Advertisement
opexxx

accessgrinder.pl

Jul 8th, 2014
329
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 5.43 KB | None | 0 0
  1. #!/usr/bin/perl
  2.  
  3. # Perl script to test web application access controls
  4. # Usage - ./accessgrinder.pl -f <file containing urls> -c 'SESSION=session1' \
  5. # [-c 'SESSION=session2'] [--nocolour] [-v] [--string 'regex to match'] \
  6. # [--insecure] [-d 'delimiter'] [-u 'useragent']
  7.  
  8. # geoff.jones@cyberis.co.uk - Geoff Jones 17/05/2012 - v0.1
  9.  
  10. # Perl script to test access controls of web applications. Given an
  11. # arbitrary number of session cookies, this script will access a number
  12. # of URL's and report response code, length, any redirects and whether
  13. # a given string is contained within the response (e.g. 'Unauthorized').
  14. # Coloured output gives a quick indication of inadequate access
  15. # control issues across the application.
  16.  
  17. # Copyright (C) 2012 Cyberis Limited
  18.  
  19. # This program is free software: you can redistribute it and/or modify
  20. # it under the terms of the GNU General Public License as published by
  21. # the Free Software Foundation, either version 3 of the License, or
  22. # (at your option) any later version.
  23.  
  24. # This program is distributed in the hope that it will be useful,
  25. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  26. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  27. # GNU General Public License for more details.
  28.  
  29. # You should have received a copy of the GNU General Public License
  30. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  31.  
  32. use strict;
  33. use warnings;
  34. use Term::ANSIColor;
  35. use Getopt::Long;
  36. use LWP::UserAgent;
  37. require LWP::Protocol::https;
  38.  
  39. my @urls;
  40. my $urlfile;
  41. my @cookies;
  42. my $nocolour = '';
  43. my $verbose = '';
  44. my $failstring;
  45. my $useragent = 'Mozilla/5.0';
  46. my $insecure = '';
  47. my $ua;
  48. my $delim = ' ';
  49.  
  50. my $result = GetOptions("file=s" => \$urlfile,
  51.                         "cookie=s" => \@cookies,
  52.                         "nocolour" => \$nocolour,
  53.                         "verbose+" => \$verbose,
  54. "string=s" => \$failstring,
  55. "useragent=s" => \$useragent,
  56. "insecure" => \$insecure,
  57. "delim=s" => \$delim );
  58.  
  59. if ($insecure) {
  60. $ua = LWP::UserAgent->new(agent => $useragent, ssl_opts => { verify_hostname => 0 });
  61. }
  62. else {
  63.   $ua = LWP::UserAgent->new(agent => $useragent, ssl_opts => { verify_hostname => 1 });
  64. }
  65.  
  66. if (! defined($urlfile)) {
  67. print usage();
  68. }
  69.  
  70.  
  71. # Load the URL's into memory
  72. open(F,$urlfile) or die "Failed to open file containing URL's - $!\n";
  73. while (<F>){
  74.         if (m/^http[s]?:\/\//) {
  75. chomp;
  76.                 push (@urls, $_);
  77.         }
  78. }
  79. close(F);
  80.  
  81. print STDERR "[INFO] Read ". @urls ." urls from file \"$urlfile\" \n";
  82.  
  83. if (defined($failstring)) {
  84. $failstring = qr/$failstring/;
  85. }
  86. else {
  87. print STDERR "[WARN] No string match set. Be aware that some applications will return 200 OK upon failed access requests.\n";
  88. }
  89.  
  90. print STDERR "[INFO] Request 1 - No cookie\n";
  91.  
  92. for (my $i=0; $i<@cookies; $i++) {
  93. my $count = $i + 2;
  94. print STDERR "[INFO] Request $count - cookie: " .$cookies[$i]."\n";
  95. }
  96.  
  97. print STDERR "[RESULTS] (key: C=Code, L=Length, R=Redirect M=Match NM=No_Match):\n\n";
  98.  
  99. foreach (@urls) {
  100.  
  101. #Get the URL with no cookies first
  102. my $url = $_;
  103. my $request = HTTP::Request->new(GET => $url);
  104. my $response = $ua->simple_request($request);
  105.  
  106. my @responses = ( {
  107.          cookie => '',
  108.          response => $response }
  109.      );
  110.  
  111. # Perform the request for each cookie
  112. foreach (@cookies) {
  113. $request = HTTP::Request->new(GET => $url,HTTP::Headers->new('Cookie' => $_));
  114. $response = $ua->simple_request($request);
  115.  
  116. push (@responses, {
  117. cookie => '$_',
  118. response => $response }
  119. );
  120. }
  121.  
  122. print $url;
  123. for (my $i=0; $i<@responses; $i++) {
  124. my $r = $responses[$i]{response};
  125. my $match = 0;
  126.  
  127. print $delim;
  128.  
  129. if ($r->code eq 200 && ! $nocolour) { print color 'green'; }
  130. if (($r->code eq 301 || $r->code eq 302) && ! $nocolour) { print color 'blue'; }
  131. if ($r->code >= 400 && $r->code < 500 && ! $nocolour) { print color 'yellow'; }
  132. if ($r->code eq 500 && ! $nocolour) { print color 'red'; }
  133.  
  134. if (defined($failstring)) {
  135. if ($r->content =~ /$failstring/ && ! $nocolour) {
  136. print color 'magenta';
  137. $match = 1;
  138. }
  139. }
  140.  
  141. if (defined($r->header('Location'))) {
  142. if ($match) {
  143. if ($verbose) {
  144. print "[C:" . $r->code . " L:" . length($r->content) . " R:" . $r->header('Location') . " M]";
  145. }
  146. else {
  147. print "[C:" . $r->code . " L:" . length($r->content) . " R M]";
  148. }
  149. }
  150. else {
  151. if ($verbose) {
  152. print "[C:" . $r->code . " L:" . length($r->content) . " R:" . $r->header('Location') . " NM]";
  153. }
  154. else {
  155. print "[C:" . $r->code . " L:" . length($r->content) . " R NM]";
  156. }
  157. }
  158. }
  159. else {
  160. if ($match) {
  161. print "[C:" . $r->code . " L:" . length($r->content) . " M]";
  162. }
  163. else
  164. {
  165. print "[C:" . $r->code . " L:" . length($r->content) . " NM]";
  166. }
  167. }
  168. print color 'reset';
  169. }
  170. print "\n";
  171.  
  172. }
  173.  
  174. sub usage {
  175. print STDERR "\n $0 -f <file containing urls> -c 'SESSION=session1' \\\n\t[-c 'SESSION=session2'] [--nocolour] [-v] [--string 'regex to match'] \\\n\t[--insecure] [-d 'DELIM'] [-u 'useragent']\n\n";
  176. print STDERR " Perl script to test access controls of web applications. Given an arbitrary\n number of session cookies, this script will access a number of URL's and\n report response code, length, any redirects, and whether a given string is\n contained within the response (e.g. 'Unauthorized'). Coloured output gives\n a quick indication of inadequate access control issues across the application.\n\n";
  177. print STDERR "\te.g. $0 -f urls.txt -c 'JSESSIONID=89EB1671D756C3CEA933F0491AEC199A' --string '(Unauthori[sz]ed Access|Please login)'\n\n";
  178. exit;
  179. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement