From 3169dc27b06434f9a30eca4a8b9a5e5c51e4eccb Mon Sep 17 00:00:00 2001 From: Mokaddem Date: Tue, 2 Aug 2016 15:43:11 +0200 Subject: [PATCH] Added SQLInjectionDetection module --- bin/LAUNCH.sh | 2 + bin/SQLInjectionDetection.py | 155 +++++++++++++++++++++++++++++++++++ bin/Url.py | 2 +- bin/WebStats.py | 2 +- bin/packages/modules.cfg | 3 + 5 files changed, 162 insertions(+), 2 deletions(-) create mode 100755 bin/SQLInjectionDetection.py diff --git a/bin/LAUNCH.sh b/bin/LAUNCH.sh index 5afc3c2a..b74dc455 100755 --- a/bin/LAUNCH.sh +++ b/bin/LAUNCH.sh @@ -142,6 +142,8 @@ function launching_scripts { screen -S "Script" -X screen -t "WebStats" bash -c './WebStats.py; read x' sleep 0.1 screen -S "Script" -X screen -t "ModuleStats" bash -c './ModuleStats.py; read x' + sleep 0.1 + screen -S "Script" -X screen -t "SQLInjectionDetection" bash -c './SQLInjectionDetection.py; read x' } #If no params, display the help diff --git a/bin/SQLInjectionDetection.py b/bin/SQLInjectionDetection.py new file mode 100755 index 00000000..5be7d98c --- /dev/null +++ b/bin/SQLInjectionDetection.py @@ -0,0 +1,155 @@ +#!/usr/bin/env python2 +# -*-coding:UTF-8 -* +""" + Template for new modules +""" + +import time +import sys +import string +import datetime +import redis +import os +import urllib2 +import re +from pubsublogger import publisher +from Helper import Process +from packages import Paste +from pyfaup.faup import Faup + +# Config Var + +regex_injection = [] +word_injection = [] + +# Classic atome injection +regex_injection1 = "([[AND |OR ]+[\'|\"]?[0-9a-zA-Z]+[\'|\"]?=[\'|\"]?[0-9a-zA-Z]+[\'|\"]?])" +regex_injection.append(regex_injection1) + +# Time-based attack +regex_injection2 = ["SLEEP\([0-9]+", "BENCHMARK\([0-9]+", "WAIT FOR DELAY ", "WAITFOR DELAY"] +regex_injection2 = re.compile('|'.join(regex_injection2)) +regex_injection.append(regex_injection2) + +# Interesting keyword +word_injection1 = [" IF ", " ELSE ", " CASE ", " WHEN ", " END ", " UNION ", "SELECT ", " FROM ", " ORDER BY ", " WHERE ", " DELETE ", " DROP ", " UPDATE ", " EXEC "] +word_injection.append(word_injection1) + +# Comment +word_injection2 = ["--", "#", "/*"] +word_injection.append(word_injection2) + +# Database special keywords +word_injection3 = ["@@version", "POW(", "BITAND(", "SQUARE("] +word_injection.append(word_injection3) + +# Html keywords +word_injection4 = ["