diff --git a/.gitignore b/.gitignore index 5d758cb..70b93e4 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,13 @@ secrets/ *.log logs/ +# Data and databases +data/ +**/data/ +*.db +*.sqlite +*.sqlite3 + # Temporary files *.tmp *.temp diff --git a/src/data/krawl.db b/src/data/krawl.db deleted file mode 100644 index 759ffb9..0000000 Binary files a/src/data/krawl.db and /dev/null differ diff --git a/tests/sim_attacks.sh b/tests/sim_attacks.sh index d4a72b2..3502c3a 100755 --- a/tests/sim_attacks.sh +++ b/tests/sim_attacks.sh @@ -17,4 +17,4 @@ curl -s "$TARGET/wp-admin/" echo -e "\n=== Testing Shell Injection ===" curl -s -X POST "$TARGET/ping" -d "host=127.0.0.1; cat /etc/passwd" -echo -e "\n=== Done ===" \ No newline at end of file +echo -e "\n=== Done ===" diff --git a/tests/test_sql_injection.sh b/tests/test_sql_injection.sh new file mode 100644 index 0000000..e178b3c --- /dev/null +++ b/tests/test_sql_injection.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Test script for SQL injection honeypot endpoints + +BASE_URL="http://localhost:5000" + +echo "=========================================" +echo "Testing SQL Injection Honeypot Endpoints" +echo "=========================================" +echo "" + +# Test 1: Normal query +echo "Test 1: Normal GET request to /api/search" +curl -s "${BASE_URL}/api/search?q=test" | head -20 +echo "" +echo "---" +echo "" + +# Test 2: SQL injection with single quote +echo "Test 2: SQL injection with single quote" +curl -s "${BASE_URL}/api/search?id=1'" | head -20 +echo "" +echo "---" +echo "" + +# Test 3: UNION-based injection +echo "Test 3: UNION-based SQL injection" +curl -s "${BASE_URL}/api/search?id=1%20UNION%20SELECT%20*" | head -20 +echo "" +echo "---" +echo "" + +# Test 4: Boolean-based injection +echo "Test 4: Boolean-based SQL injection" +curl -s "${BASE_URL}/api/sql?user=admin'%20OR%201=1--" | head -20 +echo "" +echo "---" +echo "" + +# Test 5: Comment-based injection +echo "Test 5: Comment-based SQL injection" +curl -s "${BASE_URL}/api/database?q=test'--" | head -20 +echo "" +echo "---" +echo "" + +# Test 6: Time-based injection +echo "Test 6: Time-based SQL injection" +curl -s "${BASE_URL}/api/search?id=1%20AND%20SLEEP(5)" | head -20 +echo "" +echo "---" +echo "" + +# Test 7: POST request with SQL injection +echo "Test 7: POST request with SQL injection" +curl -s -X POST "${BASE_URL}/api/search" -d "username=admin'%20OR%201=1--&password=test" | head -20 +echo "" +echo "---" +echo "" + +# Test 8: Information schema query +echo "Test 8: Information schema injection" +curl -s "${BASE_URL}/api/sql?table=information_schema.tables" | head -20 +echo "" +echo "---" +echo "" + +# Test 9: Stacked queries +echo "Test 9: Stacked queries injection" +curl -s "${BASE_URL}/api/database?id=1;DROP%20TABLE%20users" | head -20 +echo "" +echo "---" +echo "" + +echo "=========================================" +echo "Tests completed!" +echo "Check logs for detailed attack detection" +echo "=========================================" diff --git a/wordlists.json b/wordlists.json index f1aae81..c0f1a17 100644 --- a/wordlists.json +++ b/wordlists.json @@ -193,5 +193,170 @@ 500, 502, 503 - ] + ], + "server_errors": { + "nginx": { + "versions": ["1.18.0", "1.20.1", "1.22.0", "1.24.0"], + "template": "\n\n\n{code} {message}\n\n\n\n

An error occurred.

\n

Sorry, the page you are looking for is currently unavailable.
\nPlease try again later.

\n

If you are the system administrator of this resource then you should check the error log for details.

\n

Faithfully yours, nginx/{version}.

\n\n" + }, + "apache": { + "versions": ["2.4.41", "2.4.52", "2.4.54", "2.4.57"], + "os": ["Ubuntu", "Debian", "CentOS"], + "template": "\n\n{code} {message}\n\n

{message}

\n

The requested URL was not found on this server.

\n
\n
Apache/{version} ({os}) Server at {host} Port 80
\n" + }, + "iis": { + "versions": ["10.0", "8.5", "8.0"], + "template": "\n\n\n\n{code} - {message}\n\n\n\n

Server Error

\n
\n
\n

{code} - {message}

\n

The page cannot be displayed because an internal server error has occurred.

\n
\n
\n\n" + }, + "tomcat": { + "versions": ["9.0.65", "10.0.27", "10.1.5"], + "template": "HTTP Status {code} - {message}

HTTP Status {code} - {message}

Type Status Report

Description The server encountered an internal error that prevented it from fulfilling this request.

Apache Tomcat/{version}

" + } + }, + "sql_errors": { + "mysql": { + "generic": [ + "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' at line 1", + "Unknown column '{column}' in 'where clause'", + "Table '{table}' doesn't exist", + "Operand should contain 1 column(s)", + "Subquery returns more than 1 row", + "Duplicate entry 'admin' for key 'PRIMARY'" + ], + "quote": [ + "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1", + "Unclosed quotation mark after the character string ''", + "You have an error in your SQL syntax near '\\'' LIMIT 0,30'" + ], + "union": [ + "The used SELECT statements have a different number of columns", + "Operand should contain 1 column(s)", + "Mixing of GROUP columns (MIN(),MAX(),COUNT(),...) with no GROUP columns is illegal" + ], + "boolean": [ + "You have an error in your SQL syntax near 'OR 1=1' at line 1", + "Unknown column '1' in 'where clause'" + ], + "time_based": [ + "Query execution was interrupted", + "Lock wait timeout exceeded; try restarting transaction" + ], + "comment": [ + "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--' at line 1" + ] + }, + "postgresql": { + "generic": [ + "ERROR: syntax error at or near \"1\"", + "ERROR: column \"{column}\" does not exist", + "ERROR: relation \"{table}\" does not exist", + "ERROR: operator does not exist: integer = text", + "ERROR: invalid input syntax for type integer: \"admin\"" + ], + "quote": [ + "ERROR: unterminated quoted string at or near \"'\"", + "ERROR: syntax error at or near \"'\"", + "ERROR: unterminated quoted identifier at or near \"'\"" + ], + "union": [ + "ERROR: each UNION query must have the same number of columns", + "ERROR: UNION types integer and text cannot be matched" + ], + "boolean": [ + "ERROR: syntax error at or near \"OR\"", + "ERROR: invalid input syntax for type boolean: \"1=1\"" + ], + "time_based": [ + "ERROR: canceling statement due to user request", + "ERROR: function pg_sleep(integer) does not exist" + ], + "info_schema": [ + "ERROR: permission denied for table {table}", + "ERROR: permission denied for schema information_schema" + ] + }, + "mssql": { + "generic": [ + "Msg 102, Level 15, State 1, Line 1\nIncorrect syntax near '1'.", + "Msg 207, Level 16, State 1, Line 1\nInvalid column name '{column}'.", + "Msg 208, Level 16, State 1, Line 1\nInvalid object name '{table}'.", + "Msg 245, Level 16, State 1, Line 1\nConversion failed when converting the varchar value 'admin' to data type int." + ], + "quote": [ + "Msg 105, Level 15, State 1, Line 1\nUnclosed quotation mark after the character string ''.", + "Msg 102, Level 15, State 1, Line 1\nIncorrect syntax near '''." + ], + "union": [ + "Msg 205, Level 16, State 1, Line 1\nAll queries combined using a UNION, INTERSECT or EXCEPT operator must have an equal number of expressions in their target lists.", + "Msg 8167, Level 16, State 1, Line 1\nThe type of column \"{column}\" conflicts with the type of other columns specified in the UNION, INTERSECT, or EXCEPT list." + ], + "boolean": [ + "Msg 102, Level 15, State 1, Line 1\nIncorrect syntax near 'OR'." + ], + "command": [ + "Msg 15281, Level 16, State 1, Procedure xp_cmdshell, Line 1\nSQL Server blocked access to procedure 'sys.xp_cmdshell' of component 'xp_cmdshell'" + ] + }, + "oracle": { + "generic": [ + "ORA-00933: SQL command not properly ended", + "ORA-00904: \"{column}\": invalid identifier", + "ORA-00942: table or view \"{table}\" does not exist", + "ORA-01722: invalid number", + "ORA-01756: quoted string not properly terminated" + ], + "quote": [ + "ORA-01756: quoted string not properly terminated", + "ORA-00933: SQL command not properly ended" + ], + "union": [ + "ORA-01789: query block has incorrect number of result columns", + "ORA-01790: expression must have same datatype as corresponding expression" + ], + "boolean": [ + "ORA-00933: SQL command not properly ended", + "ORA-00920: invalid relational operator" + ] + }, + "sqlite": { + "generic": [ + "near \"1\": syntax error", + "no such column: {column}", + "no such table: {table}", + "unrecognized token: \"'\"", + "incomplete input" + ], + "quote": [ + "unrecognized token: \"'\"", + "incomplete input", + "near \"'\": syntax error" + ], + "union": [ + "SELECTs to the left and right of UNION do not have the same number of result columns" + ] + }, + "mongodb": { + "generic": [ + "MongoError: Can't canonicalize query: BadValue unknown operator: $where", + "MongoError: Failed to parse: { $where: \"this.{column} == '1'\" }", + "SyntaxError: unterminated string literal", + "MongoError: exception: invalid operator: $gt" + ], + "quote": [ + "SyntaxError: unterminated string literal", + "SyntaxError: missing } after property list" + ], + "command": [ + "MongoError: $where is not allowed in this context", + "MongoError: can't eval: security" + ] + } + }, + "attack_patterns": { + "path_traversal": "\\.\\.", + "sql_injection": "('|\"|`|--|#|/\\*|\\*/|\\bunion\\b|\\bunion\\s+select\\b|\\bor\\b.*=.*|\\band\\b.*=.*|'.*or.*'.*=.*'|\\bsleep\\b|\\bwaitfor\\b|\\bdelay\\b|\\bbenchmark\\b|;.*select|;.*drop|;.*insert|;.*update|;.*delete|\\bexec\\b|\\bexecute\\b|\\bxp_cmdshell\\b|information_schema|table_schema|table_name)", + "xss_attempt": "(