Class: Watobo::Modules::Active::Dotnet::Dotnet_files

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/dotNET/dotnet_files.rb

Overview

class Dir_indexing < Watobo::Mixin::Session

Constant Summary collapse

@@tested_directories = 
Hash.new

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, prefs = {}) ⇒ Dotnet_files

Returns a new instance of Dotnet_files.



47
48
49
50
51
52
53
54
55
 
# File 'modules/active/dotNET/dotnet_files.rb', line 47

def initialize(project, prefs={})
  super(project, prefs)
  
  @wnfs = []
  @wnfs << { :name => "Trace.axd", :pattern => "Trace\.axd.clear=1" }
  @wnfs << { :name => "elmah.axd", :pattern => "Error log for" }
  
  
end

Instance Method Details

#generateChecks(chat) ⇒ Object 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'modules/active/dotNET/dotnet_files.rb', line 61

def generateChecks(chat)
  
  begin
    path = chat.request.dir
    if !@@tested_directories.has_key?(path) then
      @@tested_directories[path] = true
      @wnfs.each do |wnf|
      checker = proc {
        begin
            test_request = nil
            test_response = nil
           
            test = chat.copyRequest
       
            test.replaceFileExt(wnf[:name])
             status, test_request, test_response = fileExists?(test)
       
      
      if status == true and test_response.has_body?
        if test_response.body =~ /#{wnf[:pattern]}/
          addFinding(  test_request, test_response,
            :test_item => "#{wnf[:name]}",
            :proof_pattern => "#{wnf[:pattern]}",
            :check_pattern => "#{Regexp.quote(wnf[:name])}",
            :chat => chat,
            :threat => "depends on the file ;)",
            :title => "[#{wnf[:name]}]"
            )
        end
        
      end
        rescue => bang
          puts bang
          puts bang.backtrace if $DEBUG
        end
       [ test_request, test_response ]
        
      }
      yield checker
    end
    end
  rescue => bang
    puts "!error in module #{Module.nesting[0].name}"
    puts bang
  end
end

#resetObject 



57
58
59
 
# File 'modules/active/dotNET/dotnet_files.rb', line 57

def reset()
  @@tested_directories.clear
end