mod_htaccess.py :  » Network » Wapiti » wapiti-2.2.1 » wapiti-2.2.1 » src » attack » Python Open Source

#!/usr/bin/env python
#
# Authors:
# Anthony DUBOCAGE
# Guillaume TRANCHANT
# Gregory FONTAINE

from attack import Attack
from vulnerability import Vulnerability
from vulnerabilitiesdescriptions import VulnerabilitiesDescriptions

class mod_htaccess(Attack):
  """
  This class implements a htaccess attack
  """  

  name = "htaccess"

  doGET = False
  doPOST = False

  def __init__(self, HTTP, xmlRepGenerator):
    Attack.__init__(self, HTTP, xmlRepGenerator)
    
  #this function return code signification when htaccess protection enabled
  def __returnErrorByCode(self, code):
    err = ""
    if code == "401":
      err = "Authorization Required"
    elif code == "402":
      err = "Payment Required"
    elif code == "403":
      err = "Forbidden"
    else:
      err = "ok"
    return err


  def attackGET(self, page, dict, headers = {}):
    err = ""
    url = page
    err500 = 0
    if url not in self.attackedGET:
      #print the url if verbose equal 2
      if self.verbose == 2:
        print "+ " + url
      
      err1 = self.__returnErrorByCode(headers["status"])
      
      if err1 != "ok":
        data1 = self.HTTP.send(url).getPage()
        #htaccess protection detected
        if self.verbose >= 1:
          print _("HtAccess protection found:"), url

        
        data2, code2 = self.HTTP.send(url, method = "ABC").getPageCode()
        err2 = self.__returnErrorByCode(code2)
        
        
        if err2 == "ok":
          #htaccess bypass success
          
          #print output informations by verbosity option
          if self.verbose >= 1:
            if self.color == 1:
              print self.CYAN + "|HTTP Code : ", headers["status"], ":", err1 + self.STD
            else:
              print "|HTTP Code : ", headers["status"], ":", err1

          if self.verbose == 2:
            if self.color == 1:
              print self.YELLOW + _("Source code:") + self.STD
              print self.GB + data1 + self.STD
            else:
              print _("Source code:")
              print data1
          
          #report xml generator (ROMULUS) not implemented for htaccess
          self.reportGen.logVulnerability(Vulnerability.HTACCESS, Vulnerability.HIGH_LEVEL_VULNERABILITY, \
              url, "", err + " HtAccess")
          if self.color == 1:
            print self.RED + "  " + _(".htaccess bypass vulnerability:"), url + self.STD
          else:
            print "  " + _(".htaccess bypass vulnerability:"), url

          #print output informations by verbosity option
          if self.verbose >= 1:
            if self.color == 1:
              print self.CYAN + "|HTTP Code : ", code2 + self.STD
            else:
              print "|HTTP Code : ", code2

          if self.verbose == 2:
            if self.color == 1:
              print self.YELLOW + _("Source code:") + self.STD
              print self.GB + data2 + self.STD
            else:
              print _("Source code:")
              print data2

        else:
          if code1 == 500 and err500 == 0:
            err500 = 1
            self.reportGen.logVulnerability(Vulnerability.HTACCESS, Vulnerability.HIGH_LEVEL_VULNERABILITY, \
                url, "", VulDescrip.ERROR_500 + "\n" + VulDescrip.ERROR_500_DESCRIPTION)
            print _("500 HTTP Error code with")
            print "  " + _("Evil url") + ":",url
            
          #add the url with the url attacked
        self.attackedGET.append(url)