private string getBlob(string ipRaw, string portRaw, niktoRequests niktoset, string filetype, string filelocation) { if (niktoset.type.CompareTo("FPtestfile") == 0 || niktoset.type.CompareTo("FPtestdir") == 0) { for (int i = 0; i < globalFPb; i++) { if ((backend_FP[i].URLlocation.CompareTo(filelocation) == 0) && (backend_FP[i].filetype.CompareTo(filetype) == 0) && (backend_FP[i].method.CompareTo(niktoset.method) == 0)) { //if (chkBackEndShowAI.Checked){ // lblBackEndAI.Text+="Blob found in DB!\r\n"; //} return backend_FP[i].HTTPblob; } } } else { for (int i = 0; i < globalFP; i++) { if ((nikto_FP[i].URLlocation.CompareTo(filelocation) == 0) && (nikto_FP[i].filetype.CompareTo(filetype) == 0) && (nikto_FP[i].method.CompareTo(niktoset.method) == 0)) { //lblNiktoAI.Text+="Blob found in DB!\r\n"; return nikto_FP[i].HTTPblob; } } } //if we end up here we know we must go get a new one if (niktoset.type.CompareTo("FPtestfile") == 0) { //if (chkBackEndShowAI.Checked){ // lblBackEndAI.Text+="Not found in DB - getting it...\r\n"; //} } else if (niktoset.type.CompareTo("FPtestdir") != 0) { //if (chkBackEndShowAI.Checked){ // lblNiktoAI.Text+="Fingerprint not found in DB - getting it...\r\n\r\n"; //} } return generateBlob(ipRaw, portRaw, niktoset, filetype, filelocation); }
private double testniktoFP(string ipRaw, string portRaw, niktoRequests niktoset, string request, string reply) { string location = extractLocation(request); string filetype = extractFileType(request); string blobFromDB = getBlob(ipRaw, portRaw, niktoset, filetype, location); if (blobFromDB.Length > 0) { double result = compareBlobs(blobFromDB, reply); if (niktoset.type.CompareTo("FPtestdir") == 0 || niktoset.type.CompareTo("FPtestfile") == 0) { if (result >= maxBackEndAI) { maxBackEndAI = result; } if (result <= minBackEndAI) { minBackEndAI = result; } } else { } return result; } else return -1.0; }
private string generateBlob(string target, string port, niktoRequests niktoset, string filetype, string filelocation) { niktoRequests FPtest; FPtest.method = niktoset.method; FPtest.description = "FP test item"; FPtest.type = "FP test item"; FPtest.trigger = ""; FPtest.sensepostreq = ""; if (filetype.CompareTo("default") != 0) { FPtest.request = filelocation + "noteverthere." + filetype; } else FPtest.request = filelocation + "noteverthere/"; string result = stestNiktoRequest(target, port, buildNiktoRequest(FPtest), FPtest, 6000); if (niktoset.type.CompareTo("FPtestfile") == 0 || niktoset.type.CompareTo("FPtestdir") == 0) { backend_FP[globalFPb].URLlocation = filelocation; backend_FP[globalFPb].HTTPblob = result; backend_FP[globalFPb].filetype = filetype; backend_FP[globalFPb].method = FPtest.method; globalFPb++; } else { nikto_FP[globalFP].URLlocation = filelocation; nikto_FP[globalFP].HTTPblob = result; nikto_FP[globalFP].filetype = filetype; nikto_FP[globalFP].method = FPtest.method; globalFP++; } return result; }
public string buildNiktoRequest(niktoRequests niktoset) { string methodGETHEAD = niktoset.method; string actualrequest = ""; if (chkProxyPresent.Checked) { actualrequest = methodGETHEAD + " http://" + txtNiktoTarget.Text + niktoset.request + " HTTP/1.0\r\n"; } else actualrequest = methodGETHEAD + " " + niktoset.request + " HTTP/1.0\r\n"; actualrequest += txtHeader.Text + "\r\n\r\n"; return actualrequest; }
public string stestNiktoRequest(string ipRaw, string portRaw, string requestRaw, niktoRequests niktoset, int TimeOut) { if (chkProxyPresent.Checked) { string[] proxyItems = new string[2]; proxyItems = txtProxySettings.Text.Split(':'); ipRaw = proxyItems[0]; portRaw = proxyItems[1]; } string response = ""; //this need fixing!!! if (chkuseSSLWikto.Checked || chkBackEnduseSSLport.Checked) { response = sendraw(ipRaw, portRaw, requestRaw, 1024, TimeOut, true); } else { response = sendraw(ipRaw, portRaw, requestRaw, 1024, TimeOut); } return response; }
public double testNiktoRequest(string ipRaw, string portRaw, string requestRaw, niktoRequests niktoset, int TimeOut, string SensePostReq) { if (chkProxyPresent.Checked) { string[] proxyItems = new string[2]; proxyItems = txtProxySettings.Text.Split(':'); ipRaw = proxyItems[0]; portRaw = proxyItems[1]; } nikto_result[niktoResultCounter].rawrequest = requestRaw; nikto_result[niktoResultCounter].theNiktoRequest = niktoset; if (stopscroll == false) { this.Invoke(this.dlgControlTextSet, new Object[] { this.txtNiktoReq, nikto_result[niktoResultCounter].rawrequest }); } this.Invoke(this.dlgControlProgVal, new Object[] { this.prgNiktoWork, 0 }); string response = ""; if (chkuseSSLWikto.Checked) { response = sendraw(ipRaw, portRaw, requestRaw, 1024, TimeOut, true); } else { response = sendraw(ipRaw, portRaw, requestRaw, 1024, TimeOut); } this.Invoke(this.dlgControlProgVal, new Object[] { this.prgNiktoWork, 10 }); nikto_result[niktoResultCounter].rawresult = response; if (stopscroll == false) { this.Invoke(this.dlgControlTextSet, new Object[] { this.txtNiktoRes, nikto_result[niktoResultCounter].rawresult }); } string[] responseline = new string[5]; responseline = response.Split('\n'); try { if (Convert.ToInt16(niktoset.trigger) < 1000) { //normal checking //fuzzing checking double testResults = testniktoFP(txtNiktoTarget.Text, txtNiktoPort.Text, niktoset, niktoset.request, response); nikto_result[niktoResultCounter].fuzzValue = testResults; niktoResultCounter++; return testResults; } } catch { //they have a string we need to look for... if (response.IndexOf(niktoset.trigger) > 0) { nikto_result[niktoResultCounter].fuzzValue = 0.001; niktoResultCounter++; return 0.01; } else { //fuzzing checking double testResults = testniktoFP(txtNiktoTarget.Text, txtNiktoPort.Text, niktoset, niktoset.request, response); nikto_result[niktoResultCounter].fuzzValue = testResults; niktoResultCounter++; return testResults; } } //...but it didnt match nikto_result[niktoResultCounter].fuzzValue = 1.00; niktoResultCounter++; return 1.00; }
private String GetNiktoReal(niktoRequests request) { String whatdoisend = GetNiktoRequest(request, true); String whatdoiget = ""; String AddyItem = ""; String PortItem = ""; if (chkProxyPresent.Checked) { string[] proxyItems = new string[2]; proxyItems = txtProxySettings.Text.Split(':'); AddyItem = proxyItems[0]; PortItem = proxyItems[1]; } else { AddyItem = txtNiktoTarget.Text; PortItem = txtNiktoPort.Text; } if (chkuseSSLWikto.Checked) { whatdoiget = sendraw(AddyItem, PortItem, whatdoisend, 1024, (int)updownTimeOutTCP.Value, true); } else { whatdoiget = sendraw(AddyItem, PortItem, whatdoisend, 1024, (int)updownTimeOutTCP.Value); } return whatdoiget; }
private String GetNiktoRequest(niktoRequests request, bool real) { String method = request.method; String returner = ""; if (real) { if (chkProxyPresent.Checked) returner = method + " http://" + txtNiktoTarget.Text + request.request + " HTTP/1.0\r\n"; else returner = method + " " + request.request + " HTTP/1.0\r\n"; } else { if (chkProxyPresent.Checked) returner = method + " http://" + txtNiktoTarget.Text + request.sensepostreq + " HTTP/1.0\r\n"; else returner = method + " " + request.sensepostreq + " HTTP/1.0\r\n"; } returner = returner + "\r\n\r\n"; return returner; }