static void RunSelfTest() { ServiceLocator.Default.Register(Config); var selfTestExe = PathHelper.GetExecutingPath("PhpVH.SelfTest.exe"); if (!File.Exists(selfTestExe)) { ScannerCli.DisplayCriticalMessageAndExit("Could not find self test EXE {0}.", selfTestExe); } AppDomain.CurrentDomain.ExecuteAssembly(selfTestExe); //ServiceLocator.Default.Resolve<List<TestResult>> }
public void CheckVersion() { try { WriteProbe(); var resp = RequestProbe(); var isVersion = false; if (resp != null) { isVersion = Regex.IsMatch(resp, @"^[0-9.]+$"); } if (isVersion) { Cli.WriteLine("PHP version ~Cyan~{0}~R~ detected", resp); if (_knownVersions.Contains(resp)) { Cli.WriteLine("~Green~Known PHP version~R~"); } else { Cli.WriteLine("~Yellow~Unknown PHP version; PhpVH may not work properly on untested versions~R~"); } } else if (resp == null) { if (ThrowOnFail) { throw new InvalidOperationException("No response from server"); } else { ScannerCli.DisplayCriticalMessageAndExit("~Red~No response from server; exiting~R~"); } } else { var maxRespLen = 60; if (resp.Length > maxRespLen) { resp = resp.Remove(maxRespLen); } if (ThrowOnFail) { throw new InvalidOperationException(string.Format("PHP version check failed~R~\r\nProbe response: {0}", resp)); } ScannerCli.DisplayCriticalMessageAndExit( "~Red~PHP version check failed~R~\r\nProbe response: {0}\r\nThis error generally occurs when the webroot is not properly configured.", maxRespLen); } } finally { DeleteProbe(); } }
public static ScanConfig Create(string[] args) { var config = new ScanConfig(); int argIndex = 0; for (int i = 0; i < args.Length; i++) { if (args[i] == "-s") { config.Server = args[i + 1]; i++; foreach (var a in config.ScanPlugins) { a.Server = config.Server; } } else if (args[i] == "-static") { config.StaticOnly = true; } else if (args[i] == "-t") { int timeout = 0; if (args.Length == i + 1 || !int.TryParse(args[i + 1], out timeout)) { ScannerCli.DisplayCriticalMessageAndExit("Error parsing timeout"); } i++; config.Timeout = timeout; } else if (args[i] == "-p") { int port; if (!int.TryParse(args[i + 1], out port)) { ScannerCli.DisplayCriticalMessageAndExit("Error parsing port"); } i++; config.Port = port; } else if (args[i] == "-l") { config.LauncherUsed = true; } else if (args[i] == "-n") { config.Unhook = false; } else if (args[i] == "-v") { config.RunViewer = true; } else if (args[i] == "-d") { config.DiscoveryReport = true; } else if (args[i] == "-c") { config.CodeCoverageReport = 1; } else if (args[i] == "-c2") { config.CodeCoverageReport = 2; } else if (args[i] == "-dump") { config.DumpMessages = true; } else if (args[i] == "-b") { config.BeepOnAlert = true; } else if (args[i] == "-log") { config.LogConsole = true; } else if (args[i] == "-test") { config.TestMode = true; } else if (args[i] == "-r") { config.Repair = true; } //else if (args[i] == "-h") // config.HookSuperglobals = true; else if (args[i] == "-l") { // Nothing } else if (args[i] == "-m") { var modes = args[i + 1]; i++; foreach (var c in modes) { ScanPluginBase scan = null; switch (c.ToString().ToLower()[0]) { case 'c': scan = new CommandScanPlugin(config.Server); break; case 'l': try { scan = new LocalFileInclusionScanPlugin(config.Server); } catch (UnauthorizedAccessException) { ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " + "PHP Vulnerability Hunter has administrative privileges."); } break; case 'f': scan = new FileScanPlugin(config.Server); break; case 'p': scan = new ArbitraryPhpScanPlugin(config.Server); break; case 's': scan = new SqlScanPlugin(config.Server); break; case 'd': scan = new DynamicScanPlugin(config.Server); break; case 'x': scan = new XssScanPlugin(config.Server); break; case 'i': scan = new FullPathDisclosureScanPlugin(config.Server); break; case 'r': scan = new OpenRedirectScanPlugin(config.Server); break; } if (scan == null) { ScannerCli.DisplayCriticalMessageAndExit("Invalid scan mode: " + c); } config.ScanPlugins.Add(scan); } } else { switch (argIndex) { case 0: config.WebRoot = args[i]; if (!Directory.Exists(config.WebRoot)) { ScannerCli.DisplayError(string.Format("Could not find directory {0}", config.WebRoot)); Environment.Exit(5); } break; case 1: if (args[i] == "*") { var dir = new DirectoryInfo(config.WebRoot); config.ApplicationPaths = dir.GetDirectories() .Select(x => x.Name) .ToArray(); } else { config.ApplicationPaths = args[i].Split(','); } break; } argIndex++; } } if (argIndex != 2) { ScannerCli.DisplayCriticalMessageAndExit("Invalid argument count"); } // Validate user input if (!Directory.Exists(config.WebRoot)) { ScannerCli.DisplayCriticalMessageAndExit("Web root {0} not found.", config.WebRoot); } if (config.ScanPlugins.Count == 0 && !config.Repair) { LocalFileInclusionScanPlugin lfi = null; try { lfi = new LocalFileInclusionScanPlugin(config.Server); } catch (UnauthorizedAccessException) { ScannerCli.DisplayCriticalMessageAndExit("Error writing LFI test file. Ensure that " + "PHP Vulnerability Hunter has administrative privileges."); } config._ScanPlugins = new List <ScanPluginBase>() { new CommandScanPlugin(config.Server), new FileScanPlugin(config.Server), lfi, new ArbitraryPhpScanPlugin(config.Server), new DynamicScanPlugin(config.Server), new SqlScanPlugin(config.Server), new XssScanPlugin(config.Server), new OpenRedirectScanPlugin(config.Server), new FullPathDisclosureScanPlugin(config.Server), }; } return(config); }