Minor update regarding checking injection technique(s) status.

commixproject · Dec 7, 2023 · 879420c · 879420c
1 parent ddcf515
commit 879420c
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 36 deletions.
diff --git a/src/core/injections/controller/checks.py b/src/core/injections/controller/checks.py
@@ -56,6 +56,15 @@
   except:
     settings.READLINE_ERROR = True
 
+"""
+Check injection technique(s) status.
+"""
+def injection_techniques_status():
+  if settings.CLASSIC_STATE != True and settings.EVAL_BASED_STATE != True and settings.TIME_BASED_STATE != True and settings.FILE_BASED_STATE != True:
+    return False
+  else:
+    return True
+
 """
 Check for custom injection marker (*)
 """

diff --git a/src/core/injections/controller/controller.py b/src/core/injections/controller/controller.py
@@ -369,7 +369,7 @@ def injection_proccess(url, check_parameter, http_request_method, filename, time
       filebased_command_injection_technique(url, timesec, filename, http_request_method, url_time_response)
 
     # All injection techniques seems to be failed!
-    if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False :
+    if checks.injection_techniques_status() == False:
       warn_msg = "The tested"
       if header_name != " cookie" and the_type != " HTTP header":
         warn_msg += " " + str(http_request_method) + ""
@@ -758,45 +758,42 @@ def do_check(url, http_request_method, filename):
               pass
     else:
       perform_checks(url, http_request_method, filename)
-
+      
     # All injection techniques seems to be failed!
-    if settings.CLASSIC_STATE == settings.EVAL_BASED_STATE == settings.TIME_BASED_STATE == settings.FILE_BASED_STATE == False :
-      if settings.INJECTION_CHECKER == False and not settings.CHECK_BOTH_OS:
-        err_msg = "All tested parameters "
-        if menu.options.level > settings.COOKIE_INJECTION_LEVEL:
-          err_msg += "and HTTP headers "
-        err_msg += "appear to be not injectable."
-        if menu.options.level < settings.HTTP_HEADER_INJECTION_LEVEL :
-          err_msg += " Try to increase value for '--level' option"
-        if menu.options.skip_empty:
-          err_msg += " and/or remove option '--skip-empty'"
-        err_msg += " if you wish to perform more tests."
-        if settings.USER_SUPPLIED_TECHNIQUE or settings.SKIP_TECHNIQUES:
-          err_msg += " Rerun without providing the option "
-          if not settings.SKIP_TECHNIQUES :
-            err_msg += "'--technique'."
-          else:
-            err_msg += "'--skip-technique'."
-        err_msg += " If you suspect that there is some kind of protection mechanism involved, maybe you could try to"
-        if not menu.options.alter_shell :
-          err_msg += " use option '--alter-shell'"
+    if not settings.INJECTION_CHECKER:
+      err_msg = "All tested parameters "
+      if menu.options.level > settings.COOKIE_INJECTION_LEVEL:
+        err_msg += "and HTTP headers "
+      err_msg += "appear to be not injectable."
+      if menu.options.level < settings.HTTP_HEADER_INJECTION_LEVEL :
+        err_msg += " Try to increase value for '--level' option"
+      if menu.options.skip_empty:
+        err_msg += " and/or remove option '--skip-empty'"
+      err_msg += " if you wish to perform more tests."
+      if settings.USER_SUPPLIED_TECHNIQUE or settings.SKIP_TECHNIQUES:
+        err_msg += " Rerun without providing the option "
+        if not settings.SKIP_TECHNIQUES :
+          err_msg += "'--technique'."
         else:
-          err_msg += " remove option '--alter-shell'"
+          err_msg += "'--skip-technique'."
+      err_msg += " If you suspect that there is some kind of protection mechanism involved, maybe you could try to"
+      if not menu.options.alter_shell :
+        err_msg += " use option '--alter-shell'"
+      else:
+        err_msg += " remove option '--alter-shell'"
+      if not menu.options.tamper:
+        err_msg += " and/or use option '--tamper'"
+      if not menu.options.random_agent:
         if not menu.options.tamper:
-          err_msg += " and/or use option '--tamper'"
-        if not menu.options.random_agent:
-          if not menu.options.tamper:
-            err_msg += " and/or"
-          err_msg += " switch '--random-agent'"
-        err_msg += "."
-        if settings.MULTI_TARGETS:
-          err_msg += " Skipping to the next target."
-        print(settings.print_error_msg(err_msg))
+          err_msg += " and/or"
+        err_msg += " switch '--random-agent'"
+      err_msg += "."
+      if settings.MULTI_TARGETS:
+        err_msg += " Skipping to the next target."
+      print(settings.print_error_msg(err_msg))
     else:
       logs.print_logs_notification(filename, url)
-    # if not settings.MULTI_TARGETS:
-    #   print(settings.SINGLE_WHITESPACE)
-    if not settings.CHECK_BOTH_OS and not settings.MULTI_TARGETS:
+    if not settings.MULTI_TARGETS:
       common.show_http_error_codes()
       raise SystemExit()
 

diff --git a/src/utils/session_handler.py b/src/utils/session_handler.py
@@ -290,6 +290,7 @@ def notification(url, technique, injection_type):
         message += " injection point? [Y/n] > "
         settings.LOAD_SESSION = common.read_input(message, default="Y", check_batch=True)
         if settings.LOAD_SESSION in settings.CHOICE_YES:
+          settings.INJECTION_CHECKER = True
           return True
         elif settings.LOAD_SESSION in settings.CHOICE_NO:
           settings.LOAD_SESSION = False

diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -241,7 +241,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR  = "Anastasios Stasinopoulos"
 VERSION_NUM = "3.9"
-REVISION = "28"
+REVISION = "29"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE: