Scanner SetInjectionPoints(Scanner S)
{
if (ScanQuery)
{
if (QueryWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (QueryWhiteList.Contains(Name)) S.InjectQuery(Name);
}
}
else if (QueryBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (!QueryBlackList.Contains(Name)) S.InjectQuery(Name);
}
}
else
{
S.InjectQuery();
}
}
if (ScanBody)
{
if (BodyWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (BodyWhiteList.Contains(Name)) S.InjectBody(Name);
}
}
else if (BodyBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (!BodyBlackList.Contains(Name)) S.InjectBody(Name);
}
}
else
{
S.InjectBody();
}
}
if (ScanCookie)
{
if (CookieWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (CookieWhiteList.Contains(Name)) S.InjectCookie(Name);
}
}
else if (CookieBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (!CookieBlackList.Contains(Name)) S.InjectCookie(Name);
}
}
else
{
S.InjectCookie();
}
}
if (ScanHeaders)
{
if (HeaderWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (HeaderWhiteList.Contains(Name)) S.InjectHeaders(Name);
}
}
else if (HeaderBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (!HeaderBlackList.Contains(Name)) S.InjectHeaders(Name);
}
}
else
{
S.InjectHeaders();
}
}
if (ScanUrl)
{
if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length == 0)
S.InjectUrl();
}
return S;
}
static void DoScan()
{
Spider = new Crawler();
Spider.PrimaryHost = PrimaryHost;
Spider.BaseUrl = BaseUrl;
Spider.StartingUrl = StartingUrl;
Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
Spider.IncludeSubDomains = IncludeSubDomains;
Spider.HTTP = HTTP;
Spider.HTTPS = HTTPS;
Spider.UrlsToAvoid = UrlsToAvoid;
Spider.HostsToInclude = HostsToInclude;
Spider.Start();
ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(Mode != ScanMode.Default);
List<int> ScanIDs = new List<int>();
bool ScanActive = true;
List<string> ActivePlugins = ActivePlugin.List();
int TotalRequestsCrawled = 0;
int TotalScanJobsCreated = 0;
int TotalScanJobsCompleted = 0;
List<Request> ScannedRequests = new List<Request>();
int SleepCounter = 0;
while (ScanActive)
{
ScanActive = false;
List<Request> Requests = Spider.GetCrawledRequests();
if (Stopped) return;
if (Requests.Count > 0 || Spider.IsActive())
{
ScanActive = true;
if (CrawlAndScan)
{
TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
//update the ui with the number of requests crawled
foreach (Request Req in Requests)
{
if (Stopped) return;
if (!CanScan(Req)) continue;
if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false)) continue;
Scanner S = new Scanner(Req);
S.CheckAll();
if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length != 3 && S.OriginalRequest.File.Length != 4)
S.InjectUrl();
S.InjectQuery();
S.InjectBody();
S.InjectHeaders();
S.InjectCookie();
if (!FormatPlugin.IsNormal(Req))
{
List<FormatPlugin> RightList = FormatPlugin.Get(Req);
if (RightList.Count > 0)
{
S.BodyFormat = RightList[0];
}
}
if (S.InjectionPointsCount == 0) continue;
TotalScanJobsCreated++;
if (Stopped) return;
int ScanID = S.LaunchScan();
if (Stopped)
{
Stop(true);
return;
}
if (ScanID > 0)
{
ScannedRequests.Add(Req);
ScanIDs.Add(ScanID);
}
}
}
}
if (CrawlAndScan)
{
List<int> ScanIDsToRemove = new List<int>();
List<int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
List<int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
for (int i = 0; i < ScanIDs.Count; i++)
{
if (Stopped) return;
if (CompletedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
TotalScanJobsCompleted++;
}
else if (AbortedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
}
}
for (int i = 0; i < ScanIDsToRemove.Count; i++)
{
if (Stopped) return;
ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
}
}
if (ScanActive)
{
Thread.Sleep(2000);
}
else
{
if (ScanIDs.Count > 0)
{
ScanActive = true;
Thread.Sleep(5000);
}
else if (SleepCounter < 10)
{
ScanActive = true;
Thread.Sleep(2000);
SleepCounter = SleepCounter + 2;
}
}
if (Stopped) return;
IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
}
if (Stopped) return;
Stop();
}
Scanner UpdateScannerFromUi(Scanner NewScanner, string SessionPluginName)
{
//Body must come above everything else because for a custom injection marker selection a new scanner object is created.
int SubParameterPosition = 0;
string ParameterName = "";
#region BodyInjectionPoints
if (BodyTypeNormalRB.Checked)
{
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanBodyTypeNormalGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectBody(ParameterName, SubParameterPosition);
}
}
}
else if (BodyTypeFormatPluginRB.Checked)
{
bool FormatPluginSelected = false;
bool FormatPluginInjectionPointSelected = false;
foreach (DataGridViewRow Row in FormatPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
NewScanner.BodyFormat = FormatPlugin.Get(Row.Cells[1].Value.ToString());
FormatPluginSelected = true;
break;
}
}
foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
FormatPluginInjectionPointSelected = true;
break;
}
}
if (FormatPluginSelected && FormatPluginInjectionPointSelected)
{
NewScanner.InjectionArrayXML = FormatXMLTB.Text;
NewScanner.XmlInjectionArray = new string[BodyTypeFormatPluginGrid.Rows.Count, 2];
NewScanner.BodyXmlInjectionParameters = new Parameters();
for (int i = 0; i < BodyTypeFormatPluginGrid.Rows.Count; i++)
{
NewScanner.XmlInjectionArray[i, 0] = BodyTypeFormatPluginGrid.Rows[i].Cells[1].Value.ToString();
NewScanner.XmlInjectionArray[i, 1] = BodyTypeFormatPluginGrid.Rows[i].Cells[2].Value.ToString();
NewScanner.BodyXmlInjectionParameters.Add(NewScanner.XmlInjectionArray[i, 0], NewScanner.XmlInjectionArray[i, 1]);
}
foreach (DataGridViewRow Row in this.BodyTypeFormatPluginGrid.Rows)
{
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectBody(Row.Index);
}
}
}
}
else if (BodyTypeCustomRB.Checked)
{
if (ScanBodyCB.Checked)
{
Request RequestToScanClone = RequestToScan.GetClone();
RequestToScanClone.BodyString = SetCustomInjectionPointsSTB.Text;
if (ScanJobMode)
{
NewScanner = new Scanner(RequestToScanClone);
}
else
{
NewScanner = new Fuzzer(RequestToScanClone);
this.Fuzz = (Fuzzer) NewScanner;
}
NewScanner.InjectBody(CurrentStartMarker, CurrentEndMarker);
lock (Scanner.UserSpecifiedEncodingRuleList)
{
Scanner.UserSpecifiedEncodingRuleList.Clear();
foreach (DataGridViewRow Row in CharacterEscapingGrid.Rows)
{
Scanner.UserSpecifiedEncodingRuleList.Add(new string[] { Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString() });
if ((bool)Row.Cells[0].Value)
NewScanner.AddEscapeRule(Row.Cells[1].Value.ToString(), Row.Cells[3].Value.ToString());
}
}
IronDB.StoreCharacterEscapingRules();
}
else
{
NewScanner.CustomInjectionPointStartMarker = "";
NewScanner.CustomInjectionPointEndMarker = "";
}
}
#endregion
#region UrlPathPartsInjectionPoints
for (int i = 0; i < this.ScanURLGrid.Rows.Count; i++)
{
if ((bool)this.ScanURLGrid.Rows[i].Cells[0].Value)
{
NewScanner.InjectUrl(i);
}
}
#endregion
#region QueryInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanQueryGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectQuery(ParameterName, SubParameterPosition);
}
}
#endregion
#region CookieInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanCookieGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectCookie(ParameterName, SubParameterPosition);
}
}
#endregion
#region HeaderInjectionPoints
SubParameterPosition = 0;
ParameterName = "";
foreach (DataGridViewRow Row in this.ScanHeadersGrid.Rows)
{
string CurrentParameterName = Row.Cells[1].Value.ToString();
if (ParameterName.Equals(CurrentParameterName))
{
SubParameterPosition++;
}
else
{
ParameterName = CurrentParameterName;
SubParameterPosition = 0;
}
if ((bool)Row.Cells[0].Value)
{
NewScanner.InjectHeaders(ParameterName, SubParameterPosition);
}
}
#endregion
#region ParameterNameInjectionPoints
if (ScanQueryParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Query");
}
if (ScanBodyParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Body");
}
if (ScanCookieParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Cookie");
}
if (ScanHeadersParameterNameCB.Checked)
{
NewScanner.InjectParameterName("Headers");
}
#endregion
#region SetSessionPlugin
SessionPluginName = SessionPluginsCombo.Text;
if (SessionPluginName.Length > 0)
{
NewScanner.SessionHandler = SessionPlugin.Get(SessionPluginName);
}
#endregion
#region SetChecks
if (this.ScanJobMode)
{
foreach (DataGridViewRow Row in ScanPluginsGrid.Rows)
{
if ((bool)Row.Cells[0].Value) NewScanner.AddCheck(Row.Cells[1].Value.ToString());
}
}
#endregion
return NewScanner;
}
static Scanner SetInjectionPoints(Scanner Scan)
{
if (ScanUrl) Scan.InjectUrl();
if (ScanQuery && SelectCheckQueryParameters && (SelectCheckQueryParametersPlus || SelectCheckQueryParametersMinus))
{
if (SelectCheckQueryParametersPlus)
{
foreach (string Name in Scan.OriginalRequest.Query.GetNames())
{
if (SelectQueryParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Query.GetAll(Name).Count; i++)
{
Scan.InjectQuery(Name, i);
}
}
}
}
else
{
foreach (string Name in Scan.OriginalRequest.Query.GetNames())
{
if (!DontSelectQueryParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Query.GetAll(Name).Count; i++)
{
Scan.InjectQuery(Name, i);
}
}
}
}
}
else
{
if (ScanQuery) Scan.InjectQuery();
}
if (Scan.BodyFormat.Name.Length > 0)
{
string Xml = Scan.BodyFormat.ToXmlFromRequest(Scan.OriginalRequest);
string[,] XmlArray = IronWASP.FormatPlugin.XmlToArray(Xml);
Scan.BodyXmlInjectionParameters = new Parameters();
for (int i = 0; i < XmlArray.GetLength(0); i++)
{
Scan.BodyXmlInjectionParameters.Add(XmlArray[i,0], XmlArray[i,1]);
}
}
if (ScanBody && SelectCheckBodyParameters && (SelectCheckBodyParametersPlus || SelectCheckBodyParametersMinus))
{
if (SelectCheckBodyParametersPlus)
{
if (Scan.BodyFormat.Name.Length == 0)
{
foreach (string Name in Scan.OriginalRequest.Body.GetNames())
{
if (SelectBodyParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Body.GetAll(Name).Count; i++)
{
Scan.InjectBody(Name, i);
}
}
}
}
else
{
int i = 0;
foreach (string Name in Scan.BodyXmlInjectionParameters.GetNames())
{
if (SelectBodyParameters.Contains(Name))
{
Scan.InjectBody(i);
}
i++;
}
}
}
else
{
if (Scan.BodyFormat.Name.Length == 0)
{
foreach (string Name in Scan.OriginalRequest.Body.GetNames())
{
if (!DontSelectBodyParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Body.GetAll(Name).Count; i++)
{
Scan.InjectBody(Name, i);
}
}
}
}
else
{
int i = 0;
foreach (string Name in Scan.BodyXmlInjectionParameters.GetNames())
{
if (!DontSelectBodyParameters.Contains(Name))
{
Scan.InjectBody(i);
}
i++;
}
}
}
}
else
{
if (ScanBody) Scan.InjectBody();
}
if (ScanCookie && SelectCheckCookieParameters && (SelectCheckCookieParametersPlus || SelectCheckCookieParametersMinus))
{
if (SelectCheckCookieParametersPlus)
{
foreach (string Name in Scan.OriginalRequest.Cookie.GetNames())
{
if (SelectCookieParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Cookie.GetAll(Name).Count; i++)
{
Scan.InjectCookie(Name, i);
}
}
}
}
else
{
foreach (string Name in Scan.OriginalRequest.Cookie.GetNames())
{
if (!DontSelectCookieParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Cookie.GetAll(Name).Count; i++)
{
Scan.InjectCookie(Name, i);
}
}
}
}
}
else
{
if (ScanCookie) Scan.InjectCookie();
}
if (ScanHeaders && SelectCheckHeadersParameters && (SelectCheckHeadersParametersPlus || SelectCheckHeadersParametersMinus))
{
if (SelectCheckHeadersParametersPlus)
{
foreach (string Name in Scan.OriginalRequest.Headers.GetNames())
{
if (SelectHeadersParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Headers.GetAll(Name).Count; i++)
{
Scan.InjectHeaders(Name, i);
}
}
}
}
else
{
foreach (string Name in Scan.OriginalRequest.Headers.GetNames())
{
if (!DontSelectHeadersParameters.Contains(Name))
{
for (int i = 0; i < Scan.OriginalRequest.Headers.GetAll(Name).Count; i++)
{
Scan.InjectHeaders(Name, i);
}
}
}
}
}
else
{
if (ScanHeaders) Scan.InjectHeaders();
}
return Scan;
}
static void DoScan()
{
Spider = new Crawler();
try
{
Spider.PrimaryHost = PrimaryHost;
Spider.BaseUrl = BaseUrl;
Spider.StartingUrl = StartingUrl;
Spider.PerformDirAndFileGuessing = PerformDirAndFileGuessing;
Spider.IncludeSubDomains = IncludeSubDomains;
Spider.HTTP = HTTP;
Spider.HTTPS = HTTPS;
Spider.UrlsToAvoid = UrlsToAvoid;
Spider.HostsToInclude = HostsToInclude;
Spider.SpecialHeader = SpecialHeader;
Spider.Start();
}
catch(Exception Exp)
{
IronException.Report("Error starting Crawler", Exp);
try
{
Stop();
}
catch { }
return;
}
ScanItemUniquenessChecker UniqueChecker = new ScanItemUniquenessChecker(CanPromptUser);
List<int> ScanIDs = new List<int>();
bool ScanActive = true;
List<string> ActivePlugins = ActivePlugin.List();
int TotalRequestsCrawled = 0;
int TotalScanJobsCreated = 0;
int TotalScanJobsCompleted = 0;
List<Request> ScannedRequests = new List<Request>();
int SleepCounter = 0;
while (ScanActive)
{
ScanActive = false;
List<Request> Requests = Spider.GetCrawledRequests();
if (Stopped) return;
if (Requests.Count > 0 || Spider.IsActive())
{
ScanActive = true;
if (CrawlAndScan)
{
TotalRequestsCrawled = TotalRequestsCrawled + Requests.Count;
//update the ui with the number of requests crawled
foreach (Request Req in Requests)
{
if (Stopped) return;
if (!CanScan(Req)) continue;
if (!UniqueChecker.IsUniqueToScan(Req, ScannedRequests, false)) continue;
try
{
Scanner S = new Scanner(Req);
foreach (string Check in Checks)
{
S.AddCheck(Check);
}
if (InjectQuery)
{
if (QueryWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (QueryWhiteList.Contains(Name)) S.InjectQuery(Name);
}
}
else if (QueryBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Query.GetNames())
{
if (!QueryBlackList.Contains(Name)) S.InjectQuery(Name);
}
}
else
{
S.InjectQuery();
}
}
if (InjectBody)
{
if (BodyWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (BodyWhiteList.Contains(Name)) S.InjectBody(Name);
}
}
else if (BodyBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Body.GetNames())
{
if (!BodyBlackList.Contains(Name)) S.InjectBody(Name);
}
}
else
{
S.InjectBody();
}
}
if (InjectCookie)
{
if (CookieWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (CookieWhiteList.Contains(Name)) S.InjectCookie(Name);
}
}
else if (CookieBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Cookie.GetNames())
{
if (!CookieBlackList.Contains(Name)) S.InjectCookie(Name);
}
}
else
{
S.InjectCookie();
}
}
if (InjectHeaders)
{
if (HeaderWhiteList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (HeaderWhiteList.Contains(Name)) S.InjectHeaders(Name);
}
}
else if (HeaderBlackList.Count > 0)
{
foreach (string Name in S.OriginalRequest.Headers.GetNames())
{
if (!HeaderBlackList.Contains(Name)) S.InjectHeaders(Name);
}
}
else
{
S.InjectHeaders();
}
}
if (InjectUrlPathParts)
{
if (S.OriginalRequest.Query.Count == 0 && S.OriginalRequest.File.Length == 0)
S.InjectUrl();
}
if (S.InjectionPointsCount == 0) continue;
TotalScanJobsCreated++;
if (Stopped) return;
int ScanID = S.LaunchScan();
if (Stopped)
{
Stop(true);
return;
}
if (ScanID > 0)
{
ScannedRequests.Add(Req);
ScanIDs.Add(ScanID);
}
}
catch(Exception Exp)
{
IronException.Report(string.Format("Error creating Scan Job with Request - {0}", Req.Url), Exp);
}
}
}
}
if (CrawlAndScan)
{
List<int> ScanIDsToRemove = new List<int>();
List<int> AbortedScanIDs = Scanner.GetAbortedScanIDs();
List<int> CompletedScanIDs = Scanner.GetCompletedScanIDs();
for (int i = 0; i < ScanIDs.Count; i++)
{
if (Stopped) return;
if (CompletedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
TotalScanJobsCompleted++;
}
else if (AbortedScanIDs.Contains(ScanIDs[i]))
{
ScanIDsToRemove.Add(i);
}
}
for (int i = 0; i < ScanIDsToRemove.Count; i++)
{
if (Stopped) return;
ScanIDs.RemoveAt(ScanIDsToRemove[i] - i);
}
}
if (ScanActive)
{
Thread.Sleep(2000);
}
else
{
if (ScanIDs.Count > 0)
{
ScanActive = true;
Thread.Sleep(5000);
}
else if (SleepCounter < 10)
{
ScanActive = true;
Thread.Sleep(2000);
SleepCounter = SleepCounter + 2;
}
}
if (Stopped) return;
IronUI.UpdateConsoleCrawledRequestsCount(TotalRequestsCrawled);
IronUI.UpdateConsoleScanJobsCreatedCount(TotalScanJobsCreated);
IronUI.UpdateConsoleScanJobsCompletedCount(TotalScanJobsCompleted);
}
if (Stopped) return;
Stop();
}