Fix conflict with master

shenril · Aug 19, 2019 · dfaf58d · dfaf58d
2 parents 98f1595 + 90e4887
commit dfaf58d
Show file tree

Hide file tree

Showing 15 changed files with 55 additions and 18 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -7,16 +7,30 @@ assignees: shenril
 
 ---
 
+<<<<<<< HEAD
 **Environment :**
 
 - OS: [e.g. Windows,Linux,Mac]
 - Python version [e.g. 3.5, 3.6]
 - Sitadel version
+=======
+## Environment
+>>>>>>> master
 
-**Describe the bug**
-A clear and concise description of what the bug is.
+- OS: [e.g. Windows,Linux,Mac]
+- Python version [e.g. 3.5, 3.6]
+- Sitadel version
+
+## Expected Behavior
+
+Tell us what should happen
+
+## Current Behavior
+
+Tell us what happens instead of the expected behavior
+
+## To Reproduce
 
-**To Reproduce**
 Steps to reproduce the behavior:
 
 - Step1

diff --git a/.travis.yml b/.travis.yml
@@ -5,7 +5,7 @@ dist: xenial
 language: python
 python:
   - "3.5"
-  - "3.6.6"
+  - "3.6"
   - "3.7"
 
 # Test website to run attack

diff --git a/lib/modules/attacks/injection/ldap.py b/lib/modules/attacks/injection/ldap.py
@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class LDAP(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def errors(self, data):
         error = (
             "supplied argument is not a valid ldap",

diff --git a/lib/modules/attacks/injection/rfi.py b/lib/modules/attacks/injection/rfi.py
@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Rfi(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

diff --git a/lib/modules/attacks/injection/sql.py b/lib/modules/attacks/injection/sql.py
@@ -2,10 +2,13 @@
 from urllib.parse import parse_qsl, urlencode, urlsplit
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Sql(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def dberror(self, data):
         if re.search(
             r"supplied argument is not a valid MySQL|Column count doesn\'t match value count at row|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right syntax to use|\[MySQL]\[ODBC|Column count doesn\'t match|valid MySQL result|MySqlClient.",

diff --git a/lib/modules/attacks/other/dav.py b/lib/modules/attacks/other/dav.py
@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Dav(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

diff --git a/lib/modules/attacks/vulns/anonymous.py b/lib/modules/attacks/vulns/anonymous.py
@@ -3,10 +3,13 @@
 from urllib.parse import urlparse
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Anonymous(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         logger = Services.get("logger")

diff --git a/lib/modules/attacks/vulns/crime.py b/lib/modules/attacks/vulns/crime.py
@@ -3,10 +3,13 @@
 from urllib.parse import urlparse
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Crime(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         logger = Services.get("logger")
@@ -16,7 +19,6 @@ def process(self, start_url, crawled_urls):
         port = "443"
         try:
             ip += socket.gethostbyname(urlparse(start_url).hostname)
-            print(ip)
             socket.inet_aton(ip)
             r = subprocess.Popen(
                 [

diff --git a/lib/modules/attacks/vulns/shellshock.py b/lib/modules/attacks/vulns/shellshock.py
@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class Shellshock(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

diff --git a/lib/modules/attacks/vulns/strutsshock.py b/lib/modules/attacks/vulns/strutsshock.py
@@ -1,10 +1,13 @@
 import re
 
 from lib.utils.container import Services
+from lib.config.settings import Risk
 from .. import AttackPlugin
 
 
 class StrutsShock(AttackPlugin):
+    level = Risk.DANGEROUS
+
     def process(self, start_url, crawled_urls):
         output = Services.get("output")
         request = Services.get("request_factory")

diff --git a/lib/modules/fingerprints/cdn/akamai.py b/lib/modules/fingerprints/cdn/akamai.py
@@ -12,15 +12,15 @@ class Akamai(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         try:
             resolver = Resolver(configure=False)
             resolver.nameservers = [settings.dns_resolver]
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname + ".edgekey.net", 'A')
+            dns_query = resolver.query(hostname + ".edgekey.net", "A")
 
             if len(dns_query) > 0:
                 return "Akamai CDN"

diff --git a/lib/modules/fingerprints/cdn/azure.py b/lib/modules/fingerprints/cdn/azure.py
@@ -13,7 +13,7 @@ class Azure(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
 
@@ -23,10 +23,10 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'azureedge\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"azureedge\.net", str(answer), re.I) is not None
             if _:
                 return "Azure CDN"
         except NoAnswer:

diff --git a/lib/modules/fingerprints/cdn/cloudflare.py b/lib/modules/fingerprints/cdn/cloudflare.py
@@ -12,14 +12,14 @@ class Cloudflare(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         try:
             resolver = Resolver(configure=False)
             resolver.nameservers = [settings.dns_resolver]
             resolver.timeout = 2
             resolver.lifetime = 2
-            dns_query = resolver.query(hostname + ".cdn.cloudflare.net", 'A')
+            dns_query = resolver.query(hostname + ".cdn.cloudflare.net", "A")
 
             if len(dns_query) > 0:
                 return "Cloudflare CDN"

diff --git a/lib/modules/fingerprints/cdn/cloudfront.py b/lib/modules/fingerprints/cdn/cloudfront.py
@@ -13,7 +13,7 @@ class CloudFront(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
         try:
@@ -22,11 +22,11 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
 
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'cloudfront\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"cloudfront\.net", str(answer), re.I) is not None
             if _:
                 return "CloudFront CDN (Amazon)"
         except NoAnswer:

diff --git a/lib/modules/fingerprints/cdn/fastly.py b/lib/modules/fingerprints/cdn/fastly.py
@@ -13,7 +13,7 @@ class Fastly(FingerprintPlugin):
     level = Risk.NO_DANGER
 
     def process(self, headers, content):
-        request = Services.get('request_factory')
+        request = Services.get("request_factory")
         hostname = urlparse(request.url).hostname
         _ = False
         try:
@@ -22,10 +22,10 @@ def process(self, headers, content):
             resolver.timeout = 2
             resolver.lifetime = 2
 
-            dns_query = resolver.query(hostname, 'CNAME')
+            dns_query = resolver.query(hostname, "CNAME")
             if len(dns_query) > 0:
                 for answer in dns_query:
-                    _ |= re.search(r'fastly\.net', str(answer), re.I) is not None
+                    _ |= re.search(r"fastly\.net", str(answer), re.I) is not None
             if _:
                 return "Fastly CDN"
         except NoAnswer: