File: nullserver.py

package info (click to toggle)
modsecurity 3.0.14-1
  • links: PTS
  • area: main
  • in suites: forky, sid, trixie
  • size: 88,920 kB
  • sloc: ansic: 174,512; sh: 43,569; cpp: 26,214; python: 15,734; makefile: 3,864; yacc: 2,947; lex: 1,359; perl: 1,243; php: 42; tcl: 4
file content (111 lines) | stat: -rwxr-xr-x 2,810 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
#!/usr/bin/env python

# A 'nullserver' that accepts input and generates output
# to trick sqlmap into thinking it's a database-driven site
#

import sys
import logging
import urllib

import tornado.httpserver
import tornado.ioloop
import tornado.web
import libinjection

class ShutdownHandler(tornado.web.RequestHandler):
    def get(self):
        global fd
        fd.close()
        sys.exit(0)


class CountHandler(tornado.web.RequestHandler):
    def get(self):
        global count
        self.write(str(count) + "\n")

def boring(arg):
    if arg == '':
        return True

    if arg == 'foo':
        return True

    if arg == 'NULL':
        return True

    try:
        float(arg)
        return True
    except ValueError:
        pass

    return False;

class NullHandler(tornado.web.RequestHandler):

    def get(self):
        global fd
        global count
        params = self.request.arguments.get('id', [])
        sqli = False

        if len(params) == 0 or (len(params) == 1 and boring(params[0])):
            # if no args, or a single value with uninteresting input
            # then just exit
            self.write("<html><head><title>safe</title></head><body></body></html>")
            return

        for arg in params:
            sqli = libinjection.detectsqli(arg)
            if sqli:
                break

        # we didn't detect it :-(
        if not sqli:
            count += 1
            args = [ arg.strip() for arg in params ]
            #fd.write(' | '.join(args) + "\n")
            for arg in args:
                extra = {}
                sqli = libinjection.detectsqli(arg, extra)
                logging.error("\t" + arg + "\t" + str(sqli) + "\t" + extra['fingerprint'] + "\n")
            #for arg in param:
            #    fd.write(arg + "\n")
            #    #fd.write(urllib.quote_plus(arg) + "\n")
            self.set_status(500)
            self.write("<html><head><title>safe</title></head><body></body></html>")
        else:
            self.write("<html><head><title>sqli</title></head><body></body></html>")

import os
settings = {
    "static_path": os.path.join(os.path.dirname(__file__), "static"),
    "cookie_secret": "yo mama sayz=",
    "xsrf_cookies": True,
    "gzip": False
}

application = tornado.web.Application([
    (r"/null", NullHandler),
    (r"/shutdown", ShutdownHandler),
    (r"/count", CountHandler)
    ], **settings)


if __name__ == "__main__":
    global fd
    global count

    count = 0

    fd = open('./sqlmap-false-negatives.txt', 'w')

    import tornado.options
    #tornado.options.parse_config_file("/etc/server.conf")
    tornado.options.parse_command_line()

    http_server = tornado.httpserver.HTTPServer(application)
    http_server.listen(8888)
    tornado.ioloop.IOLoop.instance().start()