private void ScanSelectedWizard_Load(object sender, EventArgs e)
{
foreach (string Name in ActivePlugin.List())
{
ScanPluginsGrid.Rows.Add(new object[] { true, Name });
}
foreach (string Name in FormatPlugin.List())
{
FormatGrid.Rows.Add(new object[] { true, Name });
}
ScanBranchSessionPluginsCombo.Items.AddRange(SessionPlugin.List().ToArray());
if (InjectQueryCB.Checked)
{
QueryParametersFilterCB.Enabled = true;
}
if (InjectBodyCB.Checked)
{
BodyParametersFilterCB.Enabled = true;
}
if (InjectCookieCB.Checked)
{
CookieParametersFilterCB.Enabled = true;
}
if (InjectHeadersCB.Checked)
{
HeadersParametersFilterCB.Enabled = true;
}
}
public static void Add(ActivePlugin AP)
{
if ((AP.Name.Length > 0) && !(AP.Name.Equals("All") || AP.Name.Equals("None")))
{
if (!List().Contains(AP.Name))
{
AP.FileName = PluginEngine.FileName;
Collection.Add(AP);
}
}
}
public static void Add(ActivePlugin AP)
{
if ((AP.Name.Length > 0) && !(AP.Name.Equals("All") || AP.Name.Equals("None")))
{
if (!List().Contains(AP.Name))
{
AP.FileName = PluginStore.FileName;
Collection.Add(AP);
}
}
}
public static ActivePlugin Get(string Name)
{
foreach (ActivePlugin AP in Collection)
{
if (AP.Name.Equals(Name))
{
ActivePlugin NewInstance = AP.GetInstance();
NewInstance.FileName = AP.FileName;
return(NewInstance);
}
}
return(null);
}
private void ScanTraceBehaviourAnalysis_Load(object sender, EventArgs e)
{
ScanPluginsGrid.Rows.Add(new object[] { true, "All Checks" });
foreach (string Name in ActivePlugin.List())
{
ScanPluginsGrid.Rows.Add(new object[] { true, Name });
}
ConfigKeywordsTB.Text = string.Join(", ", DefaultErrorKeywords.ToArray());
ConfigResponseTimeChangeMSTB.Text = DefaultResponseTimeChange.ToString();
ConfigResponseTimeChangeFactorTB.Text = DefaultResponseTimeChangeFactor.ToString();
ConfigCharsCountTB.Text = DefaultCharsCount.ToString();
}
internal static void LoadAllInternalActivePlugins()
{
ActivePlugin.Add((new CrossSiteScriptingCheck()).GetInstance());
ActivePlugin.Add((new SqlInjectionCheck()).GetInstance());
ActivePlugin.Add((new CodeInjectionCheck()).GetInstance());
ActivePlugin.Add((new CommandInjectionCheck()).GetInstance());
ActivePlugin.Add((new XpathInjectionCheck()).GetInstance());
ActivePlugin.Add((new LdapInjectionCheck()).GetInstance());
ActivePlugin.Add((new HeaderInjectionCheck()).GetInstance());
ActivePlugin.Add((new ExpressionLanguageInjectionCheck()).GetInstance());
ActivePlugin.Add((new ServerSideIncludesInjectionCheck()).GetInstance());
ActivePlugin.Add((new ServerSideRequestForgeryCheck()).GetInstance());
ActivePlugin.Add((new OpenRedirectCheck()).GetInstance());
ActivePlugin.Add((new LocalFileIncludeCheck()).GetInstance());
ActivePlugin.Add((new RemoteFileIncludeCheck()).GetInstance());
}
internal static void ReloadPlugin(PluginType Type, string Name, string PluginFileName)
{
string FileName = "";
switch (Type)
{
case PluginType.Passive:
FileName = Config.RootDir + "\\plugins\\passive\\" + PluginFileName;
lock (PassivePlugin.Collection)
{
PassivePlugin.Remove(Name);
LoadPlugin(FileName);
}
break;
case PluginType.Active:
FileName = Config.RootDir + "\\plugins\\active\\" + PluginFileName;
lock (ActivePlugin.Collection)
{
ActivePlugin.Remove(Name);
LoadPlugin(FileName);
}
break;
case PluginType.Format:
FileName = Config.RootDir + "\\plugins\\format\\" + PluginFileName;
lock (FormatPlugin.Collection)
{
FormatPlugin.Remove(Name);
LoadPlugin(FileName);
IronUI.UpdateAllFormatPluginRows();
}
break;
case PluginType.Session:
FileName = Config.RootDir + "\\plugins\\session\\" + PluginFileName;
lock (SessionPlugin.Collection)
{
SessionPlugin.Remove(Name);
LoadPlugin(FileName);
}
break;
}
IronUI.UpdateAllFormatPluginRows();
IronUI.UpdateAllActivePluginRows();
IronUI.BuildPluginTree();
}
private void StepOneNextBtn_Click(object sender, EventArgs e)
{
ShowStep0Error("");
string Name = PluginNameTB.Text.Trim();
if (Name.Length == 0)
{
PluginNameTB.BackColor = Color.Red;
ShowStep0Error("Plugin name cannot be empty");
return;
}
if (!Regex.IsMatch(Name, "^[a-zA-Z]+$"))
{
PluginNameTB.BackColor = Color.Red;
ShowStep0Error("Plugin Name should only contain alphabets (a-z)");
return;
}
if (!Name[0].ToString().ToUpper().Equals(Name[0].ToString()))
{
ShowStep0Error("Plugin Name should begin with an upper case letter");
return;
}
if (ActivePlugin.List().Contains(Name))
{
PluginNameTB.BackColor = Color.Red;
ShowStep0Error("An Active Plugin with this name already exists. Select a different name.");
return;
}
string Desc = PluginDescTB.Text;
if (Desc.Trim().Length == 0)
{
PluginDescTB.BackColor = Color.Red;
ShowStep0Error("Plugin description cannot be empty");
return;
}
this.PluginName = Name;
this.PluginDescription = Desc;
this.CurrentStep = 1;
this.BaseTabs.SelectTab("PayloadsTab");
}
internal static void LoadNewActivePlugins(ScriptEngine Engine)
{
string ActivePluginPath = Path.Combine(Config.RootDir, "plugins\\active");
string[] ActivePluginFiles = Directory.GetFiles(ActivePluginPath);
List <string> OldPluginFiles = new List <string>();
List <string> NewPluginFiles = new List <string>();
foreach (string Name in ActivePlugin.List())
{
OldPluginFiles.Add((Config.RootDir + "\\plugins\\active\\" + ActivePlugin.Get(Name).FileName).Replace("/", "\\"));
}
foreach (string PluginFile in ActivePluginFiles)
{
if (!OldPluginFiles.Contains(PluginFile))
{
NewPluginFiles.Add(PluginFile);
}
}
LoadActivePlugins(Engine, NewPluginFiles);
}
private void StartScanWizard_Load(object sender, EventArgs e)
{
foreach (string Name in ActivePlugin.List())
{
ScanPluginsGrid.Rows.Add(new object[] { true, Name });
}
if (InjectQueryCB.Checked)
{
QueryParametersFilterCB.Enabled = true;
}
if (InjectBodyCB.Checked)
{
BodyParametersFilterCB.Enabled = true;
}
if (InjectCookieCB.Checked)
{
CookieParametersFilterCB.Enabled = true;
}
if (InjectHeadersCB.Checked)
{
HeadersParametersFilterCB.Enabled = true;
}
if (BaseRequest != null)
{
StartingUrlTB.Text = BaseRequest.Url;
BaseUrlTB.Text = "/";
if (BaseRequest.SSL)
{
CrossProtoQuestionLbl.Text = string.Format(CrossProtoQuestionLbl.Text, "HTTP");
}
else
{
CrossProtoQuestionLbl.Text = string.Format(CrossProtoQuestionLbl.Text, "HTTPS");
}
}
Step1StatusLbl.Text = "Checking if the provided Url is reachable, please wait...";
Step1Progress.Visible = true;
T = new Thread(CheckTargetConnectivity);
T.Start();
}
void CheckWithActivePlugin(ActivePlugin AP)
{
this.ActivePluginName = AP.Name;
if (!SessionHandler.CanInject(this, this.CurrentRequest))
{
return;
}
AP.Check(this.CurrentRequest.GetClone(), this);
}
static void GetNewPlugins(XmlNode ManifestNode)
{
string PluginType = ManifestNode.Name;
List <string[]> AllPluginInfo = new List <string[]>();
switch (PluginType)
{
case ("active"):
foreach (string Name in ActivePlugin.List())
{
ActivePlugin P = ActivePlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("passive"):
foreach (string Name in PassivePlugin.List())
{
PassivePlugin P = PassivePlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("format"):
foreach (string Name in FormatPlugin.List())
{
FormatPlugin P = FormatPlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
case ("session"):
foreach (string Name in SessionPlugin.List())
{
SessionPlugin P = SessionPlugin.Get(Name);
AllPluginInfo.Add(new string[] { P.FileName, P.Version });
}
break;
}
StringBuilder SB = new StringBuilder();
XmlWriter XW = XmlWriter.Create(SB);
XW.WriteStartDocument();
XW.WriteStartElement("manifest");
foreach (XmlNode FileNode in ManifestNode.ChildNodes)
{
string Version = "";
string Action = "";
string FileName = "";
string DownloadFileName = "";
string Comment = "";
List <string[]> SupportFiles = new List <string[]>();
foreach (XmlNode PropertyNode in FileNode.ChildNodes)
{
switch (PropertyNode.Name)
{
case ("version"):
Version = PropertyNode.InnerText;
break;
case ("action"):
Action = PropertyNode.InnerText;
break;
case ("filename"):
FileName = PropertyNode.InnerText;
break;
case ("downloadname"):
DownloadFileName = PropertyNode.InnerText;
break;
case ("comment"):
Comment = PropertyNode.InnerText;
break;
case ("support_file"):
string SupportFileName = "";
string SupportFileDownloadName = "";
foreach (XmlNode SupportFileNode in PropertyNode.ChildNodes)
{
switch (SupportFileNode.Name)
{
case ("filename"):
SupportFileName = SupportFileNode.InnerText;
break;
case ("downloadname"):
SupportFileDownloadName = SupportFileNode.InnerText;
break;
}
}
SupportFiles.Add(new string[] { SupportFileName, SupportFileDownloadName });
break;
}
}
if (Action.Equals("add") || Action.Equals("update"))
{
bool MatchFound = false;
string[] MatchedPluginInfo = new string[2];
foreach (string[] PluginInfo in AllPluginInfo)
{
if (PluginInfo[0].Equals(FileName))
{
MatchFound = true;
MatchedPluginInfo = PluginInfo;
break;
}
}
if ((MatchFound && !MatchedPluginInfo[1].Equals(Version)) || !MatchFound)
{
DownloadPlugin(PluginType, FileName, DownloadFileName);
XW.WriteStartElement("file");
XW.WriteStartElement("action"); XW.WriteValue(Action); XW.WriteEndElement();
XW.WriteStartElement("filename"); XW.WriteValue(FileName); XW.WriteEndElement();
XW.WriteStartElement("comment"); XW.WriteValue(Comment); XW.WriteEndElement();
XW.WriteEndElement();
foreach (string[] SupportFile in SupportFiles)
{
DownloadPlugin(PluginType, SupportFile[0], SupportFile[1]);
XW.WriteStartElement("file");
XW.WriteStartElement("action"); XW.WriteValue(Action); XW.WriteEndElement();
XW.WriteStartElement("filename"); XW.WriteValue(SupportFile[0]); XW.WriteEndElement();
XW.WriteStartElement("comment"); XW.WriteValue(Comment); XW.WriteEndElement();
XW.WriteEndElement();
}
}
}
}
XW.WriteEndElement();
XW.WriteEndDocument();
XW.Close();
StreamWriter SW = File.CreateText(Config.Path + "\\updates\\" + PluginType + "_plugin_manifest.xml");
SW.Write(SB.ToString());
SW.Close();
}
static void DoScan()
{
Spider = new Crawler();
try
{
Spider.PrimaryHost = PrimaryHost;
Spider.BaseUrl = BaseUrl;
Spider.StartingUrl = StartingUrl;
Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
Spider.IncludeSubDomains = IncludeSubDomains;
Spider.HTTP = HTTP;
Spider.HTTPS = HTTPS;
Spider.UrlsToAvoid = UrlsToAvoid;
Spider.HostsToInclude = HostsToInclude;
Spider.Start();
}
catch (Exception Exp)
{
IronException.Report("Error starting Crawler", Exp);
try
{
Stop();
}
catch { }
return;
}
ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(Mode != ScanMode.Default);
List <int> ScanIDs = new List <int>();
bool ScanActive = true;
List <string> ActivePlugins = ActivePlugin.List();
int TotalRequestsCrawled = 0;
int TotalScanJobsCreated = 0;
int TotalScanJobsCompleted = 0;
List <Request> ScannedRequests = new List <Request>();
int SleepCounter = 0;
while (ScanActive)
{
ScanActive = false;
List <Request> Requests = Spider.GetCrawledRequests();
if (Stopped)
{
return;
}
if (Requests.Count > 0 || Spider.IsActive())
{
ScanActive = true;
if (CrawlAndScan)
{
TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
//update the ui with the number of requests crawled
foreach (Request Req in Requests)
{
if (Stopped)
{
return;
}
if (!CanScan(Req))
{
continue;
}
if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false))
{
continue;
}
try
{
Scanner S = new Scanner(Req);
S.CheckAll();
if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length != 3 && S.OriginalRequest.File.Length != 4)
{
S.InjectUrl();
}
S.InjectQuery();
S.InjectBody();
//S.InjectHeaders();
//S.InjectCookie();
if (!FormatPlugin.IsNormal(Req))
{
List <FormatPlugin> RightList = FormatPlugin.Get(Req);
if (RightList.Count > 0)
{
S.BodyFormat = RightList[0];
}
}
if (S.InjectionPointsCount == 0)
{
continue;
}
TotalScanJobsCreated++;
if (Stopped)
{
return;
}
int ScanID = S.LaunchScan();
if (Stopped)
{
Stop(true);
return;
}
if (ScanID > 0)
{
ScannedRequests.Add(Req);
ScanIDs.Add(ScanID);
}
}
catch (Exception Exp)
{
IronException.Report(string.Format("Error creating Scan Job with Request - {0}", Req.Url), Exp);
}
}
}
}
if (CrawlAndScan)
{
List <int> ScanIDsToRemove = new List <int>();
List <int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
List <int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
for (int i = 0; i < ScanIDs.Count; i++)
{
if (Stopped)
{
return;
}
if (CompletedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
TotalScanJobsCompleted++;
}
else if (AbortedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
}
}
for (int i = 0; i < ScanIDsToRemove.Count; i++)
{
if (Stopped)
{
return;
}
ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
}
}
if (ScanActive)
{
Thread.Sleep(2000);
}
else
{
if (ScanIDs.Count > 0)
{
ScanActive = true;
Thread.Sleep(5000);
}
else if (SleepCounter < 10)
{
ScanActive = true;
Thread.Sleep(2000);
SleepCounter = SleepCounter + 2;
}
}
if (Stopped)
{
return;
}
IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
}
if (Stopped)
{
return;
}
Stop();
}
static void GetNewPlugins()
{
string[] PluginManifestLines = PluginManifestFile.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string Line in PluginManifestLines)
{
string[] LineParts = Line.Split(new char[] { '|' }, 6);
if (LineParts.Length != 6)
{
throw new Exception("Invalid 'Plugin Manifest File' recieved from server");
}
PluginManifestInfo.Add(LineParts);
}
List <string[]> CurrentPluginInfo = new List <string[]>();
foreach (string Name in ActivePlugin.List())
{
ActivePlugin AP = ActivePlugin.Get(Name);
string[] CurrentInfo = new string[] { "active", AP.Version, AP.FileName.Substring(AP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in PassivePlugin.List())
{
PassivePlugin PP = PassivePlugin.Get(Name);
string[] CurrentInfo = new string[] { "passive", PP.Version, PP.FileName.Substring(PP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in FormatPlugin.List())
{
FormatPlugin FP = FormatPlugin.Get(Name);
string[] CurrentInfo = new string[] { "format", FP.Version, FP.FileName.Substring(FP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string Name in SessionPlugin.List())
{
SessionPlugin SP = SessionPlugin.Get(Name);
string[] CurrentInfo = new string[] { "session", SP.Version, SP.FileName.Substring(SP.FileName.LastIndexOf('\\') + 1) };
CurrentPluginInfo.Add(CurrentInfo);
}
foreach (string[] PluginManifestInfoLine in PluginManifestInfo)
{
if (PluginManifestInfoLine[0].StartsWith("+") || PluginManifestInfoLine[0].StartsWith("*"))
{
bool MatchFound = false;
foreach (string[] CurrentPluginLineInfo in CurrentPluginInfo)
{
if (PluginManifestInfoLine[1].Equals(CurrentPluginLineInfo[0]) && PluginManifestInfoLine[3].Equals(CurrentPluginLineInfo[2]))
{
MatchFound = true;
if (!PluginManifestInfoLine[2].Equals(CurrentPluginLineInfo[1]))
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
break;
}
else if (PluginManifestInfoLine[0].Contains("_"))
{
string[] SupportDetailParts = PluginManifestInfoLine[0].Split(new char[] { '_' }, 2);
if (PluginManifestInfoLine[1].Equals(CurrentPluginLineInfo[0]) && SupportDetailParts[1].Equals(CurrentPluginLineInfo[2]))
{
MatchFound = true;
if (!PluginManifestInfoLine[2].Equals(CurrentPluginLineInfo[1]))
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
break;
}
}
}
if (!MatchFound)
{
DownloadPlugin(PluginManifestInfoLine[1], PluginManifestInfoLine[3], PluginManifestInfoLine[4]);
}
}
}
}