C# (CSharp) AutoAssess.Data.BusinessObjects WapitiBugの例

コード例 #1

ファイル: PersistentWapitiBug.cs プロジェクト: karuna/rising_sun

        public PersistentWapitiBug(WapitiBug bug, Guid creatorID)
        {
            this.Level = bug.Level;
            this.Timestamp = bug.Timestamp;
            this.URL = bug.URL;
            this.Host = bug.Host;
            this.Port = bug.Port;
            this.Parameter = bug.Parameter;
            this.Info = bug.Info;
            this.Type = bug.Type;

            SetCreationInfo(creatorID);
        }

コード例 #2

        public IToolResults Run(WapitiBug bug)
        {
            if (bug.Type != "Cross Site Scripting")
            {
                return(null);
            }

            DsxsToolResults  results;
            ProcessStartInfo si = new ProcessStartInfo();

            si.RedirectStandardOutput = true;
            si.UseShellExecute        = false;

            Process proc = new Process();

            proc.StartInfo           = si;
            proc.EnableRaisingEvents = false;
            proc.StartInfo.FileName  = _options.Path;

            string url     = bug.URL.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
            string command = string.Empty;

            command = "-u \"" + url + "\" --random-agent";             //always use a random agent.

            if (bug.URL.Contains(bug.Parameter))
            {
                //the XSS is in a GET request
                proc.StartInfo.Arguments = command;
                Console.WriteLine("Performing GET XSS test on URL: " + url);
            }
            else
            {
                //the XSS is in a POST request
                string data = bug.Parameter.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
                command = command + " --data=\"" + data + "\"";
                proc.StartInfo.Arguments = command;
                Console.WriteLine("Performing POST XSS test on URL: " + url);
            }

            proc.Start();

            string output = proc.StandardOutput.ReadToEnd();

            results = new DsxsToolResults(output);

            results.HostIPAddressV4 = bug.Host;
            results.HostPort        = bug.Port;
            return(results as IToolResults);
        }

コード例 #3

ファイル: Dsxs.cs プロジェクト: karuna/rising_sun

        public IToolResults Run(WapitiBug bug)
        {
            if (bug.Type != "Cross Site Scripting")
                return null;

            DsxsToolResults results;
            ProcessStartInfo si = new ProcessStartInfo();

            si.RedirectStandardOutput = true;
            si.UseShellExecute = false;

            Process proc = new Process();

            proc.StartInfo = si;
            proc.EnableRaisingEvents = false;
            proc.StartInfo.FileName = _options.Path;

            string url = bug.URL.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
            string command = string.Empty;

            command = "-u \"" + url + "\" --random-agent"; //always use a random agent.

            if (bug.URL.Contains(bug.Parameter))
            {
                //the XSS is in a GET request
                proc.StartInfo.Arguments = command;
                Console.WriteLine ("Performing GET XSS test on URL: " + url);
            }
            else
            {
                //the XSS is in a POST request
                string data = bug.Parameter.Replace("%3Cscript%3Ealert%28%22tv25fmf889%22%29%3C%2Fscript%3E", "abcd");
                command = command + " --data=\"" + data + "\"";
                proc.StartInfo.Arguments = command;
                Console.WriteLine ("Performing POST XSS test on URL: " + url);
            }

            proc.Start();

            string output = proc.StandardOutput.ReadToEnd();
            results = new DsxsToolResults(output);

            results.HostIPAddressV4 = bug.Host;
            results.HostPort = bug.Port;
            return results as IToolResults;
        }

コード例 #4

ファイル: SQLMap.cs プロジェクト: karuna/rising_sun

        public IToolResults Run(WapitiBug bug)
        {
            string bugType = bug.Type;
            if (!bugType.StartsWith("SQL Injection"))
                return null;

            ProcessStartInfo si = new ProcessStartInfo();
            si.RedirectStandardOutput = true;
            si.UseShellExecute = false;

            Process proc = new Process();
            proc.StartInfo = si;
            proc.EnableRaisingEvents = false;
            proc.StartInfo.FileName = _options.Path;
            proc.StartInfo.Arguments = "--purge-output";
            proc.Start();

            string output = proc.StandardOutput.ReadToEnd();

            string url = bug.URL;

            if (url.Contains(bug.Parameter))
            {
                //URL contains the parameters, most likely injection via GET verb

                //remove any offending data
                url = url.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");

                List<string> skippedParams = new List<string>();
                foreach (string param in Regex.Split(bug.Parameter, "&"))
                {
                    if (param.Contains("%BF%27%22%28") || param.Contains("or+benchmark"))
                        continue;
                    else
                        skippedParams.Add(param.Split('=')[0]);
                }

                Console.WriteLine("Running GET SQL injection test on URL: " + bug.URL);

                string command = string.Empty;

                string host = url.Split('/')[2].Split(':')[0];

                command = " --disable-coloring -u \"" + url + "\" -o --fresh-queries --random-agent --flush-session --smart --batch";

                if (skippedParams.Count > 0)
                    command = command + " --skip=\"" + String.Join(",", skippedParams) + "\"";

                command += (!string.IsNullOrEmpty(_options.DBMS) ? " --dbms=" + _options.DBMS : string.Empty);
                command += (_options.Level.HasValue ? " --level=" + _options.Level.Value.ToString() : string.Empty);
                command += (_options.Risk.HasValue ? " --risk=" + _options.Risk.Value : string.Empty);
                //command += (_options.TestForms ? " --forms" : string.Empty);

                proc = new Process();

                proc.StartInfo = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName = _options.Path;
                proc.StartInfo.Arguments = command;
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                SQLMapResults results = new SQLMapResults(output, host);

                //this is a hack
                proc = new Process();
                proc.StartInfo = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName = _options.Path;
                proc.StartInfo.Arguments = "--purge-output";
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                return results;
            }
            else
            {
                //URL does not contain the parameters, most likely injection via POST verb

                //remove any offending data
                url = url.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                string data = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");

                List<string> skippedParams = new List<string>();
                foreach (string param in Regex.Split(bug.Parameter, "&"))
                {
                    if (param.Contains("%BF%27%22%28") || param.Contains("or+benchmark"))
                        continue;
                    else
                        skippedParams.Add(param.Split('=')[0]);
                }

                Console.WriteLine("Running POST SQL injection test on URL: " + bug.URL);

                string host = url.Split('/')[2].Split(':')[0];
                string command = string.Empty;

                command = " -u \"" + url + "\" -o --fresh-queries --random-agent --flush-session --smart --batch";

                command += " --data=\"" + data + "\"";

                if (skippedParams.Count > 0)
                    command = command + " --skip=\"" + String.Join(",", skippedParams) + "\"";

                command += (!string.IsNullOrEmpty(_options.DBMS) ? " --dbms=" + _options.DBMS : string.Empty);
                command += (_options.Level.HasValue ? " --level=" + _options.Level.Value.ToString() : string.Empty);
                command += (_options.Risk.HasValue ? " --risk=" + _options.Risk.Value : string.Empty);

                si = new ProcessStartInfo();

                si.RedirectStandardOutput = true;
                si.UseShellExecute = false;

                proc = new Process();

                proc.StartInfo = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName = _options.Path;
                proc.StartInfo.Arguments = command;
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                SQLMapResults results = new SQLMapResults(output, host);

                //this is a hack
                proc = new Process();
                proc.StartInfo = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName = _options.Path;
                proc.StartInfo.Arguments = "--purge-output";
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                return results;
            }
        }

コード例 #5

ファイル: SQLMap.cs プロジェクト: triplekill/rising_sun

        public IToolResults Run(WapitiBug bug)
        {
            string bugType = bug.Type;

            if (!bugType.StartsWith("SQL Injection"))
            {
                return(null);
            }

            ProcessStartInfo si = new ProcessStartInfo();

            si.RedirectStandardOutput = true;
            si.UseShellExecute        = false;

            Process proc = new Process();

            proc.StartInfo           = si;
            proc.EnableRaisingEvents = false;
            proc.StartInfo.FileName  = _options.Path;
            proc.StartInfo.Arguments = "--purge-output";
            proc.Start();

            string output = proc.StandardOutput.ReadToEnd();

            string url = bug.URL;

            if (url.Contains(bug.Parameter))
            {
                //URL contains the parameters, most likely injection via GET verb

                //remove any offending data
                url = url.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");

                List <string> skippedParams = new List <string>();
                foreach (string param in Regex.Split(bug.Parameter, "&"))
                {
                    if (param.Contains("%BF%27%22%28") || param.Contains("or+benchmark"))
                    {
                        continue;
                    }
                    else
                    {
                        skippedParams.Add(param.Split('=')[0]);
                    }
                }

                Console.WriteLine("Running GET SQL injection test on URL: " + bug.URL);

                string command = string.Empty;

                string host = url.Split('/')[2].Split(':')[0];

                command = " --disable-coloring -u \"" + url + "\" -o --fresh-queries --random-agent --flush-session --smart --batch";

                if (skippedParams.Count > 0)
                {
                    command = command + " --skip=\"" + String.Join(",", skippedParams) + "\"";
                }

                command += (!string.IsNullOrEmpty(_options.DBMS) ? " --dbms=" + _options.DBMS : string.Empty);
                command += (_options.Level.HasValue ? " --level=" + _options.Level.Value.ToString() : string.Empty);
                command += (_options.Risk.HasValue ? " --risk=" + _options.Risk.Value : string.Empty);
                //command += (_options.TestForms ? " --forms" : string.Empty);

                proc = new Process();

                proc.StartInfo           = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName  = _options.Path;
                proc.StartInfo.Arguments = command;
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                SQLMapResults results = new SQLMapResults(output, host);

                //this is a hack
                proc                     = new Process();
                proc.StartInfo           = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName  = _options.Path;
                proc.StartInfo.Arguments = "--purge-output";
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                return(results);
            }
            else
            {
                //URL does not contain the parameters, most likely injection via POST verb

                //remove any offending data
                url = url.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                string data = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");

                List <string> skippedParams = new List <string>();
                foreach (string param in Regex.Split(bug.Parameter, "&"))
                {
                    if (param.Contains("%BF%27%22%28") || param.Contains("or+benchmark"))
                    {
                        continue;
                    }
                    else
                    {
                        skippedParams.Add(param.Split('=')[0]);
                    }
                }

                Console.WriteLine("Running POST SQL injection test on URL: " + bug.URL);

                string host    = url.Split('/')[2].Split(':')[0];
                string command = string.Empty;

                command = " -u \"" + url + "\" -o --fresh-queries --random-agent --flush-session --smart --batch";

                command += " --data=\"" + data + "\"";

                if (skippedParams.Count > 0)
                {
                    command = command + " --skip=\"" + String.Join(",", skippedParams) + "\"";
                }

                command += (!string.IsNullOrEmpty(_options.DBMS) ? " --dbms=" + _options.DBMS : string.Empty);
                command += (_options.Level.HasValue ? " --level=" + _options.Level.Value.ToString() : string.Empty);
                command += (_options.Risk.HasValue ? " --risk=" + _options.Risk.Value : string.Empty);

                si = new ProcessStartInfo();

                si.RedirectStandardOutput = true;
                si.UseShellExecute        = false;

                proc = new Process();

                proc.StartInfo           = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName  = _options.Path;
                proc.StartInfo.Arguments = command;
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                SQLMapResults results = new SQLMapResults(output, host);

                //this is a hack
                proc                     = new Process();
                proc.StartInfo           = si;
                proc.EnableRaisingEvents = false;
                proc.StartInfo.FileName  = _options.Path;
                proc.StartInfo.Arguments = "--purge-output";
                proc.Start();

                output = proc.StandardOutput.ReadToEnd();

                return(results);
            }
        }

コード例 #6

ファイル: PersistentWapitiBug.cs プロジェクト: karuna/rising_sun

        public virtual WapitiBug ToWapitiBug()
        {
            WapitiBug bug = new WapitiBug();

            bug.Level = this.Level;
            bug.Timestamp = this.Timestamp;
            bug.URL = this.URL;
            bug.Host = this.Host;
            bug.Port = this.Port;
            bug.Parameter = this.Parameter;
            bug.Info = this.Info;
            bug.Type = this.Type;

            return bug;
        }