diff --git a/bin/LibInjection.py b/bin/LibInjection.py new file mode 100755 index 00000000..4ad388d5 --- /dev/null +++ b/bin/LibInjection.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python3 +# -*-coding:UTF-8 -* + +""" +The LibInjection Module +================================ + +This module is consuming the Redis-list created by the Web module. + +It tries to identify SQL Injections with libinjection. + +""" + +import time +import string +import urllib.request +import re +import pylibinjection +import pprint + +from pubsublogger import publisher +from Helper import Process +from packages import Paste +from pyfaup.faup import Faup + +def analyse(url, path): + faup.decode(url) + url_parsed = faup.get() + pprint.pprint(url_parsed) + resource_path = url_parsed['resource_path'] + query_string = url_parsed['query_string'] + + result_path = {'sqli' : False} + result_query = {'sqli' : False} + + if resource_path is not None: + result_path = pylibinjection.detect_sqli(resource_path) + print("path is sqli : {0}".format(result_path)) + + if query_string is not None: + result_query = pylibinjection.detect_sqli(query_string) + print("query is sqli : {0}".format(result_query)) + + if result_path['sqli'] is True or result_query['sqli'] is True: + paste = Paste.Paste(path) + print("Detected (libinjection) SQL in URL: ") + print(urllib.request.unquote(url)) + to_print = 'LibInjection;{};{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, "Detected SQL in URL", paste.p_path) + publisher.warning(to_print) + #Send to duplicate + p.populate_set_out(path, 'Duplicate') + #send to Browse_warning_paste + p.populate_set_out('sqlinjection;{}'.format(path), 'alertHandler') + msg = 'infoleak:automatic-detection="sql-injection";{}'.format(path) + p.populate_set_out(msg, 'Tags') + +if __name__ == '__main__': + # If you wish to use an other port of channel, do not forget to run a subscriber accordingly (see launch_logs.sh) + # Port of the redis instance used by pubsublogger + publisher.port = 6380 + # Script is the default channel used for the modules. + publisher.channel = 'Script' + + # Section name in bin/packages/modules.cfg + config_section = 'LibInjection' + + # Setup the I/O queues + p = Process(config_section) + + # Sent to the logging a description of the module + publisher.info("Try to detect SQL injection with LibInjection") + + faup = Faup() + + # Endless loop getting messages from the input queue + while True: + # Get one message from the input queue + message = p.get_from_set() + + if message is None: + publisher.debug("{} queue is empty, waiting".format(config_section)) + time.sleep(10) + continue + + else: + # Do something with the message from the queue + url, date, path = message.split() + analyse(url, path) diff --git a/bin/packages/modules.cfg b/bin/packages/modules.cfg index 71044cfb..fd78cd07 100644 --- a/bin/packages/modules.cfg +++ b/bin/packages/modules.cfg @@ -70,6 +70,10 @@ publish = Redis_Url,ZMQ_Url [WebStats] subscribe = Redis_Url +[LibInjection] +subscribe = Redis_Url +publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags + [SQLInjectionDetection] subscribe = Redis_Url publish = Redis_alertHandler,Redis_Duplicate,Redis_Tags diff --git a/pip3_packages_requirement.txt b/pip3_packages_requirement.txt index 7ab82b6b..53ec97e7 100644 --- a/pip3_packages_requirement.txt +++ b/pip3_packages_requirement.txt @@ -67,3 +67,6 @@ https://github.com/trolldbois/python3-adns/archive/master.zip https://github.com/trolldbois/python-cymru-services/archive/master.zip https://github.com/saffsd/langid.py/archive/master.zip + +#LibInjection bindings +pylibinjection