Trivial update

README.md

@@ -1,5 +1,5 @@
 <p align="left">
-  <img alt="CommixProject" src="https://camo.githubusercontent.com/41258687d868cf76951a37f6be7961c4c862dfb3/687474703a2f2f692e696d6775722e636f6d2f6c4b6762336c712e706e67" height="120" />
+  <img alt="CommixProject" src="https://commixproject.com/images/logo.png" height="120" />
   <p align="left">
     <a href="https://api.travis-ci.org/commixproject/commix"><img alt="Build Status" src="https://api.travis-ci.org/commixproject/commix.svg?branch=master"></a>
     <a href="http://www.python.org/download/"><img alt="Python 2.6|2.7|3.x" src="https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg"></a>

doc/translations/README-gr-GR.md

@@ -1,5 +1,5 @@
 <p align="left">
-  <img alt="CommixProject" src="https://camo.githubusercontent.com/41258687d868cf76951a37f6be7961c4c862dfb3/687474703a2f2f692e696d6775722e636f6d2f6c4b6762336c712e706e67" height="120" />
+  <img alt="CommixProject" src="https://commixproject.com/images/logo.png" height="120" />
   <p align="left">
     <a href="https://api.travis-ci.org/commixproject/commix"><img alt="Build Status" src="https://api.travis-ci.org/commixproject/commix.svg?branch=master"></a>
     <a href="http://www.python.org/download/"><img alt="Python 2.6|2.7|3.x" src="https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg"></a>

setup.py

@@ -17,7 +17,7 @@
 
 setup(
       name='commix',
-      version='3.2',
+      version='3.3-dev',
       description='Automated All-in-One OS Command Injection Exploitation Tool',
       long_description=open('README.md').read(),
       long_description_content_type='text/markdown',

src/core/injections/blind/techniques/time_based/tb_handler.py

@@ -375,7 +375,7 @@ def tb_injection_handler(url, timesec, filename, http_request_method, url_time_r
               else:
                 header_name = ""
                 the_type = " parameter"
-                if http_request_method == "GET":
+                if http_request_method == settings.HTTPMETHOD.GET:
                   found_vuln_parameter = parameters.vuln_GET_param(url)
                 else :
                   found_vuln_parameter = vuln_parameter

src/core/injections/blind/techniques/time_based/tb_injector.py

@@ -46,7 +46,7 @@ def examine_requests(payload, vuln_parameter, http_request_method, url, timesec,
   start = time.time()
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
     # Encoding non-ASCII characters payload.
     # payload = _urllib.parse.quote(payload)   
     target = url.replace(settings.INJECT_TAG, payload)
@@ -93,7 +93,7 @@ def injection_test(payload, http_request_method, url):
   start = time.time()
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
     # Encoding non-ASCII characters payload.
     # payload = _urllib.parse.quote(payload)
 

src/core/injections/blind/techniques/time_based/tb_payloads.py

@@ -80,7 +80,7 @@ def decision(separator, TAG, output_length, timesec, http_request_method):
                  "[ " + str(output_length) + " -eq $str1 ]" + separator + 
                  "sleep " + str(timesec)
                  )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -152,7 +152,7 @@ def decision_alter_shell(separator, TAG, output_length, timesec, http_request_me
                  "[ " + str(output_length) + " -eq ${str1} ] " + separator + 
                  "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") "
                  )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -234,7 +234,7 @@ def cmd_execution(separator, cmd, output_length, timesec, http_request_method):
                  "[ " + str(output_length) + " -eq $str1 ]" + separator + 
                  "sleep " + str(timesec)
                  )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -304,7 +304,7 @@ def cmd_execution_alter_shell(separator, cmd, output_length, timesec, http_reque
                  "[ " + str(output_length) + " -eq ${str1} ] " + separator + 
                  "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") "
                  )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -393,7 +393,7 @@ def get_char(separator, cmd, num_of_chars, ascii_char, timesec, http_request_met
                 "[ " + str(ascii_char) + " -eq ${str} ] " + separator + 
                 "sleep " + str(timesec)
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -463,7 +463,7 @@ def get_char_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, http
                  "[ " + str(ascii_char) + " -eq ${str} ] " +  separator + 
                  "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")"
                  )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -538,7 +538,7 @@ def fp_result(separator, cmd, num_of_chars, ascii_char, timesec, http_request_me
                  "sleep " + str(timesec)
                  )
 
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -605,7 +605,7 @@ def fp_result_alter_shell(separator, cmd, num_of_chars, ascii_char, timesec, htt
                  "[ " + str(ascii_char) + " -eq ${str} ] " +  separator + 
                  "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")"
                  )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :

src/core/injections/controller/checks.py

@@ -480,7 +480,7 @@ def unavailable_option(check_option):
 def time_based_separators(separator, http_request_method):
   if separator == "||"  or separator == "&&" :
     separator = separator[:1]
-    if http_request_method == "POST":
+    if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.quote(separator)
   return separator
 
@@ -865,7 +865,7 @@ def print_non_listed_params(check_parameters, http_request_method, header_name):
           warn_msg += " not part of the "
           warn_msg += http_request_method
           warn_msg += ('', ' (JSON)')[settings.IS_JSON] + ('', ' (SOAP/XML)')[settings.IS_XML]  
-          warn_msg += (' data', ' request')[http_request_method == "GET"] 
+          warn_msg += (' data', ' request')[http_request_method == settings.HTTPMETHOD.GET] 
         warn_msg += "."
         print(settings.print_warning_msg(warn_msg))
 

src/core/injections/controller/controller.py

@@ -83,7 +83,7 @@ def heuristic_basic(url, http_request_method):
       if settings.VERBOSITY_LEVEL != 0:   
         debug_msg = "Performing heuristic test for " + technique + "."
         print(settings.print_debug_msg(debug_msg))
-      if http_request_method == "GET":
+      if http_request_method == settings.HTTPMETHOD.GET:
         request = _urllib.request.Request(url.replace(settings.INJECT_TAG, settings.BASIC_TEST))
       else:
         data = menu.options.data.replace(settings.INJECT_TAG, settings.BASIC_TEST)
@@ -628,9 +628,9 @@ def basic_level_checks():
 
   # Check if HTTP Method is GET.
   if not menu.options.data:
-    http_request_method = "GET"      
+    http_request_method = settings.HTTPMETHOD.GET      
   else:
-    http_request_method = "POST"
+    http_request_method = settings.HTTPMETHOD.POST
 
   if menu.options.shellshock:
     menu.options.level = settings.HTTP_HEADER_INJECTION_LEVEL

src/core/injections/controller/parser.py

@@ -99,7 +99,7 @@ def invalid_data(request, single_request):
 
     words_dict = {}
     for word in request.read().strip().splitlines():
-      if word[:4].strip() == "GET" or word[:4].strip() == "POST":
+      if word[:4].strip() == settings.HTTPMETHOD.GET or word[:4].strip() == settings.HTTPMETHOD.POST:
         words_dict[word[:4].strip()] = words_dict.get(word[:4].strip(), 0) + 1
 
     # Check if same header appears more than once.
@@ -111,7 +111,7 @@ def invalid_data(request, single_request):
         single_request = multi_requests()
 
     # Check for GET / POST HTTP Header
-    for http_header in ["GET","POST"]:
+    for http_header in [settings.HTTPMETHOD.GET,settings.HTTPMETHOD.POST]:
       request = open(request_file, "r")
       request = request.read()
       if "\\n" in request:
@@ -121,7 +121,7 @@ def invalid_data(request, single_request):
       if request_url:
         if not single_request:
           request_url = request_url[0]
-        if http_header == "POST":
+        if http_header == settings.HTTPMETHOD.POST:
           # Check for POST Data.
           result = [item for item in request.splitlines() if item]
           multiple_xml = []
@@ -205,7 +205,7 @@ def invalid_data(request, single_request):
         print(settings.print_info_msg(info_msg))
         sub_content = http_header + " " +  prefix + menu.options.host + request_url
         print(settings.print_sub_content(sub_content))
-        if http_header == "POST":
+        if http_header == settings.HTTPMETHOD.POST:
            sub_content = "Data: " + menu.options.data
            print(settings.print_sub_content(sub_content))
 # eof

src/core/injections/results_based/techniques/classic/cb_handler.py

@@ -246,7 +246,7 @@ def cb_injection_handler(url, timesec, filename, http_request_method, injection_
             else:    
               header_name = ""
               the_type = " parameter"
-              if http_request_method == "GET":
+              if http_request_method == settings.HTTPMETHOD.GET:
                 found_vuln_parameter = parameters.vuln_GET_param(url)
               else :
                 found_vuln_parameter = vuln_parameter

src/core/injections/results_based/techniques/classic/cb_injector.py

@@ -47,7 +47,7 @@
 def injection_test(payload, http_request_method, url):       
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
     if " " in payload:
       payload = payload.replace(" ","%20")
     # Define the vulnerable parameter
@@ -198,7 +198,7 @@ def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_reques
 
     else:
       # Check if defined method is GET (Default).
-      if http_request_method == "GET":
+      if http_request_method == settings.HTTPMETHOD.GET:
 
         # Check if its not specified the 'INJECT_HERE' tag
         #url = parameters.do_GET_check(url)

src/core/injections/results_based/techniques/eval_based/eb_handler.py

@@ -259,7 +259,7 @@ def eb_injection_handler(url, timesec, filename, http_request_method, injection_
             else:    
               header_name = ""
               the_type = " parameter"
-              if http_request_method == "GET":
+              if http_request_method == settings.HTTPMETHOD.GET:
                 found_vuln_parameter = parameters.vuln_GET_param(url)
               else :
                 found_vuln_parameter = vuln_parameter

src/core/injections/results_based/techniques/eval_based/eb_injector.py

@@ -41,7 +41,7 @@
 def injection_test(payload, http_request_method, url):
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
     # Check if its not specified the 'INJECT_HERE' tag
     #url = parameters.do_GET_check(url)
 
@@ -186,7 +186,7 @@ def check_injection(separator, TAG, cmd, prefix, suffix, whitespace, http_reques
 
     else:
       # Check if defined method is GET (Default).
-      if http_request_method == "GET":
+      if http_request_method == settings.HTTPMETHOD.GET:
         # Check if its not specified the 'INJECT_HERE' tag
         #url = parameters.do_GET_check(url)
 

src/core/injections/semiblind/techniques/file_based/fb_handler.py

@@ -465,7 +465,7 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r
             else:
               header_name = ""
               the_type = " parameter"
-              if http_request_method == "GET":
+              if http_request_method == settings.HTTPMETHOD.GET:
                 found_vuln_parameter = parameters.vuln_GET_param(url)
               else :
                 found_vuln_parameter = vuln_parameter

src/core/injections/semiblind/techniques/file_based/fb_injector.py

@@ -43,7 +43,7 @@
 def injection_test(payload, http_request_method, url):
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
 
     # Check if its not specified the 'INJECT_HERE' tag
     #url = parameters.do_GET_check(url)
@@ -189,7 +189,7 @@ def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, ht
 
     else:
       # Check if defined method is GET (Default).
-      if http_request_method == "GET":
+      if http_request_method == settings.HTTPMETHOD.GET:
         # Check if its not specified the 'INJECT_HERE' tag
         #url = parameters.do_GET_check(url)
         payload = payload.replace(" ","%20")

src/core/injections/semiblind/techniques/tempfile_based/tfb_enumeration.py

@@ -244,7 +244,7 @@ def system_users(separator, maxlen, TAG, cmd, prefix, suffix, whitespace, timese
     settings.SYS_USERS = settings.WIN_SYS_USERS
     settings.SYS_USERS = settings.SYS_USERS + "-replace('\s+',' '))"
     # URL encode "+ " if POST request and python alternative shell.
-    if alter_shell and http_request_method == "POST":
+    if alter_shell and http_request_method == settings.HTTPMETHOD.POST:
       settings.SYS_USERS = settings.SYS_USERS.replace("+ ","%2B")
   cmd = settings.SYS_USERS
   if session_handler.export_stored_cmd(url, cmd, vuln_parameter) == None or menu.options.ignore_session:

src/core/injections/semiblind/techniques/tempfile_based/tfb_handler.py

@@ -414,7 +414,7 @@ def tfb_injection_handler(url, timesec, filename, tmp_path, http_request_method,
               else:
                 header_name = ""
                 the_type = " parameter"
-                if http_request_method == "GET":
+                if http_request_method == settings.HTTPMETHOD.GET:
                   found_vuln_parameter = parameters.vuln_GET_param(url)
                 else :
                   found_vuln_parameter = vuln_parameter

src/core/injections/semiblind/techniques/tempfile_based/tfb_injector.py

@@ -47,7 +47,7 @@ def examine_requests(payload, vuln_parameter, http_request_method, url, timesec,
   start = time.time()
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
     # Encoding non-ASCII characters payload.
     # payload = _urllib.parse.quote(payload)
 
@@ -97,7 +97,7 @@ def injection_test(payload, http_request_method, url):
   start = time.time()
 
   # Check if defined method is GET (Default).
-  if http_request_method == "GET":
+  if http_request_method == settings.HTTPMETHOD.GET:
     payload = payload.replace("#","%23")
     # Encoding non-ASCII characters payload.
     # payload = _urllib.parse.quote(payload)

src/core/injections/semiblind/techniques/tempfile_based/tfb_payloads.py

@@ -89,7 +89,7 @@ def decision(separator, j, TAG, OUTPUT_TEXTFILE, timesec, http_request_method):
                 "[ " + str(j) + " -eq ${str1} ] " + separator +
                 "sleep " + str(timesec)
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -168,7 +168,7 @@ def decision_alter_shell(separator, j, TAG, OUTPUT_TEXTFILE, timesec, http_reque
                 "[ " + str(j) + " -eq ${str1} ] " + separator +
                 "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") "
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -287,7 +287,7 @@ def cmd_execution(separator, cmd, j, OUTPUT_TEXTFILE, timesec, http_request_meth
                 "str1=$(od -A n -t d1<" + OUTPUT_TEXTFILE + ")" + separator +
                 "echo $str1 >" + OUTPUT_TEXTFILE 
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :                
@@ -371,7 +371,7 @@ def cmd_execution_alter_shell(separator, cmd, j, OUTPUT_TEXTFILE, timesec, http_
                 "[ " + str(j) + " -eq ${str1} ] " +  separator +
                 "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\") "
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator) 
 
     elif separator == "||" :     
@@ -449,7 +449,7 @@ def get_char(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, timesec, http
                 "[ " + str(ascii_char) + " -eq ${str} ] " +  separator +
                 "sleep " + str(timesec)
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -522,7 +522,7 @@ def get_char_alter_shell(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, t
                 "[ " + str(ascii_char) + " -eq ${str} ] " +  separator +
                 "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")"
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -597,7 +597,7 @@ def fp_result(separator, OUTPUT_TEXTFILE, ascii_char, timesec, http_request_meth
                 "[ " + str(ord(str(ascii_char))) + " -eq ${str} ] " +  separator +
                 "sleep " + str(timesec)
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :
@@ -665,7 +665,7 @@ def fp_result_alter_shell(separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char,
                 "[ " + str(ascii_char) + " -eq ${str} ] " +  separator +
                 "$(python -c \"import time\ntime.sleep(" + str(timesec) + ")\")"
                 )
-      #if http_request_method == "POST":
+      #if http_request_method == settings.HTTPMETHOD.POST:
       separator = _urllib.parse.unquote(separator)
 
     elif separator == "||" :