private void cmdScan_Click(object sender, System.EventArgs e)
{
string strPath="" + Application.StartupPath;
string strTotalDoc="";
string strHeader="";
string strUserAgent="";
DataSet objPayloads;
DataSet objSignatures;
berettaWinForms.classes.loadXml objLoadXml=new berettaWinForms.classes.loadXml();
objSignatures=objLoadXml.loadSignatures(strPath + "/data/signatures.xml");
objPayloads=objLoadXml.loadPayloads(strPath + "/data/payloads.xml");
MessageBox.Show("Starting Scan");
System.Text.StringBuilder objFormSubmissionStr=new System.Text.StringBuilder();
string strGuid="" + System.Guid.NewGuid().ToString();
#region Construct Report Header
strHeader += "<header>";
strHeader += "<application>beretta</application>";
strHeader += "<version>1.0</version>";
strHeader += "<sessionId>0</sessionId>";
strHeader += "<date>" + System.DateTime.Now + "</date>";
strHeader += "<authenticationType>None</authenticationType>";
strHeader += "<sessionName>New Session</sessionName>";
strHeader += "<sessionDescription>Description</sessionDescription>";
strHeader += "</header>";
#endregion
foreach(string strUrl in lstUrls.Items)
{
//Auto Scan
urlWorker objUrlWorkerAuto=new urlWorker();
objUrlWorkerAuto.sessionId=0;
objUrlWorkerAuto.authenticationType=0;
objUrlWorkerAuto.url="" + strUrl;
objUrlWorkerAuto.userAgent=strUserAgent;
objUrlWorkerAuto.payloadDataSet=objPayloads;
objUrlWorkerAuto.signaturesDataSet=objSignatures;
objUrlWorkerAuto.scanAuto();
if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count>0)
{
objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
}
objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));
objUrlWorkerAuto=null;
strUrls=strUrls + "<url>" + strUrl + "</url>";
}
#region Construct XML report
strTotalDoc+="<report>";
strTotalDoc+="" + strHeader;
strTotalDoc+="" + "<body>";
strTotalDoc+="" + "<urlsScanned>" + strUrls + "</urlsScanned>";
strTotalDoc+="<scanItems>" + objStringBuilder.ToString() + "</scanItems>";
strTotalDoc+="<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>";
strTotalDoc+="" + "</body>";
strTotalDoc+="</report>";
#endregion
#region Write XML report
string strOutputPath="" + Application.StartupPath + "/output/" + strGuid + ".XML";
string strXSLPath="" + Application.StartupPath + "/xsl/beretta.xsl";
StreamWriter objStreamWriter;
//Add XSL file ref
strTotalDoc="<?xml-stylesheet href='" + strXSLPath + "' type='text/xsl'?>" + strTotalDoc;
objStreamWriter = System.IO.File.CreateText(strOutputPath);
objStreamWriter.WriteLine(strTotalDoc);
objStreamWriter.Close();
MessageBox.Show("Finished Scan. Report at: " + strOutputPath);
#endregion
}
public string initiate(int intSessionId)
{
string strTotalDoc="";
string strHeader="";
string strUserAgent="";
System.Text.StringBuilder objFormSubmissionStr=new System.Text.StringBuilder();
strGuid="" + System.Guid.NewGuid().ToString();
mSessionId=intSessionId;
objSession.id=mSessionId;
objSession.populate();
devCafe.framework.frameworkListItems objFrameWorkListItem=new devCafe.framework.frameworkListItems();
objFrameWorkListItem.id=objSession.userAgent;
objFrameWorkListItem.populate();
strUserAgent=objFrameWorkListItem.listItemName;
#region Construct Report Header
strHeader += "<header>";
strHeader += "<application>beretta</application>";
strHeader += "<version>1.0</version>";
strHeader += "<sessionId>" + objSession.id.ToString() + "</sessionId>";
strHeader += "<date>" + System.DateTime.Now + "</date>";
if (objSession.authenticationType==0) strHeader += "<authenticationType>None</authenticationType>";
else if (objSession.authenticationType==1) strHeader += "<authenticationType>Forms</authenticationType>";
else if (objSession.authenticationType==2) strHeader += "<authenticationType>Raw</authenticationType>";
strHeader += "<sessionName>" + objSession.sessionName + "</sessionName>";
strHeader += "<sessionDescription>" + objSession.sessionDescription + "</sessionDescription>";
strHeader += "</header>";
#endregion
objUrlsDataSet=urlsDataAccess.getAllForSession(objSession.id);
//For each URL in session
foreach(DataRow objUrlRow in objUrlsDataSet.Tables[0].Rows)
{
//Manual Scan
urlWorker objUrlWorker=new urlWorker();
objUrlWorker.sessionId=objSession.id;
objUrlWorker.authenticationType=objSession.authenticationType;
objUrlWorker.urlId=System.Convert.ToInt32(objUrlRow["id"]);
objUrlWorker.userAgent=strUserAgent;
objUrlWorker.scanManual();
strUrls=strUrls + "<url>" + objUrlWorker.url + "</url>";
if (objUrlWorker.objBerettaResultHashTable != null && objUrlWorker.objBerettaResultHashTable.Count>0)
{
objStringBuilder.Append(buildResults(objUrlWorker.objBerettaResultHashTable));
}
objFormSubmissionStr.Append(buildSubmission(objUrlWorker.objBerettaSubmissionHashTable));
objUrlWorker=null;
//Auto Scan
if (objSession.useAutoScan==1)
{
urlWorker objUrlWorkerAuto=new urlWorker();
objUrlWorkerAuto.sessionId=objSession.id;
objUrlWorkerAuto.authenticationType=objSession.authenticationType;
objUrlWorkerAuto.urlId=System.Convert.ToInt32(objUrlRow["id"]);
objUrlWorkerAuto.userAgent=strUserAgent;
objUrlWorkerAuto.scanAuto();
if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count>0)
{
objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
}
objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));
objUrlWorkerAuto=null;
}
}
#region Construct XML report
strTotalDoc+="<report>";
strTotalDoc+="" + strHeader;
strTotalDoc+="" + "<body>";
strTotalDoc+="" + "<urlsScanned>" + strUrls + "</urlsScanned>";
strTotalDoc+="<scanItems>" + objStringBuilder.ToString() + "</scanItems>";
strTotalDoc+="<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>";
strTotalDoc+="" + "</body>";
strTotalDoc+="</report>";
#endregion
#region Write XML report
string strPath="" + System.Configuration.ConfigurationSettings.AppSettings.Get("outputDir") + strGuid + ".XML";
StreamWriter objStreamWriter;
//Add XSL file ref
string strXslFile="" + devCafe.framework.keyDataAccess.get("defaultScanXSL");
strTotalDoc="<?xml-stylesheet href='../xsl/" + strXslFile + "' type='text/xsl'?>" + strTotalDoc;
objStreamWriter = System.IO.File.CreateText(strPath);
objStreamWriter.WriteLine(strTotalDoc);
objStreamWriter.Close();
#endregion
return "./" + strGuid + ".XML";
}