RubyGems - watobo - Versions diffs - 0.9.21 → 0.9.23 - Mend

watobo 0.9.21 → 0.9.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (283) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +46 -1
data/bin/nfq_server.rb +0 -9
data/bin/watobo_gui.rb +3 -13
data/custom-views/prettify-json.rb +9 -18
data/icons/watobo.ico +0 -0
data/icons/watobo.ico.old +0 -0
data/lib/watobo.rb +10 -19
data/lib/watobo/adapters.rb +5 -14
data/lib/watobo/adapters/data_store.rb +50 -59
data/lib/watobo/adapters/file/file_store.rb +287 -296
data/lib/watobo/adapters/file/marshal_store.rb +293 -296
data/lib/watobo/adapters/session_store.rb +5 -14
data/lib/watobo/ca.rb +1 -10
data/lib/watobo/config.rb +197 -206
data/lib/watobo/constants.rb +0 -9
data/lib/watobo/core.rb +3 -12
data/lib/watobo/core/active_check.rb +72 -135
data/lib/watobo/core/active_checks.rb +49 -58
data/lib/watobo/core/ca.rb +369 -389
data/lib/watobo/core/cert_store.rb +34 -43
data/lib/watobo/core/chat.rb +92 -101
data/lib/watobo/core/chats.rb +271 -280
data/lib/watobo/core/client_cert_store.rb +106 -35
data/lib/watobo/core/conversation.rb +48 -57
data/lib/watobo/core/cookie.rb +23 -32
data/lib/watobo/core/egress_handlers.rb +98 -0
data/lib/watobo/core/finding.rb +66 -75
data/lib/watobo/core/findings.rb +107 -114
data/lib/watobo/core/forwarding_proxy.rb +13 -22
data/lib/watobo/core/fuzz_gen.rb +0 -9
data/lib/watobo/core/intercept_carver.rb +166 -177
data/lib/watobo/core/intercept_filter.rb +235 -244
data/lib/watobo/core/interceptor.rb +98 -107
data/lib/watobo/core/min_class.rb +4 -13
data/lib/watobo/core/netfilter_queue.rb +170 -179
data/lib/watobo/core/ott_cache.rb +132 -141
data/lib/watobo/core/parameter.rb +43 -52
data/lib/watobo/core/passive_check.rb +103 -102
data/lib/watobo/core/passive_checks.rb +48 -57
data/lib/watobo/core/passive_scanner.rb +54 -55
data/lib/watobo/core/plugin.rb +11 -20
data/lib/watobo/core/project.rb +3 -9
data/lib/watobo/core/proxy.rb +43 -52
data/lib/watobo/core/request.rb +125 -123
data/lib/watobo/core/response.rb +44 -53
data/lib/watobo/core/scanner.rb +0 -9
data/lib/watobo/core/scanner3.rb +405 -414
data/lib/watobo/core/scope.rb +83 -92
data/lib/watobo/core/session.rb +1043 -1026
data/lib/watobo/core/sid_cache.rb +98 -107
data/lib/watobo/core/subscriber.rb +25 -34
data/lib/watobo/defaults.rb +21 -30
data/lib/watobo/external/diff/lcs.rb +0 -9
data/lib/watobo/external/diff/lcs/array.rb +0 -9
data/lib/watobo/external/diff/lcs/block.rb +0 -9
data/lib/watobo/external/diff/lcs/callbacks.rb +0 -9
data/lib/watobo/external/diff/lcs/change.rb +0 -9
data/lib/watobo/external/diff/lcs/hunk.rb +0 -9
data/lib/watobo/external/diff/lcs/ldiff.rb +0 -9
data/lib/watobo/external/diff/lcs/string.rb +0 -9
data/lib/watobo/externals.rb +6 -15
data/lib/watobo/framework.rb +4 -13
data/lib/watobo/framework/create_project.rb +60 -69
data/lib/watobo/framework/init.rb +0 -9
data/lib/watobo/framework/init_modules.rb +0 -9
data/lib/watobo/framework/license_text.rb +28 -37
data/lib/watobo/framework/load_chat.rb +13 -22
data/lib/watobo/gui.rb +132 -123
data/lib/watobo/gui/about_watobo.rb +0 -9
data/lib/watobo/gui/browser_preview.rb +0 -9
data/lib/watobo/gui/certificate_dialog.rb +0 -9
data/lib/watobo/gui/chat_diff.rb +0 -9
data/lib/watobo/gui/chatviewer_frame.rb +73 -72
data/lib/watobo/gui/checkboxtree.rb +0 -9
data/lib/watobo/gui/checks_policy_frame.rb +0 -9
data/lib/watobo/gui/client_cert_dialog.rb +96 -87
data/lib/watobo/gui/confirm_scan_dialog.rb +0 -9
data/lib/watobo/gui/conversation_table.rb +158 -164
data/lib/watobo/gui/conversation_table_ctrl.rb +207 -216
data/lib/watobo/gui/conversation_table_ctrl2.rb +373 -382
data/lib/watobo/gui/csrf_token_dialog.rb +0 -9
data/lib/watobo/gui/custom_viewer.rb +374 -383
data/lib/watobo/gui/dashboard.rb +296 -303
data/lib/watobo/gui/define_scope_frame.rb +0 -9
data/lib/watobo/gui/differ_frame.rb +215 -224
data/lib/watobo/gui/edit_comment.rb +0 -9
data/lib/watobo/gui/edit_scope_dialog.rb +0 -9
data/lib/watobo/gui/export_dialog.rb +104 -113
data/lib/watobo/gui/finding_info.rb +0 -9
data/lib/watobo/gui/findings_tree.rb +210 -217
data/lib/watobo/gui/full_scan_dialog.rb +0 -9
data/lib/watobo/gui/fuzzer_gui.rb +1295 -1313
data/lib/watobo/gui/fxsave_thread.rb +14 -0
data/lib/watobo/gui/goto_url_dialog.rb +70 -79
data/lib/watobo/gui/hex_viewer.rb +0 -9
data/lib/watobo/gui/html_viewer.rb +287 -296
data/lib/watobo/gui/intercept_filter_dialog.rb +188 -197
data/lib/watobo/gui/interceptor_gui.rb +1041 -1051
data/lib/watobo/gui/interceptor_settings_dialog.rb +0 -9
data/lib/watobo/gui/json_viewer.rb +287 -0
data/lib/watobo/gui/list_box.rb +101 -110
data/lib/watobo/gui/log_file_viewer.rb +32 -41
data/lib/watobo/gui/log_viewer.rb +83 -88
data/lib/watobo/gui/login_wizzard.rb +0 -9
data/lib/watobo/gui/main_window.rb +587 -618
data/lib/watobo/gui/manual_request_editor.rb +620 -565
data/lib/watobo/gui/master_pw_dialog.rb +0 -9
data/lib/watobo/gui/mixins/gui_settings.rb +29 -38
data/lib/watobo/gui/page_tree.rb +217 -226
data/lib/watobo/gui/password_policy_dialog.rb +0 -9
data/lib/watobo/gui/plugin_board.rb +0 -9
data/lib/watobo/gui/preferences_dialog.rb +0 -9
data/lib/watobo/gui/progress_window.rb +17 -27
data/lib/watobo/gui/project_wizzard.rb +0 -9
data/lib/watobo/gui/proxy_dialog.rb +1 -10
data/lib/watobo/gui/quick_scan_dialog.rb +0 -9
data/lib/watobo/gui/request_builder_frame.rb +102 -111
data/lib/watobo/gui/request_editor.rb +181 -137
data/lib/watobo/gui/rewrite_filters_dialog.rb +394 -403
data/lib/watobo/gui/rewrite_rules_dialog.rb +372 -381
data/lib/watobo/gui/save_chat_dialog.rb +140 -149
data/lib/watobo/gui/scanner_settings_dialog.rb +0 -9
data/lib/watobo/gui/select_chat_dialog.rb +0 -9
data/lib/watobo/gui/session_management_dialog.rb +0 -9
data/lib/watobo/gui/sites_tree.rb +0 -9
data/lib/watobo/gui/status_bar.rb +0 -9
data/lib/watobo/gui/table_editor.rb +0 -9
data/lib/watobo/gui/tagless_viewer.rb +0 -9
data/lib/watobo/gui/templates/plugin.rb +0 -9
data/lib/watobo/gui/templates/plugin2.rb +92 -100
data/lib/watobo/gui/templates/plugin_base.rb +144 -153
data/lib/watobo/gui/text_viewer.rb +0 -9
data/lib/watobo/gui/transcoder_window.rb +0 -9
data/lib/watobo/gui/utils/gui_utils.rb +0 -9
data/lib/watobo/gui/utils/init_icons.rb +86 -95
data/lib/watobo/gui/utils/load_icons.rb +33 -42
data/lib/watobo/gui/utils/load_plugins.rb +116 -119
data/lib/watobo/gui/utils/master_password.rb +68 -77
data/lib/watobo/gui/utils/save_default_settings.rb +113 -122
data/lib/watobo/gui/utils/save_project_settings.rb +0 -9
data/lib/watobo/gui/utils/save_proxy_settings.rb +41 -50
data/lib/watobo/gui/utils/save_scanner_settings.rb +18 -27
data/lib/watobo/gui/utils/session_history.rb +112 -121
data/lib/watobo/gui/workspace_dialog.rb +0 -9
data/lib/watobo/gui/www_auth_dialog.rb +0 -9
data/lib/watobo/gui/xml_viewer_frame.rb +0 -9
data/lib/watobo/http.rb +4 -13
data/lib/watobo/http/cookies/cookies.rb +26 -35
data/lib/watobo/http/data/data.rb +45 -54
data/lib/watobo/http/data/json.rb +47 -55
data/lib/watobo/http/url/url.rb +38 -47
data/lib/watobo/http/xml/xml.rb +124 -130
data/lib/watobo/interceptor.rb +3 -12
data/lib/watobo/interceptor/proxy.rb +742 -739
data/lib/watobo/interceptor/transparent.rb +22 -24
data/lib/watobo/mixins.rb +10 -19
data/lib/watobo/mixins/check_info.rb +27 -36
data/lib/watobo/mixins/httpparser.rb +613 -637
data/lib/watobo/mixins/request_parser.rb +88 -97
data/lib/watobo/mixins/shapers.rb +515 -529
data/lib/watobo/mixins/transcoders.rb +3 -11
data/lib/watobo/parser.rb +1 -10
data/lib/watobo/parser/html.rb +83 -92
data/lib/watobo/patch_fxruby_setfocus.rb +26 -0
data/lib/watobo/sockets.rb +3 -12
data/lib/watobo/sockets/agent.rb +828 -837
data/lib/watobo/sockets/client_socket.rb +308 -312
data/lib/watobo/sockets/connection.rb +401 -410
data/lib/watobo/sockets/http_socket.rb +11 -13
data/lib/watobo/sockets/ntlm_auth.rb +129 -138
data/lib/watobo/utils.rb +10 -19
data/lib/watobo/utils/check_regex.rb +0 -9
data/lib/watobo/utils/copy_object.rb +0 -9
data/lib/watobo/utils/crypto.rb +0 -9
data/lib/watobo/utils/expand_range.rb +23 -32
data/lib/watobo/utils/export_xml.rb +97 -106
data/lib/watobo/utils/file_management.rb +9 -11
data/lib/watobo/utils/hexprint.rb +9 -18
data/lib/watobo/utils/load_chat.rb +0 -9
data/lib/watobo/utils/load_icon.rb +0 -9
data/lib/watobo/utils/ntlm.rb +866 -875
data/lib/watobo/utils/print_debug.rb +12 -21
data/lib/watobo/utils/response_builder.rb +90 -99
data/lib/watobo/utils/response_hash.rb +0 -9
data/lib/watobo/utils/secure_eval.rb +0 -9
data/lib/watobo/utils/strings.rb +10 -19
data/lib/watobo/utils/text2request.rb +0 -9
data/lib/watobo/utils/url.rb +23 -32
data/lib/watobo/utils/utf16.rb +11 -20
data/modules/active/Apache/mod_status.rb +0 -9
data/modules/active/Apache/multiview.rb +151 -160
data/modules/active/Flash/crossdomain.rb +0 -9
data/modules/active/JWT/jwt_oauth2_none.rb +111 -0
data/modules/active/cq5/cq5_default_selectors.rb +106 -115
data/modules/active/cq5/cqp_user_enumeration.rb +125 -134
data/modules/active/directories/dirwalker.rb +0 -9
data/modules/active/discovery/fileextensions.rb +0 -9
data/modules/active/discovery/http_methods.rb +0 -9
data/modules/active/discovery/jsmapfiles.rb +79 -0
data/modules/active/domino/domino_db.rb +68 -76
data/modules/active/dotNET/custom_errors.rb +102 -111
data/modules/active/dotNET/dotnet_files.rb +90 -99
data/modules/active/fileinclusion/lfi_simple.rb +0 -9
data/modules/active/jboss/jboss_basic.rb +0 -9
data/modules/active/sap/business_objects.rb +51 -60
data/modules/active/sap/its_commands.rb +0 -9
data/modules/active/sap/its_service_parameter.rb +0 -9
data/modules/active/sap/its_services.rb +0 -9
data/modules/active/sap/its_xss.rb +0 -9
data/modules/active/shell_shock/shell_shock.rb +139 -148
data/modules/active/siebel/siebel_apps.rb +160 -169
data/modules/active/sqlinjection/sql_boolean.rb +0 -9
data/modules/active/sqlinjection/sql_numerical.rb +198 -0
data/modules/active/sqlinjection/sqli_error.rb +0 -9
data/modules/active/sqlinjection/sqli_timing.rb +220 -229
data/modules/active/struts2/default_handler_ognl.rb +106 -115
data/modules/active/struts2/include_params_ognl.rb +105 -114
data/modules/active/xml/xml_xxe.rb +112 -123
data/modules/active/xss/xss_ng.rb +214 -223
data/modules/active/xss/xss_simple.rb +0 -9
data/modules/passive/ajax.rb +68 -77
data/modules/passive/autocomplete.rb +56 -65
data/modules/passive/cookie_options.rb +0 -9
data/modules/passive/cookie_xss.rb +0 -9
data/modules/passive/detect_code.rb +0 -9
data/modules/passive/detect_fileupload.rb +0 -9
data/modules/passive/detect_infrastructure.rb +0 -9
data/modules/passive/detect_one_time_tokens.rb +0 -9
data/modules/passive/dirindexing.rb +0 -9
data/modules/passive/disclosure_domino.rb +55 -64
data/modules/passive/disclosure_emails.rb +0 -9
data/modules/passive/disclosure_ipaddr.rb +55 -53
data/modules/passive/filename_as_parameter.rb +0 -9
data/modules/passive/form_spotter.rb +0 -9
data/modules/passive/hidden_fields.rb +50 -59
data/modules/passive/hotspots.rb +0 -9
data/modules/passive/in_script_parameter.rb +0 -9
data/modules/passive/json_web_token.rb +93 -0
data/modules/passive/multiple_server_headers.rb +0 -9
data/modules/passive/possible_login.rb +0 -9
data/modules/passive/redirect_url.rb +0 -9
data/modules/passive/redirectionz.rb +0 -9
data/modules/passive/sap-headers.rb +56 -65
data/modules/passive/xss_dom.rb +0 -9
data/plugins/aem/aem.rb +11 -20
data/plugins/aem/gui/main.rb +118 -127
data/plugins/aem/gui/tree_view.rb +171 -180
data/plugins/aem/lib/agent.rb +130 -138
data/plugins/aem/lib/dispatcher.rb +45 -51
data/plugins/aem/lib/engine.rb +177 -186
data/plugins/catalog/catalog.rb +345 -355
data/plugins/crawler/crawler.rb +4 -13
data/plugins/crawler/gui.rb +5 -14
data/plugins/crawler/gui/auth_frame.rb +270 -279
data/plugins/crawler/gui/crawler_gui.rb +271 -276
data/plugins/crawler/gui/general_settings_frame.rb +96 -105
data/plugins/crawler/gui/hooks_frame.rb +80 -89
data/plugins/crawler/gui/scope_frame.rb +50 -59
data/plugins/crawler/gui/settings_tabbook.rb +38 -47
data/plugins/crawler/gui/status_frame.rb +59 -68
data/plugins/crawler/lib/bags.rb +18 -27
data/plugins/crawler/lib/constants.rb +11 -20
data/plugins/crawler/lib/engine.rb +488 -497
data/plugins/crawler/lib/grabber.rb +68 -77
data/plugins/crawler/lib/status.rb +71 -80
data/plugins/crawler/lib/uri_mp.rb +12 -21
data/plugins/filefinder/filefinder.rb +326 -333
data/plugins/sqlmap/bin/test.rb +78 -87
data/plugins/sqlmap/gui.rb +4 -13
data/plugins/sqlmap/gui/main.rb +218 -227
data/plugins/sqlmap/gui/options_frame.rb +97 -106
data/plugins/sqlmap/lib/sqlmap_ctrl.rb +90 -100
data/plugins/sqlmap/sqlmap.rb +2 -11
data/plugins/sslchecker/cli/sslchecker_cli.rb +0 -9
data/plugins/sslchecker/gui/cipher_table.rb +246 -254
data/plugins/sslchecker/gui/gui.rb +258 -264
data/plugins/sslchecker/gui/sslchecker.rb +4 -13
data/plugins/sslchecker/lib/check.rb +127 -133
data/plugins/wshell/gui/main.rb +119 -117
data/plugins/wshell/lib/core.rb +38 -88
data/plugins/wshell/wshell.rb +11 -20
metadata +170 -164

data/lib/watobo/adapters/file/marshal_store.rb CHANGED

@@ -1,297 +1,294 @@
-#.
-# marshal_store.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# @private
-module Watobo#:nodoc: all
-  class FileSessionStore < SessionStore
-    def num_chats
-      get_file_list(@conversation_path, "*-chat*").length
-    end
-    def num_findings
-      get_file_list(@findings_path, "*-finding*").length
-    end
-    def add_finding(finding)
-      return false unless finding.respond_to? :request
-      return false unless finding.respond_to? :response
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
-      unless File.exists?(finding_file)
-        save_finding(finding_file, finding)
-        return true
-      end
-      false
-    end
-    def delete_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
-      File.delete finding_file if File.exist? finding_file
-      file = finding_file + ".yml"
-      File.delete file if File.exist? file
-      file = finding_file + ".mrs"
-      File.delete file if File.exist? file
-    end
-    def save_finding(fname, finding)
-      File.open(fname, 'wb'){|f|
-        f.print Marshal::dump(finding.to_h)
-        }
-    end
-    def update_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
-      if File.exists?(finding_file) then
-        save_finding(finding_file, finding)
-      end
-    end
-    # add_scan_log
-    # adds a chat to a specific log store, e.g. if you want to log scan results.
-    # needs a scan_name (STRING) as its destination which will be created
-    # if the scan name does not exist.
-    def add_scan_log(chat, scan_name = nil)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
-      begin
-        return false if scan_name.nil?
-        return false if scan_name.empty?
-        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
-        # puts ">> scan_name"
-        path = File.join(@scanlog_path, scan_name_clean)
-        Dir.mkdir path unless File.exist? path
-        file = File.join( path, "log_" + Time.now.to_f.to_s + ".mrs")
-        unless File.exists?(file)
-          File.open(file, "wb") { |fh|
-            fh.print Marshal::dump(chat.to_h)
-          }
-        end
-        return true
-      rescue => bang
-        puts bang
-        puts bang.backtrace if $DEBUG
-      end
-      return false
-    end
-    def add_chat(chat)
-      return false unless chat_valid? chat
-      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.mrs")
-      unless File.exists?(chat_file)
-        File.open(chat_file, "wb") { |fh|
-          fh.print Marshal::dump(chat.to_h)
-        }
-      chat.file = chat_file
-      return true
-      end
-      return false
-    end
-    def each_chat(&block)
-      list = get_file_list(@conversation_path, "*-chat*")
-      list.each do |fname|
-        #puts
-        chat = nil
-        if fname =~ /\.mrs$/
-          chat = Watobo::Utils.loadChatMarshal(fname)
-        elsif fname =~ /\.yml$/
-          chat = Watobo::Utils.loadChatYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
-        end
-        next if chat.nil?
-        yield chat if block_given?
-      end
-    end
-    def each_finding(&block)
-      list = get_file_list(@findings_path, "*-finding*")
-      list.each do |fname|
-        f = nil
-        if fname =~ /\.mrs$/
-          f = Watobo::Utils.loadFindingMarshal(fname)
-        elsif fname =~ /\.yml$/
-          f = Watobo::Utils.loadFindingYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
-        end
-        next if f.nil?
-        yield f if block_given?
-      end
-    end
-    def initialize(project_name, session_name)
-      wsp = Watobo.workspace_path
-      return false unless File.exist? wsp
-      puts "* using workspace path: #{wsp}" if $DEBUG
-      @log_file = nil
-      @log_lock = Mutex.new
-      @project_path = File.join(wsp, project_name)
-      unless File.exist? @project_path
-        puts "* create project path: #{@project_path}" if $DEBUG
-        Dir.mkdir(@project_path)
-      end
-      @project_config_path = File.join(@project_path, ".config")
-      Dir.mkdir @project_config_path unless File.exist? @project_config_path
-      @session_path = File.join(@project_path, session_name)
-      unless File.exist? @session_path
-        puts "* create session path: #{@session_path}" if $DEBUG
-        Dir.mkdir(@session_path)
-      end
-      @session_config_path = File.join(@session_path, ".config")
-      Dir.mkdir @session_config_path unless File.exist? @session_config_path
-      sext = Watobo::Conf::General.session_settings_file_ext
-      @session_file = File.join(@session_path, session_name + sext)
-      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
-      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
-      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
-      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
-      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
-      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
-        if not File.exists?(folder) then
-          puts "create path #{folder}"
-          begin
-            Dir.mkdir(folder)
-          rescue SystemCallError => bang
-            puts "!!!ERROR:"
-            puts bang
-          rescue => bang
-            puts "!!!ERROR:"
-            puts bang
-          end
-        end
-      end
-      @log_file = File.join(@log_path, session_name + ".log")
-    #     @chat_files = get_file_list(@conversation_path, "*-chat")
-    #     @finding_files = get_file_list(@findings_path, "*-finding")
-    end
-    def save_session_settings(group, session_settings)
-      # puts ">> save_session_settings <<"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      session_file = File.join(@session_config_path, file)
-      # puts "Dest.File: #{session_file}"
-      #  puts session_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(session_file, session_settings)
-    end
-    def load_session_settings(group)
-      # puts ">> load_session_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      session_file = File.join(@session_config_path, file)
-      # puts "File: #{session_file}"
-      #  puts "---"
-      s = Watobo::Utils.load_settings(session_file)
-      s
-    end
-    def save_project_settings(group, project_settings)
-      # puts ">> save_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      project_file = File.join(@project_config_path, file)
-      # puts "Dest.File: #{project_file}"
-      # puts project_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(project_file, project_settings)
-    end
-    def load_project_settings(group)
-      # puts ">> load_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-      project_file = File.join(@project_config_path, file)
-      # puts "File: #{project_file}"
-      # puts "---"
-      s = Watobo::Utils.load_settings(project_file)
-      s
-    end
-    def logs
-      l = ''
-      @log_lock.synchronize do
-        l = File.open(@log_file).read
-      end
-      l
-    end
-    def logger( message, prefs = {} )
-      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
-      opts.update prefs
-      return false if @log_file.nil?
-      begin
-        t = Time.now
-        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
-        log_message = [ now ]
-        log_message << "#{opts[:sender]}"
-        if message.is_a? Array
-          log_message << message.join("\n| ")
-          log_message << "\n-"
-        else
-        log_message << message
-        end
-        @log_lock.synchronize do
-          File.open(@log_file,"a") do |lfh|
-            lfh.puts log_message.join("|")
-          end
-        end
-      rescue => bang
-        puts bang
-      end
-    end
-    private
-    def chat_valid?(chat)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
-      true
-    end
-    def get_file_list(path, pattern)
-      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
-      fl
-    end
-  end
+# @private
+module Watobo#:nodoc: all
+  class FileSessionStore < SessionStore
+    def num_chats
+      get_file_list(@conversation_path, "*-chat*").length
+    end
+    def num_findings
+      get_file_list(@findings_path, "*-finding*").length
+    end
+    def add_finding(finding)
+      return false unless finding.respond_to? :request
+      return false unless finding.respond_to? :response
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
+      unless File.exist?(finding_file)
+        save_finding(finding_file, finding)
+        return true
+      end
+      false
+    end
+    def delete_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
+      File.delete finding_file if File.exist? finding_file
+      file = finding_file + ".yml"
+      File.delete file if File.exist? file
+      file = finding_file + ".mrs"
+      File.delete file if File.exist? file
+    end
+    def save_finding(fname, finding)
+      File.open(fname, 'wb'){|f|
+        f.print Marshal::dump(finding.to_h)
+        }
+    end
+    def save_chat(file, chat)
+      File.open(file, 'wb'){|f|
+        f.print Marshal::dump(chat.to_h)
+        }
+    end
+    def update_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.mrs")
+      if File.exist?(finding_file) then
+        save_finding(finding_file, finding)
+      end
+    end
+    # add_scan_log
+    # adds a chat to a specific log store, e.g. if you want to log scan results.
+    # needs a scan_name (STRING) as its destination which will be created
+    # if the scan name does not exist.
+    def add_scan_log(chat, scan_name = nil)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
+      begin
+        return false if scan_name.nil?
+        return false if scan_name.empty?
+        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
+        # puts ">> scan_name"
+        path = File.join(@scanlog_path, scan_name_clean)
+        Dir.mkdir path unless File.exist? path
+        file = File.join( path, "log_" + Time.now.to_f.to_s + ".mrs")
+        unless File.exist?(file)
+          File.open(file, "wb") { |fh|
+            fh.print Marshal::dump(chat.to_h)
+          }
+        end
+        return true
+      rescue => bang
+        puts bang
+        puts bang.backtrace if $DEBUG
+      end
+      return false
+    end
+    def add_chat(chat)
+      return false unless chat_valid? chat
+      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.mrs")
+      unless File.exist?(chat_file)
+        File.open(chat_file, "wb") { |fh|
+          fh.print Marshal::dump(chat.to_h)
+        }
+      chat.file = chat_file
+      return true
+      end
+      return false
+    end
+    def each_chat(&block)
+      list = get_file_list(@conversation_path, "*-chat*")
+      list.each do |fname|
+        #puts
+        chat = nil
+        if fname =~ /\.mrs$/
+          chat = Watobo::Utils.loadChatMarshal(fname)
+        elsif fname =~ /\.yml$/
+          chat = Watobo::Utils.loadChatYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
+        end
+        next if chat.nil?
+        yield chat if block_given?
+      end
+    end
+    def each_finding(&block)
+      list = get_file_list(@findings_path, "*-finding*")
+      list.each do |fname|
+        f = nil
+        if fname =~ /\.mrs$/
+          f = Watobo::Utils.loadFindingMarshal(fname)
+        elsif fname =~ /\.yml$/
+          f = Watobo::Utils.loadFindingYAML(fname) unless list.include?(fname.gsub(/yml$/,'mrs'))
+        end
+        next if f.nil?
+        yield f if block_given?
+      end
+    end
+    def initialize(project_name, session_name)
+      wsp = Watobo.workspace_path
+      return false unless File.exist? wsp
+      puts "* using workspace path: #{wsp}" if $DEBUG
+      @log_file = nil
+      @log_lock = Mutex.new
+      @project_path = File.join(wsp, project_name)
+      unless File.exist? @project_path
+        puts "* create project path: #{@project_path}" if $DEBUG
+        Dir.mkdir(@project_path)
+      end
+      @project_config_path = File.join(@project_path, ".config")
+      Dir.mkdir @project_config_path unless File.exist? @project_config_path
+      @session_path = File.join(@project_path, session_name)
+      unless File.exist? @session_path
+        puts "* create session path: #{@session_path}" if $DEBUG
+        Dir.mkdir(@session_path)
+      end
+      @session_config_path = File.join(@session_path, ".config")
+      Dir.mkdir @session_config_path unless File.exist? @session_config_path
+      sext = Watobo::Conf::General.session_settings_file_ext
+      @session_file = File.join(@session_path, session_name + sext)
+      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
+      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
+      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
+      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
+      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
+      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
+        if not File.exist?(folder) then
+          puts "create path #{folder}"
+          begin
+            Dir.mkdir(folder)
+          rescue SystemCallError => bang
+            puts "!!!ERROR:"
+            puts bang
+          rescue => bang
+            puts "!!!ERROR:"
+            puts bang
+          end
+        end
+      end
+      @log_file = File.join(@log_path, session_name + ".log")
+    #     @chat_files = get_file_list(@conversation_path, "*-chat")
+    #     @finding_files = get_file_list(@findings_path, "*-finding")
+    end
+    def save_session_settings(group, session_settings)
+      # puts ">> save_session_settings <<"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      session_file = File.join(@session_config_path, file)
+      # puts "Dest.File: #{session_file}"
+      #  puts session_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(session_file, session_settings)
+    end
+    def load_session_settings(group)
+      # puts ">> load_session_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      session_file = File.join(@session_config_path, file)
+      # puts "File: #{session_file}"
+      #  puts "---"
+      s = Watobo::Utils.load_settings(session_file)
+      s
+    end
+    def save_project_settings(group, project_settings)
+      # puts ">> save_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      project_file = File.join(@project_config_path, file)
+      # puts "Dest.File: #{project_file}"
+      # puts project_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(project_file, project_settings)
+    end
+    def load_project_settings(group)
+      # puts ">> load_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+      project_file = File.join(@project_config_path, file)
+      # puts "File: #{project_file}"
+      # puts "---"
+      s = Watobo::Utils.load_settings(project_file)
+      s
+    end
+    def logs
+      l = ''
+      @log_lock.synchronize do
+        l = File.open(@log_file).read
+      end
+      l
+    end
+    def logger( message, prefs = {} )
+      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
+      opts.update prefs
+      return false if @log_file.nil?
+      begin
+        t = Time.now
+        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
+        log_message = [ now ]
+        log_message << "#{opts[:sender]}"
+        if message.is_a? Array
+          log_message << message.join("\n| ")
+          log_message << "\n-"
+        else
+        log_message << message
+        end
+        @log_lock.synchronize do
+          File.open(@log_file,"a") do |lfh|
+            lfh.puts log_message.join("|")
+          end
+        end
+      rescue => bang
+        puts bang
+      end
+    end
+    private
+    def chat_valid?(chat)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
+      true
+    end
+    def get_file_list(path, pattern)
+      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
+      fl
+    end
+  end
 end