security-gem 0.1.2 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/security/gem/security.rb +199 -0
- data/lib/security/gem/version.rb +1 -1
- data/lib/security/gem.rb +1 -1
- data/lib/security/test.rb +13 -3
- data/sql_common_commands.txt +37 -0
- data/{payloads.txt → sql_payloads.txt} +1 -1
- data/top_user_agents.txt +1037 -0
- data/xss_common_scripts.txt +34 -0
- data/xss_payloads.txt +6606 -0
- metadata +7 -3
- data/lib/security/gem/builder.rb +0 -45
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2f2eecdfc5fb7ffdb08c8233fbc0c31528364e5e787241bc89351b3ceb54c844
|
|
4
|
+
data.tar.gz: e5d719157b9158bca6784763a1f8e0d6fcbcb08f11bc11246d6e14b979352753
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 19bf4b7bf2291c2a4c5f704829f7f78b03e0726d977fdf3c72171f01c51993c3e5ee21b854407f6ff72ab089fac36822a3be9ed113603e934884c166dc039d63
|
|
7
|
+
data.tar.gz: c5914aa0c01e1978d1a2774ad2d13866e8d6bf3c3b3f20b3a40e3debb8c9588d0a748f48201754a34ca528350662eb5a8271109d2fbd917536e02ae7ae324233
|
data/Gemfile.lock
CHANGED
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
|
|
3
|
+
SecurityLogger
|
|
4
|
+
______________
|
|
5
|
+
|
|
6
|
+
Description:
|
|
7
|
+
This module provides a simple and unified format to log security events
|
|
8
|
+
|
|
9
|
+
Classes:
|
|
10
|
+
Sql_Injection, Xss_Injection, User_Agent
|
|
11
|
+
|
|
12
|
+
Owner:
|
|
13
|
+
Tucker Weibell - 05/09/2022
|
|
14
|
+
|
|
15
|
+
=end
|
|
16
|
+
|
|
17
|
+
require 'json'
|
|
18
|
+
require 'logger'
|
|
19
|
+
require 'logger/formatter'
|
|
20
|
+
require 'net/http'
|
|
21
|
+
require 'dotenv'
|
|
22
|
+
Dotenv.load
|
|
23
|
+
|
|
24
|
+
module SecurityLogger
|
|
25
|
+
|
|
26
|
+
=begin
|
|
27
|
+
|
|
28
|
+
Sql_Injection Class
|
|
29
|
+
___________________
|
|
30
|
+
|
|
31
|
+
Description:
|
|
32
|
+
- Checks inputs against most commonly used sql injection commands.
|
|
33
|
+
- Inputs that match or contain probably sql commands will be logged.
|
|
34
|
+
- Payloads can be replaced by simply changing the ENV varibles
|
|
35
|
+
and pointing the URI to any custom text file
|
|
36
|
+
|
|
37
|
+
Usage: SecurityLogger::Sql_Injection.new(ip_origin: request.ip).check_input(input)
|
|
38
|
+
|
|
39
|
+
=end
|
|
40
|
+
|
|
41
|
+
class Sql_Injection
|
|
42
|
+
def initialize (ip_origin:)
|
|
43
|
+
@ip_origin = ip_origin
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def log(input)
|
|
47
|
+
logger = Logger.new(STDOUT)
|
|
48
|
+
logger.formatter = proc do |severity, datetime, progname, msg|
|
|
49
|
+
{
|
|
50
|
+
severity: severity,
|
|
51
|
+
timestamp: datetime.to_s,
|
|
52
|
+
app: progname,
|
|
53
|
+
message: msg
|
|
54
|
+
}.to_json + $/
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
message = {:threat => "sql_injection_attack", :input => input, :ip_origin => @ip_origin}
|
|
58
|
+
logger.warn(JSON.parse(message.to_json))
|
|
59
|
+
return
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
def check_input(input)
|
|
63
|
+
uri = ENV['PATH_TO_SQL_PAYLOAD']
|
|
64
|
+
uri = URI(uri)
|
|
65
|
+
file = Net::HTTP.get(uri)
|
|
66
|
+
file.each_line do |file|
|
|
67
|
+
if file.strip == input.strip
|
|
68
|
+
self.log(input.strip)
|
|
69
|
+
return
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
uri = ENV['PATH_TO_SQL_COMMON_COMMANDS']
|
|
74
|
+
uri = URI(uri)
|
|
75
|
+
file = Net::HTTP.get(uri)
|
|
76
|
+
file.each_line do |file|
|
|
77
|
+
if input.strip.downcase.include?(file.strip.downcase)
|
|
78
|
+
self.log(input.strip)
|
|
79
|
+
return
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
|
|
87
|
+
=begin
|
|
88
|
+
|
|
89
|
+
Xss_Injection Class
|
|
90
|
+
___________________
|
|
91
|
+
|
|
92
|
+
Description:
|
|
93
|
+
- Checks inputs against most commonly used xss scripts.
|
|
94
|
+
- Inputs that match or contain common keywords will be logged.
|
|
95
|
+
- Payloads can be replaced by simply changing the ENV varibles
|
|
96
|
+
and pointing the URI to any custom text file
|
|
97
|
+
|
|
98
|
+
Usage: SecurityLogger::Xss_Injection.new(ip_origin: request.ip).check_input(input)
|
|
99
|
+
|
|
100
|
+
=end
|
|
101
|
+
|
|
102
|
+
class Xss_Injection
|
|
103
|
+
def initialize (ip_origin:)
|
|
104
|
+
@ip_origin = ip_origin
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def log(input)
|
|
108
|
+
logger = Logger.new(STDOUT)
|
|
109
|
+
logger.formatter = proc do |severity, datetime, progname, msg|
|
|
110
|
+
{
|
|
111
|
+
severity: severity,
|
|
112
|
+
timestamp: datetime.to_s,
|
|
113
|
+
app: progname,
|
|
114
|
+
message: msg
|
|
115
|
+
}.to_json + $/
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
message = {:threat => "xss_attack", :input => input, :ip_origin => @ip_origin}
|
|
119
|
+
logger.warn(JSON.parse(message.to_json))
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
def check_input(input)
|
|
123
|
+
uri = ENV['PATH_TO_XSS_PAYLOAD']
|
|
124
|
+
uri = URI(uri)
|
|
125
|
+
file = Net::HTTP.get(uri)
|
|
126
|
+
file.each_line do |file|
|
|
127
|
+
if file.strip == input.strip
|
|
128
|
+
self.log(input.strip)
|
|
129
|
+
return
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
uri = ENV['PATH_TO_XSS_COMMON_SCRIPTS']
|
|
134
|
+
uri = URI(uri)
|
|
135
|
+
file = Net::HTTP.get(uri)
|
|
136
|
+
file.each_line do |file|
|
|
137
|
+
if input.strip.downcase.include?(file.strip.downcase)
|
|
138
|
+
self.log(input.strip)
|
|
139
|
+
return
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
|
|
147
|
+
=begin
|
|
148
|
+
|
|
149
|
+
User_Agent Class
|
|
150
|
+
___________________
|
|
151
|
+
|
|
152
|
+
Description:
|
|
153
|
+
- Checks inputs against most common user_agents (approx. top 1000).
|
|
154
|
+
- Inputs that DO NOT match any of the most common user agents will be logged.
|
|
155
|
+
- Payloads can be replaced by simply changing the ENV varibles
|
|
156
|
+
and pointing the URI to any custom text file
|
|
157
|
+
|
|
158
|
+
Usage: SecurityLogger::User_Agent.new(ip_origin: request.ip).check_input(input)
|
|
159
|
+
|
|
160
|
+
=end
|
|
161
|
+
|
|
162
|
+
class User_Agent
|
|
163
|
+
def initialize (ip_origin:)
|
|
164
|
+
@ip_origin = ip_origin
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
def log(input)
|
|
168
|
+
logger = Logger.new(STDOUT)
|
|
169
|
+
logger.formatter = proc do |severity, datetime, progname, msg|
|
|
170
|
+
{
|
|
171
|
+
severity: severity,
|
|
172
|
+
timestamp: datetime.to_s,
|
|
173
|
+
app: progname,
|
|
174
|
+
message: msg
|
|
175
|
+
}.to_json + $/
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
message = {:threat => "uncommon_user_agent", :input => input, :ip_origin => @ip_origin}
|
|
179
|
+
logger.warn(JSON.parse(message.to_json))
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
def check_input(input)
|
|
183
|
+
uri = ENV['PATH_TO_USER_AGENT_PAYLOAD']
|
|
184
|
+
uri = URI(uri)
|
|
185
|
+
file = Net::HTTP.get(uri)
|
|
186
|
+
@matches = 0
|
|
187
|
+
file.each_line do |file|
|
|
188
|
+
if file.strip == input.strip
|
|
189
|
+
@matches += 1
|
|
190
|
+
end
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
if @matches == 0
|
|
194
|
+
self.log(input.strip)
|
|
195
|
+
return
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
end
|
|
199
|
+
end
|
data/lib/security/gem/version.rb
CHANGED
data/lib/security/gem.rb
CHANGED
data/lib/security/test.rb
CHANGED
|
@@ -1,7 +1,17 @@
|
|
|
1
|
-
require_relative "gem/
|
|
1
|
+
require_relative "gem/security"
|
|
2
2
|
|
|
3
3
|
# Sample SQL input
|
|
4
|
-
input = "
|
|
4
|
+
input = "ALTER TABLE"
|
|
5
5
|
|
|
6
6
|
# Using the gem to log injection attempts
|
|
7
|
-
SecurityLogger::Sql_Injection.new().check_input(input)
|
|
7
|
+
SecurityLogger::Sql_Injection.new(ip_origin: "123.123.123.1").check_input(input)
|
|
8
|
+
|
|
9
|
+
input = "<svg"
|
|
10
|
+
|
|
11
|
+
# Using gem to log xss attempts
|
|
12
|
+
SecurityLogger::Xss_Injection.new(ip_origin: "123.123.123.1").check_input(input)
|
|
13
|
+
|
|
14
|
+
input = "evilhacker"
|
|
15
|
+
|
|
16
|
+
# Using gem to log xss attempts
|
|
17
|
+
SecurityLogger::User_Agent.new(ip_origin: "123.123.123.1").check_input(input)
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
SELECT
|
|
2
|
+
FROM
|
|
3
|
+
SELECT FROM
|
|
4
|
+
UNION
|
|
5
|
+
UNION ALL
|
|
6
|
+
UNION ALL SELECT
|
|
7
|
+
COLLATE
|
|
8
|
+
DELETE
|
|
9
|
+
INSERT INTO
|
|
10
|
+
CREATE DATABASE
|
|
11
|
+
ALTER DATABASE
|
|
12
|
+
CREATE TABLE
|
|
13
|
+
ALTER TABLE
|
|
14
|
+
DROP TABLE
|
|
15
|
+
CREATE INDEX
|
|
16
|
+
DROP INDEX
|
|
17
|
+
DECLARE
|
|
18
|
+
/*!32302 1/0, */
|
|
19
|
+
/*!32302
|
|
20
|
+
CONCAT
|
|
21
|
+
1--
|
|
22
|
+
admin' --
|
|
23
|
+
admin' #
|
|
24
|
+
admin'/*
|
|
25
|
+
' or 1=1--
|
|
26
|
+
' or 1=1#
|
|
27
|
+
' or 1=1/*
|
|
28
|
+
') or '1'='1--
|
|
29
|
+
') or ('1'='1--
|
|
30
|
+
' HAVING 1=1 --
|
|
31
|
+
GROUP BY
|
|
32
|
+
ORDER BY
|
|
33
|
+
WAITFOR DELAY
|
|
34
|
+
NULL--
|
|
35
|
+
;
|
|
36
|
+
IF EXISTS
|
|
37
|
+
mysql.user
|