Exemplo n.º 1
0
 public Wapiti(IToolOptions options)
 {
     if (options is WapitiToolOptions)
     {
         _options = (WapitiToolOptions)options;
     }
 }
Exemplo n.º 2
0
        private List<IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary<string, string> config)
        {
            List<IToolResults > _results = new List<IToolResults> ();

            Console.WriteLine ("Scanning host: " + host.Hostname);
            foreach (var port in host.Ports) {

                port.ParentIPAddress = host.IPAddressv4;

                if ((port.Service == "http" || port.Service == "https") && bool.Parse(config["isSQLMap"])) {
                    IToolOptions _options = new WapitiToolOptions();

                    (_options as WapitiToolOptions).Host = host.IPAddressv4;
                    (_options as WapitiToolOptions).Port = port.PortNumber;
                    (_options as WapitiToolOptions).Path = config["wapitiPath"];

                    Wapiti wapiti = new Wapiti(_options);

                    Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname));
                    WapitiToolResults wapitiResults = null;
                    try
                    {
                        wapitiResults = wapiti.Run(new TimeSpan(0,10,0)) as WapitiToolResults;
                        wapitiResults.HostIPAddressV4 = host.IPAddressv4;
                        wapitiResults.HostPort = port.PortNumber;
                        wapitiResults.IsTCP = true;

                        _results.Add(wapitiResults);
                    }
                    catch(Exception ex)
                    {
                        Console.WriteLine(ex.Message);
                    }

                    if (sqlmapOptions != null && wapitiResults != null) {

                        if (wapitiResults.Bugs == null) { // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.

                            sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4;
                            sqlmapOptions.Port = port.PortNumber;
                            sqlmapOptions.Path = config ["sqlmapPath"];

                            SQLMap mapper = new SQLMap (sqlmapOptions);

                            SQLMapResults sqlmapResults = mapper.Run () as SQLMapResults;
                            sqlmapResults.ParentHostPort = port;

                            _results.Add (sqlmapResults);
                        } else {
                            foreach (WapitiBug bug in wapitiResults.Bugs) {
                                if (bug.Type.StartsWith ("SQL Injection")) {

                                    Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);

                                    sqlmapOptions.Path = config ["sqlmapPath"];
                                    SQLMap mapper = new SQLMap (sqlmapOptions);

                                    SQLMapResults results = mapper.Run (bug) as SQLMapResults;

                                    if (results == null )
                                        continue;

                                    if (results.Vulnerabilities != null)
                                        foreach (var vuln in results.Vulnerabilities)
                                            vuln.Target = bug.URL;

                                    results.ParentHostPort = port;

                                    _results.Add (results);
                                } else if (bug.Type.Contains ("Cross Site Scripting)")) {
                                    //dsxs
                                }
                            }
                        }
                    }
                }
            }

            Console.WriteLine ("Done with host: " + host.Hostname);

            return _results;
        }
Exemplo n.º 3
0
 public Wapiti(IToolOptions options)
 {
     if (options is WapitiToolOptions)
         _options = (WapitiToolOptions)options;
 }
Exemplo n.º 4
0
        private List<IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary<string, string> config)
        {
            List<IToolResults > _results = new List<IToolResults> ();

            Console.WriteLine ("Scanning host: " + host.Hostname);
            foreach (var port in host.Ports) {

                port.ParentIPAddress = host.IPAddressv4;

                if ((port.Service == "http" || port.Service == "https") && bool.Parse (config ["isSQLMap"])) {
                    IToolOptions _options = new WapitiToolOptions ();

                    (_options as WapitiToolOptions).Host = host.IPAddressv4;
                    (_options as WapitiToolOptions).Port = port.PortNumber;
                    (_options as WapitiToolOptions).Path = config ["wapitiPath"];

                    Wapiti wapiti = new Wapiti (_options);

                    Console.WriteLine ("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname));
                    WapitiToolResults wapitiResults = null;
                    try {
                        wapitiResults = wapiti.Run (new TimeSpan (0, 10, 0)) as WapitiToolResults;
                        wapitiResults.HostIPAddressV4 = host.IPAddressv4;
                        wapitiResults.HostPort = port.PortNumber;
                        wapitiResults.IsTCP = true;

                        _results.Add (wapitiResults);
                    } catch (Exception ex) {
                        Console.WriteLine (ex.Message);
                    }

                    if (sqlmapOptions != null && wapitiResults != null) {

                        if (wapitiResults.Bugs == null) { // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.

                            sqlmapOptions.URL = port.Service + "://" + host.IPAddressv4;
                            sqlmapOptions.Port = port.PortNumber;
                            sqlmapOptions.Path = config ["sqlmapPath"];

                            SQLMap mapper = new SQLMap (sqlmapOptions);

                            SQLMapResults sqlmapResults = mapper.Run () as SQLMapResults;
                            sqlmapResults.ParentHostPort = port;

                            _results.Add (sqlmapResults);
                        } else {

                            using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
                                using (SqlmapManager manager = new SqlmapManager(sess)) {
                                    foreach (WapitiBug bug in wapitiResults.Bugs) {
                                        if (bug.Type.StartsWith ("SQL Injection")) {

                                            Console.WriteLine ("Starting SQLMap on host/port: " + (string.IsNullOrEmpty (host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);

                                            sqlmapOptions.Path = config ["sqlmapPath"];
                                            //SQLMap mapper = new SQLMap (sqlmapOptions);

                                            //SQLMapResults results = mapper.Run (bug) as SQLMapResults;

            //									if (results == null )
            //										continue;
            //
            //									if (results.Vulnerabilities != null)
            //										foreach (var vuln in results.Vulnerabilities)
            //											vuln.Target = bug.URL;
            //
            //									results.ParentHostPort = port;
            //
            //									_results.Add (results);

                                            string taskid = manager.NewTask ();
                                            Dictionary<string, object> opts = manager.GetOptions (taskid);

                                            if (bug.URL.Contains (bug.Parameter)) {
                                                opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);

                                            } else {
                                                opts ["url"] = bug.URL;
                                                opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);
                                            }

                                            SqlmapStatus status = manager.GetScanStatus(taskid);

                                            while (status.Status != "terminated")
                                            {
                                                System.Threading.Thread.Sleep(new TimeSpan(0,0,10));
                                                status = manager.GetScanStatus(taskid);
                                            }

                                            List<SqlmapLogItem> logItems = manager.GetLog(taskid);

                                            SQLMapResults results = new SQLMapResults();
                                            results.Vulnerabilities = new List<SQLMapVulnerability>();

                                            foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
                                            {
                                                SQLMapVulnerability vuln = new SQLMapVulnerability();

                                                Console.WriteLine(item.Message);
                                            }
                                            manager.DeleteTask(taskid);

                                        } else if (bug.Type.Contains ("Cross Site Scripting)")) {
                                            //dsxs
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            Console.WriteLine ("Done with host: " + host.Hostname);

            return _results;
        }
Exemplo n.º 5
0
        private List <IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary <string, string> config)
        {
            List <IToolResults> _results = new List <IToolResults> ();

            Console.WriteLine("Scanning host: " + host.Hostname);
            foreach (var port in host.Ports)
            {
                port.ParentIPAddress = host.IPAddressv4;

                if ((port.Service == "http" || port.Service == "https") && bool.Parse(config ["isSQLMap"]))
                {
                    IToolOptions _options = new WapitiToolOptions();

                    (_options as WapitiToolOptions).Host = host.IPAddressv4;
                    (_options as WapitiToolOptions).Port = port.PortNumber;
                    (_options as WapitiToolOptions).Path = config ["wapitiPath"];

                    Wapiti wapiti = new Wapiti(_options);

                    Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname));
                    WapitiToolResults wapitiResults = null;
                    try {
                        wapitiResults = wapiti.Run(new TimeSpan(0, 10, 0)) as WapitiToolResults;
                        wapitiResults.HostIPAddressV4 = host.IPAddressv4;
                        wapitiResults.HostPort        = port.PortNumber;
                        wapitiResults.IsTCP           = true;

                        _results.Add(wapitiResults);
                    } catch (Exception ex) {
                        Console.WriteLine(ex.Message);
                    }

                    if (sqlmapOptions != null && wapitiResults != null)
                    {
                        if (wapitiResults.Bugs == null)                           // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.

                        {
                            sqlmapOptions.URL  = port.Service + "://" + host.IPAddressv4;
                            sqlmapOptions.Port = port.PortNumber;
                            sqlmapOptions.Path = config ["sqlmapPath"];

                            SQLMap mapper = new SQLMap(sqlmapOptions);

                            SQLMapResults sqlmapResults = mapper.Run() as SQLMapResults;
                            sqlmapResults.ParentHostPort = port;

                            _results.Add(sqlmapResults);
                        }
                        else
                        {
                            using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
                                using (SqlmapManager manager = new SqlmapManager(sess)) {
                                    foreach (WapitiBug bug in wapitiResults.Bugs)
                                    {
                                        if (bug.Type.StartsWith("SQL Injection"))
                                        {
                                            Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);

                                            sqlmapOptions.Path = config ["sqlmapPath"];
                                            //SQLMap mapper = new SQLMap (sqlmapOptions);

                                            //SQLMapResults results = mapper.Run (bug) as SQLMapResults;

//									if (results == null )
//										continue;
//
//									if (results.Vulnerabilities != null)
//										foreach (var vuln in results.Vulnerabilities)
//											vuln.Target = bug.URL;
//
//									results.ParentHostPort = port;
//
//									_results.Add (results);

                                            string taskid = manager.NewTask();
                                            Dictionary <string, object> opts = manager.GetOptions(taskid);


                                            if (bug.URL.Contains(bug.Parameter))
                                            {
                                                opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);
                                            }
                                            else
                                            {
                                                opts ["url"] = bug.URL;
                                                opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);
                                            }

                                            SqlmapStatus status = manager.GetScanStatus(taskid);

                                            while (status.Status != "terminated")
                                            {
                                                System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
                                                status = manager.GetScanStatus(taskid);
                                            }

                                            List <SqlmapLogItem> logItems = manager.GetLog(taskid);

                                            SQLMapResults results = new SQLMapResults();
                                            results.Vulnerabilities = new List <SQLMapVulnerability>();

                                            foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
                                            {
                                                SQLMapVulnerability vuln = new SQLMapVulnerability();

                                                Console.WriteLine(item.Message);
                                            }
                                            manager.DeleteTask(taskid);
                                        }
                                        else if (bug.Type.Contains("Cross Site Scripting)"))
                                        {
                                            //dsxs
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            Console.WriteLine("Done with host: " + host.Hostname);

            return(_results);
        }