Version 1.1.1 (Improvements)

Improved config functionality
Fixed crawling changing settings
Fixed automatic imports
Added warning for new python versions

A minor update with simple improvements and fixes

core/channel.py

@@ -3,7 +3,6 @@
 from utils.loggers import log
 from urllib import parse
 from copy import deepcopy
-import utils.config
 from utils.random_agent import get_agent
 
 
@@ -177,7 +176,7 @@ def req(self, injection):
                 result = ""
             else:
                 raise
-        if utils.config.log_response:
+        if self.args.get("log_response", False):
             log.debug(f"< {result}")
         return result
 

core/interactive.py

@@ -204,8 +204,9 @@ def do_run(self, line):
                     for url in urls:
                         print()
                         log.log(23, f'Scanning url: {url}')
-                        self.sstimap_options['url'] = url
-                        self.channel = Channel(self.sstimap_options)
+                        url_options = self.sstimap_options.copy()
+                        url_options['url'] = url
+                        self.channel = Channel(url_options)
                         self.current_plugin = checks.check_template_injection(self.channel)
                         if self.channel.data.get('engine'):
                             break  # TODO: save vulnerabilities
@@ -218,10 +219,11 @@ def do_run(self, line):
                     for form in forms:
                         print()
                         log.log(23, f'Scanning form with url: {form[0]}')
-                        self.sstimap_options['url'] = form[0]
-                        self.sstimap_options['method'] = form[1]
-                        self.sstimap_options['data'] = parse.parse_qs(form[2], keep_blank_values=True)
-                        self.channel = Channel(self.sstimap_options)
+                        url_options = self.sstimap_options.copy()
+                        url_options['url'] = form[0]
+                        url_options['method'] = form[1]
+                        url_options['data'] = parse.parse_qs(form[2], keep_blank_values=True)
+                        self.channel = Channel(url_options)
                         self.current_plugin = checks.check_template_injection(self.channel)
                         if self.channel.data.get('engine'):
                             break  # TODO: save vulnerabilities

core/plugin.py

@@ -8,7 +8,6 @@
 import threading
 import time
 import sys
-import utils.config
 
 loaded_plugins = {}
 
@@ -54,7 +53,7 @@ def __init__(self, channel):
         self.render_req_tm = collections.deque([0.5], maxlen=5)
         # The delay fortime-based blind injection. This will be added 
         # to the average response time for render values.
-        self.tm_delay = utils.config.time_based_blind_delay
+        self.tm_delay = self.channel.args.get('time_based_blind_delay', 4)
         # Declare object attributes
         self.actions = {}
         self.contexts = []

sstimap.py

@@ -3,6 +3,8 @@
 if sys.version_info.major != 3 or sys.version_info.minor < 6:
     print('\033[91m[!]\033[0m SSTImap was created for Python3.6 and above. Python'+str(sys.version_info.major)+'.'+str(sys.version_info.minor)+' is not supported!')
     sys.exit()
+if sys.version_info.minor > 11:
+    print('\033[33m[!]\033[0m This version of SSTImap was not tested with Python3.'+str(sys.version_info.minor))
 import urllib
 import importlib
 import os
@@ -12,14 +14,16 @@
 from core.interactive import InteractiveShell
 from utils.loggers import log
 from utils.crawler import crawl, find_page_forms
+from utils.config import config_args
 import traceback
 
 
-version = '1.1.0'
+version = '1.1.1'
 
 
 def main():
     args = vars(cliparser.options)
+    args = config_args(args)
     args['version'] = version
     if not (args['url'] or args['interactive']):
         # no target specified
@@ -40,8 +44,9 @@ def main():
             for url in urls:
                 print()
                 log.log(23, f'Scanning url: {url}')
-                args['url'] = url
-                channel = Channel(args)
+                url_args = args.copy()
+                url_args['url'] = url
+                channel = Channel(url_args)
                 checks.check_template_injection(channel)
                 if channel.data.get('engine'):
                     break  # TODO: save vulnerabilities
@@ -52,10 +57,11 @@ def main():
             for form in forms:
                 print()
                 log.log(23, f'Scanning form with url: {form[0]}')
-                args['url'] = form[0]
-                args['method'] = form[1]
-                args['data'] = urllib.parse.parse_qs(form[2], keep_blank_values=True)
-                channel = Channel(args)
+                url_args = args.copy()
+                url_args['url'] = form[0]
+                url_args['method'] = form[1]
+                url_args['data'] = urllib.parse.parse_qs(form[2], keep_blank_values=True)
+                channel = Channel(url_args)
                 checks.check_template_injection(channel)
                 if channel.data.get('engine'):
                     break  # TODO: save vulnerabilities
@@ -68,10 +74,10 @@ def main():
 
 def load_plugins():
     importlib.invalidate_caches()
-    groups = os.scandir("plugins")
+    groups = os.scandir(f"{sys.path[0]}/plugins")
     groups = filter(lambda x: x.is_dir(), groups)
     for g in groups:
-        modules = os.scandir(f"plugins/{g.name}")
+        modules = os.scandir(f"{sys.path[0]}/plugins/{g.name}")
         modules = filter(lambda x: (x.name.endswith(".py") and not x.name.startswith("_")), modules)
         for m in modules:
             importlib.import_module(f"plugins.{g.name}.{m.name[:-3]}")

utils/cliparser.py

@@ -34,15 +34,15 @@ def banner():
 target.add_argument("-i", "--interactive", action="store_true", dest="interactive",
                     help="Run SSTImap in interactive mode")
 target.add_argument("-c", "--crawl", dest="crawl_depth", type=int,
-                    help="Depth to crawl (default/0: don't crawl)", default=0)
+                    help="Depth to crawl (default/0: don't crawl)")
 target.add_argument("-f", "--forms", action="store_true", dest="forms",
                     help="Scan page(s) for forms")
 
 
 request = parser.add_argument_group(title="request", description="These options can specify how to connect to the "
                                                                  "target URL and add possible attack vectors")
 request.add_argument("-M", "--marker", dest="marker",
-                     help="Use string as injection marker (default '*')", default='*')
+                     help="Use string as injection marker (default '*')")
 request.add_argument("-d", "--data", action="append", dest="data",
                      help="POST data param to send (e.g. 'param=value') [Stackable]", default=[])
 request.add_argument("-H", "--header", action="append", dest="headers", metavar="HEADER",
@@ -63,18 +63,18 @@ def banner():
 
 detection = parser.add_argument_group(title="detection",
                                       description="These options can be used to customize the detection phase.")
-detection.add_argument("-l", "--level", dest="level", type=int, default=1,
+detection.add_argument("-l", "--level", dest="level", type=int,
                        help="Level of escaping to perform (1-5, Default: 1)")
 detection.add_argument("-L", "--force-level", dest="force_level", metavar=("LEVEL", "CLEVEL",),
                        help="Force a LEVEL and CLEVEL to test", nargs=2)
 detection.add_argument("-e", "--engine", dest="engine",
                        help="Check only this backend template engine")
 detection.add_argument("-r", "--technique", dest="technique",
-                       help="Techniques R(endered) T(ime-based blind). Default: RT", default="RT")
+                       help="Techniques R(endered) T(ime-based blind). Default: RT")
 detection.add_argument("-P", "--legacy", "--legacy-payloads", dest="legacy", action="store_true",
                        help="Include old payloads, that no longer work with newer versions of the engines")
 detection.add_argument("--crawl-exclude", dest="crawl_exclude", help="Regex in URLs to not crawl")
-detection.add_argument("--crawl-domains", dest="crawl_domains", default="S",
+detection.add_argument("--crawl-domains", dest="crawl_domains",
                        help="Crawl other domains: Y(es) / S(ubdomains) / N(o). Default: S")
 
 

utils/config.py

@@ -1,22 +1,47 @@
 import os
+import sys
 import json
 
+defaults = {
+    "crawl_depth": 0,
+    "marker": '*',
+    "level": 1,
+    "technique": "RT",
+    "crawl_domains": "S",
+    "log_response": False,
+    "time_based_blind_delay": 4
+}
 config = {}
-
-config_folder = os.path.dirname(os.path.realpath(__file__))
+user_config = {}
 
 # TODO: fix this
-with open(config_folder + "/../config.json", 'r') as stream:
+with open(f"{sys.path[0]}/config.json", 'r') as stream:
     try:
         config = json.load(stream)
     except json.JSONDecodeError as e:
         print(f'[!][config] {e}')
 
 base_path = os.path.expanduser(config.get("base_path", "~/.sstimap/"))
-log_response = config.get("log_response", False)
-time_based_blind_delay = config.get("time_based_blind_delay", 4)
-
 if not os.path.isdir(base_path):
     os.makedirs(base_path)
 
+if os.path.exists(f"{base_path}/config.json"):
+    with open(f"{base_path}/config.json", 'r') as stream:
+        try:
+            user_config = json.load(stream)
+        except json.JSONDecodeError as e:
+            print(f'[!][user config] {e}')
+
+
+def config_update(base, added):
+    for i in added:
+        if added[i] is not None or i not in base:
+            base[i] = added[i]
+
 
+def config_args(args):
+    res = defaults.copy()
+    config_update(res, config)
+    config_update(res, user_config)
+    config_update(res, args)
+    return res