scanner 2016-12-27 13:00:55 +00:00
POST requests detected, WIP: cookie for post, scanners for post 2016-12-29 19:03:58 +00:00			`# Parse args for POST`
			`if data != '':`
Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`method = 'POST'`
POST requests detected, WIP: cookie for post, scanners for post 2016-12-29 19:03:58 +00:00
			`# Parse document.cookie for Ghost and Requests`
			`cookies_requests = {} #dict`
			`cookies_ghost = "" #string header`
			`for cookie in args['cookies'].split(';'):`
			`c = cookie.split('=')`
			`if c != '' and c != None:`
			`if len(c) != 1:`
Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`name = c[0]`
POST requests detected, WIP: cookie for post, scanners for post 2016-12-29 19:03:58 +00:00			`value = c[1]`
			`cookies_requests[name] = value`
			`cookies_ghost += " "+cookie.replace('name:','').replace('value:','=').replace('\|','') + ";"`


Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`# Parse POST data (in data parameter)`
			`data_requests = {}`
			`for post_data in data.split('\|'):`
			`d = post_data.split(':')`
			`if d != '' and d != None:`
			`if len(d) != 1:`
			`name = str(d[0])`
			`value = str(d[1])`
			`data_requests[name] = value`

			`# Convert dict(data_requests) to list(matches)`
			`matches = data_requests.keys()`


Refactoring 2 - scans.py and scan_sql for POST 2016-12-29 23:03:16 +00:00			`# Launch scans - iterate through all parameters`
Refactoring POST and GET in server side 2016-12-29 22:07:01 +00:00			`for fuzz in matches:`
			`print "\n---[ " + method + " - New parameter " + fuzz + " for url: " + url + " ]---"`
			`scan_xss(method, vulns, url, fuzz, cookies_ghost, useragent, firefox, data_requests)`
			`scan_lfi(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)`
			`scan_sql_error(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)`
			`scan_sql_blind_time(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)`
			`scan_rce(method, vulns, url, fuzz, cookies_requests, useragent, data_requests)`

POST requests detected, WIP: cookie for post, scanners for post 2016-12-29 19:03:58 +00:00
First working commit - Basic Scans and bugs :) 2016-12-24 16:49:26 +00:00			`# Display results as a json`
			`return jsonify(vulns)`

			`if __name__ == '__main__':`
			`app.run(port=8000, threaded=True, passthrough_errors=False)`