bscan 1.4.4 → 1.4.5

data/CONFIG.rdoc

@@ -30,7 +30,7 @@ path that configs refers to:
 
 see BscannerHelper#search_path for details
 
-== BScan Specific Parameters
+== BScan Parameters
 * bscan.modules - see 'CONVENTIONS' for details
 * bscan.inactivity_to - inactivity is sec that triggers exit
 * bscan.issues=issues - output directory for findings/issues
@@ -39,6 +39,22 @@ see BscannerHelper#search_path for details
 * bscan.url - URL to spider, multiple entries are OK. Have no effect 
   if scan.modules_only=true
 
+== BScan SMTP Parameters
+If specified an email will be sent. If 'include_report' is set
+to 'true', the detailed zipped report will be attached. You'll ned 
+'zip' gem to make attachments working.
+* bscan.smtp.server=<server> SMTP server
+* bscan.smtp.port=n SMTP port
+  Default: 25 for plain, 465 for SSL
+* bscan.smtp.ssl=<true|false> Use SSL
+  Default - false
+* bscan.smtp.to=<to_emails_coma_separated>
+* bscan.smtp.from=<from_email>
+* bscan.smtp.domain=<from_domain>
+  Deafult: from_email's domain
+* bscan.smtp.include_report=<true|false> attach report as zip
+  Default: false
+
 == Modules Included to the Package
 * injector.rb - injects malicious patterns provided in a file (e.g. Google's
   fuzzdb) to URL or body parameters. It can also inject to pattern marked

data/README.rdoc

@@ -78,6 +78,13 @@ To get help for config layout run:
   
   bscan --help config
 
+== RUNNING, REGISTERING Burp Pro:
+You need to register you burp.jar before you can run it headless
+
+* Run your Burp as usual with GUI and provide you license. 
+  After this is done, you can run it headless using 'bscan'
+
+
 == DOCUMENTATION, SAMPLES, RUNNING HEADLESSLY
 * Rdoc generated files: http://gryb.info/bscan/
 * After installing BScan's gem find the location of 'samples' dir:
@@ -88,8 +95,6 @@ To get help for config layout run:
 	#!/bin/sh
 	jruby -J-Xmx1024M -J-Djava.awt.headless=true -S bscan -c ../config/conf -L 2 -l bscan.log
    
-
-
 == CREDITS:
 * Burp and Burp Suite are trademarks of PortSwigger(ltd) 
   Copyright 2012 PortSwigger Ltd. All rights reserved.

data/Rakefile

@@ -10,7 +10,7 @@ begin
     gem.summary = %q{BScan is an extendable and configurable command line web application security scanner}
     gem.description = %q{BScan is a configurable and extendable web application security scanner that can be run from a command line headless (without UI). It's built on top of arguably the most popular commercial security testing tool Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr}
     gem.email = "oleg@gryb.info"
-    gem.homepage = "http://sf.net/projects/b-scan/"
+    gem.homepage = "http://gryb.info/bscan"
     gem.authors = ["Oleg Gryb (ogryb)"]
     #gem.platform = "java"
     gem.test_files = ["test/bscan_test.rb"]

data/VERSION

@@ -1 +1 @@
-1.4.4
+1.4.5

data/bscan.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "bscan"
-  s.version = "1.4.4"
+  s.version = "1.4.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Oleg Gryb (ogryb)"]
-  s.date = "2012-08-13"
+  s.date = "2012-08-15"
   s.description = "BScan is a configurable and extendable web application security scanner that can be run from a command line headless (without UI). It's built on top of arguably the most popular commercial security testing tool Burp Suite from PortSwigger and Buby from Eric Monti and Timur Duehr"
   s.email = "oleg@gryb.info"
   s.executables = ["bscan"]
@@ -32,16 +32,18 @@ Gem::Specification.new do |s|
     "lib/bscan/modules/many_threads.rb",
     "lib/bscan/modules/slowloris.rb",
     "lib/bscan/utils/bscan_helper.rb",
+    "lib/bscan/utils/mailer.rb",
     "release_notes.txt",
     "samples/config/big_request.txt",
     "samples/config/conf",
     "samples/config/injector.txt",
     "samples/config/request.txt",
+    "samples/config/xss.txt",
     "samples/headless-bscan.sh",
     "test.sh",
     "test/bscan_test.rb"
   ]
-  s.homepage = "http://sf.net/projects/b-scan/"
+  s.homepage = "http://gryb.info/bscan"
   s.rdoc_options = ["--main", "README.rdoc"]
   s.require_paths = ["lib"]
   s.rubygems_version = "1.8.24"

data/lib/bscan.rb

@@ -5,6 +5,7 @@ require 'buby'
 require 'getoptlong'
 require 'json'
 require 'bscan/utils/bscan_helper'
+require 'bscan/utils/mailer'
 require 'java'
 
 class String
@@ -19,10 +20,12 @@ end
 module BScan
   
   include BscanHelper
+  include Mailer
   
   attr_accessor :activity
   attr_reader :modules_only
   attr_reader :bscan_config
+  attr_accessor :stat
 
   def Log (mtype, *msgs)
     pr = "Unknown:"
@@ -46,6 +49,7 @@ module BScan
   end
   
   def evt_commandline_args args
+    init_stat
     @cmd_params ||= JSON.parse args[0]
     @ll =  @cmd_params['loglevel'].to_i
 
@@ -151,16 +155,22 @@ module BScan
   def write_issue_state issue
 #   Log 2,"INSPECT: #{issue.http_messages[0].methods}  #{issue.http_messages[0].inspect}  #{issue.http_messages[0].to_s} "
     
+    @stat['high'] += 1 if issue.severity =~ /High/i
+    @stat['med'] += 1 if issue.severity =~ /Med/i
+    @stat['low'] += 1 if issue.severity =~ /Low/i
+    @stat['urls'] += "  #{issue.url}\n"
+    
     Log 2,"BScan.write_issue_state #{not @istream} #{issue.http_messages[0].methods}  #{issue.http_messages[0].to_s} "
     @istream or return
     begin 
-      @istream.puts '#'*70,"#{issue.issue_name} : #{issue.url}",
-                    "Severity: #{issue.severity}(#{issue.confidence})",
-                    "Background: #{issue.issue_background}",
-                    "Details: #{issue.issue_detail}",
-                    "Remediation: #{issue.remediation_background}",
-                    "Request: #{issue.http_messages[0].req_str}",
-                    "Response: #{issue.http_messages[0].rsp_str}"
+      @istream.println '#'*70
+      @istream.println "#{issue.issue_name} : #{issue.url}"
+      @istream.println "Severity: #{issue.severity}(#{issue.confidence})"
+      @istream.println "Background: #{issue.issue_background}"
+      @istream.println "Details: #{issue.issue_detail}" 
+      @istream.println "Remediation: #{issue.remediation_background}"
+      @istream.println "Request: #{issue.http_messages[0].req_str}" 
+      @istream.println "Response: #{issue.http_messages[0].rsp_str}"
       # sync_save_state issue throws exceptions
       @istream.flush 
     rescue Exception => e
@@ -169,9 +179,16 @@ module BScan
     end
   end
   def evt_application_closing
-    Log 2,"BScan.evt_application_closing"
-    @istream.close if @istream
-    @log.close if @log
+    begin
+      Log 2,"BScan.evt_application_closing #{@bscan_config['bscan.smtp.server']} #{@bscan_config['bscan.smtp.to']}"
+      @istream.close if @istream
+      @stat['end_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S") 
+      send_email if @bscan_config['bscan.smtp.server'] and @bscan_config['bscan.smtp.to']
+      @log.close if @log
+    rescue Exception => e
+      Log 0, "BScan.evt_application_closing Exception: #{e.message}"
+      Log 0, e.backtrace.join("\n")
+   end
   end
     
   def evt_register_callbacks cb
@@ -190,11 +207,12 @@ module BScan
           dt = Time.now.strftime("%y%m%d_%H%M%S")
           File.directory? @issues or %x{mkdir -p "#{@issues}"}
           @sstream = "#{@issues}/session.#{dt}.zip"
-          @istream = File.open("#{@issues}/issues.#{dt}.txt","w")
+          ifile = "#{@issues}/issues.#{dt}.txt"
+          @istream = java.io.PrintStream.new(ifile)
+          @stat['issues'] = ifile
         rescue Exception => e
           Log 0, "BScan.evt_register_callbacks Can't create issues or session files, Exception: #{e.message}"
           Log 0,  e.backtrace.join("\n")
-  
           exit_suite
         end
       end
@@ -238,6 +256,7 @@ module BScan
       params.each_pair {|k,v| Log 2,"#{k}:#{v}"} # if k =~ /^(scanner|spider)/}
      
      @modules ||= @bscan_config['bscan.modules']
+     @modules ||= [] if not @modules
      @modules = [@modules] if not @modules.kind_of?(Array)
      
      mods = []
@@ -247,8 +266,8 @@ module BScan
 
      @modules = mods.flatten 
      
-      urls = @bscan_config['bscan.url']
-      Log 2, "BScan.evt_register_callbacks urls: #{@modules_only} #{urls.join('|')}"
+    urls = @bscan_config['bscan.url']
+    Log 2, "BScan.evt_register_callbacks urls: #{@modules_only} #{urls}"
   
      run_modules # run_modules without 'msg' will do static reqs only 
      return if @modules_only
@@ -295,6 +314,17 @@ def add_multi map,k,v
   end
 end
 
+def init_stat
+  @stat ||= {}
+  @stat['start_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S")
+  @stat['end_time'] = ''
+  @stat['high'] = 0
+  @stat['med'] = 0
+  @stat['low'] = 0
+  @stat['issues'] = ''
+  @stat['urls'] = ''
+end
+
 def read_config file
    
    burp_config = {}

data/lib/bscan/modules/injector.rb

@@ -7,7 +7,7 @@ module Injector
   def run *args
 
     @bscan = args[0]
-    @config ||= @bscan.instance_variable_get("@bscan_config")
+    @config ||= @bscan.bscan_config
     @bscan.activity[0]=true
 
     @prop_pref = 'bscan.injector.'

data/lib/bscan/utils/bscan_helper.rb

@@ -37,12 +37,15 @@ module BscanHelper
     Pathname.new(file).absolute? ? [file] : search_path.map! {|p| File.join(p,file)}
   end
   
-  def open_in_path file
+  def open_in_path file,pathonly=false
     io = nil
     files = search_path_file(file)
     files.each do |p|
-        io = File.open(p,"r") if File.file?(p)
-        return io if io
+        if File.file?(p)
+          return p if pathonly
+          io = File.open(p,"r") 
+          return io if io
+        end
     end
     raise "Can't find file in: #{files.join(':')}"
   end

data/lib/bscan/utils/mailer.rb

@@ -0,0 +1,150 @@
+require 'net/smtp'
+require 'socket'
+
+
+module Mailer
+
+MARKER = "ABCDEFFEDCBA"
+
+HEADERS = 
+%q{From: BScan-<ver> <from>
+To:   <to>
+Subject: <subject>
+Content-Type: multipart/mixed; boundary="<MARKER>"
+MIME-Version: 1.0
+
+--<MARKER>
+}
+
+SIMPLE = 
+%q{From: BScan-<ver> <from>
+To:   <to>
+Subject: <subject>
+Content-Type: text/plain; charset="UTF-8";
+
+<BODY>}
+
+BODY = 
+%q{
+  Start Time: <start_time> 
+  End   Time: <end_time> 
+  High #:     <high>
+  Med  #:     <med>
+  Low  #:     <low>
+  Issues:     <issues>
+  URL's :
+<urls> 
+}
+
+MESSAGE =
+%q{Content-Type: text/plain
+Content-Transfer-Encoding:8bit
+
+<BODY>
+--<MARKER>
+}
+
+ATTACHMENT =
+%q{Content-Type: application/zip; name="<filename>"
+Content-Transfer-Encoding:base64
+Content-Disposition: attachment; filename="<filename>"
+
+<encoded>
+--<MARKER>--
+}
+
+  def pv par,defv=nil
+    val = bscan_config[@m_pref + par] 
+    val ? val : defv
+  end
+
+  def sv par,defv=nil
+    val = @stat[ par] 
+    val ? val : defv
+  end
+  def ver
+    file=::File.expand_path(File.join(::File.dirname(__FILE__), "../../../VERSION"))
+    ::File.file?(file) ? File.read(file).chomp : ''
+  end 
+
+  def send_email 
+    begin
+      
+      @m_pref = 'bscan.smtp.'
+      srv = pv 'server',nil
+      ssl = pv 'ssl',false
+      defport = ssl ? 465 : 25 
+      port = pv 'port',defport
+      from = pv 'from',nil
+      dfrom = $1 if from =~ /@(.+)/
+      domain = pv 'domain',dfrom
+      user = pv 'user',nil
+      pwd = pv 'pwd',nil
+      attach = pv 'include_report','false'
+      attach = attach=='true' ? true:false
+      to = pv 'to', nil
+      file = @stat['issues']
+      file ||= ''
+      raise "Can't send '#{file}' that doesn't exist" if attach && !File.file?(file) 
+      file = File.absolute_path(file)
+      
+      @stat['subject'] = sv 'subject', "BScan @  #{Socket.gethostname}"
+
+      Log 2,"Mailer.send_mail #{@stat} #{pv 'server'} #{pv 'from'} #{pv 'to'} #{pv 'ssl'} #{pv 'port'} #{pv 'domwin'} #{pv 'user'} "
+
+      raise "Params 'server', 'from', 'to', 'domain' are mandatory" if !srv or !from or !to or !domain
+      
+      if (attach)
+        msg = HEADERS + MESSAGE + ATTACHMENT
+        msg.gsub!( /<MARKER>/ , MARKER)  
+        msg.gsub!( /<filename>/ , File.basename(sv('issues'),'.*') + '.zip')  
+        msg.sub!(/<encoded>/,zip_encode(file))
+      else
+        msg = SIMPLE
+      end
+      
+      msg.sub!( /<BODY>/ , BODY)  
+
+      @stat.each_key do |k|
+        Log 2,"Mailer.send_mail replacing <#{k}>"
+        msg.gsub!( /<#{k}>/ , k=='issues'?file:sv(k,'').to_s)  
+      end
+      
+      msg.sub!( /<from>/, "<#{from}>")  
+      msg.sub!( /<to>/  , "<#{to}>")  
+      msg.sub!( /<ver>/ , ver)  
+
+      msg.gsub!(/\r?\n/,"\r\n")
+      
+      to = to.split(',')
+      
+      smtp = Net::SMTP.new srv,port
+      smtp.enable_ssl if ssl
+      if (user)
+        smtp.start(domain,user,pwd)
+      else
+        smtp.start(domain)
+      end
+      Log 2,"Mailer.send_mail send_message #{from} #{to}\n#{msg}"
+      smtp.send_message msg, from, to
+      smtp.finish
+    rescue  Exception => e
+      Log 0, "Mailer.send Exception: #{e.message}"
+      Log 0, e.backtrace.join("\n")
+   end
+  end 
+  
+  def zip_encode f
+    require 'zip/zip'
+    fb  = File.basename(f, '.*')
+    fbe = File.basename(f)
+    zipf = fb + '.zip'
+    zipp = File.join(File.dirname(f), zipf)
+    zip = Zip::ZipFile.open(zipp, Zip::ZipFile::CREATE)
+    zip.find_entry(fbe)?zip.replace(fbe,f):zip.add(fbe,f)
+    zip.close
+    content = File.read(zipp)
+    [content].pack("m")
+  end  
+
+end

data/release_notes.txt

@@ -1,3 +1,8 @@
+== 1.4.5
+* Mailer added to send scan status and detailed reports over SMTP
+* Issues are logged with Java's PrintStream
+* Some bugs have been fixed
+
 == 1.4.4
 * Added a module for apache killer (apache_killer.rb)
 * Changed logging to use Java IO (Ruby's IO caused Java exceptions)

data/samples/config/xss.txt

@@ -0,0 +1,2 @@
+# An example of simple file for injector to find XSS vulns
+<xss_check>

metadata

@@ -2,14 +2,14 @@
 name: bscan
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 1.4.4
+  version: 1.4.5
 platform: ruby
 authors:
 - Oleg Gryb (ogryb)
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-08-13 00:00:00.000000000 Z
+date: 2012-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: buby
@@ -50,15 +50,17 @@ files:
 - lib/bscan/modules/many_threads.rb
 - lib/bscan/modules/slowloris.rb
 - lib/bscan/utils/bscan_helper.rb
+- lib/bscan/utils/mailer.rb
 - release_notes.txt
 - samples/config/big_request.txt
 - samples/config/conf
 - samples/config/injector.txt
 - samples/config/request.txt
+- samples/config/xss.txt
 - samples/headless-bscan.sh
 - test.sh
 - test/bscan_test.rb
-homepage: http://sf.net/projects/b-scan/
+homepage: http://gryb.info/bscan
 licenses: []
 post_install_message:
 rdoc_options: