/// <summary>
/// Bu fonksiyon taramada bulunan zafiyet sayısını döndürür.
/// This function returns found vulnerability count.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <returns></returns>
private static int GetScanVulnerabilitiesCount(W3afManager manager)
{
try
{
int VulnerabilityCount = 0;
string id = GetScanID(manager);
if (id != null)
{
Vulnerabilities vuln = ScanController.GetScanVulnerabilities(manager, id);
foreach (var item in vuln.Items)
{
VulnerabilityCount = Convert.ToInt32(item.Id);
}
}
else
{
Console.WriteLine("\n\n***Tarama Yok***\n");
}
return(VulnerabilityCount);
}
catch (Exception ex)
{
Console.WriteLine("\nScanView::howScanVulnerabilities\n Exception:" + ex.Message);
return(0);
}
}
/// <summary>
/// Bu fonksiyon taramada bulunan tüm zafiyetlerin detaylarını döndürür.
/// This function returns found all vulnerebilities details.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <param name="scanId">Scan ID</param>
/// <param name="lastVulnerability">Last Vulnerability ID</param>
/// <returns></returns>
public string GetScanVulnerabilitiesDetails(W3afManager manager, string scanId, int lastVulnerability)
{
//List<VulnerabilityDetails> vulnerabilitiesDetails = new List<VulnerabilityDetails>();
string jsonResponse = "[";
for (int i = 0; i <= lastVulnerability; i++)
{
if (i != lastVulnerability)
{
jsonResponse += manager.GetScanVulnerabilityDetails(scanId, i.ToString()) + ",";
}
else
{
jsonResponse += manager.GetScanVulnerabilityDetails(scanId, i.ToString());
}
//VulnerabilityDetails vulnerabilitiy = JsonConvert.DeserializeObject<VulnerabilityDetails>(jsonResponse);
//vulnerabilitiesDetails.Add(vulnerabilitiy);
}
jsonResponse += "]";
//return vulnerabilitiesDetails;
return(jsonResponse);
}
/// <summary>
/// Bu fonksiyon Taramayı durdurur.
/// This function stops the Scan.
/// </summary>
/// <param name="manager">W3afManager Object</param>
public static string StopScan(W3afManager manager)
{
try
{
string id = GetScanID(manager);
if (id == null)
{
return("Tarama Yok");
}
ScanStatus scanStatus = ScanController.GetScanStatus(manager, id);
string jsonResponse = ScanController.StopScan(manager, GetScanID(manager));
if (scanStatus.IsRunning == false || jsonResponse != null)
{
return("Tarama Durduruldu");
}
return("Tarama Durdurulamadı");
}
catch (Exception ex)
{
Console.WriteLine("ScanView::StopScan Exception: " + ex.Message);
return("Tarama Durdurulamadı");
}
}
/// <summary>
/// Bu fonksiyon Taramada bulunan zafiyetleri gösterir.
/// This function shows vulnerabilities found in Scan.
/// </summary>
/// <param name="manager"></param>
public static void ShowScanVulnerabilities(W3afManager manager)
{
try
{
string id = GetScanID(manager);
if (id != null)
{
Vulnerabilities vuln = ScanController.GetScanVulnerabilities(manager, id);
foreach (var item in vuln.Items)
{
Console.WriteLine("\nID: " + item.Id +
"\nName: " + item.Name +
"\nHref: " + item.Href +
"\nURL: " + item.Url);
}
}
else
{
Console.WriteLine("\n\n***Tarama Yok***\n");
}
}
catch (Exception ex)
{
Console.WriteLine("\nScanView::howScanVulnerabilities\n Exception:" + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon tarama durumunu getirir.
/// This function gets the Scan Status
/// </summary>
/// <param name="manager">W3afManager Object</param>
public static void GetScanStatus(W3afManager manager)
{
try
{
string scanId = GetScanID(manager);
ScanStatus scanStatus = ScanController.GetScanStatus(manager, scanId);
if (scanStatus != null && scanStatus.IsRunning.ToString().ToLower() == "true")
{
Console.WriteLine("Tarama Devam Ediyor. \n"
+ scanStatus.IsRunning.ToString() + "\n" +
"Status: " + scanStatus.Rpm.ToString() + "\n" +
"Audit: " + scanStatus.CurrentRequest.Audit + "\n" +
"Crawl: " + scanStatus.CurrentRequest.Crawl + "\n\n");
}
else if (scanStatus != null && scanStatus.IsRunning.ToString().ToLower() == "false")
{
Console.WriteLine("Tarama Sona Erdi.");
}
else if (scanStatus == null)
{
Console.WriteLine("***Gösterilecek Tarama Yok.***");
}
}
catch (Exception ex)
{
Console.WriteLine("\nScanView::GetScanStatus\n Exception: " + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon ilgili taramayı siler.
/// This function deletes the Scan.
/// </summary>
/// <param name="manager">W3afManager Object</param>
public static void DeleteScan(W3afManager manager)
{
try
{
string response = StopScan(manager);
if (response == "Tarama Durduruldu")
{
ScanController = new ScanController();
string ScanID = GetScanID(manager);
response = ScanController.DeleteScan(manager, ScanID);
if (response == null)
{
Console.WriteLine("***\nTarama Durdurulamadı.\n***");
}
else
{
Console.WriteLine("Tarama Silindi");
}
}
else if (response == "Tarama Yok")
{
Console.WriteLine("***\nSilinecek Tarama Yok.\n***");
}
else if (response == "Tarama Durdurulamadı")
{
Console.WriteLine("***\nTarama Durdurulamadı.\n***");
}
}
catch (Exception ex)
{
Console.WriteLine("\nScanView::DeleteScan\n Exception: " + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon yeni bir Tarama oluşturur.
/// This function creates a new Scan.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <param name="json">String in valid JSON type</param>
/// <returns></returns>
public string CreateScan(W3afManager manager, string json)
{
try
{
return(manager.CreateScan(json));
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Bu fonksiyon taramayı siler.
/// This function deletes the Scan
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <param name="id">Scan ID</param>
/// <returns></returns>
public string DeleteScan(W3afManager manager, string id)
{
try
{
return(manager.DeleteScan(id));
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Bu fonksiyon taramayı duraklatır.
/// This function pauses the Scan
/// </summary>
/// <param name="manager">W3afManager Object</param>
public static void PauseScan(W3afManager manager)
{
try
{
ScanController.PauseScan(manager, GetScanID(manager));
}
catch (Exception ex)
{
Console.WriteLine("ScanView::PauseScan Exception: " + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon Taramaları döndürür.
/// This function returns the scans.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <returns></returns>
public Scan GetScan(W3afManager manager)
{
try
{
string json = manager.GetScans();
var scans = JsonConvert.DeserializeObject <Scan>(json);
return(scans);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Bu fonksiyon Tarama ID döndürür.
/// This function returns Scan ID.
/// </summary>
/// <param name="manager">W3afManager Object</param>
/// <returns></returns>
private static string GetScanID(W3afManager manager)
{
try
{
Scan scanCreateResponse = ScanController.GetScan(manager);
if (scanCreateResponse.Items.Count() > 0)
{
return(scanCreateResponse.Items[0].Id.ToString());
}
return(null);
}
catch (Exception ex)
{
Console.WriteLine("\nScanView::GetScanID Exception:\n " + ex.Message);
return(null);
}
}
/// <summary>
/// Bu fonksiyon Taramada bulunan zafiyetleri XML olarak kaydeder.
/// This function saves as XML found vulnerability in Scan.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
public static void SaveScanVulnerabilitiesAsXML(W3afManager manager)
{
try
{
string scanID = GetScanID(manager);
int vulnCount = GetScanVulnerabilitiesCount(manager);
string jsonResponse = ScanController.GetScanVulnerabilitiesDetails(manager, scanID, vulnCount);
XmlDocument xmlDocument = JsonConvert.DeserializeXmlNode("{\"Row\":" + jsonResponse + "}", "root");
string strPath = Environment.GetFolderPath(
System.Environment.SpecialFolder.DesktopDirectory);
System.IO.File.WriteAllText(strPath + "\\w3af.xml", xmlDocument.InnerXml);
Console.WriteLine("Masaüstüne Kaydedildi.");
}
catch (Exception ex)
{
Console.WriteLine("ScanView::SaveScanVulnerabiliesAsXML Exception " + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon taramada bulunan zafiyetleri döndürür.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <param name="id">Scan ID</param>
/// <returns></returns>
public Vulnerabilities GetScanVulnerabilities(W3afManager manager, string id)
{
try
{
string response = manager.GetScanVulnerabilities(id);
Vulnerabilities vuln;
if (response != null)
{
return(vuln = JsonConvert.DeserializeObject <Vulnerabilities>(response));
}
return(null);
}
catch (Exception ex)
{
Console.WriteLine("ScanController::GetScanVulnerabilities Exception: " + ex.Message);
return(null);
}
}
/// <summary>
/// Bu fonksiyon Taramaları ekrana yazar.
/// This function writes the Scans to screen.
/// </summary>
/// <param name="manager">W3afManager Object</param>
public static void GetScan(W3afManager manager)
{
try
{
ScanController = new ScanController();
Scan scans = ScanController.GetScan(manager);
if (scans.Items.Count > 0)
{
Console.WriteLine("Devam Eden Tarama ID: " + scans.Items[0].Id);
}
else
{
Console.WriteLine("Herhangi bir tarama mevcut değildir.");
}
}
catch (Exception ex)
{
Console.WriteLine("ScanView::PrintScan() Error Message:" + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon yeni bir Tarama oluşturur ve oluşturulan ID'yi ekrana yazar.
/// This function creates a new Scan and created ID writes to the screen.
/// </summary>
/// <param name="manager"></param>
public static void CreateScan(W3afManager manager)
{
string currentDir = Directory.GetParent(Directory.GetCurrentDirectory()).Parent.FullName;
try
{
//Profile Name is scan settings namely it is policy. Profile Adı tarama ayarlarıdır yani policydir.
string scanProfileName = SelectProfile();
Console.WriteLine(scanProfileName);
//Web Site Login Page, Login username and Login Password.
EditPolicyLoginInformation(currentDir, scanProfileName);
string scanProfile = System.IO.File.ReadAllText(currentDir + "\\Model\\Policys\\" + scanProfileName);
string targetURL = SelectTargetURL();
ScanCreate scanCreate = new ScanCreate(scanProfile, targetURL);
ScanController = new ScanController();
string json = JsonConvert.SerializeObject(scanCreate);
string responseJson = ScanController.CreateScan(manager, json);
if (responseJson == null)
{
Console.WriteLine("Sistemde herhangi bir tarama mevcut ise öncelikle onu siliniz.");
return;
}
ScanCreateResponse scanCreateResponse = JsonConvert.DeserializeObject <ScanCreateResponse>(responseJson);
Console.WriteLine("Oluşturulan Tarama ID: " + scanCreateResponse.ID);
}
catch (Exception ex)
{
Console.WriteLine("ScanView::CreateScan Exception: " + ex.Message);
}
}
/// <summary>
/// Bu fonksiyon tarama durumunu getirir.
/// This function gets the Scan Status
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <param name="id">Scan ID</param>
/// <returns></returns>
public ScanStatus GetScanStatus(W3afManager manager, string id)
{
try
{
if (id == null)
{
return(null);
}
string json = manager.GetScanStatus(id);
ScanStatus scanStatus = JsonConvert.DeserializeObject <ScanStatus>(json);
if (scanStatus != null)
{
return(scanStatus);
}
}
catch (Exception ex)
{
Console.WriteLine("ScanController::GetScanStatus Message:" + ex.Message);
return(null);
}
return(null);
}
/// <summary>
/// Bu fonksiyon taramayı durdurur.
/// This function stopped the Scan.
/// </summary>
/// <param name="manager">W3afManager Instance</param>
/// <param name="id">Scan ID</param>
/// <returns></returns>
public string StopScan(W3afManager manager, string id)
{
return(manager.StopScan(id));
}
static void Main(string[] args)
{
try
{
ScanView.SetIPAndPort();
using (W3afSession session = new W3afSession(ScanView.IP, ScanView.Port, ScanView.Username, ScanView.Password, true))
{
using (W3afManager manager = new W3afManager(session))
{
if (session.W3afServiceState())
{
string inputSelection = "";
do
{
Console.Write("\nYapmak istediğiniz işlemi seçiniz." +
"\nA: Tarama Oluşturmak İçin" +
"\nB: Tarama ID döndürmek için " +
"\nC: Tarama Durumunu Görüntülemek İçin" +
"\nD: Tarama Silmek İçin" +
"\nE: Zafiyetleri Görmek İçin" +
"\nF: Zafiyetleri XML Olarak Masaüstüne Kaydet" +
"\nQ: Çıkış İçin" +
"\nSeçiminiz: ");
inputSelection = Console.ReadLine().ToUpper();
switch (inputSelection)
{
case "A":
ScanView.CreateScan(manager);
break;
case "B":
ScanView.GetScan(manager);
break;
case "C":
ScanView.GetScanStatus(manager);
break;
case "D":
ScanView.DeleteScan(manager);
break;
case "E":
ScanView.ShowScanVulnerabilities(manager);
break;
case "F":
ScanView.SaveScanVulnerabilitiesAsXML(manager);
break;
case "Q":
break;
default:
Console.WriteLine("\n***Hatalı Seçim. Lütfen Seçiminizi kontrol ediniz.***\n");
break;
}
} while (inputSelection != "Q");
}
else
{
Console.WriteLine("Not OKEY");
}
Console.Read();
}
}
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Bu fonksiyon taramayı duraklatır.
/// This function pauses the Scan.
/// </summary>
/// <param name="manager"></param>
/// <param name="id"></param>
/// <returns></returns>
public string PauseScan(W3afManager manager, string id)
{
return(manager.PauseScan(id));
}
