platform/libinjection/misc/logscanner.py

#!/usr/bin/env python
import sys
import re
import libinjection
import urllib
import urlparse

logre = re.compile(r' /diagnostics\?([^ ]+) HTTP')

notsqli = set([
'1ov',
'UEvEv',
'v',
'Uv',
'Uv,',
'UoEvE',
'1v',
'sov',
'1nn',
'UonnE',
'no1',
'Evk',
'E1k',
'E11k',
'Ek',
'Uv,Ev',
'UvEvk',
'UvEv,',
'Uvon'
])

def doline(logline):
    """
    ...GET /diagnostics?id=%22union+select HTTP/1.1
    """
    mo = logre.search(logline)
    if not mo:
        return

    sqli= False
    fp = None
    for key, val in urlparse.parse_qsl(mo.group(1)):
        val = urllib.unquote(val)
        extra = {}
        argsqli = libinjection.detectsqli(val, extra)
        if argsqli:
            fp = extra['fingerprint']
            print urllib.quote(val)
        sqli = sqli or argsqli

    if False: # and not sqli:
        #print "\n---"
        #print mo.group(1)
        for key, val in urlparse.parse_qsl(mo.group(1)):
            val = urllib.unquote(val)
            extra = {}
            argsqli = libinjection.detectsqli(val, extra)
            if not argsqli and extra['fingerprint'] not in notsqli:
                print "NO", extra['fingerprint'], mo.group(1)
                print "  ", val

if __name__ == '__main__':
    for line in sys.stdin:
        doline(line)
Roll libinjection 2019-08-16 14:42:40 +00:00			`#!/usr/bin/env python`
			`import sys`
			`import re`
			`import libinjection`
			`import urllib`
			`import urlparse`

			`logre = re.compile(r' /diagnostics\?([^ ]+) HTTP')`

			`notsqli = set([`
			`'1ov',`
			`'UEvEv',`
			`'v',`
			`'Uv',`
			`'Uv,',`
			`'UoEvE',`
			`'1v',`
			`'sov',`
			`'1nn',`
			`'UonnE',`
			`'no1',`
			`'Evk',`
			`'E1k',`
			`'E11k',`
			`'Ek',`
			`'Uv,Ev',`
			`'UvEvk',`
			`'UvEv,',`
			`'Uvon'`
			`])`

			`def doline(logline):`
			`"""`
			`...GET /diagnostics?id=%22union+select HTTP/1.1`
			`"""`
			`mo = logre.search(logline)`
			`if not mo:`
			`return`

			`sqli= False`
			`fp = None`
			`for key, val in urlparse.parse_qsl(mo.group(1)):`
			`val = urllib.unquote(val)`
			`extra = {}`
			`argsqli = libinjection.detectsqli(val, extra)`
			`if argsqli:`
			`fp = extra['fingerprint']`
			`print urllib.quote(val)`
			`sqli = sqli or argsqli`

			`if False: # and not sqli:`
			`#print "\n---"`
			`#print mo.group(1)`
			`for key, val in urlparse.parse_qsl(mo.group(1)):`
			`val = urllib.unquote(val)`
			`extra = {}`
			`argsqli = libinjection.detectsqli(val, extra)`
			`if not argsqli and extra['fingerprint'] not in notsqli:`
			`print "NO", extra['fingerprint'], mo.group(1)`
			`print " ", val`

			`if __name__ == '__main__':`
			`for line in sys.stdin:`
			`doline(line)`