Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Development #9

Merged
merged 18 commits into from
Nov 12, 2023
Merged

Development #9

merged 18 commits into from
Nov 12, 2023

Conversation

mepley1
Copy link
Owner

@mepley1 mepley1 commented Nov 12, 2023

No description provided.

mepley1 added 18 commits November 6, 2023 05:18
@mepley1
Rename variables in snake_case
1b24990
@mepley1
Rename flashed message for readability.
f0aa8f3 
1. Rename message_a to top_reported_ip_message in reported_stats().
2. Add note about searching for other headers in proxy_connection_header_stats() docstring.
@mepley1
Test scripts
7e736f0
@mepley1
Detect PHP easter eggs, Jaws injection, more.
b5419e3 
1. Add php easter eggs detection rule.
2. Jaws IoT webserver command injection detection.
3. Extend generic injection rule to check POST request body.
4. Additional MISC_SOFTWARE_PROBE_PATHS.
5. Datadog headers detection.
6. Fix missing comma in PROGRAMMATIC_USER_AGENTS.
7. Include proxy-authorization in proxy headers rule; refactor using a list.
8. Detect 'Hello, world' user-agent associated with Mirai botnet activity.
@mepley1
Include headers in command injection detection.
270f595 
1. Include header values in command injection detection.
2. Add internet-measurement.com and gdnplus to RESEARCH_USER_AGENTS.
3. Misc comments
@mepley1
Test header command injection + proxy headers detection
af420f9
@mepley1
Misc comments
fd6ee51
@mepley1
Add "Sent proxy headers" link to nav bar
440a0b4
@mepley1
Use helper func to get IP, use requests_db variable for db connections.
b959920 
1. Use get_real_ip() to get remote IP, instead of repeating code.
2. Use variable requests_db in database connections, in place of repeating db filename.
3. Rename some variables to use snake_case.
4. Misc formatting + comments
@mepley1
add a wget line to INJECTION_SIGNATURES
1014fbd
@mepley1
Fix CSS filter() breaking nav menu in front of it.
5bead57 
1. Fix issue with opacity filter on .dim CSS class causing issues with dropdown menu in front of it; use a different color for .dim instead of filter().
@mepley1
Add BingBot to RESEARCH_USER_AGENTS
e98e122
@mepley1
Log hostname lookup failures at debug level; remove unnecessary newline
a0900e8
@mepley1
Log auth attempts via logging module instead of print statements
2db773e
@mepley1
Log requests for robots.txt+security.txt+favicon
6a95fa1
@mepley1
Add 2 UA's to PROGRAMMATIC_USER_AGENTS; add ipip.net to safe UAs.
f008fc9 
1. Add 'Offline Explorer' and misspelled 'Mozila' to PROGRAMMATIC_USER_AGENTS.
2. Add security.ipip.net scanner to RESEARCH_USER_AGENTS.
@mepley1
View functions for headers search, hostname stats.
46c6466 
1. Query for records with headers containing arbitrary string.
2. Hostname stats: query for records matching hostname + subdomains.
@mepley1
Escape data displayed on page. Link hostname to stats view function.
345c843 
1. Escape headers + query args + POST request body when displaying on page.
2. Hostname now links to hostname_stats() view function to search for matching records.
@mepley1 mepley1 merged commit 8973401 into main Nov 12, 2023
0 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mepley1