Class: Watobo::Modules::Active::Discovery::Fileextensions

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/discovery/fileextensions.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(session_name = nil, prefs = {}) ⇒ Fileextensions

Returns a new instance of Fileextensions.



46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'modules/active/discovery/fileextensions.rb', line 46

def initialize(session_name=nil, prefs={})
#  @project = project
  super(session_name, prefs)
  
 
  
  
  #  @tested_directories = Hash.new
  @fext = %w( php asp aspx jsp cfm shtm htm html shml )
  @prefixes = [ "", "~", "_"]
  @suffixes = [ "tmp", "bak", "tgz", "tar.gz", "tar", "gz", "zip", "bz2", "old"]
end

Instance Method Details

#generateChecks(chat) ⇒ Object 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'modules/active/discovery/fileextensions.rb', line 63

def generateChecks(chat)
  
  begin
    file = chat.request.file
    #e = dummy.split('?').first
    
    if file != "" and file =~ /\.(#{@fext.join("|")})$/ then
   
      @prefixes.each do |pref|
        @suffixes.each do |suf|
          
          #sleep(1)
          checker = proc{
            test_request = nil
            test_response = nil
            new_file = pref + file.gsub(/\.\w{1,4}$/, ".#{suf}")
          #  puts new_file
            # !!! ATTENTION !!!
            # MAKE COPY BEFORE MODIFIYING REQUEST 
            test_request = chat.copyRequest
            
            test_request.replaceFileExt(new_file)
            # result_request, result_response = doRequest(test_request, :default => true)
            #   puts test_request.first
            
            status, test_request, test_response = fileExists?(test_request, :default => true)
            # puts new_e + " : " + test_response.status
            if status == true then                     
              puts "GOTCHA - #{self.class}!!!\n+ #{test_request.first}\n"
              #test_chat = Chat.new(test_request, test_response, chat.id)
              addFinding( test_request, test_response,
                         :check_pattern => "#{new_file}",
                         :test_item => file,
              :proof_pattern => "#{test_response.status}",
              :chat => chat,
              :title => "#{new_file}"
              #:debug => true
              )                        
            end
            [ test_request, test_response ] 
          }
          yield checker
          
          checker = proc{
            test_request = nil
            test_response = nil
            new_file = pref + file + ".#{suf}"
            
            # !!! ATTENTION !!!
            # MAKE COPY BEFORE MODIFIYING REQUEST 
            test_request = chat.copyRequest
            
            test_request.replaceFileExt(new_file)
            # result_request, result_response = doRequest(test_request, :default => true)
            
            
            status, test_request, test_response = fileExists?(test_request, :default => true)
            # puts new_e + " : " + test_response.status
            
            if status == true then                     
              #  puts "\n+ #{test_request.first}\n"
             # test_chat = Chat.new(test_request, test_response, chat.id)
              addFinding( test_request, test_response,
                         :check_pattern => "#{new_file}",
                         :test_item => file,
              :proof_pattern => "#{test_response.status}",
              :chat => chat,
              :title => "#{new_file}"
              #:debug => true
              )                        
            end
            [ test_request, test_response ] 
          }
          yield checker
          
        end    
      end      
    end
  rescue => bang
    
    puts "ERROR!! #{Module.nesting[0].name} "
    puts "chatid: #{chat.id}"
    puts bang
    puts 
    
  end
end

#resetObject 



59
60
61
 
# File 'modules/active/discovery/fileextensions.rb', line 59

def reset()
  
end