Пример #1
0
 //#Check logic based on https://github.com/Zapotek/arachni/blob/master/modules/audit/code_injection.rb of the Arachni project
 //#Override the Check method of the base class with custom functionlity
 public override void Check(Scanner scnr)
 {
     this.Scnr = scnr;
     this.RequestTriggers = new List<string>();
     this.ResponseTriggers = new List<string>();
     this.RequestTriggerDescs = new List<string>();
     this.ResponseTriggerDescs = new List<string>();
     this.TriggerRequests = new List<Request>();
     this.TriggerResponses = new List<Response>();
     this.TriggerCount = 0;
     this.Reasons = new List<FindingReason>();
     this.CheckForCodeInjection();
 }
 public override void Check(Scanner scnr)
 {
     this.Scnr = scnr;
     this.RequestTriggers = new List<string>();
     this.ResponseTriggers = new List<string>();
     this.RequestTriggerDescs = new List<string>();
     this.ResponseTriggerDescs = new List<string>();
     this.TriggerRequests = new List<Request>();
     this.TriggerResponses = new List<Response>();
     this.TriggerCount = 0;
     this.Reasons = new List<FindingReason>();
     this.CheckForELI();
     this.AnalyzeTestResult();
 }
Пример #3
0
 //#Override the Check method of the base class with custom functionlity
 public override void Check(Scanner scnr)
 {
     this.Scnr = scnr;
     this.ConfidenceLevel = 0;
     this.RequestTriggers = new List<string>();
     this.ResponseTriggers = new List<string>();
     this.RequestTriggerDescs = new List<string>();
     this.ResponseTriggerDescs = new List<string>();
     this.TriggerRequests = new List<Request>();
     this.TriggerResponses = new List<Response>();
     this.TriggerCount = 0;
     this.Reasons = new List<FindingReason>();
     this.CheckForRemoteFileInclude();
 }
Пример #4
0
 //#Override the Check method of the base class with custom functionlity
 public override void Check(Scanner scnr)
 {
     this.Scnr = scnr;
     this.BaseResponse = this.Scnr.BaseResponse;
     this.RequestTriggers = new List<string>();
     this.ResponseTriggers = new List<string>();
     this.RequestTriggerDescs = new List<string>();
     this.ResponseTriggerDescs = new List<string>();
     this.TriggerRequests = new List<Request>();
     this.TriggerResponses = new List<Response>();
     this.TriggerCount = 0;
     this.Reasons = new List<FindingReason>();
     this.CheckForCommandInjection();
     this.AnalyzeTestResults();
 }
Пример #5
0
        //Override the Check method of the base class with custom functionlity
        public override void Check(Scanner Scnr)
        {
            this.Scnr = Scnr;
            this.RequestTriggers = new List<string>();
            this.ResponseTriggers = new List<string>();
            this.RequestTriggerDescs = new List<string>();
            this.ResponseTriggerDescs = new List<string>();
            this.TriggerRequests = new List<Request>();
            this.TriggerResponses = new List<Response>();
            this.TriggerCount = 0;
            this.reasons = new List<FindingReason>();
            this.ConfidenceLevel = 0;
            this.base_response = this.Scnr.BaseResponse;

            this.ErrorCount = new int[] { 0, 0, 0 };
            this.Errors = new List<string>();
            this.ErrorTriggerCount = 0;

            this.Scnr.Trace("<i<br>><i<h>>Checking for SQL Injection:<i</h>>");
            int overall_error_score = this.CheckForErrorBasedSQLi();
            int overall_blind_score = this.CheckForBlindSQLi();

            int overall_score = overall_error_score + overall_blind_score;

            if (this.RequestTriggers.Count == this.ErrorTriggerCount && (this.ErrorCount[0] + this.ErrorCount[1] + this.ErrorCount[2]) > 0 && (this.ErrorCount[0] == this.ErrorCount[1] && this.ErrorCount[1] == this.ErrorCount[2]))
            {
                this.ReportSQLError(this.Errors);
            }
            else if (overall_score > 7)
            {
                this.ReportSQLInjection(FindingConfidence.High);
            }
            else if (overall_score > 4)
            {
                this.ReportSQLInjection(FindingConfidence.Medium);
            }
            else if (overall_score > 3)
            {
                this.ReportSQLInjection(FindingConfidence.Low);
            }
            //overall_blind_score = this.CheckForBlindSQLi(Request, Scanner)
            //overall_score = overall_error_score + overall_blind_score
            //if(overall_score == 0):
            //	return
        }
 public override void Check(Scanner scnr)
 {
     //#Check logic based on https://github.com/fnordbg/SSI-Scan
     this.Scnr = scnr;
     this.Scnr.Trace("<i<br>><i<h>>Checking for Server Side Includes Injection:<i</h>><i<br>><i<br>>");
     List<string> payloads = new List<string>() {string.Format("{0}\"'><!--#printenv -->", this.Scnr.PreInjectionParameterValue), "\"'><!--#printenv -->", "<!--#printenv -->"};
     foreach(string payload in payloads)
     {
         this.Scnr.RequestTrace("Injected - " + payload);
         Response res = this.Scnr.Inject(payload);
         if (res.BodyString.Contains("REMOTE_ADDR") && res.BodyString.Contains("DATE_LOCAL") && res.BodyString.Contains("DATE_GMT") && res.BodyString.Contains("DOCUMENT_URI") && res.BodyString.Contains("LAST_MODIFIED"))
         {
             this.Scnr.ResponseTrace(" ==> <i<cr>> Got contents of Environment variables in the response body. Indicates SSI Injection.<i</cr>>");
             this.reason = this.GetReason(payload, new List<string>() {"REMOTE_ADDR", "DATE_LOCAL", "DATE_GMT", "DOCUMENT_URI", "LAST_MODIFIED"});
             this.ReportSSI(payload, string.Format("The payload in this request contains a SSI snippet <!--#printenv--> which if executed will print the contents of the environment variables. The payload is: {0}", payload),  string.Join("\r\n", new string[] {"REMOTE_ADDR", "DATE_LOCAL", "DATE_GMT", "DOCUMENT_URI", "LAST_MODIFIED"}), "This response contains some keywords that are similar to some standard environment variable names.");
             return;
         }
         else
         {
             this.Scnr.ResponseTrace(" ==> The response does not contain any Environment variable information.");
         }
     }
     this.Scnr.Trace("<i<br>>No indication for presence of SSI Injection");
 }
Пример #7
0
 Scanner SetSessionPlugin(Scanner Scan)
 {
     if (SelectedSessionPlugin.Length > 0)
     {
         Scan.SessionHandler = SessionPlugin.Get(SelectedSessionPlugin);
     }
     else
     {
         Scan.SessionHandler = new SessionPlugin();
     }
     return Scan;
 }
Пример #8
0
        static void DoScan()
        {
            Spider = new Crawler();
            Spider.PrimaryHost = PrimaryHost;
            Spider.BaseUrl = BaseUrl;
            Spider.StartingUrl = StartingUrl;
            Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
            Spider.IncludeSubDomains = IncludeSubDomains;
            Spider.HTTP = HTTP;
            Spider.HTTPS = HTTPS;
            Spider.UrlsToAvoid = UrlsToAvoid;
            Spider.HostsToInclude = HostsToInclude;

            Spider.Start();
            ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(Mode != ScanMode.Default);
            Thread.Sleep(5000);
            List<int> ScanIDs = new List<int>();
            bool ScanActive = true;
            List<string> ActivePlugins = ActivePlugin.List();
            int TotalRequestsCrawled = 0;
            int TotalScanJobsCreated = 0;
            int TotalScanJobsCompleted = 0;
            List<Request> ScannedRequests = new List<Request>();

            while (ScanActive)
            {
                ScanActive = false;
                List<Request> Requests = Spider.GetCrawledRequests();
                if (Requests.Count > 0 || Spider.IsActive())
                {
                    ScanActive = true;
                    if (CrawlAndScan)
                    {
                        TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
                        //update the ui with the number of requests crawled
                        foreach (Request Req in Requests)
                        {
                            if (!CanScan(Req)) continue;
                            if (Mode == ScanMode.UserConfigured && !UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false)) continue;
                            Scanner S = new Scanner(Req);
                            S.CheckAll();
                            S.InjectAll();
                            if (!FormatPlugin.IsNormal(Req))
                            {
                                List<FormatPlugin> RightList = FormatPlugin.Get(Req);
                                if (RightList.Count > 0)
                                {
                                    S.BodyFormat = RightList[0];
                                }
                            }
                            if (S.InjectionPointsCount == 0) continue;
                            TotalScanJobsCreated++;
                            if (Stopped) return;
                            int ScanID = S.LaunchScan();
                            if (ScanID > 0)
                            {
                                ScannedRequests.Add(Req);
                                ScanIDs.Add(ScanID);
                            }
                        }
                    }
                }
                if (CrawlAndScan)
                {
                    List<int> ScanIDsToRemove = new List<int>();
                    List<int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
                    List<int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
                    for (int i = 0; i < ScanIDs.Count; i++)
                    {
                        if (CompletedScanIDs.Contains(ScanIDs[i]))
                        {
                            ScanIDsToRemove.Add(i);
                            TotalScanJobsCompleted++;
                        }
                        else if (AbortedScanIDs.Contains(ScanIDs[i]))
                        {
                            ScanIDsToRemove.Add(i);
                        }
                    }
                    for (int i = 0; i < ScanIDsToRemove.Count; i++)
                    {
                        ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
                    }
                }
                if (ScanActive)
                {
                    Thread.Sleep(2000);
                }
                else
                {
                    if (ScanIDs.Count > 0)
                    {
                        ScanActive = true;
                        Thread.Sleep(5000);
                    }
                }
                IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
                IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
                IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
            }
            Stop();
        }
Пример #9
0
        void FillInjectionsPointsinUI(Scanner Scanner)
        {
            bool AllUlr = ASRequestScanURLGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in this.ASRequestScanURLGrid.Rows)
            {
                bool Result = Scanner.URLInjections.Contains(Row.Index);
                if (AllUlr)
                {
                    AllUlr = Result;
                }
                Row.Cells[0].Value = Result;
            }

            int SubParameterIndex = 0;
            string LastParameterName = "";

            bool AllQuery = ASRequestScanQueryGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in this.ASRequestScanQueryGrid.Rows)
            {
                string Name = Row.Cells[1].Value.ToString();
                if (Name.Equals(LastParameterName))
                {
                    SubParameterIndex++;
                }
                else
                {
                    SubParameterIndex = 0;
                }
                bool Result = Scanner.QueryInjections.Has(Name) && Scanner.QueryInjections.GetAll(Name).Contains(SubParameterIndex);
                if (AllQuery)
                {
                    AllQuery = Result;
                }
                Row.Cells[0].Value = Result;
                LastParameterName = Name;
            }

            SubParameterIndex = 0;
            LastParameterName = "";

            bool AllBody = ConfigureScanRequestBodyGrid.Rows.Count > 0;
            if (Scanner.BodyFormat.Name.Length == 0)
            {
                foreach (DataGridViewRow Row in this.ConfigureScanRequestBodyGrid.Rows)
                {
                    string Name = Row.Cells[1].Value.ToString();
                    if (Name.Equals(LastParameterName))
                    {
                        SubParameterIndex++;
                    }
                    else
                    {
                        SubParameterIndex = 0;
                    }
                    bool Result = Scanner.BodyInjections.Has(Name) && Scanner.BodyInjections.GetAll(Name).Contains(SubParameterIndex);
                    if (AllBody)
                    {
                        AllBody = Result;
                    }
                    Row.Cells[0].Value = Result;
                    LastParameterName = Name;
                }
            }
            else
            {
                foreach (DataGridViewRow Row in this.ConfigureScanRequestBodyGrid.Rows)
                {
                    bool Result = Scanner.BodyXmlInjections.Contains(Row.Index);
                    if (AllBody)
                    {
                        AllBody = Result;
                    }
                    Row.Cells[0].Value = Result;
                }
            }

            SubParameterIndex = 0;
            LastParameterName = "";

            bool AllCookie = ASRequestScanCookieGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in this.ASRequestScanCookieGrid.Rows)
            {
                string Name = Row.Cells[1].Value.ToString();
                if (Name.Equals(LastParameterName))
                {
                    SubParameterIndex++;
                }
                else
                {
                    SubParameterIndex = 0;
                }
                bool Result = Scanner.CookieInjections.Has(Name) && Scanner.CookieInjections.GetAll(Name).Contains(SubParameterIndex);
                if (AllCookie)
                {
                    AllCookie = Result;
                }
                Row.Cells[0].Value = Result;
                LastParameterName = Name;
            }

            SubParameterIndex = 0;
            LastParameterName = "";

            bool AllHeaders = ASRequestScanHeadersGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in this.ASRequestScanHeadersGrid.Rows)
            {
                string Name = Row.Cells[1].Value.ToString();
                if (Name.Equals(LastParameterName))
                {
                    SubParameterIndex++;
                }
                else
                {
                    SubParameterIndex = 0;
                }
                bool Result = Scanner.HeadersInjections.Has(Name) && Scanner.HeadersInjections.GetAll(Name).Contains(SubParameterIndex);
                if (AllHeaders)
                {
                    AllHeaders = Result;
                }
                Row.Cells[0].Value = Result;
                LastParameterName = Name;
            }

            ASRequestScanAllCB.Checked = AllUlr && AllQuery && AllBody && AllCookie && AllHeaders;
            ASRequestScanURLCB.Checked = AllUlr;
            ASRequestScanQueryCB.Checked = AllQuery ;
            ASRequestScanBodyCB.Checked = AllBody;
            ASRequestScanCookieCB.Checked = AllCookie;
            ASRequestScanHeadersCB.Checked = AllHeaders;
        }
Пример #10
0
        Scanner SetFormatPlugin(Scanner S)
        {
            Request RequestToScan = S.OriginalRequest;

            if (!FormatPlugin.IsNormal(RequestToScan))
            {
                string FPName = FormatPlugin.Get(RequestToScan, FormatPlugins);
                if (FPName.Length > 0 && FPName != "Normal")
                {
                    S.BodyFormat = FormatPlugin.Get(FPName);
                }
            }
            return S;
        }
Пример #11
0
 public virtual void Check(Scanner Scan)
 {
 }
Пример #12
0
        internal static void SetScannerFromDBToUiAfterProcessing(Scanner ScannerFromDb)
        {
            ScannerFromDb.OriginalRequest.Source = RequestSource.Scan;
            string[,] XmlInjectionPoints = new string[,] { };
            string XML = "";
            //try
            //{
            //    if (ScannerFromDb.Status.Equals("Not Started"))
            //    {
            //        if (ScannerFromDb.BodyFormat.Name.Length == 0 && ScannerFromDb.CustomInjectionPointStartMarker.Length == 0 && ScannerFromDb.CustomInjectionPointEndMarker.Length == 0 && !FormatPlugin.IsNormal(ScannerFromDb.OriginalRequest))
            //        {
            //            List<FormatPlugin> RightList = FormatPlugin.Get(ScannerFromDb.OriginalRequest);
            //            if (RightList.Count > 0)
            //            {
            //                ScannerFromDb.BodyFormat = RightList[0];
            //                XML = ScannerFromDb.BodyFormat.ToXmlFromRequest(ScannerFromDb.OriginalRequest);
            //                XmlInjectionPoints = FormatPlugin.XmlToArray(XML);
            //            }
            //        }
            //    }
            //}
            //catch (Exception Exp) { IronException.Report("Error guessing Request body type", Exp); }
            Scanner.CurrentScanner = ScannerFromDb;
            Scanner.CurrentScanID = ScannerFromDb.ID;

            IronUI.SetAutomatedScanningScanner(ScannerFromDb, XML, XmlInjectionPoints);
        }
Пример #13
0
 static Scanner SetSessionPlugin(Scanner Scan)
 {
     if (SessionPlugin.Length > 0)
     {
         Scan.SessionHandler = IronWASP.SessionPlugin.Get(SessionPlugin);
     }
     else
     {
         Scan.SessionHandler = new SessionPlugin();
     }
     return Scan;
 }
Пример #14
0
        internal static void SetAutomatedScanningScanner(Scanner ScannerToSet, string XML, string[,] XmlInjectionPoints)
        {
            if (UI.ASRequestTabs.InvokeRequired)
            {
                SetAutomatedScanningScanner_d SASS_d = new SetAutomatedScanningScanner_d(SetAutomatedScanningScanner);
                UI.Invoke(SASS_d, new object[] { ScannerToSet, XML, XmlInjectionPoints });
            }
            else
            {
                try
                {
                    Scanner.CurrentScanner = ScannerToSet;
                    Scanner.CurrentScanID = ScannerToSet.ID;
                    IronUI.FillConfigureScanFullFields(ScannerToSet.OriginalRequest);
                    UI.ASRequestTabs.SelectTab(0);
                    IronUI.UpdateScanTabsWithRequestData();
                    //if (ScannerToSet.BodyFormat.Name.Length > 0 && XmlInjectionPoints.Length > 0 && ScannerToSet.Status.Equals("Not Started"))
                    //    IronUI.FillConfigureScanFormatDetails(XML, XmlInjectionPoints, new List<bool>(), false, ScannerToSet.BodyFormat.Name);
                    UI.ScanIDLbl.Text = string.Format("Scan ID: {0}", ScannerToSet.ID);
                    UI.ScanStatusLbl.Text = string.Format("Scan Status: {0}", ScannerToSet.Status);
                    Scanner.ResetChangedStatus();
                    UI.ScanTopPanel.Visible = false;
                    UI.ScanJobsBaseSplit.SplitterDistance = 350;
                    UI.ScanDisplayPanel.Visible = true;
                }
                catch (Exception Exp)
                {
                    IronException.Report("Unable to display Request in 'Automated Scanning' section", Exp.Message, Exp.StackTrace);
                    IronUI.ShowConfigureScanException("Unable to display request");
                    return;
                }

                if (UI.ASScanPluginsGrid.Rows.Count > 0)
                {
                    UI.ASScanPluginsGrid.Rows[0].Cells[0].Value = false;
                    foreach (DataGridViewRow Row in UI.ASScanPluginsGrid.Rows)
                    {
                        if (Row.Index > 0)
                        {
                            Row.Cells[0].Value = ScannerToSet.ShowChecks().Contains(Row.Cells[1].Value.ToString());
                        }
                    }
                    if (UI.ASScanPluginsGrid.Rows.Count > 1)
                    {
                        bool AllSelected = true;
                        for (int i = 1; i < UI.ASScanPluginsGrid.Rows.Count; i++)
                        {
                            if (!(bool)UI.ASScanPluginsGrid.Rows[i].Cells[0].Value)
                            {
                                AllSelected = false;
                                break;
                            }
                        }
                        if (AllSelected) UI.ASScanPluginsGrid.Rows[0].Cells[0].Value = true;
                    }
                }

                if (ScannerToSet.SessionHandler.Name.Length > 0)
                    UI.SessionPluginLbl.Text = string.Format("Selection Plugin: {0}", ScannerToSet.SessionHandler.Name);
                else
                    UI.SessionPluginLbl.Text = "Selection Plugin: -";

                //UI.ASSessionPluginsCombo.Items.Add("");
                //int SelectedSessionPluginID = -1;
                //bool SelectedSessionPluginFound = false;
                //foreach (string Name in SessionPlugin.List())
                //{
                //    int ItemID = UI.ASSessionPluginsCombo.Items.Add(Name);
                //    if (!SelectedSessionPluginFound)
                //    {
                //        if (ScannerToSet.SessionHandler.Name.Equals(Name))
                //        {
                //            SelectedSessionPluginID = ItemID;
                //            SelectedSessionPluginFound = true;
                //        }
                //    }
                //}

                //if (SelectedSessionPluginID >= 0) UI.ASSessionPluginsCombo.SelectedIndex = SelectedSessionPluginID;
                try
                {
                    FillInjectionsPointsinUI(ScannerToSet);
                }
                catch (Exception Exp)
                {
                    IronException.Report("Error restoring 'Automated Scan' configuration information from DB", Exp.Message, Exp.StackTrace);
                    IronUI.ShowConfigureScanException("Error retriving scan information");
                }

                string ScanStatus = ScannerToSet.Status;
                if (ScanStatus.Equals("Completed"))
                {
                    UI.ASStartScanBtn.Text = "Scan Again";
                }
                else if (ScanStatus.Equals("Running"))
                {
                    UI.ASStartScanBtn.Text = "Stop Scan";
                }
                else if (ScanStatus.Equals("Not Started") || ScanStatus.Equals("Incomplete") || ScanStatus.Equals("Aborted") || ScanStatus.Equals("Stopped"))
                {
                    UI.ASStartScanBtn.Text = "Start Scan";
                }
                if (!UI.ASBaseTabs.SelectedTab.Name.Equals("ASRequestTab"))
                    UI.ASBaseTabs.SelectTab("ASRequestTab");
                UI.ASStartScanBtn.Enabled = true;
            }
        }
Пример #15
0
        Scanner UpdateScannerFromUi(Scanner NewScanner, string SessionPluginName)
        {
            //Body must come above everything else because for a custom injection marker selection a new scanner object is created.
            int SubParameterPosition = 0;
            string ParameterName = "";
            #region BodyInjectionPoints
            if (BodyTypeNormalRB.Checked)
            {
                SubParameterPosition = 0;
                ParameterName = "";

                foreach (DataGridViewRow Row in this.ScanBodyTypeNormalGrid.Rows)
                {
                    string CurrentParameterName = Row.Cells[1].Value.ToString();
                    if (ParameterName.Equals(CurrentParameterName))
                    {
                        SubParameterPosition++;
                    }
                    else
                    {
                        ParameterName = CurrentParameterName;
                        SubParameterPosition = 0;
                    }
                    if ((bool)Row.Cells[0].Value)
                    {
                        NewScanner.InjectBody(ParameterName, SubParameterPosition);
                    }
                }
            }
            else if (BodyTypeFormatPluginRB.Checked)
            {
                bool FormatPluginSelected = false;
                bool FormatPluginInjectionPointSelected = false;
                foreach (DataGridViewRow Row in FormatPluginsGrid.Rows)
                {
                    if ((bool)Row.Cells[0].Value)
                    {
                        NewScanner.BodyFormat = FormatPlugin.Get(Row.Cells[1].Value.ToString());
                        FormatPluginSelected = true;
                        break;
                    }
                }
                foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
                {
                    if ((bool)Row.Cells[0].Value)
                    {
                        FormatPluginInjectionPointSelected = true;
                        break;
                    }
                }
                if (FormatPluginSelected && FormatPluginInjectionPointSelected)
                {
                    NewScanner.InjectionArrayXML = FormatXMLTB.Text;
                    NewScanner.XmlInjectionArray = new string[BodyTypeFormatPluginGrid.Rows.Count, 2];
                    NewScanner.BodyXmlInjectionParameters = new Parameters();
                    for (int i = 0; i < BodyTypeFormatPluginGrid.Rows.Count; i++)
                    {
                        NewScanner.XmlInjectionArray[i, 0] = BodyTypeFormatPluginGrid.Rows[i].Cells[1].Value.ToString();
                        NewScanner.XmlInjectionArray[i, 1] = BodyTypeFormatPluginGrid.Rows[i].Cells[2].Value.ToString();
                        NewScanner.BodyXmlInjectionParameters.Add(NewScanner.XmlInjectionArray[i, 0], NewScanner.XmlInjectionArray[i, 1]);
                    }

                    foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
                    {
                        if ((bool)Row.Cells[0].Value)
                        {
                            NewScanner.InjectBody(Row.Index);
                        }
                    }
                }
            }
            else if (BodyTypeCustomRB.Checked)
            {
                if (ScanBodyCB.Checked)
                {
                    Request RequestToScanClone = RequestToScan.GetClone();
                    RequestToScanClone.BodyString = SetCustomInjectionPointsSTB.Text;
                    if (ScanJobMode)
                    {
                        NewScanner = new Scanner(RequestToScanClone);
                    }
                    else
                    {
                        NewScanner = new Fuzzer(RequestToScanClone);
                        this.Fuzz = (Fuzzer) NewScanner;
                    }
                    NewScanner.InjectBody(CurrentStartMarker, CurrentEndMarker);
                    lock (Scanner.UserSpecifiedEncodingRuleList)
                    {
                        Scanner.UserSpecifiedEncodingRuleList.Clear();
                        foreach (DataGridViewRow Row in CharacterEscapingGrid.Rows)
                        {
                            Scanner.UserSpecifiedEncodingRuleList.Add(new string[] { Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString() });
                            if ((bool)Row.Cells[0].Value)
                                NewScanner.AddEscapeRule(Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString());
                        }
                    }
                    IronDB.StoreCharacterEscapingRules();
                }
                else
                {
                    NewScanner.CustomInjectionPointStartMarker = "";
                    NewScanner.CustomInjectionPointEndMarker = "";
                }
            }
            #endregion
            #region UrlPathPartsInjectionPoints
            for (int i = 0; i < this.ScanURLGrid.Rows.Count; i++)
            {
                if ((bool)this.ScanURLGrid.Rows[i].Cells[0].Value)
                {
                    NewScanner.InjectUrl(i);
                }
            }
            #endregion
            #region QueryInjectionPoints
            SubParameterPosition = 0;
            ParameterName = "";
            foreach (DataGridViewRow Row in this.ScanQueryGrid.Rows)
            {
                string CurrentParameterName = Row.Cells[1].Value.ToString();
                if (ParameterName.Equals(CurrentParameterName))
                {
                    SubParameterPosition++;
                }
                else
                {
                    ParameterName = CurrentParameterName;
                    SubParameterPosition = 0;
                }
                if ((bool)Row.Cells[0].Value)
                {
                    NewScanner.InjectQuery(ParameterName, SubParameterPosition);
                }
            }
            #endregion
            #region CookieInjectionPoints
            SubParameterPosition = 0;
            ParameterName = "";
            foreach (DataGridViewRow Row in this.ScanCookieGrid.Rows)
            {
                string CurrentParameterName = Row.Cells[1].Value.ToString();
                if (ParameterName.Equals(CurrentParameterName))
                {
                    SubParameterPosition++;
                }
                else
                {
                    ParameterName = CurrentParameterName;
                    SubParameterPosition = 0;
                }
                if ((bool)Row.Cells[0].Value)
                {
                    NewScanner.InjectCookie(ParameterName, SubParameterPosition);
                }
            }
            #endregion
            #region HeaderInjectionPoints
            SubParameterPosition = 0;
            ParameterName = "";
            foreach (DataGridViewRow Row in this.ScanHeadersGrid.Rows)
            {
                string CurrentParameterName = Row.Cells[1].Value.ToString();
                if (ParameterName.Equals(CurrentParameterName))
                {
                    SubParameterPosition++;
                }
                else
                {
                    ParameterName = CurrentParameterName;
                    SubParameterPosition = 0;
                }
                if ((bool)Row.Cells[0].Value)
                {
                    NewScanner.InjectHeaders(ParameterName, SubParameterPosition);
                }
            }
            #endregion
            #region ParameterNameInjectionPoints
            if (ScanQueryParameterNameCB.Checked)
            {
                NewScanner.InjectParameterName("Query");
            }
            if (ScanBodyParameterNameCB.Checked)
            {
                NewScanner.InjectParameterName("Body");
            }
            if (ScanCookieParameterNameCB.Checked)
            {
                NewScanner.InjectParameterName("Cookie");
            }
            if (ScanHeadersParameterNameCB.Checked)
            {
                NewScanner.InjectParameterName("Headers");
            }
            #endregion

            #region SetSessionPlugin
            SessionPluginName = SessionPluginsCombo.Text;
            if (SessionPluginName.Length > 0)
            {
                NewScanner.SessionHandler = SessionPlugin.Get(SessionPluginName);
            }
            #endregion

            #region SetChecks
            if (this.ScanJobMode)
            {
                foreach (DataGridViewRow Row in ScanPluginsGrid.Rows)
                {
                    if ((bool)Row.Cells[0].Value) NewScanner.AddCheck(Row.Cells[1].Value.ToString());
                }
            }
            #endregion
            return NewScanner;
        }
Пример #16
0
 Scanner AddActivePlugins(Scanner Scan)
 {
     foreach (string Name in ActivePlugins)
     {
         Scan.AddCheck(Name);
     }
     return Scan;
 }
Пример #17
0
        Scanner SetFormatPlugin(Scanner S)
        {
            Request RequestToScan = S.OriginalRequest;

            if (!FormatPlugin.IsNormal(RequestToScan))
            {
                List<FormatPlugin> RightList = FormatPlugin.Get(RequestToScan, FormatPlugins);
                if (RightList.Count > 0)
                {
                    S.BodyFormat = FormatPlugin.Get(RightList[0].Name);
                }
            }
            return S;
        }
Пример #18
0
 public virtual Response GetBaseLine(Scanner Scanner, Request Request)
 {
     return Scanner.Inject();
 }
Пример #19
0
 public virtual bool CanInject(Scanner Scanner, Request Request)
 {
     return true;
 }
Пример #20
0
 public virtual bool ShouldReDo(Scanner Scnr, Request Req, Response Res)
 {
     return false;
 }
Пример #21
0
 public virtual string ProcessInjection(Scanner Scanner, Request Request, string Payload)
 {
     return Payload;
 }
Пример #22
0
        private void FinalBtn_Click(object sender, EventArgs e)
        {
            if (FinalBtn.Text.Equals("Close"))
            {
                this.Close();
            }
            else
            {
                try
                {
                    FinalBtn.Enabled = false;
                    if (this.ScanJobMode)
                    {
                        Step3StatusTB.Text = "Creating scan job, please wait...";
                    }
                    else
                    {
                        Step3StatusTB.Text = "Reading your inputs, please wait...";
                    }

                    Scanner NewScanner = new Scanner(RequestToScan);

                    string SessionPluginName = SessionPluginsCombo.Text;

                    if (SessionPluginName.Length > 0)
                    {
                        if (SessionPlugin.List().Contains(SessionPluginName))
                        {
                            if (ScanThreadLimitCB.Checked)
                            {
                                Scanner.MaxParallelScanCount = 1;
                                IronUI.UpdateScannerSettingsInUIFromConfig();
                                IronDB.StoreScannerSettings();
                            }
                        }
                        else
                        {
                            Step3StatusTB.Text = "Invalid Session Plugin name selected.";
                            FinalBtn.Enabled = true;
                            return;
                        }
                    }

                    //
                    //No updates to the NewScanner object must be done before calling this.UpdateScannerFromUi method.
                    //There is a chance that this method might create a new scanner object and return it (when custom body injection points is selected).
                    //Any updates to NewScanner made before this method are lost if a new scanner object is returned
                    //
                    if (ScanJobMode)
                    {
                        NewScanner = this.UpdateScannerFromUi(NewScanner, SessionPluginName);
                    }
                    else
                    {
                        this.Fuzz = (Fuzzer) this.UpdateScannerFromUi(this.Fuzz, SessionPluginName);
                    }

                    if (ScanJobMode)
                    {
                        int ScanID = NewScanner.LaunchScan();
                        Step3StatusTB.Text = string.Format("Scan has been started. The ID for this scan job is {0}.\r\n\r\nThe status of this scan job can be checked in the 'Automated Scanning' tab, this window can be closed.", ScanID);
                        FinalBtn.Text = "Close";
                        StepFourPreviousBtn.Enabled = false;
                        FinalBtn.Enabled = true;
                    }
                    else
                    {
                        this.Close();
                    }
                }
                catch (Exception Exp)
                {
                    if (this.ScanJobMode)
                    {
                        IronException.Report("Error starting a configured scan", Exp.Message, Exp.StackTrace);
                        Step3StatusTB.Text = "Error Starting Scan!";
                    }
                    else
                    {
                        IronException.Report("Error getting injection points from UI", Exp.Message, Exp.StackTrace);
                        Step3StatusTB.Text = "Error reading Injecton Points";
                    }
                    FinalBtn.Enabled = true;
                }
            }
        }
Пример #23
0
 void CreateScan(Request Req)
 {
     Scanner Scan = new Scanner(Req);
     Scan = SetSessionPlugin(Scan);
     Scan = SetFormatPlugin(Scan);
     Scan = AddActivePlugins(Scan);
     Scan = SetInjectionPoints(Scan);
     if (Scan.InjectionPointsCount == 0)
     {
         TotalScans--;
         UpdateScanBranchStats(ScanDone, TotalScans, "Skipping Request as no Injection Points were Identified...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
         return;
     }
     Scan.LaunchScan();
     ScanDone++;
     UpdateScanBranchStats(ScanDone, TotalScans, "Creating and Queueing Scans...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
 }
Пример #24
0
 static void ScanItem(ScanItemUniquenessChecker UniqueChecker, string LogSource, int LogID)
 {
     try
     {
         Request Req;
         if(LogSource.Equals("Proxy"))
            Req = Request.FromProxyLog(LogID);
         else
             Req = Request.FromProbeLog(LogID);
         if (!CanScan(Req))
         {
             TotalScans--;
             IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Skipping previously scanned Request...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
             return;
         }
         if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, !ScanUrl))
         {
             TotalScans--;
             IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Skipping duplicate Request...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
             return;
         }
         ScannedRequests.Add(Req.GetClone());
         Scanner Scan = new Scanner(Req);
         Scan = SetSessionPlugin(Scan);
         Scan = SetFormatPlugin(Scan);
         Scan = AddActivePlugins(Scan);
         Scan = SetInjectionPoints(Scan);
         if (Scan.InjectionPointsCount == 0)
         {
             TotalScans--;
             IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Skipping Request as no Injection Points were Identified...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
             return;
         }
         Scan.LaunchScan();
         ScanDone++;
         IronUI.UpdateScanBranchStats(ScanDone, TotalScans, "Creating and Queueing Scans...." + ScanDone.ToString() + "/" + TotalScans.ToString() + " done", true, false);
     }
     catch (Exception Exp)
     {
         IronException.Report("ScanBranch Error Creating Scan Job with " + LogSource  + " Log ID - " + LogID.ToString(), Exp.Message, Exp.StackTrace);
     }
 }
Пример #25
0
        Scanner SetInjectionPoints(Scanner S)
        {
            if (ScanQuery)
            {
                if (QueryWhiteList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Query.GetNames())
                    {
                        if (QueryWhiteList.Contains(Name)) S.InjectQuery(Name);
                    }
                }
                else if (QueryBlackList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Query.GetNames())
                    {
                        if (!QueryBlackList.Contains(Name)) S.InjectQuery(Name);
                    }
                }
                else
                {
                    S.InjectQuery();
                }
            }

            if (ScanBody)
            {
                if (BodyWhiteList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Body.GetNames())
                    {
                        if (BodyWhiteList.Contains(Name)) S.InjectBody(Name);
                    }
                }
                else if (BodyBlackList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Body.GetNames())
                    {
                        if (!BodyBlackList.Contains(Name)) S.InjectBody(Name);
                    }
                }
                else
                {
                    S.InjectBody();
                }
            }

            if (ScanCookie)
            {
                if (CookieWhiteList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Cookie.GetNames())
                    {
                        if (CookieWhiteList.Contains(Name)) S.InjectCookie(Name);
                    }
                }
                else if (CookieBlackList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Cookie.GetNames())
                    {
                        if (!CookieBlackList.Contains(Name)) S.InjectCookie(Name);
                    }
                }
                else
                {
                    S.InjectCookie();
                }
            }

            if (ScanHeaders)
            {
                if (HeaderWhiteList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Headers.GetNames())
                    {
                        if (HeaderWhiteList.Contains(Name)) S.InjectHeaders(Name);
                    }
                }
                else if (HeaderBlackList.Count > 0)
                {
                    foreach (string Name in S.OriginalRequest.Headers.GetNames())
                    {
                        if (!HeaderBlackList.Contains(Name)) S.InjectHeaders(Name);
                    }
                }
                else
                {
                    S.InjectHeaders();
                }
            }

            if (ScanUrl)
            {
                if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length == 0)
                    S.InjectUrl();
            }

            return S;
        }
Пример #26
0
 static Scanner SetFormatPlugin(Scanner Scan)
 {
     if (FormatPlugin.Length > 0)
     {
         Scan.BodyFormat = IronWASP.FormatPlugin.Get(FormatPlugin);
     }
     else
     {
         if (!IronWASP.FormatPlugin.IsNormal(Scan.OriginalRequest))
         {
             List<IronWASP.FormatPlugin> RightPlugins = IronWASP.FormatPlugin.Get(Scan.OriginalRequest);
             if (RightPlugins.Count > 0)
             {
                 Scan.BodyFormat = RightPlugins[0];
             }
         }
     }
     return Scan;
 }
Пример #27
0
        static void FillInjectionsPointsinUI(Scanner Scanner)
        {
            bool AllUrl = UI.ASRequestScanURLGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in UI.ASRequestScanURLGrid.Rows)
            {
                bool Result = Scanner.URLInjections.Contains(Row.Index);
                if (AllUrl)
                {
                    AllUrl = Result;
                }
                Row.Cells[0].Value = Result;
            }

            int SubParameterIndex = 0;
            string LastParameterName = "";

            bool AllQuery = UI.ASRequestScanQueryGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in UI.ASRequestScanQueryGrid.Rows)
            {
                string Name = Row.Cells[1].Value.ToString();
                if (Name.Equals(LastParameterName))
                {
                    SubParameterIndex++;
                }
                else
                {
                    SubParameterIndex = 0;
                }
                bool Result = Scanner.QueryInjections.Has(Name) && Scanner.QueryInjections.GetAll(Name).Contains(SubParameterIndex);
                if (AllQuery)
                {
                    AllQuery = Result;
                }
                Row.Cells[0].Value = Result;
                LastParameterName = Name;
            }

            SubParameterIndex = 0;
            LastParameterName = "";

            bool AllBody = UI.ConfigureScanRequestBodyTypeFormatPluginGrid.Rows.Count > 0;
            if (Scanner.BodyFormat.Name.Length > 0)
            {
                foreach (DataGridViewRow Row in UI.ConfigureScanRequestBodyTypeFormatPluginGrid.Rows)
                {
                    bool Result = Scanner.BodyXmlInjections.Contains(Row.Index);
                    if (AllBody)
                    {
                        AllBody = Result;
                    }
                    Row.Cells[0].Value = Result;
                }
            }
            else if (Scanner.CustomInjectionPointStartMarker.Length > 0 && Scanner.CustomInjectionPointEndMarker.Length > 0)
            {
                AllBody = true;
            }
            else
            {
                foreach (DataGridViewRow Row in UI.ASRequestScanBodyTypeNormalGrid.Rows)
                {
                    string Name = Row.Cells[1].Value.ToString();
                    if (Name.Equals(LastParameterName))
                    {
                        SubParameterIndex++;
                    }
                    else
                    {
                        SubParameterIndex = 0;
                    }
                    bool Result = Scanner.BodyInjections.Has(Name) && Scanner.BodyInjections.GetAll(Name).Contains(SubParameterIndex);
                    if (AllBody)
                    {
                        AllBody = Result;
                    }
                    Row.Cells[0].Value = Result;
                    LastParameterName = Name;
                }
            }

            SubParameterIndex = 0;
            LastParameterName = "";

            bool AllCookie = UI.ASRequestScanCookieGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in UI.ASRequestScanCookieGrid.Rows)
            {
                string Name = Row.Cells[1].Value.ToString();
                if (Name.Equals(LastParameterName))
                {
                    SubParameterIndex++;
                }
                else
                {
                    SubParameterIndex = 0;
                }
                bool Result = Scanner.CookieInjections.Has(Name) && Scanner.CookieInjections.GetAll(Name).Contains(SubParameterIndex);
                if (AllCookie)
                {
                    AllCookie = Result;
                }
                Row.Cells[0].Value = Result;
                LastParameterName = Name;
            }

            SubParameterIndex = 0;
            LastParameterName = "";

            bool AllHeaders = UI.ASRequestScanHeadersGrid.Rows.Count > 0;
            foreach (DataGridViewRow Row in UI.ASRequestScanHeadersGrid.Rows)
            {
                string Name = Row.Cells[1].Value.ToString();
                if (Name.Equals(LastParameterName))
                {
                    SubParameterIndex++;
                }
                else
                {
                    SubParameterIndex = 0;
                }
                bool Result = Scanner.HeadersInjections.Has(Name) && Scanner.HeadersInjections.GetAll(Name).Contains(SubParameterIndex);
                if (AllHeaders)
                {
                    AllHeaders = Result;
                }
                Row.Cells[0].Value = Result;
                LastParameterName = Name;
            }

            bool AllNames = false;
            UI.ASRequestScanQueryParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Query");
            UI.ASRequestScanBodyParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Body");
            UI.ASRequestScanCookieParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Cookie");
            UI.ASRequestScanHeadersParameterNameCB.Checked = Scanner.ParameterNameInjections.Has("Headers");

            if (UI.ASRequestScanQueryParameterNameCB.Checked && UI.ASRequestScanBodyParameterNameCB.Checked && UI.ASRequestScanCookieParameterNameCB.Checked && UI.ASRequestScanHeadersParameterNameCB.Checked)
            {
                AllNames = true;
            }

            UI.ASRequestScanAllCB.Checked = AllUrl && AllQuery && AllBody && AllCookie && AllHeaders;
            UI.ASRequestScanURLCB.Checked = AllUrl;
            UI.ASRequestScanQueryCB.Checked = AllQuery;
            UI.ASRequestScanBodyCB.Checked = AllBody;
            UI.ASRequestScanCookieCB.Checked = AllCookie;
            UI.ASRequestScanHeadersCB.Checked = AllHeaders;
            UI.ASRequestScanParameterNamesCB.Checked = AllNames;
        }
Пример #28
0
        static Scanner SetInjectionPoints(Scanner Scan)
        {
            if (ScanUrl) Scan.InjectUrl();
            if (ScanQuery && SelectCheckQueryParameters && (SelectCheckQueryParametersPlus || SelectCheckQueryParametersMinus))
            {
                if (SelectCheckQueryParametersPlus)
                {
                    foreach (string Name in Scan.OriginalRequest.Query.GetNames())
                    {
                        if (SelectQueryParameters.Contains(Name))
                        {
                            for (int i = 0; i < Scan.OriginalRequest.Query.GetAll(Name).Count; i++)
                            {
                                Scan.InjectQuery(Name, i);
                            }
                        }
                    }
                }
                else
                {
                    foreach (string Name in Scan.OriginalRequest.Query.GetNames())
                    {
                        if (!DontSelectQueryParameters.Contains(Name))
                        {
                            for (int i = 0; i < Scan.OriginalRequest.Query.GetAll(Name).Count; i++)
                            {
                                Scan.InjectQuery(Name, i);
                            }
                        }
                    }
                }
            }
            else
            {
                if (ScanQuery) Scan.InjectQuery();
            }

            if (Scan.BodyFormat.Name.Length > 0)
            {
                string Xml = Scan.BodyFormat.ToXmlFromRequest(Scan.OriginalRequest);
                string[,] XmlArray = IronWASP.FormatPlugin.XmlToArray(Xml);
                Scan.BodyXmlInjectionParameters = new Parameters();
                for (int i = 0; i < XmlArray.GetLength(0); i++)
                {
                    Scan.BodyXmlInjectionParameters.Add(XmlArray[i,0], XmlArray[i,1]);
                }
            }

            if (ScanBody && SelectCheckBodyParameters && (SelectCheckBodyParametersPlus || SelectCheckBodyParametersMinus))
            {
                if (SelectCheckBodyParametersPlus)
                {
                    if (Scan.BodyFormat.Name.Length == 0)
                    {
                        foreach (string Name in Scan.OriginalRequest.Body.GetNames())
                        {
                            if (SelectBodyParameters.Contains(Name))
                            {
                                for (int i = 0; i < Scan.OriginalRequest.Body.GetAll(Name).Count; i++)
                                {
                                    Scan.InjectBody(Name, i);
                                }
                            }
                        }
                    }
                    else
                    {
                        int i = 0;
                        foreach (string Name in Scan.BodyXmlInjectionParameters.GetNames())
                        {
                            if (SelectBodyParameters.Contains(Name))
                            {
                                Scan.InjectBody(i);
                            }
                            i++;
                        }
                    }
                }
                else
                {
                    if (Scan.BodyFormat.Name.Length == 0)
                    {
                        foreach (string Name in Scan.OriginalRequest.Body.GetNames())
                        {
                            if (!DontSelectBodyParameters.Contains(Name))
                            {
                                for (int i = 0; i < Scan.OriginalRequest.Body.GetAll(Name).Count; i++)
                                {
                                    Scan.InjectBody(Name, i);
                                }
                            }
                        }
                    }
                    else
                    {
                        int i = 0;
                        foreach (string Name in Scan.BodyXmlInjectionParameters.GetNames())
                        {
                            if (!DontSelectBodyParameters.Contains(Name))
                            {
                                Scan.InjectBody(i);
                            }
                            i++;
                        }
                    }
                }
            }
            else
            {
                if (ScanBody) Scan.InjectBody();
            }

            if (ScanCookie && SelectCheckCookieParameters && (SelectCheckCookieParametersPlus || SelectCheckCookieParametersMinus))
            {
                if (SelectCheckCookieParametersPlus)
                {
                    foreach (string Name in Scan.OriginalRequest.Cookie.GetNames())
                    {
                        if (SelectCookieParameters.Contains(Name))
                        {
                            for (int i = 0; i < Scan.OriginalRequest.Cookie.GetAll(Name).Count; i++)
                            {
                                Scan.InjectCookie(Name, i);
                            }
                        }
                    }
                }
                else
                {
                    foreach (string Name in Scan.OriginalRequest.Cookie.GetNames())
                    {
                        if (!DontSelectCookieParameters.Contains(Name))
                        {
                            for (int i = 0; i < Scan.OriginalRequest.Cookie.GetAll(Name).Count; i++)
                            {
                                Scan.InjectCookie(Name, i);
                            }
                        }
                    }
                }
            }
            else
            {
                if (ScanCookie) Scan.InjectCookie();
            }

            if (ScanHeaders && SelectCheckHeadersParameters && (SelectCheckHeadersParametersPlus || SelectCheckHeadersParametersMinus))
            {
                if (SelectCheckHeadersParametersPlus)
                {
                    foreach (string Name in Scan.OriginalRequest.Headers.GetNames())
                    {
                        if (SelectHeadersParameters.Contains(Name))
                        {
                            for (int i = 0; i < Scan.OriginalRequest.Headers.GetAll(Name).Count; i++)
                            {
                                Scan.InjectHeaders(Name, i);
                            }
                        }
                    }
                }
                else
                {
                    foreach (string Name in Scan.OriginalRequest.Headers.GetNames())
                    {
                        if (!DontSelectHeadersParameters.Contains(Name))
                        {
                            for (int i = 0; i < Scan.OriginalRequest.Headers.GetAll(Name).Count; i++)
                            {
                                Scan.InjectHeaders(Name, i);
                            }
                        }
                    }
                }
            }
            else
            {
                if (ScanHeaders) Scan.InjectHeaders();
            }

            return Scan;
        }
Пример #29
0
        internal static Scanner GetScannerFromDB(int ScanID)
        {
            Scanner ScannerFromLog = null;

            using (SQLiteConnection DB = new SQLiteConnection("data source=" + IronProjectFile))
            {

                DB.Open();
                using (SQLiteCommand cmd = DB.CreateCommand())
                {
                    cmd.CommandText = "SELECT RequestHeaders, RequestBody, BinaryRequest, Status, InjectionPoints, FormatPlugin, SessionPlugin, ScanPlugins FROM ScanQueue WHERE ScanID=@ScanID LIMIT 1";
                    cmd.Parameters.AddWithValue("@ScanID", ScanID);
                    using (SQLiteDataReader result = cmd.ExecuteReader())
                    {
                        IronLogRecord ILR = new IronLogRecord();
                        ILR.RequestHeaders = result["RequestHeaders"].ToString();
                        ILR.RequestBody = result["RequestBody"].ToString();
                        ILR.IsRequestBinary = (result["BinaryRequest"].ToString().Equals("1"));
                        Session Irse = Session.GetIronSessionFromIronLogRecord(ILR, 0);
                        Request Req = Irse.Request;
                        string Status = result["Status"].ToString();
                        string FormatPluginName = result["FormatPlugin"].ToString();
                        string SessionPluginName = result["SessionPlugin"].ToString();
                        string InjectionString = result["InjectionPoints"].ToString();
                        string[] ScanPluginsArray = result["ScanPlugins"].ToString().Split(new char[] { ',' });

                        ScannerFromLog = new Scanner(Req);
                        ScannerFromLog.ScanID = ScanID;

                        if (Status.Equals("Not Started")) return ScannerFromLog;

                        if (SessionPluginName.Length > 0)
                        {
                            if (!SessionPluginName.Equals("None") && SessionPlugin.List().Contains(SessionPluginName))
                            {
                                ScannerFromLog.SessionHandler = SessionPlugin.Get(SessionPluginName);
                            }
                        }
                        if (FormatPluginName.Length > 0)
                        {
                            if (!FormatPluginName.Equals("None") && FormatPlugin.List().Contains(FormatPluginName))
                            {
                                ScannerFromLog.BodyFormat = FormatPlugin.Get(FormatPluginName);
                            }
                        }
                        if (ScanPluginsArray.Length > 0)
                        {
                            List<string> ValidScanPlugins = ActivePlugin.List();
                            foreach (string Name in ScanPluginsArray)
                            {
                                if (ValidScanPlugins.Contains(Name))
                                {
                                    ScannerFromLog.AddCheck(Name);
                                }
                            }
                        }
                        ScannerFromLog.AbsorbInjectionString(InjectionString);
                        ScannerFromLog.Status = Status;

                    }
                }
            }

            return ScannerFromLog;
        }
Пример #30
0
        static void DoScan()
        {
            Spider = new Crawler();
            try
            {
                Spider.PrimaryHost = PrimaryHost;
                Spider.BaseUrl = BaseUrl;
                Spider.StartingUrl = StartingUrl;
                Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
                Spider.IncludeSubDomains = IncludeSubDomains;
                Spider.HTTP = HTTP;
                Spider.HTTPS = HTTPS;
                Spider.UrlsToAvoid = UrlsToAvoid;
                Spider.HostsToInclude = HostsToInclude;
                Spider.SpecialHeader = SpecialHeader;

                Spider.Start();
            }
            catch(Exception Exp)
            {
                IronException.Report("Error starting Crawler", Exp);
                try
                {
                    Stop();
                }
                catch { }
                return;
            }

            ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(CanPromptUser);

            List<int> ScanIDs = new List<int>();
            bool ScanActive = true;
            List<string> ActivePlugins = ActivePlugin.List();
            int TotalRequestsCrawled = 0;
            int TotalScanJobsCreated = 0;
            int TotalScanJobsCompleted = 0;
            List<Request> ScannedRequests = new List<Request>();
            int SleepCounter = 0;

            while (ScanActive)
            {
                ScanActive = false;
                List<Request> Requests = Spider.GetCrawledRequests();
                if (Stopped) return;
                if (Requests.Count > 0 || Spider.IsActive())
                {
                    ScanActive = true;
                    if (CrawlAndScan)
                    {
                        TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
                        //update the ui with the number of requests crawled
                        foreach (Request Req in Requests)
                        {
                            if (Stopped) return;
                            if (!CanScan(Req)) continue;
                            if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false)) continue;
                            try
                            {
                                Scanner S = new Scanner(Req);
                                foreach (string Check in Checks)
                                {
                                    S.AddCheck(Check);
                                }
                                if (InjectQuery)
                                {
                                    if (QueryWhiteList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Query.GetNames())
                                        {
                                            if (QueryWhiteList.Contains(Name)) S.InjectQuery(Name);
                                        }
                                    }
                                    else if (QueryBlackList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Query.GetNames())
                                        {
                                            if (!QueryBlackList.Contains(Name)) S.InjectQuery(Name);
                                        }
                                    }
                                    else
                                    {
                                        S.InjectQuery();
                                    }
                                }

                                if (InjectBody)
                                {
                                    if (BodyWhiteList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Body.GetNames())
                                        {
                                            if (BodyWhiteList.Contains(Name)) S.InjectBody(Name);
                                        }
                                    }
                                    else if (BodyBlackList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Body.GetNames())
                                        {
                                            if (!BodyBlackList.Contains(Name)) S.InjectBody(Name);
                                        }
                                    }
                                    else
                                    {
                                        S.InjectBody();
                                    }
                                }

                                if (InjectCookie)
                                {
                                    if (CookieWhiteList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Cookie.GetNames())
                                        {
                                            if (CookieWhiteList.Contains(Name)) S.InjectCookie(Name);
                                        }
                                    }
                                    else if (CookieBlackList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Cookie.GetNames())
                                        {
                                            if (!CookieBlackList.Contains(Name)) S.InjectCookie(Name);
                                        }
                                    }
                                    else
                                    {
                                        S.InjectCookie();
                                    }
                                }

                                if (InjectHeaders)
                                {
                                    if (HeaderWhiteList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Headers.GetNames())
                                        {
                                            if (HeaderWhiteList.Contains(Name)) S.InjectHeaders(Name);
                                        }
                                    }
                                    else if (HeaderBlackList.Count > 0)
                                    {
                                        foreach (string Name in S.OriginalRequest.Headers.GetNames())
                                        {
                                            if (!HeaderBlackList.Contains(Name)) S.InjectHeaders(Name);
                                        }
                                    }
                                    else
                                    {
                                        S.InjectHeaders();
                                    }
                                }

                                if (InjectUrlPathParts)
                                {
                                    if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length == 0)
                                        S.InjectUrl();
                                }

                                if (S.InjectionPointsCount == 0) continue;
                                TotalScanJobsCreated++;
                                if (Stopped) return;
                                int ScanID = S.LaunchScan();
                                if (Stopped)
                                {
                                    Stop(true);
                                    return;
                                }
                                if (ScanID > 0)
                                {
                                    ScannedRequests.Add(Req);
                                    ScanIDs.Add(ScanID);
                                }
                            }
                            catch(Exception Exp)
                            {
                                IronException.Report(string.Format("Error creating Scan Job with Request - {0}", Req.Url), Exp);
                            }
                        }
                    }
                }
                if (CrawlAndScan)
                {
                    List<int> ScanIDsToRemove = new List<int>();
                    List<int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
                    List<int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
                    for (int i = 0; i < ScanIDs.Count; i++)
                    {
                        if (Stopped) return;
                        if (CompletedScanIDs.Contains(ScanIDs[i]))
                        {
                            ScanIDsToRemove.Add(i);
                            TotalScanJobsCompleted++;
                        }
                        else if (AbortedScanIDs.Contains(ScanIDs[i]))
                        {
                            ScanIDsToRemove.Add(i);
                        }
                    }
                    for (int i = 0; i < ScanIDsToRemove.Count; i++)
                    {
                        if (Stopped) return;
                        ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
                    }
                }
                if (ScanActive)
                {
                    Thread.Sleep(2000);
                }
                else
                {
                    if (ScanIDs.Count > 0)
                    {
                        ScanActive = true;
                        Thread.Sleep(5000);
                    }
                    else if (SleepCounter < 10)
                    {
                        ScanActive = true;
                        Thread.Sleep(2000);
                        SleepCounter = SleepCounter + 2;
                    }
                }
                if (Stopped) return;
                IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
                IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
                IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
            }
            if (Stopped) return;
            Stop();
        }