public string initiate(int intSessionId) { string strTotalDoc = ""; string strHeader = ""; string strUserAgent = ""; System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder(); strGuid = "" + System.Guid.NewGuid().ToString(); mSessionId = intSessionId; objSession.id = mSessionId; objSession.populate(); devCafe.framework.frameworkListItems objFrameWorkListItem = new devCafe.framework.frameworkListItems(); objFrameWorkListItem.id = objSession.userAgent; objFrameWorkListItem.populate(); strUserAgent = objFrameWorkListItem.listItemName; #region Construct Report Header strHeader += "<header>"; strHeader += "<application>beretta</application>"; strHeader += "<version>1.0</version>"; strHeader += "<sessionId>" + objSession.id.ToString() + "</sessionId>"; strHeader += "<date>" + System.DateTime.Now + "</date>"; if (objSession.authenticationType == 0) { strHeader += "<authenticationType>None</authenticationType>"; } else if (objSession.authenticationType == 1) { strHeader += "<authenticationType>Forms</authenticationType>"; } else if (objSession.authenticationType == 2) { strHeader += "<authenticationType>Raw</authenticationType>"; } strHeader += "<sessionName>" + objSession.sessionName + "</sessionName>"; strHeader += "<sessionDescription>" + objSession.sessionDescription + "</sessionDescription>"; strHeader += "</header>"; #endregion objUrlsDataSet = urlsDataAccess.getAllForSession(objSession.id); //For each URL in session foreach (DataRow objUrlRow in objUrlsDataSet.Tables[0].Rows) { //Manual Scan urlWorker objUrlWorker = new urlWorker(); objUrlWorker.sessionId = objSession.id; objUrlWorker.authenticationType = objSession.authenticationType; objUrlWorker.urlId = System.Convert.ToInt32(objUrlRow["id"]); objUrlWorker.userAgent = strUserAgent; objUrlWorker.scanManual(); strUrls = strUrls + "<url>" + objUrlWorker.url + "</url>"; if (objUrlWorker.objBerettaResultHashTable != null && objUrlWorker.objBerettaResultHashTable.Count > 0) { objStringBuilder.Append(buildResults(objUrlWorker.objBerettaResultHashTable)); } objFormSubmissionStr.Append(buildSubmission(objUrlWorker.objBerettaSubmissionHashTable)); objUrlWorker = null; //Auto Scan if (objSession.useAutoScan == 1) { urlWorker objUrlWorkerAuto = new urlWorker(); objUrlWorkerAuto.sessionId = objSession.id; objUrlWorkerAuto.authenticationType = objSession.authenticationType; objUrlWorkerAuto.urlId = System.Convert.ToInt32(objUrlRow["id"]); objUrlWorkerAuto.userAgent = strUserAgent; objUrlWorkerAuto.scanAuto(); if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0) { objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable)); } objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable)); objUrlWorkerAuto = null; } } #region Construct XML report strTotalDoc += "<report>"; strTotalDoc += "" + strHeader; strTotalDoc += "" + "<body>"; strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>"; strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>"; strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>"; strTotalDoc += "" + "</body>"; strTotalDoc += "</report>"; #endregion #region Write XML report string strPath = "" + System.Configuration.ConfigurationSettings.AppSettings.Get("outputDir") + strGuid + ".XML"; StreamWriter objStreamWriter; //Add XSL file ref string strXslFile = "" + devCafe.framework.keyDataAccess.get("defaultScanXSL"); strTotalDoc = "<?xml-stylesheet href='../xsl/" + strXslFile + "' type='text/xsl'?>" + strTotalDoc; objStreamWriter = System.IO.File.CreateText(strPath); objStreamWriter.WriteLine(strTotalDoc); objStreamWriter.Close(); #endregion return("./" + strGuid + ".XML"); }
private void cmdScan_Click(object sender, System.EventArgs e) { string strPath = "" + Application.StartupPath; string strTotalDoc = ""; string strHeader = ""; string strUserAgent = ""; DataSet objPayloads; DataSet objSignatures; berettaWinForms.classes.loadXml objLoadXml = new berettaWinForms.classes.loadXml(); objSignatures = objLoadXml.loadSignatures(strPath + "/data/signatures.xml"); objPayloads = objLoadXml.loadPayloads(strPath + "/data/payloads.xml"); MessageBox.Show("Starting Scan"); System.Text.StringBuilder objFormSubmissionStr = new System.Text.StringBuilder(); string strGuid = "" + System.Guid.NewGuid().ToString(); #region Construct Report Header strHeader += "<header>"; strHeader += "<application>beretta</application>"; strHeader += "<version>1.0</version>"; strHeader += "<sessionId>0</sessionId>"; strHeader += "<date>" + System.DateTime.Now + "</date>"; strHeader += "<authenticationType>None</authenticationType>"; strHeader += "<sessionName>New Session</sessionName>"; strHeader += "<sessionDescription>Description</sessionDescription>"; strHeader += "</header>"; #endregion foreach (string strUrl in lstUrls.Items) { //Auto Scan urlWorker objUrlWorkerAuto = new urlWorker(); objUrlWorkerAuto.sessionId = 0; objUrlWorkerAuto.authenticationType = 0; objUrlWorkerAuto.url = "" + strUrl; objUrlWorkerAuto.userAgent = strUserAgent; objUrlWorkerAuto.payloadDataSet = objPayloads; objUrlWorkerAuto.signaturesDataSet = objSignatures; objUrlWorkerAuto.scanAuto(); if (objUrlWorkerAuto.objBerettaResultHashTable != null && objUrlWorkerAuto.objBerettaResultHashTable.Count > 0) { objStringBuilder.Append(buildResults(objUrlWorkerAuto.objBerettaResultHashTable)); } objFormSubmissionStr.Append(buildSubmission(objUrlWorkerAuto.objBerettaSubmissionHashTable)); objUrlWorkerAuto = null; strUrls = strUrls + "<url>" + strUrl + "</url>"; } #region Construct XML report strTotalDoc += "<report>"; strTotalDoc += "" + strHeader; strTotalDoc += "" + "<body>"; strTotalDoc += "" + "<urlsScanned>" + strUrls + "</urlsScanned>"; strTotalDoc += "<scanItems>" + objStringBuilder.ToString() + "</scanItems>"; strTotalDoc += "<formSubmissions>" + objFormSubmissionStr.ToString() + "</formSubmissions>"; strTotalDoc += "" + "</body>"; strTotalDoc += "</report>"; #endregion #region Write XML report string strOutputPath = "" + Application.StartupPath + "/output/" + strGuid + ".XML"; string strXSLPath = "" + Application.StartupPath + "/xsl/beretta.xsl"; StreamWriter objStreamWriter; //Add XSL file ref strTotalDoc = "<?xml-stylesheet href='" + strXSLPath + "' type='text/xsl'?>" + strTotalDoc; objStreamWriter = System.IO.File.CreateText(strOutputPath); objStreamWriter.WriteLine(strTotalDoc); objStreamWriter.Close(); MessageBox.Show("Finished Scan. Report at: " + strOutputPath); #endregion }