patches an issue where any connection problem (timeout, disconnect, etc) would cause a unexpected exception (issue #239). also patches an issue where XSS was stuck in a loop (issue #240). added two new plugin detection scripts

This commit is contained in:
ekultek 2017-12-06 17:14:13 -06:00
parent b86db8008f
commit 4e0945b842
5 changed files with 58 additions and 25 deletions

View file

@ -84,6 +84,8 @@ c4ac50a3f3550c62219e7e4f38d4b496 ./lib/plugins/1024.py
76a1d1decfb872bfafdf510c656f113a ./lib/plugins/rssfeed.py
320f0db977c85b477ba1ea78b140cb8a ./lib/plugins/4images.py
35dc8b7da4becb60662aab3c48a9210b ./lib/plugins/openxchange.py
353db8b22c031433ea73a12943927557 ./lib/plugins/clipbucket.py
ce3b79dc80e369ffd55d2cbe90e6a0ab ./lib/plugins/mssqlreportmanager.py
b5ff3286060c0bbc0fe1f0f591131c9c ./lib/attacks/gist_lookup/__init__.py
86224bd899c2a2438042cbdc077dc4cc ./lib/attacks/clickjacking_scan/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
@ -92,7 +94,7 @@ d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
7bc7a6f3e85651aab3588f087563eded ./lib/attacks/whois_lookup/__init__.py
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
916b768e783ff771bce80bd6f5112d4f ./lib/attacks/admin_panel_finder/__init__.py
52942c7b33ff696901f5a4201ba4507f ./lib/attacks/xss_scan/__init__.py
f87f388a9ded1cd8a7e333353652c4df ./lib/attacks/xss_scan/__init__.py
6b8ad5d11aa7f1e2b5f993ca3dde1975 ./lib/attacks/nmap_scan/__init__.py
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
8ef704ee0460fdec5ea03f47036664fe ./lib/header_check/__init__.py
@ -100,7 +102,7 @@ d2f8777360a73a412ef158eff2fdf631 ./lib/core/common.py
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
38d8ce4aec42ec147b44a36c69b15ea8 ./lib/core/parse.py
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
f3b7a9cae1668e883541b388107f07c4 ./lib/core/settings.py
62f71741205d25ab425f5ef32b39423a ./lib/core/settings.py
de4254c5e40f7aa4fb81e0608f758a2c ./lib/core/decorators.py
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
83928f6c090722d87a905a447cb51aed ./var/search/selenium_search.py

View file

@ -73,12 +73,11 @@ def create_urls(url, payload_list, tamper=None, verbose=False):
else:
payload = __tamper_payload(payload, tamper_type=tamper, warning=False, verbose=verbose)
except InvalidTamperProvided:
lib.core.settings.logger.error(lib.core.settings.set_color(
lib.core.settings.logger.warning(lib.core.settings.set_color(
"you provided and invalid tamper script, acceptable tamper scripts are: {}...".format(
" | ".join(list_tamper_scripts()), level=40
)
))
lib.core.common.shutdown()
loaded_url = "{}{}\n".format(url.strip(), payload.strip())
tmp.write(loaded_url)
return tf_name
@ -110,7 +109,6 @@ def scan_xss(url, agent=None, proxy=None):
be tampered or encoded if the site is not vulnerable
"""
retry_flags = 3
auto_assign = "http://{}"
url_verification = re.compile(r"http(s)?", re.I)
@ -120,25 +118,19 @@ def scan_xss(url, agent=None, proxy=None):
))
url = auto_assign.format(url)
while retry_flags > 0:
try:
_, status, html_data, _ = lib.core.common.get_page(url, agent=agent, proxy=proxy)
query = find_xss_script(url)
for db in lib.core.settings.DBMS_ERRORS.keys():
for item in lib.core.settings.DBMS_ERRORS[db]:
if re.findall(item, html_data):
return "sqli", db
if status != 404:
if query in html_data:
return True, None
retry_flags -= 1
except requests.exceptions.ChunkedEncodingError:
lib.core.settings.logger.warning(lib.core.settings.set_color(
"encoding seems to be messed up, retrying request...", level=30
))
retry_flags -= 1
return False, None
try:
_, status, html_data, _ = lib.core.common.get_page(url, agent=agent, proxy=proxy)
query = find_xss_script(url)
for db in lib.core.settings.DBMS_ERRORS.keys():
for item in lib.core.settings.DBMS_ERRORS[db]:
if re.findall(item, html_data):
return "sqli", db
if status != 404:
if query in html_data:
return True, None
return False, None
except (requests.exceptions.ChunkedEncodingError, requests.exceptions.ConnectionError):
return False, None
def main_xss(start_url, proxy=None, agent=None, **kwargs):

View file

@ -45,7 +45,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
# current version <major.minor.commit.patch ID>
VERSION = "1.4.1.{}".format(PATCH_ID)
VERSION = "1.4.2.{}".format(PATCH_ID)
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}

21
lib/plugins/clipbucket.py Normal file
View file

@ -0,0 +1,21 @@
import re
__product__ = "ClipBucket"
__description__ = (
"ClipBucket is an Open Source and freely downloadable PHP "
"script that will let you start your own Video Sharing website"
)
def search(html, **kwargs):
html = str(html)
plugin_detection_schema = (
re.compile(r"<.\S+.clipbucket", re.I),
re.compile(r"content.[\'\"]clipbucket", re.I),
re.compile(r"http(s)?.//(www.)?clip.bucket.com", re.I),
re.compile(r"http(s)?.//(www.)?clipbucket.com", re.I),
)
for plugin in plugin_detection_schema:
if plugin.search(html) is not None:
return True

View file

@ -0,0 +1,18 @@
import re
__product__ = "Microsoft SQL Report Manager"
__description__ = (
"Microsoft SQL Server Report Manager - web-based report access and management tool"
)
def search(html, **kwargs):
html = str(html)
plugin_detection_schema = (
re.compile(r"content.[\'\"]?microsoft.sql.server.report", re.I),
re.compile(r"microsoft.sql.server.report.manager", re.I)
)
for plugin in plugin_detection_schema:
if plugin.search(html) is not None:
return True