Class: Watobo::Modules::Active::Discovery::Http_methods

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/discovery/http_methods.rb

Constant Summary collapse

@@tested_directories =
[]

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, prefs = {}) ⇒ Http_methods

Returns a new instance of Http_methods.


46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'modules/active/discovery/http_methods.rb', line 46

def initialize(project, prefs={})
  @project = project
  super(project, prefs)
  
  
  @dummy_element = "WATOBO"
  
  @not_allowed_response = [ "UNAUTHORIZED", "NOT IMPLEMENTED", "NOT ALLOWED", "NOT SUPPORTED", "FORBIDDEN", "BAD REQUEST", "302"]
  
  @test_methods = %w[ PROPFIND PROPPATCH COPY UNLOCK MKCOL ] + # web_dav_methods - DELETE is too dangerous here
                %w[ OPTIONS TRACE ]+ # common but unwanted methods
                %w[ TRACK DEBUG ] +             # IIS methods 
                %w[ CHECKOUT SHOWMETHOD LINK CHECKIN TEXTSEARCH SPACEJUMP SEARCH REPLY]+ # http://www.w3.org/Protocols/HTTP/Methods.html
                %w[ VERSION_CONTROL CHECKIN UNCHECKOUT PATCH ] # eclipse_methods
  @test_methods = %w[ TRACE ]
end

Instance Method Details

#generateChecks(chat) ⇒ Object


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# File 'modules/active/discovery/http_methods.rb', line 67

def generateChecks(chat)
  
  begin
     unless @@tested_directories.include?(chat.request.dir) then
      @@tested_directories.push chat.request.dir
      @test_methods.each do |method|
        #sleep(1)
        checker = proc{
        begin
          result = nil
          test_request = nil
          test_response = nil
          test_method = "#{method}"
          # !!! ATTENTION !!!
          # MAKE COPY BEFORE MODIFIYING REQUEST 
         
          test_request = chat.copyRequest
         
          test_request.replaceMethod(test_method)
         
          result_request, result_response = doRequest(test_request, :default => true)
          is_vuln = true
          if result_response.status then                      
            @not_allowed_response.each do |nar|
              if result_response.status =~ /#{nar}/i then 
                is_vuln = false                        
              end
            end
            
            if is_vuln == true then
              addFinding( result_request, result_response,
                         :check_pattern => "#{test_method}",
              :proof_pattern => "#{result_response.status}",
              :test_item => chat.request.dir,
              :chat => chat,
              :title => "#{test_method}"
              #:debug => true
              )
            end
          end
          result = [ result_request, result_response ] 
        rescue => bang
          puts bang
          puts bang.backtrace if $DEBUG
          result = [ nil, nil ]
          end
          result
        }
        yield checker
      end    
      
      
    end
    
  end            
rescue => bang
  
  puts "ERROR!! #{Module.nesting[0].name} "
  puts "chatid: #{chat.id}"
  puts bang
  puts 
  
end

#resetObject


63
64
65
# File 'modules/active/discovery/http_methods.rb', line 63

def reset()
  @@tested_directories.clear
end