Finalizing implementation for an Issue #290

waf/__init__.py

@@ -0,0 +1,8 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+pass

waf/airlock.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "Airlock (Phion/Ergon)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"\AAL[_-]?(SESS|LB)=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None

waf/barracuda.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "Barracuda Web Application Firewall (Barracuda Networks)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"\Abarra_counter_session=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None

waf/bigip.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "BIG-IP Application Security Manager (F5 Networks)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    retval = re.search(r"\ATS[a-zA-Z0-9]{3,6}=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+
+    if not retval:
+        for vector in WAF_ATTACK_VECTORS:
+            page, headers, code = get_page(get=vector)
+            retval = headers.get("X-Cnection", "").lower() == "close"
+            if retval:
+                break
+
+    return retval

waf/binarysec.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "BinarySEC Web Application Firewall (BinarySEC)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"BinarySec", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None

waf/datapower.py

@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+__product__ = "IBM WebSphere DataPower (IBM)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"\A(OK|FAIL)", headers.get("X-Backside-Transport", ""), re.I) is not None

waf/denyall.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Deny All Web Application Firewall (DenyAll)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    retval = re.search(r"\Asessioncookie=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+
+    if not retval:
+        for vector in WAF_ATTACK_VECTORS:
+            page, headers, code = get_page(get=vector)
+            retval = code == 200 and re.search(r"\ACondition Intercepted", page, re.I) is not None
+            if retval:
+                break
+
+    return retval

waf/dotdefender.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "dotDefender (Applicure Technologies)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        retVal = headers.get("X-dotDefender-denied", "") == 1
+        if retVal:
+            break
+
+    return retval

waf/f5asm.py

@@ -1,16 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
-See the file 'doc/COPYING' for copying permission
-"""
-
-import re
-
-from lib.core.enums import HTTPHEADER
-
-__product__ = "F5 Networks BIG-IP Application Security Manager (ASM)"
-__request__ = ()
-
-def detect(page, headers, code):
-    return re.search(r"^TS[a-zA-Z0-9]{3,6}=", headers.get(HTTPHEADER.SET_COOKIE, "")) is not None

waf/hyperguard.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "Hyperguard Web Application Firewall (art of defence Inc.)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"\AODSESSION=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None

waf/modsecurity.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "ModSecurity: Open Source Web Application Firewall (Trustwave)"
+
+def detect(get_page):
+    retval = False
+
+    for vector in WAF_ATTACK_VECTORS:
+        page, headers, code = get_page(get=vector)
+        if code == 501:
+            retVal = True
+            break
+
+    return retval

waf/netcontinuum.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"\ANCI__SessionId=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None

waf/netscaler.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "NetScaler (Citrix Systems)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    retval = re.search(r"\A(ns_af=|citrix_ns_id|NSC_)", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+
+    if not retval:
+        for vector in WAF_ATTACK_VECTORS:
+            page, headers, code = get_page(get=vector)
+            retval = re.search(r"\Aclose", headers.get("Cneonction", "") or headers.get("nnCoection", ""), re.I) is not None
+            if retval:
+                break
+
+    return retval

waf/profense.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "Profense Web Application Firewall (Armorlogic)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"Profense", headers.get(HTTPHEADER.SERVER, ""), re.I) is not None

waf/proventia.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.data import kb
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Proventia Web Application Security (IBM)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    if page is None:
+        return False
+    page, headers, code = get_page(url="/Admin_Files/")
+    return page is None

waf/teros.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "ISV Teros Web Application Firewall (Teros/Citrix Systems)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return re.search(r"\Ast8id=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None

waf/trafficshield.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+
+__product__ = "TrafficShield (F5 Networks)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    return (re.search(r"\AASINFO=", headers.get(HTTPHEADER.COOKIE, ""), re.I) or re.search(r"F5-TrafficShield", headers.get(HTTPHEADER.SERVER, ""), re.I)) is not None

waf/webappsecure.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.data import kb
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "webApp.secure (webScurity)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    if code == 403:
+        return False
+    page, headers, code = get_page(get="nx=@@")
+    return code == 403