public static Dictionary <string, string> Find(string body, string url, List <string> userNames, List <DomainData> socialDomains, bool returnOnlyNone200 = true)
{
Dictionary <string, string> foundUrls = new Dictionary <string, string>();
LinkParser parser = new LinkParser();
parser.ParseLinksAgility(body, url, true);
foreach (Request foundUrl in parser.GoodUrls)
{
string foundURL = DomainUtility.StripProtocol(foundUrl.Url.Split('?')[0]);
if (SocialDomainUtility.CheckIfSocialMediaSite(foundURL, socialDomains))
{
if (userNames.Count == 0)
{
if (!foundUrls.ContainsKey(foundURL))
{
Request request = new Request(DomainUtility.EnsureHTTPS(foundURL));
RequestUtility.GetWebText(request);
if (!request.Response.Code.Equals("200") || request.Url.Contains("buymethat"))
{
foundUrls.Add(foundURL, url);
}
else if (!returnOnlyNone200)
{
foundUrls.Add(foundURL, url);
}
}
}
else
{
foreach (string userName in userNames)
{
if (foundURL.ToLower().Contains(userName.ToLower()))
{
if (!foundUrls.ContainsKey(foundURL))
{
if (Ignore.Contains(foundURL.ToLower()))
{
continue;
}
Request request = new Request(DomainUtility.EnsureHTTPS(foundURL));
RequestUtility.GetWebText(request);
if (!request.Response.Code.Equals("200") || request.Url.Contains("buymethat"))
{
foundUrls.Add(foundURL, url);
}
else if (!returnOnlyNone200)
{
foundUrls.Add(foundURL, url);
}
}
}
}
}
}
}
return(foundUrls);
}
private static bool CheckURL(string startingDomain, string url)
{
string foundURL = DomainUtility.StripProtocol(url.Split('?')[0]);
if (CheckIfSocialMediaSite(startingDomain, foundURL))
{
//if (userNames.Count == 0)
//{
// if (!foundUrls.ContainsKey(foundURL))
// {
WebPageRequest request = new WebPageRequest(DomainUtility.EnsureHTTPS(foundURL).ToLower());
WebPageLoader.Load(request);
if (!request.Response.Code.Equals("200"))
{
return(true);
}
// else if (!returnOnlyNone200)
// foundUrls.Add(foundURL, url);
// }
//}
//else
//{
// foreach (string userName in userNames)
// {
// if (foundURL.ToLower().Contains(userName.ToLower()))
// {
// if (!foundUrls.ContainsKey(foundURL))
// {
// Request request = new Request(DomainUtility.EnsureHTTPS(foundURL));
// RequestUtility.GetWebText(request);
// if (!request.Response.Code.Equals("200"))
// foundUrls.Add(foundURL, url);
// else if (!returnOnlyNone200)
// foundUrls.Add(foundURL, url);
// }
// }
// }
//}
}
return(false);
}
private void TestURLS(List <string> urlsToTest)
{
_statusWrite = new Action <string>(Status);
_dataGridWrite = new Action <DataGridRow>(AddRow);
_subStatusWrite = new Action <string>(SubStatus);
_batchAction = new Action <string, string>(SetBatch);
List <string> schemas = new List <string>();
schemas.Add("https");
schemas.Add("http");
foreach (var schema in schemas)
{
_statusWrite.Invoke("Starting schema: " + schema);
int chunckCount = 1;
foreach (List <string> subDomainChunk in urlsToTest.ChunkBy(_threadCount))
{
_statusWrite.Invoke("Starting chunck count: " + chunckCount);
foreach (var sub in subDomainChunk)
{
_batchAction.Invoke(schema + "://" + sub, "W");
}
int count = Math.Min(_threadCount, subDomainChunk.Count);
_countdown = new CountdownEvent(count);
List <Thread> lstThreads = new List <Thread>();
//DataGridRow[] results = new DataGridRow[count];
// List<DataGridRow> results = new List<DataGridRow>();
_statusWrite.Invoke("Creating threads for chunck count" + chunckCount);
int index = 0;
foreach (string chunck in subDomainChunk)
{
string address = "";
if (schema.Equals("http"))
{
address = DomainUtility.EnsureHTTP(chunck.ToString());
}
else
{
address = DomainUtility.EnsureHTTPS(chunck.ToString());
}
Thread th = new Thread(() =>
{
try
{
WorkThread(address);
//DataGridRow row = WorkThread(address);
//lock (_syncObject)
//{
// results.Add(row);
//}
}
catch (Exception ex)
{
int x = 0;
}
});
lstThreads.Add(th);
index++;
}
index = 0;
_statusWrite.Invoke("Starting threads for chunck count: " + chunckCount);
foreach (Thread th in lstThreads)
{
th.SetApartmentState(ApartmentState.STA);
th.Start();
}
_statusWrite.Invoke("Waiting on chunck count: " + chunckCount);
_countdown.Wait();
_statusWrite.Invoke("Finished chunck count: " + chunckCount);
chunckCount++;
}
}
}
private void TestDomain(string address, bool signalEnd)
{
StringBuilder sb = new StringBuilder();
StringBuilder linkBuilder = new StringBuilder();
try
{
List <string> schemas = new List <string>();
schemas.Add("http");
schemas.Add("https");
foreach (var schema in schemas)
{
if (schema.Equals("http"))
{
address = DomainUtility.EnsureHTTP(address);
}
else
{
address = DomainUtility.EnsureHTTPS(address);
}
sb.Append("Checking: " + address + Environment.NewLine);
WebPageRequest request = new WebPageRequest();
request.Address = address;
WebPageLoader.Load(request);
ScannerRequest sRequest = new ScannerRequest();
sRequest.Body = request.Response.Body;
sRequest.URL = address;
sRequest.Domain = DomainUtility.GetDomainFromUrl(address);
ScannerResult result = new ScannerResult();
ScannerContext scannerContext = new ScannerContext();
if (request.Response.Body.Equals(String.Empty) && request.Response.TimeOut == false)
{
sb.Append("\tNo body found." + Environment.NewLine);
}
else
{
if (request.Response.TimeOut == false)
{
result = CheckEngine(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckBuckets(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckSocialMedia(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckServices(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckDefaultpages(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckIndexOf(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
foreach (var script in request.Response.Scripts)
{
ScannerRequest scriptRequest = new ScannerRequest();
scriptRequest.Body = script.Value;
scriptRequest.URL = script.Key;
result = CheckBuckets(scriptRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
}
}
else
{
// CheckBigIPService(request, sb);
}
}
//CheckForFileType(request.Address, sb, "swf", linkBuilder);
//result = CheckForFileType(request.Address, sb, "php", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "xml", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "conf", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
//result = CheckForFileType(request.Address, sb, "env", linkBuilder);
//if (result.Success) { scannerContext.FoundVulnerabilities.Add(new Vulnerability() { URL = "", Results = result.Results }); }
result = CheckPHPInfo(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckKnownAttackFiles(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckCRLF(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckCSP(sRequest, sb, linkBuilder);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
result = CheckHeaders(sRequest, sb);
if (result.Success)
{
scannerContext.FoundVulnerabilities.Add(new Vulnerability()
{
URL = "", Results = result.Results
});
}
}
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
}
Log(sb.ToString());
LogLinks(linkBuilder.ToString());
if (signalEnd)
{
_countdown.Signal();
}
}
private void Test(string url)
{
StringBuilder sb = new StringBuilder();
try
{
List <string> schemas = new List <string>();
schemas.Add("http");
schemas.Add("https");
foreach (var schema in schemas)
{
if (schema.Equals("http"))
{
url = DomainUtility.EnsureHTTP(url);
}
else
{
url = DomainUtility.EnsureHTTPS(url);
}
sb.Append(Environment.NewLine);
sb.Append(Environment.NewLine);
sb.Append(DateTime.Now.ToString());
sb.Append(" Checking: " + url + Environment.NewLine);
sb.Append("------------------");
List <IAttack> attacks = new List <IAttack>();
//Future: Auto detect dlls
attacks.Add(new Clark.Attack.ContentScanner.Processor());
attacks.Add(new Clark.Attack.SocialMedia.Processor());
attacks.Add(new Clark.Attack.InformationLeak.Processor());
attacks.Add(new Clark.Attack.CRLF.Processor());
attacks.Add(new Clark.Attack.VulnerableFiles.Processor());
attacks.Add(new Clark.Attack.HTTPHeader.Processor());
attacks.Add(new Clark.Attack.CSP.Processor());
attacks.Add(new Clark.Attack.HTTPResponse.Processor());
attacks.Add(new Clark.Attack.FileUpload.Processor());
attacks.Add(new Clark.Attack.Redirect.Processor());
WebPageRequest request = new WebPageRequest();
request.Address = url;
WebPageLoader.Load(request);
var sRequest = new AttackRequest();
sRequest.Body = request.Response.Body;
sRequest.URL = url;
sRequest.Domain = DomainUtility.GetDomainFromUrl(url);
sRequest.LogDir = Settings.LogDir;
_countdown = new CountdownEvent(attacks.Count);
List <Thread> lstThreads = new List <Thread>();
foreach (var attack in attacks)
{
Thread th = new Thread(() => { sb.Append(Environment.NewLine + ExecuteAttack(attack, sRequest)); });
lstThreads.Add(th);
}
foreach (Thread th in lstThreads)
{
th.Start();
}
_countdown.Wait();
}
}
catch (Exception ex)
{
string inner = "";
if (ex.InnerException != null)
{
inner = ex.InnerException.Message;
}
sb.Append("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
LogError("!!!!!Exception: " + ex.Message + " Inner: " + inner + " Stack: " + ex.StackTrace);
}
Log(sb.ToString());
}