Class: Watobo::Plugin::Catalog::Check

Inherits:

Object
Session
ActiveCheck
Watobo::Plugin::Catalog::Check

Defined in:: plugins/catalog/catalog.rb

Constant Summary

Constants included from Constants

Instance Attribute Summary collapse

#db_files ⇒ Object writeonly

Sets the attribute db_files.
#path ⇒ Object writeonly

Sets the attribute path.
#var_files ⇒ Object writeonly

Sets the attribute var_files.

Attributes inherited from ActiveCheck

#info, #numChecks

Instance Method Summary collapse

#generateChecks(chat) ⇒ Object
#initialize(project) ⇒ Check constructor

A new instance of Check.
#loadChecks(path) ⇒ Object
#loadDBFiles(path, *opts) ⇒ Object
#loadVars(path) ⇒ Object
#reset ⇒ Object

Methods inherited from ActiveCheck

#addFinding, #cancel, #checksRunning?, #continue, #disable, #do_test, #enable, #enabled=, #enabled?, #fileExists?, #getCheckCount, #maxChecks, #maxChecks=, #postParmNames, #resetCounters, #run_checks, #stop, #updateCounters, #urlParmNames, #waitLogin

Methods inherited from Session

#addProxy, #clearEvents, #doRequest, #getProxy, #get_settings, #notify, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache, #subscribe

Constructor Details

#initialize(project) ⇒ `Check`

Returns a new instance of Check.

# File 'plugins/catalog/catalog.rb', line 123

def initialize(project)
  super(project, project.getScanPreferences())

  @info.update(
  :check_name => 'Catalog-Scan',    # name of check which briefly describes functionality, will be used for tree and progress views
  :description => "Using catalog databases for testing the web application.",   # description of checkfunction
  :author => "Andreas Schmidt", # author of check
  :version => "1.0"   # check version
  )

  @finding.update(
  :threat => 'catalog db finding',        # thread of vulnerability, e.g. loss of information
  :class => "Catalog",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
  :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
  :rating => VULN_RATING_LOW
  )

  @path = nil

  @dbvars = Hash.new

  @catalog_checks = []

  @db_files = %w( db_tests )
  @var_files = %w( db_variables )

  @threat_list = [ "File Upload", "Interesting File", "Misconfiguration", "Information Disclosure", "Injection (XSS/Script/HTML)",
    "Remote File Retrieval", "Denial of Service", "Remote File Retrieval", "Command Execution", "SQL Injection",
    "Authentication Bypass", "Software Identification", "Remote source inclusion" ]

end

Instance Attribute Details

#db_files=(value) ⇒ `Object` (writeonly)

Sets the attribute db_files

Parameters:

value —

the value to set the attribute db_files to.



27
28
29

# File 'plugins/catalog/catalog.rb', line 27

def db_files=(value)
  @db_files = value
end

#path=(value) ⇒ `Object` (writeonly)

Sets the attribute path

Parameters:

value —

the value to set the attribute path to.



29
30
31

# File 'plugins/catalog/catalog.rb', line 29

def path=(value)
  @path = value
end

#var_files=(value) ⇒ `Object` (writeonly)

Sets the attribute var_files

Parameters:

value —

the value to set the attribute var_files to.



28
29
30

# File 'plugins/catalog/catalog.rb', line 28

def var_files=(value)
  @var_files = value
end

Instance Method Details

#generateChecks(chat) ⇒ `Object`

# File 'plugins/catalog/catalog.rb', line 159

def generateChecks(chat)
  begin
    loadChecks(@path) do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers|

      checker = proc {
        test_request = nil
        test_response = nil
        # !!! ATTENTION !!!
        # MAKE COPY BEFORE MODIFIYING REQUEST
        test = chat.copyRequest
        test.replaceFileExt(uri.gsub(/^\//,''))

        if method !~ /get/i then
          test.replaceMethod(method)
        end

        if method =~ /post/i then
          test.addHeader("Content-Length", "0")
        end

        status, test_request, test_response = fileExists?(test, :default => true)
        # puts "[#{status}] - #{test_request.url}"
        unless test_request.nil? or test_response.nil? then
          test_result = false
          response = test_response.join
          if status == true

            if ( ( match != "" and response =~ /#{Regexp.quote(match)}/i) or ( or_match != "" and response =~ /#{Regexp.quote(or_match)}/i )) then
              test_result = true
              if and_match != "" then
                test_result = false
                test_result = true if response =~ /#{Regexp.quote(and_match)}/i

              end
            end
            test_result = false if fail != "" and response =~ /#{Regexp.quote(fail)}/i
            test_result = false if or_fail != "" and response =~ /#{Regexp.quote(or_fail)}/i

            # test_chat = Chat.new(test_request, test_response, chat.id)

            if test_result then
              #  path = test_request.url.gsub(/#{uri}/,"")
              path = test_request.path
              addFinding(  test_request, test_response,
              :test_item => uri,
              :proof_pattern => "#{Regexp.quote(match)}",
              :check_pattern => "#{Regexp.quote(uri)}",
              :chat => chat,
              :threat => "#{summary}",
              :title => "[#{uri}] - #{path}"

              )

            end
          end
        end

        # notify(:db_finished)
        [ test_request, test_response ]
      }
      yield checker
    end
  rescue => bang
    puts "!error in module #{Module.nesting[0].name}"
    puts bang
  end
end

#loadChecks(path) ⇒ `Object`

# File 'plugins/catalog/catalog.rb', line 87

def loadChecks(path)
  begin
    puts "=== Initialize Catalog Scanner ==="
    loadVars(path)
    loadDBFiles(path)
    # setup regex
    dummy = []
    pattern = nil
    count = 0
    @dbvars.each_key do |k| dummy << k; end
    pattern = "(#{dummy.join("|")})" if dummy.length > 0
    @catalog_checks.each do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers|

      if pattern and uri =~ /(#{pattern})/
        key = $1
        #puts "+ found var key: #{key}"
        @dbvars[key].each do |v|
          # puts "--#{v}"
          new_uri = uri.gsub(/#{key}/, v)
          #count += 1
          #print "\r[Plugin] Total Checks. #{count}          "
          yield dbid, osvdb, threat, new_uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers
        end
      else
        #count += 1
        #print "\r[Plugin] Total Checks. #{count}          "
        yield dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers
      end
    end
    #puts "[Plugin] Total Checks. #{count}"
  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#loadDBFiles(path, *opts) ⇒ `Object`

# File 'plugins/catalog/catalog.rb', line 56

def loadDBFiles(path, *opts)
  dbpath = Dir.getwd
  dbpath = path if not path.nil?
  @catalog_checks.clear

  @db_files.each do |file|
    # puts "* loading db file #{file}.."
    fname = File.join( dbpath, file)
    if File.exists?(fname)
      File.open(fname) { |fh|
        fh.each do |line|

          next if line.strip =~ /^#/
          # puts "+ #{line}"
          fields = line.split("\",")
          fields.map!{ |f| f.gsub!(/^"/,'') }
          fields.first.gsub!(/^\"/,"")
          fields.last.gsub!(/\"?/,"")
          #  puts fields.join(" : ")
          #   puts "*" + fields.length.to_s
          #  gets
          @catalog_checks.push fields
        end
      }
      # puts "* db checks total: #{@catalog_checks.length}"
    else
      puts "* file (#{fname}) does not exist. Please check path and name."
    end
  end
end

#loadVars(path) ⇒ `Object`

# File 'plugins/catalog/catalog.rb', line 31

def loadVars(path)
  dbpath = Dir.getwd
  dbpath = path if not path.nil?
  @dbvars.clear
  @var_files.each do |file|
    # puts "* loading var-file #{file}"
    fname = File.join( dbpath, file)
    if File.exists?(fname)
      File.open(fname) { |fh|
        fh.each do |line|
          if line.strip =~ /^[^#]/ and line =~ /=/
            key,vars = line.split("=")
            key.strip!

            @dbvars[key] = vars.strip.split(" ")
          end
        end
      }
    else
      puts "* file (#{fname}) does not exist. Please check path and name."
    end
    # puts "* db vars total: #{@dbvars.length}"
  end
end

#reset ⇒ `Object`



155
156
157

# File 'plugins/catalog/catalog.rb', line 155

def reset()
  @catalog_checks.clear
end

Class: Watobo::Plugin::Catalog::Check

Constant Summary

Constants included from Constants

Instance Attribute Summary collapse

Attributes inherited from ActiveCheck

Instance Method Summary collapse

Methods inherited from ActiveCheck

Methods inherited from Session

Constructor Details

#initialize(project) ⇒ Check

Instance Attribute Details

#db_files=(value) ⇒ Object (writeonly)

#path=(value) ⇒ Object (writeonly)

#var_files=(value) ⇒ Object (writeonly)

Instance Method Details

#generateChecks(chat) ⇒ Object

#loadChecks(path) ⇒ Object

#loadDBFiles(path, *opts) ⇒ Object

#loadVars(path) ⇒ Object

#reset ⇒ Object

#initialize(project) ⇒ `Check`

#db_files=(value) ⇒ `Object` (writeonly)

#path=(value) ⇒ `Object` (writeonly)

#var_files=(value) ⇒ `Object` (writeonly)

#generateChecks(chat) ⇒ `Object`

#loadChecks(path) ⇒ `Object`

#loadDBFiles(path, *opts) ⇒ `Object`

#loadVars(path) ⇒ `Object`

#reset ⇒ `Object`