XSStrike/core/wafDetector.py

import json
import re

from core.requester import requester


def wafDetector(url, params, headers, GET, delay, timeout):
    with open('./db/wafSignatures.json', 'r') as file:
        wafSignatures = json.load(file)
    # a payload which is noisy enough to provoke the WAF
    noise = '<script>alert("XSS")</script>'
    params['xss'] = noise
    # Opens the noise injected payload
    response = requester(url, params, headers, GET, delay, timeout)
    page = response.text
    code = str(response.status_code)
    headers = str(response.headers)
    if int(code) >= 400:
        bestMatch = [0, None]
        for wafName, wafSignature in wafSignatures.items():
            score = 0
            pageSign = wafSignature['page']
            codeSign = wafSignature['code']
            headersSign = wafSignature['headers']
            if pageSign:
                if re.search(pageSign, page, re.I):
                    score += 1
            if codeSign:
                if re.search(codeSign, code, re.I):
                    score += 0.5  # increase the overall score by a smaller amount because http codes aren't strong indicators
            if headersSign:
                if re.search(headersSign, headers, re.I):
                    score += 1
            # if the overall score of the waf is higher than the previous one
            if score > bestMatch[0]:
                del bestMatch[:]  # delete the previous one
                bestMatch.extend([score, wafName])  # and add this one
        if bestMatch[0] != 0:
            return bestMatch[1]
        else:
            return None
    else:
        return None
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`import json`
Fixed HTML comment context handling + Refactor 2018-11-15 15:41:01 +05:30			`import re`

Add files via upload 2018-10-27 18:58:52 +05:30			`from core.requester import requester`

Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30
stable release 2018-11-10 17:33:48 +05:30			`def wafDetector(url, params, headers, GET, delay, timeout):`
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`with open('./db/wafSignatures.json', 'r') as file:`
			`wafSignatures = json.load(file)`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`# a payload which is noisy enough to provoke the WAF`
			`noise = '<script>alert("XSS")</script>'`
Add files via upload 2018-10-27 18:58:52 +05:30			`params['xss'] = noise`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`# Opens the noise injected payload`
			`response = requester(url, params, headers, GET, delay, timeout)`
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`page = response.text`
Add files via upload 2018-10-27 18:58:52 +05:30			`code = str(response.status_code)`
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`headers = str(response.headers)`
			`if int(code) >= 400:`
			`bestMatch = [0, None]`
			`for wafName, wafSignature in wafSignatures.items():`
			`score = 0`
			`pageSign = wafSignature['page']`
			`codeSign = wafSignature['code']`
			`headersSign = wafSignature['headers']`
			`if pageSign:`
			`if re.search(pageSign, page, re.I):`
			`score += 1`
			`if codeSign:`
			`if re.search(codeSign, code, re.I):`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`score += 0.5 # increase the overall score by a smaller amount because http codes aren't strong indicators`
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`if headersSign:`
			`if re.search(headersSign, headers, re.I):`
			`score += 1`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`# if the overall score of the waf is higher than the previous one`
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`if score > bestMatch[0]:`
Documentation and pep8 compilance 2018-11-16 21:13:45 +05:30			`del bestMatch[:] # delete the previous one`
			`bestMatch.extend([score, wafName]) # and add this one`
rewrote to be easily maintainable and accurate 2018-11-14 23:19:57 +05:30			`if bestMatch[0] != 0:`
			`return bestMatch[1]`
			`else:`
			`return None`
			`else:`
			`return None`