/// <summary> /// Bu fonksiyon taramada bulunan zafiyet sayısını döndürür. /// This function returns found vulnerability count. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <returns></returns> private static int GetScanVulnerabilitiesCount(W3afManager manager) { try { int VulnerabilityCount = 0; string id = GetScanID(manager); if (id != null) { Vulnerabilities vuln = ScanController.GetScanVulnerabilities(manager, id); foreach (var item in vuln.Items) { VulnerabilityCount = Convert.ToInt32(item.Id); } } else { Console.WriteLine("\n\n***Tarama Yok***\n"); } return(VulnerabilityCount); } catch (Exception ex) { Console.WriteLine("\nScanView::howScanVulnerabilities\n Exception:" + ex.Message); return(0); } }
private void MainForm_Load(object sender, EventArgs e) { vulnerabilities = new Vulnerabilities(); System.Xml.Serialization.XmlSerializer reader = new System.Xml.Serialization.XmlSerializer(vulnerabilities.GetType()); System.IO.StreamReader file = new System.IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\XML\Vulnerabilities.xml"); vulnerabilities = (Vulnerabilities)reader.Deserialize(file); staticVulnerabilities = new StaticVulnerabilities(); reader = new System.Xml.Serialization.XmlSerializer(staticVulnerabilities.GetType()); file = new System.IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\XML\StaticVulnerabilities.xml"); staticVulnerabilities = (StaticVulnerabilities)reader.Deserialize(file); disclosureVulnerabilities = new DisclosureVulnerabilities(); reader = new System.Xml.Serialization.XmlSerializer(disclosureVulnerabilities.GetType()); file = new System.IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\XML\DisclosureVulnerabilities.xml"); disclosureVulnerabilities = (DisclosureVulnerabilities)reader.Deserialize(file); file.Close(); }
/// <summary> /// Bu fonksiyon Taramada bulunan zafiyetleri gösterir. /// This function shows vulnerabilities found in Scan. /// </summary> /// <param name="manager"></param> public static void ShowScanVulnerabilities(W3afManager manager) { try { string id = GetScanID(manager); if (id != null) { Vulnerabilities vuln = ScanController.GetScanVulnerabilities(manager, id); foreach (var item in vuln.Items) { Console.WriteLine("\nID: " + item.Id + "\nName: " + item.Name + "\nHref: " + item.Href + "\nURL: " + item.Url); } } else { Console.WriteLine("\n\n***Tarama Yok***\n"); } } catch (Exception ex) { Console.WriteLine("\nScanView::howScanVulnerabilities\n Exception:" + ex.Message); } }
/// <summary> /// The check for vulnerabilities. /// </summary> /// <param name="browser"> /// The browser. /// </param> /// <param name="testCase"> /// The testCase. /// </param> /// <param name="testValue"> /// The tested val. /// </param> private void CheckForVulnerabilities( BrowserAbstract browser, TestCase testCase, string testValue) { // waiting for page to load browser.WaitForPageLoad(5000); string alertText; browser.DismissedIfAlertDisplayed(out alertText); if (browser.AlertMessageDisplayed.Contains(TestBaseHelper.AttackSignature)) { // since we use the same browser instance clear the alerts after the issue has been logged browser.AlertMessageDisplayed.Clear(); // we found one issue this.vulnerabilityFound = true; Vulnerabilities.Enqueue(new Vulnerability { Title = testCase.TestName, Level = (int)VulnerabilityLevelEnum.High, TestedParam = string.Empty, TestedVal = testValue, Evidence = "Found by {0}".FormatIc(browser.BrowserType.ToString()), MatchString = testCase.MatchString, TestPlugin = GetType().Name }); } }
private int CalcDamage(DealDamage damage) { // First check for immunities, then resistance, then vulnerability (p. 197 Player's Handbook) if (Immunities.Contains(damage.DamageType)) { return(0); } int actualHpDamage = damage.Hp; // Resistances and vulnerabilities do not stack, so one does as much as multiple. if (Resistances.Contains(damage.DamageType)) { actualHpDamage /= 2; // integer division correctly rounds down } // It is technically possible to have a resistance and a vulnerability for the same damage type. // https://rpg.stackexchange.com/a/167448 if (Vulnerabilities.Contains(damage.DamageType)) { actualHpDamage *= 2; } return(actualHpDamage); // Possible future refactor: It's a little bit inefficient to check all of the // lists every time, especially since this function is called from in a loop. }
/// <summary> /// Overriding the Check Vulnerability implementation because we just want to look in the response headers. /// </summary> /// <param name="webRequestContext"> /// The web Request Context. /// </param> /// <param name="testcase"> /// The test case. /// </param> /// <param name="testedParam"> /// The tested Parameter. /// </param> /// <param name="testValue"> /// The tested Val. /// </param> /// <seealso cref="M:BackScatterScannerLib.Engine.TestBase.CheckForVuln(WebRequestContext,TestCase,string,string)"/> protected override void CheckForVulnerabilities( WebRequestContext webRequestContext, TestCase testcase, string testedParam, string testValue) { HttpWebResponseHolder response = webRequestContext.ResponseHolder; var fromHeaderValue = response.Headers["From"]; if (response.Headers == null || string.IsNullOrWhiteSpace(fromHeaderValue)) { return; } // Have we injected a from header and does it contain the domain we are attempting to redirect to? if (fromHeaderValue.IndexOf("*****@*****.**", StringComparison.InvariantCultureIgnoreCase) > -1) { Vulnerabilities.Enqueue(new Vulnerability { Title = "HTTP Response Splitting - Newline Injection", Level = (int)VulnerabilityLevelEnum.High, TestedParam = testedParam, TestedVal = testValue, HttpResponse = response, Evidence = $"From : {fromHeaderValue}", MatchString = testcase.MatchString, TestPlugin = GetType().Name }); } }
private void RemoveRelated([NotNull] IWeakness weakness) { RemoveRelatedForEntities(weakness); RemoveRelatedForDataFlows(weakness); var vulnerabilities = Vulnerabilities?.Where(x => x.WeaknessId == weakness.Id).ToArray(); if (vulnerabilities?.Any() ?? false) { foreach (var vulnerability in vulnerabilities) { RemoveVulnerability(vulnerability.Id); } } }
private void SetVulnerabilityText() { foreach (var item in CaseEdit.VulnerabilityList) { VulnerabilityText += Vulnerabilities.Where(r => r.Id == item).Select(r => r.Name + ", ").First(); } if (!string.IsNullOrWhiteSpace(VulnerabilityText)) { VulnerabilityText = VulnerabilityText.Substring(0, VulnerabilityText.Length - 2); } if (string.IsNullOrWhiteSpace(VulnerabilityText)) { VulnerabilityText = "n/a"; } }
/// <inheritdoc/> protected override void CheckForVulnerabilities( WebRequestContext webRequestContext, TestCase testcase, string testedParam, string testValue) { if (webRequestContext.Browser.AlertMessageDisplayed.Contains(TestBaseHelper.AttackSignature)) { Vulnerabilities.Enqueue(new Vulnerability { Title = testcase.TestName, Level = (int)VulnerabilityLevelEnum.High, TestedParam = testedParam, TestedVal = testValue, HttpResponse = webRequestContext.ResponseHolder, Evidence = $"Found by {webRequestContext.Browser.BrowserType}", MatchString = testcase.MatchString, TestPlugin = GetType().Name }); } }
private void MainForm_Load(object sender, EventArgs e) { // no smaller than design time size this.MinimumSize = new System.Drawing.Size(this.Width, this.Height); // no larger than screen size this.MaximumSize = new System.Drawing.Size(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height); this.AutoSize = true; this.AutoSizeMode = AutoSizeMode.GrowAndShrink; vulnerabilities = new Vulnerabilities(); System.Xml.Serialization.XmlSerializer reader = new System.Xml.Serialization.XmlSerializer(vulnerabilities.GetType()); System.IO.StreamReader file = new System.IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\XML\Vulnerabilities.xml"); vulnerabilities = (Vulnerabilities)reader.Deserialize(file); staticVulnerabilities = new StaticVulnerabilities(); reader = new System.Xml.Serialization.XmlSerializer(staticVulnerabilities.GetType()); file = new System.IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\XML\StaticVulnerabilities.xml"); staticVulnerabilities = (StaticVulnerabilities)reader.Deserialize(file); disclosureVulnerabilities = new DisclosureVulnerabilities(); reader = new System.Xml.Serialization.XmlSerializer(disclosureVulnerabilities.GetType()); file = new System.IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\XML\DisclosureVulnerabilities.xml"); disclosureVulnerabilities = (DisclosureVulnerabilities)reader.Deserialize(file); file.Close(); }
/// <summary> /// The inspect response. /// </summary> /// <param name="requestTarget"> /// The request target. /// </param> /// <param name="responseTarget"> /// The response target. /// </param> /// <param name="response"> /// The current response. /// </param> /// <param name="plugIn"> /// The plug in. /// </param> /// <param name="testCase"> /// The test case. /// </param> /// <param name="testParameter"> /// The tested parameter. /// </param> /// <param name="testValue"> /// The tested val. /// </param> public override void InspectResponse( ITarget requestTarget, ITarget responseTarget, HttpWebResponseHolder response, string plugIn, TestCase testCase, string testParameter, string testValue) { string accessControlAllowOrigin = response.Headers["Access-Control-Allow-Origin"]; if (!string.IsNullOrWhiteSpace(accessControlAllowOrigin) && accessControlAllowOrigin.IndexOf("*", StringComparison.InvariantCultureIgnoreCase) != -1) { bool matchFound = false; foreach (string allowedDomain in this.whiteListDomains) { if (Regex.Match(accessControlAllowOrigin, allowedDomain).Success) { matchFound = true; break; } } if (!matchFound) { Vulnerabilities.Enqueue(new Vulnerability { TestPlugin = GetType().Name + " (via " + plugIn + ")", Title = "Access-Control-Allow-Origin has wildcard for domain not in WebSec white list", Level = (int)VulnerabilityLevelEnum.Low, Evidence = accessControlAllowOrigin, HttpResponse = response }); } } }
/// <summary> /// The inspect response. /// </summary> /// <param name="requestTarget"> /// The request target. /// </param> /// <param name="responseTarget"> /// The response target. /// </param> /// <param name="response"> /// The current response. /// </param> /// <param name="plugIn"> /// The plug in. /// </param> /// <param name="testCase"> /// The test case. /// </param> /// <param name="testParameter"> /// The tested parameter. /// </param> /// <param name="testValue"> /// The tested val. /// </param> public override void InspectResponse( ITarget requestTarget, ITarget responseTarget, HttpWebResponseHolder response, string plugIn, TestCase testCase, string testParameter, string testValue) { string accessControlAllowMethods = response.Headers["Access-Control-Allow-Methods"]; if (!string.IsNullOrWhiteSpace(accessControlAllowMethods) && accessControlAllowMethods.ContainsAnyOi(new[] { "put", "delete", "options" })) { Vulnerabilities.Enqueue(new Vulnerability { TestPlugin = GetType().Name + " (via " + plugIn + ")", Title = "Access-Control-Allow-Methods allows methods other than GET and POST", Level = (int)VulnerabilityLevelEnum.Low, Evidence = accessControlAllowMethods, HttpResponse = response }); } }
private bool IsVulnerable(DamageType damageType) { return(Vulnerabilities.Contains(damageType)); }
public string VulnerabilitiesLabel() => Vulnerabilities?.Count > 0 ? EnumerableToCSV(Vulnerabilities.Select(i => ((Constants.DamageTypes)i).ToString())) : "None";
private bool IsUsed([NotNull] IWeakness weakness) { return((_entities?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == weakness.Id) ?? false) ?? false) || (_dataFlows?.Any(x => x.Vulnerabilities?.Any(y => y.WeaknessId == weakness.Id) ?? false) ?? false) || (Vulnerabilities?.Any(x => x.WeaknessId == weakness.Id) ?? false)); }
public void Setup() { _file = new FileInfo(@"..\..\..\src\Resources\npmrepository.json").FullName; _vulners = Vulnerabilities.LoadFromFile(_file).Result; }
public void AddVulnerability(DamageTypes damageType) { Vulnerabilities.Add(damageType); }