/// <summary>
/// Creates a new event in the log.
/// </summary>
/// <param name='result'>
/// The result of the scanner.
/// </param>
public virtual void Create(ScannerResult result)
{
try
{
_semaphore.WaitOne();
//Reopen the connection if the connection is closed.
if (Connection.State != ConnectionState.Open)
{
Open();
}
//Create the SQL records for this event.
CreateSql(result);
Debugger.Put(4, "\tdb: inserted new event '{0}'", ConsoleColor.DarkMagenta, result.Signature);
}
catch (Exception e)
{
Debugger.Put(3, "\tdb: {0}", ConsoleColor.Red, e.Message);
}
finally
{
_semaphore.Release();
}
}
public static ScannerResult Check(ScannerRequest request)
{
if (_payloads.Count == 0)
{
lock (_syncObject)
{
if (_payloads.Count == 0)
{
Initialize();
}
}
}
ScannerResult result = new ScannerResult();
foreach (string payload in _payloads)
{
string testUrl = request.URL.Trim('/') + "/" + payload;
WebPageRequest webRequest = new WebPageRequest(testUrl);
WebPageLoader.Load(webRequest);
if (webRequest.Response.Headers.AllKeys.Contains("headername"))
{
result.Success = true;
result.Results.Add(testUrl);
return(result);
}
}
return(result);
}
public IReadOnlyList <AnalyzerSummary> Analyze(ScannerResult report, Func <ProbeResult, string> filterBy)
{
var rollup = GetRollup(report.Results, filterBy);
var summary = (from result in rollup
let healthy = new AnalyzerResultImpl(
result.Value
.Count(x => x == ProbeResultStatus.Healthy)
.ConvertTo(),
CalcPercentage(result.Value, ProbeResultStatus.Healthy))
let unhealthy = new AnalyzerResultImpl(
result.Value
.Count(x => x == ProbeResultStatus.Unhealthy)
.ConvertTo(),
CalcPercentage(result.Value, ProbeResultStatus.Unhealthy))
let warning = new AnalyzerResultImpl(
result.Value
.Count(x => x == ProbeResultStatus.Warning)
.ConvertTo(),
CalcPercentage(result.Value, ProbeResultStatus.Warning))
let inconclusive = new AnalyzerResultImpl(
result.Value
.Count(x => x == ProbeResultStatus.Inconclusive)
.ConvertTo(),
CalcPercentage(result.Value, ProbeResultStatus.Inconclusive))
select new AnalyzerSummaryImpl(result.Key, healthy, unhealthy, warning, inconclusive))
.Cast <AnalyzerSummary>()
.ToList();
NotifyObservers(summary);
return(summary);
}
public static ScannerResult Check(ScannerRequest request)
{
if (_domainList.Count == 0)
{
lock (_syncObject)
{
if (_domainList.Count == 0)
{
Initialize();
}
}
}
ScannerResult result = new ScannerResult();
if (String.IsNullOrEmpty(request.Body))
{
return(result);
}
string domain = "";
foreach (Fingerprint domainTest in _domainList)
{
domain = Check_Domain(request.Body, domainTest);
if (!String.IsNullOrEmpty(domain))
{
result.Success = true;
result.Results.Add(domain);
return(result);
}
}
return(result);
}
private async void CompleteScan()
{
try
{
var status = OutButtonChecked ? EHaspelStatus.IsUsed : EHaspelStatus.Unkown;
if (status == EHaspelStatus.Unkown)
{
status = FullButtonChecked ? EHaspelStatus.Full : EHaspelStatus.Empty;
}
var result = new ScannerResult
{
Barcode = myCurrentResult.Text,
Status = status,
User = status == EHaspelStatus.IsUsed ? SelectedUserOptions : string.Empty
};
OnScanResult?.Invoke(this, result);
await myNavigationService.NavigateBackToRoot();
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
public static ScannerResult Check(ScannerRequest request)
{
if (_knownAttackFiles.Count == 0)
{
lock (_syncObject)
{
if (_knownAttackFiles.Count == 0)
{
Initialize();
}
}
}
ScannerResult result = new ScannerResult();
List <string> returnList = new List <string>();
string testedFile = request.URL.Trim('/') + "/lkfkjsalkalkln3nfioaoisf0090cvlklkvkllkalk";
WebPageRequest webRequest = new WebPageRequest(testedFile);
//WebPageLoader.Load(webRequest);
//if (webRequest.Response.Code.Equals("200"))
//{
// return result;
//}
foreach (AttackFile attack in _knownAttackFiles)
{
testedFile = request.URL.Trim('/') + "/" + attack.File;
webRequest = new WebPageRequest(testedFile);
WebPageLoader.Load(webRequest);
if (webRequest.Response.Code.Equals("200"))
{
bool anyFingerPrint = false;
foreach (string fp in attack.FingerPrint)
{
if (webRequest.Response.Body.Contains(fp))
{
anyFingerPrint = true;
break;
}
}
if (anyFingerPrint)
{
result.Success = true;
string attackString = attack.Attacks.FirstOrDefault();
if (!String.IsNullOrEmpty(attackString))
{
testedFile = testedFile + attackString;
}
returnList.Add(testedFile);
}
}
}
result.Results.AddRange(returnList);
return(result);
}
public static ScannerResult Check(ScannerRequest request)
{
if (_fileNames.Count == 0)
{
lock (_syncObject)
{
if (_fileNames.Count == 0)
{
Initialize();
}
}
}
ScannerResult result = new ScannerResult();
foreach (string fileName in _fileNames)
{
string testedFile = request.URL.Trim('/') + "/" + fileName;
WebPageRequest webRequest = new WebPageRequest(testedFile);
WebPageLoader.Load(webRequest);
if (Check_Contents(webRequest.Response.Body))
{
result.Success = true;
result.Results.Add(testedFile);
return(result);
}
}
return(result);
}
/// <summary>
/// Updates an existing event in the log.
/// </summary>
/// <param name='result'>
/// Result.
/// </param>
public virtual void Update(ScannerResult result)
{
try
{
_semaphore.WaitOne();
//Reopen the connection if the connection is closed.
if (Connection.State != ConnectionState.Open)
{
Open();
}
//Update an existing event with the new packets.
UpdateSql(result);
Debugger.Put(4, "\tdb: updated existing event '{0}'", ConsoleColor.DarkMagenta, result.Signature);
}
catch (Exception e)
{
Debugger.Put(3, "\tdb: {0}", ConsoleColor.Red, e.Message);
}
finally
{
_semaphore.Release();
}
}
public bool TrySave(ScannerResult result, string file, string path)
{
if (Directory.Exists(path))
{
return(Write(result, file, path));
}
var dir = Directory.CreateDirectory(path);
return(dir.Exists ? Write(result, file, path) : Write(result, file, path));
}
private async void HandleHaspelResult(ScannerResult scanResult)
{
await myApiManager.HaspelApiManager.PostData(new Haspel
{
Barcode = scanResult.Barcode,
Status = scanResult.Status,
UsedBy = scanResult.User
});
ScanResultHandled?.Invoke(this, scanResult);
}
bool Write(ScannerResult result, string file, string path)
{
string fullPath = $"{path}/{file}";
if (File.Exists(fullPath))
{
return(false);
}
File.WriteAllText(fullPath, result.ToJsonString());
return(true);
}
public override void Handle(ScannerResult results)
{
var message = new MailMessage();
message.To.Add("mlandi@sourcesecure");
message.From = new MailAddress("*****@*****.**");
message.Subject = results.AttackType + " Attack Detected!";
message.Body = results.AttackAddress + " -> " + results.VictimAddress;
message.Priority = MailPriority.High;
new SmtpClient("mail.optonline.net", 25).Send(message);
}
public ScannerResult Scan(IPAddress subnet)
{
var result = new ScannerResult();
//var ips = Pinger.PingAllAsync(subnet).Result;
var ips = PingerThreaded.PingAll(subnet);
//Console.WriteLine($"PingAll took {ips.Elapsed}");
result.Online.AddRange(Arp.GetAll()
.Where(ae => ips.OnlineIps.ContainsKey(ae.Ip))
.Select(ae => new IpAndMac(ips.OnlineIps.First(ip => Equals(ae.Ip, ip.Key)).Key, ae.Mac)));
return(result);
}
public static ScannerResult Check(ScannerRequest request)
{
if (_socialDomains.Count == 0)
{
lock (_syncObject)
{
if (_socialDomains.Count == 0)
{
Initilize();
}
}
}
ScannerResult result = new ScannerResult();
if (_masterIgnoreList.Contains(request.Domain))
{
return(result);
}
HtmlDocument htmlDoc = new HtmlDocument();
htmlDoc.LoadHtml(request.Body);
List <string> linksFound = new List <string>();
List <HtmlNode> anchorLinks = htmlDoc.DocumentNode.Descendants("a").ToList();
foreach (HtmlNode node in anchorLinks)
{
if (node.Attributes["href"] != null)
{
string value = node.Attributes["href"].Value;
if (!value.StartsWith("mailto"))
{
if (CheckURL(request.Domain, value) && !linksFound.Contains(value))
{
result.Success = true;
linksFound.Add(value);
}
}
}
}
result.Results.AddRange(linksFound);
return(result);
}
public string Format(ScannerResult report)
{
var builder = new StringBuilder();
builder.AppendLine($"Report Identifier: {report.Id.ToString()}");
builder.AppendLine($"Timestamp: {report.Timestamp.ToString()}");
builder.AppendLine();
builder.AppendLine("Results");
foreach (var result in report.Results)
{
Format(result, ref builder);
}
return(builder.ToString());
}
private ScannerResult GetScannerResult ()
{
ScannerResult result = null;
foreach (var symbol in scanner.Results) {
var rect = symbol.Bounds;
int height = rect.Height();
int w = rect.Width();
var point = symbol.GetLocationPoint (5);
result = new ScannerResult {
Data = symbol.Data,
Type = symbol.Type,
Quality = symbol.Quality
};
return result;
}
return result;
}
public static ScannerResult Check(ScannerRequest request)
{
if (_knownAttackHeaders.Count == 0)
{
lock (_syncObject)
{
if (_knownAttackHeaders.Count == 0)
{
Initialize();
}
}
}
ScannerResult result = new ScannerResult();
List <string> returnList = new List <string>();
string testedFile = request.URL.Trim('/');
WebPageRequest webRequest = new WebPageRequest(testedFile);
webRequest = new WebPageRequest(request.URL.Trim('/'));
webRequest.Log = true;
webRequest.LogDir = request.LogDir;
foreach (AttackHeader attack in _knownAttackHeaders)
{
webRequest.Headers = attack.AttackHeaderCollection;
WebPageLoader.Load(webRequest);
foreach (var headerFP in attack.FingerPrintHeaders.AllKeys)
{
var header = webRequest.Response.Headers.Get(headerFP);
if (header != null)
{
if (attack.FingerPrintHeaders[headerFP] == webRequest.Response.Headers[headerFP])
{
returnList.Add(headerFP);
}
}
}
}
result.Results.AddRange(returnList);
return(result);
}
public override IEnumerable <ScannerResult> Scan(IDataPacketCollection packets)
{
//Create a list of results we can add to as we find new attacks.
var results = new List <ScannerResult>();
//Determine the time period that we should look back for packets at.
var lookback = DateTime.Now.AddMinutes(-1).AddSeconds(-30);
//Group all ARP packets by the sender.
var arp_source = packets.Items.Where(
x => x.Protocol == NetworkProtocol.arp).ToLookup(
x => x.HardwareAddressSource);
//Loop through each source address.
foreach (string mac_source in arp_source.Select(x => x.Key))
{
//Group all of the sender packets by the target address.
var arp_source_target = arp_source[mac_source].ToLookup(
x => x.HardwareAddressTarget);
//Loop through each target address.
foreach (var mac_target in arp_source_target.Select(x => x.Key))
{
/*
* Determine if a certain number of attack packets were found
* for this sender/receiver in the lookback time period.
*/
if (arp_source_target[mac_target].Where(x => x.Timestamp >= lookback).Count() >= 20)
{
//Store the packets and result in the list for return.
var packet = arp_source_target[mac_target].First();
var result = new ScannerResult(packet.HardwareAddressSource,
packet.HardwareAddressTarget,
"ARP Spoof",
this,
arp_source_target[mac_target]);
results.Add(result);
}
}
}
return(results);
}
public static ScannerResult BucketCheck(ScannerRequest request)
{
if (_bucketURLRegex.Count == 0)
{
lock (_syncObject)
{
if (_bucketURLRegex.Count == 0)
{
Initilize();
}
}
}
ScannerResult result = new ScannerResult();
List <string> referencedBuckets = new List <string>();
List <string> bustedBuckets = new List <string>();
foreach (string search in _bucketURLRegex)
{
MatchCollection collection = Regex.Matches(request.Body, search);
referencedBuckets.AddRange(collection.Cast <Match>().Select(match => match.Value).ToList());
}
referencedBuckets = referencedBuckets.Distinct().ToList();
//todo: make better regex so we dont have to do this
referencedBuckets.RemoveAll(x => x.Trim('/') == @"http://s3.amazonaws.com");
referencedBuckets.RemoveAll(x => x.Trim('/') == @"https://s3.amazonaws.com");
foreach (string bucket in referencedBuckets)
{
WebPageRequest webRequest = new WebPageRequest(bucket);
WebPageLoader.Load(webRequest);
if (webRequest.Response.Body.Contains("<Code>NoSuchBucket</Code>"))
{
result.Success = true;
bustedBuckets.Add(bucket);
}
}
result.Results.AddRange(bustedBuckets);
return(result);
}
private ScannerResult CheckEngine(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = SubdomainTakeover.Check(request);
if (result.Success)
{
sb.Append("\tEngine Found! " + result.Results.First() + "! Email sent." + Environment.NewLine);
SendEmail("Subdomain takeover", request.URL + " appears to have an open instance of " + result.Results.First());
if (linkBuilder != null)
{
linkBuilder.Append(request.URL + Environment.NewLine);
}
}
else
{
sb.Append("\tNo engine found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckBuckets(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = S3Bucket.BucketCheck(request);
if (result.Success)
{
sb.Append("\tUnclaimed S3 Buckets Found! " + String.Join(", ", result.Results.ToArray()) + "! Email sent." + Environment.NewLine);
SendEmail("Unclaimed S3 Buckets Used", request.URL + " appears to use buckets " + String.Join(", " + Environment.NewLine, result.Results.ToArray()));
if (linkBuilder != null)
{
linkBuilder.Append(request.URL + Environment.NewLine);
}
}
else
{
sb.Append("\tNo Unclaimed S3 buckets found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckSocialMedia(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = SocialMedia.Check(request);
if (result.Success)
{
sb.Append("\tDormant social media accounts found! " + String.Join(", " + Environment.NewLine, result.Results.ToArray()) + "! Email sent." + Environment.NewLine);
SendEmail("Dormant Social Media Used", request.URL + " appears to use dormant social media accounts " + String.Join(Environment.NewLine, result.Results.ToArray()));
if (linkBuilder != null)
{
linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine);
}
}
else
{
sb.Append("\tNo dormant social media accounts found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckServices(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = Services.Check(request);
if (result.Success)
{
sb.Append("\tService Exposure Found! " + result.Results.First() + "! Email sent." + Environment.NewLine);
SendEmail("Exposed Service", request.URL + " appears to have an exposed service of " + result.Results.First());
if (linkBuilder != null)
{
linkBuilder.Append(request.URL + Environment.NewLine);
}
}
else
{
sb.Append("\tNo exposed services found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckDefaultpages(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = DefaultPage.Check(request);
if (result.Success)
{
sb.Append("\tDefault Page Found! " + result.Results.First() + "! Email sent." + Environment.NewLine);
SendEmail("\tDefault Page", request.URL + " appears to have a default page for " + result.Results.First());
if (linkBuilder != null)
{
linkBuilder.Append(request.URL + Environment.NewLine);
}
}
else
{
sb.Append("\tNo default pages found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckCRLF(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = CRLF.Check(request);
if (result.Success)
{
sb.Append("\tCRLF Attack Found! " + request.URL + "! Email sent." + result.Results.First());
SendEmail("\tCRLF Attack Found ", request.URL + " appears to have known attack files: " + Environment.NewLine + result.Results.First());
if (linkBuilder != null)
{
linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine);
}
}
else
{
sb.Append("\tNo CRLF found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckPHPInfo(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = PHPInfo.Check(request);
if (result.Success)
{
sb.Append("\tPHP Info Found! " + result.Results.First() + "! Email sent." + Environment.NewLine);
SendEmail("\tPHP Info Found ", result.Results.First() + " appears to have an exposed phpinfo()");
if (linkBuilder != null)
{
linkBuilder.Append(result.Results.First() + Environment.NewLine);
}
}
else
{
sb.Append("\tNo phpinfo pages found." + Environment.NewLine);
}
return(result);
}
private ScannerResult CheckIndexOf(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = IndexOf.Check(request);
if (result.Success)
{
sb.Append("\tDirectory Traversal Found! " + request.URL + "! Email sent." + Environment.NewLine);
SendEmail("\tDirectory Traversal Found", request.URL + " appears to have directory traversal enabled.");
if (linkBuilder != null)
{
linkBuilder.Append(request.URL + Environment.NewLine);
}
}
else
{
sb.Append("\tNo directory traversal found." + Environment.NewLine);
}
return(result);
}
public static ScannerResult ScreenDump(this ScannerResult result)
{
Console.WriteLine($"Id: {result.Id}");
Console.WriteLine($"Scanner Id: {result.ScannerId}");
// Console.WriteLine($"{result}");
for (int i = 0; i < result.Results.Count; i++)
{
Console.WriteLine($"Id: {result.Results[i].Id}");
Console.WriteLine($"Name: {result.Results[i].Name}");
Console.WriteLine($"Status: {result.Results[i].Status}");
Console.WriteLine($"Component Id: {result.Results[i].ComponentId}");
Console.WriteLine($"Component Type: {result.Results[i].ComponentType}");
Console.WriteLine($"Parent Component Id: {result.Results[i].ParentComponentId}");
Console.WriteLine();
// Console.WriteLine($"{result.Results[i]}");
}
return(result);
}
private ScannerResult CheckCSP(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
ScannerResult result = ContentSecurityPolicy.Check(request);
if (result.Success)
{
sb.Append("\tCSP Vulnerability Found! " + request.URL + "! Email sent." + result.Results.First());
SendEmail("\tCSP Vulnerability Found ", request.URL + " appears to have unclaimed CSP URLS: " + Environment.NewLine + result.Results.First());
if (linkBuilder != null)
{
linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine);
}
}
else
{
sb.Append("\tNo CSP found." + Environment.NewLine);
}
return(result);
}
public override IEnumerable <ScannerResult> Scan(IDataPacketCollection packets)
{
//Create a list of results we can add to as we find new attacks.
var results = new List <ScannerResult>();
//Determine the time period that we should look back for packets at.
var lookback = DateTime.Now.AddMinutes(-1).AddSeconds(-30);
//Group all DNS packets by the sender.
var tcp_source = packets.Items
.Where(x => x.Protocol == NetworkProtocol.tcp)
.Where(x => x.Timestamp >= lookback).ToLookup(x => x.IpAddressSource);
foreach (var ip_source in tcp_source.Select(x => x.Key))
{
var tcp_destination = tcp_source[ip_source].ToLookup(x => x.IpAddressDestination);
foreach (var ip_destination in tcp_destination.Select(x => x.Key))
{
var matches = tcp_destination[ip_destination].OrderBy(x => x.PortDestination);
var ports = matches.Select(x => x.PortDestination).ToArray();
var longestSequence = LIS(ports);
if (longestSequence > 30)
{
//Store the packets and result in the list for return.
var offendingPacket = matches.First();
var result = new ScannerResult(offendingPacket.HardwareAddressSource,
offendingPacket.HardwareAddressTarget,
"Port Scan",
this,
matches);
results.Add(result);
}
}
}
return(results);
}
private ScannerResult CheckHeaders(ScannerRequest request, StringBuilder sb, StringBuilder linkBuilder = null)
{
request.LogDir = Settings.LogDir;
ScannerResult result = Headers.Check(request);
if (result.Success)
{
sb.Append("\tHeader attacks found! " + String.Join(", " + Environment.NewLine, result.Results.ToArray()) + "! Email sent." + Environment.NewLine);
SendEmail("Header attacks found", request.URL + " appears to be vulnerable to header attacks " + String.Join(Environment.NewLine, result.Results.ToArray()));
if (linkBuilder != null)
{
linkBuilder.Append(String.Join(Environment.NewLine, result.Results.ToArray()) + Environment.NewLine);
}
}
else
{
sb.Append("\tNo header attacks found." + Environment.NewLine);
}
return(result);
}
public ScanCompleteEventArgs(ScannerResult scannerResult)
{
this.ScannerResult = scannerResult;
}
