public string initiate(int intSessionId)
        {
            string strTotalDoc  = "";
            string strHeader    = "";
            string strUserAgent = "";

            System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder();

            strGuid = "" + System.Guid.NewGuid().ToString();

            mSessionId    = intSessionId;
            objSession.id = mSessionId;
            objSession.populate();


            devCafe.framework.frameworkListItems objFrameWorkListItem = new devCafe.framework.frameworkListItems();
            objFrameWorkListItem.id = objSession.userAgent;
            objFrameWorkListItem.populate();

            strUserAgent = objFrameWorkListItem.listItemName;



            #region Construct Report Header

            strHeader += "<header>";
            strHeader += "<application>beretta</application>";
            strHeader += "<version>1.0</version>";
            strHeader += "<sessionId>" + objSession.id.ToString() + "</sessionId>";
            strHeader += "<date>" + System.DateTime.Now + "</date>";


            if (objSession.authenticationType == 0)
            {
                strHeader += "<authenticationType>None</authenticationType>";
            }
            else if (objSession.authenticationType == 1)
            {
                strHeader += "<authenticationType>Forms</authenticationType>";
            }
            else if (objSession.authenticationType == 2)
            {
                strHeader += "<authenticationType>Raw</authenticationType>";
            }
            strHeader += "<sessionName>" + objSession.sessionName + "</sessionName>";
            strHeader += "<sessionDescription>" + objSession.sessionDescription + "</sessionDescription>";
            strHeader += "</header>";

            #endregion


            objUrlsDataSet = urlsDataAccess.getAllForSession(objSession.id);


            //For each URL in session
            foreach (DataRow objUrlRow in objUrlsDataSet.Tables[0].Rows)
            {
                //Manual Scan
                urlWorker objUrlWorker = new urlWorker();

                objUrlWorker.sessionId          = objSession.id;
                objUrlWorker.authenticationType = objSession.authenticationType;
                objUrlWorker.urlId     = System.Convert.ToInt32(objUrlRow["id"]);
                objUrlWorker.userAgent = strUserAgent;
                objUrlWorker.scanManual();

                strUrls = strUrls + "<url>" + objUrlWorker.url + "</url>";

                if (objUrlWorker.objBerettaResultHashTable != null && objUrlWorker.objBerettaResultHashTable.Count > 0)
                {
                    objStringBuilder.Append(buildResults(objUrlWorker.objBerettaResultHashTable));
                }


                objFormSubmissionStr.Append(buildSubmission(objUrlWorker.objBerettaSubmissionHashTable));

                objUrlWorker = null;

                //Auto Scan
                if (objSession.useAutoScan == 1)
                {
                    urlWorker objUrlWorkerAuto = new urlWorker();
                    objUrlWorkerAuto.sessionId          = objSession.id;
                    objUrlWorkerAuto.authenticationType = objSession.authenticationType;
                    objUrlWorkerAuto.urlId     = System.Convert.ToInt32(objUrlRow["id"]);
                    objUrlWorkerAuto.userAgent = strUserAgent;
                    objUrlWorkerAuto.scanAuto();


                    if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0)
                    {
                        objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
                    }

                    objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));

                    objUrlWorkerAuto = null;
                }
            }



            #region Construct XML report

            strTotalDoc += "<report>";
            strTotalDoc += "" + strHeader;
            strTotalDoc += "" + "<body>";
            strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>";
            strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>";
            strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>";
            strTotalDoc += "" + "</body>";
            strTotalDoc += "</report>";

            #endregion

            #region Write XML report

            string strPath = "" + System.Configuration.ConfigurationSettings.AppSettings.Get("outputDir") + strGuid + ".XML";

            StreamWriter objStreamWriter;

            //Add XSL file ref
            string strXslFile = "" + devCafe.framework.keyDataAccess.get("defaultScanXSL");
            strTotalDoc = "<?xml-stylesheet href='../xsl/" + strXslFile + "' type='text/xsl'?>" + strTotalDoc;

            objStreamWriter = System.IO.File.CreateText(strPath);
            objStreamWriter.WriteLine(strTotalDoc);
            objStreamWriter.Close();

            #endregion


            return("./" + strGuid + ".XML");
        }
Exemple #2
0
        private void cmdScan_Click(object sender, System.EventArgs e)
        {
            string  strPath      = "" + Application.StartupPath;
            string  strTotalDoc  = "";
            string  strHeader    = "";
            string  strUserAgent = "";
            DataSet objPayloads;
            DataSet objSignatures;

            berettaWinForms.classes.loadXml objLoadXml = new berettaWinForms.classes.loadXml();
            objSignatures = objLoadXml.loadSignatures(strPath + "/data/signatures.xml");
            objPayloads   = objLoadXml.loadPayloads(strPath + "/data/payloads.xml");


            MessageBox.Show("Starting Scan");


            System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder();

            string strGuid = "" + System.Guid.NewGuid().ToString();



            #region Construct Report Header

            strHeader += "<header>";
            strHeader += "<application>beretta</application>";
            strHeader += "<version>1.0</version>";
            strHeader += "<sessionId>0</sessionId>";
            strHeader += "<date>" + System.DateTime.Now + "</date>";


            strHeader += "<authenticationType>None</authenticationType>";
            strHeader += "<sessionName>New Session</sessionName>";
            strHeader += "<sessionDescription>Description</sessionDescription>";
            strHeader += "</header>";

            #endregion



            foreach (string strUrl in lstUrls.Items)
            {
                //Auto Scan

                urlWorker objUrlWorkerAuto = new urlWorker();
                objUrlWorkerAuto.sessionId          = 0;
                objUrlWorkerAuto.authenticationType = 0;
                objUrlWorkerAuto.url               = "" + strUrl;
                objUrlWorkerAuto.userAgent         = strUserAgent;
                objUrlWorkerAuto.payloadDataSet    = objPayloads;
                objUrlWorkerAuto.signaturesDataSet = objSignatures;
                objUrlWorkerAuto.scanAuto();


                if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0)
                {
                    objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable));
                }

                objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable));

                objUrlWorkerAuto = null;

                strUrls = strUrls + "<url>" + strUrl + "</url>";
            }



            #region Construct XML report

            strTotalDoc += "<report>";
            strTotalDoc += "" + strHeader;
            strTotalDoc += "" + "<body>";
            strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>";
            strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>";
            strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>";
            strTotalDoc += "" + "</body>";
            strTotalDoc += "</report>";

            #endregion

            #region Write XML report



            string strOutputPath = "" + Application.StartupPath + "/output/" + strGuid + ".XML";
            string strXSLPath    = "" + Application.StartupPath + "/xsl/beretta.xsl";

            StreamWriter objStreamWriter;

            //Add XSL file ref

            strTotalDoc = "<?xml-stylesheet href='" + strXSLPath + "' type='text/xsl'?>" + strTotalDoc;

            objStreamWriter = System.IO.File.CreateText(strOutputPath);
            objStreamWriter.WriteLine(strTotalDoc);
            objStreamWriter.Close();

            MessageBox.Show("Finished Scan. Report at: " + strOutputPath);


            #endregion
        }