RubyGems - watobo - Versions diffs - 0.9.21 → 0.9.23 - Mend

watobo 0.9.21 → 0.9.23

Files changed (283) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +46 -1
data/bin/nfq_server.rb +0 -9
data/bin/watobo_gui.rb +3 -13
data/custom-views/prettify-json.rb +9 -18
data/icons/watobo.ico +0 -0
data/icons/watobo.ico.old +0 -0
data/lib/watobo.rb +10 -19
data/lib/watobo/adapters.rb +5 -14
data/lib/watobo/adapters/data_store.rb +50 -59
data/lib/watobo/adapters/file/file_store.rb +287 -296
data/lib/watobo/adapters/file/marshal_store.rb +293 -296
data/lib/watobo/adapters/session_store.rb +5 -14
data/lib/watobo/ca.rb +1 -10
data/lib/watobo/config.rb +197 -206
data/lib/watobo/constants.rb +0 -9
data/lib/watobo/core.rb +3 -12
data/lib/watobo/core/active_check.rb +72 -135
data/lib/watobo/core/active_checks.rb +49 -58
data/lib/watobo/core/ca.rb +369 -389
data/lib/watobo/core/cert_store.rb +34 -43
data/lib/watobo/core/chat.rb +92 -101
data/lib/watobo/core/chats.rb +271 -280
data/lib/watobo/core/client_cert_store.rb +106 -35
data/lib/watobo/core/conversation.rb +48 -57
data/lib/watobo/core/cookie.rb +23 -32
data/lib/watobo/core/egress_handlers.rb +98 -0
data/lib/watobo/core/finding.rb +66 -75
data/lib/watobo/core/findings.rb +107 -114
data/lib/watobo/core/forwarding_proxy.rb +13 -22
data/lib/watobo/core/fuzz_gen.rb +0 -9
data/lib/watobo/core/intercept_carver.rb +166 -177
data/lib/watobo/core/intercept_filter.rb +235 -244
data/lib/watobo/core/interceptor.rb +98 -107
data/lib/watobo/core/min_class.rb +4 -13
data/lib/watobo/core/netfilter_queue.rb +170 -179
data/lib/watobo/core/ott_cache.rb +132 -141
data/lib/watobo/core/parameter.rb +43 -52
data/lib/watobo/core/passive_check.rb +103 -102
data/lib/watobo/core/passive_checks.rb +48 -57
data/lib/watobo/core/passive_scanner.rb +54 -55
data/lib/watobo/core/plugin.rb +11 -20
data/lib/watobo/core/project.rb +3 -9
data/lib/watobo/core/proxy.rb +43 -52
data/lib/watobo/core/request.rb +125 -123
data/lib/watobo/core/response.rb +44 -53
data/lib/watobo/core/scanner.rb +0 -9
data/lib/watobo/core/scanner3.rb +405 -414
data/lib/watobo/core/scope.rb +83 -92
data/lib/watobo/core/session.rb +1043 -1026
data/lib/watobo/core/sid_cache.rb +98 -107
data/lib/watobo/core/subscriber.rb +25 -34
data/lib/watobo/defaults.rb +21 -30
data/lib/watobo/external/diff/lcs.rb +0 -9
data/lib/watobo/external/diff/lcs/array.rb +0 -9
data/lib/watobo/external/diff/lcs/block.rb +0 -9
data/lib/watobo/external/diff/lcs/callbacks.rb +0 -9
data/lib/watobo/external/diff/lcs/change.rb +0 -9
data/lib/watobo/external/diff/lcs/hunk.rb +0 -9
data/lib/watobo/external/diff/lcs/ldiff.rb +0 -9
data/lib/watobo/external/diff/lcs/string.rb +0 -9
data/lib/watobo/externals.rb +6 -15
data/lib/watobo/framework.rb +4 -13
data/lib/watobo/framework/create_project.rb +60 -69
data/lib/watobo/framework/init.rb +0 -9
data/lib/watobo/framework/init_modules.rb +0 -9
data/lib/watobo/framework/license_text.rb +28 -37
data/lib/watobo/framework/load_chat.rb +13 -22
data/lib/watobo/gui.rb +132 -123
data/lib/watobo/gui/about_watobo.rb +0 -9
data/lib/watobo/gui/browser_preview.rb +0 -9
data/lib/watobo/gui/certificate_dialog.rb +0 -9
data/lib/watobo/gui/chat_diff.rb +0 -9
data/lib/watobo/gui/chatviewer_frame.rb +73 -72
data/lib/watobo/gui/checkboxtree.rb +0 -9
data/lib/watobo/gui/checks_policy_frame.rb +0 -9
data/lib/watobo/gui/client_cert_dialog.rb +96 -87
data/lib/watobo/gui/confirm_scan_dialog.rb +0 -9
data/lib/watobo/gui/conversation_table.rb +158 -164
data/lib/watobo/gui/conversation_table_ctrl.rb +207 -216
data/lib/watobo/gui/conversation_table_ctrl2.rb +373 -382
data/lib/watobo/gui/csrf_token_dialog.rb +0 -9
data/lib/watobo/gui/custom_viewer.rb +374 -383
data/lib/watobo/gui/dashboard.rb +296 -303
data/lib/watobo/gui/define_scope_frame.rb +0 -9
data/lib/watobo/gui/differ_frame.rb +215 -224
data/lib/watobo/gui/edit_comment.rb +0 -9
data/lib/watobo/gui/edit_scope_dialog.rb +0 -9
data/lib/watobo/gui/export_dialog.rb +104 -113
data/lib/watobo/gui/finding_info.rb +0 -9
data/lib/watobo/gui/findings_tree.rb +210 -217
data/lib/watobo/gui/full_scan_dialog.rb +0 -9
data/lib/watobo/gui/fuzzer_gui.rb +1295 -1313
data/lib/watobo/gui/fxsave_thread.rb +14 -0
data/lib/watobo/gui/goto_url_dialog.rb +70 -79
data/lib/watobo/gui/hex_viewer.rb +0 -9
data/lib/watobo/gui/html_viewer.rb +287 -296
data/lib/watobo/gui/intercept_filter_dialog.rb +188 -197
data/lib/watobo/gui/interceptor_gui.rb +1041 -1051
data/lib/watobo/gui/interceptor_settings_dialog.rb +0 -9
data/lib/watobo/gui/json_viewer.rb +287 -0
data/lib/watobo/gui/list_box.rb +101 -110
data/lib/watobo/gui/log_file_viewer.rb +32 -41
data/lib/watobo/gui/log_viewer.rb +83 -88
data/lib/watobo/gui/login_wizzard.rb +0 -9
data/lib/watobo/gui/main_window.rb +587 -618
data/lib/watobo/gui/manual_request_editor.rb +620 -565
data/lib/watobo/gui/master_pw_dialog.rb +0 -9
data/lib/watobo/gui/mixins/gui_settings.rb +29 -38
data/lib/watobo/gui/page_tree.rb +217 -226
data/lib/watobo/gui/password_policy_dialog.rb +0 -9
data/lib/watobo/gui/plugin_board.rb +0 -9
data/lib/watobo/gui/preferences_dialog.rb +0 -9
data/lib/watobo/gui/progress_window.rb +17 -27
data/lib/watobo/gui/project_wizzard.rb +0 -9
data/lib/watobo/gui/proxy_dialog.rb +1 -10
data/lib/watobo/gui/quick_scan_dialog.rb +0 -9
data/lib/watobo/gui/request_builder_frame.rb +102 -111
data/lib/watobo/gui/request_editor.rb +181 -137
data/lib/watobo/gui/rewrite_filters_dialog.rb +394 -403
data/lib/watobo/gui/rewrite_rules_dialog.rb +372 -381
data/lib/watobo/gui/save_chat_dialog.rb +140 -149
data/lib/watobo/gui/scanner_settings_dialog.rb +0 -9
data/lib/watobo/gui/select_chat_dialog.rb +0 -9
data/lib/watobo/gui/session_management_dialog.rb +0 -9
data/lib/watobo/gui/sites_tree.rb +0 -9
data/lib/watobo/gui/status_bar.rb +0 -9
data/lib/watobo/gui/table_editor.rb +0 -9
data/lib/watobo/gui/tagless_viewer.rb +0 -9
data/lib/watobo/gui/templates/plugin.rb +0 -9
data/lib/watobo/gui/templates/plugin2.rb +92 -100
data/lib/watobo/gui/templates/plugin_base.rb +144 -153
data/lib/watobo/gui/text_viewer.rb +0 -9
data/lib/watobo/gui/transcoder_window.rb +0 -9
data/lib/watobo/gui/utils/gui_utils.rb +0 -9
data/lib/watobo/gui/utils/init_icons.rb +86 -95
data/lib/watobo/gui/utils/load_icons.rb +33 -42
data/lib/watobo/gui/utils/load_plugins.rb +116 -119
data/lib/watobo/gui/utils/master_password.rb +68 -77
data/lib/watobo/gui/utils/save_default_settings.rb +113 -122
data/lib/watobo/gui/utils/save_project_settings.rb +0 -9
data/lib/watobo/gui/utils/save_proxy_settings.rb +41 -50
data/lib/watobo/gui/utils/save_scanner_settings.rb +18 -27
data/lib/watobo/gui/utils/session_history.rb +112 -121
data/lib/watobo/gui/workspace_dialog.rb +0 -9
data/lib/watobo/gui/www_auth_dialog.rb +0 -9
data/lib/watobo/gui/xml_viewer_frame.rb +0 -9
data/lib/watobo/http.rb +4 -13
data/lib/watobo/http/cookies/cookies.rb +26 -35
data/lib/watobo/http/data/data.rb +45 -54
data/lib/watobo/http/data/json.rb +47 -55
data/lib/watobo/http/url/url.rb +38 -47
data/lib/watobo/http/xml/xml.rb +124 -130
data/lib/watobo/interceptor.rb +3 -12
data/lib/watobo/interceptor/proxy.rb +742 -739
data/lib/watobo/interceptor/transparent.rb +22 -24
data/lib/watobo/mixins.rb +10 -19
data/lib/watobo/mixins/check_info.rb +27 -36
data/lib/watobo/mixins/httpparser.rb +613 -637
data/lib/watobo/mixins/request_parser.rb +88 -97
data/lib/watobo/mixins/shapers.rb +515 -529
data/lib/watobo/mixins/transcoders.rb +3 -11
data/lib/watobo/parser.rb +1 -10
data/lib/watobo/parser/html.rb +83 -92
data/lib/watobo/patch_fxruby_setfocus.rb +26 -0
data/lib/watobo/sockets.rb +3 -12
data/lib/watobo/sockets/agent.rb +828 -837
data/lib/watobo/sockets/client_socket.rb +308 -312
data/lib/watobo/sockets/connection.rb +401 -410
data/lib/watobo/sockets/http_socket.rb +11 -13
data/lib/watobo/sockets/ntlm_auth.rb +129 -138
data/lib/watobo/utils.rb +10 -19
data/lib/watobo/utils/check_regex.rb +0 -9
data/lib/watobo/utils/copy_object.rb +0 -9
data/lib/watobo/utils/crypto.rb +0 -9
data/lib/watobo/utils/expand_range.rb +23 -32
data/lib/watobo/utils/export_xml.rb +97 -106
data/lib/watobo/utils/file_management.rb +9 -11
data/lib/watobo/utils/hexprint.rb +9 -18
data/lib/watobo/utils/load_chat.rb +0 -9
data/lib/watobo/utils/load_icon.rb +0 -9
data/lib/watobo/utils/ntlm.rb +866 -875
data/lib/watobo/utils/print_debug.rb +12 -21
data/lib/watobo/utils/response_builder.rb +90 -99
data/lib/watobo/utils/response_hash.rb +0 -9
data/lib/watobo/utils/secure_eval.rb +0 -9
data/lib/watobo/utils/strings.rb +10 -19
data/lib/watobo/utils/text2request.rb +0 -9
data/lib/watobo/utils/url.rb +23 -32
data/lib/watobo/utils/utf16.rb +11 -20
data/modules/active/Apache/mod_status.rb +0 -9
data/modules/active/Apache/multiview.rb +151 -160
data/modules/active/Flash/crossdomain.rb +0 -9
data/modules/active/JWT/jwt_oauth2_none.rb +111 -0
data/modules/active/cq5/cq5_default_selectors.rb +106 -115
data/modules/active/cq5/cqp_user_enumeration.rb +125 -134
data/modules/active/directories/dirwalker.rb +0 -9
data/modules/active/discovery/fileextensions.rb +0 -9
data/modules/active/discovery/http_methods.rb +0 -9
data/modules/active/discovery/jsmapfiles.rb +79 -0
data/modules/active/domino/domino_db.rb +68 -76
data/modules/active/dotNET/custom_errors.rb +102 -111
data/modules/active/dotNET/dotnet_files.rb +90 -99
data/modules/active/fileinclusion/lfi_simple.rb +0 -9
data/modules/active/jboss/jboss_basic.rb +0 -9
data/modules/active/sap/business_objects.rb +51 -60
data/modules/active/sap/its_commands.rb +0 -9
data/modules/active/sap/its_service_parameter.rb +0 -9
data/modules/active/sap/its_services.rb +0 -9
data/modules/active/sap/its_xss.rb +0 -9
data/modules/active/shell_shock/shell_shock.rb +139 -148
data/modules/active/siebel/siebel_apps.rb +160 -169
data/modules/active/sqlinjection/sql_boolean.rb +0 -9
data/modules/active/sqlinjection/sql_numerical.rb +198 -0
data/modules/active/sqlinjection/sqli_error.rb +0 -9
data/modules/active/sqlinjection/sqli_timing.rb +220 -229
data/modules/active/struts2/default_handler_ognl.rb +106 -115
data/modules/active/struts2/include_params_ognl.rb +105 -114
data/modules/active/xml/xml_xxe.rb +112 -123
data/modules/active/xss/xss_ng.rb +214 -223
data/modules/active/xss/xss_simple.rb +0 -9
data/modules/passive/ajax.rb +68 -77
data/modules/passive/autocomplete.rb +56 -65
data/modules/passive/cookie_options.rb +0 -9
data/modules/passive/cookie_xss.rb +0 -9
data/modules/passive/detect_code.rb +0 -9
data/modules/passive/detect_fileupload.rb +0 -9
data/modules/passive/detect_infrastructure.rb +0 -9
data/modules/passive/detect_one_time_tokens.rb +0 -9
data/modules/passive/dirindexing.rb +0 -9
data/modules/passive/disclosure_domino.rb +55 -64
data/modules/passive/disclosure_emails.rb +0 -9
data/modules/passive/disclosure_ipaddr.rb +55 -53
data/modules/passive/filename_as_parameter.rb +0 -9
data/modules/passive/form_spotter.rb +0 -9
data/modules/passive/hidden_fields.rb +50 -59
data/modules/passive/hotspots.rb +0 -9
data/modules/passive/in_script_parameter.rb +0 -9
data/modules/passive/json_web_token.rb +93 -0
data/modules/passive/multiple_server_headers.rb +0 -9
data/modules/passive/possible_login.rb +0 -9
data/modules/passive/redirect_url.rb +0 -9
data/modules/passive/redirectionz.rb +0 -9
data/modules/passive/sap-headers.rb +56 -65
data/modules/passive/xss_dom.rb +0 -9
data/plugins/aem/aem.rb +11 -20
data/plugins/aem/gui/main.rb +118 -127
data/plugins/aem/gui/tree_view.rb +171 -180
data/plugins/aem/lib/agent.rb +130 -138
data/plugins/aem/lib/dispatcher.rb +45 -51
data/plugins/aem/lib/engine.rb +177 -186
data/plugins/catalog/catalog.rb +345 -355
data/plugins/crawler/crawler.rb +4 -13
data/plugins/crawler/gui.rb +5 -14
data/plugins/crawler/gui/auth_frame.rb +270 -279
data/plugins/crawler/gui/crawler_gui.rb +271 -276
data/plugins/crawler/gui/general_settings_frame.rb +96 -105
data/plugins/crawler/gui/hooks_frame.rb +80 -89
data/plugins/crawler/gui/scope_frame.rb +50 -59
data/plugins/crawler/gui/settings_tabbook.rb +38 -47
data/plugins/crawler/gui/status_frame.rb +59 -68
data/plugins/crawler/lib/bags.rb +18 -27
data/plugins/crawler/lib/constants.rb +11 -20
data/plugins/crawler/lib/engine.rb +488 -497
data/plugins/crawler/lib/grabber.rb +68 -77
data/plugins/crawler/lib/status.rb +71 -80
data/plugins/crawler/lib/uri_mp.rb +12 -21
data/plugins/filefinder/filefinder.rb +326 -333
data/plugins/sqlmap/bin/test.rb +78 -87
data/plugins/sqlmap/gui.rb +4 -13
data/plugins/sqlmap/gui/main.rb +218 -227
data/plugins/sqlmap/gui/options_frame.rb +97 -106
data/plugins/sqlmap/lib/sqlmap_ctrl.rb +90 -100
data/plugins/sqlmap/sqlmap.rb +2 -11
data/plugins/sslchecker/cli/sslchecker_cli.rb +0 -9
data/plugins/sslchecker/gui/cipher_table.rb +246 -254
data/plugins/sslchecker/gui/gui.rb +258 -264
data/plugins/sslchecker/gui/sslchecker.rb +4 -13
data/plugins/sslchecker/lib/check.rb +127 -133
data/plugins/wshell/gui/main.rb +119 -117
data/plugins/wshell/lib/core.rb +38 -88
data/plugins/wshell/wshell.rb +11 -20
metadata +170 -164

data/lib/watobo/adapters/file/marshal_store.rb CHANGED

@@ -1,297 +1,294 @@
-#.
-# marshal_store.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# @private
-module Watobo#:nodoc: all
-  class FileSessionStore < SessionStore
-    def num_chats
-      get_file_list(@conversation_path, "*-chat*").length
-    end
-    def num_findings
-      get_file_list(@findings_path, "*-finding*").length
-    end
-    def add_finding(finding)
-      return false unless finding.respond_to? :request
-      return false unless finding.respond_to? :response
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
-      unless File.exists?(finding_file)
-        save_finding(finding_file, finding)
-        return true
-      end
-      false
-    end
-    def delete_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
-      File.delete finding_file if File.exist? finding_file
-      file = finding_file + ".yml"
-      File.delete file if File.exist? file
-      file = finding_file + ".mrs"
-      File.delete file if File.exist? file
-    end
-    def save_finding(fname, finding)
-      File.open(fname, 'wb'){|f|
-        f.print Marshal::dump(finding.to_h)
-        }
-    end
-    def update_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
-      if File.exists?(finding_file) then
-        save_finding(finding_file, finding)
-      end
-    end
-    # add_scan_log
-    # adds a chat to a specific log store, e.g. if you want to log scan results.
-    # needs a scan_name (STRING) as its destination which will be created
-    # if the scan name does not exist.
-    def add_scan_log(chat, scan_name = nil)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
-      begin
-        return false if scan_name.nil?
-        return false if scan_name.empty?
-        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
-        # puts ">> scan_name"
-        path = File.join(@scanlog_path, scan_name_clean)
-        Dir.mkdir path unless File.exist? path
-        file = File.join( path, "log_" + Time.now.to_f.to_s + ".mrs")
-        unless File.exists?(file)
-          File.open(file, "wb") { |fh|
-            fh.print Marshal::dump(chat.to_h)
-          }
-        end
-        return true
-      rescue => bang
-        puts bang
-        puts bang.backtrace if $DEBUG
-      end
-      return false
-    end
-    def add_chat(chat)
-      return false unless chat_valid? chat
-      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.mrs")
-      unless File.exists?(chat_file)
-        File.open(chat_file, "wb") { |fh|
-          fh.print Marshal::dump(chat.to_h)
-        }
-      chat.file = chat_file
-      return true
-      end
-      return false
-    end
-    def each_chat(&block)
-      list = get_file_list(@conversation_path, "*-chat*")
-      list.each do |fname|
-        #puts
-        chat = nil
-        if fname =~ /\.mrs$/
-          chat = Watobo::Utils.loadChatMarshal(fname)
-        elsif fname =~ /\.yml$/
-          chat = Watobo::Utils.loadChatYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
-        end
-        next if chat.nil?
-        yield chat if block_given?
-      end
-    end
-    def each_finding(&block)
-      list = get_file_list(@findings_path, "*-finding*")
-      list.each do |fname|
-        f = nil
-        if fname =~ /\.mrs$/
-          f = Watobo::Utils.loadFindingMarshal(fname)
-        elsif fname =~ /\.yml$/
-          f = Watobo::Utils.loadFindingYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
-        end
-        next if f.nil?
-        yield f if block_given?
-      end
-    end
-    def initialize(project_name, session_name)
-      wsp = Watobo.workspace_path
-      return false unless File.exist? wsp
-      puts "* using workspace path: #{wsp}" if $DEBUG
-      @log_file = nil
-      @log_lock = Mutex.new
-      @project_path = File.join(wsp, project_name)
-      unless File.exist? @project_path
-        puts "* create project path: #{@project_path}" if $DEBUG
-        Dir.mkdir(@project_path)
-      end
-      @project_config_path = File.join(@project_path, ".config")
-      Dir.mkdir @project_config_path unless File.exist? @project_config_path
-      @session_path = File.join(@project_path, session_name)
-      unless File.exist? @session_path
-        puts "* create session path: #{@session_path}" if $DEBUG
-        Dir.mkdir(@session_path)
-      end
-      @session_config_path = File.join(@session_path, ".config")
-      Dir.mkdir @session_config_path unless File.exist? @session_config_path
-      sext = Watobo::Conf::General.session_settings_file_ext
-      @session_file = File.join(@session_path, session_name + sext)
-      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
-      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
-      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
-      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
-      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
-      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
-        if not File.exists?(folder) then
-          puts "create path #{folder}"
-          begin
-            Dir.mkdir(folder)
-          rescue SystemCallError => bang
-            puts "!!!ERROR:"
-            puts bang
-          rescue => bang
-            puts "!!!ERROR:"
-            puts bang
-          end
-        end
-      end
-      @log_file = File.join(@log_path, session_name + ".log")
-    #     @chat_files = get_file_list(@conversation_path, "*-chat")
-    #     @finding_files = get_file_list(@findings_path, "*-finding")
-    end
-    def save_session_settings(group, session_settings)
-      # puts ">> save_session_settings <<"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      session_file = File.join(@session_config_path, file)
-      # puts "Dest.File: #{session_file}"
-      #  puts session_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(session_file, session_settings)
-    end
-    def load_session_settings(group)
-      # puts ">> load_session_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      session_file = File.join(@session_config_path, file)
-      # puts "File: #{session_file}"
-      #  puts "---"
-      s = Watobo::Utils.load_settings(session_file)
-      s
-    end
-    def save_project_settings(group, project_settings)
-      # puts ">> save_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      project_file = File.join(@project_config_path, file)
-      # puts "Dest.File: #{project_file}"
-      # puts project_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(project_file, project_settings)
-    end
-    def load_project_settings(group)
-      # puts ">> load_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      project_file = File.join(@project_config_path, file)
-      # puts "File: #{project_file}"
-      # puts "---"
-      s = Watobo::Utils.load_settings(project_file)
-      s
-    end
-    def logs
-      l = ''
-      @log_lock.synchronize do
-        l = File.open(@log_file).read
-      end
-      l
-    end
-    def logger( message, prefs = {} )
-      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
-      opts.update prefs
-      return false if @log_file.nil?
-      begin
-        t = Time.now
-        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
-        log_message = [ now ]
-        log_message << "#{opts[:sender]}"
-        if message.is_a? Array
-          log_message << message.join("\n| ")
-          log_message << "\n-"
-        else
-        log_message << message
-        end
-        @log_lock.synchronize do
-          File.open(@log_file,"a") do |lfh|
-            lfh.puts log_message.join("|")
-          end
-        end
-      rescue => bang
-        puts bang
-      end
-    end
-    private
-    def chat_valid?(chat)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
-      true
-    end
-    def get_file_list(path, pattern)
-      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
-      fl
-    end
-  end
+# @private
+module Watobo#:nodoc: all
+  class FileSessionStore < SessionStore
+    def num_chats
+      get_file_list(@conversation_path, "*-chat*").length
+    end
+    def num_findings
+      get_file_list(@findings_path, "*-finding*").length
+    end
+    def add_finding(finding)
+      return false unless finding.respond_to? :request
+      return false unless finding.respond_to? :response
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
+      unless File.exist?(finding_file)
+        save_finding(finding_file, finding)
+        return true
+      end
+      false
+    end
+    def delete_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
+      File.delete finding_file if File.exist? finding_file
+      file = finding_file + ".yml"
+      File.delete file if File.exist? file
+      file = finding_file + ".mrs"
+      File.delete file if File.exist? file
+    end
+    def save_finding(fname, finding)
+      File.open(fname, 'wb'){|f|
+        f.print Marshal::dump(finding.to_h)
+        }
+    end
+    def save_chat(file, chat)
+      File.open(file, 'wb'){|f|
+        f.print Marshal::dump(chat.to_h)
+        }
+    end
+    def update_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
+      if File.exist?(finding_file) then
+        save_finding(finding_file, finding)
+      end
+    end
+    # add_scan_log
+    # adds a chat to a specific log store, e.g. if you want to log scan results.
+    # needs a scan_name (STRING) as its destination which will be created
+    # if the scan name does not exist.
+    def add_scan_log(chat, scan_name = nil)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
+      begin
+        return false if scan_name.nil?
+        return false if scan_name.empty?
+        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
+        # puts ">> scan_name"
+        path = File.join(@scanlog_path, scan_name_clean)
+        Dir.mkdir path unless File.exist? path
+        file = File.join( path, "log_" + Time.now.to_f.to_s + ".mrs")
+        unless File.exist?(file)
+          File.open(file, "wb") { |fh|
+            fh.print Marshal::dump(chat.to_h)
+          }
+        end
+        return true
+      rescue => bang
+        puts bang
+        puts bang.backtrace if $DEBUG
+      end
+      return false
+    end
+    def add_chat(chat)
+      return false unless chat_valid? chat
+      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.mrs")
+      unless File.exist?(chat_file)
+        File.open(chat_file, "wb") { |fh|
+          fh.print Marshal::dump(chat.to_h)
+        }
+      chat.file = chat_file
+      return true
+      end
+      return false
+    end
+    def each_chat(&block)
+      list = get_file_list(@conversation_path, "*-chat*")
+      list.each do |fname|
+        #puts
+        chat = nil
+        if fname =~ /\.mrs$/
+          chat = Watobo::Utils.loadChatMarshal(fname)
+        elsif fname =~ /\.yml$/
+          chat = Watobo::Utils.loadChatYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
+        end
+        next if chat.nil?
+        yield chat if block_given?
+      end
+    end
+    def each_finding(&block)
+      list = get_file_list(@findings_path, "*-finding*")
+      list.each do |fname|
+        f = nil
+        if fname =~ /\.mrs$/
+          f = Watobo::Utils.loadFindingMarshal(fname)
+        elsif fname =~ /\.yml$/
+          f = Watobo::Utils.loadFindingYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
+        end
+        next if f.nil?
+        yield f if block_given?
+      end
+    end
+    def initialize(project_name, session_name)
+      wsp = Watobo.workspace_path
+      return false unless File.exist? wsp
+      puts "* using workspace path: #{wsp}" if $DEBUG
+      @log_file = nil
+      @log_lock = Mutex.new
+      @project_path = File.join(wsp, project_name)
+      unless File.exist? @project_path
+        puts "* create project path: #{@project_path}" if $DEBUG
+        Dir.mkdir(@project_path)
+      end
+      @project_config_path = File.join(@project_path, ".config")
+      Dir.mkdir @project_config_path unless File.exist? @project_config_path
+      @session_path = File.join(@project_path, session_name)
+      unless File.exist? @session_path
+        puts "* create session path: #{@session_path}" if $DEBUG
+        Dir.mkdir(@session_path)
+      end
+      @session_config_path = File.join(@session_path, ".config")
+      Dir.mkdir @session_config_path unless File.exist? @session_config_path
+      sext = Watobo::Conf::General.session_settings_file_ext
+      @session_file = File.join(@session_path, session_name + sext)
+      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
+      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
+      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
+      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
+      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
+      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
+        if not File.exist?(folder) then
+          puts "create path #{folder}"
+          begin
+            Dir.mkdir(folder)
+          rescue SystemCallError => bang
+            puts "!!!ERROR:"
+            puts bang
+          rescue => bang
+            puts "!!!ERROR:"
+            puts bang
+          end
+        end
+      end
+      @log_file = File.join(@log_path, session_name + ".log")
+    #     @chat_files = get_file_list(@conversation_path, "*-chat")
+    #     @finding_files = get_file_list(@findings_path, "*-finding")
+    end
+    def save_session_settings(group, session_settings)
+      # puts ">> save_session_settings <<"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      session_file = File.join(@session_config_path, file)
+      # puts "Dest.File: #{session_file}"
+      #  puts session_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(session_file, session_settings)
+    end
+    def load_session_settings(group)
+      # puts ">> load_session_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      session_file = File.join(@session_config_path, file)
+      # puts "File: #{session_file}"
+      #  puts "---"
+      s = Watobo::Utils.load_settings(session_file)
+      s
+    end
+    def save_project_settings(group, project_settings)
+      # puts ">> save_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      project_file = File.join(@project_config_path, file)
+      # puts "Dest.File: #{project_file}"
+      # puts project_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(project_file, project_settings)
+    end
+    def load_project_settings(group)
+      # puts ">> load_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      project_file = File.join(@project_config_path, file)
+      # puts "File: #{project_file}"
+      # puts "---"
+      s = Watobo::Utils.load_settings(project_file)
+      s
+    end
+    def logs
+      l = ''
+      @log_lock.synchronize do
+        l = File.open(@log_file).read
+      end
+      l
+    end
+    def logger( message, prefs = {} )
+      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
+      opts.update prefs
+      return false if @log_file.nil?
+      begin
+        t = Time.now
+        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
+        log_message = [ now ]
+        log_message << "#{opts[:sender]}"
+        if message.is_a? Array
+          log_message << message.join("\n| ")
+          log_message << "\n-"
+        else
+        log_message << message
+        end
+        @log_lock.synchronize do
+          File.open(@log_file,"a") do |lfh|
+            lfh.puts log_message.join("|")
+          end
+        end
+      rescue => bang
+        puts bang
+      end
+    end
+    private
+    def chat_valid?(chat)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
+      true
+    end
+    def get_file_list(path, pattern)
+      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
+      fl
+    end
+  end
 end