Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b183b9c

Browse files
stamparmstamparm
committed
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules
1 parent a4d8234 commit b183b9c

1 file changed

Lines changed: 56 additions & 0 deletions

File tree

lib/utils/detection.py

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
#!/usr/bin/env python
2+
3+
"""
4+
$Id: parenthesis.py 1003 2010-01-02 02:02:12Z inquisb $
5+
6+
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
7+
8+
Copyright (c) 2007-2009 Bernardo Damele A. G. <[email protected]>
9+
Copyright (c) 2006 Daniele Bellucci <[email protected]>
10+
11+
sqlmap is free software; you can redistribute it and/or modify it under
12+
the terms of the GNU General Public License as published by the Free
13+
Software Foundation version 2 of the License.
14+
15+
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
16+
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
17+
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
18+
details.
19+
20+
You should have received a copy of the GNU General Public License along
21+
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
22+
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
23+
"""
24+
import re
25+
import urllib2
26+
from xml.dom import minidom
27+
28+
from lib.core.data import logger
29+
30+
rules = None
31+
32+
def checkPayload(string):
33+
"""
34+
This method checks if the generated payload is detectable by an PHPIDS filter rules
35+
"""
36+
global rules
37+
38+
if not rules:
39+
url = 'https://svn.phpids.org/svn/trunk/lib/IDS/default_filter.xml'
40+
request = urllib2.Request(url)
41+
response = urllib2.urlopen(request)
42+
xmlrules = minidom.parse(response).documentElement
43+
response.close()
44+
rules = []
45+
for xmlrule in xmlrules.getElementsByTagName("filter"):
46+
try:
47+
rule = re.compile(xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue)
48+
desc = xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue
49+
desc = desc.replace('Detects', 'Detected').replace('finds', 'Found').replace('attempts', 'attempt').replace('injections', 'injection').replace('attacks', 'attack')
50+
rules.append((rule, desc))
51+
except:
52+
pass
53+
54+
for rule, desc in rules:
55+
if rule.search(string, re.IGNORECASE):
56+
logger.warn("highly probable IDS/IPS detection: '%s'" % desc)

0 commit comments

Comments
 (0)