golibinjection

README

                             ____   ___  _     ____       
   __ _ _ __ __ _ _ __   ___/ ___| / _ \| |   / ___| ___  
  / _` | '__/ _` | '_ \ / _ \___ \| | | | |  | |  _ / _ \ 
 | (_| | | | (_| | |_) |  __/___) | |_| | |__| |_| | (_) |
  \__, |_|  \__,_| .__/ \___|____/ \__\_\_____\____|\___/   
  |___/          |_|                     grapeSQLI is easy to use Sql Inject & XSS Parser

grapeSQLI

grapeSQLI是一种简单易用的Sql inject & XSS分析程序。

兼容且使用libinjection指纹数据以及搜索模式。

libinjection已经拥有非常完美的思维模式，没必要颠覆它，所以我的大部分代码来自于libinjection，并针对GOLANG做出优化。

经过针对GO语言的优化，目前的性能在可以接受的范围内，具体请参考Benchmark节。

用法

    go get github.com/lixiangzhong/golibinjection

xss例子

package main

import (
    "github.com/lixiangzhong/golibinjection"
)

func main() {
    if golibinjection.XSSParser("<a href=\"  javascript:alert(1);\" >") {
        // todo something
    }
}

xss benchmark

Benchmark_XSSParser-8   	 3000000	       458 ns/op	      80 B/op	       1 allocs/op
Benchmark_XSSParserParallel-8   	10000000	       150 ns/op	      80 B/op	       1 allocs/op

SQLI例子

package main

import (
 "github.com/lixiangzhong/golibinjection"
)

func main() {
    if err:= golibinjection.SQLInject("asdf asd ; -1' and 1=1 union/* foo */select load_file('/etc/passwd')--");err != nil {
        // todo something
    }
}

SQLI Benchmark

BenchmarkSQLInject-8   	  300000	      5019 ns/op	    1376 B/op	      61 allocs/op
BenchmarkSQLInjectParallel-8   	 1000000	      2873 ns/op	    1376 B/op	      61 allocs/op

Thanks

Use Jetbrains Ide for project

Documentation

Index

• Constants
• Variables
• func ISDIGIT(s uint8) bool
• func LoadData(filename string) error
• func Lookup(key string) int
• func SQLInject(src string) error
• func XSSParser(s string) bool
• type Keyword
• type Sqlifingerprint
  • func UnmarshalSqlifingerprint(data []byte) (Sqlifingerprint, error)
  • func (r *Sqlifingerprint) Marshal() ([]byte, error)

Constants

const (
	DATA_TEXT = iota
	TAG_NAME_OPEN
	TAG_NAME_CLOSE
	TAG_NAME_SELFCLOSE
	TAG_DATA
	TAG_CLOSE
	ATTR_NAME
	ATTR_VALUE
	TAG_COMMENT
	DOCTYPE
)

const (
	CHAR_EOF      = -1
	CHAR_NULL     = 0
	CHAR_BANG     = 33
	CHAR_DOUBLE   = 34
	CHAR_PERCENT  = 37
	CHAR_SINGLE   = 39
	CHAR_DASH     = 45
	CHAR_SLASH    = 47
	CHAR_LT       = 60
	CHAR_EQUALS   = 61
	CHAR_GT       = 62
	CHAR_QUESTION = 63
	CHAR_RIGHTB   = 93
	CHAR_TICK     = 96
)

const (
	DATA_STATE = iota
	VALUE_NO_QUOTE
	VALUE_SINGLE_QUOTE
	VALUE_DOUBLE_QUOTE
	VALUE_BACK_QUOTE
)

const (
	TYPE_TK_NONE        = 0
	TYPE_KEYWORD        = 'k'
	TYPE_UNION          = 'U'
	TYPE_GROUP          = 'B'
	TYPE_EXPRESSION     = 'E'
	TYPE_SQLTYPE        = 't'
	TYPE_FUNCTION       = 'f'
	TYPE_BAREWORD       = 'n'
	TYPE_NUMBER         = '1'
	TYPE_VARIABLE       = 'v'
	TYPE_STRING         = 's'
	TYPE_OPERATOR       = 'o'
	TYPE_LOGIC_OPERATOR = '&'
	TYPE_COMMENT        = 'c'
	TYPE_COLLATE        = 'A'
	TYPE_LEFTPARENS     = '('
	TYPE_RIGHTPARENS    = ')' /* not used? */
	TYPE_LEFTBRACE      = '{'
	TYPE_RIGHTBRACE     = '}'
	TYPE_DOT            = '.'
	TYPE_COMMA          = ','
	TYPE_COLON          = ':'
	TYPE_SEMICOLON      = ';'
	TYPE_TSQL           = 'T' /* TSQL start */
	TYPE_UNKNOWN        = '?'
	TYPE_EVIL           = 'X' /* unparsable, abort  */
	TYPE_FINGERPRINT    = 'F' /* not really a token */
	TYPE_BACKSLASH      = '\\'
)

const (
	FLAG_NONE         = 0
	FLAG_QUOTE_NONE   = 1 /* 1 << 0 */
	FLAG_QUOTE_SINGLE = 2 /* 1 << 1 */
	FLAG_QUOTE_DOUBLE = 4 /* 1 << 2 */

	FLAG_SQL_ANSI  = 8  /* 1 << 3 */
	FLAG_SQL_MYSQL = 16 /* 1 << 4 */
)

const (
	LOOKUP_WORD        = 1
	LOOKUP_TYPE        = 2
	LOOKUP_OPERATOR    = 3
	LOOKUP_FINGERPRINT = 4
)

const (
	TYPE_NONE     = iota
	TYPE_BLACK    /* ban always */
	TYPE_ATTR_URL /* attribute value takes a URL-like object */
	TYPE_STYLE
	TYPE_ATTR_INDIRECT /* attribute *name* is given in *value* */
)

const (
	LIBINJECTION_SQLI_MAX_TOKENS = 5
)

const (
	LIBINJECTION_SQLI_TOKEN_SIZE = 32
)

Variables

var BLACKATTR = []stringtype_t{
	{"ACTION", TYPE_ATTR_URL},
	{"ATTRIBUTENAME", TYPE_ATTR_INDIRECT},
	{"BY", TYPE_ATTR_URL},
	{"BACKGROUND", TYPE_ATTR_URL},
	{"DATAFORMATAS", TYPE_BLACK},
	{"DATASRC", TYPE_BLACK},
	{"DYNSRC", TYPE_ATTR_URL},
	{"FILTER", TYPE_STYLE},
	{"FORMACTION", TYPE_ATTR_URL},
	{"FOLDER", TYPE_ATTR_URL},
	{"FROM", TYPE_ATTR_URL},
	{"HANDLER", TYPE_ATTR_URL},
	{"HREF", TYPE_ATTR_URL},
	{"LOWSRC", TYPE_ATTR_URL},
	{"POSTER", TYPE_ATTR_URL},
	{"SRC", TYPE_ATTR_URL},
	{"STYLE", TYPE_STYLE},
	{"TO", TYPE_ATTR_URL},
	{"VALUES", TYPE_ATTR_URL},
	{"XLINK:HREF", TYPE_ATTR_URL},
}

* view-source: * data: * javascript:

var BLACKTAG = []string{
	"APPLET",

	"BASE",
	"COMMENT",
	"EMBED",

	"FRAME",
	"FRAMESET",
	"HANDLER",
	"IFRAME",
	"IMPORT",
	"ISINDEX",
	"LINK",
	"LISTENER",

	"META",
	"NOSCRIPT",
	"OBJECT",
	"SCRIPT",
	"STYLE",

	"VMLFRAME",
	"XML",
	"XSS",
}

Functions

func ISDIGIT

func ISDIGIT(s uint8) bool

func LoadData

func LoadData(filename string) error

在二分查找中，数据必须做足够的排序，且排序必须是升序

func Lookup

func Lookup(key string) int

func SQLInject

func SQLInject(src string) error

func XSSParser

func XSSParser(s string) bool

Types

type Keyword

type Keyword string

const (
	A        Keyword = "A"
	B        Keyword = "B"
	E        Keyword = "E"
	Empty    Keyword = "&"
	F        Keyword = "f"
	K        Keyword = "k"
	KeywordT Keyword = "T"
	N        Keyword = "n"
	O        Keyword = "o"
	T        Keyword = "t"
	The1     Keyword = "1"
	U        Keyword = "U"
	V        Keyword = "v"
)

type Sqlifingerprint

type Sqlifingerprint struct {
	Charmap      []string           `json:"charmap"`
	Fingerprints []string           `json:"fingerprints"`
	Keywords     map[string]Keyword `json:"keywords"`
}

func UnmarshalSqlifingerprint

func UnmarshalSqlifingerprint(data []byte) (Sqlifingerprint, error)

func (*Sqlifingerprint) Marshal

func (r *Sqlifingerprint) Marshal() ([]byte, error)