Class: Watobo::Plugin::Catalog::Check

Inherits:
ActiveCheck
  • Object
show all
Defined in:
plugins/catalog/catalog.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project) ⇒ Check

Returns a new instance of Check.


154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# File 'plugins/catalog/catalog.rb', line 154

def initialize(project)
  super(project, project.getScanPreferences())

 

  @path = nil

  @dbvars = Hash.new

  @catalog_checks = []

  @db_files = %w( db_tests )
  @var_files = %w( db_variables )

  @threat_list = [ "File Upload", "Interesting File", "Misconfiguration", "Information Disclosure", "Injection (XSS/Script/HTML)",
    "Remote File Retrieval", "Denial of Service", "Remote File Retrieval", "Command Execution", "SQL Injection",
    "Authentication Bypass", "Software Identification", "Remote source inclusion" ]

end

Instance Attribute Details

#db_files=(value) ⇒ Object (writeonly)

Sets the attribute db_files

Parameters:

  • value

    the value to set the attribute db_files to.


48
49
50
# File 'plugins/catalog/catalog.rb', line 48

def db_files=(value)
  @db_files = value
end

#path=(value) ⇒ Object (writeonly)

Sets the attribute path

Parameters:

  • value

    the value to set the attribute path to.


50
51
52
# File 'plugins/catalog/catalog.rb', line 50

def path=(value)
  @path = value
end

#var_files=(value) ⇒ Object (writeonly)

Sets the attribute var_files

Parameters:

  • value

    the value to set the attribute var_files to.


49
50
51
# File 'plugins/catalog/catalog.rb', line 49

def var_files=(value)
  @var_files = value
end

Instance Method Details

#generateChecks(chat) ⇒ Object


178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# File 'plugins/catalog/catalog.rb', line 178

def generateChecks(chat)
  begin
    loadChecks(@path) do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers|

      checker = proc {
        test_request = nil
        test_response = nil
       
        test = chat.copyRequest
        test.replaceFileExt(uri.gsub(/^\//,''))

        if method !~ /get/i then
          test.replaceMethod(method)
        end

        if method =~ /post/i then
          test.addHeader("Content-Length", "0")
        end
                       
        status, test_request, test_response = fileExists?(test, :default => true)
       
        
        unless test_request.nil? or test_response.nil? then
          test_result = false
          response = test_response.join
          if status == true
            
            if ( (match.empty? and or_match.empty?) or ( match != "" and response =~ /#{Regexp.quote(match)}/i) or ( or_match != "" and response =~ /#{Regexp.quote(or_match)}/i )) then
              test_result = true
              if and_match != "" then
                test_result = false
                test_result = true if response =~ /#{Regexp.quote(and_match)}/i

              end
            end
            test_result = false if fail != "" and response =~ /#{Regexp.quote(fail)}/i
            test_result = false if or_fail != "" and response =~ /#{Regexp.quote(or_fail)}/i

            if test_result then
              path = test_request.path
              addFinding(  test_request, test_response,
              :test_item => uri,
              :proof_pattern => "#{Regexp.quote(match)}",
              :check_pattern => "#{Regexp.quote(uri)}",
              :chat => chat,
              :threat => "#{summary}",
              :title => "[#{uri}] - #{path}"

              )
            end
          end
        end
        [ test_request, test_response ]
      }
      yield checker
    end
  rescue => bang
    puts "!error in module #{Module.nesting[0].name}"
    puts bang
  end
end

#loadChecks(path) ⇒ Object


118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# File 'plugins/catalog/catalog.rb', line 118

def loadChecks(path)
  begin
    puts "=== Initialize Catalog Scanner ==="
    loadVars(path)
    loadDBFiles(path)
    # setup regex
    dummy = []
    pattern = nil
    count = 0
    @dbvars.each_key do |k| dummy << k; end
    pattern = "(#{dummy.join("|")})" if dummy.length > 0
    @catalog_checks.each do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers|

      if pattern and uri =~ /(#{pattern})/
        key = $1
        @dbvars[key].each do |v|
            new_uri = uri.gsub(/#{key}/, v)
            if new_uri =~ /#{pattern}/
              @catalog_checks << [ dbid, osvdb, threat, new_uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers ]
            else
              yield dbid, osvdb, threat, new_uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers
            end
      
        end
      else
        yield dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers
      end
    end
  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#loadDBFiles(path, *opts) ⇒ Object


93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# File 'plugins/catalog/catalog.rb', line 93

def loadDBFiles(path, *opts)
  dbpath = Dir.getwd
  dbpath = path if not path.nil?
  @catalog_checks.clear

  @db_files.each do |file|
    # puts "* loading db file #{file}.."
    fname = File.join( dbpath, file)
    if File.exists?(fname)
      File.open(fname) { |fh|
        fh.each do |line|
          next if line.strip =~ /^#/                  
          fields = line.split("\",")
          fields.map!{ |f| f.gsub!(/^"/,'') }
          fields.first.gsub!(/^\"/,"")
          fields.last.gsub!(/\"?/,"")
          @catalog_checks.push fields
        end
      }
      else
      puts "* file (#{fname}) does not exist. Please check path and name."
    end
  end
end

#loadVars(path) ⇒ Object


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'plugins/catalog/catalog.rb', line 67

def loadVars(path)
  dbpath = Dir.getwd
  dbpath = path if not path.nil?
  @dbvars.clear
  @var_files.each do |file|
    # puts "* loading var-file #{file}"
    fname = File.join( dbpath, file)
    if File.exists?(fname)
      File.open(fname) { |fh|
        fh.each do |line|
          if line.strip =~ /^[^#]/ and line =~ /=/
            key,vars = line.split("=")
            key.strip!

            @dbvars[key] = vars.strip.split(" ")
          end
        end
      }
    else
      puts "* file (#{fname}) does not exist. Please check path and name."
    end
    # puts "* db vars total: #{@dbvars.length}"
  end
  @dbvars["@RFIURL"] = [ "http://cirt.net/rfiinc.txt" ] unless @dbvars.has_key? "@RFIURL"
end

#resetObject


174
175
176
# File 'plugins/catalog/catalog.rb', line 174

def reset()
  @catalog_checks.clear
end