PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

New WAF script

Browse Source
This commit is contained in:
Miroslav Stampar
2019-01-12 01:56:18 +01:00
parent 0a3144ebb5
commit 660036c38b
6 changed files with 48 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
waf/modsecurity.py
View File

@@ -18,7 +18,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule", "Protected by Mod Security"))
retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "Protected by Mod Security"))
if retval:
break