public static IToolResults Parse(string path)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(System.IO.File.ReadAllText(path));
IToolResults results = new WapitiToolResults();
(results as WapitiToolResults).Bugs = new List <WapitiBug>();
foreach (XmlNode node in doc.LastChild.LastChild.ChildNodes)
{
string bugType = node.Attributes["name"].Value;
foreach (XmlNode bug in node.ChildNodes)
{
if (bug.Name == "description" || bug.Name == "solution" || bug.Name == "references")
{
continue;
}
foreach (XmlNode n in bug.ChildNodes)
{
(results as WapitiToolResults).Bugs.Add(new WapitiBug(bugType, n));
}
}
}
return(results);
}
public PersistentWapitiResults(WapitiToolResults results)
{
this.Bugs = new List<PersistentWapitiBug>();
foreach (WapitiBug bug in results.Bugs)
{
if (string.IsNullOrEmpty(bug.URL))
continue;
this.Bugs.Add(new PersistentWapitiBug(bug, Guid.Empty));
}
this.FullOutput = results.FullOutput;
this.HostIPAddressV4 = results.HostIPAddressV4;
this.HostPort = results.HostPort;
this.HostPortID = results.HostPortID;
}
public IToolResults Run(TimeSpan longest)
{
string cmd;
cmd = (_options.IsHTTPS ? "https://" : "http://") + _options.Host + ":" + _options.Port;
Guid uid = Guid.NewGuid();
cmd += " -m \"-blindsql\" -f xml -o \"/tmp/wapiti_" + uid.ToString() + ".xml\"";
ProcessStartInfo si = new ProcessStartInfo();
si.RedirectStandardOutput = true;
si.UseShellExecute = false;
Process proc = new Process();
proc.StartInfo = si;
proc.EnableRaisingEvents = false;
proc.StartInfo.FileName = _options.Path;
proc.StartInfo.Arguments = cmd;
proc.Start();
DateTime start = DateTime.Now;
proc.StandardOutput.ReadToEnd();
//while (!proc.HasExited)
//{
// if ((DateTime.Now - start) > longest)
// {
// Console.WriteLine("Killing wapiti, taking too long");
// proc.Kill();
// return null;
// }
//}
WapitiToolResults results = WapitiToolResults.Parse("/tmp/wapiti_" + uid.ToString() + ".xml") as WapitiToolResults;
results.FullOutput = System.IO.File.ReadAllText("/tmp/wapiti_" + uid.ToString() + ".xml");
return(results);
}
private List <IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary <string, string> config)
{
List <IToolResults> _results = new List <IToolResults> ();
Console.WriteLine("Scanning host: " + host.Hostname);
foreach (var port in host.Ports)
{
port.ParentIPAddress = host.IPAddressv4;
if ((port.Service == "http" || port.Service == "https") && bool.Parse(config ["isSQLMap"]))
{
IToolOptions _options = new WapitiToolOptions();
(_options as WapitiToolOptions).Host = host.IPAddressv4;
(_options as WapitiToolOptions).Port = port.PortNumber;
(_options as WapitiToolOptions).Path = config ["wapitiPath"];
Wapiti wapiti = new Wapiti(_options);
Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname));
WapitiToolResults wapitiResults = null;
try {
wapitiResults = wapiti.Run(new TimeSpan(0, 10, 0)) as WapitiToolResults;
wapitiResults.HostIPAddressV4 = host.IPAddressv4;
wapitiResults.HostPort = port.PortNumber;
wapitiResults.IsTCP = true;
_results.Add(wapitiResults);
} catch (Exception ex) {
Console.WriteLine(ex.Message);
}
if (sqlmapOptions != null && wapitiResults != null)
{
if (wapitiResults.Bugs == null) // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.
{
sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4;
sqlmapOptions.Port = port.PortNumber;
sqlmapOptions.Path = config ["sqlmapPath"];
SQLMap mapper = new SQLMap(sqlmapOptions);
SQLMapResults sqlmapResults = mapper.Run() as SQLMapResults;
sqlmapResults.ParentHostPort = port;
_results.Add(sqlmapResults);
}
else
{
using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
using (SqlmapManager manager = new SqlmapManager(sess)) {
foreach (WapitiBug bug in wapitiResults.Bugs)
{
if (bug.Type.StartsWith("SQL Injection"))
{
Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);
sqlmapOptions.Path = config ["sqlmapPath"];
//SQLMap mapper = new SQLMap (sqlmapOptions);
//SQLMapResults results = mapper.Run (bug) as SQLMapResults;
// if (results == null )
// continue;
//
// if (results.Vulnerabilities != null)
// foreach (var vuln in results.Vulnerabilities)
// vuln.Target = bug.URL;
//
// results.ParentHostPort = port;
//
// _results.Add (results);
string taskid = manager.NewTask();
Dictionary <string, object> opts = manager.GetOptions(taskid);
if (bug.URL.Contains(bug.Parameter))
{
opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
manager.StartTask(taskid, opts);
}
else
{
opts ["url"] = bug.URL;
opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
manager.StartTask(taskid, opts);
}
SqlmapStatus status = manager.GetScanStatus(taskid);
while (status.Status != "terminated")
{
System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
status = manager.GetScanStatus(taskid);
}
List <SqlmapLogItem> logItems = manager.GetLog(taskid);
SQLMapResults results = new SQLMapResults();
results.Vulnerabilities = new List <SQLMapVulnerability>();
foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
{
SQLMapVulnerability vuln = new SQLMapVulnerability();
Console.WriteLine(item.Message);
}
manager.DeleteTask(taskid);
}
else if (bug.Type.Contains("Cross Site Scripting)"))
{
//dsxs
}
}
}
}
}
}
}
}
Console.WriteLine("Done with host: " + host.Hostname);
return(_results);
}
public static IToolResults Parse(string path)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(System.IO.File.ReadAllText(path));
IToolResults results = new WapitiToolResults();
(results as WapitiToolResults).Bugs = new List<WapitiBug>();
foreach (XmlNode node in doc.LastChild.LastChild.ChildNodes)
{
string bugType = node.Attributes["name"].Value;
foreach (XmlNode bug in node.ChildNodes)
{
if (bug.Name == "description" || bug.Name == "solution" || bug.Name == "references")
continue;
foreach (XmlNode n in bug.ChildNodes)
(results as WapitiToolResults).Bugs.Add(new WapitiBug(bugType, n));
}
}
return results;
}
