RubyGems - sekureco - Versions diffs - 0.0.2 → 0.0.3 - Mend

sekureco 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/sekureco/html_page.rb +2 -8
data/lib/sekureco/http_client.rb +3 -3
data/lib/sekureco/web_crawler.rb +56 -23
data/lib/sekureco.rb +7 -7
metadata +16 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1aba32a01fc94c740097f8eb02fa3d37484acf8e
-  data.tar.gz: d53636e718d386edc72e419eb74758835b051594
+  metadata.gz: ca95ad9fc713e6412fcb1cbd7e8d27865234ceb1
+  data.tar.gz: 51b2f2944d7c8f3d980e54b3094d32b293dddc7a
 SHA512:
-  metadata.gz: '061946dabedeca606426289e01ec7e98a24bf0058b56b20ecfdf30434c8aeaea2bd6804d452f8e035609a366a44541434a7f15847a93b34a9fe3cab8227343de'
-  data.tar.gz: 259922640eac9486df52ad25c66b1135319127005290b73ac6ddb9f050c1f57a51c2016354a86bbf12b1f6c8f7bc547d29525e7cea84315328087e72dc5c72fa
+  metadata.gz: c78fe0ba00c79ade41a29a9642508922ca2d968cbff56eedca71c96ddaae5529320fc93e7507fe5166c3cd46675828e30859acaa6773a66da763c3bec423771c
+  data.tar.gz: a73cca1a189cfe1127936ae22dfcae10f8cab91edfb0be1c4105bec2d18a42a98ad3a5f31b6970b87de8eaf2569a045892f84a1484168cde06ee7a385e6d5143

data/lib/sekureco/html_page.rb CHANGED Viewed

@@ -51,14 +51,8 @@ module Sekureco
     end
     def log
-      2.times { puts }
-      if self.to_s.include? 'resizerElement'
-        puts "Error"
-      else
-        puts self
-      end
-      2.times { puts }
-      puts "=" * 80
+      Sekureco.logger.info(self.to_s)
+      Sekureco.logger.info("\n#{"=" * 80}\n")
     end
   end

data/lib/sekureco/http_client.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Sekureco
     end
     def get uri
-      puts "GET #{uri.to_s}"
+      Sekureco.logger.info "GET #{uri.to_s}"
       HTTP.start(uri.host, uri.port) do |http|
         get_request = HTTP::Get.new uri
         get_request['Cookie'] = cookies
@@ -23,8 +23,8 @@ module Sekureco
     end
     def post uri, params = {}
-      puts "POST #{uri.to_s}"
-      puts "params: #{params}"
+      Sekureco.logger.info "POST #{uri.to_s}"
+      Sekureco.logger.info "params: #{params}"
       HTTP.start(uri.host, uri.port) do |http|
         post_request = HTTP::Post.new uri
         post_request['Cookie'] = cookies

data/lib/sekureco/web_crawler.rb CHANGED Viewed

@@ -1,12 +1,21 @@
 require_relative 'html_page'
 require_relative 'http_client'
+require 'logger'
+require 'launchy'
 module Sekureco
+  def self.logger
+    @logger ||= Logger.new(File.new("sekureco.log", "w"))
+  end
   class WebCrawler
-    def initialize url, port, username = nil, password = nil, app_token = 'foo'
-      @uri = URI "#{url}:#{port}/"
+    MAX_DIST = 4
+    def initialize url, username = nil, password = nil, app_token = 'foo'
+      @uri = URI url
       @http_client = HttpClient.new
       @source_page = HtmlPage.new @http_client.get(@uri).body
       @visited = {}
@@ -26,26 +35,34 @@ module Sekureco
         unless too_deep? @current_page
           test_forms_of @current_page if @current_page.has_forms?
           @current_page.links.each do |current_link|
-            next_link = URI.join(@uri.to_s, URI::encode(parse(current_link)))
-            next if next_link.path.include? 'logout'
-            response = if current_link["data-method"]
-                         @http_client.post(next_link, { '_method'            => current_link['data-method'],
-                                                        'authenticity_token' => @current_page.csrf_token })
-                       else
-                         @http_client.get(next_link)
-                       end
-            next_page = HtmlPage.new(response.body)
-            unless already_visited?(next_page)
-              next_page.log
-              mark_as_visited next_page
-              update_distance next_page
-              @queue << next_page
+            begin
+              next_link = URI.join(@uri.to_s, URI::encode(parse(current_link)))
+              next if next_link.path.include? 'logout'
+              response = if current_link["data-method"]
+                           @http_client.post(next_link, { '_method'            => current_link['data-method'],
+                                                          'authenticity_token' => @current_page.csrf_token })
+                         else
+                           @http_client.get(next_link)
+                         end
+              next_page = HtmlPage.new(response.body)
+              unless already_visited?(next_page)
+                next_page.log
+                mark_as_visited next_page
+                update_distance next_page
+                @queue << next_page
+              end
+            rescue
+              Sekureco.logger.warn "Invalid URI: #{current_link}"
             end
           end
         end
         @vulnerabilities = true if detect_embedded_scripts_in(@current_page)
-        puts "funcionou" if @vulnerabilities
+        if @vulnerabilities
+          Sekureco.logger.info "Successfully applied XSS attack"
+          confirm_attack
+        end
       end
+      clear_visited_pages
     end
     def test_forms_of html_page
@@ -54,10 +71,10 @@ module Sekureco
         form.css("input, textarea").each do |input|
           field_name = input['name']
           next if field_name.nil?
-          if field_name.include? "password"
-            params[field_name] = @default_password || random_string
-          elsif possible_login_fields.any? { |s| field_name.include? s }
+          if possible_login_fields.any? { |s| field_name.include? s }
             params[field_name] = @default_username || random_string
+          elsif possible_password_fields.any? { |s| field_name.include? s }
+            params[field_name] = @default_password || random_string
           else
             params[field_name] = input['value'] || input['content'] || xss_attack
           end
@@ -84,6 +101,10 @@ module Sekureco
         @visited[page.parsed_body] = true
       end
+      def clear_visited_pages
+        @visited = {}
+      end
       def already_visited? page
         @visited[page.parsed_body]
       end
@@ -93,11 +114,15 @@ module Sekureco
       end
       def too_deep? page
-        @distance[page] >= 2
+        @distance[page] >= MAX_DIST
       end
       def possible_login_fields
-        %w(username user name email login)
+        %w(username user name email login uid)
+      end
+      def possible_password_fields
+        %w(password passwd pw)
       end
       def random_string
@@ -105,7 +130,15 @@ module Sekureco
       end
       def xss_attack
-        "<script class='#{@app_token}'>alert('It worked!');</script>"
+        "<script class='#{@app_token}'>
+           let image = new Image();
+           image.src = 'http://localhost:4000/confirm/#{@app_token}';
+         </script>"
+      end
+      def confirm_attack
+        File.open("current_page.html", "w+") { |f| f.write(@current_page) }
+        Launchy.open("#{Dir.pwd}/current_page.html")
       end
       def detect_embedded_scripts_in html_page

data/lib/sekureco.rb CHANGED Viewed

@@ -1,9 +1,9 @@
 require_relative 'sekureco/web_crawler'
-# default_email    = "joao-bonfim"
-# default_password = "test"
-# website = "http://localhost"
-# puts "Crawling #{website}"
-# 2.times { puts }
-# wc = Sekureco::WebCrawler.new(website, 3000, default_email, default_password)
-# puts wc.test_application
+default_email    = "joao-bonfim"
+default_password = "test"
+website = "http://testphp.vulnweb.com/guestbook.php"
+Sekureco.logger.info "Crawling #{website}"
+2.times { puts }
+wc = Sekureco::WebCrawler.new(website, default_email, default_password)
+puts wc.test_application

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sekureco
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Pedro de Lyra
@@ -9,7 +9,21 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2017-10-17 00:00:00.000000000 Z
-dependencies: []
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: launchy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A tool to perform penetration tests on web applications
 email: pedrodelyra@gmail.com
 executables: []