forked from abdurahman-ctis/Hackathor-ClouDek
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
147 lines (116 loc) · 4.56 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
import json
from time import time
from urllib.parse import urlparse
import firebase_admin
from firebase_admin import credentials
from firebase_admin import db
from flask import Flask, request
from flask_cors import CORS
from flask_restful import Resource, Api
from requests import post
cred = credentials.Certificate('ids-hackathor-636a3e9f4e4c.json')
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://ids-hackathor.firebaseio.com/'
})
ref = db.reference('')
with open('payloads.json', encoding="utf8") as f:
loaded = json.load(f)
XSS = loaded['XSS']
TRAVERS = loaded['TRAVERS']
app = Flask(__name__)
api = Api(app)
app.config['SECRET_KEY'] = 'secret!'
cors = CORS(app)
VIRUSTOTAL = '66a5fb757b258c33502762d5b0f494111d7cc70032cfcf115336ad837a13b9ea'
DOMAIN = "bilkent.com"
# Zeyad Additions
# ------------------------------------
from SangomaUtils.sangoma_authenticators import *
import asyncio
WEBSOCKETS_PORT = 6666
G = {} # Global Dictionary
def start_websocket_server(port):
global G
import SangomaUtils.sangoma_authenticators
SangomaUtils.sangoma_authenticators.setG(G)
"""accepts connections from incoming lambda function requests"""
services_authenticator = MonitoringServiceAuthenticator()
services_message_manager = MessageManagerWebsocketFromServices()
G['lambda_connection_handler'] = ConnectionHandler(authenticator=services_authenticator,
message_manager=services_message_manager)
G['lambda_connection_handler'].accept_connections(port=port)
class MessageManagerWebsocketFromServices:
async def process_message(self, connection_and_msg):
'''look at the incoming event (message/command), determine its priority and add it to the eventQ saved
in the global obejct G.'''
@staticmethod
def report_to_connections(event):
for connection in G['lambda_connection_handler'].connections:
asyncio.ensure_future(G['lambda_connection_handler'].connections[connection].send(event))
# MessageManagerWebsocketFromServices.report_to_connections(event) # Reporting to WSS subscribers
# -----------------------------------------------------------------
def send_ref(ip, param, val, type):
ref.push({
"ip": ip,
"type": type,
"query_key": param,
"query_val": val,
"timestamp": time()
})
def not_same_domain(url):
url = urlparse(url).netloc
index = url.find("@")
if index != -1:
url = url[index + 1:]
return url != DOMAIN
class AnalyzeQuery(Resource):
def get(self):
return db.reference('').get()
def post(self):
params = request.get_json(force=True)
ip = request.remote_addr
for param, val in params.items():
# XSS
for pload in XSS:
if pload in val:
send_ref(ip, param, val, 'XSS')
break
# SQLi
if "'" in val and ('and' in val.lower() or 'or' in val.lower()) or '--' in val:
send_ref(ip, param, val, 'SQLi')
# CRLF
if '%0d' in val.lower() or '%0a' in val.lower():
send_ref(ip, param, val, 'CRLF')
# OPEN Redirect
if len([i for i in ['url', 'redirect', 'next'] if i in param.lower()]) > 0 \
and not_same_domain(val):
send_ref(ip, param, val, 'Open Redirect')
# Path Traversal
for pload in TRAVERS:
if pload in val:
send_ref(ip, param, val, 'Path Traversal')
break
return params
class ViralUrls(Resource):
def post(self):
params = request.get_json(force=True)
malicious = []
for url in params:
post("https://www.virustotal.com/vtapi/v2/url/scan", data={'apikey': VIRUSTOTAL, 'url': url})
res = post("https://www.virustotal.com/vtapi/v2/url/report", data={'apikey': VIRUSTOTAL, 'resource': url})
for i in res.json()['scans'].values():
if i['detected']:
malicious.append(url)
break
return malicious
class CSRF(Resource):
def post(self):
params = request.get_json(force=True)
# TODO: send websocket req like:
# The form params['formName'] at params['location'] can be CSRF vulnerable!
api.add_resource(AnalyzeQuery, '/api/query')
api.add_resource(ViralUrls, '/api/viralurls')
api.add_resource(ViralUrls, '/api/csrf')
if __name__ == '__main__':
start_websocket_server(WEBSOCKETS_PORT)
app.run(host='0.0.0.0')