예제 #1
0
        /// <summary>
        /// Determines ViewstateMac Vulnerabilities.
        /// </summary>
        /// <param name="filePath"></param>
        /// <returns></returns>
        public IEnumerable <VulnerabilityDetail> FindVulnerabilties(string filePath)
        {
            List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>();
            XPathNavigator             element         = XMLParser.CreateNavigator(filePath, Pages_Node);

            if (element != null && element.HasAttributes)
            {
                bool vulnerable = false;
                element.MoveToFirstAttribute();
                do
                {
                    if (element.Name.Equals("enableViewStateMac", StringComparison.OrdinalIgnoreCase))
                    {
                        if (element.Value.Equals("false", StringComparison.OrdinalIgnoreCase))
                        {
                            vulnerable = true;
                        }
                        break;
                    }
                }while (element.MoveToNextAttribute());

                if (vulnerable)
                {
                    vulnerabilities.Add(VulnerabilityDetail.Create(filePath, element, Enums.ScannerType.ViewStateMac));
                }
            }
            return(vulnerabilities);
        }
        /// <summary>
        /// This method to find HTTP Header Vulnerabilities.
        /// </summary>
        /// <param name="filePath"></param>
        /// <returns></returns>
        public IEnumerable <VulnerabilityDetail> FindVulnerabilties(string filePath)
        {
            List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>();
            XPathNavigator             element         = XMLParser.CreateNavigator(filePath, HttpRuntime_Node);

            if (element != null && element.HasAttributes)
            {
                element.MoveToFirstAttribute();
                do
                {
                    if (element.Name.Equals("enableHeaderChecking", StringComparison.OrdinalIgnoreCase))
                    {
                        if (element.Value.Equals("false", StringComparison.OrdinalIgnoreCase))
                        {
                            vulnerabilities.Add(VulnerabilityDetail.Create(filePath, element, Enums.ScannerType.HTTPHeaderChecking));
                        }
                        break;
                    }
                }while (element.MoveToNextAttribute());
            }
            return(vulnerabilities);
        }
        /// <summary>
        /// This method will find Machine key Vulnerabilities.
        /// </summary>
        /// <param name="filePath"></param>
        /// <returns></returns>
        public IEnumerable <VulnerabilityDetail> FindVulnerabilties(string filePath)
        {
            List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>();
            XPathNavigator             element         = XMLParser.CreateNavigator(filePath, Forms_Node);

            if (element != null && element.HasAttributes)
            {
                element.MoveToFirstAttribute();
                do
                {
                    if (element.Name.Equals("validationKey", StringComparison.InvariantCultureIgnoreCase) ||
                        element.Name.Equals("decryptionKey", StringComparison.InvariantCultureIgnoreCase))
                    {
                        if (!element.Value.Contains("AutoGenerate"))
                        {
                            vulnerabilities.Add(VulnerabilityDetail.Create(filePath, element, Enums.ScannerType.MachineKeyClearText));
                        }
                    }
                }while (element.MoveToNextAttribute());
            }
            return(vulnerabilities);
        }