bscan 2.0.1 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CONFIG.rdoc +6 -1
- data/README.rdoc +37 -36
- data/Rakefile +13 -1
- data/VERSION +1 -1
- data/bin/bscan +24 -6
- data/java/bin/bscan.jar +0 -0
- data/java/bin/burp/BurpExtender.class +0 -0
- data/java/build.sh +10 -0
- data/java/lib/jruby.jar +0 -0
- data/java/src/burp/BurpExtender.java +146 -0
- data/lib/bscan.jar +0 -0
- data/lib/bscan.rb +191 -48
- data/lib/bscan/modules/injector.rb +25 -9
- data/lib/bscan/modules/jboss_vulns.rb +10 -0
- data/lib/bscan/modules/kill_apache.rb +10 -0
- data/lib/bscan/modules/many_threads.rb +10 -0
- data/lib/bscan/modules/slowloris.rb +10 -0
- data/lib/bscan/utils/bscan_helper.rb +162 -10
- data/lib/bscan/utils/mailer.rb +11 -0
- data/lib/burp.jar +0 -0
- data/release_notes.txt +8 -0
- data/samples/config/burp.conf +13 -0
- data/test/bscan_test.rb +12 -0
- metadata +20 -32
@@ -1,5 +1,15 @@
|
|
1
1
|
require 'bscan/utils/bscan_helper.rb'
|
2
2
|
|
3
|
+
=begin
|
4
|
+
Copyright (c) 2015, Oleg Gryb
|
5
|
+
All rights reserved.
|
6
|
+
|
7
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
8
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
9
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
10
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
11
|
+
=end
|
12
|
+
|
3
13
|
module Injector
|
4
14
|
|
5
15
|
COMMENT_START='# '
|
@@ -13,13 +23,18 @@ module Injector
|
|
13
23
|
@prop_pref += args[2] + '.' if args[2] && args[2].length > 0
|
14
24
|
@mid = args[2]?"Injector.#{args[2]}.":'Injector.'
|
15
25
|
msg = args[1]
|
16
|
-
|
26
|
+
|
17
27
|
if not msg
|
18
28
|
inject_to_pattern
|
19
29
|
return
|
20
30
|
end
|
21
31
|
|
22
|
-
|
32
|
+
msg_info = @burp_cb.getHelpers().analyzeRequest(msg)
|
33
|
+
msg_body = msg.getRequest()[msg_info.getBodyOffset()..-1]
|
34
|
+
msg_hdrs = msg_info.getHeaders()
|
35
|
+
msg_url = msg_info.getUrl().toString()
|
36
|
+
|
37
|
+
url = msg_url.dup.to_s
|
23
38
|
Log 2, "#{@mid}run for #{url}"
|
24
39
|
begin
|
25
40
|
if (url =~ /([^?]+)\?(.+)/)
|
@@ -48,7 +63,7 @@ module Injector
|
|
48
63
|
injs.close
|
49
64
|
end
|
50
65
|
|
51
|
-
inject_to_body
|
66
|
+
inject_to_body(msg, msg_hdrs) if @config['bscan.injector.one.inject_to_body'] == 'true'
|
52
67
|
|
53
68
|
rescue Exception => e
|
54
69
|
Log 0, "#{@mid}run Exception: #{e.message}"
|
@@ -69,6 +84,7 @@ module Injector
|
|
69
84
|
file = open_in_path(f)
|
70
85
|
req = file.read
|
71
86
|
req.gsub!(/\^M\n/,"\r\n")
|
87
|
+
replace_params(req)
|
72
88
|
file.close
|
73
89
|
|
74
90
|
injs = open_in_path(@config[prop('file')])
|
@@ -97,10 +113,10 @@ module Injector
|
|
97
113
|
|
98
114
|
end
|
99
115
|
|
100
|
-
def inject_to_body msg
|
116
|
+
def inject_to_body msg,msg_hdrs
|
101
117
|
scanf = false
|
102
|
-
Log 2, "#{@mid}inject_to_body req: #{msg.
|
103
|
-
|
118
|
+
Log 2, "#{@mid}inject_to_body req: #{msg.getRequest()}"
|
119
|
+
msg_hdrs.each do |a|
|
104
120
|
Log 2, "#{@mid}inject_to_body hdr: #{a[0]} #{a[1]}"
|
105
121
|
if a.size > 1 and a[0] =~ /content-type/i and a[1] =~ /application\/x-www-form-urlencoded/i
|
106
122
|
scanf = true
|
@@ -108,7 +124,7 @@ module Injector
|
|
108
124
|
end
|
109
125
|
end
|
110
126
|
return if not scanf
|
111
|
-
m=msg.
|
127
|
+
m=msg.getRequest().match(/\r?\n\r?\n/)
|
112
128
|
return if m.size < 1
|
113
129
|
start_pos = m.end(0)
|
114
130
|
|
@@ -119,8 +135,8 @@ module Injector
|
|
119
135
|
next if (l =~ /^#{COMMENT_START}/ or l.length < 1)
|
120
136
|
Log 2, "#{@mid}inject_to_body injecting: #{l}"
|
121
137
|
pos=start_pos
|
122
|
-
while (m=msg.
|
123
|
-
req = msg.
|
138
|
+
while (m=msg.getRequest().match(/([^=]+)=([^=]+)/,pos))
|
139
|
+
req = msg.getRequest()[0..m.begin(2)-1] + l + msg.getRequest()[m.end(2)..-1]
|
124
140
|
req.sub!(/content-length\s*:\s*\d+/i, "Content-Length: "+(req.length-start_pos).to_s)
|
125
141
|
Log 2, "#{@mid}inject_to_body #{pos} #{req}"
|
126
142
|
@activity[0]=true
|
@@ -1,5 +1,15 @@
|
|
1
1
|
require 'bscan/utils/bscan_helper.rb'
|
2
2
|
|
3
|
+
=begin
|
4
|
+
Copyright (c) 2015, Oleg Gryb
|
5
|
+
All rights reserved.
|
6
|
+
|
7
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
8
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
9
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
10
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
11
|
+
=end
|
12
|
+
|
3
13
|
module JbossVulns
|
4
14
|
|
5
15
|
def run *args
|
@@ -5,6 +5,16 @@ require "timeout"
|
|
5
5
|
|
6
6
|
require 'bscan/utils/bscan_helper.rb'
|
7
7
|
|
8
|
+
=begin
|
9
|
+
Copyright (c) 2015, Oleg Gryb
|
10
|
+
All rights reserved.
|
11
|
+
|
12
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
13
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
14
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
15
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
16
|
+
=end
|
17
|
+
|
8
18
|
module KillApache
|
9
19
|
def run *args
|
10
20
|
@config ||= @bscan_config
|
@@ -1,5 +1,15 @@
|
|
1
1
|
require 'bscan/utils/bscan_helper.rb'
|
2
2
|
|
3
|
+
=begin
|
4
|
+
Copyright (c) 2015, Oleg Gryb
|
5
|
+
All rights reserved.
|
6
|
+
|
7
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
8
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
9
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
10
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
11
|
+
=end
|
12
|
+
|
3
13
|
module ManyThreads
|
4
14
|
|
5
15
|
def run *args
|
@@ -5,6 +5,16 @@ require "openssl"
|
|
5
5
|
|
6
6
|
require 'bscan/utils/bscan_helper.rb'
|
7
7
|
|
8
|
+
=begin
|
9
|
+
Copyright (c) 2015, Oleg Gryb
|
10
|
+
All rights reserved.
|
11
|
+
|
12
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
13
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
14
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
15
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
16
|
+
=end
|
17
|
+
|
8
18
|
module Slowloris
|
9
19
|
|
10
20
|
def run *args
|
@@ -5,7 +5,16 @@ require "openssl"
|
|
5
5
|
require "uri"
|
6
6
|
|
7
7
|
|
8
|
-
|
8
|
+
=begin
|
9
|
+
Copyright (c) 2015, Oleg Gryb
|
10
|
+
All rights reserved.
|
11
|
+
|
12
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
13
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
14
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
15
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
16
|
+
=end
|
17
|
+
|
9
18
|
class String
|
10
19
|
def camelize
|
11
20
|
self.split(/[^a-z0-9]/i).map{|w| w.capitalize}.join
|
@@ -18,6 +27,8 @@ end
|
|
18
27
|
module BscanHelper
|
19
28
|
|
20
29
|
attr_reader :modules_only
|
30
|
+
attr_reader :url_prefs
|
31
|
+
attr_reader :run_proxy
|
21
32
|
attr_reader :bscan_config
|
22
33
|
attr_accessor :stat
|
23
34
|
attr_accessor :activity
|
@@ -48,6 +59,10 @@ module BscanHelper
|
|
48
59
|
end
|
49
60
|
end
|
50
61
|
|
62
|
+
def get_bool_prop nm
|
63
|
+
@bscan_config[nm] == 'true' or @bscan_config[nm] == 'yes'
|
64
|
+
end
|
65
|
+
|
51
66
|
def copy_vars from
|
52
67
|
from.instance_variables.each do |nm|
|
53
68
|
self.instance_variable_set(nm, from.instance_variable_get(nm))
|
@@ -59,6 +74,18 @@ module BscanHelper
|
|
59
74
|
@prop_pref + nm
|
60
75
|
end
|
61
76
|
|
77
|
+
def get_action
|
78
|
+
actions = @bscan_config['bscan.action']
|
79
|
+
actions = [actions] if not actions.kind_of?(Array)
|
80
|
+
actions
|
81
|
+
end
|
82
|
+
|
83
|
+
def get_action_params
|
84
|
+
params = @bscan_config['bscan.action_params']
|
85
|
+
params = [params] if not params.kind_of?(Array)
|
86
|
+
params
|
87
|
+
end
|
88
|
+
|
62
89
|
def get_par k,defv,str=false
|
63
90
|
p = @bscan_config[prop(k)]
|
64
91
|
p = p.to_i if !str && p && p.to_i.to_s == p
|
@@ -102,7 +129,7 @@ module BscanHelper
|
|
102
129
|
# msg.url = trg
|
103
130
|
path = $1 if trg =~ /\/\/[^\/]+(\/.*)/
|
104
131
|
path = '/' if (not path) or (path.length < 1)
|
105
|
-
req = msg.
|
132
|
+
req = msg.getRequest().to_s.sub(/(POST|GET|DELETE|PUT|TRACE|HEAD)\s*(.+)\s*HTTP/, "\\1 #{path} HTTP")
|
106
133
|
|
107
134
|
send_req req, msg.getProtocol, inj
|
108
135
|
|
@@ -114,13 +141,24 @@ module BscanHelper
|
|
114
141
|
port = '80' if proto == 'http'
|
115
142
|
port = '443' if proto == 'https'
|
116
143
|
end
|
117
|
-
path = $2 if req =~/(GET|
|
144
|
+
path = $2 if req =~/(POST|GET|DELETE|PUT|TRACE|HEAD)\s+(.+)\s+HTTP/
|
118
145
|
["#{proto}://#{host}:#{port}"+path,host,port.to_i]
|
119
146
|
end
|
147
|
+
|
148
|
+
def excluded? u
|
149
|
+
exts = @burp_config['target.hideextensionsitems']
|
150
|
+
if exts
|
151
|
+
exts.split(',').each do |ex|
|
152
|
+
return true if u =~ /.*\.#{ex}$/i
|
153
|
+
end
|
154
|
+
end
|
155
|
+
false
|
156
|
+
end
|
120
157
|
|
121
158
|
def send_only req, proto, inj
|
122
159
|
begin
|
123
160
|
trg,host,port = get_url_host_port req,proto
|
161
|
+
return nil if excluded? trg
|
124
162
|
https = proto == "https" ? true : false
|
125
163
|
start = Time.now
|
126
164
|
Log 2, "#{@mid}send_req make_req: '#{trg}' '#{host}' '#{port}'\n#{req}"
|
@@ -178,7 +216,7 @@ module BscanHelper
|
|
178
216
|
path = uri.path
|
179
217
|
path += '?' + uri.query if uri.query
|
180
218
|
make_request_socket host, port, ('https'==proto),
|
181
|
-
req.sub(/^(POST|GET)\s+\/[^\s]+/, "\\1 #{path}")
|
219
|
+
req.sub(/^(POST|GET|DELETE|PUT|TRACE|HEAD)\s+\/[^\s]+/, "\\1 #{path}")
|
182
220
|
end
|
183
221
|
|
184
222
|
|
@@ -214,6 +252,7 @@ module BscanHelper
|
|
214
252
|
|
215
253
|
def send_req req, proto, inj
|
216
254
|
rsp,rt,trg,host,port = send_only req, proto, inj
|
255
|
+
return if not rsp
|
217
256
|
https = proto == "https" ? true : false
|
218
257
|
if not @modules_only
|
219
258
|
Log 2, "#{@mid}send_req do_passive: '#{trg}' '#{host}' '#{port}'\n#{req}\n#{rsp}"
|
@@ -242,7 +281,7 @@ module BscanHelper
|
|
242
281
|
if (mt and mt > 0 and time > mt)
|
243
282
|
issue = Issue.new "#{@mid.chop}: Long Response Time", u, "Medium", "Retest", req, rsp, "Response time is longer that #{mt}"
|
244
283
|
end
|
245
|
-
if (rsp =~ /#{esc(inj)}/ and @config[prop('check_replay')]=='true')
|
284
|
+
if (rsp =~ /#{esc(inj)}/ and @config[prop('check_replay')]=='true') and inj.size >= 5 and inj =~ /[<>]/
|
246
285
|
issue = Issue.new "#{@mid.chop}: Possible XSS", u, "High", "Retest", req, rsp, "The following input has been replayed in a response #{inj}"
|
247
286
|
end
|
248
287
|
|
@@ -302,6 +341,21 @@ module BscanHelper
|
|
302
341
|
end
|
303
342
|
end
|
304
343
|
end
|
344
|
+
|
345
|
+
def get_rr obj, method
|
346
|
+
if obj.respond_to? method
|
347
|
+
obj.send(method)
|
348
|
+
else
|
349
|
+
case method
|
350
|
+
when 'req_str'
|
351
|
+
obj.getRequest().to_s
|
352
|
+
when 'rsp_str'
|
353
|
+
obj.getResponse().to_s
|
354
|
+
else
|
355
|
+
'ERROR: METHOD NOT DEFINED'
|
356
|
+
end
|
357
|
+
end
|
358
|
+
end
|
305
359
|
|
306
360
|
def write_issue_state issue
|
307
361
|
# Log 2,"INSPECT: #{issue.http_messages[0].methods} #{issue.http_messages[0].inspect} #{issue.http_messages[0].to_s} "
|
@@ -311,7 +365,7 @@ module BscanHelper
|
|
311
365
|
@stat['low'] += 1 if issue.severity =~ /Low/i
|
312
366
|
@stat['urls'] += " #{issue.url}\n"
|
313
367
|
|
314
|
-
Log 2,"BscanHelper.write_issue_state #{not @istream} #{issue.http_messages[0].methods} #{issue.http_messages[0].
|
368
|
+
Log 2,"BscanHelper.write_issue_state #{not @istream} #{issue.http_messages[0].methods} #{get_rr(issue.http_messages[0],'req_str')} #{get_rr(issue.http_messages[0],'rsp_str')}"
|
315
369
|
@istream or return
|
316
370
|
begin
|
317
371
|
@istream.println '#'*70
|
@@ -320,8 +374,8 @@ module BscanHelper
|
|
320
374
|
@istream.println "Background: #{issue.issue_background}"
|
321
375
|
@istream.println "Details: #{issue.issue_detail}"
|
322
376
|
@istream.println "Remediation: #{issue.remediation_background}"
|
323
|
-
@istream.println "Request: #{issue.http_messages[0]
|
324
|
-
@istream.println "Response: #{issue.http_messages[0]
|
377
|
+
@istream.println "Request: #{get_rr(issue.http_messages[0],'req_str')}"
|
378
|
+
@istream.println "Response: #{get_rr(issue.http_messages[0],'rsp_str')}"
|
325
379
|
# sync_save_state issue throws exceptions
|
326
380
|
@istream.flush
|
327
381
|
rescue Exception => e
|
@@ -377,7 +431,7 @@ module BscanHelper
|
|
377
431
|
Process.exit!(2)
|
378
432
|
end
|
379
433
|
else
|
380
|
-
@log =
|
434
|
+
@log = java.lang.System.out
|
381
435
|
end
|
382
436
|
|
383
437
|
Log 2, "BscanHelper.init_internals CMD_PARAMS: #{@cmd_params}"
|
@@ -385,10 +439,14 @@ module BscanHelper
|
|
385
439
|
Log 2,"BscanHelper.init_internals #{k}:#{v}"
|
386
440
|
end
|
387
441
|
|
442
|
+
@burp_cb = nil
|
388
443
|
@bscan_config = @cmd_params['bscan_config']
|
389
444
|
@burp_config = @cmd_params['burp_config']
|
390
445
|
@issues = @bscan_config['bscan.issues']
|
391
446
|
@modules_only = (@bscan_config['bscan.modules_only'] and @bscan_config['bscan.modules_only'] == 'true')
|
447
|
+
@run_proxy ||= (@bscan_config['bscan.run_proxy'] and @bscan_config['bscan.run_proxy'] == 'true')
|
448
|
+
@url_prefs ||= @bscan_config['bscan.report_url_prefix']
|
449
|
+
@url_prefs = [@url_prefs] if @url_prefs and not @url_prefs.kind_of?(Array)
|
392
450
|
@modules ||= @bscan_config['bscan.modules']
|
393
451
|
@modules ||= [] if not @modules
|
394
452
|
@modules = [@modules] if not @modules.kind_of?(Array)
|
@@ -423,7 +481,101 @@ module BscanHelper
|
|
423
481
|
@bscan_config[pref + 'static_request'] == 'true'
|
424
482
|
end
|
425
483
|
|
484
|
+
def send_to_spider url
|
485
|
+
url = Java::JavaNet::URL.new(url.to_s) unless url.kind_of?(Java::JavaNet::URL)
|
486
|
+
@burp_cb.sendToSpider(url) if @burp_cb
|
487
|
+
end
|
488
|
+
|
489
|
+
def do_passive_scan host, port, https, req, resp
|
490
|
+
req = req.to_java_bytes if req.kind_of?(String)
|
491
|
+
resp = resp.to_java_bytes if resp.kind_of?(String)
|
492
|
+
@burp_cb.doPassiveScan(host, port, https, req, resp) if @burp_cb
|
493
|
+
end
|
494
|
+
|
495
|
+
def do_active_scan host, port, https, req
|
496
|
+
req = req.to_java_bytes if req.kind_of?(String)
|
497
|
+
@burp_cb.doActiveScan(host, port, https, req) if @burp_cb
|
498
|
+
end
|
499
|
+
|
500
|
+
def is_in_scope(url)
|
501
|
+
case url
|
502
|
+
when Java::Burp::IHttpRequestResponse, Java::Burp::IRequestInfo
|
503
|
+
url = url.getUrl
|
504
|
+
else
|
505
|
+
url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
|
506
|
+
end
|
507
|
+
@burp_cb.isInScope(url) if @burp_cb
|
508
|
+
end
|
509
|
+
|
510
|
+
def include_in_scope(url)
|
511
|
+
case url
|
512
|
+
when Java::Burp::IHttpRequestResponse, Java::Burp::IRequestInfo
|
513
|
+
url = url.getUrl
|
514
|
+
else
|
515
|
+
url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
|
516
|
+
end
|
517
|
+
@burp_cb.includeInScope(url) if @burp_cb
|
518
|
+
end
|
519
|
+
def save_config
|
520
|
+
@burp_cb.saveConfig().to_hash
|
521
|
+
end
|
522
|
+
def to_map h
|
523
|
+
m = Java.java.util.HashMap.new
|
524
|
+
h.each_pair do |k,v|
|
525
|
+
m.put(k,v)
|
526
|
+
end
|
527
|
+
m
|
528
|
+
end
|
529
|
+
|
530
|
+
def load_config config,burp_defaults=nil
|
531
|
+
@load_config_flag = true
|
532
|
+
begin
|
533
|
+
@burp_extender.loadConfig(config.to_java, burp_defaults)
|
534
|
+
Log 2, "BscanHelper.load_config finished"
|
535
|
+
rescue Exception => e
|
536
|
+
Log 0, "BscanHelper.load_config\nException: #{e.message}"
|
537
|
+
Log 0, e.backtrace.join("\n")
|
538
|
+
end
|
539
|
+
@load_config_flag = false
|
540
|
+
end
|
541
|
+
def hdr_nbr params,par
|
542
|
+
start = 0
|
543
|
+
while params['spider.customheader' + start.to_s] and params['spider.customheader' + start.to_s] != par
|
544
|
+
start += 1
|
545
|
+
end
|
546
|
+
start
|
547
|
+
end
|
426
548
|
|
549
|
+
def add_spider_headers params
|
550
|
+
acts = get_action
|
551
|
+
pars = get_action_params
|
552
|
+
Log 3, "BscanHelper.add_spider_headers #{acts[0]} #{pars[0]}"
|
553
|
+
i = -1
|
554
|
+
acts.each do |a|
|
555
|
+
i += 1
|
556
|
+
case a
|
557
|
+
when 'add_header'
|
558
|
+
start = hdr_nbr params,pars[i]
|
559
|
+
Log 3, "BscanHelper.add_spider_headers #{a} #{pars[i]} #{start}"
|
560
|
+
params['spider.customheader' + start.to_s] = pars[i] if not params['spider.customheader' + start.to_s]
|
561
|
+
end
|
562
|
+
end
|
563
|
+
end
|
427
564
|
|
565
|
+
def replace_params inp
|
566
|
+
while inp =~ /#\{bscan\.(\w+)\}/ do
|
567
|
+
v = @bscan_config['bscan.global.'+ $1 ]
|
568
|
+
if not v
|
569
|
+
Log 0, "BscanHelper.replace_params can't replace #{$1} was bscan.global.#{$1} defined?"
|
570
|
+
next
|
571
|
+
end
|
572
|
+
Log 3, "BscanHelper.replace_params #{$1} -> " + v
|
573
|
+
inp.sub!(/#\{bscan\.(\w+)\}/, v)
|
574
|
+
end
|
575
|
+
end
|
576
|
+
|
577
|
+
def exit_suite prompt
|
578
|
+
@burp_cb.exitSuite(prompt.to_java(Java::boolean))
|
579
|
+
end
|
428
580
|
|
429
|
-
end
|
581
|
+
end
|
data/lib/bscan/utils/mailer.rb
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
|
2
|
+
=begin
|
3
|
+
Copyright (c) 2015, Oleg Gryb
|
4
|
+
All rights reserved.
|
5
|
+
|
6
|
+
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
7
|
+
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
8
|
+
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
9
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
10
|
+
=end
|
11
|
+
|
1
12
|
require 'net/smtp'
|
2
13
|
require 'socket'
|
3
14
|
|