Exemplo n.º 1
0
        static void Main2(string[] args)
        {
            Cli.UseTrace    = true;
            Trace.AutoFlush = true;
            Trace.Listeners.Add(new ConsoleTraceListener());

            if (!args.Any(x => x == "-l"))
            {
                ScannerCli.RunAssistant();
            }

            ScannerCli.DisplayAppInfo();

            if (args.Length == 0)
            {
                ScannerCli.DisplayInstructions();

                Exit();
            }

            Config = ScanConfig.Parse(args);

            if (Config.TestMode)
            {
                RunSelfTest();
                return;
            }

            var versionTester = new PhpVersionTester(Config);

            versionTester.CheckVersion();
            Cli.WriteLine();

            ExeProbe.Copy();

            TraceFileName = Config.WebRoot + @"\trace.txt";

            foreach (string RelativeAppPath in Config.ApplicationPaths)
            {
                string filePath = Config.WebRoot + "\\" + RelativeAppPath.Replace('/', '\\');

                if (!Directory.Exists(filePath))
                {
                    ScannerCli.DisplayCriticalMessage("Application path {0} not found.", filePath);

                    Exit();
                }

                if (Config.Repair || new DirectoryInfo(filePath)
                    .GetFiles("*.phpvhbackup", SearchOption.AllDirectories)
                    .Any(x => x.Extension.ToLower() == ".phpvhbackup"))
                {
                    ScannerCli.DisplayPhaseName("Repair");
                    Cli.WriteLine();

                    new HookCollection().Unset(new DirectoryInfo(filePath));



                    if (Config.Repair)
                    {
                        continue;
                    }
                }

                _reportWriter = new ReportWriter(RelativeAppPath);

                Trace.Listeners.Clear();

                if (Config.LogConsole)
                {
                    Trace.Listeners.Add(new TextWriterTraceListener(_reportWriter.ReportPath + "\\scan.log"));
                }

                Trace.Listeners.Add(new ConsoleTraceListener());

                foreach (var plugin in Config.ScanPlugins)
                {
                    plugin.Initialize();
                }

                Program.PageFieldTable.Clear();

                Cli.WriteLine();
                ScannerCli.DisplayAppPath(RelativeAppPath);

                //////////////////////////////////////////////////////////////////////////
                // Static analysis
                ScannerCli.DisplayPhaseName("Static Analysis");

                var sae = new StaticAnalysis.StaticAnalysisEngine(Config);
                sae.FileScanned += (o, e) =>
                {
                    Cli.WriteLine(
                        "{0} [~{1}~{2}~R~]",
                        e.Item.Filename,
                        e.Item.Alerts.Any() ? ConsoleColor.Red : ConsoleColor.DarkGreen,
                        e.Item.Alerts.Length);

                    e.Item.Alerts.Iter(x => Cli.WriteLine("~Red~Potential Vulnerability: {0}~R~", x.Name));
                };
                var staticAnalysisAlerts = sae.ScanDirectory(filePath);

                if (staticAnalysisAlerts.Any())
                {
                    _reportWriter.Write("Static analysis", staticAnalysisAlerts.ToXml(), "xml");
                }

                Cli.WriteLine();
                Cli.WriteLine();

                // End Static analysis
                //////////////////////////////////////////////////////////////////////////

                if (!Config.StaticOnly)
                {
                    ScanMetrics.Default = new ScanMetrics();
                    ScanMetrics.Default.Annotator.AnnotationFile = new FileInfo(Config.WebRoot + "\\Annotation.txt");

                    #region Hooks
                    var hooks2    = new HookCollection(Hook.GetDefaults());
                    var sqlPlugin = new SqlScanPlugin(null);
                    sqlPlugin.Initialize();
                    hooks2.AddRange(sqlPlugin.Config.Functions.ToHooks());
                    #endregion

                    if (Config.HookSuperglobals)
                    {
                        hooks2.AddRange(Hook.GetSuperglobals());
                    }

                    if (_scan)
                    {
                        ScannerCli.DisplayPhaseName("Form scrape");

                        var urlDictionary = CreateUrlDictionary(RelativeAppPath, new DirectoryInfo(filePath));

                        foreach (var page in urlDictionary.Select(x => new
                        {
                            Relative = x.Key,
                            Url = "http://" + Config.Server + x.Key,
                        }))
                        {
                            var data    = WebClientHelper.DownloadData(page.Url);
                            var respStr = ASCIIEncoding.ASCII.GetString(data.Data);
                            var forms   = FormScraper.GetForms(respStr, page.Url);

                            if (forms.Any())
                            {
                                foreach (var f in forms)
                                {
                                    var action = new Uri(f.Action);
                                    if (!action.Host.Contains(Config.Server) ||
                                        !urlDictionary.ContainsKey(action.LocalPath))
                                    {
                                        continue;
                                    }

                                    var file = urlDictionary[action.LocalPath];

                                    if (!PageFieldTable.ContainsKey(file))
                                    {
                                        PageFieldTable.Add(file, new Dictionary <string, List <string> >());
                                    }

                                    var superglobal = "$_" + f.Method.ToUpper();

                                    if (!PageFieldTable[file].ContainsKey(superglobal))
                                    {
                                        PageFieldTable[file].Add(superglobal, new List <string>());
                                    }

                                    var newInputs = f.Inputs
                                                    .Select(x => x.Name ?? x.Type)
                                                    .Where(x => x != null && !PageFieldTable[file][superglobal].Contains(x));

                                    PageFieldTable[file][superglobal].AddRange(newInputs);
                                }
                            }

                            ScannerCli.DisplayScrapedUrl(page.Relative, forms);
                        }

                        Trace.WriteLine("");

                        if (_hook)
                        {
                            ScannerCli.DisplayPhaseName("Dynamic Analysis Initialization");
                            Cli.WriteLine();

                            hooks2.Set(new DirectoryInfo(filePath));
                            hooks2.CreateHandlerFile();
                            Cli.WriteLine();
                            Cli.WriteLine();

                            Program.Config.ScanPlugins
                            .Iter(x =>
                            {
                                var annotationTableClone    = ScanMetrics.Default.Annotator.AnnotationTable.Clone() as AnnotationTable;
                                annotationTableClone.Plugin = x.ToString();
                                ScanMetrics.Default.PluginAnnotations.Add(annotationTableClone);
                            });
                        }

                        ScannerCli.DisplayPhaseName("Dynamic Analysis");

                        ScanDirectory(new DirectoryInfo(filePath), RelativeAppPath);
                        Console.WriteLine();
                    }

                    ScannerCli.DisplayPhaseName("Dynamic Analysis Uninitialization");
                    Cli.WriteLine();
                    hooks2.DeleteHandlerFile();

                    File.Delete(TraceFileName);

                    foreach (var plugin in Config.ScanPlugins)
                    {
                        plugin.Uninitialize();
                    }

                    if (Config.Unhook)
                    {
                        hooks2.Unset(new DirectoryInfo(filePath));

                        Cli.WriteLine();
                        Cli.WriteLine();
                    }
                }

                var reportFiles = _reportWriter.WriteFilenames();
#if !MONO && !NET35
                if (_reportWriter.ReportFiles.Any() && Config.RunViewer)
                {
                    var viewerPath = Assembly.GetExecutingAssembly().Location.RemoveAtLastIndexOf('\\', 1) +
                                     @"PHPVHReportViewer.exe";

                    if (File.Exists(viewerPath))
                    {
                        System.Diagnostics.Process.Start(viewerPath, "\"" + reportFiles + "\"");
                    }
                    else
                    {
                        System.Windows.Forms.MessageBox.Show("Could not locate report viewer executable.",
                                                             "Error launching report viewer", System.Windows.Forms.MessageBoxButtons.OK,
                                                             System.Windows.Forms.MessageBoxIcon.Error);
                    }
                }
#endif
            }

            Trace.Listeners.Clear();
            Trace.Listeners.Add(new ConsoleTraceListener());
        }
Exemplo n.º 2
0
        static void Main2(string[] args)
        {
            Cli.UseTrace = true;
            Trace.AutoFlush = true;
            Trace.Listeners.Add(new ConsoleTraceListener());

            if (!args.Any(x => x == "-l"))
            {
                ScannerCli.RunAssistant();
            }

            ScannerCli.DisplayAppInfo();

            if (args.Length == 0)
            {
                ScannerCli.DisplayInstructions();

                Exit();
            }

            Config = ScanConfig.Parse(args);

            if (Config.TestMode)
            {
                RunSelfTest();
                return;
            }

            var versionTester = new PhpVersionTester(Config);
            versionTester.CheckVersion();
            Cli.WriteLine();

            ExeProbe.Copy();

            TraceFileName = Config.WebRoot + @"\trace.txt";

            foreach (string RelativeAppPath in Config.ApplicationPaths)
            {
                string filePath = Config.WebRoot + "\\" + RelativeAppPath.Replace('/', '\\');

                if (!Directory.Exists(filePath))
                {
                    ScannerCli.DisplayCriticalMessage("Application path {0} not found.", filePath);

                    Exit();
                }

                if (Config.Repair || new DirectoryInfo(filePath)
                    .GetFiles("*.phpvhbackup", SearchOption.AllDirectories)
                    .Any(x => x.Extension.ToLower() == ".phpvhbackup"))
                {
                    ScannerCli.DisplayPhaseName("Repair");
                    Cli.WriteLine();

                    new HookCollection().Unset(new DirectoryInfo(filePath));

                    if (Config.Repair)
                        continue;
                }

                _reportWriter = new ReportWriter(RelativeAppPath);

                Trace.Listeners.Clear();

                if (Config.LogConsole)
                    Trace.Listeners.Add(new TextWriterTraceListener(_reportWriter.ReportPath + "\\scan.log"));

                Trace.Listeners.Add(new ConsoleTraceListener());

                foreach (var plugin in Config.ScanPlugins)
                    plugin.Initialize();

                Program.PageFieldTable.Clear();

                Cli.WriteLine();
                ScannerCli.DisplayAppPath(RelativeAppPath);

                //////////////////////////////////////////////////////////////////////////
                // Static analysis
                ScannerCli.DisplayPhaseName("Static Analysis");

                var sae = new StaticAnalysis.StaticAnalysisEngine(Config);
                sae.FileScanned += (o, e) =>
                {
                    Cli.WriteLine(
                        "{0} [~{1}~{2}~R~]",
                        e.Item.Filename,
                        e.Item.Alerts.Any() ? ConsoleColor.Red : ConsoleColor.DarkGreen,
                        e.Item.Alerts.Length);

                    e.Item.Alerts.Iter(x => Cli.WriteLine("~Red~Potential Vulnerability: {0}~R~", x.Name));
                };
                var staticAnalysisAlerts = sae.ScanDirectory(filePath);

                if (staticAnalysisAlerts.Any())
                    _reportWriter.Write("Static analysis", staticAnalysisAlerts.ToXml(), "xml");

                Cli.WriteLine();
                Cli.WriteLine();

                // End Static analysis
                //////////////////////////////////////////////////////////////////////////

                if (!Config.StaticOnly)
                {
                    ScanMetrics.Default = new ScanMetrics();
                    ScanMetrics.Default.Annotator.AnnotationFile = new FileInfo(Config.WebRoot + "\\Annotation.txt");

                    #region Hooks
                    var hooks2 = new HookCollection(Hook.GetDefaults());
                    var sqlPlugin = new SqlScanPlugin(null);
                    sqlPlugin.Initialize();
                    hooks2.AddRange(sqlPlugin.Config.Functions.ToHooks());
                    #endregion

                    if (Config.HookSuperglobals)
                    {
                        hooks2.AddRange(Hook.GetSuperglobals());
                    }

                    if (_scan)
                    {
                        ScannerCli.DisplayPhaseName("Form scrape");

                        var urlDictionary = CreateUrlDictionary(RelativeAppPath, new DirectoryInfo(filePath));

                        foreach (var page in urlDictionary.Select(x => new
                        {
                            Relative = x.Key,
                            Url = "http://" + Config.Server + x.Key,
                        }))
                        {
                            var data = WebClientHelper.DownloadData(page.Url);
                            var respStr = ASCIIEncoding.ASCII.GetString(data.Data);
                            var forms = FormScraper.GetForms(respStr, page.Url);

                            if (forms.Any())
                            {
                                foreach (var f in forms)
                                {
                                    var action = new Uri(f.Action);
                                    if (!action.Host.Contains(Config.Server) ||
                                        !urlDictionary.ContainsKey(action.LocalPath))
                                        continue;

                                    var file = urlDictionary[action.LocalPath];

                                    if (!PageFieldTable.ContainsKey(file))
                                        PageFieldTable.Add(file, new Dictionary<string, List<string>>());

                                    var superglobal = "$_" + f.Method.ToUpper();

                                    if (!PageFieldTable[file].ContainsKey(superglobal))
                                        PageFieldTable[file].Add(superglobal, new List<string>());

                                    var newInputs = f.Inputs
                                        .Select(x => x.Name ?? x.Type)
                                        .Where(x => x != null && !PageFieldTable[file][superglobal].Contains(x));

                                    PageFieldTable[file][superglobal].AddRange(newInputs);
                                }
                            }

                            ScannerCli.DisplayScrapedUrl(page.Relative, forms);
                        }

                        Trace.WriteLine("");

                        if (_hook)
                        {
                            ScannerCli.DisplayPhaseName("Dynamic Analysis Initialization");
                            Cli.WriteLine();

                            hooks2.Set(new DirectoryInfo(filePath));
                            hooks2.CreateHandlerFile();
                            Cli.WriteLine();
                            Cli.WriteLine();

                            Program.Config.ScanPlugins
                                .Iter(x =>
                                {
                                    var annotationTableClone = ScanMetrics.Default.Annotator.AnnotationTable.Clone() as AnnotationTable;
                                    annotationTableClone.Plugin = x.ToString();
                                    ScanMetrics.Default.PluginAnnotations.Add(annotationTableClone);
                                });
                        }

                        ScannerCli.DisplayPhaseName("Dynamic Analysis");

                        ScanDirectory(new DirectoryInfo(filePath), RelativeAppPath);
                        Console.WriteLine();
                    }

                    ScannerCli.DisplayPhaseName("Dynamic Analysis Uninitialization");
                    Cli.WriteLine();
                    hooks2.DeleteHandlerFile();

                    File.Delete(TraceFileName);

                    foreach (var plugin in Config.ScanPlugins)
                        plugin.Uninitialize();

                    if (Config.Unhook)
                    {
                        hooks2.Unset(new DirectoryInfo(filePath));

                        Cli.WriteLine();
                        Cli.WriteLine();
                    }
                }

                var reportFiles = _reportWriter.WriteFilenames();
            #if !MONO && !NET35
                if (_reportWriter.ReportFiles.Any() && Config.RunViewer)
                {
                    var viewerPath = Assembly.GetExecutingAssembly().Location.RemoveAtLastIndexOf('\\', 1) +
                        @"PHPVHReportViewer.exe";

                    if (File.Exists(viewerPath))
                        System.Diagnostics.Process.Start(viewerPath, "\"" + reportFiles + "\"");
                    else
                        System.Windows.Forms.MessageBox.Show("Could not locate report viewer executable.",
                            "Error launching report viewer", System.Windows.Forms.MessageBoxButtons.OK,
                            System.Windows.Forms.MessageBoxIcon.Error);

                }
            #endif
            }

            Trace.Listeners.Clear();
            Trace.Listeners.Add(new ConsoleTraceListener());
        }