Commit graph

23 commits

Author SHA1 Message Date
ekultek
151d44beff patch for an issue where the status code was in the wrong place issue #219 2017-12-02 11:23:48 -06:00
ekultek
083e541284 fixes a bunch of bugs, plus some annoying output that shouldn't be showing up, including but not limited to issue #202 and issue #203 2017-12-01 11:05:53 -06:00
ekultek
5de72f5d33 fixes a bunch of connection bugs including issue #191, also fixes some issues with WAF identification 2017-11-30 13:23:18 -06:00
ekultek
c0382bdb17 created a timeout class that will timeout a function if it takes to long, added the timeout to the nmap scan, if it takes over 2 minutes it will timeout, you can increase the timeout with the --time-sec flag 2017-11-29 11:48:12 -06:00
ekultek
f3dd7c567b will now save potential SQLi vulnerable websites to a log file during the header check (if the check throws a dbms error) 2017-11-28 13:07:23 -06:00
ekultek
97187c07f0 fixes issue #173 crawler will ignore SSL certificates, fixes #174 caches the found firewall into memory, incase we run across it again we don't waste our time trying to discover it, fixes #175 and #176 if there are unicode chars in the value it will not be saved 2017-11-28 08:14:47 -06:00
ekultek
4c496b265c one more patch for the generic WAF detection script, another private report, will not detect Apache now 2017-11-27 13:45:15 -06:00
ekultek
4651fcd2ac major patch for an issue with the firewall identification (private report) it was super unreliable, should work better now 2017-11-27 13:09:53 -06:00
ekultek
e662cb4a00 created an interactive pause that you will be able to skip or exit from 2017-11-25 20:00:23 -06:00
ekultek
3225387157 fixed the x-forwarded-for header in the header checking 2017-11-24 07:03:10 -06:00
ekultek
6f62049eb8 optimization for the time it takes to load the program, should be quicker now, created a search for public PGP keys will take your sites domain and search for any public PGP keys it can find, renamed some files to make more sense 2017-11-22 15:07:24 -06:00
ekultek
9eca1950cb created constants of all the log filenames, adjusted files accordingly 2017-11-20 14:04:11 -06:00
ekultek
fd4c89ffb8 created a common.py file and drafted write_to_log_file into it, also created an HTTP_HEADER class that will be used instead of repeating myself, fixed everything accordingly 2017-11-20 11:43:27 -06:00
ekultek
6f6663b453 added a new header to the check to see if they have protection against MITM attacks (Public-Key-Pins) 2017-11-14 19:40:21 -06:00
ekultek
beaa69f7af added a few new WAF scripts (issue #142) squid proxy IDS, cloudfront, minor updates to modsecurity 2017-11-14 13:54:52 -06:00
ekultek
a805afd1fa minor update so that it will not keep pulling the Apache server error, this way it will truly only pull what it believes are WAF/IDS/IPS's 2017-11-13 20:46:26 -06:00
ekultek
f2cad88415 initial push for issue #142, created a few WAF scripts to detect, will also save the fingerprint of the WAF script if the protection is declared to be generic 2017-11-12 19:13:00 -06:00
ekultek
cec5a4c7c5 will now save discovered cookies to a log file 2017-11-11 16:02:34 -06:00
ekultek
d4d6630f59 patches an error where if you are unable to retrieve the headers it will fail, will not just output that it is unable to retreive the headers (issue #141) 2017-11-11 06:25:33 -06:00
ekultek
3db01c4dcf will only display the headers that are equipped for protection and will no longer prompt you if you want to continue, a warning should be enough, fixed a new line issue in an inof message 2017-11-10 11:00:21 -06:00
ekultek
150ebef721 will now save all headers to the log file 2017-11-09 14:40:23 -06:00
ekultek
864983250f when a header is present it will now display as a warning instead of an error 2017-11-08 13:57:45 -06:00
ekultek
b5ca0225b6 created a header check whilst running attacks. if a protection header is found in the headers found, it will prompt you and warn you 2017-11-07 14:52:57 -06:00