Skip to content

Commit c9e0cf4

Browse files
kiannaquineskiannaquines
committed
feat: implement URL scraper and CSV export functionality
1 parent 0545c81 commit c9e0cf4

17 files changed

+754163
-484
lines changed

.ipynb_checkpoints/merge_data-checkpoint.ipynb

Lines changed: 425 additions & 2 deletions
Large diffs are not rendered by default.

.ipynb_checkpoints/step_2_testing-checkpoint.ipynb

Lines changed: 54 additions & 94 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
},
1414
{
1515
"cell_type": "code",
16-
"execution_count": 97,
16+
"execution_count": 114,
1717
"id": "177c5877-9478-459f-968d-9d3c6c0b7bb7",
1818
"metadata": {},
1919
"outputs": [],
@@ -60,14 +60,13 @@
6060
" for entry in payload:\n",
6161
" decoded_entry = self.try_decode_per_field(entry)\n",
6262
" results_payload.append(decoded_entry)\n",
63-
" print(results_payload)\n",
6463
" parsed_payload = self.parse_payload(results_payload)\n",
6564
" return self.predictor.predict(parsed_payload)"
6665
]
6766
},
6867
{
6968
"cell_type": "code",
70-
"execution_count": 98,
69+
"execution_count": 115,
7170
"id": "7f7f5b2d-1c0e-4948-951c-5923b7aca62d",
7271
"metadata": {},
7372
"outputs": [],
@@ -77,18 +76,10 @@
7776
},
7877
{
7978
"cell_type": "code",
80-
"execution_count": 106,
79+
"execution_count": 118,
8180
"id": "e2461ea7-5879-420c-94c3-0b643fb45185",
8281
"metadata": {},
83-
"outputs": [
84-
{
85-
"name": "stdout",
86-
"output_type": "stream",
87-
"text": [
88-
"[\"username=admin' OR '1'='1&password=pass&submit=true\", \"username=kiannaquines&password=password@1234&is_admin=true&submit=true' OR '1' = '1 --\", \"username=admin' OR '1'='1' -- &password=pass&submit=true\", \"username=admin' UNION SELECT null, username, password FROM users -- &password=pass&submit=true\", \"username=admin' AND 1=CONVERT(int, (SELECT @@version)) -- &password=pass&submit=true\", \"username=admin' AND (SELECT COUNT(*) FROM users) > 0 -- &password=pass&submit=true\", \"username=kiannaquines&password=<script>alert('XSS')</script>&submit=true\", \"username=test&password=<svg/onload=alert('XSS')>&submit=true\", 'username=attacker&password=\" onmouseover=alert(\\'XSS\\')&submit=true', \"username=<img src=x onerror=alert('XSS')>&password=test&submit=true\", 'username=kiannaquines&password=password@1234567890&is_admin=true&submit=true; rm -rf /', 'username=root&password=password&submit=true; ls -la', 'username=admin&password=pass&submit=true; cat /etc/passwd', 'username=test&password=1234 | whoami&submit=true', 'username=guest&password=abcd; echo hacked > /tmp/hack.txt&submit=true', 'username=kiannaquines&password=password@0987689&is_admin=false&submit=true', 'username=johndoe&password=securepassword123&submit=true', 'username=alice&password=alice123&is_admin=false&submit=true', 'username=alice&password=alice123&is_admin=false&submit=16416fdf-1f67-4626-ad53-fe140366b8eb', 'username=alice&password=alice:123456789&submit=true', 'username=admin&password=admin&submit=true&file=../../../../etc/passwd', 'username=user&password=pass&file=../../../../../../../windows/system32/cmd.exe', 'img_path=../../../../../../etc/passwd', 'image_path=/images/profile.png', 'image_path=/images/profile.png', 'image_path=/assets/logo.svg', 'image_path=/uploads/user123/avatar.jpg', 'api_path=/api/v1/users', 'api_path=/api/v1/users/123', 'api_path=/api/v1/posts?limit=10&page=2', 'api_path=/api/v1/auth/login', 'page_path=/home', 'page_path=/about', 'page_path=/contact', 'page_path=/dashboard', 'action_path=/user/settings', 'action_path=/user/profile', 'action_path=/user/notifications', 'action_path=/user/logout', 'product_path=/products/item123', 'product_path=/shop/categories/electronics', 'cart_path=/cart/checkout', 'order_path=/orders/98765', 'blog_path=/blog/how-to-secure-your-app', 'blog_path=/news/latest-updates', 'docs_path=/docs/getting-started', 'help_path=/help/faqs', 'admin_path=/admin/dashboard', 'admin_path=/admin/users', 'admin_path=/admin/settings', 'search_path=/search?q=nextjs+authentication', 'filter_path=/products?category=shoes&price_range=50-100']\n"
89-
]
90-
}
91-
],
82+
"outputs": [],
9283
"source": [
9384
"payloads = [\n",
9485
" # SQL Injection\n",
@@ -100,103 +91,71 @@
10091
" \"username=admin' AND (SELECT COUNT(*) FROM users) > 0 -- &password=pass&submit=true\",\n",
10192
"\n",
10293
" # XSS\n",
103-
" \"username=kiannaquines&password=<script>alert('XSS')</script>&submit=true\",\n",
104-
" \"username=test&password=<svg/onload=alert('XSS')>&submit=true\",\n",
105-
" \"username=attacker&password=\\\" onmouseover=alert('XSS')&submit=true\",\n",
106-
" \"username=<img src=x onerror=alert('XSS')>&password=test&submit=true\",\n",
94+
" # \"username=kiannaquines&password=<script>alert('XSS')</script>&submit=true\",\n",
95+
" # \"username=test&password=<svg/onload=alert('XSS')>&submit=true\",\n",
96+
" # \"username=attacker&password=\\\" onmouseover=alert('XSS')&submit=true\",\n",
97+
" # \"username=<img src=x onerror=alert('XSS')>&password=test&submit=true\",\n",
10798
"\n",
10899
" # Command Injection\n",
109-
" \"username=kiannaquines&password=password@1234567890&is_admin=true&submit=true; rm -rf /\",\n",
110-
" \"username=root&password=password&submit=true; ls -la\",\n",
111-
" \"username=admin&password=pass&submit=true; cat /etc/passwd\",\n",
112-
" \"username=test&password=1234 | whoami&submit=true\",\n",
113-
" \"username=guest&password=abcd; echo hacked > /tmp/hack.txt&submit=true\",\n",
100+
" # \"username=kiannaquines&password=password@1234567890&is_admin=true&submit=true; rm -rf /\",\n",
101+
" # \"username=root&password=password&submit=true; ls -la\",\n",
102+
" # \"username=admin&password=pass&submit=true; cat /etc/passwd\",\n",
103+
" # \"username=test&password=1234 | whoami&submit=true\",\n",
104+
" # \"username=guest&password=abcd; echo hacked > /tmp/hack.txt&submit=true\",\n",
114105
"\n",
115106
" # No Attack (Control Cases)\n",
116-
" \"username=kiannaquines&password=password@0987689&is_admin=false&submit=true\",\n",
117-
" \"username=johndoe&password=securepassword123&submit=true\",\n",
118-
" \"username=alice&password=alice123&is_admin=false&submit=true\",\n",
107+
" # \"username=kiannaquines&password=password@0987689&is_admin=false&submit=true\",\n",
108+
" # \"username=johndoe&password=securepassword123&submit=true\",\n",
109+
" # \"username=alice&password=alice123&is_admin=false&submit=true\",\n",
119110
" \n",
120111
" # Base64 Encoded (Valid)\n",
121-
" \"username=alice&password=alice123&is_admin=false&submit=VkZaU1drMUZNVlZYYlRGaFVqRnNNRlJXWkZwTmF6VTFUVVJDVDJGcmEzbFVSbVJIWVRBMVZWUllVbUZpVmxZMFZHdFNRbVZyTlhGWGJXeFFVakZhY0E9PQ==\",\n",
122-
" \"username=alice&password=YWxpY2U6MTIzNDU2Nzg5&submit=true\",\n",
112+
" # \"username=alice&password=alice123&is_admin=false&submit=VkZaU1drMUZNVlZYYlRGaFVqRnNNRlJXWkZwTmF6VTFUVVJDVDJGcmEzbFVSbVJIWVRBMVZWUllVbUZpVmxZMFZHdFNRbVZyTlhGWGJXeFFVakZhY0E9PQ==\",\n",
113+
" # \"username=alice&password=YWxpY2U6MTIzNDU2Nzg5&submit=true\",\n",
123114
"\n",
124115
" # Path Traversal\n",
125-
" \"username=admin&password=admin&submit=true&file=../../../../etc/passwd\",\n",
126-
" \"username=user&password=pass&file=../../../../../../../windows/system32/cmd.exe\",\n",
127-
" \"img_path=../../../../../../etc/passwd\",\n",
116+
" # \"username=admin&password=admin&submit=true&file=../../../../etc/passwd\",\n",
117+
" # \"username=user&password=pass&file=../../../../../../../windows/system32/cmd.exe\",\n",
118+
" # \"img_path=../../../../../../etc/passwd\",\n",
128119
"\n",
129120
" # Valid Path\n",
130-
" \"image_path=/images/profile.png\",\n",
131-
" \"image_path=/images/profile.png\",\n",
132-
" \"image_path=/assets/logo.svg\",\n",
133-
" \"image_path=/uploads/user123/avatar.jpg\", \n",
134-
" \"api_path=/api/v1/users\",\n",
135-
" \"api_path=/api/v1/users/123\",\n",
136-
" \"api_path=/api/v1/posts?limit=10&page=2\",\n",
137-
" \"api_path=/api/v1/auth/login\", \n",
138-
" \"page_path=/home\",\n",
139-
" \"page_path=/about\",\n",
140-
" \"page_path=/contact\",\n",
141-
" \"page_path=/dashboard\",\n",
142-
" \"action_path=/user/settings\",\n",
143-
" \"action_path=/user/profile\",\n",
144-
" \"action_path=/user/notifications\",\n",
145-
" \"action_path=/user/logout\",\n",
146-
" \"product_path=/products/item123\",\n",
147-
" \"product_path=/shop/categories/electronics\",\n",
148-
" \"cart_path=/cart/checkout\",\n",
149-
" \"order_path=/orders/98765\",\n",
150-
" \"blog_path=/blog/how-to-secure-your-app\",\n",
151-
" \"blog_path=/news/latest-updates\",\n",
152-
" \"docs_path=/docs/getting-started\",\n",
153-
" \"help_path=/help/faqs\",\n",
154-
" \"admin_path=/admin/dashboard\",\n",
155-
" \"admin_path=/admin/users\",\n",
156-
" \"admin_path=/admin/settings\",\n",
157-
" \"search_path=/search?q=nextjs+authentication\",\n",
158-
" \"filter_path=/products?category=shoes&price_range=50-100\",\n",
159-
" \"/api/users\", \n",
160-
" \"/api/users/123\", \n",
161-
" \"/api/users/123/profile\", \n",
162-
" \"/api/users/123/settings\", \n",
163-
" \"/api/auth/login\", \n",
164-
" \"/api/auth/register\", \n",
165-
" \"/api/auth/logout\", \n",
166-
" \"/api/auth/refresh-token\", \n",
167-
" \"/api/products\", \n",
168-
" \"/api/products/456\", \n",
169-
" \"/api/products/categories\", \n",
170-
" \"/api/products?category=electronics&sort=price_desc\", \n",
171-
" \"/api/cart\", \n",
172-
" \"/api/cart/add\", \n",
173-
" \"/api/cart/remove\", \n",
174-
" \"/api/orders\", \n",
175-
" \"/api/orders/789\", \n",
176-
" \"/api/orders/789/status\", \n",
177-
" \"/api/blog\", \n",
178-
" \"/api/blog/555\", \n",
179-
" \"/api/blog/categories\", \n",
180-
" \"/api/blog/author/123\", \n",
181-
" \"/api/admin/dashboard\", \n",
182-
" \"/api/admin/users\", \n",
183-
" \"/api/admin/orders\", \n",
184-
" \"/api/admin/products\", \n",
185-
" \"/api/search?q=laptop\", \n",
186-
" \"/api/search/users?q=johndoe\", \n",
187-
" \"/api/search/products?q=smartphone\", \n",
188-
" \"/api/notifications\", \n",
189-
" \"/api/settings\", \n",
190-
" \"/api/version\", \n",
191-
" \"/api/status\", \n",
121+
" # \"image_path=/images/profile.png\",\n",
122+
" # \"image_path=/images/profile.png\",\n",
123+
" # \"image_path=/assets/logo.svg\",\n",
124+
" # \"image_path=/uploads/user123/avatar.jpg\", \n",
125+
" # \"api_path=/api/v1/users\",\n",
126+
" # \"api_path=/api/v1/users/123\",\n",
127+
" # \"api_path=/api/v1/posts?limit=10&page=2\",\n",
128+
" # \"api_path=/api/v1/auth/login\", \n",
129+
" # \"page_path=/home\",\n",
130+
" # \"page_path=/about\",\n",
131+
" # \"page_path=/contact\",\n",
132+
" # \"page_path=/dashboard\",\n",
133+
" # \"action_path=/user/settings\",\n",
134+
" # \"action_path=/user/profile\",\n",
135+
" # \"action_path=/user/notifications\",\n",
136+
" # \"action_path=/user/logout\",\n",
137+
" # \"product_path=/products/item123\",\n",
138+
" # \"product_path=/shop/categories/electronics\",\n",
139+
" # \"cart_path=/cart/checkout\",\n",
140+
" # \"order_path=/orders/98765\",\n",
141+
" # \"blog_path=/blog/how-to-secure-your-app\",\n",
142+
" # \"blog_path=/news/latest-updates\",\n",
143+
" # \"docs_path=/docs/getting-started\",\n",
144+
" # \"help_path=/help/faqs\",\n",
145+
" # \"admin_path=/admin/dashboard\",\n",
146+
" # \"admin_path=/admin/users\",\n",
147+
" # \"admin_path=/admin/settings\",\n",
148+
" # \"search_path=/search?q=nextjs+authentication\",\n",
149+
" # \"filter_path=/products?category=shoes&price_range=50-100\",\n",
150+
" # \"admin_path=/api/users\", \n",
192151
"]\n",
193152
"\n",
194153
"result = waf.predict(payloads)"
195154
]
196155
},
197156
{
198157
"cell_type": "code",
199-
"execution_count": 107,
158+
"execution_count": 119,
200159
"id": "4556235b-9452-47b3-97db-220786cd9767",
201160
"metadata": {},
202161
"outputs": [
@@ -209,7 +168,8 @@
209168
" 'path-traversal' 'path-traversal' 'path-traversal' 'valid' 'valid'\n",
210169
" 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid'\n",
211170
" 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid'\n",
212-
" 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid']\n"
171+
" 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid' 'valid'\n",
172+
" 'valid']\n"
213173
]
214174
}
215175
],

0 commit comments

Comments
 (0)