Example #1
0
        public static ScanConfig Parse(string[] args)
        {
            var config = new ScanConfig();

            int argIndex = 0;

            for (int i = 0; i < args.Length; i++)
            {
                if (args[i] == "-s")
                {
                    if (args.Length == i + 1)
                    {
                        ScannerCli.DisplayCriticalMessageAndExit("-s argument expects value");
                    }

                    config.Server = args[i + 1];
                    i++;

                    foreach (var a in config.ScanPlugins)
                    {
                        a.Server = config.Server;
                    }
                }
                else if (args[i] == "-static")
                {
                    config.StaticOnly = true;
                }
                else if (args[i] == "-t")
                {
                    int timeout = 0;
                    if (args.Length == i + 1 ||
                        !int.TryParse(args[i + 1], out timeout))
                    {
                        ScannerCli.DisplayCriticalMessageAndExit("-t argument expects number value");
                    }

                    i++;
                    config.Timeout = timeout;
                }
                else if (args[i] == "-p")
                {
                    int port = 0;
                    if (args.Length == i + 1 ||
                        !int.TryParse(args[i + 1], out port))
                    {
                        ScannerCli.DisplayCriticalMessageAndExit("-p argument expects number value");
                    }

                    i++;
                    config.Port = port;
                }
                else if (args[i] == "-l")
                {
                    config.LauncherUsed = true;
                }
                else if (args[i] == "-n")
                {
                    config.Unhook = false;
                }
                else if (args[i] == "-v")
                {
                    config.RunViewer = true;
                }
                else if (args[i] == "-d")
                {
                    config.DiscoveryReport = true;
                }
                else if (args[i] == "-c")
                {
                    config.CodeCoverageReport = 1;
                }
                else if (args[i] == "-c2")
                {
                    config.CodeCoverageReport = 2;
                }
                else if (args[i] == "-dump")
                {
                    config.DumpMessages = true;
                }
                else if (args[i] == "-b")
                {
                    config.BeepOnAlert = true;
                }
                else if (args[i] == "-log")
                {
                    config.LogConsole = true;
                }
                else if (args[i] == "-test")
                {
                    config.TestMode = true;
                }
                else if (args[i] == "-r")
                {
                    config.Repair = true;
                }
                //else if (args[i] == "-h")
                //    config.HookSuperglobals = true;
                else if (args[i] == "-l")
                {
                    // Nothing
                }
                else if (args[i] == "-m")
                {
                    if (args.Length == i + 1)
                    {
                        ScannerCli.DisplayCriticalMessageAndExit("-m argument expects value");
                    }

                    var modes = args[i + 1];

                    i++;

                    foreach (var c in modes)
                    {
                        ScanPluginBase scan = null;

                        switch (c.ToString().ToLower()[0])
                        {
                            case 'c':
                                scan = new CommandScanPlugin(config.Server);
                                break;
                            case 'l':
                                try
                                {
                                    scan = new LocalFileInclusionScanPlugin(config.Server);
                                }
                                catch (UnauthorizedAccessException)
                                {
                                    ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " +
                                        "PHP Vulnerability Hunter has administrative privileges.");
                                }
                                break;
                            case 'f':
                                scan = new FileScanPlugin(config.Server);
                                break;
                            case 'p':
                                scan = new ArbitraryPhpScanPlugin(config.Server);
                                break;
                            case 's':
                                scan = new SqlScanPlugin(config.Server);
                                break;
                            case 'd':
                                scan = new DynamicScanPlugin(config.Server);
                                break;
                            case 'x':
                                scan = new XssScanPlugin(config.Server);
                                break;
                            case 'i':
                                scan = new FullPathDisclosureScanPlugin(config.Server);
                                break;
                            case 'r':
                                scan = new OpenRedirectScanPlugin(config.Server);
                                break;
                        }

                        if (scan == null)
                            ScannerCli.DisplayCriticalMessageAndExit("Invalid scan mode: " + c);

                        config.ScanPlugins.Add(scan);
                    }
                }
                else
                {
                    switch (argIndex)
                    {
                        case 0:
                            config.WebRoot = args[i];

                            if (!Directory.Exists(config.WebRoot))
                            {
                                ScannerCli.DisplayError(string.Format("Could not find directory {0}",
                                    config.WebRoot));

                                Environment.Exit(5);
                            }

                            break;
                        case 1:
                            if (args[i] == "*")
                            {
                                var dir = new DirectoryInfo(config.WebRoot);
                                config.ApplicationPaths = dir.GetDirectories()
                                    .Select(x => x.Name)
                                    .ToArray();
                            }
                            else
                                config.ApplicationPaths = args[i].Split(',');
                            break;
                    }

                    argIndex++;
                }
            }

            if (argIndex != 2)
                ScannerCli.DisplayCriticalMessageAndExit("Invalid argument count");

            // Validate user input

            if (!Directory.Exists(config.WebRoot))
                ScannerCli.DisplayCriticalMessageAndExit("Web root {0} not found.", config.WebRoot);

            if (config.ScanPlugins.Count == 0 && !config.Repair)
            {
                LocalFileInclusionScanPlugin lfi = null;

                try
                {
                    lfi = new LocalFileInclusionScanPlugin(config.Server);
                }
                catch (UnauthorizedAccessException)
                {
                    ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " +
                        "PHP Vulnerability Hunter has administrative privileges.");
                }

                config._ScanPlugins = new List<ScanPluginBase>()
                {
                    new CommandScanPlugin(config.Server),
                    new FileScanPlugin(config.Server),
                    lfi,
                    new ArbitraryPhpScanPlugin(config.Server),
                    new DynamicScanPlugin(config.Server),
                    new SqlScanPlugin(config.Server),
                    new XssScanPlugin(config.Server),
                    new OpenRedirectScanPlugin(config.Server),
                    new FullPathDisclosureScanPlugin(config.Server),
                };
            }

            return config;
        }
        public static ScanConfig Create(string[] args)
        {
            var config = new ScanConfig();

            int argIndex = 0;

            for (int i = 0; i < args.Length; i++)
            {
                if (args[i] == "-s")
                {
                    config.Server = args[i + 1];
                    i++;

                    foreach (var a in config.ScanPlugins)
                    {
                        a.Server = config.Server;
                    }
                }
                else if (args[i] == "-static")
                {
                    config.StaticOnly = true;
                }
                else if (args[i] == "-t")
                {
                    int timeout = 0;
                    if (args.Length == i + 1 ||
                        !int.TryParse(args[i + 1], out timeout))
                    {
                        ScannerCli.DisplayCriticalMessageAndExit("Error parsing timeout");
                    }
                    i++;
                    config.Timeout = timeout;
                }
                else if (args[i] == "-p")
                {
                    int port;
                    if (!int.TryParse(args[i + 1], out port))
                    {
                        ScannerCli.DisplayCriticalMessageAndExit("Error parsing port");
                    }
                    i++;
                    config.Port = port;
                }
                else if (args[i] == "-l")
                {
                    config.LauncherUsed = true;
                }
                else if (args[i] == "-n")
                {
                    config.Unhook = false;
                }
                else if (args[i] == "-v")
                {
                    config.RunViewer = true;
                }
                else if (args[i] == "-d")
                {
                    config.DiscoveryReport = true;
                }
                else if (args[i] == "-c")
                {
                    config.CodeCoverageReport = 1;
                }
                else if (args[i] == "-c2")
                {
                    config.CodeCoverageReport = 2;
                }
                else if (args[i] == "-dump")
                {
                    config.DumpMessages = true;
                }
                else if (args[i] == "-b")
                {
                    config.BeepOnAlert = true;
                }
                else if (args[i] == "-log")
                {
                    config.LogConsole = true;
                }
                else if (args[i] == "-test")
                {
                    config.TestMode = true;
                }
                else if (args[i] == "-r")
                {
                    config.Repair = true;
                }
                //else if (args[i] == "-h")
                //    config.HookSuperglobals = true;
                else if (args[i] == "-l")
                {
                    // Nothing
                }
                else if (args[i] == "-m")
                {
                    var modes = args[i + 1];

                    i++;

                    foreach (var c in modes)
                    {
                        ScanPluginBase scan = null;

                        switch (c.ToString().ToLower()[0])
                        {
                        case 'c':
                            scan = new CommandScanPlugin(config.Server);
                            break;

                        case 'l':
                            try
                            {
                                scan = new LocalFileInclusionScanPlugin(config.Server);
                            }
                            catch (UnauthorizedAccessException)
                            {
                                ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " +
                                                                         "PHP Vulnerability Hunter has administrative privileges.");
                            }
                            break;

                        case 'f':
                            scan = new FileScanPlugin(config.Server);
                            break;

                        case 'p':
                            scan = new ArbitraryPhpScanPlugin(config.Server);
                            break;

                        case 's':
                            scan = new SqlScanPlugin(config.Server);
                            break;

                        case 'd':
                            scan = new DynamicScanPlugin(config.Server);
                            break;

                        case 'x':
                            scan = new XssScanPlugin(config.Server);
                            break;

                        case 'i':
                            scan = new FullPathDisclosureScanPlugin(config.Server);
                            break;

                        case 'r':
                            scan = new OpenRedirectScanPlugin(config.Server);
                            break;
                        }

                        if (scan == null)
                        {
                            ScannerCli.DisplayCriticalMessageAndExit("Invalid scan mode: " + c);
                        }

                        config.ScanPlugins.Add(scan);
                    }
                }
                else
                {
                    switch (argIndex)
                    {
                    case 0:
                        config.WebRoot = args[i];

                        if (!Directory.Exists(config.WebRoot))
                        {
                            ScannerCli.DisplayError(string.Format("Could not find directory {0}",
                                                                  config.WebRoot));

                            Environment.Exit(5);
                        }

                        break;

                    case 1:
                        if (args[i] == "*")
                        {
                            var dir = new DirectoryInfo(config.WebRoot);
                            config.ApplicationPaths = dir.GetDirectories()
                                                      .Select(x => x.Name)
                                                      .ToArray();
                        }
                        else
                        {
                            config.ApplicationPaths = args[i].Split(',');
                        }
                        break;
                    }

                    argIndex++;
                }
            }

            if (argIndex != 2)
            {
                ScannerCli.DisplayCriticalMessageAndExit("Invalid argument count");
            }

            // Validate user input

            if (!Directory.Exists(config.WebRoot))
            {
                ScannerCli.DisplayCriticalMessageAndExit("Web root {0} not found.", config.WebRoot);
            }

            if (config.ScanPlugins.Count == 0 && !config.Repair)
            {
                LocalFileInclusionScanPlugin lfi = null;

                try
                {
                    lfi = new LocalFileInclusionScanPlugin(config.Server);
                }
                catch (UnauthorizedAccessException)
                {
                    ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " +
                                                             "PHP Vulnerability Hunter has administrative privileges.");
                }

                config._ScanPlugins = new List <ScanPluginBase>()
                {
                    new CommandScanPlugin(config.Server),
                    new FileScanPlugin(config.Server),
                    lfi,
                    new ArbitraryPhpScanPlugin(config.Server),
                    new DynamicScanPlugin(config.Server),
                    new SqlScanPlugin(config.Server),
                    new XssScanPlugin(config.Server),
                    new OpenRedirectScanPlugin(config.Server),
                    new FullPathDisclosureScanPlugin(config.Server),
                };
            }

            return(config);
        }