commit
6d452748ec
12
detection.py
12
detection.py
|
@ -9,7 +9,7 @@ result_count = 0
|
|||
result_files = 0
|
||||
|
||||
# Analyse the source code of a single page
|
||||
def analysis(path):
|
||||
def analysis(path,plain):
|
||||
global result_files
|
||||
result_files += 1
|
||||
with open(path, 'r') as content_file:
|
||||
|
@ -43,7 +43,7 @@ def analysis(path):
|
|||
line_declaration = str(line_vuln)
|
||||
occurence = 1
|
||||
|
||||
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence)
|
||||
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence, plain)
|
||||
|
||||
|
||||
# Detection of RCE/SQLI/LFI/RFI/RFU/XSS/...
|
||||
|
@ -85,11 +85,11 @@ def analysis(path):
|
|||
if not false_positive:
|
||||
global result_count
|
||||
result_count = result_count + 1
|
||||
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1], occurence)
|
||||
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1], occurence, plain)
|
||||
|
||||
|
||||
# Run thru every files and subdirectories
|
||||
def recursive(dir,progress):
|
||||
def recursive(dir,progress,plain):
|
||||
progress += 1
|
||||
try:
|
||||
for name in os.listdir(dir):
|
||||
|
@ -98,9 +98,9 @@ def recursive(dir,progress):
|
|||
# Targetting only PHP Files
|
||||
if os.path.isfile(os.path.join(dir, name)):
|
||||
if ".php" in os.path.join(dir, name):
|
||||
analysis(dir+"/"+name)
|
||||
analysis(dir+"/"+name,plain)
|
||||
else :
|
||||
recursive(dir+"/"+name, progress)
|
||||
recursive(dir+"/"+name, progress,plain)
|
||||
|
||||
except OSError, e:
|
||||
print "Error 404 - Not Found, maybe you need more right ?"+" "*30
|
||||
|
|
20
functions.py
20
functions.py
|
@ -17,34 +17,34 @@ def nth_replace(string, old, new, n):
|
|||
|
||||
|
||||
# Display the found vulnerability with basic informations like the line
|
||||
def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence):
|
||||
def display(path,payload,vulnerability,line,declaration_text,declaration_line, colored, occurence, plain):
|
||||
# Potential vulnerability found : SQL Injection
|
||||
header = "\033[1mPotential vulnerability found : \033[92m{}\033[0m".format(payload[1])
|
||||
header = "\033[{}mPotential vulnerability found : \033[{}m{}\033[0m".format('0' if plain else '1', '0' if plain else '92', payload[1])
|
||||
|
||||
# Line 25 in test/sqli.php
|
||||
line = "n°\033[92m{}\033[0m in {}".format(line,path)
|
||||
line = "n°\033[{}m{}\033[0m in {}".format('0' if plain else '92',line,path)
|
||||
|
||||
# Code : include($_GET['patisserie'])
|
||||
vuln = nth_replace("".join(vulnerability), colored, "\033[93m"+colored+"\033[0m", occurence)
|
||||
vuln = nth_replace("".join(vulnerability), colored, "\033[{}m".format('0' if plain else '92')+colored+"\033[0m", occurence)
|
||||
vuln = "{}({})".format(payload[0], vuln)
|
||||
|
||||
# Final Display
|
||||
rows, columns = os.popen('stty size', 'r').read().split()
|
||||
print "-" * (int(columns)-1)
|
||||
print "Name " + "\t"+header
|
||||
print "Name \t{}".format(header)
|
||||
print "-" * (int(columns)-1)
|
||||
print "\033[1mLine \033[0m " + "\t"+line
|
||||
print "\033[1mCode \033[0m " + "\t"+vuln
|
||||
print "\033[{}mLine \033[0m {}".format('0' if plain else '1', line)
|
||||
print "\033[{}mCode \033[0m {}".format('0' if plain else '1', vuln)
|
||||
|
||||
# Declared at line 1 : $dest = $_GET['who'];
|
||||
if not "$_" in colored:
|
||||
declared = "Undeclared in the file"
|
||||
if declaration_text != "":
|
||||
declared = "Line n°\033[0;92m"+declaration_line+"\033[0m : "+ declaration_text
|
||||
declared = "Line n°\033[0;{}m{}\033[0m : {}".format('0' if plain else '92', declaration_line, declaration_text)
|
||||
|
||||
print "\033[1mDeclaration \033[0m " + "\t"+declared
|
||||
print "\033[{}mDeclaration \033[0m {}".format('0' if plain else '1', declared)
|
||||
|
||||
# Small delimiter
|
||||
# Small delimiter
|
||||
print ""
|
||||
|
||||
# Find the line where the vulnerability is located
|
||||
|
|
7
index.py
7
index.py
|
@ -16,6 +16,7 @@ from indicators import *
|
|||
if __name__ == "__main__":
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--dir', action ='store', dest='dir', help="Directory to analyse")
|
||||
parser.add_argument('--plain', action ='store_true', dest='plain', help="No color in output")
|
||||
results = parser.parse_args()
|
||||
|
||||
if results.dir != None:
|
||||
|
@ -28,12 +29,12 @@ if __name__ == "__main__":
|
|||
print "\-'\ / \ '-'(_ .' | |'| | \ | `-/ /` (_' '--'\ ' '-' '| '-' / | `---."
|
||||
print " `-' `-----' `-----' `--' `--' `--' `-----' `-----' `------' `------'"
|
||||
print " Copyright @pentest_swissky "
|
||||
print "\n\033[1mAnalyzing '"+results.dir+"' source code\033[0m"
|
||||
print ("\n\033[{}mAnalyzing '{}' source code\033[{}m".format('0' if results.plain else '1', results.dir, '0'))
|
||||
|
||||
if os.path.isfile(results.dir):
|
||||
analysis(results.dir)
|
||||
analysis(results.dirm, results.plain)
|
||||
else:
|
||||
recursive(results.dir,0)
|
||||
recursive(results.dir,0, results.plain)
|
||||
scanresults()
|
||||
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue