60 lines
1.6 KiB
Python
60 lines
1.6 KiB
Python
import time
|
|
|
|
from core.utils import host
|
|
from core.requester import requester
|
|
|
|
def passive_tests(url, acao_header):
|
|
root = host(url)
|
|
if acao_header == '*':
|
|
return 'Wildcard value'
|
|
if root:
|
|
if root != host(acao_header):
|
|
print(acao_header)
|
|
return 'Third party allowed'
|
|
elif url.startswith('http://'):
|
|
return 'HTTP origin allowed'
|
|
else:
|
|
return False
|
|
else:
|
|
return 'Invalid value'
|
|
|
|
def active_tests(url, root, scheme, delay):
|
|
acao_header = requester(url, scheme, 'example.com')
|
|
if acao_header:
|
|
if acao_header == (scheme + 'example.com'):
|
|
return 'Origin reflected'
|
|
time.sleep(delay)
|
|
acao_header = requester(url, scheme, root + '.example.com')
|
|
if acao_header:
|
|
if acao_header == (scheme + root + '.example.com'):
|
|
return 'Post-domain wildcard'
|
|
time.sleep(delay)
|
|
acao_header = requester(url, scheme, 'd3v' + root)
|
|
if acao_header:
|
|
if acao_header == (scheme + 'd3v' + root):
|
|
return 'Pre-domain wildcard'
|
|
time.sleep(delay)
|
|
acao_header = requester(url, '', 'null')
|
|
if acao_header:
|
|
if acao_header == 'null':
|
|
return 'Null origin allowed'
|
|
time.sleep(delay)
|
|
acao_header = requester(url, scheme, root + '%60.example.com')
|
|
if acao_header:
|
|
if '`.example.com' in acao_header:
|
|
return 'Broken parser'
|
|
if root.count('.') > 1:
|
|
time.sleep(delay)
|
|
spoofed_root = root.replace('.', 'x', 1)
|
|
acao_header = requester(url, scheme, spoofed_root)
|
|
if acao_header:
|
|
if host(acao_header) == spoofed_root:
|
|
return 'Unescaped regex'
|
|
time.sleep(delay)
|
|
acao_header = requester(url, 'http', root)
|
|
if acao_header:
|
|
if acao_header.startswith('http://'):
|
|
return 'HTTP origin allowed'
|
|
else:
|
|
return passive_tests(url, acao_header)
|