watobo 0.9.14 → 0.9.15

data/modules/passive/sap-headers.rb

@@ -0,0 +1,78 @@
+# .
+# sap-headers.rb
+# 
+# Copyright 2013 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+
+# @private 
+module Watobo#:nodoc: all
+  module Modules
+    module Passive
+      
+      
+      class Sap_headers < Watobo::PassiveCheck
+        
+        def initialize(project)
+          @project = project
+          super(project)
+          @info.update(
+                       :check_name => 'SAP Headers',    # name of check which briefly describes functionality, will be used for tree and progress views
+          :description => "checks for headers which contain 'sap-', e.g. sap-srt_server_info.",   # description of checkfunction
+          :author => "Andreas Schmidt", # author of check
+          :version => "0.9"   # check version
+          )
+          
+          @finding.update(
+                          :threat => 'May reveal sensitive information..',        # thread of vulnerability, e.g. loss of information
+          :class => "SAP Header",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+          :type => FINDING_TYPE_INFO         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
+          )
+          
+          @tested_directories = []
+          
+          @pattern_list = [ '^sap-' ]
+          
+         
+        end
+        
+        def do_test(chat)
+          begin
+            
+            @pattern_list.each do |pat|
+              chat.response.headers(pat) do |header|
+              next unless chat.response.has_body?
+                 match = header.split(":")[0]
+                 addFinding(  
+                           :proof_pattern => "#{header}",
+                           :chat => chat,
+                           :title => "#{match}"
+                )
+               
+              end
+            end      
+          rescue => bang
+            puts "ERROR!! #{Module.nesting[0].name}"
+            puts bang
+          end
+        end
+      end
+      
+    end
+  end
+end

data/modules/passive/xss_dom.rb

@@ -60,18 +60,20 @@ module Watobo#:nodoc: all
         end
         
         def showError(chatid, message)
-          puts "!!! Error"  
+          puts "!!! Error #{Module.nesting[0].name}"  
           puts "Chat: [#{chatid}]"
           puts message
         end
         
         def do_test(chat)
           begin
-
+            return false if chat.response.nil?
+            return false unless chat.response.has_body?
             return true unless chat.response.content_type =~ /(text|script)/ 
             
             @dom_functions.each do |pattern|
-              if chat.response.body =~ /(#{pattern})/i then
+              body = chat.response.body.unpack("C*").pack("C*")
+              if body =~ /(#{pattern})/i then
                match = $1.strip
                match.gsub!(/^[\.\(\)]+/,'')
                match.gsub!(/[\.\(\)]+$/,'')

data/plugins/catalog/catalog.rb

@@ -126,6 +126,10 @@ module Watobo#:nodoc: all
             count = 0
             @dbvars.each_key do |k| dummy << k; end
             pattern = "(#{dummy.join("|")})" if dummy.length > 0
+            @catalog_checks.each do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers|
+               next if uri =~ /\/$/
+               @catalog_checks << [ dbid, osvdb, threat, "#{uri}/", method, match, or_match, and_match, fail, or_fail, summary, post_data, headers ]    
+            end
             @catalog_checks.each do |dbid, osvdb, threat, uri, method, match, or_match, and_match, fail, or_fail, summary, post_data, headers|
 
               if pattern and uri =~ /(#{pattern})/
@@ -740,7 +744,7 @@ module Watobo#:nodoc: all
       end
       
       def start_update_timer
-         @timer = FXApp.instance.addTimeout( 250, :repeat => true) {
+         @timer = FXApp.instance.addTimeout( 1000, :repeat => true) {
            unless @scanner.nil?
              progress = @scanner.progress
              sum_progress = progress.values.inject(0){|i, v|  i += v[:progress] }
@@ -750,7 +754,8 @@ module Watobo#:nodoc: all
             if @scanner.finished?             
               msg = "Scan Finished!"              
               @log_viewer.log(LOG_INFO, msg)
-              Watobo.log(msg, :sender => "Catalog")              
+              Watobo.log(msg, :sender => "Catalog")
+              @scanner.stop              
               @scanner = nil
               reset_pbar()
                

data/plugins/crawler/gui/auth_frame.rb

@@ -113,6 +113,21 @@ module Watobo#:nodoc: all
           def clearEvents(event)
             @event_dispatcher_listener[event].clear
           end
+          
+          def set(settings)
+            return false unless settings.has_key? :auth_type
+            if settings[:auth_type] == :basic
+              @auth_type_dt.value = 1
+              @basic_auth_user_txt.text = settings.has_key?(:username) ? settings[:username] : ""
+              pw = settings.has_key?(:password) ? settings[:password] : ""
+              @basic_auth_passwd_txt.text = pw
+              @basic_auth_retype_txt.text = pw
+              
+            end
+             @switcher.current = @auth_type_dt.value
+             update_form
+             return true
+          end
 
           def to_h
             a = case @auth_type_dt.value
@@ -141,13 +156,13 @@ module Watobo#:nodoc: all
 
           end
 
-          def set(settings)
-            @form_auth_url_txt.text = settings[:form_auth_url].to_s if settings.has_key? :form_auth_url
-            update_form
-          end
+         # def set(settings)
+         #   @form_auth_url_txt.text = settings[:form_auth_url].to_s if settings.has_key? :form_auth_url
+         #   update_form
+         # end
 
           def update_form
-            [   @form_auth_url_txt ].each do |e|
+            [ @form_auth_url_txt, @no_auth_rb, @basic_auth_rb, @form_auth_rb ].each do |e|
               e.handle(self, FXSEL(SEL_UPDATE, 0), nil)
             end
           end

data/plugins/crawler/gui/crawler_gui.rb

@@ -72,7 +72,7 @@ module Watobo#:nodoc: all
           @settings_tabbook.setCurrent index
         end
 
-        def initialize(owner, project=nil)
+        def initialize(owner, project=nil, chat=nil)
           super(owner, "Crawler", project, :opts => DECOR_ALL, :width=>800, :height=>600)
           @plugin_name = "Crawler"
           @project = project
@@ -83,13 +83,14 @@ module Watobo#:nodoc: all
             :link_size => 0,
             :skipped_domains => 0
           }
+          @cookie_jar = nil
 
           main = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
           FXLabel.new(main, "Start URL, e.g. http://my.target.to/scan/:")
           frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
           #  FXLabel.new(frame, "http://")
           @url_txt = FXTextField.new(frame, 60, nil, 0, :opts => TEXTFIELD_NORMAL|LAYOUT_SIDE_RIGHT|LAYOUT_FILL_X)
-
+          
           @start_button = FXButton.new(frame, "start", :opts => BUTTON_DEFAULT|BUTTON_NORMAL )
           @start_button.disable
 
@@ -101,13 +102,7 @@ module Watobo#:nodoc: all
           }
 
           @url_txt.connect(SEL_CHANGED){
-            if url_valid?
-              
-            @start_button.enable
-            else
-              @start_button.disable
-             # Watobo::Plugin::Crawler.start_url = nil
-            end
+           update_url_state
           }
 
           @start_button.connect(SEL_COMMAND){ |sender, sel, item|
@@ -125,6 +120,42 @@ module Watobo#:nodoc: all
           @settings_tabbook.general.set @crawler.settings
           @settings_tabbook.auth.crawler = @crawler
           @settings_tabbook.scope.set @crawler.settings
+          
+          unless chat.nil?
+            begin
+            url = chat.request.url
+            @url_txt.text = "#{url}"
+            chat.request.headers("Authorization"){ |h|            
+              if h =~ /Basic (.*)/i
+                user, pw = Base64.decode64($1).strip.split(":")
+                auth = { :username => user,
+                         :password => pw,
+                         :auth_type => :basic
+                         }
+               @settings_tabbook.auth.set(auth)
+              end
+            }
+            unless chat.request.cookies.empty?
+              @cookie_jar = Mechanize::CookieJar.new
+              domain = chat.request.host
+              
+              chat.request.cookies.each do |c|
+                name, value = c.split("=")
+                cprefs = { :domain => domain,
+                           :name => name,
+                           :value => value,
+                           :path => '/',
+                           :expires => (Date.today+1).to_s
+                         }
+                 cookie = Mechanize::Cookie.new cprefs
+                 @cookie_jar << cookie
+              end
+            end
+            rescue => bang
+              puts bang
+              puts bang.backtrace
+            end
+          end
 
           @log_viewer = @settings_tabbook.log_viewer
 
@@ -142,10 +173,22 @@ module Watobo#:nodoc: all
               @log_viewer.log(LOG_INFO, msg)
             }
           end
+          
+          update_url_state
 
         end
 
         private
+        
+        def update_url_state
+           if url_valid?
+              
+            @start_button.enable
+            else
+              @start_button.disable
+             # Watobo::Plugin::Crawler.start_url = nil
+            end
+        end
 
         def remove_update_timer
           app = FXApp.instance
@@ -265,6 +308,10 @@ module Watobo#:nodoc: all
           prefs.update scope_settings
           prefs.update general_settings
           prefs.update hook_settings
+          
+          unless @cookie_jar.nil?
+            prefs[:cookie_jar] = @cookie_jar
+          end
 
           add_update_timer(250)
 

data/plugins/crawler/lib/engine.rb

@@ -134,10 +134,6 @@ module Watobo#:nodoc: all
         @opts.update opts
         @opts[:head_request_pattern] = '' if @opts[:head_request_pattern].nil? 
         
-        if $DEBUG
-        puts "* initializing crawler engine"
-        puts @opts.to_yaml
-        end
         @stats = {
           :total_requests => 0
         }
@@ -184,7 +180,11 @@ false
         @engine_status = CRAWL_RUNNING
         
         @opts.update opts
-        @opts[:head_request_pattern] = '' if @opts[:head_request_pattern].nil? 
+        @opts[:head_request_pattern] = '' if @opts[:head_request_pattern].nil?
+        
+        puts "crawler settings:"
+        puts @opts.to_json
+ 
 
         @link_queue = Queue.new
         @page_queue = Queue.new
@@ -204,12 +204,8 @@ false
 
         @link_queue.enq LinkBag.new(start_link, 0)
 
-puts "[Crawler] Engine Settings:"
-@opts.each do |k,v|  
-    puts "#{k}: #{v}"
-end
-puts "---"
- notify(:log, "Crawling #{url} started ..." )
+
+        notify(:log, "Crawling #{url} started ..." )
 
         @opts[:max_threads].times do |i|
           g = Grabber.new(@link_queue, @page_queue, @opts )
@@ -295,7 +291,8 @@ end
         page.links.each do |l|
           begin
           link = l
-          
+          next if l.href.nil?
+           
           link = page.uri.merge l.uri unless l.href =~ /^http/
         #  puts "FOLLOW LINK #{link} ?"
           if follow_link? link
@@ -306,6 +303,7 @@ end
           end 
           rescue => bang
             puts bang
+            puts bang.backtrace if $DEBUG            
           end
         end
 
@@ -415,11 +413,11 @@ end
 def url_allowed?(uri)   
  # puts "* excluded_urls"
  # puts exluded_urls
-  return false if excluded_urls.select{ |url| uri.path =~ /#{url}/ }.length > 0
+  return false if excluded_urls.select{ |url| uri.path_ext =~ /#{url}/ }.length > 0
  # puts "* allowed_urls"
  # puts allowed_urls  
   return true if allowed_urls.empty?
-  return true if allowed_urls.select{ |url| uri.path =~ /#{url}/ }.length > 0
+  return true if allowed_urls.select{ |url| uri.path_ext =~ /#{url}/ }.length > 0
  # puts "> URL is NOT allowed"
   return false
 end

data/plugins/filefinder/dbs/sap.db

@@ -0,0 +1,157 @@
+# http://blog.csdn.net/cnbird2008/article/details/7386333
+/rep/build_info.html
+/rep/build_info.jsp
+/run/build_info.html
+/run/build_info.jsp
+/rwb/version.html
+/sap/bc/bsp/esh_os_service/favicon.gif
+/sap/bc/bsp/sap
+/sap/bc/bsp/sap/alertinbox
+/sap/bc/bsp/sap/bsp_dlc_frcmp
+/sap/bc/bsp/sap/bsp_veri
+/sap/bc/bsp/sap/bsp_verificatio
+/sap/bc/bsp/sap/bsp_wd_base
+/sap/bc/bsp/sap/bspwd_basics
+/sap/bc/bsp/sap/certmap
+/sap/bc/bsp/sap/certreq
+/sap/bc/bsp/sap/crm_bsp_frame
+/sap/bc/bsp/sap/crmcmp_bpident/
+/sap/bc/bsp/sap/crmcmp_brfcase
+/sap/bc/bsp/sap/crmcmp_hdr
+/sap/bc/bsp/sap/crmcmp_hdr_std
+/sap/bc/bsp/sap/crmcmp_ic_frame
+/sap/bc/bsp/sap/crm_thtmlb_util
+/sap/bc/bsp/sap/crm_ui_frame
+/sap/bc/bsp/sap/crm_ui_start
+/sap/bc/bsp/sap/esh_sap_link
+/sap/bc/bsp/sap/esh_sapgui_exe
+/sap/bc/bsp/sap/graph_bsp_test
+/sap/bc/bsp/sap/graph_bsp_test/Mimes
+/sap/bc/bsp/sap/gsbirp
+/sap/bc/bsp/sap/htmlb_samples
+/sap/bc/bsp/sap/iccmp_bp_cnfirm
+/sap/bc/bsp/sap/iccmp_hdr_cntnr
+/sap/bc/bsp/sap/iccmp_hdr_cntnt
+/sap/bc/bsp/sap/iccmp_header
+/sap/bc/bsp/sap/iccmp_ssc_ll/
+/sap/bc/bsp/sap/ic_frw_notify
+/sap/bc/bsp/sap/it00
+/sap/bc/bsp/sap/public/bc
+/sap/bc/bsp/sap/public/graphics
+/sap/bc/bsp/sap/sam_demo
+/sap/bc/bsp/sap/sam_notifying
+/sap/bc/bsp/sap/sam_sess_queue
+/sap/bc/bsp/sap/sbspext_htmlb
+/sap/bc/bsp/sap/sbspext_xhtmlb
+/sap/bc/bsp/sap/spi_admin
+/sap/bc/bsp/sap/spi_monitor
+/sap/bc/bsp/sap/sxms_alertrules
+/sap/bc/bsp/sap/system
+/sap/bc/bsp/sap/thtmlb_scripts
+/sap/bc/bsp/sap/thtmlb_styles
+/sap/bc/bsp/sap/uicmp_ltx
+/sap/bc/bsp/sap/xmb_bsp_log
+/sap/bc/contentserver
+/sap/bc/echo
+/sap/bc/error
+/sap/bc/FormToRfc
+/sap/bc/graphics/net
+/sap/bc/gui/sap/its/CERTREQ
+/sap/bc/gui/sap/its/designs
+/sap/bc/gui/sap/its/webgui
+/sap/bc/IDoc_XML
+/sap/bc/ping
+/sap/bc/report
+/sap/bc/soap/ici
+/sap/bc/soap/rfc
+/sap/bc/srt/IDoc
+/sap/bc/wdvd
+/sap/bc/webdynpro/sap/apb_launchpad
+/sap/bc/webdynpro/sap/apb_launchpad_nwbc
+/sap/bc/webdynpro/sap/apb_lpd_light_start
+/sap/bc/webdynpro/sap/apb_lpd_start_url
+/sap/bc/webdynpro/sap/application_exit
+/sap/bc/webdynpro/sap/appl_log_trc_viewer
+/sap/bc/webdynpro/sap/appl_soap_management
+/sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
+/sap/bc/webdynpro/sap/cnp_light_test
+/sap/bc/webdynpro/sap/configure_application
+/sap/bc/webdynpro/sap/configure_component
+/sap/bc/webdynpro/sap/esh_search_results.ui
+/sap/bc/webdynpro/sap/esh_adm_smoketest_ui
+/sap/bc/webdynpro/sap/sh_adm_smoketest_files
+/sap/bc/webdynpro/sap/esh_eng_modelling
+/sap/bc/webdynpro/sap/esh_admin_ui_component
+/sap/bc/webdynpro/sap/wdhc_application
+/sap/bc/webdynpro/sap/wd_analyze_config_appl
+/sap/bc/webdynpro/sap/wd_analyze_config_comp
+/sap/bc/webdynpro/sap/wd_analyze_config_user
+/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
+/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
+/sap/bc/webdynpro/sap/wdr_test_popups_rt
+/sap/bc/webdynpro/sap/WDR_TEST_TABLE
+/sap/bc/webdynpro/sap/wdr_test_ui_elements
+/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
+/sap/bc/webrfc
+/sap/bc/xrfc
+/sap/bc/xrfc_test
+/sap/es/cockpit
+/sap/es/getdocument
+/sap/es/opensearch
+/sap/es/opensearch/description
+/sap/es/opensearch/list
+/sap/es/opensearch/search
+/sap/es/saplink
+/sap/es/search
+/sap/es/redirect
+/sap/crm
+/sap/public/bc
+/sap/public/bc/icons
+/sap/public/bc/icons_rtl
+/sap/public/bc/its/mimes
+/sap/public/bc/its/mimes/system/SL/page/hourglass.html
+/sap/public/bc/its/mobile/itsmobile00
+/sap/public/bc/its/mobile/itsmobile01
+/sap/public/bc/its/mobile/rfid
+/sap/public/bc/its/mobile/start
+/sap/public/bc/its/mobile/test
+/sap/public/bc/NWDEMO_MODEL
+/sap/public/bc/NW_ESH_TST_AUTO
+/sap/public/bc/pictograms
+/sap/public/bc/sicf_login_run
+/sap/public/bc/trex
+/sap/public/bc/ur
+/sap/public/bc/wdtracetool
+/sap/public/bc/webdynpro/adobechallenge
+/sap/public/bc/webdynpro/mimes
+/sap/public/bc/webdynpro/ssr
+/sap/public/bc/webdynpro/viewdesigner
+/sap/public/bc/webicons
+/sap/public/bc/workflow
+/sap/public/bc/workflow/shortcut
+/sap/public/bsp/sap
+/sap/public/bsp/sap/htmlb
+/sap/public/bsp/sap/public
+/sap/public/bsp/sap/public/bc
+/sap/public/bsp/sap/public/faa
+/sap/public/bsp/sap/public/graphics
+/sap/public/bsp/sap/public/graphics/jnet_handler
+/sap/public/bsp/sap/public/graphics/mimes
+/sap/public/bsp/sap/system
+/sap/public/bsp/sap/system_public
+/sap/public/icf_check
+/sap/public/icf_info
+/sap/public/icf_info/icr_groups
+/sap/public/icf_info/icr_urlprefix
+/sap/public/icf_info/logon_groups
+/sap/public/icf_info/urlprefix
+/sap/public/icman
+/sap/public/info
+/sap/public/myssocntl
+/sap/public/ping
+/sap/webcuif
+# https://code.google.com/p/golismero/source/browse/wordlist/wfuzz/Discovery/SAP.fuzz.txt
+/sap/public/icman/ping
+/sap/admin
+/sap/wdisp/admin
+/scripts/wgate

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: watobo
 version: !ruby/object:Gem::Version
-  version: 0.9.14
+  version: 0.9.15
   prerelease: 
 platform: ruby
 authors:
@@ -9,8 +9,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-05 00:00:00.000000000 Z
+date: 2013-10-01 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: mechanize
   requirement: !ruby/object:Gem::Requirement
@@ -85,6 +101,7 @@ files:
 - lib/watobo/core/cert_store.rb
 - lib/watobo/core/chat.rb
 - lib/watobo/core/chats.rb
+- lib/watobo/core/client_cert_store.rb
 - lib/watobo/core/conversation.rb
 - lib/watobo/core/cookie.rb
 - lib/watobo/core/finding.rb
@@ -270,6 +287,8 @@ files:
 - modules/active/sqlinjection/sqli_error.rb
 - modules/active/sqlinjection/sqli_timing.rb
 - modules/active/sqlinjection/sql_boolean.rb
+- modules/active/struts2/default_handler_ognl.rb
+- modules/active/struts2/include_params_ognl.rb
 - modules/active/xml/xml_xxe.rb
 - modules/active/xss/xss_ng.rb
 - modules/active/xss/xss_simple.rb
@@ -294,6 +313,7 @@ files:
 - modules/passive/possible_login.rb
 - modules/passive/redirectionz.rb
 - modules/passive/redirect_url.rb
+- modules/passive/sap-headers.rb
 - modules/passive/xss_dom.rb
 - plugins/catalog/catalog.ico
 - plugins/catalog/catalog.rb
@@ -315,6 +335,7 @@ files:
 - plugins/crawler/lib/grabber.rb
 - plugins/crawler/lib/uri_mp.rb
 - plugins/filefinder/dbs/hbci.db
+- plugins/filefinder/dbs/sap.db
 - plugins/filefinder/dbs/well_known.db
 - plugins/filefinder/filefinder.rb
 - plugins/sqlmap/bin/test.rb