dradis-ntospider 4.2.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +4 -0
- data/.rspec +2 -0
- data/CHANGELOG.md +3 -0
- data/README.md +5 -0
- data/dradis-ntospider.gemspec +5 -2
- data/lib/dradis/plugins/ntospider/field_processor.rb +5 -1
- data/lib/dradis/plugins/ntospider/gem_version.rb +1 -1
- data/lib/dradis/plugins/ntospider/importer.rb +10 -7
- data/lib/dradis-ntospider.rb +1 -0
- data/lib/ntospider/attack.rb +75 -0
- data/lib/ntospider/vuln.rb +24 -9
- data/spec/fixtures/files/VulnerabilitiesSummary.xml +484 -379
- data/spec/ntospider_import_spec.rb +87 -0
- data/spec/spec_helper.rb +10 -0
- data/templates/evidence.fields +13 -4
- data/templates/evidence.sample +28 -198
- data/templates/evidence.template +11 -8
- data/templates/vuln.fields +14 -0
- data/templates/vuln.sample +134 -197
- data/templates/vuln.template +3 -3
- metadata +58 -10
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe Dradis::Plugins::NTOSpider::Importer do
|
|
4
|
+
before(:each) do
|
|
5
|
+
# Stub template service
|
|
6
|
+
templates_dir = File.expand_path('../../templates', __FILE__)
|
|
7
|
+
expect_any_instance_of(Dradis::Plugins::TemplateService)
|
|
8
|
+
.to receive(:default_templates_dir).and_return(templates_dir)
|
|
9
|
+
|
|
10
|
+
# Init services
|
|
11
|
+
plugin = Dradis::Plugins::NTOSpider
|
|
12
|
+
|
|
13
|
+
@content_service = Dradis::Plugins::ContentService::Base.new(
|
|
14
|
+
logger: Logger.new(STDOUT),
|
|
15
|
+
plugin: plugin
|
|
16
|
+
)
|
|
17
|
+
|
|
18
|
+
@importer = plugin::Importer.new(
|
|
19
|
+
content_service: @content_service,
|
|
20
|
+
plugin: plugin
|
|
21
|
+
)
|
|
22
|
+
|
|
23
|
+
# Stub dradis-plugins methods
|
|
24
|
+
#
|
|
25
|
+
# They return their argument hashes as objects mimicking
|
|
26
|
+
# Nodes, Issues, etc
|
|
27
|
+
allow(@content_service).to receive(:create_node) do |args|
|
|
28
|
+
OpenStruct.new(args)
|
|
29
|
+
end
|
|
30
|
+
allow(@content_service).to receive(:create_note) do |args|
|
|
31
|
+
OpenStruct.new(args)
|
|
32
|
+
end
|
|
33
|
+
allow(@content_service).to receive(:create_issue) do |args|
|
|
34
|
+
OpenStruct.new(args)
|
|
35
|
+
end
|
|
36
|
+
allow(@content_service).to receive(:create_evidence) do |args|
|
|
37
|
+
OpenStruct.new(args)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it 'creates nodes, issues and evidence as needed' do
|
|
42
|
+
# nodes
|
|
43
|
+
expect(@content_service).to receive(:create_node).with(
|
|
44
|
+
hash_including(label: 'www.webscantest.com', type: :host)
|
|
45
|
+
).exactly(4).times
|
|
46
|
+
|
|
47
|
+
# issues
|
|
48
|
+
expect(@content_service).to receive(:create_issue).with(
|
|
49
|
+
hash_including(id: 'Browser Cache directive (web application performance)')
|
|
50
|
+
).once
|
|
51
|
+
|
|
52
|
+
expect(@content_service).to receive(:create_issue).with(
|
|
53
|
+
hash_including(id: 'Predictable Resource Location')
|
|
54
|
+
).once
|
|
55
|
+
|
|
56
|
+
expect(@content_service).to receive(:create_issue).with(
|
|
57
|
+
hash_including(id: 'Content Type Charset Check')
|
|
58
|
+
).once
|
|
59
|
+
|
|
60
|
+
expect(@content_service).to receive(:create_issue).with(
|
|
61
|
+
hash_including(id: 'Collecting Sensitive Personal Information')
|
|
62
|
+
).once
|
|
63
|
+
|
|
64
|
+
# evidence
|
|
65
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
66
|
+
expect(args[:issue].id).to eq('Browser Cache directive (web application performance)')
|
|
67
|
+
expect(args[:node].label).to eq('www.webscantest.com')
|
|
68
|
+
end.once
|
|
69
|
+
|
|
70
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
71
|
+
expect(args[:issue].id).to eq('Predictable Resource Location')
|
|
72
|
+
expect(args[:node].label).to eq('www.webscantest.com')
|
|
73
|
+
end.once
|
|
74
|
+
|
|
75
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
76
|
+
expect(args[:issue].id).to eq('Content Type Charset Check')
|
|
77
|
+
expect(args[:node].label).to eq('www.webscantest.com')
|
|
78
|
+
end.twice
|
|
79
|
+
|
|
80
|
+
expect(@content_service).to receive(:create_evidence) do |args|
|
|
81
|
+
expect(args[:issue].id).to eq('Collecting Sensitive Personal Information')
|
|
82
|
+
expect(args[:node].label).to eq('www.webscantest.com')
|
|
83
|
+
end.exactly(3).times
|
|
84
|
+
|
|
85
|
+
@importer.import(file: 'spec/fixtures/files/VulnerabilitiesSummary.xml')
|
|
86
|
+
end
|
|
87
|
+
end
|
data/spec/spec_helper.rb
ADDED
data/templates/evidence.fields
CHANGED
|
@@ -1,4 +1,13 @@
|
|
|
1
|
-
evidence.
|
|
2
|
-
evidence.
|
|
3
|
-
evidence.
|
|
4
|
-
evidence.
|
|
1
|
+
evidence.attack_config_description
|
|
2
|
+
evidence.attack_description
|
|
3
|
+
evidence.attack_id
|
|
4
|
+
evidence.attack_matched_string
|
|
5
|
+
evidence.attack_post_params
|
|
6
|
+
evidence.attack_request
|
|
7
|
+
evidence.attack_response
|
|
8
|
+
evidence.attack_user_notes
|
|
9
|
+
evidence.attack_value
|
|
10
|
+
evidence.attack_vuln_url
|
|
11
|
+
evidence.benign
|
|
12
|
+
evidence.original_value
|
|
13
|
+
evidence.original_response_code
|
data/templates/evidence.sample
CHANGED
|
@@ -1,200 +1,30 @@
|
|
|
1
|
-
<Vuln>
|
|
2
|
-
<DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
|
|
3
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
4
|
-
<ScanName>hackthissite</ScanName>
|
|
5
|
-
<WebSite>http://www.hackthissite.org:80</WebSite>
|
|
6
|
-
<VulnType>Reflected Cross-site scripting (XSS)</VulnType>
|
|
7
|
-
<VulnUrl>http://www.hackthissite.org/</VulnUrl>
|
|
8
|
-
<NormalizedUrl>http://www.hackthissite.org/?</NormalizedUrl>
|
|
9
|
-
<MatchedString></MatchedString>
|
|
10
|
-
<NormalizedPostParams></NormalizedPostParams>
|
|
11
|
-
<VulnParam>Unnamed</VulnParam>
|
|
12
|
-
<ParameterName>Unnamed</ParameterName>
|
|
13
|
-
<HtmlEntityAttacked>Query-Parameters</HtmlEntityAttacked>
|
|
14
|
-
<AttackType>javascript after single quote</AttackType>
|
|
15
|
-
<AttackScore>3-Medium</AttackScore>
|
|
16
|
-
<AttackValue>';alert('x9lj3cup');//</AttackValue>
|
|
17
|
-
<Method>GET</Method>
|
|
18
|
-
<RootCauseId>9AEE038BB3477FE5A178FBA57C93FC76</RootCauseId>
|
|
19
|
-
<Description><![CDATA[<p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p>]]></Description>
|
|
20
|
-
<Recommendation><![CDATA[
|
|
21
|
-
|
|
22
|
-
<p>Reflected XSS attacks are also known as type 1 or non-persistent XSS attacks, and are the most frequent type of XSS attacks found nowadays.</p>
|
|
23
|
-
|
|
24
|
-
<p>When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests to the client. The common modus operandi of the attack includes a design step, in which the attacker creates and tests an offending URI, a social engineering step, in which she convinces her victims to load this URI on their browsers, and the eventual execution of the offending code - using the victim's credentials.</p>
|
|
25
|
-
|
|
26
|
-
<p>Commonly the attacker's code is written in the Javascript language, but other scripting languages are also used, e.g., ActionScript and VBScript.</p>
|
|
27
|
-
|
|
28
|
-
<p>Attackers typically leverage these vulnerabilities to install key loggers, steal victim cookies, perform clipboard theft, and change the content of the page (e.g., download links).</p>
|
|
29
|
-
|
|
30
|
-
<p>One of the important matters about exploiting XSS vulnerabilities is character encoding. In some cases, the web server or the web application may not be filtering some encodings of characters, so, for example, the web application might filter out "<script>", but might not filter "%3Cscript%3E" which simply includes another encoding of tags. A nice tool for testing character encodings is OWASP's CAL9000. </p>]]></Recommendation>
|
|
31
|
-
<Page>http://www.hackthissite.org/</Page>
|
|
32
|
-
<Url>http://www.hackthissite.org/</Url>
|
|
33
|
-
<VulnParamType>unknown</VulnParamType>
|
|
34
|
-
<CrawlTrafficTemplate>R0VUIC8/eGh5azJhanEtcHQgSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBfX3V0bWE9MTk4NDAyODcwLjYwNzMyMTI4MC4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xOyBfX3V0bXo9MTk4NDAyODcwLjE0MTMyNjA5MjMuMS4xLnV0bWNzcj0oZGlyZWN0KXx1dG1jY249KGRpcmVjdCl8dXRtY21kPShub25lKTsgYWRzX2JtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9OTFkOTgzOThhY2U2NzUxZjI3YTI5ZmNmYmJhMmMwOTQ7IGJtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYj0xOTg0MDI4NzAuNTAwLjEwLjE0MTMyNjA5MjM7IF9fdXRtYz0xOTg0MDI4NzA7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBsZXZlbDEwX2F1dGhvcml6ZWQ9bm87DQoNCg==</CrawlTrafficTemplate>
|
|
35
|
-
<AttackClass>Application Developer</AttackClass>
|
|
36
|
-
<CweId>79</CweId>
|
|
37
|
-
<CAPEC>80</CAPEC>
|
|
38
|
-
<DISSA_ASC>3580</DISSA_ASC>
|
|
39
|
-
<OWASP2007>1</OWASP2007>
|
|
40
|
-
<OWASP2010>2</OWASP2010>
|
|
41
|
-
<OWASP2013>3</OWASP2013>
|
|
42
|
-
<OVAL>6312</OVAL>
|
|
43
|
-
<WASC>0</WASC>
|
|
44
|
-
<ScanDate>2014-10-14 07:26:14</ScanDate>
|
|
45
|
-
<ScanEnd>2014-10-15 01:59:37</ScanEnd>
|
|
46
|
-
<DefenseBL>
|
|
47
|
-
<DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
|
|
48
|
-
<ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
|
|
49
|
-
<PcreRegex></PcreRegex>
|
|
50
|
-
<ModSecurity></ModSecurity>
|
|
51
|
-
<Snort></Snort>
|
|
52
|
-
<Imperva>cross-site-scripting</Imperva>
|
|
53
|
-
</DefenseBL>
|
|
54
|
-
<DefenseWL>
|
|
55
|
-
<DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
|
|
56
|
-
<ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
|
|
57
|
-
<PcreRegex></PcreRegex>
|
|
58
|
-
<ModSecurity></ModSecurity>
|
|
59
|
-
<Snort></Snort>
|
|
60
|
-
<Imperva></Imperva>
|
|
61
|
-
</DefenseWL>
|
|
62
|
-
<AttackList>
|
|
63
1
|
<Attack>
|
|
64
|
-
<DbId>
|
|
65
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
66
|
-
<
|
|
67
|
-
<
|
|
68
|
-
<
|
|
69
|
-
<
|
|
70
|
-
<
|
|
71
|
-
<
|
|
72
|
-
<
|
|
73
|
-
<
|
|
74
|
-
<
|
|
75
|
-
<
|
|
76
|
-
<
|
|
77
|
-
|
|
78
|
-
</
|
|
2
|
+
<DbId>F3CE345BAF3442B48B2668809722032D</DbId>
|
|
3
|
+
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
4
|
+
<AttackId>PE_01</AttackId>
|
|
5
|
+
<AttackValue></AttackValue>
|
|
6
|
+
<AttackVulnUrl>https://test.t.example.com/en/help</AttackVulnUrl>
|
|
7
|
+
<AttackPostParams></AttackPostParams>
|
|
8
|
+
<AttackMatchedString>OK</AttackMatchedString>
|
|
9
|
+
<AttackDescription>Server allowed access to the resource without valid session</AttackDescription>
|
|
10
|
+
<AttackConfigDescription>Privilege Escalation</AttackConfigDescription>
|
|
11
|
+
<AttackUserNotes></AttackUserNotes>
|
|
12
|
+
<OriginalValue></OriginalValue>
|
|
13
|
+
<OriginalResponseCode>200</OriginalResponseCode>
|
|
14
|
+
<AttackRequestList>
|
|
15
|
+
<AttackRequest>
|
|
16
|
+
<DbId>0D9D750204F742E3B0FC513BFA1EABC9</DbId>
|
|
17
|
+
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
18
|
+
<Request>R0VUIC9lbi9oZWxwP3N1.....mlvDQoNCg==</Request>
|
|
19
|
+
<Response>SFRUUC8xLjEgMjAwIE9LDQpDYWNoZ.....ib2R5Pgo8L2h0bWw+Cg==</Response>
|
|
20
|
+
<Benign>0</Benign>
|
|
21
|
+
</AttackRequest>
|
|
22
|
+
<AttackRequest>
|
|
23
|
+
<DbId>D12FBA19C7AD4279A0D698D14D6480BE</DbId>
|
|
24
|
+
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
25
|
+
<Request>R0VUIC9lbi9oZWxwIEhUVFA.....N0LnQuZ2FiLmlvL2VuLw0KDQo=</Request>
|
|
26
|
+
<Response>SFRUUC8xLjEgMjAwIE9LDQpD.....PC9ib2R5Pgo8L2h0bWw+Cg==</Response>
|
|
27
|
+
<Benign>0</Benign>
|
|
28
|
+
</AttackRequest>
|
|
29
|
+
</AttackRequestList>
|
|
79
30
|
</Attack>
|
|
80
|
-
<Attack>
|
|
81
|
-
<DbId>6B29EBB4F4094201B6541769C9D3BCFB</DbId>
|
|
82
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
83
|
-
<AttackValue>';alert('xhsysg0a');//</AttackValue>
|
|
84
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
85
|
-
<AttackPostParams></AttackPostParams>
|
|
86
|
-
<AttackMatchedString>xhsysg0a</AttackMatchedString>
|
|
87
|
-
<AttackRequestList>
|
|
88
|
-
<AttackRequest>
|
|
89
|
-
<DbId>245EEA880FA748298BFDD11D286A2AA8</DbId>
|
|
90
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
91
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
92
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
93
|
-
<Benign>0</Benign>
|
|
94
|
-
</AttackRequest>
|
|
95
|
-
</AttackRequestList>
|
|
96
|
-
</Attack>
|
|
97
|
-
<Attack>
|
|
98
|
-
<DbId>208D71F46FC84F7A97A51A9D204936E8</DbId>
|
|
99
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
100
|
-
<AttackValue>'+alert(14357991)+'</AttackValue>
|
|
101
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
102
|
-
<AttackPostParams></AttackPostParams>
|
|
103
|
-
<AttackMatchedString>14357991</AttackMatchedString>
|
|
104
|
-
<AttackRequestList>
|
|
105
|
-
<AttackRequest>
|
|
106
|
-
<DbId>656C78FC2C5A4E8E88805D70E85C03BB</DbId>
|
|
107
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
108
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
109
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
110
|
-
<Benign>0</Benign>
|
|
111
|
-
</AttackRequest>
|
|
112
|
-
</AttackRequestList>
|
|
113
|
-
</Attack>
|
|
114
|
-
<Attack>
|
|
115
|
-
<DbId>FF2039A5A33D4167B1BD5F10DBD78989</DbId>
|
|
116
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
117
|
-
<AttackValue><![CDATA[xhyk2ajq-pt"><script>alert(15009454)</script>]]></AttackValue>
|
|
118
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
119
|
-
<AttackPostParams></AttackPostParams>
|
|
120
|
-
<AttackMatchedString>15009454</AttackMatchedString>
|
|
121
|
-
<AttackRequestList>
|
|
122
|
-
<AttackRequest>
|
|
123
|
-
<DbId>81362DB814024D8899B83D4A4FF7DE3A</DbId>
|
|
124
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
125
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
126
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
127
|
-
<Benign>0</Benign>
|
|
128
|
-
</AttackRequest>
|
|
129
|
-
</AttackRequestList>
|
|
130
|
-
</Attack>
|
|
131
|
-
<Attack>
|
|
132
|
-
<DbId>96A0331A38FF47AFA13C547518721E08</DbId>
|
|
133
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
134
|
-
<AttackValue><![CDATA[<img """><script>alert("x9khdxei")</script>">]]></AttackValue>
|
|
135
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
136
|
-
<AttackPostParams></AttackPostParams>
|
|
137
|
-
<AttackMatchedString>x9khdxei</AttackMatchedString>
|
|
138
|
-
<AttackRequestList>
|
|
139
|
-
<AttackRequest>
|
|
140
|
-
<DbId>49A7844AA3884CE19078E68B4F12E04B</DbId>
|
|
141
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
142
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
143
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
144
|
-
<Benign>0</Benign>
|
|
145
|
-
</AttackRequest>
|
|
146
|
-
</AttackRequestList>
|
|
147
|
-
</Attack>
|
|
148
|
-
<Attack>
|
|
149
|
-
<DbId>23E5FDE97F5E42628FC74477F8513B8D</DbId>
|
|
150
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
151
|
-
<AttackValue>');alert('x9krdis7');//</AttackValue>
|
|
152
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
153
|
-
<AttackPostParams></AttackPostParams>
|
|
154
|
-
<AttackMatchedString>x9krdis7</AttackMatchedString>
|
|
155
|
-
<AttackRequestList>
|
|
156
|
-
<AttackRequest>
|
|
157
|
-
<DbId>E982E7BCB4F64A56AC6AC1B8C697E284</DbId>
|
|
158
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
159
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
160
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
161
|
-
<Benign>0</Benign>
|
|
162
|
-
</AttackRequest>
|
|
163
|
-
</AttackRequestList>
|
|
164
|
-
</Attack>
|
|
165
|
-
<Attack>
|
|
166
|
-
<DbId>B87C5202F4A74BEBA06936F6BD186076</DbId>
|
|
167
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
168
|
-
<AttackValue>'-alert(15189768)-'</AttackValue>
|
|
169
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
170
|
-
<AttackPostParams></AttackPostParams>
|
|
171
|
-
<AttackMatchedString>15189768</AttackMatchedString>
|
|
172
|
-
<AttackRequestList>
|
|
173
|
-
<AttackRequest>
|
|
174
|
-
<DbId>E3F212EBD7134B958D3EB7D4369FE1A9</DbId>
|
|
175
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
176
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
177
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
178
|
-
<Benign>0</Benign>
|
|
179
|
-
</AttackRequest>
|
|
180
|
-
</AttackRequestList>
|
|
181
|
-
</Attack>
|
|
182
|
-
<Attack>
|
|
183
|
-
<DbId>ED858AB85A2C46C9953BA5E86C412BEE</DbId>
|
|
184
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
185
|
-
<AttackValue>';alert('x9lj3cup');//</AttackValue>
|
|
186
|
-
<AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
|
|
187
|
-
<AttackPostParams></AttackPostParams>
|
|
188
|
-
<AttackMatchedString>x9lj3cup</AttackMatchedString>
|
|
189
|
-
<AttackRequestList>
|
|
190
|
-
<AttackRequest>
|
|
191
|
-
<DbId>2F292FE91CD64B86B98B536D9BA66FE7</DbId>
|
|
192
|
-
<ParentDbId>00000000000000000000000000000000</ParentDbId>
|
|
193
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
194
|
-
<Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
|
|
195
|
-
<Benign>0</Benign>
|
|
196
|
-
</AttackRequest>
|
|
197
|
-
</AttackRequestList>
|
|
198
|
-
</Attack>
|
|
199
|
-
</AttackList>
|
|
200
|
-
</Vuln>
|
data/templates/evidence.template
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
-
#[Title]#
|
|
2
|
-
%evidence.web_site%
|
|
3
|
-
|
|
4
1
|
#[URL]#
|
|
5
|
-
%evidence.
|
|
6
|
-
|
|
7
|
-
#[Normalized URL]#
|
|
8
|
-
%evidence.normalized_url%
|
|
2
|
+
%evidence.attack_vuln_url%
|
|
9
3
|
|
|
10
4
|
#[Param]#
|
|
11
|
-
%evidence.
|
|
5
|
+
%evidence.attack_post_params%
|
|
6
|
+
|
|
7
|
+
#[String]#
|
|
8
|
+
%evidence.attack_matched_string%
|
|
9
|
+
|
|
10
|
+
#[Request]#
|
|
11
|
+
%evidence.attack_request%
|
|
12
|
+
|
|
13
|
+
#[Response]#
|
|
14
|
+
%evidence.attack_response%
|
data/templates/vuln.fields
CHANGED
|
@@ -3,16 +3,30 @@ vuln.attack_score
|
|
|
3
3
|
vuln.attack_type
|
|
4
4
|
vuln.attack_value
|
|
5
5
|
vuln.capec
|
|
6
|
+
vuln.confidence
|
|
6
7
|
vuln.cwe_id
|
|
7
8
|
vuln.description
|
|
8
9
|
vuln.dissa_asc
|
|
10
|
+
vuln.html_entity_attacked
|
|
11
|
+
vuln.imperva_bl
|
|
12
|
+
vuln.imperva_wl
|
|
13
|
+
vuln.mod_security_bl
|
|
14
|
+
vuln.mod_security_wl
|
|
9
15
|
vuln.normalized_url
|
|
10
16
|
vuln.oval
|
|
11
17
|
vuln.owasp2007
|
|
12
18
|
vuln.owasp2010
|
|
13
19
|
vuln.owasp2013
|
|
20
|
+
vuln.owasp2017
|
|
21
|
+
vuln.pcre_regex_bl
|
|
22
|
+
vuln.pcre_regex_wl
|
|
14
23
|
vuln.recommendation
|
|
24
|
+
vuln.scan_date
|
|
25
|
+
vuln.snort_bl
|
|
26
|
+
vuln.snort_wl
|
|
27
|
+
vuln.statistically_prevalent_original_response_code
|
|
15
28
|
vuln.vuln_method
|
|
16
29
|
vuln.vuln_param
|
|
17
30
|
vuln.vuln_type
|
|
18
31
|
vuln.vuln_url
|
|
32
|
+
vuln.wasc
|