|
25 | 25 | from lib.core.common import getSafeExString |
26 | 26 | from lib.core.common import getSortedInjectionTests |
27 | 27 | from lib.core.common import getUnicode |
| 28 | +from lib.core.common import hashDBRetrieve |
| 29 | +from lib.core.common import hashDBWrite |
28 | 30 | from lib.core.common import intersect |
29 | 31 | from lib.core.common import listToStrValue |
30 | 32 | from lib.core.common import parseFilePaths |
|
48 | 50 | from lib.core.decorators import cachedmethod |
49 | 51 | from lib.core.dicts import FROM_DUMMY_TABLE |
50 | 52 | from lib.core.enums import DBMS |
| 53 | +from lib.core.enums import HASHDB_KEYS |
51 | 54 | from lib.core.enums import HEURISTIC_TEST |
52 | 55 | from lib.core.enums import HTTP_HEADER |
53 | 56 | from lib.core.enums import HTTPMETHOD |
@@ -1155,6 +1158,14 @@ def checkWaf(): |
1155 | 1158 | if any((conf.string, conf.notString, conf.regexp, conf.dummy, conf.offline, conf.skipWaf)): |
1156 | 1159 | return None |
1157 | 1160 |
|
| 1161 | + _ = hashDBRetrieve(HASHDB_KEYS.CHECK_WAF_RESULT, True) |
| 1162 | + if _ is not None: |
| 1163 | + if _: |
| 1164 | + warnMsg = "previous heuristics detected that the target " |
| 1165 | + warnMsg += "is protected by some kind of WAF/IPS/IDS" |
| 1166 | + logger.critical(warnMsg) |
| 1167 | + return _ |
| 1168 | + |
1158 | 1169 | infoMsg = "checking if the target is protected by " |
1159 | 1170 | infoMsg += "some kind of WAF/IPS/IDS" |
1160 | 1171 | logger.info(infoMsg) |
@@ -1193,6 +1204,8 @@ def checkWaf(): |
1193 | 1204 | logger.warning("dropping timeout to %d seconds (i.e. '--timeout=%d')" % (IDS_WAF_CHECK_TIMEOUT, IDS_WAF_CHECK_TIMEOUT)) |
1194 | 1205 | conf.timeout = IDS_WAF_CHECK_TIMEOUT |
1195 | 1206 |
|
| 1207 | + hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True) |
| 1208 | + |
1196 | 1209 | return retVal |
1197 | 1210 |
|
1198 | 1211 | def identifyWaf(): |
|
0 commit comments