Saving current work.

Need to add option to specify url. Then, allow user to specify multiple urls.
FDlucifer · Oct 13, 2019 · d97243e · d97243e
1 parent 2f1ddfc
commit d97243e
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 19 deletions.
diff --git a/__pycache__/scanner.cpython-37.pyc b/__pycache__/scanner.cpython-37.pyc
diff --git a/crlf.py b/crlf.py
@@ -8,13 +8,27 @@
 '''
 
 #import sys, getopt
-#from termcolor import colored
+#from termcolor import colored\
 import click
+from scanner import CrlfScanner
 
-@click.command()
+@click.group()
 def main():
     click.echo("Command line tool for detecting CRL injection.")
 
+@main.command("scan")
+def scan():
+    scanner = CrlfScanner()
+    urls = scanner.generate_vuln_urls("https://www.google.com")
+    click.echo("Beginning scan...")
+    success = []
+    for url in urls:
+        if scanner.scan(url):
+            success.append(url)
+            click.echo("CRLF detected: {}".format(url))
+        else:
+            click.echo("No CRLF detected: {}".format(url))
+
 if __name__ == "__main__":
     main()
 

diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 click
 colorama
+eventlet
 requests
diff --git a/scanner.py b/scanner.py
@@ -28,23 +28,28 @@ class CrlfScanner():
     TIMEOUT = 5
 
     def __init__(self):
-        self.inj_str = DEFAULT_INJ
+        self.inj_str = self.DEFAULT_INJ
 
-    # Scan the url for crlf.
-    def scan(self, url):
-        # Store successful clrf attempts in buffer.
-        buffer = []
+    def generate_vuln_urls(self, url):
+        """ Generate URLS that may be vulnerable to CRLF injection.
+        """
+        vuln_urls = []
         for append in self.APPEND_LIST:
             for escape in self.ESCAPE_LIST:
-                crlf_url = url + append + escape + self.inj_str
-                session = requests.Session()
-                with eventlet.Timeout(self.TIMEOUT):
-                    try:
-                        session.get(crlf_url)
-                        print(colored(crlf_url, 'magenta'))
-                    except:
-                        print(colored("Error: %s" % crlf_url, 'red'))
-                    if 'param' in session.cookies.get_dict() and\
-                        'crlf' in session.cookies.get_dict().values():
-                        buffer.append(crlf_url)
-        return buffer
+                vuln_urls.append(url + append + escape + self.inj_str)
+        return vuln_urls
+
+    def scan(self, url):
+        """ Scan target URL for CRLF injection
+        """
+        result = False
+        session = requests.Session()
+        with eventlet.Timeout(self.TIMEOUT):
+            try:
+                session.get(url)
+            except:
+                pass
+            if 'param' in session.cookies.get_dict() and\
+                'crlf' in session.cookies.get_dict().values():
+                result = True
+        return result