mirror of
https://github.com/Ekultek/Zeus-Scanner.git
synced 2026-03-11 08:55:51 +00:00
patches an issue where any connection problem (timeout, disconnect, etc) would cause a unexpected exception (issue #239). also patches an issue where XSS was stuck in a loop (issue #240). added two new plugin detection scripts
This commit is contained in:
parent
b86db8008f
commit
4e0945b842
5 changed files with 58 additions and 25 deletions
|
|
@ -84,6 +84,8 @@ c4ac50a3f3550c62219e7e4f38d4b496 ./lib/plugins/1024.py
|
|||
76a1d1decfb872bfafdf510c656f113a ./lib/plugins/rssfeed.py
|
||||
320f0db977c85b477ba1ea78b140cb8a ./lib/plugins/4images.py
|
||||
35dc8b7da4becb60662aab3c48a9210b ./lib/plugins/openxchange.py
|
||||
353db8b22c031433ea73a12943927557 ./lib/plugins/clipbucket.py
|
||||
ce3b79dc80e369ffd55d2cbe90e6a0ab ./lib/plugins/mssqlreportmanager.py
|
||||
b5ff3286060c0bbc0fe1f0f591131c9c ./lib/attacks/gist_lookup/__init__.py
|
||||
86224bd899c2a2438042cbdc077dc4cc ./lib/attacks/clickjacking_scan/__init__.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
|
||||
|
|
@ -92,7 +94,7 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
|
|||
7bc7a6f3e85651aab3588f087563eded ./lib/attacks/whois_lookup/__init__.py
|
||||
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
|
||||
916b768e783ff771bce80bd6f5112d4f ./lib/attacks/admin_panel_finder/__init__.py
|
||||
52942c7b33ff696901f5a4201ba4507f ./lib/attacks/xss_scan/__init__.py
|
||||
f87f388a9ded1cd8a7e333353652c4df ./lib/attacks/xss_scan/__init__.py
|
||||
6b8ad5d11aa7f1e2b5f993ca3dde1975 ./lib/attacks/nmap_scan/__init__.py
|
||||
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
|
||||
8ef704ee0460fdec5ea03f47036664fe ./lib/header_check/__init__.py
|
||||
|
|
@ -100,7 +102,7 @@ d2f8777360a73a412ef158eff2fdf631 ./lib/core/common.py
|
|||
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
|
||||
38d8ce4aec42ec147b44a36c69b15ea8 ./lib/core/parse.py
|
||||
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
|
||||
f3b7a9cae1668e883541b388107f07c4 ./lib/core/settings.py
|
||||
62f71741205d25ab425f5ef32b39423a ./lib/core/settings.py
|
||||
de4254c5e40f7aa4fb81e0608f758a2c ./lib/core/decorators.py
|
||||
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
|
||||
83928f6c090722d87a905a447cb51aed ./var/search/selenium_search.py
|
||||
|
|
|
|||
|
|
@ -73,12 +73,11 @@ def create_urls(url, payload_list, tamper=None, verbose=False):
|
|||
else:
|
||||
payload = __tamper_payload(payload, tamper_type=tamper, warning=False, verbose=verbose)
|
||||
except InvalidTamperProvided:
|
||||
lib.core.settings.logger.error(lib.core.settings.set_color(
|
||||
lib.core.settings.logger.warning(lib.core.settings.set_color(
|
||||
"you provided and invalid tamper script, acceptable tamper scripts are: {}...".format(
|
||||
" | ".join(list_tamper_scripts()), level=40
|
||||
)
|
||||
))
|
||||
lib.core.common.shutdown()
|
||||
loaded_url = "{}{}\n".format(url.strip(), payload.strip())
|
||||
tmp.write(loaded_url)
|
||||
return tf_name
|
||||
|
|
@ -110,7 +109,6 @@ def scan_xss(url, agent=None, proxy=None):
|
|||
be tampered or encoded if the site is not vulnerable
|
||||
"""
|
||||
|
||||
retry_flags = 3
|
||||
auto_assign = "http://{}"
|
||||
url_verification = re.compile(r"http(s)?", re.I)
|
||||
|
||||
|
|
@ -120,25 +118,19 @@ def scan_xss(url, agent=None, proxy=None):
|
|||
))
|
||||
url = auto_assign.format(url)
|
||||
|
||||
while retry_flags > 0:
|
||||
try:
|
||||
_, status, html_data, _ = lib.core.common.get_page(url, agent=agent, proxy=proxy)
|
||||
query = find_xss_script(url)
|
||||
for db in lib.core.settings.DBMS_ERRORS.keys():
|
||||
for item in lib.core.settings.DBMS_ERRORS[db]:
|
||||
if re.findall(item, html_data):
|
||||
return "sqli", db
|
||||
if status != 404:
|
||||
if query in html_data:
|
||||
return True, None
|
||||
retry_flags -= 1
|
||||
except requests.exceptions.ChunkedEncodingError:
|
||||
lib.core.settings.logger.warning(lib.core.settings.set_color(
|
||||
"encoding seems to be messed up, retrying request...", level=30
|
||||
))
|
||||
retry_flags -= 1
|
||||
|
||||
return False, None
|
||||
try:
|
||||
_, status, html_data, _ = lib.core.common.get_page(url, agent=agent, proxy=proxy)
|
||||
query = find_xss_script(url)
|
||||
for db in lib.core.settings.DBMS_ERRORS.keys():
|
||||
for item in lib.core.settings.DBMS_ERRORS[db]:
|
||||
if re.findall(item, html_data):
|
||||
return "sqli", db
|
||||
if status != 404:
|
||||
if query in html_data:
|
||||
return True, None
|
||||
return False, None
|
||||
except (requests.exceptions.ChunkedEncodingError, requests.exceptions.ConnectionError):
|
||||
return False, None
|
||||
|
||||
|
||||
def main_xss(start_url, proxy=None, agent=None, **kwargs):
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
|
|||
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
|
||||
|
||||
# current version <major.minor.commit.patch ID>
|
||||
VERSION = "1.4.1.{}".format(PATCH_ID)
|
||||
VERSION = "1.4.2.{}".format(PATCH_ID)
|
||||
|
||||
# colors to output depending on the version
|
||||
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
|
||||
|
|
|
|||
21
lib/plugins/clipbucket.py
Normal file
21
lib/plugins/clipbucket.py
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
import re
|
||||
|
||||
|
||||
__product__ = "ClipBucket"
|
||||
__description__ = (
|
||||
"ClipBucket is an Open Source and freely downloadable PHP "
|
||||
"script that will let you start your own Video Sharing website"
|
||||
)
|
||||
|
||||
|
||||
def search(html, **kwargs):
|
||||
html = str(html)
|
||||
plugin_detection_schema = (
|
||||
re.compile(r"<.\S+.clipbucket", re.I),
|
||||
re.compile(r"content.[\'\"]clipbucket", re.I),
|
||||
re.compile(r"http(s)?.//(www.)?clip.bucket.com", re.I),
|
||||
re.compile(r"http(s)?.//(www.)?clipbucket.com", re.I),
|
||||
)
|
||||
for plugin in plugin_detection_schema:
|
||||
if plugin.search(html) is not None:
|
||||
return True
|
||||
18
lib/plugins/mssqlreportmanager.py
Normal file
18
lib/plugins/mssqlreportmanager.py
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
import re
|
||||
|
||||
|
||||
__product__ = "Microsoft SQL Report Manager"
|
||||
__description__ = (
|
||||
"Microsoft SQL Server Report Manager - web-based report access and management tool"
|
||||
)
|
||||
|
||||
|
||||
def search(html, **kwargs):
|
||||
html = str(html)
|
||||
plugin_detection_schema = (
|
||||
re.compile(r"content.[\'\"]?microsoft.sql.server.report", re.I),
|
||||
re.compile(r"microsoft.sql.server.report.manager", re.I)
|
||||
)
|
||||
for plugin in plugin_detection_schema:
|
||||
if plugin.search(html) is not None:
|
||||
return True
|
||||
Loading…
Reference in a new issue