/// <summary> /// Creates a new event in the log. /// </summary> /// <param name='result'> /// The result of the scanner. /// </param> public virtual void Create(ScannerResult result) { try { _semaphore.WaitOne(); //Reopen the connection if the connection is closed. if (Connection.State != ConnectionState.Open) { Open(); } //Create the SQL records for this event. CreateSql(result); Debugger.Put(4, "\tdb: inserted new event '{0}'", ConsoleColor.DarkMagenta, result.Signature); } catch (Exception e) { Debugger.Put(3, "\tdb: {0}", ConsoleColor.Red, e.Message); } finally { _semaphore.Release(); } }
public static ScannerResult Check(ScannerRequest request) { if (_payloads.Count == 0) { lock (_syncObject) { if (_payloads.Count == 0) { Initialize(); } } } ScannerResult result = new ScannerResult(); foreach (string payload in _payloads) { string testUrl = request.URL.Trim('/') + "/" + payload; WebPageRequest webRequest = new WebPageRequest(testUrl); WebPageLoader.Load(webRequest); if (webRequest.Response.Headers.AllKeys.Contains("headername")) { result.Success = true; result.Results.Add(testUrl); return(result); } } return(result); }
public IReadOnlyList <AnalyzerSummary> Analyze(ScannerResult report, Func <ProbeResult, string> filterBy) { var rollup = GetRollup(report.Results, filterBy); var summary = (from result in rollup let healthy = new AnalyzerResultImpl( result.Value .Count(x => x == ProbeResultStatus.Healthy) .ConvertTo(), CalcPercentage(result.Value, ProbeResultStatus.Healthy)) let unhealthy = new AnalyzerResultImpl( result.Value .Count(x => x == ProbeResultStatus.Unhealthy) .ConvertTo(), CalcPercentage(result.Value, ProbeResultStatus.Unhealthy)) let warning = new AnalyzerResultImpl( result.Value .Count(x => x == ProbeResultStatus.Warning) .ConvertTo(), CalcPercentage(result.Value, ProbeResultStatus.Warning)) let inconclusive = new AnalyzerResultImpl( result.Value .Count(x => x == ProbeResultStatus.Inconclusive) .ConvertTo(), CalcPercentage(result.Value, ProbeResultStatus.Inconclusive)) select new AnalyzerSummaryImpl(result.Key, healthy, unhealthy, warning, inconclusive)) .Cast <AnalyzerSummary>() .ToList(); NotifyObservers(summary); return(summary); }
public static ScannerResult Check(ScannerRequest request) { if (_domainList.Count == 0) { lock (_syncObject) { if (_domainList.Count == 0) { Initialize(); } } } ScannerResult result = new ScannerResult(); if (String.IsNullOrEmpty(request.Body)) { return(result); } string domain = ""; foreach (Fingerprint domainTest in _domainList) { domain = Check_Domain(request.Body, domainTest); if (!String.IsNullOrEmpty(domain)) { result.Success = true; result.Results.Add(domain); return(result); } } return(result); }
private async void CompleteScan() { try { var status = OutButtonChecked ? EHaspelStatus.IsUsed : EHaspelStatus.Unkown; if (status == EHaspelStatus.Unkown) { status = FullButtonChecked ? EHaspelStatus.Full : EHaspelStatus.Empty; } var result = new ScannerResult { Barcode = myCurrentResult.Text, Status = status, User = status == EHaspelStatus.IsUsed ? SelectedUserOptions : string.Empty }; OnScanResult?.Invoke(this, result); await myNavigationService.NavigateBackToRoot(); } catch (Exception e) { Console.WriteLine(e.Message); } }
public static ScannerResult Check(ScannerRequest request) { if (_knownAttackFiles.Count == 0) { lock (_syncObject) { if (_knownAttackFiles.Count == 0) { Initialize(); } } } ScannerResult result = new ScannerResult(); List <string> returnList = new List <string>(); string testedFile = request.URL.Trim('/') + "/lkfkjsalkalkln3nfioaoisf0090cvlklkvkllkalk"; WebPageRequest webRequest = new WebPageRequest(testedFile); //WebPageLoader.Load(webRequest); //if (webRequest.Response.Code.Equals("200")) //{ // return result; //} foreach (AttackFile attack in _knownAttackFiles) { testedFile = request.URL.Trim('/') + "/" + attack.File; webRequest = new WebPageRequest(testedFile); WebPageLoader.Load(webRequest); if (webRequest.Response.Code.Equals("200")) { bool anyFingerPrint = false; foreach (string fp in attack.FingerPrint) { if (webRequest.Response.Body.Contains(fp)) { anyFingerPrint = true; break; } } if (anyFingerPrint) { result.Success = true; string attackString = attack.Attacks.FirstOrDefault(); if (!String.IsNullOrEmpty(attackString)) { testedFile = testedFile + attackString; } returnList.Add(testedFile); } } } result.Results.AddRange(returnList); return(result); }
public static ScannerResult Check(ScannerRequest request) { if (_fileNames.Count == 0) { lock (_syncObject) { if (_fileNames.Count == 0) { Initialize(); } } } ScannerResult result = new ScannerResult(); foreach (string fileName in _fileNames) { string testedFile = request.URL.Trim('/') + "/" + fileName; WebPageRequest webRequest = new WebPageRequest(testedFile); WebPageLoader.Load(webRequest); if (Check_Contents(webRequest.Response.Body)) { result.Success = true; result.Results.Add(testedFile); return(result); } } return(result); }
/// <summary> /// Updates an existing event in the log. /// </summary> /// <param name='result'> /// Result. /// </param> public virtual void Update(ScannerResult result) { try { _semaphore.WaitOne(); //Reopen the connection if the connection is closed. if (Connection.State != ConnectionState.Open) { Open(); } //Update an existing event with the new packets. UpdateSql(result); Debugger.Put(4, "\tdb: updated existing event '{0}'", ConsoleColor.DarkMagenta, result.Signature); } catch (Exception e) { Debugger.Put(3, "\tdb: {0}", ConsoleColor.Red, e.Message); } finally { _semaphore.Release(); } }
public bool TrySave(ScannerResult result, string file, string path) { if (Directory.Exists(path)) { return(Write(result, file, path)); } var dir = Directory.CreateDirectory(path); return(dir.Exists ? Write(result, file, path) : Write(result, file, path)); }
private async void HandleHaspelResult(ScannerResult scanResult) { await myApiManager.HaspelApiManager.PostData(new Haspel { Barcode = scanResult.Barcode, Status = scanResult.Status, UsedBy = scanResult.User }); ScanResultHandled?.Invoke(this, scanResult); }
bool Write(ScannerResult result, string file, string path) { string fullPath = $"{path}/{file}"; if (File.Exists(fullPath)) { return(false); } File.WriteAllText(fullPath, result.ToJsonString()); return(true); }
public override void Handle(ScannerResult results) { var message = new MailMessage(); message.To.Add("mlandi@sourcesecure"); message.From = new MailAddress("*****@*****.**"); message.Subject = results.AttackType + " Attack Detected!"; message.Body = results.AttackAddress + " -> " + results.VictimAddress; message.Priority = MailPriority.High; new SmtpClient("mail.optonline.net", 25).Send(message); }
public ScannerResult Scan(IPAddress subnet) { var result = new ScannerResult(); //var ips = Pinger.PingAllAsync(subnet).Result; var ips = PingerThreaded.PingAll(subnet); //Console.WriteLine($"PingAll took {ips.Elapsed}"); result.Online.AddRange(Arp.GetAll() .Where(ae => ips.OnlineIps.ContainsKey(ae.Ip)) .Select(ae => new IpAndMac(ips.OnlineIps.First(ip => Equals(ae.Ip, ip.Key)).Key, ae.Mac))); return(result); }
public static ScannerResult Check(ScannerRequest request) { if (_socialDomains.Count == 0) { lock (_syncObject) { if (_socialDomains.Count == 0) { Initilize(); } } } ScannerResult result = new ScannerResult(); if (_masterIgnoreList.Contains(request.Domain)) { return(result); } HtmlDocument htmlDoc = new HtmlDocument(); htmlDoc.LoadHtml(request.Body); List <string> linksFound = new List <string>(); List <HtmlNode> anchorLinks = htmlDoc.DocumentNode.Descendants("a").ToList(); foreach (HtmlNode node in anchorLinks) { if (node.Attributes["href"] != null) { string value = node.Attributes["href"].Value; if (!value.StartsWith("mailto")) { if (CheckURL(request.Domain, value) && !linksFound.Contains(value)) { result.Success = true; linksFound.Add(value); } } } } result.Results.AddRange(linksFound); return(result); }
public string Format(ScannerResult report) { var builder = new StringBuilder(); builder.AppendLine($"Report Identifier: {report.Id.ToString()}"); builder.AppendLine($"Timestamp: {report.Timestamp.ToString()}"); builder.AppendLine(); builder.AppendLine("Results"); foreach (var result in report.Results) { Format(result, ref builder); } return(builder.ToString()); }
private ScannerResult GetScannerResult () { ScannerResult result = null; foreach (var symbol in scanner.Results) { var rect = symbol.Bounds; int height = rect.Height(); int w = rect.Width(); var point = symbol.GetLocationPoint (5); result = new ScannerResult { Data = symbol.Data, Type = symbol.Type, Quality = symbol.Quality }; return result; } return result; }
public static ScannerResult Check(ScannerRequest request) { if (_knownAttackHeaders.Count == 0) { lock (_syncObject) { if (_knownAttackHeaders.Count == 0) { Initialize(); } } } ScannerResult result = new ScannerResult(); List <string> returnList = new List <string>(); string testedFile = request.URL.Trim('/'); WebPageRequest webRequest = new WebPageRequest(testedFile); webRequest = new WebPageRequest(request.URL.Trim('/')); webRequest.Log = true; webRequest.LogDir = request.LogDir; foreach (AttackHeader attack in _knownAttackHeaders) { webRequest.Headers = attack.AttackHeaderCollection; WebPageLoader.Load(webRequest); foreach (var headerFP in attack.FingerPrintHeaders.AllKeys) { var header = webRequest.Response.Headers.Get(headerFP); if (header != null) { if (attack.FingerPrintHeaders[headerFP] == webRequest.Response.Headers[headerFP]) { returnList.Add(headerFP); } } } } result.Results.AddRange(returnList); return(result); }
public override IEnumerable <ScannerResult> Scan(IDataPacketCollection packets) { //Create a list of results we can add to as we find new attacks. var results = new List <ScannerResult>(); //Determine the time period that we should look back for packets at. var lookback = DateTime.Now.AddMinutes(-1).AddSeconds(-30); //Group all ARP packets by the sender. var arp_source = packets.Items.Where( x => x.Protocol == NetworkProtocol.arp).ToLookup( x => x.HardwareAddressSource); //Loop through each source address. foreach (string mac_source in arp_source.Select(x => x.Key)) { //Group all of the sender packets by the target address. var arp_source_target = arp_source[mac_source].ToLookup( x => x.HardwareAddressTarget); //Loop through each target address. foreach (var mac_target in arp_source_target.Select(x => x.Key)) { /* * Determine if a certain number of attack packets were found * for this sender/receiver in the lookback time period. */ if (arp_source_target[mac_target].Where(x => x.Timestamp >= lookback).Count() >= 20) { //Store the packets and result in the list for return. var packet = arp_source_target[mac_target].First(); var result = new ScannerResult(packet.HardwareAddressSource, packet.HardwareAddressTarget, "ARP Spoof", this, arp_source_target[mac_target]); results.Add(result); } } } return(results); }
public static ScannerResult BucketCheck(ScannerRequest request) { if (_bucketURLRegex.Count == 0) { lock (_syncObject) { if (_bucketURLRegex.Count == 0) { Initilize(); } } } ScannerResult result = new ScannerResult(); List <string> referencedBuckets = new List <string>(); List <string> bustedBuckets = new List <string>(); foreach (string search in _bucketURLRegex) { MatchCollection collection = Regex.Matches(request.Body, search); referencedBuckets.AddRange(collection.Cast <Match>().Select(match => match.Value).ToList()); } referencedBuckets = referencedBuckets.Distinct().ToList(); //todo: make better regex so we dont have to do this referencedBuckets.RemoveAll(x => x.Trim('/') == @"http://s3.amazonaws.com"); referencedBuckets.RemoveAll(x => x.Trim('/') == @"https://s3.amazonaws.com"); foreach (string bucket in referencedBuckets) { WebPageRequest webRequest = new WebPageRequest(bucket); WebPageLoader.Load(webRequest); if (webRequest.Response.Body.Contains("<Code>NoSuchBucket</Code>")) { result.Success = true; bustedBuckets.Add(bucket); } } result.Results.AddRange(bustedBuckets); return(result); }
private ScannerResult CheckEngine(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = SubdomainTakeover.Check(request); if (result.Success) { sb.Append("\tEngine Found! " + result.Results.First() + "! Email sent." + Environment.NewLine); SendEmail("Subdomain takeover", request.URL + " appears to have an open instance of " + result.Results.First()); if (linkBuilder != null) { linkBuilder.Append(request.URL + Environment.NewLine); } } else { sb.Append("\tNo engine found." + Environment.NewLine); } return(result); }
private ScannerResult CheckBuckets(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = S3Bucket.BucketCheck(request); if (result.Success) { sb.Append("\tUnclaimed S3 Buckets Found! " + String.Join(", ", result.Results.ToArray()) + "! Email sent." + Environment.NewLine); SendEmail("Unclaimed S3 Buckets Used", request.URL + " appears to use buckets " + String.Join(", " + Environment.NewLine, result.Results.ToArray())); if (linkBuilder != null) { linkBuilder.Append(request.URL + Environment.NewLine); } } else { sb.Append("\tNo Unclaimed S3 buckets found." + Environment.NewLine); } return(result); }
private ScannerResult CheckSocialMedia(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = SocialMedia.Check(request); if (result.Success) { sb.Append("\tDormant social media accounts found! " + String.Join(", " + Environment.NewLine, result.Results.ToArray()) + "! Email sent." + Environment.NewLine); SendEmail("Dormant Social Media Used", request.URL + " appears to use dormant social media accounts " + String.Join(Environment.NewLine, result.Results.ToArray())); if (linkBuilder != null) { linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine); } } else { sb.Append("\tNo dormant social media accounts found." + Environment.NewLine); } return(result); }
private ScannerResult CheckServices(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = Services.Check(request); if (result.Success) { sb.Append("\tService Exposure Found! " + result.Results.First() + "! Email sent." + Environment.NewLine); SendEmail("Exposed Service", request.URL + " appears to have an exposed service of " + result.Results.First()); if (linkBuilder != null) { linkBuilder.Append(request.URL + Environment.NewLine); } } else { sb.Append("\tNo exposed services found." + Environment.NewLine); } return(result); }
private ScannerResult CheckDefaultpages(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = DefaultPage.Check(request); if (result.Success) { sb.Append("\tDefault Page Found! " + result.Results.First() + "! Email sent." + Environment.NewLine); SendEmail("\tDefault Page", request.URL + " appears to have a default page for " + result.Results.First()); if (linkBuilder != null) { linkBuilder.Append(request.URL + Environment.NewLine); } } else { sb.Append("\tNo default pages found." + Environment.NewLine); } return(result); }
private ScannerResult CheckCRLF(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = CRLF.Check(request); if (result.Success) { sb.Append("\tCRLF Attack Found! " + request.URL + "! Email sent." + result.Results.First()); SendEmail("\tCRLF Attack Found ", request.URL + " appears to have known attack files: " + Environment.NewLine + result.Results.First()); if (linkBuilder != null) { linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine); } } else { sb.Append("\tNo CRLF found." + Environment.NewLine); } return(result); }
private ScannerResult CheckPHPInfo(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = PHPInfo.Check(request); if (result.Success) { sb.Append("\tPHP Info Found! " + result.Results.First() + "! Email sent." + Environment.NewLine); SendEmail("\tPHP Info Found ", result.Results.First() + " appears to have an exposed phpinfo()"); if (linkBuilder != null) { linkBuilder.Append(result.Results.First() + Environment.NewLine); } } else { sb.Append("\tNo phpinfo pages found." + Environment.NewLine); } return(result); }
private ScannerResult CheckIndexOf(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = IndexOf.Check(request); if (result.Success) { sb.Append("\tDirectory Traversal Found! " + request.URL + "! Email sent." + Environment.NewLine); SendEmail("\tDirectory Traversal Found", request.URL + " appears to have directory traversal enabled."); if (linkBuilder != null) { linkBuilder.Append(request.URL + Environment.NewLine); } } else { sb.Append("\tNo directory traversal found." + Environment.NewLine); } return(result); }
public static ScannerResult ScreenDump(this ScannerResult result) { Console.WriteLine($"Id: {result.Id}"); Console.WriteLine($"Scanner Id: {result.ScannerId}"); // Console.WriteLine($"{result}"); for (int i = 0; i < result.Results.Count; i++) { Console.WriteLine($"Id: {result.Results[i].Id}"); Console.WriteLine($"Name: {result.Results[i].Name}"); Console.WriteLine($"Status: {result.Results[i].Status}"); Console.WriteLine($"Component Id: {result.Results[i].ComponentId}"); Console.WriteLine($"Component Type: {result.Results[i].ComponentType}"); Console.WriteLine($"Parent Component Id: {result.Results[i].ParentComponentId}"); Console.WriteLine(); // Console.WriteLine($"{result.Results[i]}"); } return(result); }
private ScannerResult CheckCSP(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { ScannerResult result = ContentSecurityPolicy.Check(request); if (result.Success) { sb.Append("\tCSP Vulnerability Found! " + request.URL + "! Email sent." + result.Results.First()); SendEmail("\tCSP Vulnerability Found ", request.URL + " appears to have unclaimed CSP URLS: " + Environment.NewLine + result.Results.First()); if (linkBuilder != null) { linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine); } } else { sb.Append("\tNo CSP found." + Environment.NewLine); } return(result); }
public override IEnumerable <ScannerResult> Scan(IDataPacketCollection packets) { //Create a list of results we can add to as we find new attacks. var results = new List <ScannerResult>(); //Determine the time period that we should look back for packets at. var lookback = DateTime.Now.AddMinutes(-1).AddSeconds(-30); //Group all DNS packets by the sender. var tcp_source = packets.Items .Where(x => x.Protocol == NetworkProtocol.tcp) .Where(x => x.Timestamp >= lookback).ToLookup(x => x.IpAddressSource); foreach (var ip_source in tcp_source.Select(x => x.Key)) { var tcp_destination = tcp_source[ip_source].ToLookup(x => x.IpAddressDestination); foreach (var ip_destination in tcp_destination.Select(x => x.Key)) { var matches = tcp_destination[ip_destination].OrderBy(x => x.PortDestination); var ports = matches.Select(x => x.PortDestination).ToArray(); var longestSequence = LIS(ports); if (longestSequence > 30) { //Store the packets and result in the list for return. var offendingPacket = matches.First(); var result = new ScannerResult(offendingPacket.HardwareAddressSource, offendingPacket.HardwareAddressTarget, "Port Scan", this, matches); results.Add(result); } } } return(results); }
private ScannerResult CheckHeaders(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null) { request.LogDir = Settings.LogDir; ScannerResult result = Headers.Check(request); if (result.Success) { sb.Append("\tHeader attacks found! " + String.Join(", " + Environment.NewLine, result.Results.ToArray()) + "! Email sent." + Environment.NewLine); SendEmail("Header attacks found", request.URL + " appears to be vulnerable to header attacks " + String.Join(Environment.NewLine, result.Results.ToArray())); if (linkBuilder != null) { linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine); } } else { sb.Append("\tNo header attacks found." + Environment.NewLine); } return(result); }
public ScanCompleteEventArgs(ScannerResult scannerResult) { this.ScannerResult = scannerResult; }