sekureco 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: df8b1826ede11dcfaebae255e3e86b6a137beb8b
+  data.tar.gz: 26874f5e0fb27f88b638d623aaf6c490a20debfc
+SHA512:
+  metadata.gz: 904a29783ba52f8b40c0b87b2231f428d87ca70a1877319c90060dd554f2a6e0a950c1193080c02ac0d819ae4a7ed0f46edf1bdba47ad056dbbdc71d122e6e36
+  data.tar.gz: 7be203e0b10b76f2dca7bac37c47b5017b8e83be03ef61c15b727a1b80ec2f3f44576e3e8aa95a035215d8a076d4cfa4c220a145c722eeb72d2cd921c0826d16

data/lib/sekureco/html_page.rb

@@ -0,0 +1,65 @@
+require 'nokogiri'
+require 'uri'
+
+module Sekureco
+
+  class HtmlPage
+    def initialize html_doc
+      @html_doc = Nokogiri::HTML(html_doc)
+    end
+
+    def content
+      @html_doc.to_html
+    end
+
+    def body
+      @html_doc.css("body").to_html
+    end
+
+    def parsed_body black_list = []
+      html = self.body.dup
+      black_list.each { |word| html.gsub! word, "" }
+      html.gsub(/(name=\"authenticity_token\" value=\".*\"|authenticity_token=[^;]*;|\?([^=]+=[^\&\"]+)+)/, '')
+    end
+
+    def links
+      @html_doc.css("a")
+    end
+
+    def scripts_with filter
+      @html_doc.css("script.#{filter}")
+    end
+
+    def forms
+      @html_doc.css("form")
+    end
+
+    def has_forms?
+      @html_doc.at_css("form")
+    end
+
+    def csrf_token
+      self.has_csrf_tokens? ? @html_doc.css('meta[name="csrf-token"]').first['content'] : ''
+    end
+
+    def has_csrf_tokens?
+      !@html_doc.css('meta[name="csrf-token"]').empty?
+    end
+
+    def to_s
+      self.parsed_body
+    end
+
+    def log
+      2.times { puts }
+      if self.to_s.include? 'resizerElement'
+        puts "Error"
+      else
+        puts self
+      end
+      2.times { puts }
+      puts "=" * 80
+    end
+  end
+
+end

data/lib/sekureco/http_client.rb

@@ -0,0 +1,61 @@
+require 'net/http'
+require 'uri'
+
+module Sekureco
+
+  class HttpClient
+
+    include Net
+
+    def initialize
+      @cookies = {}
+    end
+
+    def get uri
+      puts "GET #{uri.to_s}"
+      HTTP.start(uri.host, uri.port) do |http|
+        get_request = HTTP::Get.new uri
+        get_request['Cookie'] = cookies
+        @curr_response = http.request(get_request)
+        set_cookies
+      end
+      @curr_response
+    end
+
+    def post uri, params = {}
+      puts "POST #{uri.to_s}"
+      puts "params: #{params}"
+      HTTP.start(uri.host, uri.port) do |http|
+        post_request = HTTP::Post.new uri
+        post_request['Cookie'] = cookies
+        post_request.set_form_data(params)
+        @curr_response = http.request(post_request)
+        set_cookies
+      end
+      @curr_response
+    end
+
+    private
+
+      def set_cookies
+        unless @curr_response.nil?
+          new_cookies = @curr_response.get_fields('set-cookie')
+          unless new_cookies.nil?
+            new_cookies.each do |cookie|
+              key, value = cookie.split("; ").first.split("=")
+              @cookies[key] = value
+            end
+          end
+        end
+      end
+
+      def cookies
+        cookies_field = []
+        @cookies.each do |k, v|
+          cookies_field << "#{k}=#{v}"
+        end
+        cookies_field.join("; ")
+      end
+  end
+
+end

data/lib/sekureco/web_crawler.rb

@@ -0,0 +1,125 @@
+require_relative 'html_page'
+require_relative 'http_client'
+
+module Sekureco
+
+  class WebCrawler
+
+    def initialize url, port, username = nil, password = nil, app_token = 'foo'
+      @uri = URI "#{url}:#{port}/"
+      @http_client = HttpClient.new
+      @source_page = HtmlPage.new @http_client.get(@uri).body
+      @visited = {}
+      @default_username = username
+      @default_password = password
+      @black_list = []
+      @app_token  = app_token
+    end
+
+    def crawl
+      @queue = [@source_page]
+      mark_as_visited @source_page
+      @distance = { @source_page => 0 }
+      until @queue.empty?
+        @current_page = @queue.shift
+        @current_page.log
+        unless too_deep? @current_page
+          test_forms_of @current_page if @current_page.has_forms?
+          @current_page.links.each do |current_link|
+            next_link = URI.join(@uri.to_s, URI::encode(parse(current_link)))
+            next if next_link.path.include? 'logout'
+            response = if current_link["data-method"]
+                         @http_client.post(next_link, { '_method'            => current_link['data-method'],
+                                                        'authenticity_token' => @current_page.csrf_token })
+                       else
+                         @http_client.get(next_link)
+                       end
+            next_page = HtmlPage.new(response.body)
+            unless already_visited?(next_page)
+              next_page.log
+              mark_as_visited next_page
+              update_distance next_page
+              @queue << next_page
+            end
+          end
+        end
+        @vulnerabilities = true if detect_embedded_scripts_in(@current_page)
+        puts "funcionou" if @vulnerabilities
+      end
+    end
+
+    def test_forms_of html_page
+      html_page.forms.each do |form|
+        params = {}
+        form.css("input, textarea").each do |input|
+          field_name = input['name']
+          next if field_name.nil?
+          if field_name.include? "password"
+            params[field_name] = @default_password || random_string
+          elsif possible_login_fields.any? { |s| field_name.include? s }
+            params[field_name] = @default_username || random_string
+          else
+            params[field_name] = input['value'] || input['content'] || xss_attack
+          end
+        end
+        response  = @http_client.post(URI.join(@uri.to_s, form['action']), params)
+        next_page = HtmlPage.new(response.body)
+        unless already_visited?(next_page)
+          next_page.log
+          mark_as_visited next_page
+          update_distance next_page
+          @queue << next_page
+        end
+      end
+    end
+
+    def test_application
+      2.times { self.crawl }
+      @vulnerabilities
+    end
+
+    private
+
+      def mark_as_visited page
+        @visited[page.parsed_body] = true
+      end
+
+      def already_visited? page
+        @visited[page.parsed_body]
+      end
+
+      def update_distance page
+        @distance[page] = @distance[@current_page] + 1
+      end
+
+      def too_deep? page
+        @distance[page] >= 2
+      end
+
+      def possible_login_fields
+        %w(username user name email login)
+      end
+
+      def random_string
+        @random_string ||= (0..(1 + rand(16))).map { ('a'..'z').to_a[rand(26)] }.join
+      end
+
+      def xss_attack
+        "<script class='#{@app_token}'>alert('It worked!');</script>"
+      end
+
+      def detect_embedded_scripts_in html_page
+        html_page.scripts_with(@app_token).any?
+      end
+
+      def parse link
+        uri = URI::parse(link["href"])
+        if uri.query
+          uri.path + "?" + uri.query
+        else
+          uri.path
+        end
+      end
+  end
+
+end

data/lib/sekureco.rb

@@ -0,0 +1,9 @@
+require_relative 'sekureco/web_crawler'
+
+ default_email    = "joao-bonfim"
+ default_password = "test"
+ website = "http://localhost"
+ puts "Crawling #{website}"
+ 2.times { puts }
+ wc = Sekureco::WebCrawler.new(website, 3000, default_email, default_password)
+ puts wc.test_application

metadata

@@ -0,0 +1,47 @@
+--- !ruby/object:Gem::Specification
+name: sekureco
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Pedro de Lyra
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-10-17 00:00:00.000000000 Z
+dependencies: []
+description: A tool to perform penetration tests on web applications
+email: pedrodelyra@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/sekureco.rb
+- lib/sekureco/html_page.rb
+- lib/sekureco/http_client.rb
+- lib/sekureco/web_crawler.rb
+homepage: http://rubygems.org/gems/sekureco
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Pentest automation tool
+test_files: []