s0md3v/Corsy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06f4d4a06d6a8ed33acfcb739a8fbb4393522f09
Corsy/core/tests.py
Somdev Sangwan de9aff1794 fix breaking bug, better error handling
2021-01-28 18:23:51 +05:30

110 lines
4.9 KiB
Python
Raw Blame History

import sys
import time
from core.requester import requester
from core.utils import host, load_json
details = load_json(sys.path[0] + '/db/details.json')
def passive_tests(url, headers):
root = host(url)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header == '*':
info = details['wildcard value']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
if root:
if host(acao_header) and root != host(acao_header):
info = details['third party allowed']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
def active_tests(url, root, scheme, header_dict, delay):
origin = scheme + '://' + root
headers = requester(url, scheme, header_dict, origin)
if headers:
origin = root + '://' + 'example.com'
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == (origin):
info = details['origin reflected']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
elif not acao_header:
return
time.sleep(delay)
origin = scheme + '://' + root + '.example.com'
headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == (origin):
info = details['post-domain wildcard']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
origin = scheme + '://d3v' + root
headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == (origin):
info = details['pre-domain wildcard']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
origin = 'null'
headers = requester(url, '', header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == 'null':
info = details['null origin allowed']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
origin = scheme + '://' + root + '_.example.com'
headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == origin:
info = details['unrecognized underscore']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
origin = scheme + '://' + root + '%60.example.com'
headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and '`.example.com' in acao_header:
info = details['broken parser']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
if root.count('.') > 1:
origin = scheme + '://' + root.replace('.', 'x', 1)
headers = requester(url, scheme, header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header == origin:
info = details['unescaped regex']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
time.sleep(delay)
origin = 'http://' + root
headers = requester(url, 'http', header_dict, origin)
acao_header, acac_header = headers.get('access-control-allow-origin', None), headers.get('access-control-allow-credentials', None)
if acao_header and acao_header.startswith('http://'):
info = details['http origin allowed']
info['acao header'] = acao_header
info['acac header'] = acac_header
return {url : info}
else:
return passive_tests(url, headers)
Reference in New Issue View Git Blame Copy Permalink