From beb98140b3d7c8f817becba19b62dce8b7a3f90a Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Fri, 8 Apr 2011 14:34:00 +0000 Subject: [PATCH] Minor improvement to --check-payload --- lib/utils/checkpayload.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/utils/checkpayload.py b/lib/utils/checkpayload.py index cfa420312..888a6e349 100644 --- a/lib/utils/checkpayload.py +++ b/lib/utils/checkpayload.py @@ -16,7 +16,6 @@ from lib.core.data import conf from lib.core.data import paths from lib.core.data import logger - rules = None def __adjustGrammar(string): @@ -36,6 +35,7 @@ def checkPayload(payload): global rules + detected = False payload = urldecode(payload) if not rules: @@ -50,5 +50,10 @@ def checkPayload(payload): if payload: for rule, desc in rules: regObj = getCompiledRegex(rule) + if regObj.search(payload): + detected = True logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload)) + + if not detected: + logger.warn("payload '%s' possibly gone undetected" % payload)