public string buildNiktoRequest(niktoRequests niktoset,string header) {
string methodGETHEAD=niktoset.method;
string actualrequest="";
actualrequest=methodGETHEAD+" "+niktoset.request+" HTTP/1.0\r\n";
actualrequest+=header + "\r\n\r\n";
return actualrequest;
}
public string stestNiktoRequest (string ipRaw, string portRaw, string requestRaw, niktoRequests niktoset, int TimeOut, bool isSSL) {
string response="";
if (isSSL){
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,2,true);
} else {
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut);
}
return response;
}
private string generateBlob (string target, string port, niktoRequests niktoset, string filetype, string filelocation,string header){
niktoRequests FPtest;
FPtest.method=niktoset.method;
FPtest.description="FP test item";
FPtest.type="FP test item";
FPtest.trigger="";
FPtest.isSSL=niktoset.isSSL;
string result="";
if (niktoset.type.Equals("FPtestdir")==false){
FPtest.request=filelocation + "noteverthere." + filetype;
} else FPtest.request=filelocation + "noteverthere/";
if (niktoset.isSSL){
result=stestNiktoRequest(target,port,buildNiktoRequest(FPtest,header),FPtest,6000,true);
} else {
result=stestNiktoRequest(target,port,buildNiktoRequest(FPtest,header),FPtest,6000,false);
}
//actually..this is the only place we really need to lock
lock (backend_FP){
lock (nikto_FP){
FPdata item = new FPdata();
item.URLlocation=filelocation;
item.method=FPtest.method;
item.filetype=filetype;
item.host=target;
if (niktoset.type.CompareTo("FPtestfile")==0 || niktoset.type.CompareTo("FPtestdir")==0){
if (backend_FP.Contains(item)==false){
backend_FP.Add(item,result);
}
}else{
if (nikto_FP.Contains(item)==false){
nikto_FP.Add(item,result);
}
}
}
}
return result;
}
private string getBlob (string ipRaw, string portRaw, niktoRequests niktoset, string filetype, string filelocation,string header){
lock (this){
FPdata entry = new FPdata();
entry.filetype=filetype;
entry.host=ipRaw;
entry.method=niktoset.method;
entry.URLlocation=filelocation;
if (niktoset.type.CompareTo("FPtestfile")==0 || niktoset.type.CompareTo("FPtestdir")==0){
//check if it exists
if (backend_FP.Contains(entry)){
return (string)backend_FP[entry];
}
} else {
if (nikto_FP.Contains(entry)){
return (string)nikto_FP[entry];
}
}
}
//if we end up here we know we must go get a new one
return generateBlob(ipRaw,portRaw,niktoset,filetype,filelocation,header);
}
private double testniktoFP (string ipRaw, string portRaw, niktoRequests niktoset, string request, string reply,string header){
string location=extractLocation(request);
string filetype=extractFileType(request);
string blobFromDB=getBlob(ipRaw,portRaw,niktoset,filetype,location,header);
if (blobFromDB.Length > 0){
double result;
lock (this){
result=compareBlobs(blobFromDB,reply,false,false);
}
return result;
}else return -1.0;
}
public bool testRequest (string ipRaw, string portRaw, string requestRaw, int TimeOut, bool fileordir, bool isSSL, string header, double trigger) {
string response="";
if (isSSL){
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,3,true);
} else {
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut);
}
string[] parts = new string[2000];
parts=requestRaw.Split(' ');
double result;
niktoRequests niktoset = new niktoRequests();
//true=file false=dir
if (fileordir == false){
niktoset.description="FPtestdir";
niktoset.request=requestRaw;
niktoset.trigger="";
niktoset.type="FPtestdir";
niktoset.method=parts[0];
niktoset.isSSL=isSSL;
string[] urlparts = new string[20];
urlparts=parts[1].Split('/');
string finalresult="";
for(int a=1; a<urlparts.Length-2; a++){
finalresult+="/"+urlparts[a];
}
finalresult=finalresult.Replace("//","/");
result=testniktoFP(ipRaw,portRaw,niktoset,finalresult+"/mooforgetit",response,header);
//recheck!
if (result<trigger && result>=0){
lock(this){
cleanBlob(ipRaw,extractFileType(finalresult+"/mooforgetit"),extractLocation(finalresult+"/mooforgetit"),"directory");
}
if (isSSL){
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,3,true);
} else {
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut);
}
result=testniktoFP(ipRaw,portRaw,niktoset,finalresult+"/mooforgetit",response,header);
}
} else {
niktoset.description="FPtestfile";
niktoset.request=requestRaw;
niktoset.trigger="";
niktoset.type="FPtestfile";
niktoset.method=parts[0];
niktoset.isSSL=isSSL;
parts[1]=parts[1].Replace("//","/");
result=testniktoFP(ipRaw,portRaw,niktoset,parts[1],response,header);
//recheck!
if (result<trigger && result >=0){
lock(this){
cleanBlob(ipRaw,extractFileType(parts[1]),extractLocation(parts[1]),"file");
}
if (isSSL){
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,3,true);
} else {
response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut);
}
result=testniktoFP(ipRaw,portRaw,niktoset,parts[1],response,header);
}
}
if ((result < trigger) && result >= 0.00){
return true;
} else {return false;}
}