watobo 0.9.12 → 0.9.13
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +2 -2
- data/{CHANGELOG → CHANGELOG.md} +62 -0
- data/README.md +30 -0
- data/bin/nfq_server.rb +4 -3
- data/bin/watobo_gui.rb +1 -1
- data/config/ott_cache.yml +4 -0
- data/config/scanner.yml +1 -18
- data/config/sid_cache.yml +14 -0
- data/extras/private-hostspot.sh +17 -0
- data/extras/watobo-installer.sh +61 -0
- data/extras/watobo-transparent.sh +38 -0
- data/icons/BestPractice_16x16.ico +0 -0
- data/icons/BestPractice_24x24.ico +0 -0
- data/lib/watobo/adapters/data_store.rb +25 -3
- data/lib/watobo/adapters/file/file_store.rb +19 -11
- data/lib/watobo/adapters/session_store.rb +3 -2
- data/lib/watobo/adapters.rb +1 -1
- data/lib/watobo/ca.rb +1 -1
- data/lib/watobo/config.rb +17 -19
- data/lib/watobo/constants.rb +3 -2
- data/lib/watobo/core/active_check.rb +62 -40
- data/lib/watobo/core/active_checks.rb +73 -0
- data/lib/watobo/core/ca.rb +3 -2
- data/lib/watobo/core/cert_store.rb +3 -2
- data/lib/watobo/core/chat.rb +122 -0
- data/lib/watobo/core/chats.rb +301 -0
- data/lib/watobo/core/conversation.rb +71 -0
- data/lib/watobo/core/cookie.rb +9 -25
- data/lib/watobo/core/finding.rb +89 -0
- data/lib/watobo/core/findings.rb +132 -0
- data/lib/watobo/core/forwarding_proxy.rb +4 -2
- data/lib/watobo/core/fuzz_gen.rb +3 -2
- data/lib/watobo/core/intercept_carver.rb +24 -12
- data/lib/watobo/core/intercept_filter.rb +4 -3
- data/lib/watobo/core/interceptor.rb +9 -888
- data/lib/watobo/core/min_class.rb +27 -0
- data/lib/watobo/core/netfilter_queue.rb +3 -2
- data/lib/watobo/core/ott_cache.rb +156 -0
- data/lib/watobo/core/parameter.rb +66 -0
- data/lib/watobo/core/passive_check.rb +15 -22
- data/lib/watobo/core/passive_checks.rb +72 -0
- data/lib/watobo/core/passive_scanner.rb +69 -0
- data/lib/watobo/core/plugin.rb +33 -0
- data/lib/watobo/core/project.rb +40 -547
- data/lib/watobo/core/proxy.rb +7 -2
- data/lib/watobo/core/request.rb +95 -10
- data/lib/watobo/core/response.rb +44 -3
- data/lib/watobo/core/scanner.rb +6 -7
- data/lib/watobo/core/scanner3.rb +439 -0
- data/lib/watobo/core/scope.rb +106 -0
- data/lib/watobo/core/session.rb +106 -286
- data/lib/watobo/core/sid_cache.rb +121 -0
- data/lib/watobo/core/subscriber.rb +48 -0
- data/lib/watobo/core.rb +2 -2
- data/lib/watobo/defaults.rb +3 -2
- data/lib/watobo/external/diff/lcs/array.rb +1 -1
- data/lib/watobo/external/diff/lcs/block.rb +1 -1
- data/lib/watobo/external/diff/lcs/callbacks.rb +1 -1
- data/lib/watobo/external/diff/lcs/change.rb +1 -1
- data/lib/watobo/external/diff/lcs/hunk.rb +1 -1
- data/lib/watobo/external/diff/lcs/ldiff.rb +1 -1
- data/lib/watobo/external/diff/lcs/string.rb +1 -1
- data/lib/watobo/external/diff/lcs.rb +1 -1
- data/lib/watobo/external/ntlm/ntlm.rb +1 -1
- data/lib/watobo/externals.rb +1 -1
- data/lib/watobo/framework/create_project.rb +19 -12
- data/lib/watobo/framework/init.rb +4 -3
- data/lib/watobo/framework/init_modules.rb +32 -3
- data/lib/watobo/framework/license_text.rb +3 -2
- data/lib/watobo/framework/load_chat.rb +36 -0
- data/lib/watobo/framework.rb +2 -2
- data/lib/watobo/gui/about_watobo.rb +3 -2
- data/lib/watobo/gui/browser_preview.rb +4 -3
- data/lib/watobo/gui/certificate_dialog.rb +3 -2
- data/lib/watobo/gui/chat_diff.rb +6 -14
- data/lib/watobo/gui/chatviewer_frame.rb +30 -5
- data/lib/watobo/gui/checkboxtree.rb +13 -12
- data/lib/watobo/gui/checks_policy_frame.rb +8 -10
- data/lib/watobo/gui/client_cert_dialog.rb +8 -6
- data/lib/watobo/gui/confirm_scan_dialog.rb +5 -3
- data/lib/watobo/gui/conversation_table.rb +288 -51
- data/lib/watobo/gui/conversation_table_ctrl.rb +36 -3
- data/lib/watobo/gui/conversation_table_ctrl2.rb +416 -0
- data/lib/watobo/gui/csrf_token_dialog.rb +25 -33
- data/lib/watobo/gui/dashboard.rb +47 -45
- data/lib/watobo/gui/define_scope_frame.rb +27 -22
- data/lib/watobo/gui/differ_frame.rb +238 -0
- data/lib/watobo/gui/edit_comment.rb +3 -2
- data/lib/watobo/gui/edit_scope_dialog.rb +7 -6
- data/lib/watobo/gui/finding_info.rb +3 -2
- data/lib/watobo/gui/findings_tree.rb +101 -26
- data/lib/watobo/gui/full_scan_dialog.rb +5 -6
- data/lib/watobo/gui/fuzzer_gui.rb +51 -18
- data/lib/watobo/gui/goto_url_dialog.rb +92 -0
- data/lib/watobo/gui/hex_viewer.rb +16 -5
- data/lib/watobo/gui/html_viewer.rb +309 -0
- data/lib/watobo/gui/intercept_filter_dialog.rb +3 -2
- data/lib/watobo/gui/interceptor_gui.rb +5 -4
- data/lib/watobo/gui/interceptor_settings_dialog.rb +4 -3
- data/lib/watobo/gui/list_box.rb +4 -3
- data/lib/watobo/gui/log_file_viewer.rb +55 -0
- data/lib/watobo/gui/log_viewer.rb +3 -82
- data/lib/watobo/gui/login_wizzard.rb +3 -3
- data/lib/watobo/gui/main_window.rb +183 -164
- data/lib/watobo/gui/manual_request_editor.rb +157 -642
- data/lib/watobo/gui/master_pw_dialog.rb +3 -2
- data/lib/watobo/gui/mixins/gui_settings.rb +3 -2
- data/lib/watobo/gui/page_tree.rb +3 -2
- data/lib/watobo/gui/password_policy_dialog.rb +3 -2
- data/lib/watobo/gui/plugin_board.rb +103 -73
- data/lib/watobo/gui/preferences_dialog.rb +3 -2
- data/lib/watobo/gui/progress_window.rb +3 -2
- data/lib/watobo/gui/project_wizzard.rb +3 -2
- data/lib/watobo/gui/proxy_dialog.rb +3 -2
- data/lib/watobo/gui/quick_scan_dialog.rb +17 -32
- data/lib/watobo/gui/request_builder_frame.rb +134 -0
- data/lib/watobo/gui/request_editor.rb +14 -9
- data/lib/watobo/gui/rewrite_filters_dialog.rb +4 -3
- data/lib/watobo/gui/rewrite_rules_dialog.rb +4 -3
- data/lib/watobo/gui/save_chat_dialog.rb +7 -3
- data/lib/watobo/gui/scanner_settings_dialog.rb +4 -3
- data/lib/watobo/gui/select_chat_dialog.rb +15 -25
- data/lib/watobo/gui/session_management_dialog.rb +21 -25
- data/lib/watobo/gui/sites_tree.rb +5 -4
- data/lib/watobo/gui/status_bar.rb +3 -2
- data/lib/watobo/gui/table_editor.rb +398 -386
- data/lib/watobo/gui/tagless_viewer.rb +3 -2
- data/lib/watobo/gui/templates/plugin.rb +3 -2
- data/lib/watobo/gui/templates/plugin2.rb +4 -3
- data/lib/watobo/gui/templates/plugin_base.rb +168 -0
- data/lib/watobo/gui/text_viewer.rb +49 -3
- data/lib/watobo/gui/transcoder_window.rb +3 -2
- data/lib/watobo/gui/utils/gui_utils.rb +5 -4
- data/lib/watobo/gui/utils/init_icons.rb +5 -2
- data/lib/watobo/gui/utils/load_icons.rb +3 -2
- data/lib/watobo/gui/utils/load_plugins.rb +22 -5
- data/lib/watobo/gui/utils/master_password.rb +3 -2
- data/lib/watobo/gui/utils/save_default_settings.rb +7 -5
- data/lib/watobo/gui/utils/save_project_settings.rb +1 -1
- data/lib/watobo/gui/utils/save_proxy_settings.rb +4 -3
- data/lib/watobo/gui/utils/save_scanner_settings.rb +5 -4
- data/lib/watobo/gui/utils/session_history.rb +3 -2
- data/lib/watobo/gui/workspace_dialog.rb +3 -2
- data/lib/watobo/gui/www_auth_dialog.rb +4 -3
- data/lib/watobo/gui/xml_viewer_frame.rb +3 -2
- data/lib/watobo/gui.rb +6 -3
- data/lib/watobo/http/cookies/cookies.rb +66 -0
- data/lib/watobo/http/data/data.rb +68 -0
- data/lib/watobo/{gui/mixins/subscriber.rb → http/url/url.rb} +33 -19
- data/lib/watobo/http_socket/agent.rb +851 -0
- data/lib/watobo/http_socket/client_socket.rb +290 -0
- data/lib/watobo/http_socket/connection.rb +423 -0
- data/lib/watobo/http_socket/http_socket.rb +273 -0
- data/lib/watobo/http_socket/ntlm_auth.rb +152 -0
- data/lib/watobo/http_socket/proxy.rb +31 -0
- data/lib/watobo/http_socket.rb +25 -0
- data/lib/watobo/interceptor/proxy.rb +883 -0
- data/lib/watobo/interceptor/transparent.rb +37 -0
- data/lib/watobo/interceptor.rb +25 -0
- data/lib/watobo/mixins/check_info.rb +50 -0
- data/lib/watobo/mixins/httpparser.rb +92 -20
- data/lib/watobo/mixins/request_parser.rb +103 -88
- data/lib/watobo/mixins/shapers.rb +42 -11
- data/lib/watobo/mixins/transcoders.rb +61 -57
- data/lib/watobo/mixins.rb +3 -2
- data/lib/watobo/parser/html.rb +106 -0
- data/lib/watobo/parser.rb +22 -0
- data/lib/watobo/utils/check_regex.rb +3 -2
- data/lib/watobo/utils/copy_object.rb +3 -2
- data/lib/watobo/utils/crypto.rb +3 -2
- data/lib/watobo/utils/expand_range.rb +3 -2
- data/lib/watobo/utils/file_management.rb +7 -3
- data/lib/watobo/utils/hexprint.rb +3 -2
- data/lib/watobo/utils/load_chat.rb +4 -3
- data/lib/watobo/utils/load_icon.rb +3 -2
- data/lib/watobo/utils/print_debug.rb +3 -2
- data/lib/watobo/utils/response_builder.rb +6 -4
- data/lib/watobo/utils/response_hash.rb +66 -49
- data/lib/watobo/utils/secure_eval.rb +3 -2
- data/lib/watobo/utils/strings.rb +3 -2
- data/lib/watobo/utils/text2request.rb +4 -5
- data/lib/watobo/utils/url.rb +46 -0
- data/lib/watobo/utils.rb +3 -2
- data/lib/watobo.rb +13 -3
- data/modules/active/Apache/mod_status.rb +15 -11
- data/modules/active/Flash/crossdomain.rb +17 -14
- data/modules/active/RoR/cve_2013_015x.rb +21 -0
- data/modules/active/directories/dirwalker.rb +10 -16
- data/modules/active/discovery/fileextensions.rb +10 -7
- data/modules/active/discovery/http_methods.rb +8 -9
- data/modules/active/domino/domino_db.rb +10 -11
- data/modules/active/dotNET/custom_errors.rb +124 -0
- data/modules/active/dotNET/dotnet_files.rb +112 -0
- data/modules/active/fileinclusion/lfi_simple.rb +9 -7
- data/modules/active/jboss/jboss_basic.rb +12 -9
- data/modules/active/sap/its_commands.rb +10 -9
- data/modules/active/sap/its_service_parameter.rb +10 -9
- data/modules/active/sap/its_services.rb +10 -9
- data/modules/active/sap/its_xss.rb +11 -10
- data/modules/active/siebel/siebel_apps.rb +14 -16
- data/modules/active/sqlinjection/sql_boolean.rb +139 -75
- data/modules/active/sqlinjection/sqli_error.rb +9 -6
- data/modules/active/sqlinjection/sqli_timing.rb +13 -11
- data/modules/active/xml/xml_xxe.rb +134 -0
- data/modules/active/xss/{xss_rated.rb → xss_ng.rb} +89 -56
- data/modules/active/xss/xss_simple.rb +9 -6
- data/modules/passive/ajax.rb +85 -0
- data/modules/passive/autocomplete.rb +78 -0
- data/modules/passive/cookie_options.rb +3 -2
- data/modules/passive/cookie_xss.rb +3 -2
- data/modules/passive/detect_code.rb +7 -4
- data/modules/passive/detect_fileupload.rb +3 -2
- data/modules/passive/detect_infrastructure.rb +7 -4
- data/modules/passive/detect_one_time_tokens.rb +3 -2
- data/modules/passive/dirindexing.rb +3 -2
- data/modules/passive/disclosure_domino.rb +3 -2
- data/modules/passive/disclosure_emails.rb +3 -2
- data/modules/passive/disclosure_ipaddr.rb +3 -2
- data/modules/passive/filename_as_parameter.rb +3 -2
- data/modules/passive/form_spotter.rb +10 -7
- data/modules/passive/hidden_fields.rb +73 -0
- data/modules/passive/hotspots.rb +7 -4
- data/modules/passive/in_script_parameter.rb +3 -2
- data/modules/passive/multiple_server_headers.rb +4 -3
- data/modules/passive/possible_login.rb +3 -2
- data/modules/passive/redirect_url.rb +3 -2
- data/modules/passive/redirectionz.rb +6 -3
- data/modules/passive/xss_dom.rb +16 -9
- data/plugins/catalog/catalog.rb +119 -193
- data/plugins/crawler/crawler.rb +4 -3
- data/plugins/crawler/gui/auth_frame.rb +3 -2
- data/plugins/crawler/gui/crawler_gui.rb +3 -2
- data/plugins/crawler/gui/general_settings_frame.rb +3 -2
- data/plugins/crawler/gui/hooks_frame.rb +3 -2
- data/plugins/crawler/gui/scope_frame.rb +3 -2
- data/plugins/crawler/gui/settings_tabbook.rb +3 -2
- data/plugins/crawler/gui/status_frame.rb +3 -2
- data/plugins/crawler/gui.rb +3 -2
- data/plugins/crawler/lib/bags.rb +3 -2
- data/plugins/crawler/lib/constants.rb +3 -2
- data/plugins/crawler/lib/engine.rb +3 -2
- data/plugins/crawler/lib/grabber.rb +3 -2
- data/plugins/crawler/lib/uri_mp.rb +1 -1
- data/plugins/filefinder/filefinder.rb +92 -70
- data/plugins/sqlmap/bin/test.rb +3 -2
- data/plugins/sqlmap/gui/main.rb +3 -2
- data/plugins/sqlmap/gui/options_frame.rb +4 -3
- data/plugins/sqlmap/gui.rb +1 -1
- data/plugins/sqlmap/lib/sqlmap_ctrl.rb +3 -2
- data/plugins/sqlmap/sqlmap.rb +1 -1
- data/plugins/sslchecker/cli/sslchecker_cli.rb +1 -1
- data/plugins/sslchecker/gui/cipher_table.rb +17 -10
- data/plugins/sslchecker/gui/gui.rb +59 -56
- data/plugins/sslchecker/gui/sslchecker.rb +1 -1
- data/plugins/sslchecker/lib/check.rb +43 -18
- data/plugins/wshell/gui/main.rb +130 -0
- data/plugins/wshell/icons/wsh.ico +0 -0
- data/plugins/wshell/lib/core.rb +99 -0
- data/plugins/wshell/wshell.rb +33 -0
- metadata +80 -8
- data/README +0 -26
- data/lib/watobo/core/http_socket.rb +0 -161
- data/lib/watobo/gui/plugin/base.rb +0 -82
@@ -1,7 +1,7 @@
|
|
1
1
|
# .
|
2
2
|
# findings_tree.rb
|
3
3
|
#
|
4
|
-
# Copyright
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
5
5
|
#
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
7
7
|
# http://watobo.sourceforge.com
|
@@ -19,7 +19,8 @@
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
|
-
|
22
|
+
# @private
|
23
|
+
module Watobo#:nodoc: all
|
23
24
|
module Gui
|
24
25
|
class FindingsTree < FXTreeList
|
25
26
|
include Watobo::Constants
|
@@ -31,6 +32,7 @@ module Watobo
|
|
31
32
|
end
|
32
33
|
|
33
34
|
def expandFullTree(item)
|
35
|
+
@expandeds = []
|
34
36
|
self.expandTree(item)
|
35
37
|
item.each do |c|
|
36
38
|
expandFullTree(c) if !self.itemLeaf?(c)
|
@@ -38,6 +40,7 @@ module Watobo
|
|
38
40
|
end
|
39
41
|
|
40
42
|
def collapseFullTree(item)
|
43
|
+
@expandeds = []
|
41
44
|
self.collapseTree(item)
|
42
45
|
item.each do |c|
|
43
46
|
collapseFullTree(c) if !self.itemLeaf?(c)
|
@@ -49,26 +52,24 @@ module Watobo
|
|
49
52
|
false
|
50
53
|
end
|
51
54
|
|
52
|
-
|
53
|
-
self.clearItems
|
54
|
-
|
55
|
-
@findings.each_value do |finding|
|
56
|
-
|
57
|
-
addFinding(finding)
|
58
|
-
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
55
|
+
|
62
56
|
def reload()
|
63
|
-
|
64
|
-
unless @project.nil?
|
57
|
+
self.clearItems
|
65
58
|
@findings.clear
|
66
|
-
|
67
|
-
|
68
|
-
end
|
69
|
-
|
70
|
-
|
71
|
-
|
59
|
+
Watobo::Findings.each do |fid, finding|
|
60
|
+
addFinding(finding)
|
61
|
+
end
|
62
|
+
expand_findings
|
63
|
+
@expandeds.each do |t|
|
64
|
+
site, text = t.split("|")
|
65
|
+
if( site = self.findItem(site, nil, SEARCH_FORWARD|SEARCH_NOWRAP) )
|
66
|
+
if( node = self.findItem(text, site, SEARCH_FORWARD|SEARCH_NOWRAP) )
|
67
|
+
self.expandTree(node)
|
68
|
+
else
|
69
|
+
@expandeds.delete t
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
72
73
|
end
|
73
74
|
|
74
75
|
def useRegularIcons()
|
@@ -77,6 +78,7 @@ module Watobo
|
|
77
78
|
regular_font.create
|
78
79
|
# Findings Tree Icons
|
79
80
|
@icon_vuln = ICON_VULN
|
81
|
+
@icon_vuln_bp = ICON_VULN_BP
|
80
82
|
@icon_vuln_low = ICON_VULN_LOW
|
81
83
|
@icon_vuln_medium = ICON_VULN_MEDIUM
|
82
84
|
@icon_vuln_high = ICON_VULN_HIGH
|
@@ -95,6 +97,7 @@ module Watobo
|
|
95
97
|
small_font = FXFont.new(getApp(), "helvetica", GUI_SMALL_FONT_SIZE)
|
96
98
|
small_font.create
|
97
99
|
@icon_vuln = ICON_VULN_SMALL
|
100
|
+
@icon_vuln_bp = ICON_VULN_BP_SMALL
|
98
101
|
@icon_vuln_low = ICON_VULN_LOW_SMALL
|
99
102
|
@icon_vuln_medium = ICON_VULN_MEDIUM_SMALL
|
100
103
|
@icon_vuln_high = ICON_VULN_HIGH_SMALL
|
@@ -119,7 +122,7 @@ module Watobo
|
|
119
122
|
# puts finding.details[:title]
|
120
123
|
@findings[finding.details[:fid]] = finding
|
121
124
|
if @show_scope_only == true
|
122
|
-
addFindingItem(finding) if
|
125
|
+
addFindingItem(finding) if Watobo::Scope.match_site?(finding.request.site)
|
123
126
|
else
|
124
127
|
addFindingItem(finding)
|
125
128
|
end
|
@@ -161,6 +164,8 @@ module Watobo
|
|
161
164
|
|
162
165
|
when FINDING_TYPE_VULN
|
163
166
|
finding_type = "Vulnerabilities"
|
167
|
+
icon = @icon_vuln_bp
|
168
|
+
|
164
169
|
if finding.details[:rating] == VULN_RATING_LOW
|
165
170
|
icon = @icon_vuln_low
|
166
171
|
# puts "low-rating-vuln"
|
@@ -179,7 +184,7 @@ module Watobo
|
|
179
184
|
sub_tree = self.findItem(finding_type, site, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP)
|
180
185
|
if sub_tree and sub_tree.parent == site and finding.details[:class]
|
181
186
|
|
182
|
-
class_item = self.findItem(finding.details[:class], sub_tree, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP)
|
187
|
+
class_item = self.findItem(finding.details[:class], sub_tree, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP|SEARCH_PREFIX)
|
183
188
|
if not class_item or class_item.parent != sub_tree
|
184
189
|
class_item = self.appendItem(sub_tree, finding.details[:class], icon, icon)
|
185
190
|
self.setItemData(class_item, :finding_class )
|
@@ -199,6 +204,13 @@ module Watobo
|
|
199
204
|
request_item = self.appendItem(title_item, text)
|
200
205
|
self.setItemData(request_item, finding)
|
201
206
|
end
|
207
|
+
|
208
|
+
#
|
209
|
+
unless class_item.text =~ / \(\d+\)$/
|
210
|
+
class_item.text = class_item.text + " (#{class_item.numChildren})"
|
211
|
+
else
|
212
|
+
class_item.text = class_item.text.gsub(/ \(\d+\)$/, " (#{class_item.numChildren})")
|
213
|
+
end
|
202
214
|
end
|
203
215
|
|
204
216
|
end
|
@@ -217,6 +229,8 @@ module Watobo
|
|
217
229
|
@findings = Hash.new
|
218
230
|
@show_scope_only = false
|
219
231
|
@hide_false_positives = false
|
232
|
+
@clipboard = ""
|
233
|
+
@expandeds = []
|
220
234
|
|
221
235
|
@event_dispatcher_listeners = Hash.new
|
222
236
|
|
@@ -225,6 +239,30 @@ module Watobo
|
|
225
239
|
useRegularIcons()
|
226
240
|
|
227
241
|
@filtered_domains = Hash.new # domains which already have been filtered
|
242
|
+
|
243
|
+
self.connect(SEL_CLIPBOARD_REQUEST) do
|
244
|
+
setDNDData(FROM_CLIPBOARD, FXWindow.stringType, Fox.fxencodeStringData(@clipboard.to_s))
|
245
|
+
end
|
246
|
+
|
247
|
+
self.connect(SEL_EXPANDED) do |sender, sel, item|
|
248
|
+
parent = item
|
249
|
+
while parent.parent
|
250
|
+
parent = parent.parent
|
251
|
+
end
|
252
|
+
unless parent.nil? or item.nil?
|
253
|
+
node = "#{parent.text}|#{item.text}"
|
254
|
+
@expandeds << node
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
258
|
+
self.connect(SEL_COLLAPSED) do |sender, sel, item|
|
259
|
+
parent = item
|
260
|
+
while parent.parent
|
261
|
+
parent = parent.parent
|
262
|
+
end
|
263
|
+
node = "#{parent.text}|#{item.text}"
|
264
|
+
@expandeds.delete node
|
265
|
+
end
|
228
266
|
|
229
267
|
self.connect(SEL_COMMAND) do |sender, sel, item|
|
230
268
|
if self.itemLeaf?(item)
|
@@ -293,7 +331,7 @@ module Watobo
|
|
293
331
|
|
294
332
|
target.connect(SEL_COMMAND) { |ts, sl, it|
|
295
333
|
@show_scope_only = ts.checked?
|
296
|
-
|
334
|
+
reload
|
297
335
|
}
|
298
336
|
|
299
337
|
target = FXMenuCheck.new(menu_pane, "hide false-positives" )
|
@@ -302,7 +340,7 @@ module Watobo
|
|
302
340
|
|
303
341
|
target.connect(SEL_COMMAND) { |ts, sl, it|
|
304
342
|
@hide_false_positives = ts.checked?
|
305
|
-
|
343
|
+
reload
|
306
344
|
}
|
307
345
|
|
308
346
|
|
@@ -317,8 +355,9 @@ module Watobo
|
|
317
355
|
if data == :item_type_site then
|
318
356
|
# FXMenuSeparator.new(menu_pane)
|
319
357
|
FXMenuCommand.new(menu_pane, "add site to scope" ).connect(SEL_COMMAND) {
|
320
|
-
|
321
|
-
|
358
|
+
#notify(:add_site_to_scope, item.to_s)
|
359
|
+
Watobo::Scope.add item.to_s
|
360
|
+
reload
|
322
361
|
}
|
323
362
|
#
|
324
363
|
elsif data == :title
|
@@ -329,6 +368,8 @@ module Watobo
|
|
329
368
|
end
|
330
369
|
|
331
370
|
fp_submenu = FXMenuPane.new(self) do |sub|
|
371
|
+
|
372
|
+
|
332
373
|
|
333
374
|
target = FXMenuCommand.new(sub, "Set False Positive" )
|
334
375
|
target.connect(SEL_COMMAND) {
|
@@ -429,6 +470,22 @@ module Watobo
|
|
429
470
|
end
|
430
471
|
|
431
472
|
fp_submenu = FXMenuPane.new(self) do |sub|
|
473
|
+
|
474
|
+
target = FXMenuCommand.new(sub, "Copy URLs" )
|
475
|
+
target.connect(SEL_COMMAND) {
|
476
|
+
|
477
|
+
urls = []
|
478
|
+
findings.each do |f|
|
479
|
+
proto = f.request.proto
|
480
|
+
site = f.request.site
|
481
|
+
path = f.request.path
|
482
|
+
urls << "#{proto}://#{site}/#{path}"
|
483
|
+
end
|
484
|
+
types = [ FXWindow.stringType ]
|
485
|
+
if acquireClipboard(types)
|
486
|
+
@clipboard = urls.uniq.join("\n")
|
487
|
+
end
|
488
|
+
}
|
432
489
|
|
433
490
|
target = FXMenuCommand.new(sub, "Set False Positive" )
|
434
491
|
target.connect(SEL_COMMAND) {
|
@@ -490,6 +547,13 @@ module Watobo
|
|
490
547
|
}
|
491
548
|
|
492
549
|
elsif data.is_a? Watobo::Finding then
|
550
|
+
FXMenuCommand.new(menu_pane, "Copy URL" ).connect(SEL_COMMAND){
|
551
|
+
types = [ FXWindow.stringType ]
|
552
|
+
if acquireClipboard(types)
|
553
|
+
@clipboard = item.data.request.url.to_s
|
554
|
+
end
|
555
|
+
|
556
|
+
}
|
493
557
|
# FXMenuSeparator.new(menu_pane)
|
494
558
|
doManual = FXMenuCommand.new(menu_pane, "Manual Request.." )
|
495
559
|
doManual.connect(SEL_COMMAND) {
|
@@ -514,6 +578,17 @@ module Watobo
|
|
514
578
|
end
|
515
579
|
|
516
580
|
private
|
581
|
+
|
582
|
+
def expand_findings()
|
583
|
+
self.each do |site|
|
584
|
+
expandTree site
|
585
|
+
%w(Vulnerabilities Hints Info).each do |item|
|
586
|
+
f = self.findItem(item, site,SEARCH_FORWARD|SEARCH_IGNORECASE)
|
587
|
+
expandTree(f) unless site.nil?
|
588
|
+
end
|
589
|
+
end
|
590
|
+
|
591
|
+
end
|
517
592
|
|
518
593
|
def notify(event, *args)
|
519
594
|
if @event_dispatcher_listeners[event]
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# .
|
2
2
|
# full_scan_dialog.rb
|
3
3
|
#
|
4
|
-
# Copyright
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
5
5
|
#
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
7
7
|
# http://watobo.sourceforge.com
|
@@ -19,7 +19,8 @@
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
|
-
|
22
|
+
# @private
|
23
|
+
module Watobo#:nodoc: all
|
23
24
|
module Gui
|
24
25
|
|
25
26
|
class FullScanDialog < FXDialogBox
|
@@ -96,15 +97,13 @@ module Watobo
|
|
96
97
|
|
97
98
|
@switcher = FXSwitcher.new(base_frame,LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
98
99
|
|
99
|
-
@
|
100
|
-
# @selectSitesFrame = SelectSitesFrame.new(@switcher, project, prefs)
|
101
|
-
@defineScopeFrame = DefineScopeFrame.new(@switcher, @project.listSites(), @project.scope, prefs)
|
100
|
+
@defineScopeFrame = DefineScopeFrame.new(@switcher, prefs)
|
102
101
|
|
103
102
|
@policyBase = FXVerticalFrame.new(@switcher, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
|
104
103
|
smf = FXHorizontalFrame.new(@policyBase, :opts => LAYOUT_FILL_X|LAYOUT_SIDE_TOP|FRAME_GROOVE)
|
105
104
|
FXLabel.new(smf, "Select Checks")
|
106
105
|
|
107
|
-
@policyFrame = ChecksPolicyFrame.new(@policyBase, @project.
|
106
|
+
@policyFrame = ChecksPolicyFrame.new(@policyBase, @project.getScanPolicy)
|
108
107
|
|
109
108
|
# @scannerOptions = ScannerSettingsFrame.new(@switcher, @project.getScanPreferences(),:opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
|
110
109
|
@scannerOptions = ScannerSettingsFrame.new(@switcher, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# .
|
2
2
|
# fuzzer_gui.rb
|
3
3
|
#
|
4
|
-
# Copyright
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
5
5
|
#
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
7
7
|
# http://watobo.sourceforge.com
|
@@ -20,7 +20,8 @@
|
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
22
|
require 'watobo/gui/request_editor.rb'
|
23
|
-
|
23
|
+
# @private
|
24
|
+
module Watobo#:nodoc: all
|
24
25
|
|
25
26
|
|
26
27
|
module Gui
|
@@ -63,10 +64,10 @@ module Watobo
|
|
63
64
|
def generateChecks(chat)
|
64
65
|
unless @fuzzer_list.empty?
|
65
66
|
fuzzels(@fuzzer_list) do |fuzzle|
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
67
|
+
test_fuzzle = Hash.new
|
68
|
+
test_fuzzle.update YAML.load(YAML.dump(fuzzle))
|
69
|
+
checker = proc{
|
70
|
+
#puts test_fuzzle
|
70
71
|
fuzz_request = @requestEditor.parseRequest(test_fuzzle)
|
71
72
|
fuzz_request.extend Watobo::Mixin::Shaper::Web10
|
72
73
|
fuzz_request.extend Watobo::Mixin::Parser::Web10
|
@@ -1000,8 +1001,9 @@ module Watobo
|
|
1000
1001
|
scan_prefs[:scanlog_name] = @log_dir_dt.value unless @log_dir_dt.value.empty?
|
1001
1002
|
end
|
1002
1003
|
|
1003
|
-
|
1004
|
-
|
1004
|
+
# @scanner = Watobo::Scanner2.new(chat_list, check_list, @project.passive_checks, scan_prefs)
|
1005
|
+
@scanner = Watobo::Scanner3.new(chat_list, check_list , [], scan_prefs)
|
1006
|
+
@pbar.total = @scanner.sum_total
|
1005
1007
|
@pbar.progress = 0
|
1006
1008
|
@pbar.barColor = 'red'
|
1007
1009
|
|
@@ -1015,7 +1017,7 @@ module Watobo
|
|
1015
1017
|
|
1016
1018
|
}
|
1017
1019
|
|
1018
|
-
|
1020
|
+
# Thread.new {
|
1019
1021
|
begin
|
1020
1022
|
m = "start fuzzing..."
|
1021
1023
|
@log_viewer.log(LOG_INFO,m)
|
@@ -1027,17 +1029,17 @@ module Watobo
|
|
1027
1029
|
puts scan_prefs.to_yaml
|
1028
1030
|
puts "run scanner"
|
1029
1031
|
@scanner.run(scan_prefs)
|
1030
|
-
|
1031
|
-
|
1032
|
-
|
1033
|
-
|
1034
|
-
m = "finished fuzzing!"
|
1035
|
-
|
1032
|
+
#@fuzz_button.text = "Start"
|
1033
|
+
#@pbar.total = 0
|
1034
|
+
#@pbar.progress = 0
|
1035
|
+
#@pbar.barColor = 'grey'
|
1036
|
+
#m = "finished fuzzing!"
|
1037
|
+
#@log_viewer.log(LOG_INFO,m)
|
1036
1038
|
rescue => bang
|
1037
1039
|
puts bang
|
1038
1040
|
puts bang.backtrace if $DEBUG
|
1039
1041
|
end
|
1040
|
-
|
1042
|
+
# }
|
1041
1043
|
|
1042
1044
|
end
|
1043
1045
|
|
@@ -1051,6 +1053,7 @@ puts "run scanner"
|
|
1051
1053
|
@request = chat.request.dup
|
1052
1054
|
@fuzzing_paused = false
|
1053
1055
|
@fuzzing_started = false
|
1056
|
+
@scan_status_lock = Mutex.new
|
1054
1057
|
|
1055
1058
|
# @scan_prefs = @project.getScanPreferences()
|
1056
1059
|
|
@@ -1210,8 +1213,38 @@ puts "run scanner"
|
|
1210
1213
|
FXLabel.new(log_frame_header, "Logs:" )
|
1211
1214
|
log_text_frame = FXVerticalFrame.new(log_frame, LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_SUNKEN|FRAME_GROOVE, :padding=>0)
|
1212
1215
|
@log_viewer = LogViewer.new(log_text_frame, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
1213
|
-
|
1214
|
-
|
1216
|
+
|
1217
|
+
add_update_timer(250)
|
1218
|
+
|
1219
|
+
end
|
1220
|
+
|
1221
|
+
def add_update_timer(ms)
|
1222
|
+
@update_timer = FXApp.instance.addTimeout( ms, :repeat => true) {
|
1223
|
+
unless @scanner.nil?
|
1224
|
+
@scan_status_lock.synchronize do
|
1225
|
+
|
1226
|
+
if @pbar.total > 0
|
1227
|
+
sum_progress = 0
|
1228
|
+
@scanner.progress.each_value do |v|
|
1229
|
+
sum_progress += v[:progress]
|
1230
|
+
end
|
1231
|
+
@pbar.progress = sum_progress
|
1232
|
+
end
|
1233
|
+
|
1234
|
+
if @scanner.finished?
|
1235
|
+
@scanner = nil
|
1236
|
+
#logger("Scan Finished!")
|
1237
|
+
@log_viewer.log(LOG_INFO,"Done fuzzing!")
|
1238
|
+
@pbar.progress = 0
|
1239
|
+
@pbar.total = 0
|
1240
|
+
@pbar.barColor = 'grey' #FXRGB(255,0,0)
|
1241
|
+
# @btn_quickscan.text = "QuickScan"
|
1242
|
+
end
|
1243
|
+
end
|
1244
|
+
|
1245
|
+
end
|
1246
|
+
}
|
1247
|
+
end
|
1215
1248
|
end
|
1216
1249
|
|
1217
1250
|
class FuzzerTree < FXTreeList
|
@@ -0,0 +1,92 @@
|
|
1
|
+
# .
|
2
|
+
# goto_url_dialog.rb
|
3
|
+
#
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
5
|
+
#
|
6
|
+
# This file is part of WATOBO (Web Application Tool Box)
|
7
|
+
# http://watobo.sourceforge.com
|
8
|
+
#
|
9
|
+
# WATOBO is free software; you can redistribute it and/or modify
|
10
|
+
# it under the terms of the GNU General Public License as published by
|
11
|
+
# the Free Software Foundation version 2 of the License.
|
12
|
+
#
|
13
|
+
# WATOBO is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with WATOBO; if not, write to the Free Software
|
20
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
+
# .
|
22
|
+
# @private
|
23
|
+
module Watobo#:nodoc: all
|
24
|
+
module Gui
|
25
|
+
class GotoUrlDialog < FXDialogBox
|
26
|
+
|
27
|
+
include Responder
|
28
|
+
|
29
|
+
attr :url_pattern
|
30
|
+
def initialize(owner, pattern=nil )
|
31
|
+
#super(owner, "Edit Target Scope", DECOR_TITLE|DECOR_BORDER, :width => 300, :height => 425)
|
32
|
+
super(owner, "Enter URL filter (regex):", DECOR_ALL, :width => 300, :height => 150)
|
33
|
+
|
34
|
+
FXMAPFUNC(SEL_COMMAND, ID_ACCEPT, :onAccept)
|
35
|
+
|
36
|
+
base_frame = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
|
37
|
+
@url_pattern = ""
|
38
|
+
|
39
|
+
|
40
|
+
@pattern_field = FXTextField.new(base_frame, 40, :target => @pattern, :selector => FXDataTarget::ID_VALUE, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_LEFT)
|
41
|
+
@pattern_field.setText(pattern) unless pattern.nil?
|
42
|
+
@pattern_field.setFocus()
|
43
|
+
@pattern_field.setDefault()
|
44
|
+
|
45
|
+
@pattern_field.connect(SEL_KEYPRESS) { |sender, sel, event|
|
46
|
+
if event.code == KEY_Tab
|
47
|
+
@finishButton.setFocus()
|
48
|
+
@finishButton.setDefault()
|
49
|
+
true
|
50
|
+
else
|
51
|
+
false
|
52
|
+
end
|
53
|
+
|
54
|
+
}
|
55
|
+
buttons_frame = FXHorizontalFrame.new(base_frame,
|
56
|
+
:opts => LAYOUT_FILL_X|LAYOUT_SIDE_TOP)
|
57
|
+
|
58
|
+
@finishButton = FXButton.new(buttons_frame, "Accept" , nil, nil, :opts => BUTTON_NORMAL|LAYOUT_RIGHT)
|
59
|
+
@finishButton.enable
|
60
|
+
|
61
|
+
|
62
|
+
@finishButton.connect(SEL_COMMAND) do |sender, sel, item|
|
63
|
+
#self.handle(self, FXSEL(SEL_COMMAND, ID_CANCEL), nil)
|
64
|
+
self.handle(self, FXSEL(SEL_COMMAND, ID_ACCEPT), nil)
|
65
|
+
true
|
66
|
+
end
|
67
|
+
|
68
|
+
@cancelButton = FXButton.new(buttons_frame, "Cancel" ,
|
69
|
+
:target => self, :selector => FXDialogBox::ID_CANCEL,
|
70
|
+
:opts => BUTTON_NORMAL|LAYOUT_RIGHT)
|
71
|
+
|
72
|
+
end
|
73
|
+
|
74
|
+
private
|
75
|
+
|
76
|
+
def onAccept(sender, sel, event)
|
77
|
+
begin
|
78
|
+
@url_pattern = @pattern_field.text
|
79
|
+
"regex_test".match(/#{@url_pattern}/)
|
80
|
+
rescue
|
81
|
+
@url_pattern = Regexp.quote @pattern_field.text
|
82
|
+
end
|
83
|
+
|
84
|
+
# Watobo::Scope.set @defineScopeFrame.getScope()
|
85
|
+
|
86
|
+
getApp().stopModal(self, 1)
|
87
|
+
self.hide()
|
88
|
+
return 0
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# .
|
2
2
|
# hex_viewer.rb
|
3
3
|
#
|
4
|
-
# Copyright
|
4
|
+
# Copyright 2013 by siberas, http://www.siberas.de
|
5
5
|
#
|
6
6
|
# This file is part of WATOBO (Web Application Tool Box)
|
7
7
|
# http://watobo.sourceforge.com
|
@@ -19,17 +19,18 @@
|
|
19
19
|
# along with WATOBO; if not, write to the Free Software
|
20
20
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
21
|
# .
|
22
|
-
|
22
|
+
# @private
|
23
|
+
module Watobo#:nodoc: all
|
23
24
|
module Gui
|
24
25
|
class HexViewer < FXHorizontalFrame
|
25
26
|
def normalizeText(text)
|
26
27
|
dummy = []
|
27
28
|
begin
|
28
29
|
text.headers.each do |h|
|
29
|
-
dummy.push h.strip + "\r\n"
|
30
|
+
dummy.push h.strip.unpack("C*").pack("C*") + "\r\n"
|
30
31
|
end
|
31
32
|
dummy.push "\r\n"
|
32
|
-
dummy.push text.body
|
33
|
+
dummy.push text.body.unpack("C*").pack("C*")
|
33
34
|
dummy = dummy.join
|
34
35
|
rescue => bang
|
35
36
|
dummy = text
|
@@ -37,7 +38,16 @@ module Watobo
|
|
37
38
|
return dummy
|
38
39
|
end
|
39
40
|
|
40
|
-
def setText(
|
41
|
+
def setText(tobject)
|
42
|
+
raw_text = tobject
|
43
|
+
|
44
|
+
if tobject.respond_to? :has_body?
|
45
|
+
raw_text = ""
|
46
|
+
raw_text << tobject.body.to_s unless tobject.body.nil?
|
47
|
+
end
|
48
|
+
|
49
|
+
|
50
|
+
|
41
51
|
initTable()
|
42
52
|
|
43
53
|
if raw_text and not raw_text.empty? then
|
@@ -58,6 +68,7 @@ module Watobo
|
|
58
68
|
|
59
69
|
if pos % 16 == 0 then
|
60
70
|
chunk = raw_text[row*16..pos-1]
|
71
|
+
|
61
72
|
# puts chunk
|
62
73
|
@hexTable.setItemText(row, 16, chunk.gsub(/[^[:print:]]/,'.')) if !chunk.nil?
|
63
74
|
@hexTable.getItem(row, 16).justify = FXTableItem::LEFT
|