Class: Watobo::Plugin::Catalog::Check
- Inherits:
-
ActiveCheck
- Object
- Session
- ActiveCheck
- Watobo::Plugin::Catalog::Check
- Defined in:
- plugins/catalog/catalog.rb
Constant Summary
Constants included from Constants
Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED
Instance Attribute Summary collapse
-
#db_files ⇒ Object
writeonly
Sets the attribute db_files.
-
#path ⇒ Object
writeonly
Sets the attribute path.
-
#var_files ⇒ Object
writeonly
Sets the attribute var_files.
Attributes inherited from ActiveCheck
Instance Method Summary collapse
- #generateChecks(chat) ⇒ Object
-
#initialize(project) ⇒ Check
constructor
A new instance of Check.
- #loadChecks(path) ⇒ Object
- #loadDBFiles(path, *opts) ⇒ Object
- #loadVars(path) ⇒ Object
- #reset ⇒ Object
Methods inherited from ActiveCheck
#addFinding, #cancel, #checksRunning?, #continue, #disable, #do_test, #enable, #enabled=, #enabled?, #fileExists?, #getCheckCount, #maxChecks, #maxChecks=, #postParmNames, #resetCounters, #run_checks, #stop, #updateCounters, #urlParmNames, #waitLogin
Methods inherited from Session
#addProxy, #clearEvents, #doRequest, #getProxy, #get_settings, #notify, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache, #subscribe
Constructor Details
#initialize(project) ⇒ Check
Returns a new instance of Check.
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'plugins/catalog/catalog.rb', line 123 def initialize(project) super(project, project.getScanPreferences()) @info.update( :check_name => 'Catalog-Scan', # name of check which briefly describes functionality, will be used for tree and progress views :description => "Using catalog databases for testing the web application.", # description of checkfunction :author => "Andreas Schmidt", # author of check :version => "1.0" # check version ) @finding.update( :threat => 'catalog db finding', # thread of vulnerability, e.g. loss of information :class => "Catalog", # vulnerability class, e.g. Stored XSS, SQL-Injection, ... :type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN :rating => VULN_RATING_LOW ) @path = nil @dbvars = Hash.new @catalog_checks = [] @db_files = %w( db_tests ) @var_files = %w( db_variables ) @threat_list = [ "File Upload", "Interesting File", "Misconfiguration", "Information Disclosure", "Injection (XSS/Script/HTML)", "Remote File Retrieval", "Denial of Service", "Remote File Retrieval", "Command Execution", "SQL Injection", "Authentication Bypass", "Software Identification", "Remote source inclusion" ] end |
Instance Attribute Details
#db_files=(value) ⇒ Object (writeonly)
Sets the attribute db_files
27 28 29 |
# File 'plugins/catalog/catalog.rb', line 27 def db_files=(value) @db_files = value end |
#path=(value) ⇒ Object (writeonly)
Sets the attribute path
29 30 31 |
# File 'plugins/catalog/catalog.rb', line 29 def path=(value) @path = value end |
#var_files=(value) ⇒ Object (writeonly)
Sets the attribute var_files
28 29 30 |
# File 'plugins/catalog/catalog.rb', line 28 def var_files=(value) @var_files = value end |
Instance Method Details
#generateChecks(chat) ⇒ Object
159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 |
# File 'plugins/catalog/catalog.rb', line 159 def generateChecks(chat) begin loadChecks(@path) do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers| checker = proc { test_request = nil test_response = nil # !!! ATTENTION !!! # MAKE COPY BEFORE MODIFIYING REQUEST test = chat.copyRequest test.replaceFileExt(uri.gsub(/^\//,'')) if method !~ /get/i then test.replaceMethod(method) end if method =~ /post/i then test.addHeader("Content-Length", "0") end status, test_request, test_response = fileExists?(test, :default => true) # puts "[#{status}] - #{test_request.url}" unless test_request.nil? or test_response.nil? then test_result = false response = test_response.join if status == true if ( ( match != "" and response =~ /#{Regexp.quote(match)}/i) or ( or_match != "" and response =~ /#{Regexp.quote(or_match)}/i )) then test_result = true if and_match != "" then test_result = false test_result = true if response =~ /#{Regexp.quote(and_match)}/i end end test_result = false if fail != "" and response =~ /#{Regexp.quote(fail)}/i test_result = false if or_fail != "" and response =~ /#{Regexp.quote(or_fail)}/i # test_chat = Chat.new(test_request, test_response, chat.id) if test_result then # path = test_request.url.gsub(/#{uri}/,"") path = test_request.path addFinding( test_request, test_response, :test_item => uri, :proof_pattern => "#{Regexp.quote(match)}", :check_pattern => "#{Regexp.quote(uri)}", :chat => chat, :threat => "#{summary}", :title => "[#{uri}] - #{path}" ) end end end # notify(:db_finished) [ test_request, test_response ] } yield checker end rescue => bang puts "!error in module #{Module.nesting[0].name}" puts bang end end |
#loadChecks(path) ⇒ Object
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'plugins/catalog/catalog.rb', line 87 def loadChecks(path) begin puts "=== Initialize Catalog Scanner ===" loadVars(path) loadDBFiles(path) # setup regex dummy = [] pattern = nil count = 0 @dbvars.each_key do |k| dummy << k; end pattern = "(#{dummy.join("|")})" if dummy.length > 0 @catalog_checks.each do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers| if pattern and uri =~ /(#{pattern})/ key = $1 #puts "+ found var key: #{key}" @dbvars[key].each do |v| # puts "--#{v}" new_uri = uri.gsub(/#{key}/, v) #count += 1 #print "\r[Plugin] Total Checks. #{count} " yield dbid, osvdb, threat, new_uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers end else #count += 1 #print "\r[Plugin] Total Checks. #{count} " yield dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers end end #puts "[Plugin] Total Checks. #{count}" rescue => bang puts bang puts bang.backtrace if $DEBUG end end |
#loadDBFiles(path, *opts) ⇒ Object
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'plugins/catalog/catalog.rb', line 56 def loadDBFiles(path, *opts) dbpath = Dir.getwd dbpath = path if not path.nil? @catalog_checks.clear @db_files.each do |file| # puts "* loading db file #{file}.." fname = File.join( dbpath, file) if File.exists?(fname) File.open(fname) { |fh| fh.each do |line| next if line.strip =~ /^#/ # puts "+ #{line}" fields = line.split("\",") fields.map!{ |f| f.gsub!(/^"/,'') } fields.first.gsub!(/^\"/,"") fields.last.gsub!(/\"?/,"") # puts fields.join(" : ") # puts "*" + fields.length.to_s # gets @catalog_checks.push fields end } # puts "* db checks total: #{@catalog_checks.length}" else puts "* file (#{fname}) does not exist. Please check path and name." end end end |
#loadVars(path) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'plugins/catalog/catalog.rb', line 31 def loadVars(path) dbpath = Dir.getwd dbpath = path if not path.nil? @dbvars.clear @var_files.each do |file| # puts "* loading var-file #{file}" fname = File.join( dbpath, file) if File.exists?(fname) File.open(fname) { |fh| fh.each do |line| if line.strip =~ /^[^#]/ and line =~ /=/ key,vars = line.split("=") key.strip! @dbvars[key] = vars.strip.split(" ") end end } else puts "* file (#{fname}) does not exist. Please check path and name." end # puts "* db vars total: #{@dbvars.length}" end end |
#reset ⇒ Object
155 156 157 |
# File 'plugins/catalog/catalog.rb', line 155 def reset() @catalog_checks.clear end |