bscan 1.4.5 → 2.0.0

data/lib/bscan/utils/bscan_helper.rb

@@ -1,4 +1,28 @@
+require 'pathname'
+require 'java'
+require "socket"
+require "openssl"
+require "uri"
+
+
+
+class String
+  def camelize
+    self.split(/[^a-z0-9]/i).map{|w| w.capitalize}.join
+  end
+  def camelize!
+    self.replace(self.split(/[^a-z0-9]/i).map{|w| w.capitalize}.join)
+  end
+end
+
 module BscanHelper
+
+  attr_reader :modules_only
+  attr_reader :bscan_config
+  attr_accessor :stat
+  attr_accessor :activity
+
+
   class Issue
     attr_accessor :issue_name
     attr_accessor :url
@@ -23,11 +47,26 @@ module BscanHelper
         @req_str,@rsp_str = req,rsp
     end
   end
+  
+  def copy_vars from
+    from.instance_variables.each do |nm| 
+      self.instance_variable_set(nm, from.instance_variable_get(nm))
+#      puts "#{nm} => #{from.instance_variable_get(nm)}"
+    end
+  end
 
   def prop nm
       @prop_pref + nm   
   end
   
+  def get_par k,defv
+    p = @bscan_config[prop(k)] 
+    p = p.to_i if p and p.to_i.to_s == p
+    p = true if p == 'true' or p == 'yes'
+    p = false if p == 'false' or p == 'no'
+    p ? p:defv 
+  end
+  
   def search_path
       path = []
       path << File.expand_path('.') << File.expand_path(File.join('.','lib')) << File.expand_path(File.join('~','.bscan')) << File.expand_path(File.join('etc','bscan')) << $:
@@ -58,8 +97,8 @@ module BscanHelper
 
 
   def do_scan msg, trg, inj
-    @bscan.activity[0]=true
-    @bscan.Log 2, "#{@mid}do_scan Scanning: #{trg}"
+    @activity[0]=true
+    Log 2, "#{@mid}do_scan Scanning: #{trg}"
 #    msg.url = trg
     path = $1 if trg =~ /\/\/[^\/]+(\/.*)/
     path = '/' if (not path) or (path.length < 1)
@@ -84,24 +123,101 @@ module BscanHelper
       trg,host,port = get_url_host_port req,proto
       https = proto == "https" ? true : false
       start = Time.now   
-      @bscan.Log 2, "#{@mid}send_req make_req: '#{trg}' '#{host}' '#{port}'\n#{req}"
-      rsp = @bscan.make_request(host, port, https, req)
+      Log 2, "#{@mid}send_req make_req: '#{trg}' '#{host}' '#{port}'\n#{req}"
+#      rsp = @bscan.make_request(host, port, https, req)
+      rsp = make_request_socket host, port, https, req
       rt = Time.now - start
       return [rsp,rt,trg,host,port] 
     rescue Exception => e
-      @bscan.Log 0, "#{@mid}send_req Exception: #{e.message}"
-      @bscan.Log 0, e.backtrace.join("\n")
+      Log 0, "#{@mid}send_req Exception: #{e.message}"
+      Log 0, e.backtrace.join("\n")
     end 
    end
 
+  def make_request_socket host, port, https, req
+   begin
+      rsp = ''
+      s = TCPSocket.new(host, port)
+      Log 2, "#{@mid}make_request_socket new socket #{host} #{port} #{https}"
+      if (https)
+        ctx = OpenSSL::SSL::SSLContext.new
+        ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE 
+        s = OpenSSL::SSL::SSLSocket.new(s, ctx)
+        s.connect
+      end
+      s.syswrite(req)
+      Log 2, "#{@mid}make_request_socket write succeeded for  #{req}"
+      rsp = read_response_socket s
+      while ((u = redirect? rsp))
+        rsp = redirect u,req
+      end
+      Log 2, "#{@mid}make_request_socket read succeeded #{rsp}"
+    rescue Exception => e
+      Log 1, "#{@mid}make_request_socket failed: #{e.message}"
+      Log 1, e.backtrace.join("\n")
+    end
+    begin
+      s.close
+    rescue
+    end  
+    rsp
+  end
 
+  def redirect? req
+    if req =~ /^HTTP\/[^\s]+\s+3\d\d/i
+      return $1 if  req =~ /\nLocation\s*:\s*([^\r\n]+)\r?\n/i 
+    end 
+    nil
+  end
+  
+  def redirect u, req
+    uri = URI.parse(u)
+    proto = uri.scheme 
+    host = uri.host 
+    port = uri.port 
+    path = uri.path 
+    path += '?' + uri.query if uri.query 
+    make_request_socket host, port, ('https'==proto),
+      req.sub(/^(POST|GET)\s+\/[^\s]+/, "\\1 #{path}")
+  end
+  
+  
+  def msg_end rsp
+    rsp[-4..-1] == "\r\n\r\n" || rsp[-2..-1] == "\n\n"
+  end
+  
+  def read_response_socket s
+      rsp=''
+      begin
+        while (ch=s.sysread(1))
+          rsp += ch
+          break if msg_end rsp
+          if rsp =~ /Content-Length\s*:\s*(\d+)\r?\n$/i
+            len = $1.to_i
+            while (c=s.sysread(1))
+              rsp += c
+              if msg_end rsp
+                return rsp if len <= 0
+                rsp += s.sysread(len)
+                return rsp;
+              end
+            end  
+            break  
+          end
+        end
+      rescue Exception => e
+        Log 1, "#{@mid}read_response_socket failed: #{e.message}\nResponse:\n#{rsp}"
+        Log 1, e.backtrace.join("\n")
+      end      
+      rsp
+  end  
   
   def send_req req, proto, inj
       rsp,rt,trg,host,port = send_only req, proto, inj
       https = proto == "https" ? true : false
-      if not @bscan.modules_only
-        @bscan.Log 2, "#{@mid}send_req do_passive: '#{trg}' '#{host}' '#{port}'\n#{req}\n#{rsp}"
-        @bscan.do_passive_scan(host, port, https, req, rsp) 
+      if not @modules_only
+        Log 2, "#{@mid}send_req do_passive: '#{trg}' '#{host}' '#{port}'\n#{req}\n#{rsp}"
+        @burp.do_passive_scan(host, port, https, req, rsp) 
       end
       verify_response trg, req, rsp, inj, rt
   end
@@ -112,7 +228,7 @@ module BscanHelper
   
   def verify_response u, req, rsp, inj, time
    
-   @bscan.Log 2, "#{@mid}verify_response: #{u} #{inj} #{time} #{req} #{rsp}"
+   Log 2, "#{@mid}verify_response: #{u} #{inj} #{time} #{req} #{rsp}"
 
     st = $1 if rsp =~ /^\s*HTTP.*\s+(\d+)\s+/
     st ||= '0'
@@ -130,7 +246,184 @@ module BscanHelper
       issue = Issue.new "#{@mid.chop}: Possible XSS", u, "High", "Retest", req, rsp, "The following input has been replayed in a response #{inj}"
     end
     
-    @bscan.write_issue_state issue if issue
+    write_issue_state issue if issue
   end
   
+  def Log (mtype, *msgs)
+    pr = "Unknown:"
+    case mtype
+    when 0
+      pr = "ERROR:"
+    when 1
+      pr = "WARN:"
+    when 2
+      pr = "INFO:"
+    when 3
+      pr = "DEBUG:"
+    end  
+    msgs.each do |msg|
+      if (@ll >= mtype)
+        dt = Time.now.strftime("%y%m%d %H%M%S")
+        @log.println "#{dt} #{pr} #{msg}"
+      end
+    end
+    @log.flush
+  end
+  
+  def run_modules base, msg=nil
+    if @modules 
+      @modules.each do |m|
+        begin
+          mod,prop=m.split(':',2)
+          prop ||=''
+          mn = File.basename(mod,".rb")
+          is_static = is_module_static(mn,prop)
+          Log 2, "BscanHelper.run_modules executing module #{mod}:#{prop} #{is_static}"
+          mn.camelize!
+          if (is_static && !msg) || (!is_static && msg)
+            eval("
+  #           puts '=====================MODULE PATH: ' + $:.join(':') 
+              require '#{mod}'
+              require 'bscan/utils/bscan_helper.rb'
+              
+              class #{mn}#{prop}Class
+                include #{mn}
+                include BscanHelper
+              end
+              modins = #{mn}#{prop}Class.new
+              modins.copy_vars base if base
+              modins.run(self, msg, prop)
+              ")
+          end
+        rescue Exception => e
+          Log 1, "BscanHelper.run_modules Can't exceute module #{mod}, Exception: #{e.message}"
+          Log 1, e.backtrace.join("\n")
+        end
+      end
+    end
+  end    
+
+  def write_issue_state issue
+#   Log 2,"INSPECT: #{issue.http_messages[0].methods}  #{issue.http_messages[0].inspect}  #{issue.http_messages[0].to_s} "
+    
+    @stat['high'] += 1 if issue.severity =~ /High/i
+    @stat['med'] += 1 if issue.severity =~ /Med/i
+    @stat['low'] += 1 if issue.severity =~ /Low/i
+    @stat['urls'] += "  #{issue.url}\n"
+    
+    Log 2,"BscanHelper.write_issue_state #{not @istream} #{issue.http_messages[0].methods}  #{issue.http_messages[0].to_s} "
+    @istream or return
+    begin 
+      @istream.println '#'*70
+      @istream.println "#{issue.issue_name} : #{issue.url}"
+      @istream.println "Severity: #{issue.severity}(#{issue.confidence})"
+      @istream.println "Background: #{issue.issue_background}"
+      @istream.println "Details: #{issue.issue_detail}" 
+      @istream.println "Remediation: #{issue.remediation_background}"
+      @istream.println "Request: #{issue.http_messages[0].req_str}" 
+      @istream.println "Response: #{issue.http_messages[0].rsp_str}"
+      # sync_save_state issue throws exceptions
+      @istream.flush 
+    rescue Exception => e
+      Log 0, "BscanHelper.write_issue_state Can't write issue #{issue.issue_name}, Exception: #{e.message}"
+      Log 0,  e.backtrace.join("\n")
+    end
+  end
+
+  def log ll, stream
+    stream.puts if true 
+  end
+  
+  def add_multi map,k,v
+    if (map[k])
+      ov = map[k];
+      if (ov.kind_of?(Array))
+        map[k] << v
+      else 
+        map[k] = [ov,v]
+      end
+    else
+      map[k] = v  
+    end
+  end
+  
+  def init_stat
+    @stat ||= {}
+    @stat['start_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S")
+    @stat['end_time'] = ''
+    @stat['high'] = 0
+    @stat['med'] = 0
+    @stat['low'] = 0
+    @stat['issues'] = ''
+    @stat['urls'] = ''
+  end
+  
+  def init_internals  cmd_params
+    
+    init_stat
+    @activity ||= [false]
+
+#    @cmd_params ||= JSON.parse args[0]
+    @cmd_params ||= cmd_params
+    @ll =  @cmd_params['loglevel'].to_i
+
+    lfile = @cmd_params['logfile']
+    if lfile != nil
+        begin
+          @log = java.io.PrintStream.new(lfile)
+        rescue Exception => e
+          $stderr.puts("BscanHelper.init_internals  Error: can't open log file '#{lfile}', exception: #{e.message}")
+          $stderr.puts(e.backtrace.join("\n"))
+          Process.exit!(2)
+        end
+    else
+      @log = $stdout
+    end
+
+    Log 2, "BscanHelper.init_internals CMD_PARAMS: #{@cmd_params}"
+    @cmd_params.each_pair do |k,v|
+      Log 2,"BscanHelper.init_internals #{k}:#{v}"
+    end
+    
+    @bscan_config = @cmd_params['bscan_config']
+    @burp_config = @cmd_params['burp_config']
+    @issues = @bscan_config['bscan.issues']
+    @modules_only = (@bscan_config['bscan.modules_only'] and @bscan_config['bscan.modules_only'] == 'true') 
+    @modules ||= @bscan_config['bscan.modules']
+    @modules ||= [] if not @modules
+    @modules = [@modules] if not @modules.kind_of?(Array)
+    mods = []
+    @modules.each do |m|
+      mods << m.split(',')
+    end
+    @modules = mods.flatten 
+     
+      
+    Log 1, "BscanHelper.init_internals No issues dir provided. Issues will not be logged." if not @issues
+    if (@issues)
+      begin 
+        dt = Time.now.strftime("%y%m%d_%H%M%S")
+        File.directory? @issues or %x{mkdir -p "#{@issues}"}
+        @sstream = "#{@issues}/session.#{dt}.zip"
+        ifile = "#{@issues}/issues.#{dt}.txt"
+        @istream = java.io.PrintStream.new(ifile)
+        @stat['issues'] = ifile
+      rescue Exception => e
+        Log 0, "BscanHelper.init_internals Can't create issues or session files, Exception: #{e.message}"
+        Log 0,  e.backtrace.join("\n")
+        exit_suite
+      end
+    end
+    
+  end
+
+  def is_module_static n,p
+    pref = 'bscan.' + n + '.'
+    pref += p + '.' if p and p.length > 0
+    @bscan_config[pref + 'static_request'] == 'true'  
+  end
+  
+  
+
+
 end

data/release_notes.txt

@@ -1,3 +1,8 @@
+== 2.0.0
+Two major improvements:
+* Modules with static requests do not require Burp or Buby anymore
+* Slow server writes have been added to slowloris (see delay_on_write)
+
 == 1.4.5
 * Mailer added to send scan status and detailed reports over SMTP
 * Issues are logged with Java's PrintStream

data/test.sh

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-jruby -J-Xmx1024M -J-Djava.awt.headless=true bin/bscan -c samples/config/conf2 -L 2 -l bscan.log
+jruby -J-Xmx1024m -J-Djava.awt.headless=true bin/bscan -c samples/config/conf2 -L 2 -l bscan.log

metadata

@@ -2,14 +2,14 @@
 name: bscan
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 1.4.5
+  version: 2.0.0
 platform: ruby
 authors:
 - Oleg Gryb (ogryb)
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-08-15 00:00:00.000000000 Z
+date: 2012-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: buby