wzhvictor / libinjection-python Goto Github PK

View Code? Open in Web Editor NEW

23.0 3.0 4.0 177 KB

Libinjection Python Wrapper

License: GNU General Public License v3.0

Python 15.38% Makefile 1.05% Shell 0.34% C 82.74% Cython 0.49%

libinjection-python's Introduction

Libinjection-python

Libinjection-python is a wrapper based on Cython for the Libinjection library.

Libinjection Version: v3.10.0(Released on 22 May 2017)

Requirements

Python 2.7 or 3.4+
Cython module (install via pip)

Installation

pip install libinjection-python

Usage

Check for SQL Injection

>> import libinjection
>> libinjection.is_sql_injection("http://testphp.vulnweb.com/main.php?SmallClass=' union select * from news where 1=2 and ''='")
{'is_sqli': True, 'fingerprint': 'sUEok', 'token_vector': [{'pos': 0, 'len': 31, 'count': 0, 'type': 115, 'str_open': 0, 'str_close': 39, 'val': b'http://testphp.vulnweb.com/main'}, {'pos': 49, 'len': 5, 'count': 0, 'type': 85, 'str_open': 0, 'str_close': 0, 'val': b'union'}, {'pos': 55, 'len': 6, 'count': 0, 'type': 69, 'str_open': 0, 'str_close': 0, 'val': b'select'}, {'pos': 62, 'len': 1, 'count': 0, 'type': 111, 'str_open': 0, 'str_close': 0, 'val': b'*'}, {'pos': 64, 'len': 4, 'count': 0, 'type': 107, 'str_open': 0, 'str_close': 0, 'val': b'from'}, {'pos': 69, 'len': 4, 'count': 0, 'type': 110, 'str_open': 0, 'str_close': 0, 'val': b'news'}, {'pos': 0, 'len': 0, 'count': 0, 'type': 0, 'str_open': 0, 'str_close': 0, 'val': b''}, {'pos': 0, 'len': 0, 'count': 0, 'type': 0, 'str_open': 0, 'str_close': 0, 'val': b''}]}

Check for Cross Site Scripting

>> libinjection.is_xss("http://testphp.vulnweb.com/index.php?name=guest<script>alert('attacked')</script>")
{'is_xss': True, 'flag': 0}

License

Licensed under the GNU General Public License v3.

libinjection-python's People

Contributors

Stargazers

Watchers

Forkers

ezzer17 john-g-g pengyejun florentjeannot

libinjection-python's Issues

Provide .tar.gz that does not require Cython to be already installed

Hello,

The current release requires Cython to be installed first in the venv , which is not ideal in a production environment that requires only one requirements.txt with all dependencies to install (since we can't specify a build order, it's very likely to fail).

I would suggest to add a pyproject.toml file to this repository containing the following:

[build-system]
requires = ["setuptools", "wheel", "Cython"]
build-backend = "setuptools.build_meta"

This is taken from the documentation of Cython: https://cython.readthedocs.io/en/latest/src/userguide/source_files_and_compilation.html#distributing-cython-modules

I tried it on my machine, the .tar.gz that I built does not fail when I install it without Cython in my venv.

I can provide a PR if you'd like.

Also, if it can help you, that's the steps I've done:

In the repo of libinjection-python, after adding the pyproject.toml:

pip install -U pip setuptools
python setup.py sdist

In another venv I installed the .tar.gz:

❯ pip install libinjection-python-1.1.5.tar.gz --no-cache-dir
Processing ./libinjection-python-1.1.5.tar.gz
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Building wheels for collected packages: libinjection-python
  Building wheel for libinjection-python (pyproject.toml) ... done
  Created wheel for libinjection-python: filename=libinjection_python-1.1.5-cp39-cp39-macosx_12_0_x86_64.whl size=85957 sha256=fe3f51d869b447227b80dc56d87246f265d4242fc854c873c8cdefd50970f3b5
  Stored in directory: /private/var/folders/4k/bthbhn197slfwjs0z2zgct1h0000gn/T/pip-ephem-wheel-cache-vv_z_l9a/wheels/fe/41/9f/490361f95cd052689d5439209bbdad4c9af9f1aa88682de1fb
Successfully built libinjection-python
Installing collected packages: libinjection-python
Successfully installed libinjection-python-1.1.5

I ensured that it worked by importing the lib and running the two examples described in the README.

Code update request

the old repo: https://github.com/client9/libinjection
isn't update any more.

Can you update libinjection code from
https://github.com/libinjection/libinjection

thx :-)

how to install on windows py3.6

https://pypi.org/project/libinjection-python/1.1.6/#files

I need a
libinjection_python-1.1.6-cp36-cp36-manylinux_2_17_x86_64.manylinux2014_x86_64.whl package

Add pypi token to upload wheels as part of build process

For the github action to work and upload the wheels to pypi, there needs to be a github secret named PYPI_API_TOKEN set with the value of a new or existing pypi token, and the git commit should be tagged as v1.1.6.

To set the secret: go to Settings > Secrets.

To tag the current master branch release:
git checkout master && git pull & git tag v1.1.6 && git push origin v1.1.6

"segmentation fault" when I do reading file and detecting at same time

When I do reading file and detecting at same time, "segmentation fault" occurred.

env

ubuntu 18.04
python 3.7.3
270000+ lines queries

code

from libinjection import is_xss
from libinjection import is_sql_injection as is_sqli

if __name__ == "__main__":
    query_file = "./querys.txt"
    sqlis = []
    xss = []
    with open(query_file) as f:
        # qs = f.readlines()
        for line in f:
            if is_sqli(line):
                sqlis.append(line)
            elif is_xss(line):
                xss.append(line)

    print(f"{len(sqlis)}")