private void btnScan_Click(object sender, EventArgs e) { if (services != null && services.Count > 0) { lvResult.Items.Clear(); scanDirectory = DirectoryHelper.GetScanDirectoryName(); DirectoryHelper.CreateScanDirectory(scanDirectory); ReportObject reportObject = new ReportObject(); reportObject.ScanStartDate = DateTime.Now; reportObject.WsDescs = new List<WSDescriberForReport>(); reportObject.TotalRequestCount = 0; Log("Scan Started: " + reportObject.ScanStartDate.ToString("dd.MM.yyyy HH:mm:ss"), FontStyle.Bold, true, false); foreach (WSDescriber wsDesc in services) { WSDescriberForReport WSItemVulnerabilities = new WSDescriberForReport(); WSItemVulnerabilities.WsDesc = wsDesc; WSItemVulnerabilities.Vulns = new List<VulnerabilityForReport>(); WSItemVulnerabilities.StaticVulns = new List<StaticVulnerabilityForReport>(); WSItemVulnerabilities.InfoVulns = new List<DisclosureVulnerabilityForReport>(); Log("WSDL Address: " + wsDesc.WSDLAddress, FontStyle.Bold, true, false); Log("Parsing WSDL...", FontStyle.Regular, true, false); List<Param> respHeader = new List<Param>(); bool untrustedSSLSecureChannel = false; Parser parser = null; try { parser = new Parser(wsDesc, ref untrustedSSLSecureChannel, ref respHeader, CustomRequestHeader); } catch (Exception parseEx) { Log("WSDL Parsing Exception: " + parseEx.Message, FontStyle.Regular, true, false); } if (chkStaticScan.Checked && parser != null) { Log("Static Analysis Started", FontStyle.Regular, true, false); StaticVulnerabilityScanner svs = new StaticVulnerabilityScanner(); foreach (StaticVulnerabilitiesStaticVulnerability staticVuln in staticVulnerabilities.StaticVulnerability) { Log(" Testing: " + staticVuln.title, FontStyle.Regular, chkDebug.Checked, false); string staticScanRes = svs.ScanIt(staticVuln, parser.rawWSDL); if (!string.IsNullOrEmpty(staticScanRes)) { Log(" " + staticVuln.title + " Vulnerability Found: " + staticScanRes, FontStyle.Bold, true, false); StaticVulnerabilityForReport vulnRep = new StaticVulnerabilityForReport(); vulnRep.Vuln = staticVuln; vulnRep.XMLLine = staticScanRes; WSItemVulnerabilities.StaticVulns.Add(vulnRep); } } Log("Static Analysis Finished", FontStyle.Regular, true, false); } if (chkDynamicScan.Checked && parser != null) { Log("Getting Methods...", FontStyle.Regular, true, false); List<WSOperation> operations = parser.GetOperations(); WebServiceToInvoke wsInvoker = new WebServiceToInvoke(wsDesc.WSDLAddress.Replace("?WSDL", "")); if (!wsDesc.WSUri.Scheme.Equals("https")) { Log(" Vulnerability Found - SSL Not Used, Uri Schema is " + wsDesc.WSUri.Scheme, FontStyle.Bold, true, false); AddSSLRelatedVulnerability(WSItemVulnerabilities, 0); } else { if (untrustedSSLSecureChannel) { Log(" Vulnerability Found - Could not establish trust relationship for the SSL/TLS secure channel.", FontStyle.Bold, true, false); AddSSLRelatedVulnerability(WSItemVulnerabilities, -1); } } DynamicVulnerabilityScanner dynScn = new DynamicVulnerabilityScanner(this); foreach (WSOperation operation in operations) { Log("Method: " + operation.MethodName, FontStyle.Regular, chkDebug.Checked, false); foreach (VulnerabilitiesVulnerability vuln in vulnerabilities.Vulnerability) { if (vuln.type == 1 || vuln.type == 3) // 1: soap specific , 3: common for soap & rest { if (vuln.id != 0 && vuln.id != 7 && vuln.id != 9 && vuln.id != 10) // 0 for insecure transport - ssl not used , 7 for verbose soap fault message , 9 for HTTP Options , 10 for XST { wsInvoker.PreInvoke(); Log(" Testing: " + vuln.title, FontStyle.Regular, chkDebug.Checked, false); Log(" Parameter Count: " + operation.Parameters.Count, FontStyle.Regular, chkDebug.Checked, false); try { dynScn.ScanVulnerabilities(wsInvoker, operation, vuln, parser.TargetNameSpace, wsDesc, WSItemVulnerabilities, reportObject, chkDebug.Checked, ref respHeader, CustomSoapHeaderTags.Trim(), CustomSoapBodyTags.Trim(), CustomRequestHeader.Trim()); } catch (System.Web.Services.Protocols.SoapException soapEx) { dynScn.SetSoapFaultException(operation, soapEx, WSItemVulnerabilities, chkDebug.Checked); } catch (Exception ex) { Log(" Exception: " + ex.ToString(), FontStyle.Regular, chkDebug.Checked, true); } } } } } try { VulnerabilitiesVulnerability optionsVuln = vulnerabilities.Vulnerability.Where(v => v.id == 9).FirstOrDefault(); if (optionsVuln != null) { dynScn.CheckHTTPOptionsVulns(wsDesc, optionsVuln, WSItemVulnerabilities, reportObject, chkDebug.Checked, ref respHeader, CustomRequestHeader); } } catch (Exception ex) { Log(" CheckHTTPOptionsVulns - Exception: " + ex.ToString(), FontStyle.Regular, chkDebug.Checked, true); } try { VulnerabilitiesVulnerability xstVuln = vulnerabilities.Vulnerability.Where(v => v.id == 10).FirstOrDefault(); if (xstVuln != null) { dynScn.CheckXSTVulns(wsDesc, xstVuln, WSItemVulnerabilities, reportObject, chkDebug.Checked, ref respHeader, CustomRequestHeader); } } catch (Exception ex) { Log(" CheckXSTVulns - Exception: " + ex.ToString(), FontStyle.Regular, chkDebug.Checked, true); } } if (chkInfoDisclosure.Checked) { Log("Information Disclosure Analysis Started", FontStyle.Regular, true, false); InformationDisclosureVulnerabilityScanner idvs = new InformationDisclosureVulnerabilityScanner(this); foreach (InformationDisclosureVulnerability infoVuln in disclosureVulnerabilities.Vulnerability) { Log(" Searching Response Header: " + infoVuln.title, FontStyle.Regular, chkDebug.Checked, false); string infoScanRes = idvs.ScanIt(infoVuln, respHeader); if (!string.IsNullOrEmpty(infoScanRes)) { Log(" " + infoVuln.title + " Information Disclosure Found: " + infoScanRes, FontStyle.Bold, true, false); DisclosureVulnerabilityForReport vulnRep = new DisclosureVulnerabilityForReport(); vulnRep.Vuln = infoVuln; vulnRep.Value = infoScanRes; WSItemVulnerabilities.InfoVulns.Add(vulnRep); } } Log("Information Disclosure Analysis Finished", FontStyle.Regular, true, false); } reportObject.WsDescs.Add(WSItemVulnerabilities); } reportObject.ScanEndDate = DateTime.Now; Log("Scan Finished: " + reportObject.ScanEndDate.ToString("dd.MM.yyyy HH:mm:ss"), FontStyle.Bold, true, false); string reportFilePath = scanDirectory + @"\Report\Report.html"; string xmlFilePath = scanDirectory + @"\Report\Report.xml"; string reportTemplatePath = System.AppDomain.CurrentDomain.BaseDirectory + @"\ReportTemplates\HTMLReportTemplate.html"; ReportHelper.CreateHTMLReport(reportObject, reportTemplatePath, reportFilePath, chkXMLReport.Checked, xmlFilePath); //if (chkXMLReport.Checked) //{ // Process.Start("cmd.exe /c notepad.exe " + xmlFilePath); //} Process.Start(reportFilePath); } else { MessageBox.Show("Please Select WSDL List File!!!"); } }
public void ScanRESTApi() { if (RestAPIDesc != null) { lvResult.Items.Clear(); scanDirectory = DirectoryHelper.GetScanDirectoryName(); DirectoryHelper.CreateScanDirectory(scanDirectory); ReportObject reportObject = new ReportObject(); reportObject.ScanStartDate = DateTime.Now; reportObject.WsDescs = new List<WSDescriberForReport>(); reportObject.TotalRequestCount = 0; Log("Scan Started: " + reportObject.ScanStartDate.ToString("dd.MM.yyyy HH:mm:ss"), FontStyle.Bold, true, false); WSDescriberForReport WSItemVulnerabilities = new WSDescriberForReport(); WSItemVulnerabilities.RestAPI = RestAPIDesc; WSItemVulnerabilities.StaticVulns = new List<StaticVulnerabilityForReport>(); WSItemVulnerabilities.Vulns = new List<VulnerabilityForReport>(); WSItemVulnerabilities.InfoVulns = new List<DisclosureVulnerabilityForReport>(); Log("API Address: " + RestAPIDesc.Url.AbsoluteUri, FontStyle.Bold, true, false); Log("Parsing API...", FontStyle.Regular, true, false); List<Param> respHeader = new List<Param>(); bool untrustedSSLSecureChannel = false; RestParser restParser = new RestParser(ref RestAPIDesc); if (chkDynamicScan.Checked) { RestHTTPHelper HttpHelper = new RestHTTPHelper(ref RestAPIDesc, ref untrustedSSLSecureChannel, ref respHeader, CustomRequestHeader); if (!RestAPIDesc.Url.Scheme.Equals("https")) { Log(" Vulnerability Found - SSL Not Used, Uri Schema is " + RestAPIDesc.Url.Scheme, FontStyle.Bold, true, false); AddSSLRelatedVulnerability(WSItemVulnerabilities, 0); } else { if (untrustedSSLSecureChannel) { Log(" Vulnerability Found - Could not establish trust relationship for the SSL/TLS secure channel.", FontStyle.Bold, true, false); AddSSLRelatedVulnerability(WSItemVulnerabilities, -1); } } int paramCount = 0; paramCount = RestAPIDesc.UrlParameters != null ? RestAPIDesc.UrlParameters.Count : 0; paramCount += RestAPIDesc.PostParameters != null ? RestAPIDesc.PostParameters.Count : 0; RestDynamicVulnerabilityScanner restDynScn = new RestDynamicVulnerabilityScanner(this); foreach (VulnerabilitiesVulnerability vuln in vulnerabilities.Vulnerability) { if (vuln.type == 2 || vuln.type == 3) // 2: rest specific , 3: common for soap & rest { if (vuln.id != 0 && vuln.id != 9 && vuln.id != 10) // 0 for insecure transport - ssl not used , 9 for HTTP Options , 10 for XST { Log(" Testing: " + vuln.title, FontStyle.Regular, chkDebug.Checked, false); Log(" Parameter Count: " + (paramCount), FontStyle.Regular, chkDebug.Checked, false); try { restDynScn.ScanVulnerabilities(vuln, RestAPIDesc, WSItemVulnerabilities, reportObject, chkDebug.Checked, ref respHeader, HttpHelper, CustomRequestHeader); } catch (Exception ex) { Log(" Exception: " + ex.ToString(), FontStyle.Regular, chkDebug.Checked, true); } } } } try { VulnerabilitiesVulnerability optionsVuln = vulnerabilities.Vulnerability.Where(v => v.id == 9).FirstOrDefault(); if (optionsVuln != null) { restDynScn.CheckHTTPOptionsVulns(RestAPIDesc, optionsVuln, WSItemVulnerabilities, reportObject, chkDebug.Checked, ref respHeader, HttpHelper, CustomRequestHeader); } } catch (Exception ex) { Log(" CheckHTTPOptionsVulns - Exception: " + ex.ToString(), FontStyle.Regular, chkDebug.Checked, true); } try { VulnerabilitiesVulnerability xstVuln = vulnerabilities.Vulnerability.Where(v => v.id == 10).FirstOrDefault(); if (xstVuln != null) { restDynScn.CheckXSTVulns(RestAPIDesc, xstVuln, WSItemVulnerabilities, reportObject, chkDebug.Checked, ref respHeader, HttpHelper, CustomRequestHeader); } } catch (Exception ex) { Log(" CheckXSTVulns - Exception: " + ex.ToString(), FontStyle.Regular, chkDebug.Checked, true); } } if (chkInfoDisclosure.Checked) { Log("Information Disclosure Analysis Started", FontStyle.Regular, true, false); InformationDisclosureVulnerabilityScanner idvs = new InformationDisclosureVulnerabilityScanner(this); foreach (InformationDisclosureVulnerability infoVuln in disclosureVulnerabilities.Vulnerability) { Log(" Searching Response Header: " + infoVuln.title, FontStyle.Regular, chkDebug.Checked, false); string infoScanRes = idvs.ScanIt(infoVuln, respHeader); if (!string.IsNullOrEmpty(infoScanRes)) { Log(" " + infoVuln.title + " Information Disclosure Found: " + infoScanRes, FontStyle.Bold, true, false); DisclosureVulnerabilityForReport vulnRep = new DisclosureVulnerabilityForReport(); vulnRep.Vuln = infoVuln; vulnRep.Value = infoScanRes; WSItemVulnerabilities.InfoVulns.Add(vulnRep); } } Log("Information Disclosure Analysis Finished", FontStyle.Regular, true, false); } reportObject.WsDescs.Add(WSItemVulnerabilities); reportObject.ScanEndDate = DateTime.Now; Log("Scan Finished: " + reportObject.ScanEndDate.ToString("dd.MM.yyyy HH:mm:ss"), FontStyle.Bold, true, false); string reportFilePath = scanDirectory + @"\Report\Report.html"; string xmlFilePath = scanDirectory + @"\Report\Report.xml"; //string reportTemplatePath = System.AppDomain.CurrentDomain.BaseDirectory + @"\..\..\ReportTemplates\HTMLReportTemplate.html"; string reportTemplatePath = System.AppDomain.CurrentDomain.BaseDirectory + @"\ReportTemplates\HTMLReportTemplate.html"; ReportHelper.CreateHTMLReport(reportObject, reportTemplatePath, reportFilePath, chkXMLReport.Checked, xmlFilePath); Process.Start(reportFilePath); //if (chkXMLReport.Checked) Process.Start(xmlFilePath); } else { MessageBox.Show("Please Enter API Info!!!"); } }