patches an issue where a malformed URL would cause the program to fail (issue #286)

This commit is contained in:
ekultek 2017-12-15 09:59:01 -06:00
parent 1bfac89266
commit 14f2506ef5
3 changed files with 39 additions and 34 deletions

View file

@ -1,4 +1,4 @@
3b0a5426c8724d90777250df385f6d08 ./zeus.py
8a7f36f3ec9780769187778585494d6f ./zeus.py
4b32db388e8acda35570c734d27c950c ./etc/scripts/launch_sqlmap.sh
6ad5f22ec4a6f8324bfb1b01ab6d51ec ./etc/scripts/cleanup.sh
74d7bee13890a9dd279bb857591647ce ./etc/scripts/reinstall.sh
@ -107,7 +107,7 @@ c5b69617f040fef1d5930948905aa8d0 ./lib/attacks/whois_lookup/whois.py
de4254c5e40f7aa4fb81e0608f758a2c ./lib/core/decorators.py
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
42508178b7e1ad73096bc6c34be412cc ./lib/core/settings.py
b6a382ce221756f2ae0c2261e65d09bd ./lib/core/settings.py
28b94f316ad528cdfba77694b4e52c81 ./lib/core/parse.py
d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py

View file

@ -45,7 +45,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
# current version <major.minor.commit.patch ID>
VERSION = "1.4.8.{}".format(PATCH_ID)
VERSION = "1.4.10.{}".format(PATCH_ID)
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}

67
zeus.py
View file

@ -108,38 +108,43 @@ if __name__ == "__main__":
))
current -= 1
else:
logger.info(set_color(
"currently running on '{}' (target #{})".format(
url.strip(), current
), level=25
))
logger.info(set_color(
"fetching target meta-data"
))
identified = main_header_check(
url, verbose=opt.runInVerbose, agent=agent_to_use,
proxy=proxy_to_use, xforward=opt.forwardedForRandomIP,
identify_plugins=opt.identifyPlugin, identify_waf=opt.identifyProtection,
show_description=opt.showPluginDescription
)
if not identified:
logger.error(set_color(
"target is refusing to allow meta-data dumping, skipping", level=40
if not url.strip() == "http://" or url == "https://":
logger.info(set_color(
"currently running on '{}' (target #{})".format(
url.strip(), current
), level=25
))
logger.info(set_color(
"fetching target meta-data"
))
identified = main_header_check(
url, verbose=opt.runInVerbose, agent=agent_to_use,
proxy=proxy_to_use, xforward=opt.forwardedForRandomIP,
identify_plugins=opt.identifyPlugin, identify_waf=opt.identifyProtection,
show_description=opt.showPluginDescription
)
if not identified:
logger.error(set_color(
"target is refusing to allow meta-data dumping, skipping", level=40
))
run_attacks(
url.strip(),
sqlmap=opt.runSqliScan, nmap=opt.runPortScan, pgp=opt.pgpLookup,
xss=opt.runXssScan, whois=opt.performWhoisLookup, admin=opt.adminPanelFinder,
clickjacking=opt.performClickjackingScan, github=opt.searchGithub,
verbose=opt.runInVerbose, batch=opt.runInBatch,
auto_start=opt.autoStartSqlmap, xforward=opt.forwardedForRandomIP,
sqlmap_args=opt.sqlmapArguments, nmap_args=opt.nmapArguments,
show_all=opt.showAllConnections, do_threading=opt.threadPanels,
tamper_script=opt.tamperXssPayloads, timeout=opt.controlTimeout,
proxy=proxy_to_use, agent=agent_to_use, conf_file=opt.sqlmapConfigFile,
threads=opt.amountOfThreads
)
print("\n")
else:
logger.warning(set_color(
"malformed URL discovered, skipping", level=30
))
run_attacks(
url.strip(),
sqlmap=opt.runSqliScan, nmap=opt.runPortScan, pgp=opt.pgpLookup,
xss=opt.runXssScan, whois=opt.performWhoisLookup, admin=opt.adminPanelFinder,
clickjacking=opt.performClickjackingScan, github=opt.searchGithub,
verbose=opt.runInVerbose, batch=opt.runInBatch,
auto_start=opt.autoStartSqlmap, xforward=opt.forwardedForRandomIP,
sqlmap_args=opt.sqlmapArguments, nmap_args=opt.nmapArguments,
show_all=opt.showAllConnections, do_threading=opt.threadPanels,
tamper_script=opt.tamperXssPayloads, timeout=opt.controlTimeout,
proxy=proxy_to_use, agent=agent_to_use, conf_file=opt.sqlmapConfigFile,
threads=opt.amountOfThreads
)
print("\n")
proxy_to_use, agent_to_use = config_headers(