Adding WAF script for SecureIIS

stamparm · stamparm · commit 6acb2480b851 · 2013-02-21T21:34:26.000+01:00
diff --git a/lib/core/decorators.py b/lib/core/decorators.py
@@ -13,7 +13,7 @@ def cachedmethod(f, cache={}):
     """
 
     def _(*args, **kwargs):
-        key = (f, tuple(args), frozenset(kwargs.items()))
+        key = (f, tuple(args), str(kwargs))
         if key not in cache:
             cache[key] = f(*args, **kwargs)
         return cache[key]
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -152,6 +152,7 @@ class HTTPHEADER:
     REFERER = "Referer"
     SERVER = "Server"
     USER_AGENT = "User-Agent"
+    TRANSFER_ENCODING = "Transfer-Encoding"
 
 class EXPECTED:
     BOOL = "bool"
diff --git a/waf/secureiis.py b/waf/secureiis.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "SecureIIS Web Server Security (BeyondTrust)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    retval = code != 404
+    page, headers, code = get_page(auxHeaders={HTTPHEADER.TRANSFER_ENCODING: 'a' * 1025, HTTPHEADER.ACCEPT_ENCODING: "identity"})
+    retval = retval and code == 404
+    return retval
