private void ScanSelectedWizard_Load(object sender, EventArgs e)
{
foreach (string Name in ActivePlugin.List())
{
ScanPluginsGrid.Rows.Add(new object[] { true, Name });
}
foreach (string Name in FormatPlugin.List())
{
FormatGrid.Rows.Add(new object[] { true, Name });
}
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
if (InjectQueryCB.Checked)
{
QueryParametersFilterCB.Enabled = true;
}
if (InjectBodyCB.Checked)
{
BodyParametersFilterCB.Enabled = true;
}
if (InjectCookieCB.Checked)
{
CookieParametersFilterCB.Enabled = true;
}
if (InjectHeadersCB.Checked)
{
HeadersParametersFilterCB.Enabled = true;
}
}
private void RefreshSessListLL_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
LoginRecordingComboBox.Items.Clear();
LoginRecordingComboBox.Items.AddRange(Recording.Recording.GetNames().ToArray());
ScanBranchSessionPluginsCombo.Items.Clear();
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
}
string CheckStep3Input()
{
if (ScanBranchSessionPluginsCombo.Text.Trim().Length > 0 && !SessionPlugin.List().Contains(ScanBranchSessionPluginsCombo.Text))
{
return("Session Plugin value is invalid, either enter a valid Plugin name or leave this value blank");
}
return("");
}
string CheckStep3Input()
{
if (LoginRecordingComboBox.Text.Trim().Length > 0 && !Recording.Recording.GetNames().Contains(LoginRecordingComboBox.Text))
{
return("Recording with given name does not exist, either enter a valid recording name or leave this value blank");
}
if (ScanBranchSessionPluginsCombo.Text.Trim().Length > 0 && !SessionPlugin.List().Contains(ScanBranchSessionPluginsCombo.Text))
{
return("Session Plugin with given name does not exist, either enter a valid Plugin name or leave this value blank");
}
return("");
}
internal static void LoadNewSessionPlugins(ScriptEngine Engine)
{
string SessionPluginPath = Path.Combine(Config.RootDir, "plugins\\session");
string[] SessionPluginFiles = Directory.GetFiles(SessionPluginPath);
List <string> OldPluginFiles = new List <string>();
List <string> NewPluginFiles = new List <string>();
foreach (string Name in SessionPlugin.List())
{
OldPluginFiles.Add((Config.RootDir + "\\plugins\\session\\" + SessionPlugin.Get(Name).FileName).Replace("/", "\\"));
}
foreach (string PluginFile in SessionPluginFiles)
{
if (!OldPluginFiles.Contains(PluginFile))
{
NewPluginFiles.Add(PluginFile);
}
}
LoadSessionPlugins(Engine, NewPluginFiles);
}
private void ConfigureScanStartScanBtn_Click(object sender, EventArgs e)
{
ScanManager.Stop(true);
ScanManager.PrimaryHost = ConfigureScanHostNameTB.Text;
ScanManager.BaseUrl = ConfigureScanBaseUrlTB.Text;
ScanManager.StartingUrl = ConfigureScanStartingUrlTB.Text;
ScanManager.Mode = ScanMode.UserConfigured;
ScanManager.PerformDirAndFileGuessing = ConfigureScanDirAndFileGuessingCB.Checked;
ScanManager.HTTP = ConfigureScanHTTPCB.Checked;
ScanManager.HTTPS = ConfigureScanHTTPSCB.Checked;
ScanManager.HostsToInclude = new List <string>(ConfigureScanHostsToIncludeTB.Text.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries));
ScanManager.UrlsToAvoid = new List <string>(ConfigureScanUrlToAvoidTB.Text.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries));
ScanManager.IncludeSubDomains = ConfigureScanIncludeSubDomainsCB.Checked;
ScanManager.CrawlAndScan = ConfigureScanCrawlAndScanRB.Checked;
if (IronUI.CSF.ConfigureScanSessionPluginsCombo.Text.Length > 0)
{
if (SessionPlugin.List().Contains(IronUI.CSF.ConfigureScanSessionPluginsCombo.Text))
{
ScanManager.SessionHandler = SessionPlugin.Get(IronUI.CSF.ConfigureScanSessionPluginsCombo.Text);
}
else
{
IronUI.ShowConfiguredScanMessage("Non-existent Session Plugin Selected", true);
return;
}
}
string Message = CheckInput();
if (Message.Length > 0)
{
IronUI.ShowConfiguredScanMessage(Message, true);
return;
}
ScanManager.StartScan();
IronUI.CSF.Close();
IronUI.UpdateConsoleControlsStatus(true);
}
static void GetNewPlugins(XmlNode ManifestNode)
{
string PluginType = ManifestNode.Name;
List <string[]> AllPluginInfo = new List <string[]>();
switch (PluginType)
{
case ("active"):
foreach (string Name in ActivePlugin.List())
{
ActivePlugin P = ActivePlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("passive"):
foreach (string Name in PassivePlugin.List())
{
PassivePlugin P = PassivePlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("format"):
foreach (string Name in FormatPlugin.List())
{
FormatPlugin P = FormatPlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("session"):
foreach (string Name in SessionPlugin.List())
{
SessionPlugin P = SessionPlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
}
StringBuilder SB = new StringBuilder();
XmlWriter XW = XmlWriter.Create(SB);
XW.WriteStartDocument();
XW.WriteStartElement("manifest");
foreach (XmlNode FileNode in ManifestNode.ChildNodes)
{
string Version = "";
string Action = "";
string FileName = "";
string DownloadFileName = "";
string Comment = "";
List <string[]> SupportFiles = new List <string[]>();
foreach (XmlNode PropertyNode in FileNode.ChildNodes)
{
switch (PropertyNode.Name)
{
case ("version"):
Version = PropertyNode.InnerText;
break;
case ("action"):
Action = PropertyNode.InnerText;
break;
case ("filename"):
FileName = PropertyNode.InnerText;
break;
case ("downloadname"):
DownloadFileName = PropertyNode.InnerText;
break;
case ("comment"):
Comment = PropertyNode.InnerText;
break;
case ("support_file"):
string SupportFileName = "";
string SupportFileDownloadName = "";
foreach (XmlNode SupportFileNode in PropertyNode.ChildNodes)
{
switch (SupportFileNode.Name)
{
case ("filename"):
SupportFileName = SupportFileNode.InnerText;
break;
case ("downloadname"):
SupportFileDownloadName = SupportFileNode.InnerText;
break;
}
}
SupportFiles.Add(new string[] { SupportFileName, SupportFileDownloadName });
break;
}
}
if (Action.Equals("add") || Action.Equals("update"))
{
bool MatchFound = false;
string[] MatchedPluginInfo = new string[2];
foreach (string[] PluginInfo in AllPluginInfo)
{
if (PluginInfo[0].Equals(FileName))
{
MatchFound = true;
MatchedPluginInfo = PluginInfo;
break;
}
}
if ((MatchFound && !MatchedPluginInfo[1].Equals(Version)) || !MatchFound)
{
DownloadPlugin(PluginType, FileName, DownloadFileName);
XW.WriteStartElement("file");
XW.WriteStartElement("action"); XW.WriteValue(Action); XW.WriteEndElement();
XW.WriteStartElement("filename"); XW.WriteValue(FileName); XW.WriteEndElement();
XW.WriteStartElement("comment"); XW.WriteValue(Comment); XW.WriteEndElement();
XW.WriteEndElement();
foreach (string[] SupportFile in SupportFiles)
{
DownloadPlugin(PluginType, SupportFile[0], SupportFile[1]);
XW.WriteStartElement("file");
XW.WriteStartElement("action"); XW.WriteValue(Action); XW.WriteEndElement();
XW.WriteStartElement("filename"); XW.WriteValue(SupportFile[0]); XW.WriteEndElement();
XW.WriteStartElement("comment"); XW.WriteValue(Comment); XW.WriteEndElement();
XW.WriteEndElement();
}
}
}
}
XW.WriteEndElement();
XW.WriteEndDocument();
XW.Close();
StreamWriter SW = File.CreateText(Config.Path + "\\updates\\" + PluginType + "_plugin_manifest.xml");
SW.Write(SB.ToString());
SW.Close();
}
internal void UpdateScanBranchConfigFromUI()
{
this.ScanUrl = this.InjectUrlPathPartsCB.Checked;
this.ScanQuery = this.InjectQueryCB.Checked;
this.ScanBody = this.InjectBodyCB.Checked;
this.ScanCookie = this.InjectCookieCB.Checked;
this.ScanHeaders = this.InjectHeadersCB.Checked;
this.SelectedSessionPlugin = "";
if (this.ScanBranchSessionPluginsCombo.SelectedItem != null)
{
string PluginName = this.ScanBranchSessionPluginsCombo.SelectedItem.ToString();
if (PluginName.Length > 0)
{
if (SessionPlugin.List().Contains(PluginName))
{
this.SelectedSessionPlugin = PluginName;
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
}
}
this.FormatPlugins.Clear();
foreach (DataGridViewRow Row in this.FormatGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
this.FormatPlugins.Add(Row.Cells[1].Value.ToString());
}
}
this.ActivePlugins.Clear();
foreach (DataGridViewRow Row in this.ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
this.ActivePlugins.Add(Row.Cells[1].Value.ToString());
}
}
this.QueryWhiteList.Clear();
this.QueryBlackList.Clear();
this.BodyWhiteList.Clear();
this.BodyBlackList.Clear();
this.CookieWhiteList.Clear();
this.CookieBlackList.Clear();
this.HeaderWhiteList.Clear();
this.HeaderBlackList.Clear();
if (QueryParametersFilterCB.Checked)
{
if (QueryParametersPlusRB.Checked)
{
foreach (string Name in QueryParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.QueryWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in QueryParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.QueryBlackList.Add(Name.Trim());
}
}
}
if (BodyParametersFilterCB.Checked)
{
if (BodyParametersPlusRB.Checked)
{
foreach (string Name in BodyParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.BodyWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in BodyParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.BodyBlackList.Add(Name.Trim());
}
}
}
if (CookieParametersFilterCB.Checked)
{
if (CookieParametersPlusRB.Checked)
{
foreach (string Name in CookieParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.CookieWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in CookieParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.CookieBlackList.Add(Name.Trim());
}
}
}
if (HeadersParametersFilterCB.Checked)
{
if (HeadersParametersPlusRB.Checked)
{
foreach (string Name in HeadersParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.HeaderWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in HeadersParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
this.HeaderBlackList.Add(Name.Trim());
}
}
}
}
private void RefreshSessListLL_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
ScanBranchSessionPluginsCombo.Items.Clear();
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
}
internal void UpdateScanBranchConfigFromUI()
{
ScanBranch.HostName = this.BaseRequest.Host;
ScanBranch.UrlPattern = this.ScanBranchUrlPatternTB.Text;
if (this.BaseRequest != null)
{
ScanBranch.HTTP = !this.BaseRequest.SSL;
ScanBranch.HTTPS = this.BaseRequest.SSL;
}
ScanBranch.PromptUser = PromptUserCB.Checked;
ScanBranch.ScanUrl = this.InjectUrlPathPartsCB.Checked;
ScanBranch.ScanQuery = this.InjectQueryCB.Checked;
ScanBranch.ScanBody = this.InjectBodyCB.Checked;
ScanBranch.ScanCookie = this.InjectCookieCB.Checked;
ScanBranch.ScanHeaders = this.InjectHeadersCB.Checked;
ScanBranch.PickFromProxyLog = this.ScanBranchPickProxyLogCB.Checked;
ScanBranch.PickFromProbeLog = this.ScanBranchPickProbeLogCB.Checked;
ScanBranch.ProxyLogIDs.Clear();
ScanBranch.ProbeLogIDs.Clear();
ScanBranch.SessionPlugin = "";
if (this.ScanBranchSessionPluginsCombo.SelectedItem != null)
{
string PluginName = this.ScanBranchSessionPluginsCombo.SelectedItem.ToString();
if (PluginName.Length > 0)
{
if (SessionPlugin.List().Contains(PluginName))
{
ScanBranch.SessionPlugin = PluginName;
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
}
}
if (this.LoginRecordingComboBox.SelectedItem != null)
{
string RecName = this.LoginRecordingComboBox.SelectedItem.ToString();
if (RecName.Length > 0)
{
if (Recording.Recording.GetNames().Contains(RecName))
{
ScanBranch.LoginRecording = RecName;
if (ScanThreadLimitCB.Checked)
{
Scanner.MaxParallelScanCount = 1;
IronUI.UpdateScannerSettingsInUIFromConfig();
IronDB.StoreScannerSettings();
}
}
}
}
ScanBranch.FormatPlugins.Clear();
foreach (DataGridViewRow Row in this.FormatGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
ScanBranch.FormatPlugins.Add(Row.Cells[1].Value.ToString());
}
}
ScanBranch.ActivePlugins.Clear();
foreach (DataGridViewRow Row in this.ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
ScanBranch.ActivePlugins.Add(Row.Cells[1].Value.ToString());
}
}
ScanBranch.QueryWhiteList.Clear();
ScanBranch.QueryBlackList.Clear();
ScanBranch.BodyWhiteList.Clear();
ScanBranch.BodyBlackList.Clear();
ScanBranch.CookieWhiteList.Clear();
ScanBranch.CookieBlackList.Clear();
ScanBranch.HeaderWhiteList.Clear();
ScanBranch.HeaderBlackList.Clear();
if (QueryParametersFilterCB.Checked)
{
if (QueryParametersPlusRB.Checked)
{
foreach (string Name in QueryParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.QueryWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in QueryParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.QueryBlackList.Add(Name.Trim());
}
}
}
if (BodyParametersFilterCB.Checked)
{
if (BodyParametersPlusRB.Checked)
{
foreach (string Name in BodyParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.BodyWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in BodyParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.BodyBlackList.Add(Name.Trim());
}
}
}
if (CookieParametersFilterCB.Checked)
{
if (CookieParametersPlusRB.Checked)
{
foreach (string Name in CookieParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.CookieWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in CookieParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.CookieBlackList.Add(Name.Trim());
}
}
}
if (HeadersParametersFilterCB.Checked)
{
if (HeadersParametersPlusRB.Checked)
{
foreach (string Name in HeadersParametersPlusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.HeaderWhiteList.Add(Name.Trim());
}
}
else
{
foreach (string Name in HeadersParametersMinusTB.Text.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
ScanBranch.HeaderBlackList.Add(Name.Trim());
}
}
}
}
static void GetNewPlugins()
{
string[] PluginManifestLines = PluginManifestFile.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string Line in PluginManifestLines)
{
string[] LineParts = Line.Split(new char[] { '|' }, 6);
if (LineParts.Length != 6)
{
throw new Exception("Invalid 'Plugin Manifest File' recieved from server");
}
PluginManifestInfo.Add(LineParts);
}
List <string[]> CurrentPluginInfo = new List <string[]>();
foreach (string Name in ActivePlugin.List())
{
ActivePlugin AP = ActivePlugin.Get(Name);
string[] CurrentInfo = new string[] { "active", AP.Version, AP.FileName.Substring(AP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in PassivePlugin.List())
{
PassivePlugin PP = PassivePlugin.Get(Name);
string[] CurrentInfo = new string[] { "passive", PP.Version, PP.FileName.Substring(PP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in FormatPlugin.List())
{
FormatPlugin FP = FormatPlugin.Get(Name);
string[] CurrentInfo = new string[] { "format", FP.Version, FP.FileName.Substring(FP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in SessionPlugin.List())
{
SessionPlugin SP = SessionPlugin.Get(Name);
string[] CurrentInfo = new string[] { "session", SP.Version, SP.FileName.Substring(SP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string[] PluginManifestInfoLine in PluginManifestInfo)
{
if (PluginManifestInfoLine[0].StartsWith("+") || PluginManifestInfoLine[0].StartsWith("*"))
{
bool MatchFound = false;
foreach (string[] CurrentPluginLineInfo in CurrentPluginInfo)
{
if (PluginManifestInfoLine[1].Equals(CurrentPluginLineInfo[0]) && PluginManifestInfoLine[3].Equals(CurrentPluginLineInfo[2]))
{
MatchFound = true;
if (!PluginManifestInfoLine[2].Equals(CurrentPluginLineInfo[1]))
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
break;
}
else if (PluginManifestInfoLine[0].Contains("_"))
{
string[] SupportDetailParts = PluginManifestInfoLine[0].Split(new char[] { '_' }, 2);
if (PluginManifestInfoLine[1].Equals(CurrentPluginLineInfo[0]) && SupportDetailParts[1].Equals(CurrentPluginLineInfo[2]))
{
MatchFound = true;
if (!PluginManifestInfoLine[2].Equals(CurrentPluginLineInfo[1]))
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
break;
}
}
}
if (!MatchFound)
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
}
}
}