Commit dca80c7e authored by Hugo Lefeuvre's avatar Hugo Lefeuvre Committed by Hugo Lefeuvre

New upstream version 1.0+git20190108

parent 71f2985b
......@@ -59,6 +59,7 @@ sub getLoginarray {
"HEAD /XAXAX HTTP/1.0\r\n\r\n",
"HEAD /?XAXAX HTTP/1.0\r\n\r\n",
"HEAD / XAXAX\r\n\r\n",
"HEADXAXAX / HTTP/1.0\r\n\r\n",
"GET XAXAX HTTP/1.0\r\n\r\n",
"GET /XAXAX HTTP/1.0\r\n\r\n",
"GET /XAXAX.html HTTP/1.0\r\n\r\n",
......@@ -70,6 +71,7 @@ sub getLoginarray {
"GET / XAXAX\r\n\r\n",
"GET / HTTP/XAXAX\r\n\r\n",
"GET /XAXAX\r\n\r\n",
"GETXAXAX / HTTP/1.0\r\n\r\n",
"POST XAXAX HTTP/1.0\r\n\r\n",
"POST /XAXAX HTTP/1.0\r\n\r\n",
"POST /?XAXAX HTTP/1.0\r\n\r\n",
......@@ -108,6 +110,7 @@ sub getCommandarray {
"Accept-Language: XAXAX\r\n\r\n",
"Accept-Charset: XAXAX\r\n\r\n",
"Connection: XAXAX\r\n\r\n",
"Date: XAXAX\r\n\r\n",
"Referer: XAXAX\r\n\r\n",
"Referer: XAXAX://somehost.com/\r\n\r\n",
"Referer: http://XAXAX/\r\n\r\n",
......@@ -115,9 +118,21 @@ sub getCommandarray {
"Authorization: XAXAX\r\n\r\n",
"From: XAXAX\r\n\r\n",
"Charge-To: XAXAX\r\n\r\n",
"Authorization: XAXAX",
"Authorization: XAXAX\r\n\r\n",
"Authorization: Basic XAXAX\r\n\r\n",
"Authorization XAXAX: Basic AAAAAA\r\n\r\n",
"Authorization: XAXAX : foo\r\n\r\n",
"Authorization: Digest XAXAX\r\n\r\n",
"Authorization: Digest username=\"XAXAX\",realm=\"d\@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=auth,nc=00000001,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"XAXAX\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=auth,nc=00000001,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d\@ona.com\",nonce=\"XAXAX\",uri=\"/index.html\",qop=auth,nc=00000001,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d\@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"XAXAX\",qop=auth,nc=00000001,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d\@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=XAXAX,nc=00000001,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d\@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=auth,nc=XAXAX,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d\@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=auth,nc=00000001,cnonce=\"XAXAX\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=auth,nc=00000001,cnonce=\"0a4f113b\",response=\"XAXAX\",opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"\r\n\r\n",
"Authorization: Digest username=\"doona\",realm=\"d@ona.com\",nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\",uri=\"/index.html\",qop=auth,nc=00000001,cnonce=\"0a4f113b\",response=\"6629fae49393a05397450978507c4ef1\",opaque=\"XAXAX\"\r\n\r\n",
"Authorization: XAXAX : foo\r\n\r\n",
"Authorization: foo : XAXAX\r\n\r\n",
"If-Modified-Since: XAXAX\r\n\r\n",
"If-Match: XAXAX\r\n\r\n",
......@@ -133,10 +148,37 @@ sub getCommandarray {
"Range: bytes=1-XAXAX\r\n\r\n",
"Range: bytes=0-1,XAXAX\r\n",
"Content-Length: XAXAX\r\n\r\n",
"Content-Type: XAXAX\r\n\r\n",
"Content-Type: text/html; XAXAX\r\n\r\n",
"Content-Type: XAXAX/html; charset=ISO-8859-4\r\n\r\n",
"Content-Type: text/XAXAX; charset=ISO-8859-4\r\n\r\n",
"Content-Type: text/html; XAXAX=ISO-8859-4\r\n\r\n",
"Content-Type: text/html; charset=XAXAX\r\n\r\n",
"Content-Encoding: XAXAX\r\n\r\n",
"Content-Encoding: XAXAX\r\nCache-control: no-transform\r\n\r\n",
"Content-Language: XAXAX\r\n\r\n",
"Cache-control: XAXAX\r\n\r\n",
"Cache-control: max-age=XAXAX\r\n\r\n",
"Cache-control: min-fresh=XAXAX\r\n\r\n",
"Cache-control: max-stale=XAXAX\r\n\r\n",
"Cookie: XAXAX\r\n\r\n",
"Cookie: XAXAX=abc\r\n\r\n",
"Cookie: abc=XAXAX\r\n\r\n",
# The meaning of the Content-Location header in PUT or POST requests is
# undefined; servers are free to ignore it in those cases.
"Content-Location: XAXAX\r\n\r\n",
"Content-Language: XAXAX\r\n\r\n",
"Content-MD5: XAXAX\r\n\r\n",
"Content-Range: 0-XAXAX/1024\r\n\r\n",
"Content-Range: XAXAX-500/1024\r\n\r\n",
"Content-Range: 0-500/XAXAX\r\n\r\n",
"X-Headr: XAXAX\r\n XAXAX\r\n\r\n",
"TE: XAXAX\r\n\r\n",
"Upgrade: XAXAX\r\nConnection: upgrade\r\n\r\n",
"Trailer: XAXAX\r\n\r\n",
"Transfer-Encoding: XAXAX\r\n\r\n",
"Via: XAXAX\r\n\r\n",
"X-Forwarded-For: XAXAX\r\n\r\n",
"Upgrade: XAXAX/1.0\r\nConnection: upgrade\r\n\r\n",
);
return(@cmdArray);
}
......
package bedmod::http_more;
use Socket;
# This package is an extension to doona, to check
# for http server vulnerabilities.
#
# Tests for request methods and request fields not tested in the standard http module
# Written by Grid
sub new {
my $this = {};
bless $this;
return $this;
}
sub init {
my $this = shift;
%special_cfg=@_;
$this->{proto}="tcp";
if ($special_cfg{'p'} eq "") {
$this->{port}='80';
} else {
$this->{port} = $special_cfg{'p'};
}
if ($special_cfg{'d'}) { return; }
$iaddr = inet_aton($this->{target}) || die "Unknown host: $host\n";
$paddr = sockaddr_in($this->{port}, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "HEAD / HTTP/1.0\r\n\r\n", 0) || die "HTTP request failed: $!\n";
}
sub health_check {
my $this = shift;
$iaddr = inet_aton($this->{target}) || die "Unknown host: $this->{target}\n";
$paddr = sockaddr_in($this->{port}, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "HEAD / HTTP/1.0\r\n\r\n", 0) || die "HTTP request failed: $!\n";
my $resp = <SOCKET>;
if (!$this->{healthy}) {
if ($resp =~ /HTTP/) {
$this->{healthy}=$resp;
}
# print "Set healthy: $resp";
}
return $resp =~ m/^$this->{healthy}$/;
}
sub getQuit {
return("\r\n\r\n");
}
sub getLoginarray {
my $this = shift;
@Loginarray = (
"GET /default.XAXAX HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n",
"GET /XAXAX.html HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n",
"CONNECT XAXAX:80 HTTP/1.1\r\n\r\n",
"CONNECT 192.168.43.128/home:XAXAX HTTP/1.1\r\n\r\n",
"PATCH /XAXAX HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n",
);
return (@Loginarray);
}
sub getCommandarray {
my $this = shift;
@cmdArray = (
"Accept-Datetime: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Cache-Control: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Content-MD5: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Content-Type: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Date: XAXAX\r\n\r\n",
"Forwarded: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Origin: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Via: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Warning: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Requested-With: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"DNT: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Forwarded-For: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Forwarded-Host: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Forwarded-Proto: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Front-End-Https: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Http-Method-Override: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Att-Deviceid: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Wap-Profile: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"Proxy-Connection: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-UIDH: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Csrf-Token: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
);
return(@cmdArray);
}
sub getLogin {
my $this = shift;
@login = (
"CONNECT 192.168.43.128:80 HTTP/1.1\r\n",
"PATCH /default.html HTTP/1.1\r\n",
);
return(@login);
}
sub testMisc { #Put your corner case tests here
my $this = shift;
@cmdArray = (
"CONNECT 192.168.43.128:80 HTTP/1.1\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"PATCH / HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
);
return(@cmdArray);
}
sub usage {
}
1;
package bedmod::http_sp;
use Socket;
# This package is an extension to doona, to check
# for http server vulnerabilities. Works as an extension to BED too
#
# Tests for request methods and request fields specific to SharePoint
#
# The displayed output may not show particularly long commands but
# the right stuff is being sent
#
# Might want to mod, depending on desired results. For example, do a GET on an existing resource
#
# Written by Grid
sub new {
my $this = {};
bless $this;
return $this;
}
sub init {
my $this = shift;
%special_cfg=@_;
$this->{proto}="tcp";
if ($special_cfg{'p'} eq "") {
$this->{port}='80';
} else {
$this->{port} = $special_cfg{'p'};
}
if ($special_cfg{'d'}) { return; }
$iaddr = inet_aton($this->{target}) || die "Unknown host: $host\n";
$paddr = sockaddr_in($this->{port}, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "HEAD / HTTP/1.0\r\n\r\n", 0) || die "HTTP request failed: $!\n";
}
sub health_check {
my $this = shift;
$iaddr = inet_aton($this->{target}) || die "Unknown host: $this->{target}\n";
$paddr = sockaddr_in($this->{port}, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "HEAD / HTTP/1.0\r\n\r\n", 0) || die "HTTP request failed: $!\n";
my $resp = <SOCKET>;
if (!$this->{healthy}) {
if ($resp =~ /HTTP/) {
$this->{healthy}=$resp;
}
# print "Set healthy: $resp";
}
return $resp =~ m/^$this->{healthy}$/;
}
sub getQuit {
return("\r\n\r\n");
}
sub getLoginarray {
my $this = shift;
@Loginarray = (
"GET /default.XAXAX HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n",
"GET /XAXAX.html HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n",
);
return (@Loginarray);
}
sub getCommandarray {
my $this = shift;
@cmdArray = (
"x-virus-infected: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"x-irm-cantdecrypt: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"x-irm-rejected: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"x-irm-notowner: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"x-irm-timeout: XAXAX\r\nHost: 192.168.43.128\r\n",
"x-irm-crashed: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"x-irm-unknown-failure: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"SharePointError: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-RequestDigest: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Forms_Based_Auth_Required: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-Forms_Based_Auth_Return_Url: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-MS-File-Checked-Out: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-RequestToken: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"SPRequestGuid: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-UseWebLanguage: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-RequestForceAuthentication: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-SharePointHealthScore: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
"X-MS-InvokeApp: XAXAX\r\nHost: 192.168.43.128\r\n\r\n",
);
return(@cmdArray);
}
sub getLogin {
my $this = shift;
@login = (
"GET / HTTP/1.1\r\n",
);
return(@login);
}
sub testMisc { #Put your corner case tests here
my $this = shift;
@cmdArray = (
"GET / HTTP/1.1\r\nHost: 192.168.43.128\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
);
return(@cmdArray);
}
sub usage {
}
1;
package bedmod::http_webdav;
use Socket;
# This package is an extension to doona, to check
# for http server vulnerabilities. Works as an extension to BED too
#
# Tests for WebDAV-specific request methods and request fields
# These aren't tested in the standard HTTP module.
#
# Modify as needed: might want to ensure the BCOPY requests a resource that exists
#
# The displayed output may not show particularly long commands (e.g. BPROPFIND /webpage.aspx) but
# the right stuff is being sent
#
# Written by Grid
sub new {
my $this = {};
bless $this;
return $this;
}
sub init {
my $this = shift;
%special_cfg=@_;
$this->{proto}="tcp";
if ($special_cfg{'p'} eq "") {
$this->{port}='80';
} else {
$this->{port} = $special_cfg{'p'};
}
if ($special_cfg{'d'}) { return; }
$iaddr = inet_aton($this->{target}) || die "Unknown host: $host\n";
$paddr = sockaddr_in($this->{port}, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "HEAD / HTTP/1.0\r\n\r\n", 0) || die "HTTP request failed: $!\n";
}
sub health_check {
my $this = shift;
$iaddr = inet_aton($this->{target}) || die "Unknown host: $this->{target}\n";
$paddr = sockaddr_in($this->{port}, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET, $paddr) || die "connection attempt failed: $!\n";
send(SOCKET, "HEAD / HTTP/1.0\r\n\r\n", 0) || die "HTTP request failed: $!\n";
my $resp = <SOCKET>;
if (!$this->{healthy}) {
if ($resp =~ /HTTP/) {
$this->{healthy}=$resp;
}
# print "Set healthy: $resp";
}
return $resp =~ m/^$this->{healthy}$/;
}
sub getQuit {
return("\r\n\r\n");
}
sub getLoginarray {
my $this = shift;
@Loginarray = (
"BCOPY /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"BDELETE /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"BMOVE /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"BPROPFIND /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"BPROPPATCH /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"COPY /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"DELETE /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"LOCK /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"MKCOL /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"MOVE /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"NOTIFY http://XAXAX:80 HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"POLL /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"PROPFIND /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"PROPPATCH /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"SEARCH /XAXAX/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"SUBSCRIBE /XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"UNLOCK /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"UNSUBSCRIBE /XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
"X-MS-ENUMATTS /XAXAX.XAXAX HTTP/1.1\r\nHost: myserver.com\r\n\r\n",
);
return (@Loginarray);
}
sub getCommandarray {
my $this = shift;
@cmdArray = ( # These are commands specific to webdav.
"Destination: XAXAX\r\nHost: myserver.com\r\n",
"Depth: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Brief: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Overwrite: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Timeout: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Location: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Subscription-id: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Translate: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Call-Back: XAXAX\r\nHost: myserver.com\r\n\r\n",
"Lock-Token: XAXAX\r\nHost: myserver.com\r\n\r\n",
);
return(@cmdArray);
}
sub getLogin {
my $this = shift;
@login = (
"BCOPY /webpage.aspx/ HTTP/1.1\r\n",
"BDELETE /webpage.aspx/ HTTP/1.1\r\n",
"BMOVE /webpage.aspx/ HTTP/1.1\r\n",
"BPROPFIND /webpage.aspx/ HTTP/1.1\r\n",
"BPROPPATCH /webpage.aspx/ HTTP/1.1\r\n",
"COPY /webpage.aspx HTTP/1.1\r\n",
"DELETE /webpage.aspx HTTP/1.1\r\n",
"LOCK /webpage.aspx HTTP/1.1\r\n",
"MKCOL /webpage.aspx HTTP/1.1\r\n",
"MOVE /webpage.aspx HTTP/1.1\r\n",
"NOTIFY http://myserver.com:80 HTTP/1.1\r\n",
"POLL /webpage.aspx/ HTTP/1.1\r\n",
"PROPFIND /webpage.aspx HTTP/1.1\r\n",
"PROPPATCH /webpage.aspx HTTP/1.1\r\n",
"SEARCH /webpage.aspx/ HTTP/1.1\r\n",
"SUBSCRIBE /webpage.aspx HTTP/1.1\r\n",
"UNLOCK /webpage.aspx HTTP/1.1\r\n",
"UNSUBSCRIBE /webpage.aspx HTTP/1.1\r\n",
"X-MS-ENUMATTS /webpage.aspx HTTP/1.1\r\n",
);
return(@login);
}
sub testMisc { #Put your corner case tests here
my $this = shift;
@cmdArray = (
"BCOPY /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"BDELETE /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"BMOVE /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"BPROPFIND /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"COPY /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"DELETE /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"LOCK /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"MKCOL /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"MOVE /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"NOTIFY /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"POLL /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"PROPFIND /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"PROPPATCH /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"SEARCH /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"SUBSCRIBE /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"UNLOCK /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"UNSUBSCRIBE /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
"X-MS-ENUMATTS /webpage.aspx/ HTTP/1.1\r\nHost: myserver.com\r\n\r\n" . "Lotsofheaders: XAXAX\r\n" x 1024 . "\r\n",
);
return(@cmdArray);
}
sub usage {
}
1;
......@@ -131,7 +131,8 @@ sub getCommandarray {
"Accept-Language: XAXAX\r\n\r\n",
"Accept-Charset: XAXAX\r\n\r\n",
"Authorization: XAXAX\r\n\r\n",
"Authorization: XAXAX",
"Authorization: XAXAX\r\n\r\n",
"Authorization: Basic XAXAX\r\n\r\n",
"Authorization XAXAX: Basic AAAAAA\r\n\r\n",
"Authorization: XAXAX:foo\r\n\r\n",
"Authorization: foo:XAXAX\r\n\r\n",
......
......@@ -28,9 +28,10 @@ my @overflowstrings = (
"A" x 1044, "A" x 2047, "A" x 2048, "A" x 2049, "A" x 2068, "A" x 3092, "A" x 4116, "A" x 5140,
"A" x 6164, "A" x 7188, "A" x 8212, "A" x 9236, "A" x 10260, "A" x 11284, "A" x 12308, "A" x 13332,
"A" x 14356, "A" x 15380,
"\\" x 200, "\\" x 255, "\\" x 9000, "/" x 200, "/" x 256, "/" x 9000,
"\\" x 200, "\\" x 255, "\\" x 256, "\\" x 9000,
"/" x 200, "/" x 255, "/" x 256, "/" x 9000,
"A/" x 256, "AA/" x 256, "AAA/" x 256, "AAAA/" x 256,
"." x 200, "." x 255, "." x 9000, " " x 9000, "AA " x 200,
"." x 200, "." x 255, "." x 256, "." x 9000, " " x 9000, "AA " x 200,
);
my @formatstrings = (
"%s" x 4, "%s%p%x%d", "%s" x 8, "%s" x 15, "%s" x 30, "%.1024d", "%.2048d", "%.4096d", '%@' x 53, "%.16i705u%2\$hn", "%#123456x"
......@@ -45,10 +46,16 @@ my @largenumbers = (
"2147483647", "2147483648", "2147483649",
"0xfffffffe", "0xffffffff", "4294967295",
"9223372036854775807", "18446744073709551615",
"-1", "-268435455", "-20",
"0", "-1", "-268435455", "-20",
"2.2250738585072011e-308",
);
my @miscstrings = ("/", "\\", "%0xa", " ", "+", "<", ">", "<>", "%", "-", "+", "*", ".", ":", "&", "%u000", "\t", "\r", "\r\n", "\n");
my @miscstrings = (
"/", "\\", "%0xa", " ", "+", "<", ">", "<>",
"%", "-", "+", "*", ".", ":", ";", "&", "%u000",
"%xx", "\\x41", "%00", "\x00", "\x01\x01\x01\x01",
"A\@A.COM","AAAA.ABCD","AAAA://AAAAA.AAAAA/AAAA",
"\t", "\r", "\r\n", "\n"
);
my $idx = 0;
my $prevfuzz = '';
print "\n Doona $VERSION by Wireghoul (www.justanotherhacker.com)\n\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment