mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
created a tamper script for URL encoding, created tamper warnings, minor update to search.py, bumped version number
This commit is contained in:
parent
9de772204e
commit
024e660853
4 changed files with 71 additions and 9 deletions
42
lib/attacks/tamper_scripts/url_encode.py
Normal file
42
lib/attacks/tamper_scripts/url_encode.py
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
# coding=utf-8
|
||||
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
encodings = {
|
||||
" ": "%20", "!": "%21", '"': "%22", "#": "%23", "$": "%24", "%": "%25", "&": "%26", "'": "%27",
|
||||
"(": "%28", ")": "%29", "*": "%2A", "+": "%2B", ",": "%2C", "-": "%2D", ".": "%2E", "/": "%2F",
|
||||
"0": "%30", "1": "%31", "2": "%32", "3": "%33", "4": "%34", "5": "%35", "6": "%36", "7": "%37",
|
||||
"8": "%38", "9": "%39", ":": "%3A", ";": "%3B", "<": "%3C", "=": "%3D", ">": "%3E", "?": "%3F",
|
||||
"@": "%40", "A": "%41", "B": "%42", "C": "%43", "D": "%44", "E": "%45", "F": "%46", "G": "%47",
|
||||
"H": "%48", "I": "%49", "J": "%4A", "K": "%4B", "L": "%4C", "M": "%4D", "N": "%4E", "O": "%4F",
|
||||
"P": "%50", "Q": "%51", "R": "%52", "S": "%53", "T": "%54", "U": "%55", "V": "%56", "W": "%57",
|
||||
"X": "%58", "Y": "%59", "Z": "%5A", "[": "%5B", "\\": "%5C", "]": "%5D", "^": "%5E", "a": "%61",
|
||||
"b": "%62", "c": "%63", "d": "%64", "e": "%65", "f": "%66", "g": "%67", "h": "%68", "i": "%69",
|
||||
"j": "%6A", "k": "%6B", "l": "%6C", "m": "%6D", "n": "%6E", "o": "%6F", "p": "%70", "q": "%71",
|
||||
"r": "%72", "s": "%73", "t": "%74", "u": "%75", "v": "%76", "w": "%77", "x": "%78", "y": "%79",
|
||||
"z": "%7A", "{": "%7B", "|": "%7C", "}": "%7D", "~": "%7E", "`": "%80", "": "%81", "‚": "%82",
|
||||
"ƒ": "%83", "„": "%84", "…": "%85", "†": "%86", "‡": "%87", "ˆ": "%88", "‰": "%89", "Š": "%8A",
|
||||
"‹": "%8B", "Œ": "%8C", "Ž": "%8E", "‘": "%91", "’": "%92", "“": "%93", "”": "%94", "•": "%95",
|
||||
"–": "%96", "—": "%97", "˜": "%98", "™": "%99", "š": "%9A", "›": "%9B", "œ": "%9C", "ž": "%9E",
|
||||
"Ÿ": "%9F", "¡": "%A1", "¢": "%A2", "£": "%A3", "¤": "%A4", "¥": "%A5", "¦": "%A6", "§": "%A7",
|
||||
"¨": "%A8", "©": "%A9", "ª": "%AA", "«": "%AB", "¬": "%AC", "": "%AD", "®": "%AE", "¯": "%AF",
|
||||
"°": "%B0", "±": "%B1", "²": "%B2", "³": "%B3", "´": "%B4", "µ": "%B5", "¶": "%B6", "·": "%B7",
|
||||
"¸": "%B8", "¹": "%B9", "º": "%BA", "»": "%BB", "¼": "%BC", "½": "%BD", "¾": "%BE", "¿": "%BF",
|
||||
"À": "%C0", "Á": "%C1", "Â": "%C2", "Ã": "%C3", "Ä": "%C4", "Å": "%C5", "Æ": "%C6", "Ç": "%C7",
|
||||
"È": "%C8", "É": "%C9", "Ê": "%CA", "Ë": "%CB", "Ì": "%CC", "Í": "%CD", "Î": "%CE", "Ï": "%CF",
|
||||
"Ð": "%D0", "Ñ": "%D1", "Ò": "%D2", "Ó": "%D3", "Ô": "%D4", "Õ": "%D5", "Ö": "%D6", "×": "%D7",
|
||||
"Ø": "%D8", "Ù": "%D9", "Ú": "%DA", "Û": "%DB", "Ü": "%DC", "Ý": "%DD", "Þ": "%DE", "ß": "%DF",
|
||||
"à": "%E0", "á": "%E1", "â": "%E2", "ã": "%E3", "ä": "%E4", "å": "%E5", "æ": "%E6", "ç": "%E7",
|
||||
"è": "%E8", "é": "%E9", "ê": "%EA", "ë": "%EB", "ì": "%EC", "í": "%ED", "î": "%EE", "ï": "%EF",
|
||||
"ð": "%F0", "ñ": "%F1", "ò": "%F2", "ó": "%F3", "ô": "%F4", "õ": "%F5", "ö": "%F6", "÷": "%F7",
|
||||
"ø": "%F8", "ù": "%F9", "ú": "%FA", "û": "%FB", "ü": "%FC", "ý": "%FD", "þ": "%FE", "ÿ": "%FF"
|
||||
}
|
||||
retval = ""
|
||||
if isinstance(payload, unicode):
|
||||
payload = str(payload)
|
||||
for char in payload:
|
||||
try:
|
||||
retval += encodings[char]
|
||||
except KeyError:
|
||||
retval += char
|
||||
return retval
|
||||
|
|
@ -9,7 +9,8 @@ from lib.errors import InvalidTamperProvided
|
|||
from lib.attacks.tamper_scripts import (
|
||||
unicode_encode,
|
||||
base64_encode,
|
||||
hex_encode
|
||||
hex_encode,
|
||||
url_encode
|
||||
)
|
||||
from lib.settings import (
|
||||
logger,
|
||||
|
|
@ -18,9 +19,23 @@ from lib.settings import (
|
|||
proxy_string_to_dict,
|
||||
DBMS_ERRORS,
|
||||
create_tree,
|
||||
prompt
|
||||
)
|
||||
|
||||
|
||||
def __tamper_warnings(script):
|
||||
warn_msg = ""
|
||||
if script == "hex":
|
||||
warn_msg += "hex tamper script may increase risk of false positives..."
|
||||
elif script == " base64":
|
||||
warn_msg += "base64 tamper script may increase risk of not finding a vulnerability..."
|
||||
else:
|
||||
pass
|
||||
logger.warning(set_color(
|
||||
warn_msg, level=30
|
||||
))
|
||||
|
||||
|
||||
def list_tamper_scripts(path="{}/lib/attacks/tamper_scripts"):
|
||||
retval = set()
|
||||
exclude = ["__init__.py", ".pyc"]
|
||||
|
|
@ -39,6 +54,8 @@ def __tamper_payload(payload, tamper_type):
|
|||
return unicode_encode.tamper(payload)
|
||||
elif tamper_type == "hex":
|
||||
return hex_encode.tamper(payload)
|
||||
elif tamper_type == "url":
|
||||
return url_encode.tamper(payload)
|
||||
else:
|
||||
return base64_encode.tamper(payload)
|
||||
else:
|
||||
|
|
@ -60,7 +77,7 @@ def create_urls(url, payload_list, tamper=None):
|
|||
for payload in payload_list:
|
||||
if tamper:
|
||||
payload = __tamper_payload(payload, tamper_type=tamper)
|
||||
loaded_url = "{}{}\n".format(url, payload)
|
||||
loaded_url = "{}{}\n".format(url.strip(), payload.strip())
|
||||
tmp.write(loaded_url)
|
||||
return tf_name
|
||||
|
||||
|
|
@ -94,6 +111,7 @@ def main_xss(start_url, verbose=False, proxy=None, agent=None, tamper=None):
|
|||
logger.info(set_color(
|
||||
"tampering payloads with '{}'...".format(tamper)
|
||||
))
|
||||
__tamper_warnings(tamper)
|
||||
find_xss_script(start_url)
|
||||
logger.info(set_color(
|
||||
"loading payloads..."
|
||||
|
|
@ -156,4 +174,9 @@ def main_xss(start_url, verbose=False, proxy=None, agent=None, tamper=None):
|
|||
else:
|
||||
logger.error(set_color(
|
||||
"host '{}' does not appear to be vulnerable to XSS attacks...".format(start_url)
|
||||
))
|
||||
))
|
||||
save = prompt(
|
||||
"would you like to keep the URL's saved for further testing", opts="yN"
|
||||
)
|
||||
if save.lower().startswith("n"):
|
||||
os.remove(filename)
|
||||
|
|
@ -22,7 +22,7 @@ except NameError:
|
|||
# clone link
|
||||
CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.0.19.174a"
|
||||
VERSION = "1.0.20"
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
# version string formatting
|
||||
|
|
|
|||
|
|
@ -56,9 +56,6 @@ def get_urls(query, url, verbose=False, warning=True, user_agent=None, proxy=Non
|
|||
Bypass Google captchas and Google API by using selenium-webdriver to gather
|
||||
the Google URL. This will open a robot controlled browser window and attempt
|
||||
to get a URL from Google that will be used for scraping afterwards.
|
||||
|
||||
Only downside to this method is that your IP and user agent will be visible
|
||||
until the application pulls the URL.
|
||||
"""
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
|
|
@ -144,7 +141,7 @@ def get_urls(query, url, verbose=False, warning=True, user_agent=None, proxy=Non
|
|||
)
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"found current URL from selenium browser '{}'...".format(retval), level=10
|
||||
"found current URL from selenium browser...", level=10
|
||||
))
|
||||
logger.info(set_color(
|
||||
"closing the browser and continuing process.."
|
||||
|
|
@ -248,7 +245,7 @@ def parse_search_results(
|
|||
url = str(url).encode("utf-8")
|
||||
if verbose:
|
||||
logger.debug(set_color(
|
||||
"found '{}'...".format(url), level=10
|
||||
"found '{}'...".format(url.split("&")[0]), level=10
|
||||
))
|
||||
retval.add(url.split("&")[0])
|
||||
logger.info(set_color(
|
||||
|
|
|
|||
Loading…
Reference in a new issue