Minor improvement for enabling end-users to choose whether to skip or…

… continue testing the remaining parameters, if one is found vulnerable.. Ref: #905

doc/CHANGELOG.md

@@ -1,4 +1,5 @@
 ## Version 4.0 (TBA)
+* Revised: Minor improvement for enabling end-users to choose whether to skip or continue testing the remaining parameters, if one is found vulnerable.
 * Revised: Minor improvements regarding semiblind (i.e. "file-based") technique.
 * Fixed: Minor bug-fix regarding option `--output-dir`.
 * Revised: Improvement regarding option `--skip` for excluding certain parameter(s) from testing.

src/core/injections/controller/checks.py

@@ -197,48 +197,49 @@ def skipping_technique(technique, injection_type, state):
     print(settings.print_debug_msg(debug_msg))
 
 """
-Skipping of code injection tests.
+Skipping of further tests.
 """
-def skip_code_injection_tests():
-  while True:
-    message = "Skipping of code injection tests is recommended. "
-    message += "Do you agree? [Y/n] > "
-    procced_option = common.read_input(message, default="Y", check_batch=True)
-    if procced_option in settings.CHOICE_YES:
-      settings.SKIP_CODE_INJECTIONS = True
-      return
-    elif procced_option in settings.CHOICE_NO:
-      return
-    elif procced_option in settings.CHOICE_QUIT:
-      raise SystemExit()
-    else:
-      common.invalid_option(procced_option)
-      pass
+def keep_testing_others(filename, url):
+  if settings.SKIP_COMMAND_INJECTIONS:
+    while True:
+      message = "Do you want to keep testing the others? [y/N] > "
+      procced_option = common.read_input(message, default="N", check_batch=True)
+      if procced_option in settings.CHOICE_YES:
+        settings.SKIP_COMMAND_INJECTIONS = True
+        return
+      elif procced_option in settings.CHOICE_NO:
+        quit(filename, url, _ = False)
+      elif procced_option in settings.CHOICE_QUIT:
+        raise SystemExit()
+      else:
+        common.invalid_option(procced_option)
+        pass
 
 """
 Skipping of further command injection tests.
 """
-def skip_command_injection_tests():
-  if settings.IDENTIFIED_WARNINGS or settings.IDENTIFIED_PHPINFO:
-    _ = ""
+def skip_testing(filename, url):
+  if len(menu.options.tech) == 1:
+    settings.SKIP_COMMAND_INJECTIONS = True
   else:
-    _ = "further "
-  while True:
-    message = "Skipping of "+ _ +"command injection tests is recommended. "
-    message += "Do you agree? [Y/n] > "
-    procced_option = common.read_input(message, default="Y", check_batch=True)
-    if procced_option in settings.CHOICE_YES:
-      settings.SKIP_COMMAND_INJECTIONS = True
-      return
-    elif procced_option in settings.CHOICE_NO:
-      if settings.SKIP_COMMAND_INJECTIONS:
-        settings.SKIP_COMMAND_INJECTIONS = False
-      return
-    elif procced_option in settings.CHOICE_QUIT:
-      raise SystemExit()
+    if settings.IDENTIFIED_WARNINGS or settings.IDENTIFIED_PHPINFO:
+      _ = " testing command injection techniques"
     else:
-      common.invalid_option(procced_option)
-      pass
+      _ = " further testing"
+    while True:
+      message = "Do you want to skip" + _ + " in " + settings.CHECKING_PARAMETER + "? [Y/n] > "
+      procced_option = common.read_input(message, default="Y", check_batch=True)
+      if procced_option in settings.CHOICE_YES:
+        settings.SKIP_COMMAND_INJECTIONS = True
+        return
+      elif procced_option in settings.CHOICE_NO:
+        settings.SKIP_COMMAND_INJECTIONS = False
+        return
+      elif procced_option in settings.CHOICE_QUIT:
+        raise SystemExit()
+      else:
+        common.invalid_option(procced_option)
+        pass
 
 """
 The available mobile user agents.
@@ -289,6 +290,14 @@ def check_http_method(url):
       http_request_method = settings.HTTPMETHOD.GET
   return http_request_method
 
+def quit(filename, url, _):
+  logs.print_logs_notification(filename, url)
+  common.show_http_error_codes()
+  if _:
+    raise exit()
+  else:
+    raise SystemExit()
+
 """
 User aborted procedure
 """
@@ -297,9 +306,7 @@ def user_aborted(filename, url):
   abort_msg += "during the " + assessment_phase()
   abort_msg += " phase (Ctrl-C was pressed)."
   print(settings.print_abort_msg(abort_msg))
-  logs.print_logs_notification(filename, url)
-  common.show_http_error_codes()
-  raise exit()
+  quit(filename, url, _=True)
 
 """
 Connection exceptions

src/core/injections/controller/controller.py

@@ -41,8 +41,8 @@
 """
 
 def basic_level_checks():
-  settings.SKIP_CODE_INJECTIONS = False
-  settings.SKIP_COMMAND_INJECTIONS = False
+  settings.SKIP_CODE_INJECTIONS = None
+  settings.SKIP_COMMAND_INJECTIONS = None
   settings.IDENTIFIED_COMMAND_INJECTION = False
   settings.IDENTIFIED_WARNINGS = False
   settings.IDENTIFIED_PHPINFO = False
@@ -187,7 +187,7 @@ def classic_command_injection_technique(url, timesec, filename, http_request_met
     if (len(menu.options.tech) == 0 or "c" in menu.options.tech):
       if cb_handler.exploitation(url, timesec, filename, http_request_method, injection_type, technique) != False:
         settings.CLASSIC_STATE = settings.IDENTIFIED_COMMAND_INJECTION = True
-        checks.skip_command_injection_tests()
+        checks.skip_testing(filename, url)
       else:
         settings.CLASSIC_STATE = False
   if settings.CLASSIC_STATE == None:
@@ -205,7 +205,7 @@ def dynamic_code_evaluation_technique(url, timesec, filename, http_request_metho
       if eb_handler.exploitation(url, timesec, filename, http_request_method, injection_type, technique) != False:
         settings.EVAL_BASED_STATE = True
         if not settings.IDENTIFIED_WARNINGS and not settings.IDENTIFIED_PHPINFO:
-          checks.skip_command_injection_tests()
+          checks.skip_testing(filename, url)
       else:
         settings.EVAL_BASED_STATE = False
   if settings.EVAL_BASED_STATE == None:
@@ -222,7 +222,7 @@ def timebased_command_injection_technique(url, timesec, filename, http_request_m
     if (len(menu.options.tech) == 0 or "t" in menu.options.tech):
       if tb_handler.exploitation(url, timesec, filename, http_request_method, url_time_response, injection_type, technique) != False:
         settings.TIME_BASED_STATE = settings.IDENTIFIED_COMMAND_INJECTION = True
-        checks.skip_command_injection_tests()
+        checks.skip_testing(filename, url)
       else:
         settings.TIME_BASED_STATE = False
   if settings.TIME_BASED_STATE == None:
@@ -259,6 +259,7 @@ def check_parameter_in_http_header(check_parameter):
 """
 def injection_proccess(url, check_parameter, http_request_method, filename, timesec):
   if settings.PERFORM_BASIC_SCANS:
+    checks.keep_testing_others(filename, url)
     basic_level_checks()
 
   inject_http_headers = check_parameter_in_http_header(check_parameter)
@@ -291,7 +292,7 @@ def injection_proccess(url, check_parameter, http_request_method, filename, time
      settings.CHECKING_PARAMETER += str(header_name) + str(the_type) + str(inject_parameter)
   else:
      settings.CHECKING_PARAMETER += str(the_type) + str(header_name) + str(inject_parameter)
-
+  
   info_msg = "Setting " + settings.CHECKING_PARAMETER  + " for tests."
   print(settings.print_info_msg(info_msg))
 
@@ -313,7 +314,7 @@ def injection_proccess(url, check_parameter, http_request_method, filename, time
         # Check for identified warnings
         url = code_injections_heuristic_basic(url, http_request_method, check_parameter, the_type, header_name, inject_http_headers)
         if settings.IDENTIFIED_WARNINGS or settings.IDENTIFIED_PHPINFO:
-          checks.skip_command_injection_tests()
+          checks.skip_testing(filename, url)
 
       if not settings.IDENTIFIED_COMMAND_INJECTION and not settings.IDENTIFIED_WARNINGS and not settings.IDENTIFIED_PHPINFO:
         settings.HEURISTIC_TEST.POSITIVE = False
@@ -459,6 +460,7 @@ def stored_http_header_injection(url, check_parameter, http_request_method, file
 Cookie injection
 """
 def cookie_injection(url, http_request_method, filename, timesec):
+
   settings.COOKIE_INJECTION = True
 
   # Cookie Injection
@@ -628,6 +630,7 @@ def post_request(url, http_request_method, filename, timesec):
 Perform GET / POST parameters checks
 """
 def data_checks(url, http_request_method, filename, timesec):
+
   settings.COOKIE_INJECTION = None
   settings.HTTP_HEADERS_INJECTION = False
   settings.CUSTOM_HEADER_INJECTION = False

src/core/injections/controller/shell_options.py

@@ -179,10 +179,9 @@ def check_option(separator, TAG, cmd, prefix, suffix, whitespace, http_request_m
     go_back, go_back_again = reverse_tcp_config(separator, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, alter_shell, filename, os_shell_option, go_back, go_back_again, payload, OUTPUT_TEXTFILE)
     return go_back, go_back_again
 
-  # The "quit" option
+  # The "quit" / "exit" options
   elif os_shell_option == "quit" or os_shell_option == "exit":
-    logs.print_logs_notification(filename, url)
-    raise SystemExit()
+    checks.quit(filename, url, _ = True)
 
   else:
     return go_back, go_back_again

src/core/modules/shellshock/shellshock.py

@@ -264,9 +264,9 @@ def check_options(url, cmd, cve, check_header, filename, os_shell_option, http_r
     go_back, go_back_again = reverse_tcp_config(url, cmd, cve, check_header, filename, os_shell_option, http_request_method, go_back, go_back_again)
     return go_back, go_back_again
 
-  # The "quit" option
+  # The "quit" / "exit" options
   elif os_shell_option == "quit" or os_shell_option == "exit":                    
-    raise SystemExit()
+    checks.quit(filename, url, _ = True)
 
 """
 The main shellshock handler

src/utils/settings.py

@@ -247,7 +247,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "4.0"
-REVISION = "49"
+REVISION = "50"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: