public static ScanConfig Parse(string[] args) { var config = new ScanConfig(); int argIndex = 0; for (int i = 0; i < args.Length; i++) { if (args[i] == "-s") { if (args.Length == i + 1) { ScannerCli.DisplayCriticalMessageAndExit("-s argument expects value"); } config.Server = args[i + 1]; i++; foreach (var a in config.ScanPlugins) { a.Server = config.Server; } } else if (args[i] == "-static") { config.StaticOnly = true; } else if (args[i] == "-t") { int timeout = 0; if (args.Length == i + 1 || !int.TryParse(args[i + 1], out timeout)) { ScannerCli.DisplayCriticalMessageAndExit("-t argument expects number value"); } i++; config.Timeout = timeout; } else if (args[i] == "-p") { int port = 0; if (args.Length == i + 1 || !int.TryParse(args[i + 1], out port)) { ScannerCli.DisplayCriticalMessageAndExit("-p argument expects number value"); } i++; config.Port = port; } else if (args[i] == "-l") { config.LauncherUsed = true; } else if (args[i] == "-n") { config.Unhook = false; } else if (args[i] == "-v") { config.RunViewer = true; } else if (args[i] == "-d") { config.DiscoveryReport = true; } else if (args[i] == "-c") { config.CodeCoverageReport = 1; } else if (args[i] == "-c2") { config.CodeCoverageReport = 2; } else if (args[i] == "-dump") { config.DumpMessages = true; } else if (args[i] == "-b") { config.BeepOnAlert = true; } else if (args[i] == "-log") { config.LogConsole = true; } else if (args[i] == "-test") { config.TestMode = true; } else if (args[i] == "-r") { config.Repair = true; } //else if (args[i] == "-h") // config.HookSuperglobals = true; else if (args[i] == "-l") { // Nothing } else if (args[i] == "-m") { if (args.Length == i + 1) { ScannerCli.DisplayCriticalMessageAndExit("-m argument expects value"); } var modes = args[i + 1]; i++; foreach (var c in modes) { ScanPluginBase scan = null; switch (c.ToString().ToLower()[0]) { case 'c': scan = new CommandScanPlugin(config.Server); break; case 'l': try { scan = new LocalFileInclusionScanPlugin(config.Server); } catch (UnauthorizedAccessException) { ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " + "PHP Vulnerability Hunter has administrative privileges."); } break; case 'f': scan = new FileScanPlugin(config.Server); break; case 'p': scan = new ArbitraryPhpScanPlugin(config.Server); break; case 's': scan = new SqlScanPlugin(config.Server); break; case 'd': scan = new DynamicScanPlugin(config.Server); break; case 'x': scan = new XssScanPlugin(config.Server); break; case 'i': scan = new FullPathDisclosureScanPlugin(config.Server); break; case 'r': scan = new OpenRedirectScanPlugin(config.Server); break; } if (scan == null) ScannerCli.DisplayCriticalMessageAndExit("Invalid scan mode: " + c); config.ScanPlugins.Add(scan); } } else { switch (argIndex) { case 0: config.WebRoot = args[i]; if (!Directory.Exists(config.WebRoot)) { ScannerCli.DisplayError(string.Format("Could not find directory {0}", config.WebRoot)); Environment.Exit(5); } break; case 1: if (args[i] == "*") { var dir = new DirectoryInfo(config.WebRoot); config.ApplicationPaths = dir.GetDirectories() .Select(x => x.Name) .ToArray(); } else config.ApplicationPaths = args[i].Split(','); break; } argIndex++; } } if (argIndex != 2) ScannerCli.DisplayCriticalMessageAndExit("Invalid argument count"); // Validate user input if (!Directory.Exists(config.WebRoot)) ScannerCli.DisplayCriticalMessageAndExit("Web root {0} not found.", config.WebRoot); if (config.ScanPlugins.Count == 0 && !config.Repair) { LocalFileInclusionScanPlugin lfi = null; try { lfi = new LocalFileInclusionScanPlugin(config.Server); } catch (UnauthorizedAccessException) { ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " + "PHP Vulnerability Hunter has administrative privileges."); } config._ScanPlugins = new List<ScanPluginBase>() { new CommandScanPlugin(config.Server), new FileScanPlugin(config.Server), lfi, new ArbitraryPhpScanPlugin(config.Server), new DynamicScanPlugin(config.Server), new SqlScanPlugin(config.Server), new XssScanPlugin(config.Server), new OpenRedirectScanPlugin(config.Server), new FullPathDisclosureScanPlugin(config.Server), }; } return config; }
public static ScanConfig Create(string[] args) { var config = new ScanConfig(); int argIndex = 0; for (int i = 0; i < args.Length; i++) { if (args[i] == "-s") { config.Server = args[i + 1]; i++; foreach (var a in config.ScanPlugins) { a.Server = config.Server; } } else if (args[i] == "-static") { config.StaticOnly = true; } else if (args[i] == "-t") { int timeout = 0; if (args.Length == i + 1 || !int.TryParse(args[i + 1], out timeout)) { ScannerCli.DisplayCriticalMessageAndExit("Error parsing timeout"); } i++; config.Timeout = timeout; } else if (args[i] == "-p") { int port; if (!int.TryParse(args[i + 1], out port)) { ScannerCli.DisplayCriticalMessageAndExit("Error parsing port"); } i++; config.Port = port; } else if (args[i] == "-l") { config.LauncherUsed = true; } else if (args[i] == "-n") { config.Unhook = false; } else if (args[i] == "-v") { config.RunViewer = true; } else if (args[i] == "-d") { config.DiscoveryReport = true; } else if (args[i] == "-c") { config.CodeCoverageReport = 1; } else if (args[i] == "-c2") { config.CodeCoverageReport = 2; } else if (args[i] == "-dump") { config.DumpMessages = true; } else if (args[i] == "-b") { config.BeepOnAlert = true; } else if (args[i] == "-log") { config.LogConsole = true; } else if (args[i] == "-test") { config.TestMode = true; } else if (args[i] == "-r") { config.Repair = true; } //else if (args[i] == "-h") // config.HookSuperglobals = true; else if (args[i] == "-l") { // Nothing } else if (args[i] == "-m") { var modes = args[i + 1]; i++; foreach (var c in modes) { ScanPluginBase scan = null; switch (c.ToString().ToLower()[0]) { case 'c': scan = new CommandScanPlugin(config.Server); break; case 'l': try { scan = new LocalFileInclusionScanPlugin(config.Server); } catch (UnauthorizedAccessException) { ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " + "PHP Vulnerability Hunter has administrative privileges."); } break; case 'f': scan = new FileScanPlugin(config.Server); break; case 'p': scan = new ArbitraryPhpScanPlugin(config.Server); break; case 's': scan = new SqlScanPlugin(config.Server); break; case 'd': scan = new DynamicScanPlugin(config.Server); break; case 'x': scan = new XssScanPlugin(config.Server); break; case 'i': scan = new FullPathDisclosureScanPlugin(config.Server); break; case 'r': scan = new OpenRedirectScanPlugin(config.Server); break; } if (scan == null) { ScannerCli.DisplayCriticalMessageAndExit("Invalid scan mode: " + c); } config.ScanPlugins.Add(scan); } } else { switch (argIndex) { case 0: config.WebRoot = args[i]; if (!Directory.Exists(config.WebRoot)) { ScannerCli.DisplayError(string.Format("Could not find directory {0}", config.WebRoot)); Environment.Exit(5); } break; case 1: if (args[i] == "*") { var dir = new DirectoryInfo(config.WebRoot); config.ApplicationPaths = dir.GetDirectories() .Select(x => x.Name) .ToArray(); } else { config.ApplicationPaths = args[i].Split(','); } break; } argIndex++; } } if (argIndex != 2) { ScannerCli.DisplayCriticalMessageAndExit("Invalid argument count"); } // Validate user input if (!Directory.Exists(config.WebRoot)) { ScannerCli.DisplayCriticalMessageAndExit("Web root {0} not found.", config.WebRoot); } if (config.ScanPlugins.Count == 0 && !config.Repair) { LocalFileInclusionScanPlugin lfi = null; try { lfi = new LocalFileInclusionScanPlugin(config.Server); } catch (UnauthorizedAccessException) { ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " + "PHP Vulnerability Hunter has administrative privileges."); } config._ScanPlugins = new List <ScanPluginBase>() { new CommandScanPlugin(config.Server), new FileScanPlugin(config.Server), lfi, new ArbitraryPhpScanPlugin(config.Server), new DynamicScanPlugin(config.Server), new SqlScanPlugin(config.Server), new XssScanPlugin(config.Server), new OpenRedirectScanPlugin(config.Server), new FullPathDisclosureScanPlugin(config.Server), }; } return(config); }