Пример #1
0
        public static IToolResults Parse(string path)
        {
            XmlDocument doc = new XmlDocument();

            doc.LoadXml(System.IO.File.ReadAllText(path));

            IToolResults results = new WapitiToolResults();

            (results as WapitiToolResults).Bugs = new List <WapitiBug>();

            foreach (XmlNode node in doc.LastChild.LastChild.ChildNodes)
            {
                string bugType = node.Attributes["name"].Value;

                foreach (XmlNode bug in node.ChildNodes)
                {
                    if (bug.Name == "description" || bug.Name == "solution" || bug.Name == "references")
                    {
                        continue;
                    }

                    foreach (XmlNode n in bug.ChildNodes)
                    {
                        (results as WapitiToolResults).Bugs.Add(new WapitiBug(bugType, n));
                    }
                }
            }

            return(results);
        }
Пример #2
0
        public PersistentWapitiResults(WapitiToolResults results)
        {
            this.Bugs = new List<PersistentWapitiBug>();

            foreach (WapitiBug bug in results.Bugs)
            {
                if (string.IsNullOrEmpty(bug.URL))
                    continue;

                this.Bugs.Add(new PersistentWapitiBug(bug, Guid.Empty));
            }

            this.FullOutput = results.FullOutput;
            this.HostIPAddressV4 = results.HostIPAddressV4;
            this.HostPort = results.HostPort;
            this.HostPortID = results.HostPortID;
        }
Пример #3
0
        public IToolResults Run(TimeSpan longest)
        {
            string cmd;

            cmd = (_options.IsHTTPS ? "https://" : "http://") + _options.Host + ":" + _options.Port;

            Guid uid = Guid.NewGuid();

            cmd += " -m \"-blindsql\" -f xml -o \"/tmp/wapiti_" + uid.ToString() + ".xml\"";

            ProcessStartInfo si = new ProcessStartInfo();

            si.RedirectStandardOutput = true;
            si.UseShellExecute        = false;

            Process proc = new Process();

            proc.StartInfo           = si;
            proc.EnableRaisingEvents = false;
            proc.StartInfo.FileName  = _options.Path;
            proc.StartInfo.Arguments = cmd;
            proc.Start();

            DateTime start = DateTime.Now;

            proc.StandardOutput.ReadToEnd();

            //while (!proc.HasExited)
            //{
            //	if ((DateTime.Now - start) > longest)
            //	{
            //		Console.WriteLine("Killing wapiti, taking too long");
            //		proc.Kill();
            //		return null;
            //	}
            //}

            WapitiToolResults results = WapitiToolResults.Parse("/tmp/wapiti_" + uid.ToString() + ".xml") as WapitiToolResults;

            results.FullOutput = System.IO.File.ReadAllText("/tmp/wapiti_" + uid.ToString() + ".xml");

            return(results);
        }
Пример #4
0
        private List <IToolResults> ScanHost(NMapHost host, SQLMapOptions sqlmapOptions, Dictionary <string, string> config)
        {
            List <IToolResults> _results = new List <IToolResults> ();

            Console.WriteLine("Scanning host: " + host.Hostname);
            foreach (var port in host.Ports)
            {
                port.ParentIPAddress = host.IPAddressv4;

                if ((port.Service == "http" || port.Service == "https") && bool.Parse(config ["isSQLMap"]))
                {
                    IToolOptions _options = new WapitiToolOptions();

                    (_options as WapitiToolOptions).Host = host.IPAddressv4;
                    (_options as WapitiToolOptions).Port = port.PortNumber;
                    (_options as WapitiToolOptions).Path = config ["wapitiPath"];

                    Wapiti wapiti = new Wapiti(_options);

                    Console.WriteLine("Running wapiti (http/" + port.PortNumber + ") on host: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname));
                    WapitiToolResults wapitiResults = null;
                    try {
                        wapitiResults = wapiti.Run(new TimeSpan(0, 10, 0)) as WapitiToolResults;
                        wapitiResults.HostIPAddressV4 = host.IPAddressv4;
                        wapitiResults.HostPort        = port.PortNumber;
                        wapitiResults.IsTCP           = true;

                        _results.Add(wapitiResults);
                    } catch (Exception ex) {
                        Console.WriteLine(ex.Message);
                    }

                    if (sqlmapOptions != null && wapitiResults != null)
                    {
                        if (wapitiResults.Bugs == null)                           // we get bugs from the findings of wapiti, if wapiti didn't run, no bugs.

                        {
                            sqlmapOptions.URL  = port.Service + "://" + host.IPAddressv4;
                            sqlmapOptions.Port = port.PortNumber;
                            sqlmapOptions.Path = config ["sqlmapPath"];

                            SQLMap mapper = new SQLMap(sqlmapOptions);

                            SQLMapResults sqlmapResults = mapper.Run() as SQLMapResults;
                            sqlmapResults.ParentHostPort = port;

                            _results.Add(sqlmapResults);
                        }
                        else
                        {
                            using (SqlmapSession sess = new SqlmapSession("127.0.0.1", 8775)) {
                                using (SqlmapManager manager = new SqlmapManager(sess)) {
                                    foreach (WapitiBug bug in wapitiResults.Bugs)
                                    {
                                        if (bug.Type.StartsWith("SQL Injection"))
                                        {
                                            Console.WriteLine("Starting SQLMap on host/port: " + (string.IsNullOrEmpty(host.Hostname) ? host.IPAddressv4 : host.Hostname) + "/" + port.PortNumber);

                                            sqlmapOptions.Path = config ["sqlmapPath"];
                                            //SQLMap mapper = new SQLMap (sqlmapOptions);

                                            //SQLMapResults results = mapper.Run (bug) as SQLMapResults;

//									if (results == null )
//										continue;
//
//									if (results.Vulnerabilities != null)
//										foreach (var vuln in results.Vulnerabilities)
//											vuln.Target = bug.URL;
//
//									results.ParentHostPort = port;
//
//									_results.Add (results);

                                            string taskid = manager.NewTask();
                                            Dictionary <string, object> opts = manager.GetOptions(taskid);


                                            if (bug.URL.Contains(bug.Parameter))
                                            {
                                                opts ["url"] = bug.URL.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);
                                            }
                                            else
                                            {
                                                opts ["url"] = bug.URL;
                                                opts["data"] = bug.Parameter.Replace("%BF%27%22%28", "abcd").Replace("%27+or+benchmark%2810000000%2CMD5%281%29%29%23", "abcd");
                                                manager.StartTask(taskid, opts);
                                            }

                                            SqlmapStatus status = manager.GetScanStatus(taskid);

                                            while (status.Status != "terminated")
                                            {
                                                System.Threading.Thread.Sleep(new TimeSpan(0, 0, 10));
                                                status = manager.GetScanStatus(taskid);
                                            }

                                            List <SqlmapLogItem> logItems = manager.GetLog(taskid);

                                            SQLMapResults results = new SQLMapResults();
                                            results.Vulnerabilities = new List <SQLMapVulnerability>();

                                            foreach (SqlmapLogItem item in logItems.Where(l => l.Level == "INFO" && l.Message.EndsWith("injectable")))
                                            {
                                                SQLMapVulnerability vuln = new SQLMapVulnerability();

                                                Console.WriteLine(item.Message);
                                            }
                                            manager.DeleteTask(taskid);
                                        }
                                        else if (bug.Type.Contains("Cross Site Scripting)"))
                                        {
                                            //dsxs
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            Console.WriteLine("Done with host: " + host.Hostname);

            return(_results);
        }
Пример #5
0
        public static IToolResults Parse(string path)
        {
            XmlDocument doc = new XmlDocument();
            doc.LoadXml(System.IO.File.ReadAllText(path));

            IToolResults results = new WapitiToolResults();
            (results as WapitiToolResults).Bugs = new List<WapitiBug>();

            foreach (XmlNode node in doc.LastChild.LastChild.ChildNodes)
            {
                string bugType = node.Attributes["name"].Value;

                foreach (XmlNode bug in node.ChildNodes)
                {
                    if (bug.Name == "description" || bug.Name == "solution" || bug.Name == "references")
                        continue;

                    foreach (XmlNode n in bug.ChildNodes)
                        (results as WapitiToolResults).Bugs.Add(new WapitiBug(bugType, n));

                }
            }

            return results;
        }