Adding new WAF scripts

2025-12-29 02:49:01 +00:00 · 2019-01-07 01:21:07 +01:00
parent 30497acd0c
commit 54d0678cbe
6 changed files with 58 additions and 5 deletions
--- a/waf/crawlprotect.py
+++ b/waf/crawlprotect.py
@@ -15,5 +15,6 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, _, code = get_page(get=vector)
        retval = code >= 400 and "This site is protected by CrawlProtect" in (page or "")
+        retval |= "<title>CrawlProtect" in (page or "")

    return retval
--- a/waf/immunify360.py
+++ b/waf/immunify360.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTP_HEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Imunify360 (CloudLinux Inc.)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, _ = get_page(get=vector)
+        retval = re.search(r"\Aimunify360", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval = any(_ in (page or "") for _ in ("protected by Imunify360", "Powered by Imunify360", "imunify360 preloader"))
+        if retval:
+            break
+
+    return retval
--- a/waf/modsecurity.py
+++ b/waf/modsecurity.py
@@ -18,7 +18,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)
        retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
-        retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule"))
+        retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule", "Protected by Mod Security"))
        if retval:
            break

--- a/waf/onmessage.py
+++ b/waf/onmessage.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import re
+
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "onMessage Shield (Blackbaud)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, _ = get_page(get=vector)
+        retval = re.search(r"onMessage Shield", headers.get("X-Engine", ""), re.I) is not None
+        retval |= "This site is protected by an enhanced security system to ensure a safe browsing experience" in (page or "")
+        retval |= "onMessage SHIELD" in (page or "")
+        if retval:
+            break
+
+    return retval