Example #1
0
        private void cmdScan_Click(object sender, System.EventArgs e)
        {
            string strPath="" + Application.StartupPath;
            string strTotalDoc="";
            string strHeader="";
            string strUserAgent="";
            DataSet objPayloads;
            DataSet objSignatures;

            berettaWinForms.classes.loadXml objLoadXml=new berettaWinForms.classes.loadXml();
            objSignatures=objLoadXml.loadSignatures(strPath + "/data/signatures.xml");
            objPayloads=objLoadXml.loadPayloads(strPath + "/data/payloads.xml");

            MessageBox.Show("Starting Scan");

            System.Text.StringBuilder objFormSubmissionStr=new System.Text.StringBuilder();

            string strGuid="" + System.Guid.NewGuid().ToString();

            #region Construct Report Header

            strHeader += "<header>";
            strHeader += "<application>beretta</application>";
            strHeader += "<version>1.0</version>";
            strHeader += "<sessionId>0</sessionId>";
            strHeader += "<date>" + System.DateTime.Now + "</date>";

            strHeader += "<authenticationType>None</authenticationType>";
            strHeader += "<sessionName>New Session</sessionName>";
            strHeader += "<sessionDescription>Description</sessionDescription>";
            strHeader += "</header>";

            #endregion

            foreach(string strUrl in lstUrls.Items)
            {
                //Auto Scan

                    urlWorker objUrlWorkerAuto=new urlWorker();
                    objUrlWorkerAuto.sessionId=0;
                    objUrlWorkerAuto.authenticationType=0;
                    objUrlWorkerAuto.url="" + strUrl;
                    objUrlWorkerAuto.userAgent=strUserAgent;
                    objUrlWorkerAuto.payloadDataSet=objPayloads;
                    objUrlWorkerAuto.signaturesDataSet=objSignatures;
                    objUrlWorkerAuto.scanAuto();

                    if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count>0)
                    {
                        objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
                    }

                    objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));

                    objUrlWorkerAuto=null;

                    strUrls=strUrls + "<url>" + strUrl + "</url>";

            }

            #region Construct XML report

            strTotalDoc+="<report>";
            strTotalDoc+="" + strHeader;
            strTotalDoc+="" + "<body>";
            strTotalDoc+="" + "<urlsScanned>" + strUrls + "</urlsScanned>";
            strTotalDoc+="<scanItems>"  + objStringBuilder.ToString() + "</scanItems>";
            strTotalDoc+="<formSubmissions>"  + objFormSubmissionStr.ToString() + "</formSubmissions>";
            strTotalDoc+="" + "</body>";
            strTotalDoc+="</report>";

            #endregion

            #region Write XML report

            string strOutputPath="" + Application.StartupPath + "/output/" + strGuid + ".XML";
            string strXSLPath="" + Application.StartupPath + "/xsl/beretta.xsl";

            StreamWriter objStreamWriter;

            //Add XSL file ref

            strTotalDoc="<?xml-stylesheet href='" + strXSLPath + "' type='text/xsl'?>" + strTotalDoc;

            objStreamWriter = System.IO.File.CreateText(strOutputPath);
            objStreamWriter.WriteLine(strTotalDoc);
            objStreamWriter.Close();

            MessageBox.Show("Finished Scan. Report at: " + strOutputPath);

            #endregion
        }
Example #2
0
        public string initiate(int intSessionId)
        {
            string strTotalDoc="";
            string strHeader="";
            string strUserAgent="";
            System.Text.StringBuilder objFormSubmissionStr=new System.Text.StringBuilder();

            strGuid="" + System.Guid.NewGuid().ToString();

            mSessionId=intSessionId;
            objSession.id=mSessionId;
            objSession.populate();

            devCafe.framework.frameworkListItems objFrameWorkListItem=new devCafe.framework.frameworkListItems();
            objFrameWorkListItem.id=objSession.userAgent;
            objFrameWorkListItem.populate();

            strUserAgent=objFrameWorkListItem.listItemName;

            #region Construct Report Header

            strHeader += "<header>";
            strHeader += "<application>beretta</application>";
            strHeader += "<version>1.0</version>";
            strHeader += "<sessionId>" + objSession.id.ToString() + "</sessionId>";
            strHeader += "<date>" + System.DateTime.Now + "</date>";

            if (objSession.authenticationType==0) strHeader += "<authenticationType>None</authenticationType>";
            else if (objSession.authenticationType==1) strHeader += "<authenticationType>Forms</authenticationType>";
            else if (objSession.authenticationType==2) strHeader += "<authenticationType>Raw</authenticationType>";
            strHeader += "<sessionName>" + objSession.sessionName + "</sessionName>";
            strHeader += "<sessionDescription>" + objSession.sessionDescription + "</sessionDescription>";
            strHeader += "</header>";

            #endregion

            objUrlsDataSet=urlsDataAccess.getAllForSession(objSession.id);

            //For each URL in session
            foreach(DataRow objUrlRow in objUrlsDataSet.Tables[0].Rows)
            {
                //Manual Scan
                urlWorker objUrlWorker=new urlWorker();

                objUrlWorker.sessionId=objSession.id;
                objUrlWorker.authenticationType=objSession.authenticationType;
                objUrlWorker.urlId=System.Convert.ToInt32(objUrlRow["id"]);
                objUrlWorker.userAgent=strUserAgent;
                objUrlWorker.scanManual();

                strUrls=strUrls + "<url>" + objUrlWorker.url + "</url>";

                if (objUrlWorker.objBerettaResultHashTable != null && objUrlWorker.objBerettaResultHashTable.Count>0)
                {
                    objStringBuilder.Append(buildResults(objUrlWorker.objBerettaResultHashTable));
                }

                objFormSubmissionStr.Append(buildSubmission(objUrlWorker.objBerettaSubmissionHashTable));

                objUrlWorker=null;

                //Auto Scan
                if (objSession.useAutoScan==1)
                {
                    urlWorker objUrlWorkerAuto=new urlWorker();
                    objUrlWorkerAuto.sessionId=objSession.id;
                    objUrlWorkerAuto.authenticationType=objSession.authenticationType;
                    objUrlWorkerAuto.urlId=System.Convert.ToInt32(objUrlRow["id"]);
                    objUrlWorkerAuto.userAgent=strUserAgent;
                    objUrlWorkerAuto.scanAuto();

                    if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count>0)
                    {
                        objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
                    }

                    objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));

                    objUrlWorkerAuto=null;
                }

            }

            #region Construct XML report

            strTotalDoc+="<report>";
            strTotalDoc+="" + strHeader;
            strTotalDoc+="" + "<body>";
            strTotalDoc+="" + "<urlsScanned>" + strUrls + "</urlsScanned>";
            strTotalDoc+="<scanItems>"  + objStringBuilder.ToString() + "</scanItems>";
            strTotalDoc+="<formSubmissions>"  + objFormSubmissionStr.ToString() + "</formSubmissions>";
            strTotalDoc+="" + "</body>";
            strTotalDoc+="</report>";

            #endregion

            #region Write XML report

            string strPath="" + System.Configuration.ConfigurationSettings.AppSettings.Get("outputDir") + strGuid + ".XML";

            StreamWriter objStreamWriter;

            //Add XSL file ref
            string strXslFile="" + devCafe.framework.keyDataAccess.get("defaultScanXSL");
            strTotalDoc="<?xml-stylesheet href='../xsl/" + strXslFile + "' type='text/xsl'?>" + strTotalDoc;

            objStreamWriter = System.IO.File.CreateText(strPath);
            objStreamWriter.WriteLine(strTotalDoc);
            objStreamWriter.Close();

            #endregion

            return "./" + strGuid + ".XML";
        }