Update for WAF scripts

stamparm · stamparm · commit e5835dc74f34 · 2013-02-26T15:30:11.000+01:00
diff --git a/lib/core/enums.py b/lib/core/enums.py
@@ -153,6 +153,7 @@ class HTTPHEADER:
     SERVER = "Server"
     USER_AGENT = "User-Agent"
     TRANSFER_ENCODING = "Transfer-Encoding"
+    VIA = "Via"
 
 class EXPECTED:
     BOOL = "bool"
diff --git a/waf/binarysec.py b/waf/binarysec.py
@@ -13,4 +13,7 @@
 
 def detect(get_page):
     page, headers, code = get_page()
-    return re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    retval = re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    if not retval:
+        retval = any(headers.get(_) for _ in ("x-binarysec-via", "x-binarysec-nocache"))
+    return retval
diff --git a/waf/cloudflare.py b/waf/cloudflare.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "CloudFlare Web Application Firewall (CloudFlare)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"cloudflare-nginx", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+        retval |= re.search(r"\A__cfduid=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval
diff --git a/waf/dotdefender.py b/waf/dotdefender.py
@@ -14,7 +14,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retVal = headers.get("X-dotDefender-denied", "") == 1
+        retVal = headers.get("X-dotDefender-denied", "") == "1"
         if retVal:
             break
 
diff --git a/waf/isaserver.py b/waf/isaserver.py
@@ -11,4 +11,6 @@
 
 def detect(get_page):
     page, headers, code = get_page(host=randomInt(6))
-    return "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator" in page
+    retval = "The server denied the specified Uniform Resource Locator (URL). Contact the server administrator." in (page or "")
+    retval |= "The ISA Server denied the specified Uniform Resource Locator (URL)" in (page or "")
+    return retval
diff --git a/waf/modsecurity.py b/waf/modsecurity.py
@@ -5,6 +5,9 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+import re
+
+from lib.core.enums import HTTPHEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)"
@@ -14,8 +17,9 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        if code == 501:
-            retval = True
+        retval = code == 501
+        retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+        if retval:
             break
 
     return retval
diff --git a/waf/netscaler.py b/waf/netscaler.py
@@ -15,6 +15,7 @@
 def detect(get_page):
     page, headers, code = get_page()
     retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+    retval |= re.search(r"\ANS-CACHE", headers.get(HTTPHEADER.VIA, ""), re.I) is not None
 
     if not retval:
         for vector in WAF_ATTACK_VECTORS:
diff --git a/waf/profense.py b/waf/profense.py
@@ -13,4 +13,7 @@
 
 def detect(get_page):
     page, headers, code = get_page()
-    return re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    retval = re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+    if not retval:
+        retval = re.search(r"\APLBSID=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+    return retval
diff --git a/waf/uspses.py b/waf/uspses.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "USP Secure Entry Server (United Security Providers)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retval = re.search(r"Secure Entry Server", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
+        if retval:
+            break
+
+    return retval
diff --git a/waf/webknight.py b/waf/webknight.py
@@ -5,6 +5,9 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+import re
+
+from lib.core.enums import HTTPHEADER
 from lib.core.settings import WAF_ATTACK_VECTORS
 
 __product__ = "WebKnight Application Firewall (AQTRONIX)"
@@ -15,6 +18,7 @@ def detect(get_page):
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
         retVal = code == 999
+        retval |= re.search(r"WebKnight", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None
         if retVal:
             break
 
