Delete nana.jpg

README.md

@@ -55,7 +55,9 @@
 
   国内外100+款waf信息,强大的指纹库，包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案
   
-  `python3 cerberus.py -target www.qq.com -waf`
+  请务必提供带有参数的URL进行WAF测试！
+  
+  `python3 cerberus.py -target https://open.weixin.qq.com/frame?t=home/web_tmpl&lang=zh_CN -waf`
 
 - :see_no_evil:中间件信息收集
 
@@ -114,9 +116,6 @@
   `python3 cerberus.py -outfile`
   
   
-## :monkey: 维护与完善
-
-这个项目是个不完全版，最近要准备期末考试和找实习，之前原本设计一些强大并且很具有创新力功能因为时间原因取消了。原本设计的功能包括先对目标进行FUZZ，根据结果决策出bypass方案，并且根据结果自动生成payload，更加精准的有效率的攻击，以及能识别验证码的弱口令爆破功能，以后我会慢慢完善。
 
 ## :rabbit: Praise me!
 

cerberus.py

@@ -74,11 +74,7 @@ if target:
 
 
 
-logger_type = "StreamLogger"
+logger_type = "FileLogger" if outfile else "StreamLogger"
-
-
-if outfile:
-    logger_type = "FileLogger"
 
 
 if mail:

core/Quicksilver.py

@@ -1,10 +1,10 @@
 from concurrent.futures import ThreadPoolExecutor, ProcessPoolExecutor, as_completed
-from core.requester import requester
+
 
 
 def quicksliver(func,number_process):
+    """fixed a big bug on 12.24 Merry Christmas"""
 
     with ThreadPoolExecutor(max_workers = number_process) as executor:
         futures = [executor.submit(func) for count in range(number_process)]
-        for future in as_completed(futures):
+
-            future.result()

core/auxiliary.py

@@ -11,7 +11,7 @@ from urllib3.exceptions import ConnectTimeoutError
 
 def chambering(url,strike,payload = None,type = None):
 
-    if "=" in url:
+    if "=" in url and "?" in url:
         data = url.split("?")[1].split("&")
         params_extractor = tuple((i.split('=')[0],i.split('=')[1]) for i in data)
         params = {i:j for i, j in params_extractor}
@@ -144,5 +144,7 @@ def load_queue(subdomain):
     return subdomain_queue
 
 
-
+if __name__ == '__main__':
-
+    # chambering(url, strike, payload=None, type=None):
+    url =  "https://plus.jd.com/indexf?low_system=appicon&flow_entrance=appicon11&flow_channel=pc"
+    chambering(url,strike=False)

core/filter.py

@@ -26,9 +26,9 @@ class Filter:
             md5.update(item.encode('utf-8'))
             if md5.hexdigest() not in container:
                 container.add(md5.hexdigest())
-                # print(item)
                 return True
             return False
+        return False
 
 
     # @staticmethod

data/payloads.py

@@ -1,12 +1,13 @@
 waf_checker = [ " '",
-                # "1 AND 1",
+                " AND 1",
-                # "1/**/AND/**/1",
+                " /**/AND/**/1",
-                # "1 AND 1=1",
+                " AND 1=1",
-                "1 AND 1 LIKE 1",
+                " AND 1 LIKE 1",
+                " ' AND '1'='1",
                 "<img src=x onerror=alert('XSS')>",
-                # "<img onfoo=f()>",
+                "<img onfoo=f()>",
-                "<script>alert('intrusion')</script>",
+                "<script>alert('intrusion')</script>"
-                " ' AND '1'='1"]
+              ]
 
 Sql_injection = {
 

strike/attack.py

@@ -88,15 +88,16 @@ class Attack:
             if not self.target is None:
                 self.initis()
 
+
+
             while not self.target_url.empty():
                 target = self.target_url.get()
-                strike_pre = assault_pre()
+                # strike_pre = assault_pre()
-                strike_pre.payload_provide()
+                # strike_pre.payload_provide()
 
 
                 while not target.empty():
                     original = target.get()
-                    # print(self.target_url.qsize())
                     # url = regex.URL_PATH.sub("=", original)
                     """and self.filter_(url,self.requests_seen)"""
                     # print("fucking" + original)
@@ -104,7 +105,7 @@ class Attack:
                     if self.domain in original:
                         url, data = chambering(original,strike = False)
                         received_ = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
-                        if received_.status_code == 403:
+                        if not received_ is None and received_.status_code == 403:
                             if not self.proxy_queue is None and not self.proxy_queue.empty():
                                 self.proxy = get_proxy(self.proxy_queue)
                         print(f"{blue_green}[+][{time}] Vulnerability scanning is being performed on {original}{end}")
@@ -117,6 +118,8 @@ class Attack:
 
                     if "=" in original:
                         url, data = chambering(original, strike=False)
+                        strike_pre = assault_pre()
+                        strike_pre.payload_provide()
                         received = requester(url, data, GET=True,cookie = self.cookie,proxy = self.proxy)
 
                         for vul_type, category in strike_pre.get_payload_category().items():
@@ -126,10 +129,9 @@ class Attack:
 
                                 if vul_type in ["SQLi","file_inclusion","command_injection","ssrf"]:
                                     Poisoned = requester(url,data,GET = True,cookie = self.cookie,proxy = self.proxy)
-                                    code = Poisoned.status_code
 
-                                    if not Poisoned is None and code < 400:
+                                    if not Poisoned is None and Poisoned.status_code < 400:
-                                        if error_check(Poisoned):
+                                        if error_check(Poisoned.text):
                                             if receive_check(received.text,Poisoned.text,vul_type,payload):
                                                 message = vul_message(vul_type,original,payload)
                                                 self.logger.critical(message)
@@ -144,15 +146,4 @@ class Attack:
 
 
 
-if __name__ == '__main__':
-    cerberus = Attack("http://www.ztcc.com","StreamLogger")
-    # target = requester("http://www.weibo.com",None,GET = True)
-    # cerberus.url_extrator(target.text)
-
-
-    execut = cerberus.execution
-    # execut()
-    quicksliver(execut,7)
-
-
 

strike/detect_waf.py

@@ -1,17 +1,23 @@
 import re
 import json
 import time
-from core.colors import green,end
+from core.colors import red,green,purple,end
-from core.log import factory_logger
 from core.auxiliary import chambering
 from core.requester import requester
 from data.payloads import waf_checker
+from core.log import factory_logger,time
+
 
 
-time = time.strftime('%Y-%m-%d %H:%M:%S')
 
 def check_waf(target, logger_type, proxy = None):
 
+    original_target = target
+    if "=" not in original_target:
+        print(f"{red}[!][{time}] Please provide a url with parameters! {end}")
+        quit()
+
+
     # folder = Path.cwd().parent
     # waf_file = str(folder / "data/waf_signature")
     waf_file = "data/waf_signature"
@@ -28,11 +34,16 @@ def check_waf(target, logger_type, proxy = None):
 
         for intruder in waf_checker:
             try:
-                target, payload = chambering(target, strike=True, payload=intruder)
+                intruder_type = "XSS" if intruder.startswith("<") else "SQLi"
-                response = requester(target, payload, GET=True, timeout=5, proxy=proxy)
-                page, code, headers = response.text, response.status_code, response.headers
 
-                if int(code) >= 400:
+                target, payload = chambering(original_target, strike=True, payload=intruder,type = intruder_type)
+                response = requester(target, payload, GET=True, timeout=5, proxy=proxy)
+                print(f"{purple}[~][{time}] using {intruder} to detect WAF !{end}")
+
+
+                if not response is None:
+                    page, code, headers = response.text, response.status_code, response.headers
+                    if code >= 400:
                         match = 0
 
                         for waf_name, waf_signature in waf_data.items():
@@ -69,5 +80,4 @@ def check_waf(target, logger_type, proxy = None):
 
 if __name__ == '__main__':
 
-    r = check_waf("http://www.qq.com")
+    check_waf("http://www.qq.com","StreamLogger")
-    print(r)