public void Should_have_no_type_scanners()
{
// Act
var context = new ScannerContext();
// Assert
Assert.That(context.TypeScanners.Count(), Is.EqualTo(0));
}
public void Should_throw_when_null()
{
// Arrange
var context = new ScannerContext();
// Act & Assert
Assert.Throws <ArgumentNullException>(() => context.AddTypeScanner(null));
}
public void Should_have_no_assemblies_to_scan()
{
// Act
var context = new ScannerContext();
// Assert
Assert.That(context.AssembliesToScan.Count(), Is.EqualTo(0));
}
static void Main(string[] args)
{
bool canContinue = GuardUsage(args);
if (canContinue)
{
var scannerContext = new ScannerContext(args[0], args[1]);
ExecuteScanner(scannerContext);
}
}
public void Should_have_no_filters()
{
// Act
var context = new ScannerContext();
// Assert
Assert.That(context.MatchOneTypeFilters.Count(), Is.EqualTo(0));
Assert.That(context.MatchAllTypeFilters.Count(), Is.EqualTo(0));
Assert.That(context.MatchOneFileFilters.Count(), Is.EqualTo(0));
Assert.That(context.MatchAllFileFilters.Count(), Is.EqualTo(0));
}
public void Should_add_filter()
{
// Arrange
var context = new ScannerContext();
Func <Type, bool> filter = t => true;
// Act
context.AddFilter(filter);
// Assert
Assert.That(context.Filters.Single(), Is.EqualTo(filter));
}
public void Should_only_add_unique_type_scanners()
{
// Arrange
var context = new ScannerContext();
var typeScanner = new ProfileTypeScanner();
// Act
context.AddTypeScanner(typeScanner);
context.AddTypeScanner(typeScanner);
// Assert
Assert.That(context.TypeScanners.Single(), Is.EqualTo(typeScanner));
}
public void Should_only_add_unique_assemblies()
{
// Arrange
var context = new ScannerContext();
var assembly = GetType().Assembly;
// Act
context.AddAssembly(assembly);
context.AddAssembly(assembly);
// Assert
Assert.That(context.AssembliesToScan.Single(), Is.EqualTo(assembly));
}
public void Should_add_match_all_filter()
{
// Arrange
var context = new ScannerContext();
Func <string, bool> filter = t => true;
// Act
context.AddMatchAllFileFilter(filter);
// Assert
Assert.That(context.MatchAllFileFilters.Single(), Is.EqualTo(filter));
Assert.That(context.MatchOneFileFilters.Any(), Is.False);
}
public LandScanner(ScannerContext db, EmailSenderService sender, ILogger <LandScanner> log)
{
_db = db;
_sender = sender;
_log = log;
}
public Repository(ScannerContext dbContext)
{
_dbContext = dbContext;
}
private static void ExecuteScanner(ScannerContext scannerContext)
{
scannerContext.LoadInput();
scannerContext.ScanProgram();
scannerContext.FlushOutput();
}
private void TestDomain(string address, bool signalEnd)
{
StringBuilder sb = new StringBuilder();
StringBuilder linkBuilder = new StringBuilder();
try
{
List <string> schemas = new List <string>();
schemas.Add("http");
schemas.Add("https");
foreach (var schema in schemas)
{
if (schema.Equals("http"))
{
address = DomainUtility.EnsureHTTP(address);
}
else
{
address = DomainUtility.EnsureHTTPS(address);
}
sb.Append("Checking: " + address + Environment.NewLine);
WebPageRequest request = new WebPageRequest();
request.Address = address;
WebPageLoader.Load(request);
ScannerRequest sRequest = new ScannerRequest();
sRequest.Body = request.Response.Body;
sRequest.URL = address;
sRequest.Domain = DomainUtility.GetDomainFromUrl(address);
ScannerResult result = new ScannerResult();
ScannerContext scannerContext = new ScannerContext();
if (request.Response.Body.Equals(String.Empty) && request.Response.TimeOut == false)
{
sb.Append("\tNo body found." + Environment.NewLine);
}
else
{
if (request.Response.TimeOut == false)
{
result = CheckEngine(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckBuckets(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckSocialMedia(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckServices(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckDefaultpages(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckIndexOf(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
foreach (var script in request.Response.Scripts)
{
ScannerRequest scriptRequest = new ScannerRequest();
scriptRequest.Body = script.Value;
scriptRequest.URL = script.Key;
result = CheckBuckets(scriptRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
}
}
else
{
// CheckBigIPService(request, sb);
}
}
//CheckForFileType(request.Address, sb, "swf", linkBuilder);
//result = CheckForFileType(request.Address, sb, "php", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "xml", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "conf", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "env", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
result = CheckPHPInfo(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckKnownAttackFiles(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckCRLF(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckCSP(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckHeaders(sRequest, sb);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
}
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
}
Log(sb.ToString());
LogLinks(linkBuilder.ToString());
if (signalEnd)
{
_countdown.Signal();
}
}