public bool Parse()
{
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", "Parse()");
Assembly a;
/* A way for loading XMLfile */
XPathNavigator nav;
XPathNavigator nav1;
XPathDocument docNav;
XPathNodeIterator NodeIter1;
String strExpression1;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", "ARACHNI Assembly location = " + a.Location);
/* Name of XML result */
string file;
file = string.Format("result_{0}_{1}.xml", DateTime.Now.Ticks, this.GetHashCode());
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} Results will be stored in file [{1}]", m_jobId, file));
/* SSH instructions & declarations */
//HARDCODED
int port = 22;
string address, username, password;
string prompt;
address = "192.168.1.2"; //TODO Hardcoded
username = "******";
password = "******";
prompt = "root"; //@backtrack:"; //Kali...
SshShell sshShell;
sshShell = new SshShell(address, username, password);
sshShell.RemoveTerminalEmulationCharacters = true;
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} Connecting to ARACHNI server at {1}", m_jobId, address));
try{
sshShell.Connect(port);
//sshShell.Expect(prompt+"~#");
sshShell.Expect(prompt);// + "~$");
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} ConnectingERROR to ARACHNI server at {1} : " + ex.Message + " " + ex.InnerException, m_jobId, address));
address = "192.168.1.2"; //TODO hardcoded
username = "******";
password = "******";
prompt = "root";//@backtrack:";
sshShell = new SshShell(address, username, password);
sshShell.RemoveTerminalEmulationCharacters = true;
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} Connecting to ARACHNI server at {1}", m_jobId, address));
try
{
sshShell.Connect(port);
sshShell.Expect(prompt);// + "~$");
}
catch (Exception ex2)
{
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} ConnectingERROR to ARACHNI server at {1} : " + ex2.Message + " " + ex2.InnerException, m_jobId, address));
}
}
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} Successfully connected to ARACHNI server", m_jobId));
//string output;
string stdout = "";
//string stderr = "";
/* Command 1 */
string cmd1;
/* See for provider m_model */
/* For an URL */
cmd1 = string.Format("arachni {1} --report='xml:outfile={2}'", m_policy, m_target, file);
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} Executing command [{1}]", m_jobId, cmd1));
sshShell.WriteLine(cmd1);
stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} START DUMP STDOUT01", m_jobId));
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", stdout);
string localOutputFile;
localOutputFile = Path.GetTempFileName();
// HACK :
// outputfile = "634244542240861588_39608125_output";
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("Downloading results via SFTP to [{0}]", localOutputFile));
try
{
Sftp ftp;
ftp = new Sftp(address, username, password);
ftp.OnTransferStart += new FileTransferEvent(ftp_OnTransferStart);
ftp.OnTransferProgress += new FileTransferEvent(ftp_OnTransferProgress);
ftp.OnTransferEnd += new FileTransferEvent(ftp_OnTransferEnd);
ftp.Connect(port);
ftp.Get("/" + file, localOutputFile);
ftp.Close();
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
return(false);
}
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", "Loading the xml document");
/* SAMPLE of XML structure
*
* <?xml version="
* <arachni_report>
* <title>...</title>
* <generated_on>...</generated_on>
* <report_false_positives>http://github.com/Zapotek/arachni/issues</report_false_positives>
* <system>
* <version...</version>
* <revision>...</revision>
* <start_datetime>...</start_datetime>
* <finish_datetime>...</finish_datetime>
* <delta_time>...</delta_time>
* <url>...</url>
* <user_agent>...</user_agent>
* <audited_elements>
* <element>...</element>
* </audited_elements>
* <modules>
* <module name="..."/>
* </modules>
* <filters>
* <exclude>
* </exclude>
* <include>
* <regexp>...</regexp>
* </include>
* <redundant>
* </redundant>
* </filters>
* <cookies>
* <cookie name="..." value="..." />
* </cookies>
* </system>
* <issues>
* <issue>
* <name>...</name>
* <url>...</url>
* <element>...</element>
* <method>...</method>
* <tags>
* <tag name="..." />
* </tags>
* <variable>..</variable>
* <description>...</description>
* <manual_verification...</manual_verification>
* <references>
* <reference name="..." url="..." />
* </references>
* <variations>
* <variation>
* <url>...</url>
* <injected>...</injected>
* <regexp_match>...</regexp_match>
* <headers>
* <request>
* <field name="..." value="..." />
* </request>
* <response>
* <field name="..." value="..." />
* </response>
* </headers>
* <html>...</html>
* <variation>
* <variations>
* ...
* </arachni_report>
*/
try
{
docNav = new XPathDocument(localOutputFile); // for test : result_634521969362210000_41014879.xml || URL file : file
nav = docNav.CreateNavigator();
nav1 = docNav.CreateNavigator();
// If all is OK!
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} Successfully loaded XML file : [{1}] ", m_jobId, file));
// Go to parse
try
{
// For read all plugin's
strExpression1 = "/arachni_report/title | /arachni_report/generated_on | /arachni_report/report_false_positives | /arachni_report/system/start_datetime | /arachni_report/system/finish_datetime | /arachni_report/system/delta_time | /arachni_report/system/url | /arachni_report/system/audited_elements/element | /arachni_report/issues/issue/name | /arachni_report/issues/issue/url | /arachni_report/issues/issue/element | /arachni_report/issues/issue/method | /arachni_report/issues/issue/tags/tag/@name | /arachni_report/issues/issue/variable | /arachni_report/issues/issue/description | /arachni_report/issues/issue/manual_verification | /arachni_report/issues/issue/references/reference/@name | /arachni_report/issues/issue/references/reference/@url | /arachni_report/issues/issue/variations/variation/url | /arachni_report/issues/issue/variations/variation/injected | /arachni_report/issues/issue/variations/variation/regexp_match | /arachni_report/issues/issue/variations/variation/headers/request/field/@name | /arachni_report/issues/issue/variations/variation/headers/request/field/@value | /arachni_report/issues/issue/variations/variation/headers/response/field/@value | /arachni_report/issues/issue/variations/variation/headers/response/field/@name | /arachni_report/issues/issue/variations/variation/html";
NodeIter1 = nav1.Select(strExpression1);
while (NodeIter1.MoveNext())
{
switch ((string)NodeIter1.Current.Name)
{
case "title":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - TITLE : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "generated_on":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - GENERATED-TIME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "report_false_positives":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - REPORT : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "start_datetime":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - START-TIME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "finish_datetime":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - FINISH-TIME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "delta_time":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - DELTA-TIME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "element":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - ELEMENT : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "name":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - ISSUE-NAME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "url":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - ISSUE-URL : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "method":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - ISSUE-METHOD : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "modules":
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE - MODULE : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
}
list_parse.Add((string)NodeIter1.Current.Value);
}
;
}
catch (System.Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", "JobID:" + m_jobId + "Exception Parsing XML PLUGIN'S = " + ex.Message + " " + ex.InnerException);
}
}
catch (System.Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", "JobID:" + m_jobId + "Exception LOADING XML = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER ARACHNI", string.Format("JobID: {0} XML PARSE successfull for file : [{1}] ", m_jobId, file));
aff_list();
// Pause
Console.ReadLine();
sshShell.Close();
sshShell = null;
return(true);
}
public bool nikto_get_result(string file, string localOuputFile)
{
XPathNavigator nav;
XPathNavigator nav1;
XPathDocument docNav;
XPathNodeIterator NodeIter1;
String strExpression1;
try
{
Sftp ftp;
ftp = new Sftp("111.222.333.444", "root", "toor"); //Hardcoded
ftp.OnTransferStart += new FileTransferEvent(ftp_OnTransferStart);
ftp.OnTransferProgress += new FileTransferEvent(ftp_OnTransferProgress);
ftp.OnTransferEnd += new FileTransferEvent(ftp_OnTransferEnd);
ftp.Connect(22);
ftp.Get("/home/root/tools/nikto-2.1.4/" + file, localOuputFile); //Hardcoded
ftp.Close();
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
return(false);
}
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "Loading the xml document");
/* SAMPLE of XML structure
*
* <?xml version="1.0" ?>
* <!DOCTYPE niktoscan SYSTEM "/usr/share/doc/nikto/nikto.dtd">
* <niktoscan options="-Format XML -o result_634550673449458000_35287174.xml -host TARGET -T x" version="2.1.1" nxmlversion="1.1">
* <scandetails targetip="IP_target" targethostname="URL_Target" targetport="80" targetbanner="gws" starttime="DATE/time"
* sitename="http://*****:*****@targetip | /niktoscan/scandetails/@targethostname | /niktoscan/scandetails/@targetport | /niktoscan/scandetails/@targetbanner | /niktoscan/scandetails/@sitename | /niktoscan/scandetails/@siteip";
NodeIter1 = nav1.Select(strExpression1);
while (NodeIter1.MoveNext())
{
// For headers
switch ((string)NodeIter1.Current.Name)
{
//Hardcoded
case "targetip":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - TARGET IP : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "targethostname":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - TARGET HOSTNAME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "targetport":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - TARGET PORT : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "targetbanner":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - TARGET BANNER : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "sitename":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - SITE NAME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "siteip":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - SITE IP : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
}
list_parse.Add((string)NodeIter1.Current.Value);
}
;
//Hardcoded
strExpression1 = "/niktoscan/scandetails/item/@id | /niktoscan/scandetails/item/@osvdbid | /niktoscan/scandetails/item/@osvdblink | /niktoscan/scandetails/item/description | /niktoscan/scandetails/item/uri | /niktoscan/scandetails/item/namelink | /niktoscan/scandetails/item/iplink";
NodeIter1 = nav1.Select(strExpression1);
//TODO
/*
* INFORMATION newInfo = null;
* while (NodeIter1.MoveNext())
* {
* // For each Items
* switch ((string)NodeIter1.Current.Name)
* {
* case "id":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - ITEM ID : [{1}] ", m_jobId, NodeIter1.Current.Value));
* if (newInfo != null)
* {
* try
* {
* m_model.AddToINFORMATION(newInfo);
* m_model.SaveChanges();
* }
* catch (Exception ex)
* {
* Utils.Helper_Trace("XORCISM PROVIDER WHATWEB", "JobID:" + m_jobId + "Exception adding newInfo = " + ex.Message + " " + ex.InnerException);
* }
* }
* newInfo = new INFORMATION();
* newInfo.Title = NodeIter1.Current.Value;
* newInfo.JobID = m_jobId;
* break;
* case "osvdbid":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - OSVDB ID : [{1}] ", m_jobId, NodeIter1.Current.Value));
*
* break;
* case "osvdblink":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - OSVDB LINK : [{1}] ", m_jobId, NodeIter1.Current.Value));
* break;
* case "description":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - DESCRIPTION : [{1}] ", m_jobId, NodeIter1.Current.Value));
* newInfo.Description = NodeIter1.Current.Value;
* //Todo: parse regex CAN-2004-0885. OSVDB-10637
* break;
* case "uri":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - URI : [{1}] ", m_jobId, NodeIter1.Current.Value));
* break;
* case "namelink":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - NAME LINK : [{1}] ", m_jobId, NodeIter1.Current.Value));
* newInfo.Url = NodeIter1.Current.Value;
* break;
* case "iplink":
* Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - IP LINK : [{1}] ", m_jobId, NodeIter1.Current.Value));
* break;
* }
* list_parse.Add((string)NodeIter1.Current.Value);
* };
* //Last one
* if (newInfo != null)
* {
* try
* {
* m_model.AddToINFORMATION(newInfo);
* m_model.SaveChanges();
* }
* catch (Exception ex)
* {
* Utils.Helper_Trace("XORCISM PROVIDER WHATWEB", "JobID:" + m_jobId + "Exception adding last newInfo = " + ex.Message + " " + ex.InnerException);
* }
* }
*/
//Hardcoded
strExpression1 = "/niktoscan/scandetails/statistics/@elapsed | /niktoscan/scandetails/statistics/@itemsfound | /niktoscan/scandetails/statistics/@itemstested | /niktoscan/statistics/@hoststotal";
NodeIter1 = nav1.Select(strExpression1);
while (NodeIter1.MoveNext())
{
// For each statictics
switch ((string)NodeIter1.Current.Name)
{
case "elapsed":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - ELAPSED : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "itemsfound":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - ITEMS FOUND : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "itemstested":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - ITEMS TESTED : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "targetbanner":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - TARGET BANNER : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "hoststotal":
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", string.Format("JobID: {0} XML PARSE - NUMBER OF HOST : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
}
list_parse.Add((string)NodeIter1.Current.Value);
}
;
}
catch (System.Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + m_jobId + "Exception Parsing XML PLUGIN'S = " + ex.Message + " " + ex.InnerException);
}
}
catch (System.Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER NIKTO", "JobID:" + m_jobId + "Exception LOADING XML " + localOuputFile + "= " + ex.Message + " " + ex.InnerException);
//Retry
Thread.Sleep(120000); //Hardcoded
nikto_get_result(file, localOuputFile);
}
return(true);
}
public bool Parse(string m_file)
{
Assembly a;
/* A way for loading XMLfile */
XPathNavigator nav;
XPathNavigator nav1;
XPathDocument docNav;
XPathNodeIterator NodeIter1;
String strExpression1;
a = Assembly.GetExecutingAssembly();
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "W3AF Assembly location = " + a.Location);
/* Name of XML result */
//string file;
//file = string.Format("result_{0}_{1}.xml", DateTime.Now.Ticks, this.GetHashCode());
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} Results will be stored in file [{1}]", m_jobId, m_file));
/* SSH instructions & declarations */
int port;
string address, username, password, prompt;
//HARDCODED
port = 22;
address = "111.222.333.444";
username = "******";
password = "******";
prompt = "root";
SshShell sshShell;
sshShell = new SshShell(address, username, password);
sshShell.RemoveTerminalEmulationCharacters = true;
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} Connecting to W3AF server at {1}", m_jobId, address));
try{
sshShell.Connect(port);
sshShell.Expect(prompt);
}
catch (Exception ex2)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} ConnectingERROR to W3AF server at {1} : " + ex2.Message + " " + ex2.InnerException, m_jobId, address));
}
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} Successfully connected to W3AF server", m_jobId));
//string output;
string stdout = "";
//string stderr = "";
/* Command 1 */
string cmd;
cmd = "cd /home/root/tools/w3af/"; //Hardcoded
sshShell.WriteLine(cmd);
// We create the real script file
string scriptfile = w3afScript.getScriptFile();
stdout = sshShell.Expect(prompt);
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Uploading script " + scriptfile + " to " + scriptfile.Replace(Path.GetTempPath(), "") + " via SFTP"));
try
{
Sftp ftp;
ftp = new Sftp("111.222.333.444", "root", "toor"); //HARDCODED
ftp.OnTransferStart += new FileTransferEvent(ftp_OnTransferStart);
ftp.OnTransferProgress += new FileTransferEvent(ftp_OnTransferProgress);
ftp.OnTransferEnd += new FileTransferEvent(ftp_OnTransferEnd);
ftp.Connect(22);
ftp.Put(scriptfile, "/home/root/tools/w3af/" + scriptfile.Replace(Path.GetTempPath(), "")); //HARDCODED
ftp.Close();
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
return(false);
}
cmd = string.Format("./w3af_console -s {0}", scriptfile.Replace(Path.GetTempPath(), ""));
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "Executing command: " + cmd);
sshShell.WriteLine(cmd);
//stdout = sshShell.Expect(prompt);
stdout = sshShell.Expect("Scan finished in");
/*
* Scan finished in 2 hours 3 minutes 5 seconds.
* w3af>>>
*/
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} START DUMP STDOUT01", m_jobId));
Utils.Helper_Trace("XORCISM PROVIDER W3AF", stdout);
string localOutputFile;
localOutputFile = Path.GetTempFileName();
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Downloading results via SFTP to [{0}]", localOutputFile));
try
{
Sftp ftp;
ftp = new Sftp("111.222.333.444", "root", "toor"); //HARDCODED
ftp.OnTransferStart += new FileTransferEvent(ftp_OnTransferStart);
ftp.OnTransferProgress += new FileTransferEvent(ftp_OnTransferProgress);
ftp.OnTransferEnd += new FileTransferEvent(ftp_OnTransferEnd);
ftp.Connect(22);
ftp.Get("/home/root/tools/w3af/" + m_file, localOutputFile); //HARDCODED
ftp.Close();
}
catch (Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("Exception = {0} / {1}", ex.Message, ex.InnerException == null ? "" : ex.InnerException.Message));
return(false);
}
/* Here sample XML
* <?xml version="1.0" encoding="UTF-8"?>
* <w3afrun start="..." startstr="..." xmloutputversion="1.00">
* <scaninfo target="TARGET">
* <audit>
* <plugin name="..."/>
* ...
* </audit>
* <bruteforce/>
* <grep>
* <plugin name="..."/>
* ...
* </grep>
* <evasion/>
* <output>
* <plugin name="FILE TYPE">
* <config parameter="FILENAME" value="PATH"/>
* </plugin>
* </output>
* <mangle/>
* <discovery>
* <plugin name="..."/>
* ...
* </discovery>
* </scaninfo>
* <vulnerability method="..." name="..." severity="Low" url="..." var="...">EXPLANATION</vulnerability>
* <information id="[...]" name="..." url="...">EXPLANATION</information>
* <error caller="PLUGIN">EXPLANATION</error>
* </w3afrun>
*/
try
{
docNav = new XPathDocument(localOutputFile); // for test : result_634521969362210000_41014879.xml || URL file : file
nav = docNav.CreateNavigator();
nav1 = docNav.CreateNavigator();
// If all is OK!
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} Successfully loaded XML file : [{1}] ", m_jobId, localOutputFile));
// Go to parse
try
{
// To read all plugins
//HARDCODED
strExpression1 = "/w3afrun/@startstr | /w3afrun/scaninfo/@target | /w3afrun/scaninfo/audit/plugin/@name | /w3afrun/scaninfo/grep/plugin/@name | /w3afrun/scaninfo/output/plugin/@name | /w3afrun/scaninfo/output/plugin/config/@parameter | /w3afrun/scaninfo/output/plugin/config/@value | /w3afrun/scaninfo/discovery/plugin/@name | /w3afrun/vulnerability/@method | /w3afrun/vulnerability/@name | /w3afrun/vulnerability/@severity | /w3afrun/vulnerability/@url | /w3afrun/vulnerability/@var | /w3afrun/vulnerability | /w3afrun/information/@name | /w3afrun/information/@id | /w3afrun/information/@url | /w3afrun/information | /w3afrun/error/@caller | /w3afrun/error";
NodeIter1 = nav1.Select(strExpression1);
while (NodeIter1.MoveNext())
{
switch ((string)NodeIter1.Current.Name)
{
case "startstr":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - START-TIME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "target":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - TARGET : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "method":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - METHOD : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "name":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - NAME : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "severity":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - SEVERITY : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "url":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - URL : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "var":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - VAR : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "vulnerability":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - EXPLANATION : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "information":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - INFORMATION : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
case "error":
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE - VULNERABILITY - ERROR : [{1}] ", m_jobId, NodeIter1.Current.Value));
break;
}
list_parse.Add((string)NodeIter1.Current.Value);
}
;
}
catch (System.Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "JobID:" + m_jobId + "Exception Parsing XML PLUGIN'S = " + ex.Message + " " + ex.InnerException);
}
}
catch (System.Exception ex)
{
Utils.Helper_Trace("XORCISM PROVIDER W3AF", "JobID:" + m_jobId + "Exception LOADING XML = " + ex.Message + " " + ex.InnerException);
}
Utils.Helper_Trace("XORCISM PROVIDER W3AF", string.Format("JobID: {0} XML PARSE successfull for file : [{1}] ", m_jobId, localOutputFile));
//aff_list();
// Pause
Console.ReadLine();
/* sshShell.Close();
* sshShell = null;*/
return(true);
}