fixes a bunch of connection bugs including issue #191, also fixes some issues with WAF identification

This commit is contained in:
ekultek 2017-11-30 13:23:18 -06:00
parent daa83ffee6
commit 5de72f5d33
7 changed files with 29 additions and 21 deletions

View file

@ -61,23 +61,23 @@ bbd8b4c6100070d420d48dc7dfc297eb ./lib/firewall/webknight.py
81a29a14d72980a306fbaec0dc772048 ./lib/firewall/fortigate.py
6ea65a0160c21e144e92334acc2e3667 ./lib/firewall/anquanbao.py
22a0ad8f2fa1a16b651cb5ae37ca9b0d ./lib/firewall/generic.py
cf236a16c7869282f55dd4c5ad6347a5 ./lib/attacks/gist_lookup/__init__.py
963e24d4b8a0fb94464389ddb60cc65f ./lib/attacks/gist_lookup/__init__.py
7183dbd7106ecb436176cebcca4e499f ./lib/attacks/clickjacking_scan/__init__.py
d41d8cd98f00b204e9800998ecf8427e ./lib/attacks/__init__.py
4c644b0e3a62b6c1528d34a04837aa35 ./lib/attacks/sqlmap_scan/__init__.py
5e5bb575014ebe613db6bf671d008cf8 ./lib/attacks/sqlmap_scan/sqlmap_opts.py
7bc7a6f3e85651aab3588f087563eded ./lib/attacks/whois_lookup/__init__.py
d2846e039fefee741db24dd64f7bd50e ./lib/attacks/whois_lookup/whois.py
8ec72bb33df998e32b925e3060d9d17a ./lib/attacks/whois_lookup/whois.py
2d7686f1b9b93c3989bc5f279a1a064a ./lib/attacks/admin_panel_finder/__init__.py
b5cd5e913cc62112776153bdf0f60fa4 ./lib/attacks/xss_scan/__init__.py
cc5e5838893eba60cf4bd33d38007e32 ./lib/attacks/xss_scan/__init__.py
e9915cc0bc3de60aaf2accfaea77d059 ./lib/attacks/nmap_scan/__init__.py
216999fa0e84866d5c1d96d5676034e4 ./lib/attacks/nmap_scan/nmap_opts.py
3252422e2934d26987ab9b0eb00c5f9d ./lib/header_check/__init__.py
e2af52e2cb4d2f192c4678b7439366b2 ./lib/header_check/__init__.py
39221756c132732dbdc2b14772dcab11 ./lib/core/common.py
4433353fb5c55578391d8b4006191ee8 ./lib/core/errors.py
d41d8cd98f00b204e9800998ecf8427e ./lib/core/__init__.py
3cef89f6f302418b323ba257b9ccc25c ./lib/core/settings.py
d3c1663ff908e10dfb2425bf84d80759 ./lib/core/decorators.py
c10aa86b519d43bd142de46453527f51 ./lib/core/settings.py
801a4f7ac892b74676c649bd4844ccdb ./lib/core/decorators.py
9a02e5b913d210350545ac26510a63c9 ./var/search/__init__.py
0545ee54ade186681b25d157fb32f350 ./var/search/selenium_search.py
8f8a7e791f91f0ef3544f2ed8364ab56 ./var/search/pgp_search.py

View file

@ -96,6 +96,9 @@ def check_files_for_information(found_url, data_to_search):
time.sleep(3)
data = requests.get(found_url)
for data_regex in data_regex_schema:
lib.core.settings.logger.info(lib.core.settings.set_color(
"running with regex '{}'...".format(data_regex.pattern), level=25
))
if data_regex.search(data.content) is not None:
lib.core.settings.logger.info(lib.core.settings.set_color(
"found a match with given specifics, saving full Gist to log file...", level=25

View file

@ -80,8 +80,7 @@ def whois_lookup_main(domain, **kwargs):
time.sleep(timeout)
try:
raw_information = gather_raw_whois_info(domain)
except Exception as e:
lib.core.settings.logger.exception(str(e))
except Exception:
lib.core.settings.logger.error(lib.core.settings.set_color(
"unable to produce information from WhoIs lookup...", level=40
))

View file

@ -168,8 +168,13 @@ def main_xss(start_url, proxy=None, agent=None, **kwargs):
with open(filename) as urls:
for i, url in enumerate(urls.readlines(), start=1):
url = url.strip()
result = scan_xss(url, proxy=proxy, agent=agent)
payload = find_xss_script(url)
try:
result = scan_xss(url, proxy=proxy, agent=agent)
except requests.exceptions.ConnectionError:
lib.core.settings.logger.error(lib.core.settings.set_color(
"payload '{}' caused a connection error, assuming no good and continuing...".format(payload), level=40
))
if verbose:
lib.core.settings.logger.info(lib.core.settings.set_color(
"trying payload '{}'...".format(payload)

View file

@ -31,11 +31,6 @@ def cache(func):
@wraps(func)
def func_wrapper(*args, **kwargs):
if args in __cache:
lib.core.settings.logger.warning(lib.core.settings.set_color(
"cached detection has shown that the target URL WAF/IPS/IDS is '{}'...".format(
__cache[args]
), level=35
))
return __cache[args]
else:
__to_cache = func(*args, **kwargs)

View file

@ -46,7 +46,7 @@ CLONE = "https://github.com/ekultek/zeus-scanner.git"
ISSUE_LINK = "https://github.com/ekultek/zeus-scanner/issues"
# current version <major.minor.commit.patch ID>
VERSION = "1.3.9.{}".format(PATCH_ID)
VERSION = "1.3.10.{}".format(PATCH_ID)
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
@ -337,14 +337,16 @@ DBMS_ERRORS = {
# this has to be the first function so that I can use it in the logger settings below
def create_log_name(log_path="{}/log", filename="zeus-log-{}.log", matcher="zeus-log"):
def create_log_name(log_path="{}/log", filename="zeus-log-{}.log", matcher="zeus"):
"""
create the current log file name by figuring out how many files are there
"""
if not os.path.exists(log_path.format(os.getcwd())):
os.mkdir(log_path.format(os.getcwd()))
find_file_amount = len([f for f in os.listdir(log_path.format(os.getcwd())) if matcher in f])
full_log_path = "{}/{}".format(log_path.format(os.getcwd()), filename.format(find_file_amount + 1))
find_file_amount = len(
[f for f in os.listdir(log_path.format(os.getcwd())) if matcher in f and not os.path.isdir(f)]
) + 1
full_log_path = "{}/{}".format(log_path.format(os.getcwd()), filename.format(find_file_amount))
return full_log_path

View file

@ -105,10 +105,12 @@ def detect_protection(url, **kwargs):
except (Exception, IndexError):
logger.warning(set_color(
"multiple firewalls identified ({}), displaying most likely...".format(
", ".join(retval)
", ".join([item.split("(")[0] for item in retval])
), level=30
))
del retval[retval.index(retval[1])]
if len(retval) >= 2:
del retval[retval.index(retval[1])]
if retval[0] == "Generic (Unknown)":
logger.warning(set_color(
"discovered firewall is unknown to Zeus, saving fingerprint to file. "
@ -159,7 +161,7 @@ def load_headers(url, **kwargs):
proxy = kwargs.get("proxy", None)
xforward = kwargs.get("xforward", False)
literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
# literal_match = re.compile(r"\\(\X(\d+)?\w+)?", re.I)
if proxy is not None:
proxy = proxy_string_to_dict(proxy)
@ -203,13 +205,15 @@ def load_headers(url, **kwargs):
retval[header] = unicodedata.normalize("NFKD", u"{}".format(http_headers[header])).encode("ascii", errors="ignore")
# just to be safe, we're going to put all the possible Unicode errors into a tuple
except (UnicodeEncodeError, UnicodeDecodeError, UnicodeError, UnicodeTranslateError, UnicodeWarning):
# if there are, we're going to append them to a `do_not_use` list
# if there are any errors, we're going to append them to a `do_not_use` list
do_not_use.append(header)
# clear the dict so we can re-add to it
retval.clear()
for head in http_headers:
# if the header is in the list, we skip it
if head not in do_not_use:
retval[head] = http_headers[head]
# return a dict of safe unicodeless HTTP headers
return retval