public string buildNiktoRequest(niktoRequests niktoset,string header) { string methodGETHEAD=niktoset.method; string actualrequest=""; actualrequest=methodGETHEAD+" "+niktoset.request+" HTTP/1.0\r\n"; actualrequest+=header + "\r\n\r\n"; return actualrequest; }
public string stestNiktoRequest (string ipRaw, string portRaw, string requestRaw, niktoRequests niktoset, int TimeOut, bool isSSL) { string response=""; if (isSSL){ response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,2,true); } else { response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut); } return response; }
private string generateBlob (string target, string port, niktoRequests niktoset, string filetype, string filelocation,string header){ niktoRequests FPtest; FPtest.method=niktoset.method; FPtest.description="FP test item"; FPtest.type="FP test item"; FPtest.trigger=""; FPtest.isSSL=niktoset.isSSL; string result=""; if (niktoset.type.Equals("FPtestdir")==false){ FPtest.request=filelocation + "noteverthere." + filetype; } else FPtest.request=filelocation + "noteverthere/"; if (niktoset.isSSL){ result=stestNiktoRequest(target,port,buildNiktoRequest(FPtest,header),FPtest,6000,true); } else { result=stestNiktoRequest(target,port,buildNiktoRequest(FPtest,header),FPtest,6000,false); } //actually..this is the only place we really need to lock lock (backend_FP){ lock (nikto_FP){ FPdata item = new FPdata(); item.URLlocation=filelocation; item.method=FPtest.method; item.filetype=filetype; item.host=target; if (niktoset.type.CompareTo("FPtestfile")==0 || niktoset.type.CompareTo("FPtestdir")==0){ if (backend_FP.Contains(item)==false){ backend_FP.Add(item,result); } }else{ if (nikto_FP.Contains(item)==false){ nikto_FP.Add(item,result); } } } } return result; }
private string getBlob (string ipRaw, string portRaw, niktoRequests niktoset, string filetype, string filelocation,string header){ lock (this){ FPdata entry = new FPdata(); entry.filetype=filetype; entry.host=ipRaw; entry.method=niktoset.method; entry.URLlocation=filelocation; if (niktoset.type.CompareTo("FPtestfile")==0 || niktoset.type.CompareTo("FPtestdir")==0){ //check if it exists if (backend_FP.Contains(entry)){ return (string)backend_FP[entry]; } } else { if (nikto_FP.Contains(entry)){ return (string)nikto_FP[entry]; } } } //if we end up here we know we must go get a new one return generateBlob(ipRaw,portRaw,niktoset,filetype,filelocation,header); }
private double testniktoFP (string ipRaw, string portRaw, niktoRequests niktoset, string request, string reply,string header){ string location=extractLocation(request); string filetype=extractFileType(request); string blobFromDB=getBlob(ipRaw,portRaw,niktoset,filetype,location,header); if (blobFromDB.Length > 0){ double result; lock (this){ result=compareBlobs(blobFromDB,reply,false,false); } return result; }else return -1.0; }
public bool testRequest (string ipRaw, string portRaw, string requestRaw, int TimeOut, bool fileordir, bool isSSL, string header, double trigger) { string response=""; if (isSSL){ response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,3,true); } else { response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut); } string[] parts = new string[2000]; parts=requestRaw.Split(' '); double result; niktoRequests niktoset = new niktoRequests(); //true=file false=dir if (fileordir == false){ niktoset.description="FPtestdir"; niktoset.request=requestRaw; niktoset.trigger=""; niktoset.type="FPtestdir"; niktoset.method=parts[0]; niktoset.isSSL=isSSL; string[] urlparts = new string[20]; urlparts=parts[1].Split('/'); string finalresult=""; for(int a=1; a<urlparts.Length-2; a++){ finalresult+="/"+urlparts[a]; } finalresult=finalresult.Replace("//","/"); result=testniktoFP(ipRaw,portRaw,niktoset,finalresult+"/mooforgetit",response,header); //recheck! if (result<trigger && result>=0){ lock(this){ cleanBlob(ipRaw,extractFileType(finalresult+"/mooforgetit"),extractLocation(finalresult+"/mooforgetit"),"directory"); } if (isSSL){ response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,3,true); } else { response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut); } result=testniktoFP(ipRaw,portRaw,niktoset,finalresult+"/mooforgetit",response,header); } } else { niktoset.description="FPtestfile"; niktoset.request=requestRaw; niktoset.trigger=""; niktoset.type="FPtestfile"; niktoset.method=parts[0]; niktoset.isSSL=isSSL; parts[1]=parts[1].Replace("//","/"); result=testniktoFP(ipRaw,portRaw,niktoset,parts[1],response,header); //recheck! if (result<trigger && result >=0){ lock(this){ cleanBlob(ipRaw,extractFileType(parts[1]),extractLocation(parts[1]),"file"); } if (isSSL){ response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut,3,true); } else { response = sendraw(ipRaw,portRaw,requestRaw,4096,TimeOut); } result=testniktoFP(ipRaw,portRaw,niktoset,parts[1],response,header); } } if ((result < trigger) && result >= 0.00){ return true; } else {return false;} }