scythe-ttp 0.16.1__py3-none-any.whl → 0.18.1__py3-none-any.whl

scythe/ttps/web/sql_injection.py

@@ -1,28 +1,65 @@
 from selenium.webdriver.common.by import By
 from selenium.webdriver.remote.webdriver import WebDriver
 from selenium.common.exceptions import NoSuchElementException
+from typing import Dict, Any, Optional
+import requests
+
 from ...core.ttp import TTP
 from ...payloads.generators import PayloadGenerator
 
 class InputFieldInjector(TTP):
+    """
+    SQL Injection TTP that tests input fields for SQL injection vulnerabilities.
+    
+    Supports two execution modes:
+    - UI mode: Fills form fields with SQL payloads
+    - API mode: Sends SQL payloads in API request body fields
+    """
     def __init__(self,
-                 target_url: str,
-                 field_selector: str,
-                 submit_selector: str,
-                 payload_generator: PayloadGenerator,
+                 target_url: str = None,
+                 field_selector: str = None,
+                 submit_selector: str = None,
+                 payload_generator: PayloadGenerator = None,
                  expected_result: bool = True,
-                 authentication=None):
-
+                 authentication=None,
+                 execution_mode: str = 'ui',
+                 api_endpoint: Optional[str] = None,
+                 injection_field: str = 'query',
+                 http_method: str = 'POST'):
+        """
+        Initialize the SQL Injection TTP.
+        
+        Args:
+            target_url: Target URL (UI mode)
+            field_selector: CSS/tag selector for input field (UI mode)
+            submit_selector: CSS selector for submit button (UI mode)
+            payload_generator: Generator that yields SQL injection payloads
+            expected_result: Whether we expect to find SQL injection vulnerabilities
+            authentication: Optional authentication
+            execution_mode: 'ui' or 'api'
+            api_endpoint: API endpoint path (API mode, e.g., '/api/search')
+            injection_field: Field name to inject SQL payload into (API mode)
+            http_method: HTTP method to use (API mode) - 'POST' or 'GET'
+        """
         super().__init__(
-            name="SQL Injection via URL manipulation", 
-            description="simulate an sql Injection by manipulation of url queries",
+            name="SQL Injection via Input Field", 
+            description="Simulate SQL injection by injecting payloads into input fields",
             expected_result=expected_result,
-            authentication=authentication)
+            authentication=authentication,
+            execution_mode=execution_mode)
 
+        # UI mode fields
         self.target_url = target_url
         self.field_selector = field_selector
-        self.payload_generator = payload_generator
         self.submit_selector = submit_selector
+        
+        # Common fields
+        self.payload_generator = payload_generator
+        
+        # API mode fields
+        self.api_endpoint = api_endpoint
+        self.injection_field = injection_field
+        self.http_method = http_method.upper()
 
     def get_payloads(self):
         """yields queries from the configured generator"""
@@ -51,30 +88,210 @@ class InputFieldInjector(TTP):
 
 
     def verify_result(self, driver: WebDriver) -> bool:
+        """Checks for SQL error indicators in the page source (UI mode)."""
         return "sql" in driver.page_source.lower() or \
                "source" in driver.page_source.lower()
+    
+    def execute_step_api(self, session: requests.Session, payload: str, context: Dict[str, Any]) -> requests.Response:
+        """
+        Executes a SQL injection attempt via API request.
+        
+        Args:
+            session: requests.Session for making HTTP requests
+            payload: The SQL injection payload to test
+            context: Shared context dictionary
+            
+        Returns:
+            requests.Response from the injection attempt
+        """
+        from urllib.parse import urljoin
+        
+        # Build the full URL
+        base_url = context.get('target_url', '')
+        if not base_url:
+            raise ValueError("target_url must be set in context for API mode")
+        
+        url = urljoin(base_url, self.api_endpoint or '/search')
+        
+        # Merge auth headers from context
+        headers = {}
+        auth_headers = context.get('auth_headers', {})
+        if auth_headers:
+            headers.update(auth_headers)
+        
+        # Honor rate limiting
+        import time
+        resume_at = context.get('rate_limit_resume_at')
+        now = time.time()
+        if isinstance(resume_at, (int, float)) and resume_at > now:
+            wait_s = min(resume_at - now, 30)
+            if wait_s > 0:
+                time.sleep(wait_s)
+        
+        # Make the request based on HTTP method
+        if self.http_method == 'GET':
+            # For GET, put payload in query params
+            response = session.get(url, params={self.injection_field: payload}, headers=headers or None, timeout=10.0)
+        else:
+            # For POST/PUT/etc, put payload in JSON body
+            body = {self.injection_field: payload}
+            response = session.request(self.http_method, url, json=body, headers=headers or None, timeout=10.0)
+        
+        # Handle rate limiting
+        if response.status_code == 429:
+            retry_after = response.headers.get('Retry-After', '1')
+            try:
+                wait_s = int(retry_after)
+            except (ValueError, TypeError):
+                wait_s = 1
+            context['rate_limit_resume_at'] = time.time() + min(wait_s, 30)
+        
+        return response
+    
+    def verify_result_api(self, response: requests.Response, context: Dict[str, Any]) -> bool:
+        """
+        Verifies if the SQL injection attempt triggered a vulnerability.
+        
+        Args:
+            response: The response from execute_step_api
+            context: Shared context dictionary
+            
+        Returns:
+            True if SQL error indicators found, False otherwise
+        """
+        try:
+            response_text = response.text.lower()
+            # Common SQL error indicators
+            sql_indicators = [
+                'sql', 'syntax', 'mysql', 'sqlite', 'postgresql', 'oracle',
+                'odbc', 'jdbc', 'driver', 'database', 'query', 'syntax error',
+                'unterminated', 'unexpected', 'warning: mysql'
+            ]
+            return any(indicator in response_text for indicator in sql_indicators)
+        except Exception:
+            return False
 
 
 class URLManipulation(TTP):
+    """
+    SQL Injection TTP that tests URL query parameters for SQL injection vulnerabilities.
+    
+    Supports two execution modes:
+    - UI mode: Navigates to URLs with SQL payloads in query parameters
+    - API mode: Sends GET requests with SQL payloads in query parameters
+    """
     def __init__(self,
                  payload_generator: PayloadGenerator,
-                 target_url: str,
+                 target_url: str = None,
                  expected_result: bool = True,
-                 authentication=None):
+                 authentication=None,
+                 execution_mode: str = 'ui',
+                 api_endpoint: Optional[str] = None,
+                 query_param: str = 'q'):
+        """
+        Initialize the URL Manipulation SQL Injection TTP.
+        
+        Args:
+            payload_generator: Generator that yields SQL injection payloads
+            target_url: Target URL (UI mode)
+            expected_result: Whether we expect to find SQL injection vulnerabilities
+            authentication: Optional authentication
+            execution_mode: 'ui' or 'api'
+            api_endpoint: API endpoint path (API mode, e.g., '/api/search')
+            query_param: Query parameter name to inject into (default: 'q')
+        """
         super().__init__(
             name="SQL Injection via URL manipulation", 
-            description="simulate an sql Injection by manipulation of url queries",
+            description="Simulate SQL injection by manipulating URL query parameters",
             expected_result=expected_result,
-            authentication=authentication)
+            authentication=authentication,
+            execution_mode=execution_mode)
         self.target_url = target_url
         self.payload_generator = payload_generator
+        self.api_endpoint = api_endpoint
+        self.query_param = query_param
 
     def get_payloads(self):
         yield from self.payload_generator()
 
     def execute_step(self, driver: WebDriver, payload: str):
-        driver.get(f"{self.target_url}?q={payload}")
+        """Execute SQL injection via URL manipulation in UI mode."""
+        driver.get(f"{self.target_url}?{self.query_param}={payload}")
 
     def verify_result(self, driver: WebDriver) -> bool:
+        """Check for SQL error indicators in UI mode."""
         return "sql" in driver.page_source.lower() or \
                "source" in driver.page_source.lower()
+    
+    def execute_step_api(self, session: requests.Session, payload: str, context: Dict[str, Any]) -> requests.Response:
+        """
+        Executes a SQL injection attempt via API request with query parameters.
+        
+        Args:
+            session: requests.Session for making HTTP requests
+            payload: The SQL injection payload to test
+            context: Shared context dictionary
+            
+        Returns:
+            requests.Response from the injection attempt
+        """
+        from urllib.parse import urljoin
+        
+        # Build the full URL
+        base_url = context.get('target_url', '')
+        if not base_url:
+            raise ValueError("target_url must be set in context for API mode")
+        
+        url = urljoin(base_url, self.api_endpoint or self.target_url or '/')
+        
+        # Merge auth headers from context
+        headers = {}
+        auth_headers = context.get('auth_headers', {})
+        if auth_headers:
+            headers.update(auth_headers)
+        
+        # Honor rate limiting
+        import time
+        resume_at = context.get('rate_limit_resume_at')
+        now = time.time()
+        if isinstance(resume_at, (int, float)) and resume_at > now:
+            wait_s = min(resume_at - now, 30)
+            if wait_s > 0:
+                time.sleep(wait_s)
+        
+        # Make GET request with payload in query param
+        response = session.get(url, params={self.query_param: payload}, headers=headers or None, timeout=10.0)
+        
+        # Handle rate limiting
+        if response.status_code == 429:
+            retry_after = response.headers.get('Retry-After', '1')
+            try:
+                wait_s = int(retry_after)
+            except (ValueError, TypeError):
+                wait_s = 1
+            context['rate_limit_resume_at'] = time.time() + min(wait_s, 30)
+        
+        return response
+    
+    def verify_result_api(self, response: requests.Response, context: Dict[str, Any]) -> bool:
+        """
+        Verifies if the SQL injection attempt triggered a vulnerability.
+        
+        Args:
+            response: The response from execute_step_api
+            context: Shared context dictionary
+            
+        Returns:
+            True if SQL error indicators found, False otherwise
+        """
+        try:
+            response_text = response.text.lower()
+            # Common SQL error indicators
+            sql_indicators = [
+                'sql', 'syntax', 'mysql', 'sqlite', 'postgresql', 'oracle',
+                'odbc', 'jdbc', 'driver', 'database', 'query', 'syntax error',
+                'unterminated', 'unexpected', 'warning: mysql'
+            ]
+            return any(indicator in response_text for indicator in sql_indicators)
+        except Exception:
+            return False

{scythe_ttp-0.16.1.dist-info → scythe_ttp-0.18.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: scythe-ttp
-Version: 0.16.1
+Version: 0.18.1
 Summary: An extensible framework for emulating attacker TTPs with Selenium.
 Author-email: EpykLab <cyber@epyklab.com>
 Classifier: Programming Language :: Python :: 3
@@ -35,6 +35,7 @@ Requires-Dist: urllib3==2.4.0
 Requires-Dist: websocket-client==1.8.0
 Requires-Dist: wsproto==1.2.0
 Requires-Dist: typer
+Requires-Dist: shellingham
 Dynamic: license-file
 
 <h1 align="center">Scythe</h1>

{scythe_ttp-0.16.1.dist-info → scythe_ttp-0.18.1.dist-info}/RECORD

@@ -3,7 +3,7 @@ scythe/auth/__init__.py,sha256=InEANqWEIAULFyzH9IyxWDPs_gJd3m_JYmzoaBk_37M,420
 scythe/auth/base.py,sha256=DllKaPGj0MRyRh4PQgQ2TUFgeAXjgXOT2h6zUz2ZAag,3807
 scythe/auth/basic.py,sha256=H4IG9-Y7wFe7ZQCNHmmqhre-Pp9CnBxlT23h2uvOPWo,14354
 scythe/auth/bearer.py,sha256=ngOL-sS6FcfB8XAKMR-CZbpqyySu2MaKxUl10SyBmmI,12687
-scythe/auth/cookie_jwt.py,sha256=z5Q-c594_m-dmh2Rv_4Xfeu0fXSQdlZ12Q-emtyj63g,6337
+scythe/auth/cookie_jwt.py,sha256=A5ysCd6mVPNRj3aGNhk68GyM8A2hNW4BqCLZOQ8sa5U,7610
 scythe/behaviors/__init__.py,sha256=w-WRBGRgna5a1N8oHP2aXSQnkQUHyOXiujpwEVf_ZyM,291
 scythe/behaviors/base.py,sha256=INvIYKVIWzEi5w_4njOwKZ3X9IvySvqiMJnYX7_2Lns,3955
 scythe/behaviors/default.py,sha256=MDx4N-KwC23pPLGu1-ZIkGiTRNUG3Lxjbvo7SJ3UwMc,2117
@@ -11,30 +11,31 @@ scythe/behaviors/human.py,sha256=1PqYvE7cnxlj-KDmDIr3uzfWHvDAbbxQxJ0V0iTl9yo,102
 scythe/behaviors/machine.py,sha256=NDMUq3mDhpCvujzAFxhn2eSVq78-J-LSBhIcvHkzKXo,4624
 scythe/behaviors/stealth.py,sha256=xv7MrPQgRCdCUJyYTcXV2aasWZoAw8rAQWg-AuQVb7U,15278
 scythe/cli/__init__.py,sha256=9EVxmFiWsAoqWJ6br1bc3BxlA71JyOQP28fUHhX2k7E,43
-scythe/cli/main.py,sha256=-PXmdzYzlS5KWndVd35CoxAK17wxfLEmF_KUotJrHc0,21373
+scythe/cli/main.py,sha256=DYF8iyJqmDwuen9By4DMX6GytwKQXwXh8Gk3LXW1Ypg,27480
 scythe/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/core/executor.py,sha256=x1w2nByVu2G70sh7t0kOh6urlrTm_r_pbk0S7v1Ov28,9736
+scythe/core/executor.py,sha256=F8r_t5vSvsxNuUFx-Y0JzSe051cj_w42iyZrS7wocb4,16306
 scythe/core/headers.py,sha256=AokCQ3F5QGUcfoK7iO57hA1HHL4IznZeWV464_MqYcE,16670
-scythe/core/ttp.py,sha256=Xw9GgptYsjZ-pMLdyPv64bhiwGKobrXHdF32pjIY7OU,3102
+scythe/core/ttp.py,sha256=tEYIhDdr8kcwQrlcfVmdeLFiAfOvc0BhPOVxPh8TiWo,5676
 scythe/journeys/__init__.py,sha256=Odi8NhRg7Hefmo1EJj1guakrCSPhsuus4i-_62uUUjs,654
-scythe/journeys/actions.py,sha256=k9WjfGR1nhJWyhDU_lHr7vFy5qAl7hyyV6kCL7ZQRMo,37479
+scythe/journeys/actions.py,sha256=URr53p1GQxSIBZo0IubchQ1dlfvnPHgCtmkRfLSoi7A,40333
 scythe/journeys/base.py,sha256=vXIgEnSW__iYTriBbuMG4l_XCM96xojJH_fyFScKoBY,24969
-scythe/journeys/executor.py,sha256=_q2hzl4G9iv07I6NVMtNaK3O8QGLDwLNMiaxIle-nsY,24654
+scythe/journeys/executor.py,sha256=wSAFFU9qwyYA2Q_5TZBUDgafVb1slwvj0VNJ7cR46FE,25223
 scythe/orchestrators/__init__.py,sha256=_vemcXjKbB1jI0F2dPA0F1zNsyUekjcXImLDUDhWDN0,560
-scythe/orchestrators/base.py,sha256=YOZV0ewlzJ49H08P_LKnimutUms8NnDrQprFpSKhOeM,13595
+scythe/orchestrators/base.py,sha256=oZ68VmX18mBITvFUXfHJYvIE20PCfEAKrsikdr6_0Qg,14219
 scythe/orchestrators/batch.py,sha256=FpK501kk-earJzz6v7dcuw2y708rTvt_IMH_5qjKdrc,26635
 scythe/orchestrators/distributed.py,sha256=ts19NZzPfr0ouFbUFrktPO-iL5jBNB57mcOh0eDJDmE,33554
 scythe/orchestrators/scale.py,sha256=l2-4U6ISeBDBZz7CG6ef9W-zyF6LiAM4uXXKlfczLB0,21394
 scythe/payloads/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 scythe/payloads/generators.py,sha256=tCcJULoFnUppgaiFhYq5f20OoQxTdKKIb2O-Ntby9ZM,914
 scythe/ttps/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/ttps/web/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-scythe/ttps/web/login_bruteforce.py,sha256=D4G8zB_nU9LD5w3Vv2ABTuOl4XTeg2BgZwYMObt4JJw,2488
-scythe/ttps/web/sql_injection.py,sha256=aWk4DFePbtFDsieOOj03Ux-5OiykyOs2_d_3SvWMOVE,2910
+scythe/ttps/web/__init__.py,sha256=xSAg10WySjbjLl4T1r-mZ3-DkDU-5A3pjibo5gymGbI,341
+scythe/ttps/web/login_bruteforce.py,sha256=ybmN2Vl9-p58YbOchirY1193GvlaTmUTW1qlluN_l3I,7816
+scythe/ttps/web/request_flooding.py,sha256=hPdYj1FpGtVcAYqsSabo-J_uL-sbc_DUkHS7Op6Qchk,22146
+scythe/ttps/web/sql_injection.py,sha256=rIRHaRUilSrMA5q5MO1RqR6-TM_fRIiCanPaFz5wKKs,11712
 scythe/ttps/web/uuid_guessing.py,sha256=JwNt_9HVynMWFPPU6UGJFcpxvMVDsvc_wAnJVtcYbps,1235
-scythe_ttp-0.16.1.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
-scythe_ttp-0.16.1.dist-info/METADATA,sha256=LxmrtQniVraYXKXFAlrTE66DYvHC-vGQNp6Wk6HmCDA,30161
-scythe_ttp-0.16.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-scythe_ttp-0.16.1.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
-scythe_ttp-0.16.1.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
-scythe_ttp-0.16.1.dist-info/RECORD,,
+scythe_ttp-0.18.1.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
+scythe_ttp-0.18.1.dist-info/METADATA,sha256=cUP37iBhA9aM1rUUuX-ox52MJ_rMHTFeswiyHeM4IzQ,30188
+scythe_ttp-0.18.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+scythe_ttp-0.18.1.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
+scythe_ttp-0.18.1.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
+scythe_ttp-0.18.1.dist-info/RECORD,,