mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
patch for an issue where the status code was in the wrong place issue #219
This commit is contained in:
parent
30ffde95c3
commit
151d44beff
8 changed files with 46 additions and 85 deletions
|
|
@ -69,18 +69,18 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
|
|||
5e5bb575014ebe613db6bf671d008cf8 ./lib/attacks/sqlmap_scan/sqlmap_opts.py
|
||||
7bc7a6f3e85651aab3588f087563eded ./lib/attacks/whois_lookup/__init__.py
|
||||
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
|
||||
8c6f696f6a983e6309d7d09e409d97e6 ./lib/attacks/admin_panel_finder/__init__.py
|
||||
48ed675099dc8549a7d80bd2d9da7d17 ./lib/attacks/xss_scan/__init__.py
|
||||
f65411ebaf58392e6e2b617dba99ff90 ./lib/attacks/admin_panel_finder/__init__.py
|
||||
0e3fbd55788c040bb96faa1ef0cf1394 ./lib/attacks/xss_scan/__init__.py
|
||||
7642d078fe304a7ca8bfaaa070a0cb31 ./lib/attacks/nmap_scan/__init__.py
|
||||
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
|
||||
888686098a0850750f2435d0e1645944 ./lib/header_check/__init__.py
|
||||
1c0535bf9fc6138d317bd1c31a2d7fe1 ./lib/core/common.py
|
||||
ac942d36f7d78c249e587417736e88e6 ./lib/header_check/__init__.py
|
||||
cd8e35cfd995d0a93892cfc83f01dea7 ./lib/core/common.py
|
||||
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
|
||||
c31e5ed269fe4ef888bf7eb4425539e4 ./lib/core/settings.py
|
||||
f723499d996a3bbbd3022cc372dffdd9 ./lib/core/settings.py
|
||||
801a4f7ac892b74676c649bd4844ccdb ./lib/core/decorators.py
|
||||
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
|
||||
0545ee54ade186681b25d157fb32f350 ./var/search/selenium_search.py
|
||||
1ed3c450e620ff1edd8b0864179fdea7 ./var/search/selenium_search.py
|
||||
cfcce04aac694eee7a6c73969861ce43 ./var/search/pgp_search.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ def check_for_externals(url, data_sep="-" * 30, **kwargs):
|
|||
try:
|
||||
url = lib.core.settings.replace_http(url)
|
||||
full_url = "{}{}{}".format("http://", url, currently_searching)
|
||||
_, data, code, _ = lib.core.common.get_page(full_url)
|
||||
_, code, data, _ = lib.core.common.get_page(full_url)
|
||||
except (TooManyRedirects, ConnectionError):
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"connection to '{}' failed, assuming does not exist and continuing...".format(full_url), level=40
|
||||
|
|
|
|||
|
|
@ -187,6 +187,36 @@ def main_xss(start_url, proxy=None, agent=None, **kwargs):
|
|||
payload = find_xss_script(url)
|
||||
try:
|
||||
result = scan_xss(url, proxy=proxy, agent=agent)
|
||||
if verbose:
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"trying payload '{}'...".format(payload)
|
||||
))
|
||||
if result[0] != "sqli" and result[0] is True:
|
||||
success.add(url)
|
||||
if verbose:
|
||||
lib.core.settings.logger.debug(lib.core.settings.set_color(
|
||||
"payload '{}' appears to be usable...".format(payload), level=15
|
||||
))
|
||||
elif result[0] is "sqli":
|
||||
if i <= 1:
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"loaded URL '{}' threw a DBMS error and appears to be injectable, test for "
|
||||
"SQL injection, backend DBMS appears to be '{}'...".format(
|
||||
url, result[1]
|
||||
), level=40
|
||||
))
|
||||
else:
|
||||
if verbose:
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"SQL error discovered...", level=40
|
||||
))
|
||||
else:
|
||||
if verbose:
|
||||
lib.core.settings.logger.debug(lib.core.settings.set_color(
|
||||
"host '{}' does not appear to be vulnerable to XSS attacks with payload '{}'...".format(
|
||||
start_url, payload
|
||||
), level=10
|
||||
))
|
||||
except (
|
||||
requests.exceptions.ConnectionError,
|
||||
requests.exceptions.TooManyRedirects,
|
||||
|
|
@ -195,36 +225,7 @@ def main_xss(start_url, proxy=None, agent=None, **kwargs):
|
|||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"payload '{}' caused a connection error, assuming no good and continuing...".format(payload), level=40
|
||||
))
|
||||
if verbose:
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"trying payload '{}'...".format(payload)
|
||||
))
|
||||
if result[0] != "sqli" and result[0] is True:
|
||||
success.add(url)
|
||||
if verbose:
|
||||
lib.core.settings.logger.debug(lib.core.settings.set_color(
|
||||
"payload '{}' appears to be usable...".format(payload), level=15
|
||||
))
|
||||
elif result[0] is "sqli":
|
||||
if i <= 1:
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"loaded URL '{}' threw a DBMS error and appears to be injectable, test for SQL injection, "
|
||||
"backend DBMS appears to be '{}'...".format(
|
||||
url, result[1]
|
||||
), level=40
|
||||
))
|
||||
else:
|
||||
if verbose:
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"SQL error discovered...", level=40
|
||||
))
|
||||
else:
|
||||
if verbose:
|
||||
lib.core.settings.logger.debug(lib.core.settings.set_color(
|
||||
"host '{}' does not appear to be vulnerable to XSS attacks with payload '{}'...".format(
|
||||
start_url, payload
|
||||
), level=10
|
||||
))
|
||||
|
||||
if len(success) != 0:
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
"possible XSS scripts to be used:", level=25
|
||||
|
|
|
|||
|
|
@ -329,7 +329,7 @@ def get_page(url, **kwargs):
|
|||
else:
|
||||
proxies = {}
|
||||
|
||||
req = requests.get(url, params=headers, proxies=proxies, verify=False if skip_verf else True)
|
||||
req = requests.get(url, params=headers, proxies=proxies, verify=False if skip_verf else True, timeout=20)
|
||||
status = req.status_code
|
||||
html = req.content
|
||||
headers = req.headers
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
|||
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
|
||||
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.3.15".format(PATCH_ID)
|
||||
VERSION = "1.3.15-pre".format(PATCH_ID)
|
||||
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ import re
|
|||
import importlib
|
||||
import unicodedata
|
||||
|
||||
import requests
|
||||
from xml.dom import minidom
|
||||
from requests.exceptions import ConnectionError
|
||||
|
||||
|
|
@ -13,13 +12,11 @@ from lib.core.common import (
|
|||
write_to_log_file,
|
||||
shutdown,
|
||||
pause,
|
||||
HTTP_HEADER
|
||||
get_page,
|
||||
)
|
||||
from lib.core.settings import (
|
||||
logger, set_color,
|
||||
HEADER_XML_DATA,
|
||||
proxy_string_to_dict,
|
||||
create_random_ip,
|
||||
replace_http,
|
||||
HEADER_RESULT_PATH,
|
||||
COOKIE_LOG_PATH,
|
||||
|
|
@ -43,23 +40,6 @@ def detect_protection(url, **kwargs):
|
|||
proxy = kwargs.get("proxy", None)
|
||||
xforward = kwargs.get("xforward", False)
|
||||
|
||||
if xforward:
|
||||
ip_list = (
|
||||
create_random_ip(),
|
||||
create_random_ip(),
|
||||
create_random_ip()
|
||||
)
|
||||
headers = {
|
||||
HTTP_HEADER.CONNECTION: "close",
|
||||
HTTP_HEADER.USER_AGENT: agent,
|
||||
HTTP_HEADER.X_FORWARDED_FOR: "{}, {}, {}".format(ip_list[0], ip_list[1], ip_list[2])
|
||||
}
|
||||
else:
|
||||
headers = {
|
||||
HTTP_HEADER.CONNECTION: "close",
|
||||
HTTP_HEADER.USER_AGENT: agent
|
||||
}
|
||||
|
||||
url = "{} {}".format(url.strip(), PROTECTION_CHECK_PAYLOAD)
|
||||
|
||||
if verbose:
|
||||
|
|
@ -67,11 +47,7 @@ def detect_protection(url, **kwargs):
|
|||
"attempting connection to '{}'...".format(url), level=10
|
||||
))
|
||||
try:
|
||||
protection_check_req = requests.get(
|
||||
url, params=headers, proxies=proxy_string_to_dict(proxy), timeout=20
|
||||
)
|
||||
|
||||
html, status, headers = protection_check_req.content, protection_check_req.status_code, protection_check_req.headers
|
||||
_, status, html, headers = get_page(url, agent=agent, proxy=proxy, xforward=xforward)
|
||||
|
||||
# make sure there are no DBMS errors in the HTML
|
||||
for dbms in DBMS_ERRORS:
|
||||
|
|
@ -163,23 +139,7 @@ def load_headers(url, **kwargs):
|
|||
|
||||
literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
|
||||
|
||||
if proxy is not None:
|
||||
proxy = proxy_string_to_dict(proxy)
|
||||
if not xforward:
|
||||
header_value = {
|
||||
HTTP_HEADER.CONNECTION: "close",
|
||||
HTTP_HEADER.USER_AGENT: agent
|
||||
}
|
||||
else:
|
||||
ip_list = create_random_ip(), create_random_ip(), create_random_ip()
|
||||
header_value = {
|
||||
HTTP_HEADER.CONNECTION: "close",
|
||||
HTTP_HEADER.USER_AGENT: agent,
|
||||
HTTP_HEADER.X_FORWARDED_FOR: "{}, {}, {}".format(
|
||||
ip_list[0], ip_list[1], ip_list[2]
|
||||
)
|
||||
}
|
||||
req = requests.get(url, params=header_value, proxies=proxy, timeout=10)
|
||||
req, _, _, _ = get_page(url, agent=agent, proxy=proxy)
|
||||
if len(req.cookies) > 0:
|
||||
logger.info(set_color(
|
||||
"found a request cookie, saving to file...", level=25
|
||||
|
|
|
|||
|
|
@ -44,14 +44,14 @@ def request_issue_creation():
|
|||
))
|
||||
lib.core.common.shutdown()
|
||||
|
||||
question = lib.core.common.prompt(
|
||||
'''question = lib.core.common.prompt(
|
||||
"would you like to create an anonymous issue and post it to Zeus's Github", opts="yN"
|
||||
)
|
||||
if question.lower().startswith("n"):
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
"Zeus has experienced an internal error and cannot continue, shutting down...", level=40
|
||||
))
|
||||
lib.core.common.shutdown()
|
||||
lib.core.common.shutdown()'''
|
||||
|
||||
lib.core.settings.fix_log_file()
|
||||
lib.core.settings.logger.info(lib.core.settings.set_color(
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ def get_urls(query, url, verbose=False, **kwargs):
|
|||
)
|
||||
else:
|
||||
do_continue = prompt(
|
||||
question_msg, opts="yN", default="n"
|
||||
question_msg, opts="yN", default="y"
|
||||
)
|
||||
|
||||
# shutdown and write the URL to a file
|
||||
|
|
|
|||
Loading…
Reference in a new issue