Skip to content

Commit

Permalink
Minor updates and fixes #903
Browse files Browse the repository at this point in the history
  • Loading branch information
@stasinopoulos
stasinopoulos committed Apr 24, 2024
1 parent c9c0306 commit a611614
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 15 deletions.
28 changes: 14 additions & 14 deletions src/core/modules/shellshock/shellshock.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,19 +35,12 @@
"""

if settings.MULTI_TARGETS or settings.STDIN_PARSING:
if settings.COOKIE_INJECTION:
settings.COOKIE_INJECTION = None
if settings.USER_AGENT_INJECTION:
settings.USER_AGENT_INJECTION = None
if settings.REFERER_INJECTION:
settings.REFERER_INJECTION = None
if settings.COOKIE_INJECTION:
settings.COOKIE_INJECTION = None

# Available HTTP headers
headers = [
settings.USER_AGENT,
settings.REFERER,
settings.COOKIE,
]

# Available Shellshock CVEs
shellshock_cves = [
Expand Down Expand Up @@ -290,8 +283,8 @@ def shellshock_handler(url, http_request_method, filename):

try:
i = 0
total = len(shellshock_cves) * len(headers)
for check_header in headers:
total = len(shellshock_cves) * len(settings.SHELLSHOCK_HTTP_HEADERS)
for check_header in settings.SHELLSHOCK_HTTP_HEADERS:
for cve in shellshock_cves:
# Check injection state
settings.DETECTION_PHASE = True
Expand All @@ -316,10 +309,17 @@ def shellshock_handler(url, http_request_method, filename):
response = proxy.use_proxy(request)
else:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)

if type(response) is bool:
response_info = ""
else:
response_info = response.info()

if check_header == settings.COOKIE:
menu.options.cookie = default_cookie
if check_header == settings.USER_AGENT:
menu.options.agent = default_user_agent

percent = ((i*100)/total)
float_percent = "{0:.1f}".format(round(((i*100)/(total*1.0)),2))

Expand All @@ -330,7 +330,7 @@ def shellshock_handler(url, http_request_method, filename):
percent = settings.info_msg
no_result = False

elif len(response.info()) > 0 and cve in response.info():
elif len(response_info) > 0 and cve in response_info:
percent = settings.info_msg
no_result = False

Expand Down Expand Up @@ -360,9 +360,9 @@ def shellshock_handler(url, http_request_method, filename):
if settings.VERBOSITY_LEVEL != 0:
checks.total_of_requests()

finding = check_header + settings.SINGLE_WHITESPACE + vuln_parameter
settings.CHECKING_PARAMETER = check_header + settings.SINGLE_WHITESPACE + vuln_parameter
# Print the findings to terminal.
info_msg = finding + " appears to be injectable via " + technique + "."
info_msg = settings.CHECKING_PARAMETER + " appears to be injectable via " + technique + "."
if settings.VERBOSITY_LEVEL == 0:
print(settings.SINGLE_WHITESPACE)
print(settings.print_bold_info_msg(info_msg))
Expand Down
3 changes: 2 additions & 1 deletion src/utils/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ def sys_argv_errors():
DESCRIPTION = "The command injection exploiter"
AUTHOR = "Anastasios Stasinopoulos"
VERSION_NUM = "4.0"
REVISION = "35"
REVISION = "36"
STABLE_RELEASE = False
VERSION = "v"
if STABLE_RELEASE:
Expand Down Expand Up @@ -1249,6 +1249,7 @@ class AUTH_TYPE(object):

# HTTP Headers
HTTP_HEADERS = [ USER_AGENT.lower(), REFERER.lower(), HOST.lower() ]
SHELLSHOCK_HTTP_HEADERS =[ COOKIE, USER_AGENT, REFERER ]

# Regular expression used for ignoring some special chars
IGNORE_SPECIAL_CHAR_REGEX = "[^/()A-Za-z0-9.:,_+]"
Expand Down

0 comments on commit a611614

Please sign in to comment.