private static bool CheckIfSocialMediaSite(string startingDomain, string url)
{
string foundDomain = DomainUtility.GetDomainFromUrl(url);
string foundURL = url.Split('?')[0];
foreach (DomainData social in _socialDomains)
{
if (foundDomain.ToLower().Equals(startingDomain))
{
continue;
}
if (foundDomain.ToLower().Equals(social.DomainName.ToLower()))
{
if (!CheckForSharing(url, social))
{
return(false);
}
return(true);
}
}
return(false);
}
private static void CrawlPage(IRequest request, int step)
{
// if (request.Url.Trim('/').Split('/').Count() - 2 > CrawlerContext.Depth)
if (step > CrawlerContext.Depth)
{
return;
}
if (CrawlerContext.SinglePage && step > 2)
{
return;
}
Uri tempUri = new Uri(request.Url);
string tempDomain = DomainUtility.GetDomainFromUrl(tempUri);
if (CrawlerContext.IgnoreDirectory.Count != 0 && IgnoreDirectory(request.Url, tempDomain))
{
return;
}
if (!PageHasBeenCrawled(request))
{
CrawlerContext.Pages.Add(request);
RequestUtility.GetWebText(request);
_pageCounter.Invoke();
if (request.Response.Error)
{
//log
return;
}
_responseHandler.Invoke(request);
LinkParser linkParser = new LinkParser();
linkParser.ParseLinksAgility(request.Response.Body, request.Url);
if (CrawlerContext.LightMode)
{
request.Response.Body = "";
}
foreach (IRequest link in linkParser.GoodUrls)
{
CrawlerContext.PauseEvent.WaitOne(Timeout.Infinite);
try
{
CrawlPage(link, step + 1);
}
catch
{
// _failedUrls.Add(link + " (on page at url " + url + ") - " + exc.Message);
}
}
CrawlerContext.ExhaustedURL.Add(request.Url);
}
}
private void _btnHeadersTest_Click(object sender, EventArgs e)
{
string address = _txtDomain.Text;
StringBuilder sb = new StringBuilder();
try
{
sb.Append("Starting Headers Test : " + address + Environment.NewLine);
ScannerRequest sRequest = new ScannerRequest();
sRequest.URL = address;
sRequest.Domain = DomainUtility.GetDomainFromUrl(address);
sRequest.LogDir = Settings.LogDir;
CheckHeaders(sRequest, sb);
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner);
}
LogTest(sb.ToString());
}
private static bool IsExternalUrl(string url)
{
try
{
if ((url.Length >= 7 && url.Substring(0, 7) == "http://") || (url.Length >= 8 && url.Substring(0, 8) == "https://") || url.Length >= 2 && url.Substring(0, 2) == "//")
{
Uri tempUri = new Uri(url);
string tempDomain = DomainUtility.GetDomainFromUrl(tempUri);
try
{
if (CrawlerContext.IgnoreDirectory.Count != 0 && IgnoreDirectory(url, tempDomain))
{
return(true);
}
if (CrawlerContext.IncludeSubdomains)
{
if (tempDomain.Equals(DomainUtility.GetDomainFromUrl(CrawlerContext.URI)))
{
return(false);
}
else if (Uri.Compare(tempUri, CrawlerContext.URI, UriComponents.Host, UriFormat.SafeUnescaped, StringComparison.CurrentCulture) != 0)
{
return(true);
}
else
{
return(false);
}
}
else
{
if (Uri.Compare(tempUri, CrawlerContext.URI, UriComponents.Host, UriFormat.SafeUnescaped, StringComparison.CurrentCulture) != 0)
{
return(true);
}
else
{
return(false);
}
}
}
catch
{
return(true);
}
}
return(false);
}
catch (Exception ex)
{
//todo
return(true);
}
}
private void _btnSubdomainTakeoverTest_Click(object sender, EventArgs e)
{
string address = _txtDomain.Text;
StringBuilder sb = new StringBuilder();
try
{
sb.Append("Starting Subdomain Takeover Test : " + address + Environment.NewLine);
WebPageRequest request = new WebPageRequest();
request.Address = address;
WebPageLoader.Load(request);
if (request.Response.Body.Equals(String.Empty) && request.Response.TimeOut == false)
{
sb.Append("\tNo body found." + Environment.NewLine);
}
else
{
ScannerRequest sRequest = new ScannerRequest();
sRequest.Body = request.Response.Body;
sRequest.URL = address;
sRequest.Domain = DomainUtility.GetDomainFromUrl(address);
sb.Append("\tBody found." + Environment.NewLine);
if (request.Response.TimeOut == false)
{
CheckEngine(sRequest, sb);
}
else
{
sb.Append("\tTimed out" + Environment.NewLine);
// CheckBigIPService(request, sb);
}
}
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner);
}
LogTest(sb.ToString());
}
public static bool CheckIfSocialMediaSite(string url, List <DomainData> socialDomains)
{
string foundDomain = DomainUtility.GetDomainFromUrl(url);
string foundURL = url.Split('?')[0];
foreach (DomainData social in socialDomains)
{
if (foundDomain.ToLower().Equals(social.DomainName.ToLower()))
{
if (!CheckForSharing(url, social))
{
return(false);
}
return(true);
}
}
return(false);
}
private void TestDomain(string address, bool signalEnd)
{
StringBuilder sb = new StringBuilder();
StringBuilder linkBuilder = new StringBuilder();
try
{
List <string> schemas = new List <string>();
schemas.Add("http");
schemas.Add("https");
foreach (var schema in schemas)
{
if (schema.Equals("http"))
{
address = DomainUtility.EnsureHTTP(address);
}
else
{
address = DomainUtility.EnsureHTTPS(address);
}
sb.Append("Checking: " + address + Environment.NewLine);
WebPageRequest request = new WebPageRequest();
request.Address = address;
WebPageLoader.Load(request);
ScannerRequest sRequest = new ScannerRequest();
sRequest.Body = request.Response.Body;
sRequest.URL = address;
sRequest.Domain = DomainUtility.GetDomainFromUrl(address);
ScannerResult result = new ScannerResult();
ScannerContext scannerContext = new ScannerContext();
if (request.Response.Body.Equals(String.Empty) && request.Response.TimeOut == false)
{
sb.Append("\tNo body found." + Environment.NewLine);
}
else
{
if (request.Response.TimeOut == false)
{
result = CheckEngine(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckBuckets(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckSocialMedia(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckServices(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckDefaultpages(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckIndexOf(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
foreach (var script in request.Response.Scripts)
{
ScannerRequest scriptRequest = new ScannerRequest();
scriptRequest.Body = script.Value;
scriptRequest.URL = script.Key;
result = CheckBuckets(scriptRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
}
}
else
{
// CheckBigIPService(request, sb);
}
}
//CheckForFileType(request.Address, sb, "swf", linkBuilder);
//result = CheckForFileType(request.Address, sb, "php", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "xml", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "conf", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "env", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
result = CheckPHPInfo(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckKnownAttackFiles(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckCRLF(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckCSP(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckHeaders(sRequest, sb);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
}
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
}
Log(sb.ToString());
LogLinks(linkBuilder.ToString());
if (signalEnd)
{
_countdown.Signal();
}
}
private void Test(string url)
{
StringBuilder sb = new StringBuilder();
try
{
List <string> schemas = new List <string>();
schemas.Add("http");
schemas.Add("https");
foreach (var schema in schemas)
{
if (schema.Equals("http"))
{
url = DomainUtility.EnsureHTTP(url);
}
else
{
url = DomainUtility.EnsureHTTPS(url);
}
sb.Append(Environment.NewLine);
sb.Append(Environment.NewLine);
sb.Append(DateTime.Now.ToString());
sb.Append(" Checking: " + url + Environment.NewLine);
sb.Append("------------------");
List <IAttack> attacks = new List <IAttack>();
//Future: Auto detect dlls
attacks.Add(new Clark.Attack.ContentScanner.Processor());
attacks.Add(new Clark.Attack.SocialMedia.Processor());
attacks.Add(new Clark.Attack.InformationLeak.Processor());
attacks.Add(new Clark.Attack.CRLF.Processor());
attacks.Add(new Clark.Attack.VulnerableFiles.Processor());
attacks.Add(new Clark.Attack.HTTPHeader.Processor());
attacks.Add(new Clark.Attack.CSP.Processor());
attacks.Add(new Clark.Attack.HTTPResponse.Processor());
attacks.Add(new Clark.Attack.FileUpload.Processor());
attacks.Add(new Clark.Attack.Redirect.Processor());
WebPageRequest request = new WebPageRequest();
request.Address = url;
WebPageLoader.Load(request);
var sRequest = new AttackRequest();
sRequest.Body = request.Response.Body;
sRequest.URL = url;
sRequest.Domain = DomainUtility.GetDomainFromUrl(url);
sRequest.LogDir = Settings.LogDir;
_countdown = new CountdownEvent(attacks.Count);
List <Thread> lstThreads = new List <Thread>();
foreach (var attack in attacks)
{
Thread th = new Thread(() => { sb.Append(Environment.NewLine + ExecuteAttack(attack, sRequest)); });
lstThreads.Add(th);
}
foreach (Thread th in lstThreads)
{
th.Start();
}
_countdown.Wait();
}
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
LogError("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
}
Log(sb.ToString());
}
