Commit bb6e4615 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 0.1~svn5

parents
This diff is collapsed.
Released under the GPL v 2.0.
If you did not recieve a copy of the GPL, try http://www.gnu.org/.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
Webslayer - OWASP Project
=========================
Current version: 1.0
Webslayer is a web application bruteforcer tool, to help security testers on all bruteforce tasks during a penetration test
You can perform attacks like:
-Predictable resource locator, recursion supported (Discovery)
-Login forms brute force
-Session brute force
-Parameter brute force
-Parameter fuzzing and injection (XSS, SQL)
-Basic and Ntml authentication brute forcing
Features:
--------
Recursion
Encodings: 15 encodings supported
Authentication: supports Ntml and Basic
Multiple payloads: you can use 2 payloads in different parts
Proxy support (authentication supported)
For predictable resource location it support: Recursion, common extensions, non standard code detection
Multiple filters for improving the performance and for producing cleaner results
Live filters
Multithreads
Session saving
Integrated browser (webKit)
Time delay between requests
Attack balancing across multiple proxies
Predefined dictionaries for predictable resource location, based on known servers (Thanks to Dark Raver, www.open-labs.org)
Changelog 1.0:
--------------
-Time delays between requests
-Multiple proxy support (randomized)
Known bugs:
-----------
-The permutation payload generation, depending on the quantity of characters and size can hog the CPU.
Resources:
----------
Training on how to use WebSlayer
http://www.owasp.org/index.php/File:Christian_Martorella-Webslayer-Training-IBWAS2010.pdf
OWASP Home Page
http://www.owasp.org/index.php/Category:OWASP_Webslayer_Project
Google Code Home Page
http://code.google.com/p/webslayer/
#Covered by GPL V2.0
#Coded by Carlos del Ojo Elias (deepbit@gmail.com)
import sys
import re
class TextParser:
def __init__ (self):
self.string=""
self.oldindex=0
self.newindex=0
self.type=""
self.lastFull_line=None
self.lastline = None
pass
def __del__ (self):
if self.type=="file":
self.fd.close()
def setSource (self,t,*args):
'''Se especifica el tipo de entrada. Puede ser fichero o entrada estandard
Ejemplos: setSource("file","/tmp/file")
setSource("stdin")\n'''
if t=="file":
self.type=t
self.fd=file(args[0],"r")
elif t=="stdin":
if self.type=="file":
self.fd.close()
self.type=t
elif t=="string":
if self.type=="file":
self.fd.close()
self.type=t
self.string=args[0]
self.oldindex=0
self.newindex=0
else:
print "Bad argument -- TextParser.setSource()\n"
sys.exit (-1)
def seekinit(self):
self.oldindex=0;
self.newindex=0;
def readUntil (self,pattern,caseSens=True):
"Lee lineas hasta que el patron (pattern) conincide en alguna linea"
while True:
if (self.readLine() == 0):
return False
if (self.search(pattern,caseSens) == True):
break
return True
def search (self,pattern,caseSens=True,debug=0):
"Intenta hacer Matching entre el pattern pasado por parametro y la ultima linea leida"
if not caseSens:
self.regexp=re.compile(pattern,re.IGNORECASE)
else:
self.regexp=re.compile(pattern)
self.matches=self.regexp.findall(self.lastline)
j=0
for i in self.matches:
if not type(i)==type(()):
self.matches[j]=tuple([self.matches[j]])
j+=1
# DEBUG PARA MATCHING
if (debug==1):
print "[",self.lastline,"-",pattern,"]"
print len(self.matches)
print self.matches
if len(self.matches)==0:
return False
else:
return True
def __getitem__ (self,key):
"Para acceder a cada uno de los patrones que coinciden, esta preparado paragrupos de patrones, no para solo un patron"
return self.matches[key]
def skip (self,lines):
"Salta las lines que se indiquen en el parametro"
for i in range(lines):
if (self.readLine() == 0):
return False
return True
def readLine(self):
"Lee la siguiente linea eliminando retornos de carro"
if self.type=="file":
self.lastFull_line=self.fd.readline()
elif self.type=="stdin":
self.lastFull_line=raw_input()
elif self.type=="string":
if self.newindex==-1:
return 0
if self.oldindex>=0:
self.newindex=self.string.find("\n",self.oldindex,len(self.string))
if self.newindex==-1:
self.lastFull_line=self.string[self.oldindex:len(self.string)]
else:
self.lastFull_line=self.string[self.oldindex:self.newindex+1]
self.oldindex=self.newindex+1
else:
self.lastFull_line=''
bytes_read = len(self.lastFull_line)
s=self.lastFull_line
self.lastline=s
if s[-2:] == '\r\n':
self.lastline = s[:-2]
elif s[-1:] == '\r' or s[-1:] == '\n':
self.lastline = s[:-1]
return bytes_read
#!/usr/bin/python
#Coded by Christian Martorella cmartorella@edge-security.com
import sys
from PyQt4 import QtGui
from wf import *
app = QtGui.QApplication(sys.argv)
#window = QtGui.QWidget()
window = QtGui.QMainWindow()
ui = Ui_MainWindow()
ui.setupUi(window)
pix=QtGui.QPixmap("images/logo2.png")
splash=QtGui.QSplashScreen(pix)
splash.setMask(pix.mask())
splash.show()
app.processEvents()
time.sleep(1.5)
window.show()
splash.finish(window)
sys.exit(app.exec_())
SQL
sql
exception
ORA
error
syntax
failed
VBScript
Server
Index of
www-authenticate
OLE
XSS
alert
Error
ERROR
welcome=Welcome to WebSlayer, enjoy your analysis...
cookies_1=No cookies were found
target_1=Target empty, please set a URL
target_2=Check the hostname, and try again
target_3=Error in HTTP connection, is the port open?
fuzz_1=Fuzz type requires a keyword in the URL(FUZZ)
fuzz_2=[-]Fuzz type requires a keyword in the URL, HEADERS, POST DATA or Authentication
fuzz_3=Fuzz type selected: FILE, please select a file for loading
fuzz_4=[-] FILE fuzz type selected, dictionary file not loaded.
auth_1=Please enter a user:pass
auth_2=[-] Authentication selected but no user/password is set.
range_1=Please enter a valid range, only numeric allowed
range_2=[-] Range error: only numeric values allowed
fuzz_5=Fuzz type Payload, require importing an existing payload from Payload Generator.
fuzz_6=[-] Fuzz type Payload, require importing an existing payload from Payload Generator
file_1=You want to use a second fuzzing point (FUZ2Z) but none payload was selected.
file_2=[-] You want to use a second fuzzing point (FUZ2Z), but no payload was selected
about=<p>WebSlayer</p><p>Main developers:</p><p>Christian Martorella</p><p>Carlos del Ojo</p><p>Colaborators:</p> <p>Vicente Diaz</p><p>Edge-Security 2008</p>
payload_1=[-] Error importing Payload 1, check that a Payload exists
payload_2=[-] Error importing Payload 2, check that a Payload exists
pre_launch0=[+] Attack launched
pre_launch1=[-] Preflight check..
pre_launch2= Preflight check..
pre_launch3=[*] Preflight check failed.
pre_launch4=Preflight check failed
error0=[-] Error in HTTP connection to:
error1=Error in HTTP connection
recursion0=[-] Entering recursion state..
recursion1=Checking recursion..
recursion2=Checking recursion for
payload0=[-] Dictionary imported successfuly from Payload Generator
payload1=Payload imported ok
payload2=[-] Error importing dictionarty from Payload Generator
payload3=[-] Dictionary imported successfuly from Payload Generator
payload4=[-] Error importing dictionarty from Payload Generator
export0=<html><body><center><h2>Webslayer - results By Edge-Security</h2></center><br><hr>
export1=[-] Results exported successfuly
dict0=Generating dictionary..
dict1=Preparing attack
attack0=[-] Attack finished at:
attack1= Attack finished OK
#!/usr/bin/python
#Covered by GPL V2.0
from encoders import *
from payloads import *
# generate_dictio evolution
class dictionary:
def __init__(self,dicc=None):
if dicc:
self.__payload=dicc.getpayload()
self.__encoder=dicc.getencoder()
else:
self.__payload=payload()
self.__encoder=encoder()
self.iter=self.__payload.__iter__()
def count (self):
return self.__payload.count()
def setpayload(self,payl):
self.__payload=payl
self.iter=self.__payload.__iter__()
def setencoder(self,encd):
self.__encoder=encd
def getpayload (self):
return self.__payload
def getencoder (self):
return self.__encoder
def generate_all(self):
dicc=[]
for i in self.__payload:
dicc.append(self.__encoder.encode(i))
return dicc
def __iter__(self):
self.restart()
return self
def next(self):
pl=self.iter.next()
return self.__encoder.encode(pl)
def restart(self):
self.iter=self.__payload.__iter__()
import urllib
import base64
import re
import binascii
import random
import hashlib
# SUPERCLASS
class encoder:
def __init__(self):
pass
def encode (self,string):
return string
#######################################################
######################################################
######## Inheritances
#######################################################
######################################################
class encoder_urlencode (encoder):
text="urlencode"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
return urllib.quote(string)
def decode(self,string):
try:
res=urllib.unquote(clear)
return res
except:
return 1
class encoder_double_urlencode (encoder):
text="double urlencode"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
return urllib.quote(urllib.quote(string))
class encoder_base64 (encoder):
text="base64"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
return base64.standard_b64encode(string)
def decode(self,string):
import base64
try:
res=base64.decodestring(string)
return res
except:
return 1
class encoder_uri_hex (encoder):
text="uri hexadecimal"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
strt = ""
con = "%%%02x"
s=re.compile(r"/|;|=|:|&|@|\\|\?")
for c in string:
if s.search(c):
strt += c
continue
strt += con % ord(c)
return strt
class encoder_random_upper (encoder):
text="random Uppercase"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
strt = ""
for c in string:
x = int(random.uniform(0,10))
x = x % 2
if x == 1:
strt += c.upper()
else:
strt += c
return strt
class encoder_doble_nibble_hex (encoder):
text="double nibble Hexa"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
strt = ""
fin = ""
con = "%%%02x"
# first get it in straight hex
s=re.compile(r"/|;|=|:|&|@|\\|\?")
enc=encoder_uri_hex()
strt = enc.encode(string)
for c in strt:
if not c == "%":
if s.search(c):
fin += c
continue
fin += con % ord(c)
else:
fin += c
return fin
class encoder_sha1 (encoder):
text="sha1"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
s=hashlib.sha1()
s.update(string)
res =s.hexdigest()
return res
class encoder_md5 (encoder):
text="md5"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
m=hashlib.new('md5')
m.update(string)
res = m.hexdigest()
return res
class encoder_binascii (encoder):
text="binary Ascii"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
res = binascii.hexlify(string)
return res
def decode(self,string):
import binascii
try:
res = binascii.unhexlify(clear)
return res
except:
return 1
class encoder_html (encoder):
text="html encoder"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
res=string
res=res.replace("<","&lt;")
res=res.replace(">","&gt;")
res=res.replace("\"","&quot;")
res=res.replace("'","&apos;")
#res=res.replace("&","&amp;")
return res
class encoder_html_decimal (encoder):
text="html encoder decimal"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
new+="&#"+str(ord(x))+";"
return new
class encoder_html_hexadecimal (encoder):
text="html encoder Hexa"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
val="%02x" % ord(x)
new+="&#x"+str(val)+";"
return new
class encoder_utf8_binary (encoder):
text="utf8 binary"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
val="%02x" % ord(x)
new+="\\x"+str(val)
return new
class encoder_utf8 (encoder):
text="utf8"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
val="%02x" % ord(x)
if len(val)==2:
new+="\\u00"+str(val)
else:
new+="\\u"+str(val)
return new
class encoder_uri_unicode (encoder):
text="uri unicode"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
val="%02x" % ord(x)
if len(val)==2:
new+="%u00"+str(val)
else:
new+="%u"+str(val)
return new
class encoder_mysqlchar (encoder):
text="mysql char"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new="CHAR("
for x in string:
val=str(ord(x))
new+=str(val)+","
new=new.strip(",")
new+=")"
return new
def decode(self,string):
temp=string.strip("CHAR").strip("(").strip(")").split(",")
new=""
for x in temp:
new+=chr(int(x))
return new
class encoder_mssqlchar(encoder):
text="mssql Char"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
val=str(ord(x))
new+="CHAR("+str(val)+")+"
new=new.strip("+")
return new
def decode(self,string):
new=""
temp=string.split("+")
for x in temp:
x=x.strip("CHAR").strip(")").strip("(")
new+= chr(int(x))
return new
class encoder_oraclechar(encoder):
text="oracle Char"
def __init__(self):
encoder.__init__(self)
def encode(self,string):
new=""
for x in string:
val=str(ord(x))
new+="chr("+val+")||"
new=new.strip("||")
return new
def decode(self,string):
new=""
temp=string.split("||")
for x in temp:
x=x.strip("chr").strip(")").strip("(")
new+= chr(int(x))
return new
#!/usr/bin/python
"""
gencc: A simple program to generate credit card numbers that pass the MOD 10 check
(Luhn formula).
Usefull for testing e-commerce sites during development.
Copyright 2003 Graham King
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
"""
from random import Random
import sys
import copy
visaPrefixList = [ ['4', '5', '3', '9'],
['4', '5', '5', '6'],
['4', '9', '1', '6'],
['4', '5', '3', '2'],
['4', '9', '2', '9'],
['4', '0', '2', '4', '0', '0', '7', '1'],
['4', '4', '8', '6'],
['4', '7', '1', '6'],
['4'] ]
mastercardPrefixList = [ ['5', '1'],
['5', '2'],
['5', '3'],
['5', '4'],
['5', '5'] ]
amexPrefixList = [ ['3', '4'],
['3', '7'] ]
discoverPrefixList = [ ['6', '0', '1', '1'] ]
dinersPrefixList = [ ['3', '0', '0'],
['3', '0', '1'],
['3', '0', '2'],
['3', '0', '3'],
['3', '6'],
['3', '8'] ]
enRoutePrefixList = [ ['2', '0', '1', '4'],
['2', '1', '4', '9'] ]
jcbPrefixList16 = [ ['3', '0', '8', '8'],