watobo 0.9.11 → 0.9.12
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +12 -0
- data/bin/watobo +9 -1
- data/lib/watobo/adapters/data_store.rb +14 -1
- data/lib/watobo/adapters/file/file_store.rb +33 -0
- data/lib/watobo/core/active_check.rb +3 -2
- data/lib/watobo/core/project.rb +6 -2
- data/lib/watobo/core/scanner.rb +7 -1
- data/lib/watobo/core/session.rb +3 -1
- data/lib/watobo/gui/checkboxtree.rb +243 -101
- data/lib/watobo/gui/checks_policy_frame.rb +60 -22
- data/lib/watobo/gui/dashboard.rb +25 -4
- data/lib/watobo/gui/findings_tree.rb +35 -46
- data/lib/watobo/gui/full_scan_dialog.rb +2 -1
- data/lib/watobo/gui/fuzzer_gui.rb +1 -1
- data/lib/watobo/gui/interceptor_settings_dialog.rb +1 -1
- data/lib/watobo/gui/log_viewer.rb +3 -1
- data/lib/watobo/gui/main_window.rb +9 -9
- data/lib/watobo/gui/manual_request_editor.rb +11 -1
- data/lib/watobo/gui/progress_window.rb +16 -6
- data/lib/watobo/gui/quick_scan_dialog.rb +5 -5
- data/lib/watobo/gui/templates/plugin2.rb +13 -26
- data/lib/watobo/mixins/shapers.rb +4 -2
- data/lib/watobo.rb +1 -1
- data/modules/active/Apache/mod_status.rb +4 -3
- data/modules/active/sap/its_commands.rb +1 -1
- data/modules/active/sap/its_service_parameter.rb +1 -1
- data/modules/active/siebel/siebel_apps.rb +184 -0
- data/modules/passive/disclosure_domino.rb +82 -0
- data/modules/passive/form_spotter.rb +2 -1
- data/plugins/catalog/catalog.rb +63 -25
- data/plugins/crawler/gui/crawler_gui.rb +8 -6
- data/plugins/crawler/gui/general_settings_frame.rb +4 -4
- data/plugins/crawler/lib/grabber.rb +2 -2
- data/plugins/filefinder/dbs/hbci.db +1 -0
- data/plugins/filefinder/dbs/well_known.db +4 -0
- data/plugins/filefinder/filefinder.rb +11 -8
- data/plugins/sqlmap/gui/main.rb +17 -5
- data/plugins/sslchecker/gui/cipher_table.rb +1 -1
- data/plugins/sslchecker/gui/gui.rb +33 -14
- metadata +5 -2
|
@@ -25,7 +25,7 @@ module Watobo
|
|
|
25
25
|
module Apache
|
|
26
26
|
class Mod_status < Watobo::ActiveCheck
|
|
27
27
|
def reset()
|
|
28
|
-
|
|
28
|
+
@checked_sites.clear
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
def initialize(project, prefs={})
|
|
@@ -52,11 +52,12 @@ module Watobo
|
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
def generateChecks(chat)
|
|
55
|
+
|
|
55
56
|
if not @checked_sites.has_key?(chat.request.site)
|
|
56
57
|
@checked_sites[chat.request.site] = :checked
|
|
57
58
|
@status_checks.each do |status_path|
|
|
58
59
|
checker = proc {
|
|
59
|
-
|
|
60
|
+
|
|
60
61
|
test_request = nil
|
|
61
62
|
test_response = nil
|
|
62
63
|
|
|
@@ -67,7 +68,7 @@ module Watobo
|
|
|
67
68
|
|
|
68
69
|
status, test_request, test_response = fileExists?(test, :default => true)
|
|
69
70
|
|
|
70
|
-
if test_response.status =~ /200/ and test_response.join =~ /Apache Server Status for/ then
|
|
71
|
+
if test_response.status =~ /200/ and test_response.join =~ /Apache Server Status for/i then
|
|
71
72
|
|
|
72
73
|
addFinding( test_request, test_response,
|
|
73
74
|
:check_pattern => "#{status_path}",
|
|
@@ -68,7 +68,7 @@ module Watobo
|
|
|
68
68
|
|
|
69
69
|
test_request,test_response = doRequest(test,:default => true)
|
|
70
70
|
if test_response.status =~ /200/i then
|
|
71
|
-
|
|
71
|
+
# test_chat = Chat.new(test,test_response,chat.id)
|
|
72
72
|
addFinding( test_request,test_response,
|
|
73
73
|
:test_item => chat.request.url,
|
|
74
74
|
:check_pattern => "#{cmd.dup}",
|
|
@@ -76,7 +76,7 @@ module Watobo
|
|
|
76
76
|
test_request,test_response = doRequest(test,:default => true)
|
|
77
77
|
|
|
78
78
|
if test_response.status =~ /200/i then
|
|
79
|
-
|
|
79
|
+
# test_chat = Chat.new(test,test_response,chat.id)
|
|
80
80
|
addFinding( test_request,test_response,
|
|
81
81
|
:test_item => chat.request.url,
|
|
82
82
|
:check_pattern => "#{sparm}",
|
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
# .
|
|
2
|
+
# siebel_apps.rb
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
|
5
|
+
#
|
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
|
+
# http://watobo.sourceforge.com
|
|
8
|
+
#
|
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
|
12
|
+
#
|
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
+
# GNU General Public License for more details.
|
|
17
|
+
#
|
|
18
|
+
# You should have received a copy of the GNU General Public License
|
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
+
# .
|
|
22
|
+
module Watobo
|
|
23
|
+
module Modules
|
|
24
|
+
module Active
|
|
25
|
+
module Siebel
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
class Siebel_apps < Watobo::ActiveCheck
|
|
29
|
+
|
|
30
|
+
@@tested_directories = Hash.new
|
|
31
|
+
|
|
32
|
+
def initialize(project, prefs={})
|
|
33
|
+
|
|
34
|
+
super(project, prefs)
|
|
35
|
+
|
|
36
|
+
check_group = File.dirname(File.expand_path(__FILE__)).split("/").last.capitalize!
|
|
37
|
+
|
|
38
|
+
@info.update(
|
|
39
|
+
:check_name => 'Siebel Applications', # name of check which briefly describes functionality, will be used for tree and progress views
|
|
40
|
+
:description => "Enumerate Siebel Applications And Default Files, e.g. base.txt", # description of checkfunction
|
|
41
|
+
:author => "Andreas Schmidt", # author of check
|
|
42
|
+
:version => "1.0", # check version
|
|
43
|
+
:check_group => check_group
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
@finding.update(
|
|
47
|
+
:threat => 'Information', # thread of vulnerability, e.g. loss of information
|
|
48
|
+
:class => "Siebel: Default Applications", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
|
49
|
+
:type => FINDING_TYPE_INFO # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
|
50
|
+
)
|
|
51
|
+
|
|
52
|
+
@apps = %w( callcenter cgce cra eCommunicationsWireless eEnergyOilGasChemicals eaf eai eai_anon eauctionswexml eautomotive echannelaf echannelcg echannelcme eclinical ecommunications econsumer econsumerpharma econsumersector ecustomer ecustomercme edealer edealerscw eenergy eevents ehospitality eloyalty emarketing emedia emedical ememb epharma epharmace eprofessionalpharma epublicsector eretail erm ermadmin esales esalescme eservice esitesclinical etraining finesales fins finsconsole finscustomer finsebanking finsebrokerage finsechannel finseenenrollment finssalespam htim htimpim loyalty loyaltyscw marketing medicalce pimportal pmmanager prmmanager prmportal pseservice sales salesce service servicece siasalesce siaservicece sismarketing smc wpeserv wppm wpsales wpserv )
|
|
53
|
+
@langs = %w( cat chs cht csy dan deu ell enu esn euq fin fra frc heb hun ita jpn kor nld nor plk pse psl ptb ptg rus shl sky slv sve tha trk )
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def reset()
|
|
59
|
+
@@tested_directories.clear
|
|
60
|
+
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
def generateChecks(chat)
|
|
65
|
+
|
|
66
|
+
begin
|
|
67
|
+
path = chat.request.dir
|
|
68
|
+
# puts "!!!!#{self}: #{path}"
|
|
69
|
+
unless @@tested_directories.has_key?(path)
|
|
70
|
+
@@tested_directories[path] = true
|
|
71
|
+
|
|
72
|
+
@apps.each do |app|
|
|
73
|
+
@langs.each do |lang|
|
|
74
|
+
|
|
75
|
+
|
|
76
|
+
checker = proc{
|
|
77
|
+
begin
|
|
78
|
+
app_dir = "#{app}_#{lang}"
|
|
79
|
+
#puts app_dir
|
|
80
|
+
test_request = nil
|
|
81
|
+
test_response = nil
|
|
82
|
+
test = chat.copyRequest
|
|
83
|
+
test.appendDir app_dir
|
|
84
|
+
|
|
85
|
+
status, test_request, test_response = fileExists?(test, :default => true)
|
|
86
|
+
|
|
87
|
+
if status == true
|
|
88
|
+
|
|
89
|
+
# test_chat = Chat.new(test,test_response, :id => chat.id)
|
|
90
|
+
|
|
91
|
+
addFinding( test_request,test_response,
|
|
92
|
+
:test_item => chat.request.url,
|
|
93
|
+
:check_pattern => "#{app_dir}",
|
|
94
|
+
:proof_pattern => "#{test_response.status}",
|
|
95
|
+
:chat => chat,
|
|
96
|
+
:title => "#{app_dir}"
|
|
97
|
+
)
|
|
98
|
+
|
|
99
|
+
# check for _stats.swe
|
|
100
|
+
stats_test = chat.copyRequest
|
|
101
|
+
stats_test.replaceFileExt("_stats.swe")
|
|
102
|
+
status, stats_request, stats_response = fileExists?( stats_test, :default => true)
|
|
103
|
+
|
|
104
|
+
if status == true and stats_response.has_body?
|
|
105
|
+
addFinding( stats_request,stats_response,
|
|
106
|
+
:test_item => stats_request.url,
|
|
107
|
+
:check_pattern => "#{app_dir}",
|
|
108
|
+
:proof_pattern => "#{stats_response.status}",
|
|
109
|
+
:chat => chat,
|
|
110
|
+
:title => "#{app_dir}",
|
|
111
|
+
:check_name => "Siebel Stats Page",
|
|
112
|
+
:class => "Siebel: Stats Page"
|
|
113
|
+
)
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
# check for base.txt
|
|
117
|
+
base_test = chat.copyRequest
|
|
118
|
+
base_test.appendDir app_dir
|
|
119
|
+
base_test.replaceFileExt("base.txt")
|
|
120
|
+
# puts base_test.url
|
|
121
|
+
status, base_request, base_response = fileExists?(base_test, :default => true)
|
|
122
|
+
|
|
123
|
+
if status == true and base_response.has_body?
|
|
124
|
+
version = nil
|
|
125
|
+
if base_response.body.strip =~ /^([0-9.]*) /
|
|
126
|
+
version = $1
|
|
127
|
+
end
|
|
128
|
+
addFinding( base_request,base_response,
|
|
129
|
+
:test_item => base_request.url,
|
|
130
|
+
:check_pattern => "base.txt",
|
|
131
|
+
:proof_pattern => "#{base_response.status}",
|
|
132
|
+
:chat => chat,
|
|
133
|
+
:title => "#{app_dir}",
|
|
134
|
+
:check_name => "Siebel Version #{version}",
|
|
135
|
+
:class => "Siebel: Version #{version}"
|
|
136
|
+
)
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
# check for About_Siebel.htm and siebindex.htm
|
|
140
|
+
%w( About_Siebel.htm help/siebindex.htm siebindex.htm ).each do |df|
|
|
141
|
+
default_test = chat.copyRequest
|
|
142
|
+
default_test.appendDir app_dir
|
|
143
|
+
default_test.replaceFileExt(df)
|
|
144
|
+
status, default_request, default_response = fileExists?(default_test, :default => true)
|
|
145
|
+
|
|
146
|
+
if status == true
|
|
147
|
+
addFinding( default_request,default_response,
|
|
148
|
+
:test_item => "#{default_request.url}",
|
|
149
|
+
:check_pattern => "#{df}",
|
|
150
|
+
:proof_pattern => "#{default_response.status}",
|
|
151
|
+
:chat => chat,
|
|
152
|
+
:title => "#{df}",
|
|
153
|
+
#:check_name => "Siebel Version #{version}",
|
|
154
|
+
:class => "Siebel: Default Files"
|
|
155
|
+
)
|
|
156
|
+
end
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
end
|
|
160
|
+
rescue => bang
|
|
161
|
+
puts bang
|
|
162
|
+
puts bang.backtrace
|
|
163
|
+
end
|
|
164
|
+
[ test_request, test_response ]
|
|
165
|
+
}
|
|
166
|
+
yield checker
|
|
167
|
+
end
|
|
168
|
+
end
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
rescue => bang
|
|
172
|
+
puts bang
|
|
173
|
+
puts "ERROR!! #{Module.nesting[0].name}"
|
|
174
|
+
raise
|
|
175
|
+
|
|
176
|
+
end
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
end
|
|
180
|
+
# --> eo namespace
|
|
181
|
+
end
|
|
182
|
+
end
|
|
183
|
+
end
|
|
184
|
+
end
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
# .
|
|
2
|
+
# disclosure_domino.rb
|
|
3
|
+
#
|
|
4
|
+
# Copyright 2012 by siberas, http://www.siberas.de
|
|
5
|
+
#
|
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
|
7
|
+
# http://watobo.sourceforge.com
|
|
8
|
+
#
|
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
|
12
|
+
#
|
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
16
|
+
# GNU General Public License for more details.
|
|
17
|
+
#
|
|
18
|
+
# You should have received a copy of the GNU General Public License
|
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
21
|
+
# .
|
|
22
|
+
module Watobo
|
|
23
|
+
module Modules
|
|
24
|
+
module Passive
|
|
25
|
+
|
|
26
|
+
|
|
27
|
+
class Disclosure_domino < Watobo::PassiveCheck
|
|
28
|
+
|
|
29
|
+
def initialize(project)
|
|
30
|
+
@project = project
|
|
31
|
+
super(project)
|
|
32
|
+
|
|
33
|
+
@info.update(
|
|
34
|
+
:check_name => 'Domino DB name disclosure.', # name of check which briefly describes functionality, will be used for tree and progress views
|
|
35
|
+
:description => "Identifies Domino DB names.", # description of checkfunction
|
|
36
|
+
:author => "Andreas Schmidt", # author of check
|
|
37
|
+
:version => "1.0" # check version
|
|
38
|
+
)
|
|
39
|
+
|
|
40
|
+
@finding.update(
|
|
41
|
+
:threat => 'Unintended disclosure of Domino DB name can lead to data breach.', # thread of vulnerability, e.g. loss of information
|
|
42
|
+
:class => "Domino DB Names", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
|
|
43
|
+
:type => FINDING_TYPE_INFO # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
|
|
47
|
+
@pattern = '([\w\/\-0-9\.:]+\.nsf)'
|
|
48
|
+
@dbs = []
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def do_test(chat)
|
|
52
|
+
begin
|
|
53
|
+
# puts "running module: #{Module.nesting[0].name}"
|
|
54
|
+
if chat.response.content_type =~ /text/ and not chat.response.content_type =~ /text.csv/ then
|
|
55
|
+
if chat.response.each do |line|
|
|
56
|
+
if line =~ /#{@pattern}/ then
|
|
57
|
+
match = $1
|
|
58
|
+
if not @dbs.include?(match) then
|
|
59
|
+
@dbs.push match
|
|
60
|
+
addFinding(
|
|
61
|
+
:proof_pattern => "#{match}",
|
|
62
|
+
:chat => chat,
|
|
63
|
+
:title => match
|
|
64
|
+
)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
rescue => bang
|
|
72
|
+
# raise
|
|
73
|
+
puts "ERROR!! #{self.class}"
|
|
74
|
+
puts bang
|
|
75
|
+
puts bang.backtrace if $DEBUG
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
|
@@ -52,10 +52,11 @@ module Watobo
|
|
|
52
52
|
off = chat.response.body.index(/<form/i, 0)
|
|
53
53
|
until off.nil?
|
|
54
54
|
action = chat.response.body[off..-1] =~ /<form [^<\/form]*action="([^"]*)"/i ? $1 : "undefined"
|
|
55
|
+
title = action.strip.empty? ? "[none]" : "#{action}"
|
|
55
56
|
# puts "!FOUND FORM #{action}"
|
|
56
57
|
addFinding(
|
|
57
58
|
:proof_pattern => "<form [^>]*>",
|
|
58
|
-
:title =>
|
|
59
|
+
:title => title,
|
|
59
60
|
:chat => chat
|
|
60
61
|
)
|
|
61
62
|
off = chat.response.body.index(/<form/i, off+1)
|
data/plugins/catalog/catalog.rb
CHANGED
|
@@ -201,13 +201,22 @@ about_txt.disable
|
|
|
201
201
|
end
|
|
202
202
|
|
|
203
203
|
status, test_request, test_response = fileExists?(test, :default => true)
|
|
204
|
-
|
|
204
|
+
|
|
205
|
+
|
|
205
206
|
unless test_request.nil? or test_response.nil? then
|
|
206
207
|
test_result = false
|
|
207
208
|
response = test_response.join
|
|
208
209
|
if status == true
|
|
210
|
+
if test_request.url =~ /splashAdmin/
|
|
211
|
+
puts "splashAdmin.php exists!"
|
|
212
|
+
puts "Match: #{match}"
|
|
213
|
+
puts "Or-Match: #{or_match}"
|
|
214
|
+
puts "Fail: #{fail}"
|
|
215
|
+
puts "Or-Fail: #{or_fail}"
|
|
216
|
+
|
|
217
|
+
end
|
|
209
218
|
|
|
210
|
-
if ( ( match != "" and response =~ /#{Regexp.quote(match)}/i) or ( or_match != "" and response =~ /#{Regexp.quote(or_match)}/i )) then
|
|
219
|
+
if ( (match.empty? and or_match.empty?) or ( match != "" and response =~ /#{Regexp.quote(match)}/i) or ( or_match != "" and response =~ /#{Regexp.quote(or_match)}/i )) then
|
|
211
220
|
test_result = true
|
|
212
221
|
if and_match != "" then
|
|
213
222
|
test_result = false
|
|
@@ -221,8 +230,10 @@ about_txt.disable
|
|
|
221
230
|
# test_chat = Chat.new(test_request, test_response, chat.id)
|
|
222
231
|
|
|
223
232
|
if test_result then
|
|
233
|
+
|
|
224
234
|
# path = test_request.url.gsub(/#{uri}/,"")
|
|
225
235
|
path = test_request.path
|
|
236
|
+
# puts "ADD FINDING!"
|
|
226
237
|
addFinding( test_request, test_response,
|
|
227
238
|
:test_item => uri,
|
|
228
239
|
:proof_pattern => "#{Regexp.quote(match)}",
|
|
@@ -232,6 +243,7 @@ about_txt.disable
|
|
|
232
243
|
:title => "[#{uri}] - #{path}"
|
|
233
244
|
|
|
234
245
|
)
|
|
246
|
+
# puts "OK"
|
|
235
247
|
|
|
236
248
|
end
|
|
237
249
|
end
|
|
@@ -261,7 +273,13 @@ about_txt.disable
|
|
|
261
273
|
|
|
262
274
|
if @project then
|
|
263
275
|
@sites_combo.appendItem("no site selected", nil)
|
|
264
|
-
|
|
276
|
+
scope_only = Watobo.project.has_scope?
|
|
277
|
+
sites = @project.listSites(:in_scope => Watobo.project.has_scope? )
|
|
278
|
+
if sites.empty?
|
|
279
|
+
scope_only = false
|
|
280
|
+
@log_viewer.log(LOG_INFO, "Defined scope does not match one site. Using all sites.")
|
|
281
|
+
end
|
|
282
|
+
@project.listSites(:in_scope => scope_only ).each do |site|
|
|
265
283
|
#puts "Site: #{site}"
|
|
266
284
|
site_string = site
|
|
267
285
|
if site.length > 60
|
|
@@ -661,24 +679,31 @@ about_txt.disable
|
|
|
661
679
|
end
|
|
662
680
|
end
|
|
663
681
|
|
|
664
|
-
def set_db_path(
|
|
682
|
+
def set_db_path(dbpath)
|
|
683
|
+
path = File.expand_path(dbpath)
|
|
665
684
|
if db_path?(path)
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
685
|
+
puts "New DB Path >> #{path}"
|
|
686
|
+
@path = path
|
|
687
|
+
@known_db_paths << @path unless @known_db_paths.include? @path
|
|
688
|
+
@start_button.enable
|
|
689
|
+
|
|
690
|
+
@db_path_combo.clearItems
|
|
691
|
+
@known_db_paths.each_with_index do |dbp,i|
|
|
692
|
+
if File.exist? dbp
|
|
693
|
+
item = @db_path_combo.appendItem(dbp)
|
|
694
|
+
@db_path_combo.setItemData(item, dbp)
|
|
695
|
+
path_index = i if dbp == @path
|
|
696
|
+
end
|
|
697
|
+
end
|
|
674
698
|
|
|
675
|
-
|
|
699
|
+
@db_path_combo.currentItem = @db_path_combo.numItems - 1
|
|
700
|
+
@db_path_combo.numVisible = @db_path_combo.numItems
|
|
676
701
|
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
702
|
+
save_config
|
|
703
|
+
else
|
|
704
|
+
@catalog_ready = false
|
|
680
705
|
@start_button.disable
|
|
681
|
-
|
|
706
|
+
end
|
|
682
707
|
end
|
|
683
708
|
|
|
684
709
|
def enableOptions()
|
|
@@ -709,7 +734,7 @@ about_txt.disable
|
|
|
709
734
|
# puts "* #{self.class} closed"
|
|
710
735
|
@scanner.cancel() if @scanner
|
|
711
736
|
|
|
712
|
-
|
|
737
|
+
super
|
|
713
738
|
|
|
714
739
|
end
|
|
715
740
|
|
|
@@ -717,7 +742,9 @@ about_txt.disable
|
|
|
717
742
|
@db_files.each do |file|
|
|
718
743
|
fname = File.join( path, file)
|
|
719
744
|
unless File.exists?(fname)
|
|
720
|
-
|
|
745
|
+
m = "WARNING: Missing catalog db file: #{fname}"
|
|
746
|
+
puts m
|
|
747
|
+
@log_viewer.log( LOG_INFO, m)
|
|
721
748
|
return false
|
|
722
749
|
end
|
|
723
750
|
|
|
@@ -758,6 +785,7 @@ about_txt.disable
|
|
|
758
785
|
@scanner.cancel()
|
|
759
786
|
@start_button.text = "Start"
|
|
760
787
|
@pbar.progress = 0
|
|
788
|
+
Watobo.log("Scan Canceled By User", :sender => "Catalog")
|
|
761
789
|
return
|
|
762
790
|
end
|
|
763
791
|
|
|
@@ -783,16 +811,16 @@ about_txt.disable
|
|
|
783
811
|
|
|
784
812
|
#}
|
|
785
813
|
|
|
786
|
-
@check.subscribe(:new_finding) { |f|
|
|
787
|
-
@project.addFinding(f)
|
|
788
|
-
}
|
|
789
814
|
|
|
815
|
+
|
|
790
816
|
@check.path = @path
|
|
791
817
|
|
|
792
818
|
chatlist = []
|
|
793
819
|
checklist = []
|
|
794
820
|
checklist.push @check
|
|
795
821
|
@check.resetCounters()
|
|
822
|
+
|
|
823
|
+
|
|
796
824
|
|
|
797
825
|
@log_viewer.log( LOG_INFO, "Starting ...")
|
|
798
826
|
puts "Site: #{@site}"
|
|
@@ -803,7 +831,7 @@ about_txt.disable
|
|
|
803
831
|
# progressWindow.newProject(@active_project, project_settings)
|
|
804
832
|
|
|
805
833
|
# progressWindow.register(self)
|
|
806
|
-
progressWindow = nil
|
|
834
|
+
progressWindow = nil
|
|
807
835
|
# Thread.new(progressWindow){ |pw|
|
|
808
836
|
begin
|
|
809
837
|
c=1
|
|
@@ -812,8 +840,9 @@ progressWindow = nil
|
|
|
812
840
|
@project.listDirs(@site, :base_dir => @dir, :include_subdirs => @test_all_dirs.checked?) { c += 1 }
|
|
813
841
|
notify(:update_progress, :total => c, :job => @dir)
|
|
814
842
|
@project.listDirs(@site, :base_dir => @dir, :include_subdirs => @test_all_dirs.checked?) do |dir|
|
|
815
|
-
msg = "running checks on #{dir}"
|
|
843
|
+
msg = "running checks in #{@path} on #{@site} for /#{dir}"
|
|
816
844
|
puts msg
|
|
845
|
+
Watobo.log(msg, :sender => "Catalog")
|
|
817
846
|
@log_viewer.log(LOG_INFO, msg)
|
|
818
847
|
chat = createChat()
|
|
819
848
|
chat.request.replaceFileExt('')
|
|
@@ -825,8 +854,9 @@ progressWindow = nil
|
|
|
825
854
|
end
|
|
826
855
|
else
|
|
827
856
|
# notify(:update_progress, :total => c, :job => @dir)
|
|
828
|
-
msg = "running checks on #{@dir}"
|
|
857
|
+
msg = "running checks in #{@path} on #{@site} for /#{@dir}"
|
|
829
858
|
puts msg
|
|
859
|
+
Watobo.log(msg, :sender => "Catalog")
|
|
830
860
|
@log_viewer.log(LOG_INFO, msg)
|
|
831
861
|
chat = createChat()
|
|
832
862
|
# puts chat.request.first
|
|
@@ -856,6 +886,7 @@ progressWindow = nil
|
|
|
856
886
|
|
|
857
887
|
|
|
858
888
|
@scanner = Watobo::Scanner2.new(chatlist, checklist, @project.passive_checks, scan_prefs)
|
|
889
|
+
|
|
859
890
|
@pbar.total = @check.numChecks * chatlist.length
|
|
860
891
|
@pbar.progress = 0
|
|
861
892
|
@pbar.barColor = 'red'
|
|
@@ -873,6 +904,12 @@ progressWindow = nil
|
|
|
873
904
|
end
|
|
874
905
|
@pbar.increment(1)
|
|
875
906
|
}
|
|
907
|
+
|
|
908
|
+
@scanner.subscribe(:new_finding) { |f|
|
|
909
|
+
# puts "Project.addFinding"
|
|
910
|
+
@project.addFinding(f)
|
|
911
|
+
}
|
|
912
|
+
|
|
876
913
|
|
|
877
914
|
msg= "Total Requests: #{@check.numChecks}"
|
|
878
915
|
@log_viewer.log(LOG_INFO, msg)
|
|
@@ -887,6 +924,7 @@ progressWindow = nil
|
|
|
887
924
|
|
|
888
925
|
msg = "scanning finished!"
|
|
889
926
|
@log_viewer.log(LOG_INFO, msg)
|
|
927
|
+
Watobo.log("Scan finished", :sender => "Catalog")
|
|
890
928
|
rescue => bang
|
|
891
929
|
puts bang
|
|
892
930
|
puts bang.backtrace if $DEBUG
|
|
@@ -153,12 +153,14 @@ module Watobo
|
|
|
153
153
|
end
|
|
154
154
|
end
|
|
155
155
|
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
156
|
+
# def add_update_timer(ms=50)
|
|
157
|
+
# @update_timer = FXApp.instance.addTimeout( ms, :repeat => true) {
|
|
158
|
+
# update_status
|
|
159
|
+
# }
|
|
160
|
+
# end
|
|
161
|
+
def on_update_timer
|
|
162
|
+
update_status
|
|
163
|
+
end
|
|
162
164
|
|
|
163
165
|
def update_status
|
|
164
166
|
@status_lock.synchronize do
|
|
@@ -87,7 +87,7 @@ module Watobo
|
|
|
87
87
|
@fill_forms_cb.checkState = false
|
|
88
88
|
@fill_forms_cb.disable
|
|
89
89
|
|
|
90
|
-
FXLabel.new(iframe, "Don't send forms if they contain following field names:")
|
|
90
|
+
FXLabel.new(iframe, "Don't send forms if they contain following field names (regex):")
|
|
91
91
|
@excluded_field_patterns = Watobo::Gui::ListBox.new(iframe)
|
|
92
92
|
|
|
93
93
|
#f = FXVerticalFrame.new(outer_matrix, :opts =>LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
|
@@ -97,8 +97,8 @@ module Watobo
|
|
|
97
97
|
fxtext.backColor = fxtext.parent.backColor
|
|
98
98
|
fxtext.disable
|
|
99
99
|
text = "To speed up the crawl process and to save bandwidth it is recommended to use HEAD requests for specific document extensions."
|
|
100
|
-
text << "The response to a HEAD request only includes the http headers but no body. The extensions pattern is defined as an regular expression,"
|
|
101
|
-
text << "e.g. '(pdf|swf|doc|flv|jpg|png|gif)' - without
|
|
100
|
+
text << "The response to a HEAD request only includes the http headers but no body. The extensions pattern is defined as an regular expression (case insesitive),"
|
|
101
|
+
text << "e.g. '(pdf|swf|doc|flv|jpg|png|gif)' - without quotes."
|
|
102
102
|
|
|
103
103
|
fxtext.setText(text)
|
|
104
104
|
|
|
@@ -107,7 +107,7 @@ module Watobo
|
|
|
107
107
|
f = FXHorizontalFrame.new(iframe, :opts => LAYOUT_FILL_X)
|
|
108
108
|
FXLabel.new(f, "Ext. Pattern:", nil, LAYOUT_TOP|JUSTIFY_RIGHT)
|
|
109
109
|
@head_request_pattern_txt = FXTextField.new(f, 10, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
|
|
110
|
-
@head_request_pattern_txt.text = '(pdf|swf|doc|flv|jpg|png|gif)'
|
|
110
|
+
@head_request_pattern_txt.text = '(pdf|swf|doc|flv|jpg|png|gif|zip|tar|gz|bz2|tgz)'
|
|
111
111
|
|
|
112
112
|
end
|
|
113
113
|
|
|
@@ -32,9 +32,9 @@ module Watobo
|
|
|
32
32
|
uri = linkbag.link.uri if linkbag.link.respond_to? :uri
|
|
33
33
|
|
|
34
34
|
unless @opts[:head_request_pattern].empty?
|
|
35
|
-
pext = uri.path.match(
|
|
35
|
+
pext = uri.path.match(/\.[^\.]*$/)
|
|
36
36
|
unless pext.nil?
|
|
37
|
-
if pext[0] =~
|
|
37
|
+
if pext[0] =~ /\.#{@opts[:head_request_pattern]}/i
|
|
38
38
|
page = @agent.head uri
|
|
39
39
|
end
|
|
40
40
|
end
|
|
@@ -81,8 +81,9 @@ module Watobo
|
|
|
81
81
|
next if uri.strip =~ /^#/
|
|
82
82
|
# cleanup dir
|
|
83
83
|
uri.strip!
|
|
84
|
-
uri.gsub!(
|
|
84
|
+
uri.gsub!(/^[\/\.]+/,'')
|
|
85
85
|
uri.gsub!(/\/$/,'')
|
|
86
|
+
next if uri.strip.empty?
|
|
86
87
|
|
|
87
88
|
checker = proc {
|
|
88
89
|
test_request = nil
|
|
@@ -95,13 +96,16 @@ module Watobo
|
|
|
95
96
|
new_uri << ".#{ext}"
|
|
96
97
|
end
|
|
97
98
|
new_uri << "/" if @append_slash == true
|
|
98
|
-
|
|
99
|
+
# puts ">> #{new_uri}"
|
|
99
100
|
test.replaceFileExt(new_uri)
|
|
100
101
|
# puts test.url
|
|
101
102
|
status, test_request, test_response = fileExists?(test, @prefs)
|
|
102
103
|
|
|
103
104
|
|
|
104
105
|
if status == true
|
|
106
|
+
|
|
107
|
+
puts "FileFinder >> #{test.url}"
|
|
108
|
+
|
|
105
109
|
addFinding( test_request, test_response,
|
|
106
110
|
:test_item => new_uri,
|
|
107
111
|
# :proof_pattern => "#{Regexp.quote(uri)}",
|
|
@@ -570,7 +574,7 @@ module Watobo
|
|
|
570
574
|
#puts "* #{self.class} closed"
|
|
571
575
|
@scanner.cancel() if @scanner
|
|
572
576
|
|
|
573
|
-
|
|
577
|
+
super
|
|
574
578
|
|
|
575
579
|
end
|
|
576
580
|
|
|
@@ -603,10 +607,7 @@ module Watobo
|
|
|
603
607
|
|
|
604
608
|
@check.append_slash = @append_slash_cb.checked?
|
|
605
609
|
|
|
606
|
-
|
|
607
|
-
Thread.new { @project.addFinding(f) }
|
|
608
|
-
}
|
|
609
|
-
|
|
610
|
+
|
|
610
611
|
@check.path = @path
|
|
611
612
|
|
|
612
613
|
checklist.push @check
|
|
@@ -682,7 +683,9 @@ module Watobo
|
|
|
682
683
|
@pbar.increment(1)
|
|
683
684
|
}
|
|
684
685
|
|
|
685
|
-
|
|
686
|
+
@scanner.subscribe(:new_finding) { |f|
|
|
687
|
+
Thread.new { @project.addFinding(f) }
|
|
688
|
+
}
|
|
686
689
|
|
|
687
690
|
m= "Total Requests: #{@check.numChecks}"
|
|
688
691
|
@log_viewer.log(LOG_INFO,m)
|