patch for an issue where the status code was in the wrong place issue #219

This commit is contained in:
ekultek 2017-12-02 11:23:48 -06:00
parent 30ffde95c3
commit 151d44beff
8 changed files with 46 additions and 85 deletions

View file

@ -69,18 +69,18 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
5e5bb575014ebe613db6bf671d008cf8 ./lib/attacks/sqlmap_scan/sqlmap_opts.py
7bc7a6f3e85651aab3588f087563eded ./lib/attacks/whois_lookup/__init__.py
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
8c6f696f6a983e6309d7d09e409d97e6 ./lib/attacks/admin_panel_finder/__init__.py
48ed675099dc8549a7d80bd2d9da7d17 ./lib/attacks/xss_scan/__init__.py
f65411ebaf58392e6e2b617dba99ff90 ./lib/attacks/admin_panel_finder/__init__.py
0e3fbd55788c040bb96faa1ef0cf1394 ./lib/attacks/xss_scan/__init__.py
7642d078fe304a7ca8bfaaa070a0cb31 ./lib/attacks/nmap_scan/__init__.py
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
888686098a0850750f2435d0e1645944 ./lib/header_check/__init__.py
1c0535bf9fc6138d317bd1c31a2d7fe1 ./lib/core/common.py
ac942d36f7d78c249e587417736e88e6 ./lib/header_check/__init__.py
cd8e35cfd995d0a93892cfc83f01dea7 ./lib/core/common.py
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
c31e5ed269fe4ef888bf7eb4425539e4 ./lib/core/settings.py
f723499d996a3bbbd3022cc372dffdd9 ./lib/core/settings.py
801a4f7ac892b74676c649bd4844ccdb ./lib/core/decorators.py
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
0545ee54ade186681b25d157fb32f350 ./var/search/selenium_search.py
1ed3c450e620ff1edd8b0864179fdea7 ./var/search/selenium_search.py
cfcce04aac694eee7a6c73969861ce43 ./var/search/pgp_search.py
d41d8cd98f00b204e9800998ecf8427e ./var/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./var/auto_issue/__init__.py

View file

@ -40,7 +40,7 @@ def check_for_externals(url, data_sep="-" * 30, **kwargs):
try:
url = lib.core.settings.replace_http(url)
full_url = "{}{}{}".format("http://", url, currently_searching)
_, data, code, _ = lib.core.common.get_page(full_url)
_, code, data, _ = lib.core.common.get_page(full_url)
except (TooManyRedirects, ConnectionError):
lib.core.settings.logger.error(lib.core.settings.set_color(
"connection to '{}' failed, assuming does not exist and continuing...".format(full_url), level=40

View file

@ -187,6 +187,36 @@ def main_xss(start_url, proxy=None, agent=None, **kwargs):
payload = find_xss_script(url)
try:
result = scan_xss(url, proxy=proxy, agent=agent)
if verbose:
lib.core.settings.logger.info(lib.core.settings.set_color(
"trying payload '{}'...".format(payload)
))
if result[0] != "sqli" and result[0] is True:
success.add(url)
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"payload '{}' appears to be usable...".format(payload), level=15
))
elif result[0] is "sqli":
if i <= 1:
lib.core.settings.logger.error(lib.core.settings.set_color(
"loaded URL '{}' threw a DBMS error and appears to be injectable, test for "
"SQL injection, backend DBMS appears to be '{}'...".format(
url, result[1]
), level=40
))
else:
if verbose:
lib.core.settings.logger.error(lib.core.settings.set_color(
"SQL error discovered...", level=40
))
else:
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"host '{}' does not appear to be vulnerable to XSS attacks with payload '{}'...".format(
start_url, payload
), level=10
))
except (
requests.exceptions.ConnectionError,
requests.exceptions.TooManyRedirects,
@ -195,36 +225,7 @@ def main_xss(start_url, proxy=None, agent=None, **kwargs):
lib.core.settings.logger.error(lib.core.settings.set_color(
"payload '{}' caused a connection error, assuming no good and continuing...".format(payload), level=40
))
if verbose:
lib.core.settings.logger.info(lib.core.settings.set_color(
"trying payload '{}'...".format(payload)
))
if result[0] != "sqli" and result[0] is True:
success.add(url)
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"payload '{}' appears to be usable...".format(payload), level=15
))
elif result[0] is "sqli":
if i <= 1:
lib.core.settings.logger.error(lib.core.settings.set_color(
"loaded URL '{}' threw a DBMS error and appears to be injectable, test for SQL injection, "
"backend DBMS appears to be '{}'...".format(
url, result[1]
), level=40
))
else:
if verbose:
lib.core.settings.logger.error(lib.core.settings.set_color(
"SQL error discovered...", level=40
))
else:
if verbose:
lib.core.settings.logger.debug(lib.core.settings.set_color(
"host '{}' does not appear to be vulnerable to XSS attacks with payload '{}'...".format(
start_url, payload
), level=10
))
if len(success) != 0:
lib.core.settings.logger.info(lib.core.settings.set_color(
"possible XSS scripts to be used:", level=25

View file

@ -329,7 +329,7 @@ def get_page(url, **kwargs):
else:
proxies = {}
req = requests.get(url, params=headers, proxies=proxies, verify=False if skip_verf else True)
req = requests.get(url, params=headers, proxies=proxies, verify=False if skip_verf else True, timeout=20)
status = req.status_code
html = req.content
headers = req.headers

View file

@ -46,7 +46,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
# current version <major.minor.commit.patch ID>
VERSION = "1.3.15".format(PATCH_ID)
VERSION = "1.3.15-pre".format(PATCH_ID)
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}

View file

@ -3,7 +3,6 @@ import re
import importlib
import unicodedata
import requests
from xml.dom import minidom
from requests.exceptions import ConnectionError
@ -13,13 +12,11 @@ from lib.core.common import (
write_to_log_file,
shutdown,
pause,
HTTP_HEADER
get_page,
)
from lib.core.settings import (
logger, set_color,
HEADER_XML_DATA,
proxy_string_to_dict,
create_random_ip,
replace_http,
HEADER_RESULT_PATH,
COOKIE_LOG_PATH,
@ -43,23 +40,6 @@ def detect_protection(url, **kwargs):
proxy = kwargs.get("proxy", None)
xforward = kwargs.get("xforward", False)
if xforward:
ip_list = (
create_random_ip(),
create_random_ip(),
create_random_ip()
)
headers = {
HTTP_HEADER.CONNECTION: "close",
HTTP_HEADER.USER_AGENT: agent,
HTTP_HEADER.X_FORWARDED_FOR: "{}, {}, {}".format(ip_list[0], ip_list[1], ip_list[2])
}
else:
headers = {
HTTP_HEADER.CONNECTION: "close",
HTTP_HEADER.USER_AGENT: agent
}
url = "{} {}".format(url.strip(), PROTECTION_CHECK_PAYLOAD)
if verbose:
@ -67,11 +47,7 @@ def detect_protection(url, **kwargs):
"attempting connection to '{}'...".format(url), level=10
))
try:
protection_check_req = requests.get(
url, params=headers, proxies=proxy_string_to_dict(proxy), timeout=20
)
html, status, headers = protection_check_req.content, protection_check_req.status_code, protection_check_req.headers
_, status, html, headers = get_page(url, agent=agent, proxy=proxy, xforward=xforward)
# make sure there are no DBMS errors in the HTML
for dbms in DBMS_ERRORS:
@ -163,23 +139,7 @@ def load_headers(url, **kwargs):
literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
if proxy is not None:
proxy = proxy_string_to_dict(proxy)
if not xforward:
header_value = {
HTTP_HEADER.CONNECTION: "close",
HTTP_HEADER.USER_AGENT: agent
}
else:
ip_list = create_random_ip(), create_random_ip(), create_random_ip()
header_value = {
HTTP_HEADER.CONNECTION: "close",
HTTP_HEADER.USER_AGENT: agent,
HTTP_HEADER.X_FORWARDED_FOR: "{}, {}, {}".format(
ip_list[0], ip_list[1], ip_list[2]
)
}
req = requests.get(url, params=header_value, proxies=proxy, timeout=10)
req, _, _, _ = get_page(url, agent=agent, proxy=proxy)
if len(req.cookies) > 0:
logger.info(set_color(
"found a request cookie, saving to file...", level=25

View file

@ -44,14 +44,14 @@ def request_issue_creation():
))
lib.core.common.shutdown()
question = lib.core.common.prompt(
'''question = lib.core.common.prompt(
"would you like to create an anonymous issue and post it to Zeus's Github", opts="yN"
)
if question.lower().startswith("n"):
lib.core.settings.logger.error(lib.core.settings.set_color(
"Zeus has experienced an internal error and cannot continue, shutting down...", level=40
))
lib.core.common.shutdown()
lib.core.common.shutdown()'''
lib.core.settings.fix_log_file()
lib.core.settings.logger.info(lib.core.settings.set_color(

View file

@ -147,7 +147,7 @@ def get_urls(query, url, verbose=False, **kwargs):
)
else:
do_continue = prompt(
question_msg, opts="yN", default="n"
question_msg, opts="yN", default="y"
)
# shutdown and write the URL to a file