updated modsecurity and created a new waf scripts for wordfence

This commit is contained in:
ekultek 2017-11-13 14:35:46 -06:00
parent c91ba86fef
commit 2639eeadef
3 changed files with 24 additions and 6 deletions

View file

@ -1,4 +1,4 @@
6b7b3eac4bcb0bf320973a2e5cf5078e ./zeus.py
2f22501746b4af13bc1d6f2dec5a013b ./zeus.py
4b32db388e8acda35570c734d27c950c ./etc/scripts/launch_sqlmap.sh
6ad5f22ec4a6f8324bfb1b01ab6d51ec ./etc/scripts/cleanup.sh
155c9482f690f1482f324a7ffd8b8098 ./etc/scripts/fix_pie.sh
@ -23,11 +23,12 @@ ca6935a72fd0527d15a78a17a35e56e8 ./bin/drivers/geckodriver-v0.19.0-linux64.tar.
07cd383c8aef8ea5ef194a506141afd6 ./bin/drivers/geckodriver-v0.19.0-linux32.tar.gz
6ea65a0160c21e144e92334acc2e3667 ./lib/firewall/anquanbao.py
34b946ab1f9aaac397ba77d5f8c132b1 ./lib/firewall/cloudflare.py
1b5a2a7161db77ba570a629d25cb4055 ./lib/firewall/modsecurity.py
1d65a5d7708a3b365f3a518ae7064304 ./lib/firewall/modsecurity.py
6b370050b40d8c1d2221424f756c7842 ./lib/firewall/paloalto.py
60973a0c2e34108dfb32c89ad46477b6 ./lib/firewall/sucuri.py
ea6e622b8eaf83b4f717020b91530e71 ./lib/firewall/webseal.py
783973a4c6af58907f6dbfe1b274c59c ./lib/firewall/generic.py
c3f01fc8ff7dfe7759f63bf16b00f127 ./lib/firewall/wordfence.py
785c28da8b681a7e23964f99118b5aab ./lib/tamper_scripts/obfuscateordinal_encode.py
10bf1bc4ef0287d31633148fab557e8a ./lib/tamper_scripts/uppercase_encode.py
5b68de0ce3a783b870921b09b5222146 ./lib/tamper_scripts/hex_encode.py
@ -50,14 +51,14 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
7272a7fd0b0c2e9192bc4adb6154d2f0 ./lib/attacks/sqlmap_scan/__init__.py
aa7268a8f085734a6c577c86440f7a1b ./lib/attacks/sqlmap_scan/sqlmap_opts.py
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/whois_lookup/__init__.py
d8fab18b15d1546f6585fe926c27868f ./lib/attacks/whois_lookup/whois.py
9b2bd4904ec2385eb38a3b6cd59dbc99 ./lib/attacks/whois_lookup/whois.py
3917cdce61918f3992fc682105367ce8 ./lib/attacks/admin_panel_finder/__init__.py
b50e4b7fb9fdef374c00b7ab0ef913e9 ./lib/attacks/xss_scan/__init__.py
27358f26bda30d7356143c3ea1fa99c5 ./lib/attacks/nmap_scan/__init__.py
21faf4679cdeaa731029a48f8963d6e7 ./lib/attacks/nmap_scan/nmap_opts.py
1faa2b5dfad6eb538bbfe42942d2a9da ./lib/core/errors.py
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
7d0c06f6bcbc8a9e024e433a94426913 ./lib/core/settings.py
11b1a4ae775662b6f40a2d60fec9ffc2 ./lib/core/settings.py
e25de81c51e5572d29e3e161dd35f41d ./lib/header_check/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./var/google_search/__init__.py
2a7c4285914548b86593e6e000bdab32 ./var/google_search/search.py

View file

@ -1,7 +1,7 @@
import re
__item__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)"
__item__ = "ModSecurity: Open Source Web Application Firewall"
def detect(content, **kwargs):
@ -9,7 +9,8 @@ def detect(content, **kwargs):
detection_schema = (
re.compile(r"ModSecurity|NYOB", re.I),
re.compile(r"This error was generated by Mod_Security", re.I),
re.compile(r"Web Server at", re.I)
re.compile(r"Web Server at", re.I),
re.compile(r"page you are (accessing|trying)? (to|is)? (access)? (is|to)? (restricted)?", re.I)
)
for detection in detection_schema:
if detection.search(content) is not None:

View file

@ -0,0 +1,16 @@
import re
__item__ = "Wordfence (Feedjit)"
def detect(content, **kwargs):
content = str(content)
detection_schema = (
re.compile(r"Generated by Wordfence", re.I),
re.compile(r"Your access to this site has been limited", re.I),
re.compile(r"<.+>Wordfence<.+.>", re.I)
)
for detection in detection_schema:
if detection.search(content) is not None:
return True