/// <summary> /// Bu fonksiyon taramada bulunan zafiyet sayısını döndürür. /// This function returns found vulnerability count. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <returns></returns> private static int GetScanVulnerabilitiesCount(W3afManager manager) { try { int VulnerabilityCount = 0; string id = GetScanID(manager); if (id != null) { Vulnerabilities vuln = ScanController.GetScanVulnerabilities(manager, id); foreach (var item in vuln.Items) { VulnerabilityCount = Convert.ToInt32(item.Id); } } else { Console.WriteLine("\n\n***Tarama Yok***\n"); } return(VulnerabilityCount); } catch (Exception ex) { Console.WriteLine("\nScanView::howScanVulnerabilities\n Exception:" + ex.Message); return(0); } }
/// <summary> /// Bu fonksiyon taramada bulunan tüm zafiyetlerin detaylarını döndürür. /// This function returns found all vulnerebilities details. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <param name="scanId">Scan ID</param> /// <param name="lastVulnerability">Last Vulnerability ID</param> /// <returns></returns> public string GetScanVulnerabilitiesDetails(W3afManager manager, string scanId, int lastVulnerability) { //List<VulnerabilityDetails> vulnerabilitiesDetails = new List<VulnerabilityDetails>(); string jsonResponse = "["; for (int i = 0; i <= lastVulnerability; i++) { if (i != lastVulnerability) { jsonResponse += manager.GetScanVulnerabilityDetails(scanId, i.ToString()) + ","; } else { jsonResponse += manager.GetScanVulnerabilityDetails(scanId, i.ToString()); } //VulnerabilityDetails vulnerabilitiy = JsonConvert.DeserializeObject<VulnerabilityDetails>(jsonResponse); //vulnerabilitiesDetails.Add(vulnerabilitiy); } jsonResponse += "]"; //return vulnerabilitiesDetails; return(jsonResponse); }
/// <summary> /// Bu fonksiyon Taramayı durdurur. /// This function stops the Scan. /// </summary> /// <param name="manager">W3afManager Object</param> public static string StopScan(W3afManager manager) { try { string id = GetScanID(manager); if (id == null) { return("Tarama Yok"); } ScanStatus scanStatus = ScanController.GetScanStatus(manager, id); string jsonResponse = ScanController.StopScan(manager, GetScanID(manager)); if (scanStatus.IsRunning == false || jsonResponse != null) { return("Tarama Durduruldu"); } return("Tarama Durdurulamadı"); } catch (Exception ex) { Console.WriteLine("ScanView::StopScan Exception: " + ex.Message); return("Tarama Durdurulamadı"); } }
/// <summary> /// Bu fonksiyon Taramada bulunan zafiyetleri gösterir. /// This function shows vulnerabilities found in Scan. /// </summary> /// <param name="manager"></param> public static void ShowScanVulnerabilities(W3afManager manager) { try { string id = GetScanID(manager); if (id != null) { Vulnerabilities vuln = ScanController.GetScanVulnerabilities(manager, id); foreach (var item in vuln.Items) { Console.WriteLine("\nID: " + item.Id + "\nName: " + item.Name + "\nHref: " + item.Href + "\nURL: " + item.Url); } } else { Console.WriteLine("\n\n***Tarama Yok***\n"); } } catch (Exception ex) { Console.WriteLine("\nScanView::howScanVulnerabilities\n Exception:" + ex.Message); } }
/// <summary> /// Bu fonksiyon tarama durumunu getirir. /// This function gets the Scan Status /// </summary> /// <param name="manager">W3afManager Object</param> public static void GetScanStatus(W3afManager manager) { try { string scanId = GetScanID(manager); ScanStatus scanStatus = ScanController.GetScanStatus(manager, scanId); if (scanStatus != null && scanStatus.IsRunning.ToString().ToLower() == "true") { Console.WriteLine("Tarama Devam Ediyor. \n" + scanStatus.IsRunning.ToString() + "\n" + "Status: " + scanStatus.Rpm.ToString() + "\n" + "Audit: " + scanStatus.CurrentRequest.Audit + "\n" + "Crawl: " + scanStatus.CurrentRequest.Crawl + "\n\n"); } else if (scanStatus != null && scanStatus.IsRunning.ToString().ToLower() == "false") { Console.WriteLine("Tarama Sona Erdi."); } else if (scanStatus == null) { Console.WriteLine("***Gösterilecek Tarama Yok.***"); } } catch (Exception ex) { Console.WriteLine("\nScanView::GetScanStatus\n Exception: " + ex.Message); } }
/// <summary> /// Bu fonksiyon ilgili taramayı siler. /// This function deletes the Scan. /// </summary> /// <param name="manager">W3afManager Object</param> public static void DeleteScan(W3afManager manager) { try { string response = StopScan(manager); if (response == "Tarama Durduruldu") { ScanController = new ScanController(); string ScanID = GetScanID(manager); response = ScanController.DeleteScan(manager, ScanID); if (response == null) { Console.WriteLine("***\nTarama Durdurulamadı.\n***"); } else { Console.WriteLine("Tarama Silindi"); } } else if (response == "Tarama Yok") { Console.WriteLine("***\nSilinecek Tarama Yok.\n***"); } else if (response == "Tarama Durdurulamadı") { Console.WriteLine("***\nTarama Durdurulamadı.\n***"); } } catch (Exception ex) { Console.WriteLine("\nScanView::DeleteScan\n Exception: " + ex.Message); } }
/// <summary> /// Bu fonksiyon yeni bir Tarama oluşturur. /// This function creates a new Scan. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <param name="json">String in valid JSON type</param> /// <returns></returns> public string CreateScan(W3afManager manager, string json) { try { return(manager.CreateScan(json)); } catch (Exception ex) { throw ex; } }
/// <summary> /// Bu fonksiyon taramayı siler. /// This function deletes the Scan /// </summary> /// <param name="manager">W3afManager Instance</param> /// <param name="id">Scan ID</param> /// <returns></returns> public string DeleteScan(W3afManager manager, string id) { try { return(manager.DeleteScan(id)); } catch (Exception ex) { throw ex; } }
/// <summary> /// Bu fonksiyon taramayı duraklatır. /// This function pauses the Scan /// </summary> /// <param name="manager">W3afManager Object</param> public static void PauseScan(W3afManager manager) { try { ScanController.PauseScan(manager, GetScanID(manager)); } catch (Exception ex) { Console.WriteLine("ScanView::PauseScan Exception: " + ex.Message); } }
/// <summary> /// Bu fonksiyon Taramaları döndürür. /// This function returns the scans. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <returns></returns> public Scan GetScan(W3afManager manager) { try { string json = manager.GetScans(); var scans = JsonConvert.DeserializeObject <Scan>(json); return(scans); } catch (Exception ex) { throw ex; } }
/// <summary> /// Bu fonksiyon Tarama ID döndürür. /// This function returns Scan ID. /// </summary> /// <param name="manager">W3afManager Object</param> /// <returns></returns> private static string GetScanID(W3afManager manager) { try { Scan scanCreateResponse = ScanController.GetScan(manager); if (scanCreateResponse.Items.Count() > 0) { return(scanCreateResponse.Items[0].Id.ToString()); } return(null); } catch (Exception ex) { Console.WriteLine("\nScanView::GetScanID Exception:\n " + ex.Message); return(null); } }
/// <summary> /// Bu fonksiyon Taramada bulunan zafiyetleri XML olarak kaydeder. /// This function saves as XML found vulnerability in Scan. /// </summary> /// <param name="manager">W3afManager Instance</param> public static void SaveScanVulnerabilitiesAsXML(W3afManager manager) { try { string scanID = GetScanID(manager); int vulnCount = GetScanVulnerabilitiesCount(manager); string jsonResponse = ScanController.GetScanVulnerabilitiesDetails(manager, scanID, vulnCount); XmlDocument xmlDocument = JsonConvert.DeserializeXmlNode("{\"Row\":" + jsonResponse + "}", "root"); string strPath = Environment.GetFolderPath( System.Environment.SpecialFolder.DesktopDirectory); System.IO.File.WriteAllText(strPath + "\\w3af.xml", xmlDocument.InnerXml); Console.WriteLine("Masaüstüne Kaydedildi."); } catch (Exception ex) { Console.WriteLine("ScanView::SaveScanVulnerabiliesAsXML Exception " + ex.Message); } }
/// <summary> /// Bu fonksiyon taramada bulunan zafiyetleri döndürür. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <param name="id">Scan ID</param> /// <returns></returns> public Vulnerabilities GetScanVulnerabilities(W3afManager manager, string id) { try { string response = manager.GetScanVulnerabilities(id); Vulnerabilities vuln; if (response != null) { return(vuln = JsonConvert.DeserializeObject <Vulnerabilities>(response)); } return(null); } catch (Exception ex) { Console.WriteLine("ScanController::GetScanVulnerabilities Exception: " + ex.Message); return(null); } }
/// <summary> /// Bu fonksiyon Taramaları ekrana yazar. /// This function writes the Scans to screen. /// </summary> /// <param name="manager">W3afManager Object</param> public static void GetScan(W3afManager manager) { try { ScanController = new ScanController(); Scan scans = ScanController.GetScan(manager); if (scans.Items.Count > 0) { Console.WriteLine("Devam Eden Tarama ID: " + scans.Items[0].Id); } else { Console.WriteLine("Herhangi bir tarama mevcut değildir."); } } catch (Exception ex) { Console.WriteLine("ScanView::PrintScan() Error Message:" + ex.Message); } }
/// <summary> /// Bu fonksiyon yeni bir Tarama oluşturur ve oluşturulan ID'yi ekrana yazar. /// This function creates a new Scan and created ID writes to the screen. /// </summary> /// <param name="manager"></param> public static void CreateScan(W3afManager manager) { string currentDir = Directory.GetParent(Directory.GetCurrentDirectory()).Parent.FullName; try { //Profile Name is scan settings namely it is policy. Profile Adı tarama ayarlarıdır yani policydir. string scanProfileName = SelectProfile(); Console.WriteLine(scanProfileName); //Web Site Login Page, Login username and Login Password. EditPolicyLoginInformation(currentDir, scanProfileName); string scanProfile = System.IO.File.ReadAllText(currentDir + "\\Model\\Policys\\" + scanProfileName); string targetURL = SelectTargetURL(); ScanCreate scanCreate = new ScanCreate(scanProfile, targetURL); ScanController = new ScanController(); string json = JsonConvert.SerializeObject(scanCreate); string responseJson = ScanController.CreateScan(manager, json); if (responseJson == null) { Console.WriteLine("Sistemde herhangi bir tarama mevcut ise öncelikle onu siliniz."); return; } ScanCreateResponse scanCreateResponse = JsonConvert.DeserializeObject <ScanCreateResponse>(responseJson); Console.WriteLine("Oluşturulan Tarama ID: " + scanCreateResponse.ID); } catch (Exception ex) { Console.WriteLine("ScanView::CreateScan Exception: " + ex.Message); } }
/// <summary> /// Bu fonksiyon tarama durumunu getirir. /// This function gets the Scan Status /// </summary> /// <param name="manager">W3afManager Instance</param> /// <param name="id">Scan ID</param> /// <returns></returns> public ScanStatus GetScanStatus(W3afManager manager, string id) { try { if (id == null) { return(null); } string json = manager.GetScanStatus(id); ScanStatus scanStatus = JsonConvert.DeserializeObject <ScanStatus>(json); if (scanStatus != null) { return(scanStatus); } } catch (Exception ex) { Console.WriteLine("ScanController::GetScanStatus Message:" + ex.Message); return(null); } return(null); }
/// <summary> /// Bu fonksiyon taramayı durdurur. /// This function stopped the Scan. /// </summary> /// <param name="manager">W3afManager Instance</param> /// <param name="id">Scan ID</param> /// <returns></returns> public string StopScan(W3afManager manager, string id) { return(manager.StopScan(id)); }
static void Main(string[] args) { try { ScanView.SetIPAndPort(); using (W3afSession session = new W3afSession(ScanView.IP, ScanView.Port, ScanView.Username, ScanView.Password, true)) { using (W3afManager manager = new W3afManager(session)) { if (session.W3afServiceState()) { string inputSelection = ""; do { Console.Write("\nYapmak istediğiniz işlemi seçiniz." + "\nA: Tarama Oluşturmak İçin" + "\nB: Tarama ID döndürmek için " + "\nC: Tarama Durumunu Görüntülemek İçin" + "\nD: Tarama Silmek İçin" + "\nE: Zafiyetleri Görmek İçin" + "\nF: Zafiyetleri XML Olarak Masaüstüne Kaydet" + "\nQ: Çıkış İçin" + "\nSeçiminiz: "); inputSelection = Console.ReadLine().ToUpper(); switch (inputSelection) { case "A": ScanView.CreateScan(manager); break; case "B": ScanView.GetScan(manager); break; case "C": ScanView.GetScanStatus(manager); break; case "D": ScanView.DeleteScan(manager); break; case "E": ScanView.ShowScanVulnerabilities(manager); break; case "F": ScanView.SaveScanVulnerabilitiesAsXML(manager); break; case "Q": break; default: Console.WriteLine("\n***Hatalı Seçim. Lütfen Seçiminizi kontrol ediniz.***\n"); break; } } while (inputSelection != "Q"); } else { Console.WriteLine("Not OKEY"); } Console.Read(); } } } catch (Exception ex) { throw ex; } }
/// <summary> /// Bu fonksiyon taramayı duraklatır. /// This function pauses the Scan. /// </summary> /// <param name="manager"></param> /// <param name="id"></param> /// <returns></returns> public string PauseScan(W3afManager manager, string id) { return(manager.PauseScan(id)); }