watobo 0.9.8.677

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (260) hide show
  1. data/bin/watobo_gui.rb +39 -0
  2. data/certificates/cert.pem +19 -0
  3. data/certificates/privkey.pem +15 -0
  4. data/certificates/watobo_dh.key +5 -0
  5. data/config/datastore.yml +5 -0
  6. data/config/forwarding_proxy.yml +12 -0
  7. data/config/general.yml +4 -0
  8. data/config/gui.yml +23 -0
  9. data/config/interceptor.yml +16 -0
  10. data/config/scan_policy.yml +13 -0
  11. data/config/scanner.yml +34 -0
  12. data/icons/Add.ico +0 -0
  13. data/icons/Add_24x24.ico +0 -0
  14. data/icons/Bandwidth.ico +0 -0
  15. data/icons/Bandwidth_24x24.ico +0 -0
  16. data/icons/Mr. Bomb.ico +0 -0
  17. data/icons/Mr. Bomb_16x16.ico +0 -0
  18. data/icons/Mr. Bomb_24x24.ico +0 -0
  19. data/icons/Orange Ball.ico +0 -0
  20. data/icons/Orange Ball_16x16.ico +0 -0
  21. data/icons/Orange Ball_24x24.ico +0 -0
  22. data/icons/Pause.ico +0 -0
  23. data/icons/Play.ico +0 -0
  24. data/icons/Play_24x24.ico +0 -0
  25. data/icons/Red Ball.ico +0 -0
  26. data/icons/Red Ball_16x16.ico +0 -0
  27. data/icons/Red Ball_24x24.ico +0 -0
  28. data/icons/Run.ico +0 -0
  29. data/icons/Stop.ico +0 -0
  30. data/icons/Stop_24x24.ico +0 -0
  31. data/icons/Terminal.ico +0 -0
  32. data/icons/Transfer.ico +0 -0
  33. data/icons/Transfer_16x16.ico +0 -0
  34. data/icons/User.ico +0 -0
  35. data/icons/User_16x16.ico +0 -0
  36. data/icons/User_24x24.ico +0 -0
  37. data/icons/Web Browser.ico +0 -0
  38. data/icons/Web Browser_16x16.ico +0 -0
  39. data/icons/Write Document.ico +0 -0
  40. data/icons/Yellow Ball.ico +0 -0
  41. data/icons/Yellow Ball_16x16.ico +0 -0
  42. data/icons/Yellow Ball_24x24.ico +0 -0
  43. data/icons/advanced.ico +0 -0
  44. data/icons/advanced_16x16.ico +0 -0
  45. data/icons/advanced_24x24.ico +0 -0
  46. data/icons/applications.ico +0 -0
  47. data/icons/applications_16x16.ico +0 -0
  48. data/icons/applications_24x24.ico +0 -0
  49. data/icons/browser_16x16.ico +0 -0
  50. data/icons/browser_24x24.ico +0 -0
  51. data/icons/burn.ico +0 -0
  52. data/icons/burn_16x16.ico +0 -0
  53. data/icons/burn_24x24.ico +0 -0
  54. data/icons/calculator.ico +0 -0
  55. data/icons/calculator_24x24.ico +0 -0
  56. data/icons/cb_checked.ico +0 -0
  57. data/icons/cb_checked_orange.ico +0 -0
  58. data/icons/cb_unchecked.ico +0 -0
  59. data/icons/coin_24x24.ico +0 -0
  60. data/icons/conversation.ico +0 -0
  61. data/icons/conversation_24x24.ico +0 -0
  62. data/icons/engine.ico +0 -0
  63. data/icons/filter.ico +0 -0
  64. data/icons/folder.ico +0 -0
  65. data/icons/folder_16x16.ico +0 -0
  66. data/icons/fuzzer_16x16.ico +0 -0
  67. data/icons/fuzzer_24x24.ico +0 -0
  68. data/icons/go-down_16x16.png +0 -0
  69. data/icons/go-up_16x16.png +0 -0
  70. data/icons/help.ico +0 -0
  71. data/icons/help_16x16.ico +0 -0
  72. data/icons/help_24x24.ico +0 -0
  73. data/icons/iChat.ico +0 -0
  74. data/icons/iChat_16x16.ico +0 -0
  75. data/icons/iChat_24x24.ico +0 -0
  76. data/icons/icons.txt +3 -0
  77. data/icons/info.ico +0 -0
  78. data/icons/info_16x16.ico +0 -0
  79. data/icons/info_24x24.ico +0 -0
  80. data/icons/interceptor_24x24.ico +0 -0
  81. data/icons/lock.ico +0 -0
  82. data/icons/lock_12x12.ico +0 -0
  83. data/icons/lock_16x16.ico +0 -0
  84. data/icons/monitor.ico +0 -0
  85. data/icons/plugin.ico +0 -0
  86. data/icons/plugin_24x24.ico +0 -0
  87. data/icons/scan_16x16.png +0 -0
  88. data/icons/send.ico +0 -0
  89. data/icons/server.ico +0 -0
  90. data/icons/server_16x16.ico +0 -0
  91. data/icons/siberas_logo_x24.gif +0 -0
  92. data/icons/tag_blue_32x32.ico +0 -0
  93. data/icons/watobo-48x48.png +0 -0
  94. data/icons/watobo-logo.png +0 -0
  95. data/icons/watobo.ico +0 -0
  96. data/lib/watobo/adapters/data_store.rb +38 -0
  97. data/lib/watobo/adapters/file/file_store.rb +211 -0
  98. data/lib/watobo/adapters/session_store.rb +27 -0
  99. data/lib/watobo/adapters.rb +26 -0
  100. data/lib/watobo/config.rb +143 -0
  101. data/lib/watobo/constants.rb +92 -0
  102. data/lib/watobo/core/active_check.rb +404 -0
  103. data/lib/watobo/core/cookie.rb +69 -0
  104. data/lib/watobo/core/fuzz_gen.rb +160 -0
  105. data/lib/watobo/core/http_socket.rb +142 -0
  106. data/lib/watobo/core/interceptor.rb +729 -0
  107. data/lib/watobo/core/passive_check.rb +141 -0
  108. data/lib/watobo/core/project.rb +1058 -0
  109. data/lib/watobo/core/scanner.rb +396 -0
  110. data/lib/watobo/core/session.rb +1320 -0
  111. data/lib/watobo/core/simple_ca.rb +393 -0
  112. data/lib/watobo/core.rb +34 -0
  113. data/lib/watobo/defaults.rb +40 -0
  114. data/lib/watobo/external/diff/lcs/array.rb +42 -0
  115. data/lib/watobo/external/diff/lcs/block.rb +72 -0
  116. data/lib/watobo/external/diff/lcs/callbacks.rb +343 -0
  117. data/lib/watobo/external/diff/lcs/change.rb +190 -0
  118. data/lib/watobo/external/diff/lcs/hunk.rb +279 -0
  119. data/lib/watobo/external/diff/lcs/ldiff.rb +247 -0
  120. data/lib/watobo/external/diff/lcs/string.rb +40 -0
  121. data/lib/watobo/external/diff/lcs.rb +1124 -0
  122. data/lib/watobo/external/ntlm/ntlm.rb +797 -0
  123. data/lib/watobo/externals.rb +28 -0
  124. data/lib/watobo/framework/create_project.rb +55 -0
  125. data/lib/watobo/framework/init.rb +149 -0
  126. data/lib/watobo/framework/init_modules.rb +116 -0
  127. data/lib/watobo/framework/license_text.rb +50 -0
  128. data/lib/watobo/framework.rb +26 -0
  129. data/lib/watobo/gui/about_watobo.rb +68 -0
  130. data/lib/watobo/gui/browser_preview.rb +460 -0
  131. data/lib/watobo/gui/certificate_dialog.rb +132 -0
  132. data/lib/watobo/gui/chat_diff.rb +415 -0
  133. data/lib/watobo/gui/chatviewer_frame.rb +427 -0
  134. data/lib/watobo/gui/checkboxtree.rb +221 -0
  135. data/lib/watobo/gui/checks_policy_frame.rb +123 -0
  136. data/lib/watobo/gui/client_cert_dialog.rb +227 -0
  137. data/lib/watobo/gui/confirm_scan_dialog.rb +67 -0
  138. data/lib/watobo/gui/conversation_table.rb +386 -0
  139. data/lib/watobo/gui/conversation_table_ctrl.rb +175 -0
  140. data/lib/watobo/gui/csrf_token_dialog.rb +446 -0
  141. data/lib/watobo/gui/dashboard.rb +341 -0
  142. data/lib/watobo/gui/define_scope_frame.rb +380 -0
  143. data/lib/watobo/gui/edit_comment.rb +70 -0
  144. data/lib/watobo/gui/edit_scope_dialog.rb +69 -0
  145. data/lib/watobo/gui/finding_info.rb +212 -0
  146. data/lib/watobo/gui/findings_tree.rb +459 -0
  147. data/lib/watobo/gui/full_scan_dialog.rb +269 -0
  148. data/lib/watobo/gui/fuzzer_gui.rb +1522 -0
  149. data/lib/watobo/gui/hex_viewer.rb +106 -0
  150. data/lib/watobo/gui/interceptor_gui.rb +994 -0
  151. data/lib/watobo/gui/interceptor_settings_dialog.rb +201 -0
  152. data/lib/watobo/gui/log_viewer.rb +97 -0
  153. data/lib/watobo/gui/login_wizzard.rb +301 -0
  154. data/lib/watobo/gui/main_window.rb +1815 -0
  155. data/lib/watobo/gui/manual_request_editor.rb +1105 -0
  156. data/lib/watobo/gui/master_pw_dialog.rb +142 -0
  157. data/lib/watobo/gui/password_policy_dialog.rb +98 -0
  158. data/lib/watobo/gui/plugin/base.rb +82 -0
  159. data/lib/watobo/gui/plugin_board.rb +95 -0
  160. data/lib/watobo/gui/preferences_dialog.rb +116 -0
  161. data/lib/watobo/gui/progress_window.rb +102 -0
  162. data/lib/watobo/gui/project_wizzard.rb +369 -0
  163. data/lib/watobo/gui/proxy_dialog.rb +550 -0
  164. data/lib/watobo/gui/quick_scan_dialog.rb +242 -0
  165. data/lib/watobo/gui/request_editor.rb +480 -0
  166. data/lib/watobo/gui/save_chat_dialog.rb +158 -0
  167. data/lib/watobo/gui/scanner_settings_dialog.rb +360 -0
  168. data/lib/watobo/gui/select_chat_dialog.rb +169 -0
  169. data/lib/watobo/gui/session_management_dialog.rb +688 -0
  170. data/lib/watobo/gui/sites_tree.rb +347 -0
  171. data/lib/watobo/gui/status_bar.rb +88 -0
  172. data/lib/watobo/gui/table_editor.rb +445 -0
  173. data/lib/watobo/gui/tagless_viewer.rb +62 -0
  174. data/lib/watobo/gui/templates/plugin.rb +80 -0
  175. data/lib/watobo/gui/templates/plugin2.rb +103 -0
  176. data/lib/watobo/gui/text_viewer.rb +247 -0
  177. data/lib/watobo/gui/transcoder_window.rb +215 -0
  178. data/lib/watobo/gui/utils/gui_utils.rb +129 -0
  179. data/lib/watobo/gui/utils/init_icons.rb +106 -0
  180. data/lib/watobo/gui/utils/load_icons.rb +54 -0
  181. data/lib/watobo/gui/utils/load_plugins.rb +94 -0
  182. data/lib/watobo/gui/utils/master_password.rb +90 -0
  183. data/lib/watobo/gui/utils/save_default_settings.rb +99 -0
  184. data/lib/watobo/gui/utils/save_project_settings.rb +21 -0
  185. data/lib/watobo/gui/utils/save_proxy_settings.rb +45 -0
  186. data/lib/watobo/gui/utils/save_session_settings.rb +21 -0
  187. data/lib/watobo/gui/utils/session_history.rb +134 -0
  188. data/lib/watobo/gui/workspace_dialog.rb +89 -0
  189. data/lib/watobo/gui/www_auth_dialog.rb +348 -0
  190. data/lib/watobo/gui/xml_viewer_frame.rb +114 -0
  191. data/lib/watobo/gui.rb +139 -0
  192. data/lib/watobo/mixins/httpparser.rb +664 -0
  193. data/lib/watobo/mixins/request_parser.rb +210 -0
  194. data/lib/watobo/mixins/shapers.rb +345 -0
  195. data/lib/watobo/mixins/transcoders.rb +88 -0
  196. data/lib/watobo/mixins.rb +32 -0
  197. data/lib/watobo/utils/check_regex.rb +36 -0
  198. data/lib/watobo/utils/copy_object.rb +29 -0
  199. data/lib/watobo/utils/crypto.rb +74 -0
  200. data/lib/watobo/utils/expand_range.rb +45 -0
  201. data/lib/watobo/utils/file_management.rb +73 -0
  202. data/lib/watobo/utils/load_chat.rb +219 -0
  203. data/lib/watobo/utils/load_icon.rb +47 -0
  204. data/lib/watobo/utils/print_debug.rb +34 -0
  205. data/lib/watobo/utils/response_hash.rb +143 -0
  206. data/lib/watobo/utils/secure_eval.rb +57 -0
  207. data/lib/watobo/utils/text2request.rb +96 -0
  208. data/lib/watobo/utils.rb +32 -0
  209. data/lib/watobo.rb +76 -0
  210. data/modules/active/Apache/mod_status.rb +123 -0
  211. data/modules/active/Flash/crossdomain.rb +102 -0
  212. data/modules/active/directories/dirwalker.rb +89 -0
  213. data/modules/active/discovery/fileextensions.rb +151 -0
  214. data/modules/active/discovery/http_methods.rb +135 -0
  215. data/modules/active/domino/domino_db.lst +164 -0
  216. data/modules/active/domino/domino_db.rb +128 -0
  217. data/modules/active/fileinclusion/lfi_simple.rb +134 -0
  218. data/modules/active/jboss/jboss_basic.rb +119 -0
  219. data/modules/active/sap/business_objects.rb +73 -0
  220. data/modules/active/sap/its_commands.rb +101 -0
  221. data/modules/active/sap/its_service_parameter.rb +105 -0
  222. data/modules/active/sap/its_services.rb +103 -0
  223. data/modules/active/sap/its_xss.rb +98 -0
  224. data/modules/active/sqlinjection/sql_boolean.rb +262 -0
  225. data/modules/active/sqlinjection/sqli_simple.rb +205 -0
  226. data/modules/active/xss/xss_simple.rb +179 -0
  227. data/modules/passive/cookie_options.rb +97 -0
  228. data/modules/passive/cookie_xss.rb +85 -0
  229. data/modules/passive/detect_code.rb +89 -0
  230. data/modules/passive/detect_fileupload.rb +80 -0
  231. data/modules/passive/detect_infrastructure.rb +98 -0
  232. data/modules/passive/detect_one_time_tokens.rb +86 -0
  233. data/modules/passive/dirindexing.rb +81 -0
  234. data/modules/passive/disclosure_emails.rb +82 -0
  235. data/modules/passive/disclosure_ipaddr.rb +87 -0
  236. data/modules/passive/filename_as_parameter.rb +85 -0
  237. data/modules/passive/form_spotter.rb +75 -0
  238. data/modules/passive/hotspots.rb +86 -0
  239. data/modules/passive/in_script_parameter.rb +92 -0
  240. data/modules/passive/multiple_server_headers.rb +98 -0
  241. data/modules/passive/possible_login.rb +134 -0
  242. data/modules/passive/redirect_url.rb +88 -0
  243. data/modules/passive/redirectionz.rb +96 -0
  244. data/modules/passive/xss_dom.rb +91 -0
  245. data/plugins/catalog/catalog.ico +0 -0
  246. data/plugins/catalog/catalog.rb +726 -0
  247. data/plugins/catalog/db_tests +6483 -0
  248. data/plugins/catalog/db_variables +29 -0
  249. data/plugins/filefinder/dbs/hbci.db +12 -0
  250. data/plugins/filefinder/filefinder.rb +602 -0
  251. data/plugins/sslchecker/cli/sslchecker_cli.rb +21 -0
  252. data/plugins/sslchecker/gui/cipher_table.rb +260 -0
  253. data/plugins/sslchecker/gui/gui.rb +245 -0
  254. data/plugins/sslchecker/gui/sslchecker.rb +26 -0
  255. data/plugins/sslchecker/icons/green_16x16.ico +0 -0
  256. data/plugins/sslchecker/icons/grey_16x16.ico +0 -0
  257. data/plugins/sslchecker/icons/red_16x16.ico +0 -0
  258. data/plugins/sslchecker/icons/sslchecker.ico +0 -0
  259. data/plugins/sslchecker/lib/check.rb +117 -0
  260. metadata +317 -0
@@ -0,0 +1,212 @@
1
+ # .
2
+ # finding_info.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ require 'fox16/colors'
23
+ module Watobo
24
+ module Gui
25
+ class FindingInfo < FXVerticalFrame
26
+ include Watobo::Gui::Icons
27
+ include Watobo::Constants
28
+
29
+ def resetInfo()
30
+ @finding_title.text = "-"
31
+ @finding_date.text = "-"
32
+ @finding_module.text = "-"
33
+ @finding_check.text = "-"
34
+ @finding_proof.text = "-"
35
+ @finding_threat.text = "-"
36
+ @finding_rating.text = "-"
37
+ @finding_cvss.text = "-"
38
+ @finding_measure.text = "-"
39
+
40
+ # @finding_references.text = "-"
41
+
42
+ end
43
+
44
+ def showInfo(finding)
45
+ # p "* show info"
46
+ resetInfo()
47
+ case finding.details[:type]
48
+ when FINDING_TYPE_INFO
49
+
50
+ icon = ICON_INFO_INFO
51
+ rating = "Info"
52
+
53
+ when FINDING_TYPE_HINT
54
+
55
+ icon = ICON_HINTS_INFO
56
+ rating = "Hint"
57
+
58
+
59
+ when FINDING_TYPE_VULN
60
+
61
+ if finding.details[:rating] == VULN_RATING_LOW
62
+ icon = ICON_VULN_LOW
63
+ rating = "Low"
64
+ end
65
+ if finding.details[:rating] == VULN_RATING_MEDIUM
66
+ icon = ICON_VULN_MEDIUM
67
+ rating = "Medium"
68
+ end
69
+ if finding.details[:rating] == VULN_RATING_HIGH
70
+ icon=ICON_VULN_HIGH
71
+ rating = "High"
72
+ end
73
+ if finding.details[:rating] == VULN_RATING_CRITICAL
74
+ icon=ICON_VULN_CRITICAL
75
+ rating = "Critical"
76
+ end
77
+ end
78
+ @finding_icon.icon = icon
79
+ @finding_title.text = finding.details[:class]
80
+ @finding_rating.text = rating
81
+ @finding_threat.text = finding.details[:threat]
82
+ @finding_measure.text = finding.details[:measure]
83
+
84
+ @finding_date.text = finding.details[:tstamp]
85
+ @finding_module.text = finding.details[:module]
86
+ @finding_chat.text = finding.id.to_s
87
+
88
+ @finding_check.text = finding.details[:check_pattern]
89
+ @finding_proof.text = finding.details[:proof_pattern]
90
+ @finding_id.text = finding.id.to_s
91
+
92
+ self.recalc()
93
+ self.update()
94
+ # p "* ok"
95
+ end
96
+
97
+ def initialize(owner, opts)
98
+ super(owner, opts)
99
+
100
+ @font_title = FXFont.new(getApp(), "helvetica", 14, FONTWEIGHT_BOLD, FONTSLANT_ITALIC, FONTENCODING_DEFAULT)
101
+ @font_text = FXFont.new(getApp(), "courier", 12, FONTWEIGHT_BOLD)
102
+
103
+ main = FXVerticalFrame.new(self, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|FRAME_GROOVE)
104
+ main.backColor = FXColor::White
105
+
106
+ frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|FRAME_GROOVE)
107
+ frame.backColor = FXColor::White
108
+
109
+ #@imageview = FXImageView.new(header, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|HSCROLLER_NEVER|VSCROLLER_NEVER)
110
+ #@imageview = FXImageView.new(header, :opts => LAYOUT_FIX_WIDTH|LAYOUT_FIX_HEIGHT|HSCROLLER_NEVER|VSCROLLER_NEVER, :width => 50, :height => 50)
111
+ #@imageview.image = ICON_WATOBO
112
+ @finding_icon = FXButton.new(frame, '', ICON_WATOBO, :opts => FRAME_NONE)
113
+ @finding_icon.backColor = FXColor::White
114
+
115
+ @finding_title = FXLabel.new(frame, "- N/A -", nil, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y)
116
+ @finding_title.setFont(@font_title)
117
+ @finding_title.backColor = FXColor::White
118
+ @finding_title.justify = JUSTIFY_LEFT|JUSTIFY_CENTER_Y
119
+
120
+ frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X)
121
+ frame.backColor = FXColor::White
122
+ label = FXLabel.new(frame, "Rating: ")
123
+ label.backColor = FXColor::White
124
+ label.setFont(@font_text)
125
+
126
+ @finding_rating = FXLabel.new(frame, "- N/A -", nil, :opts => JUSTIFY_CENTER_X|LAYOUT_FILL_X)
127
+ @finding_rating.setFont(@font_text)
128
+ @finding_rating.backColor = FXColor::White
129
+ @finding_rating.justify = JUSTIFY_LEFT
130
+
131
+
132
+ frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|FRAME_GROOVE)
133
+ frame.backColor = FXColor::White
134
+ label = FXLabel.new(frame, "Threat:")
135
+ label.backColor = FXColor::White
136
+ label.setFont(@font_title)
137
+
138
+ threat = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
139
+ threat.backColor = FXColor::White
140
+ #@finding_thread = FXLabel.new(thread, "- N/A -", nil, :opts => JUSTIFY_CENTER_X|LAYOUT_FILL_X)
141
+ @finding_threat = FXText.new(threat, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_READONLY|TEXT_WORDWRAP)
142
+ # Enable the style buffer for this text widget
143
+ @finding_threat .styled = true
144
+ @finding_threat.setFont(@font_text)
145
+ @finding_threat.backColor = FXColor::White
146
+ # @finding_thread.justify = JUSTIFY_LEFT
147
+
148
+
149
+ frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|FRAME_GROOVE)
150
+ frame.backColor = FXColor::White
151
+ label = FXLabel.new(frame, "Measure:")
152
+ label.backColor = FXColor::White
153
+ label.setFont(@font_title)
154
+
155
+ measure = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
156
+ measure.backColor = FXColor::White
157
+ @finding_measure =FXText.new(measure, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_READONLY|TEXT_WORDWRAP)
158
+ #FXLabel.new(measure, "- N/A -", nil, :opts => JUSTIFY_CENTER_X|LAYOUT_FILL_X)
159
+ @finding_measure.setFont(@font_text)
160
+ @finding_measure.backColor = FXColor::White
161
+ # @finding_measure.justify = JUSTIFY_LEFT
162
+
163
+ frame = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|FRAME_GROOVE)
164
+ frame.backColor = FXColor::White
165
+ label = FXLabel.new(frame, "Details:")
166
+ label.backColor = FXColor::White
167
+ label.setFont(@font_title)
168
+
169
+ details = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y, :padding => 0)
170
+ details.backColor = FXColor::White
171
+ @finding_details =FXText.new(details, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|TEXT_READONLY|TEXT_WORDWRAP)
172
+ @finding_details.setFont(@font_text)
173
+ @finding_details.backColor = FXColor::White
174
+
175
+
176
+
177
+ info = FXHorizontalFrame.new(main, :opts => LAYOUT_FILL_X|FRAME_GROOVE)
178
+ info.backColor = FXColor::White
179
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
180
+
181
+ FXLabel.new(frame, "Finding-ID:")
182
+ @finding_id = FXLabel.new(frame,"-")
183
+
184
+
185
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
186
+ FXLabel.new(frame, "Date:")
187
+ @finding_date = FXLabel.new(frame,"-")
188
+
189
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
190
+ FXLabel.new(frame, "Module:")
191
+ @finding_module = FXLabel.new(frame,"-")
192
+
193
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
194
+ FXLabel.new(frame, "Chat-ID:")
195
+ @finding_chat = FXLabel.new(frame,"-")
196
+
197
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
198
+ FXLabel.new(frame, "Check-Pattern:")
199
+ @finding_check = FXLabel.new(frame,"-")
200
+
201
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
202
+ FXLabel.new(frame, "Proof-Pattern:")
203
+ @finding_proof = FXLabel.new(frame,"-")
204
+
205
+ frame = FXHorizontalFrame.new(info, :opts => LAYOUT_FILL_X)
206
+ FXLabel.new(frame, "CVSS (Base-Score):")
207
+ @finding_cvss = FXLabel.new(frame,"-")
208
+ end
209
+
210
+ end
211
+ end
212
+ end
@@ -0,0 +1,459 @@
1
+ # .
2
+ # findings_tree.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Gui
24
+ class FindingsTree < FXTreeList
25
+ include Watobo::Constants
26
+ include Watobo::Gui::Icons
27
+
28
+ attr_accessor :project
29
+ def subscribe(event, &callback)
30
+ (@event_dispatcher_listeners[event] ||= []) << callback
31
+ end
32
+
33
+ def expandFullTree(item)
34
+ self.expandTree(item)
35
+ item.each do |c|
36
+ expandFullTree(c) if !self.itemLeaf?(c)
37
+ end
38
+ end
39
+
40
+ def collapseFullTree(item)
41
+ self.collapseTree(item)
42
+ item.each do |c|
43
+ collapseFullTree(c) if !self.itemLeaf?(c)
44
+ end
45
+ end
46
+
47
+ def hidden?(finding)
48
+ return true if @hide_false_positives == true and finding.false_positive?
49
+ false
50
+ end
51
+
52
+ def refresh_tree
53
+ self.clearItems
54
+
55
+ @findings.each_value do |finding|
56
+
57
+ addFinding(finding)
58
+
59
+ end
60
+ end
61
+
62
+ def reload()
63
+
64
+ unless @project.nil?
65
+ @findings.clear
66
+ @project.findings.each do |fid, finding|
67
+ @findings[fid] = finding
68
+ end
69
+ end
70
+ refresh_tree
71
+
72
+ end
73
+
74
+ def useRegularIcons()
75
+
76
+ regular_font = FXFont.new(getApp(), "helvetica", GUI_REGULAR_FONT_SIZE)
77
+ regular_font.create
78
+ # Findings Tree Icons
79
+ @icon_vuln = ICON_VULN
80
+ @icon_vuln_low = ICON_VULN_LOW
81
+ @icon_vuln_medium = ICON_VULN_MEDIUM
82
+ @icon_vuln_high = ICON_VULN_HIGH
83
+ @icon_vuln_critical = ICON_VULN_CRITICAL
84
+ @icon_info = ICON_INFO
85
+ @icon_info_info = ICON_INFO_INFO
86
+ @icon_hints_info = ICON_INFO_INFO
87
+
88
+ @icon_project = ICON_PROJECT
89
+ @icon_hints = ICON_HINTS
90
+ self.font = regular_font
91
+ reload()
92
+ end
93
+
94
+ def useSmallIcons
95
+ small_font = FXFont.new(getApp(), "helvetica", GUI_SMALL_FONT_SIZE)
96
+ small_font.create
97
+ @icon_vuln = ICON_VULN_SMALL
98
+ @icon_vuln_low = ICON_VULN_LOW_SMALL
99
+ @icon_vuln_medium = ICON_VULN_MEDIUM_SMALL
100
+ @icon_vuln_high = ICON_VULN_HIGH_SMALL
101
+ @icon_vuln_critical = ICON_VULN_CRITICAL_SMALL
102
+ @icon_info = ICON_INFO_SMALL
103
+ @icon_info_info = ICON_INFO_INFO_SMALL
104
+ @icon_hints_info = ICON_INFO_INFO_SMALL
105
+ @icon_project = ICON_PROJECT_SMALL
106
+ @icon_hints = ICON_HINTS_SMALL
107
+ self.font = small_font
108
+ reload()
109
+ end
110
+
111
+ def hideDomain(domain_filter)
112
+ #@interface.default_settings[:domain_filters].push domain_filter
113
+ #@interface.updateTreeLists
114
+ #notify(:new_domain_filter, domain_filter)
115
+ end
116
+
117
+ def addFinding(finding)
118
+ # p "* add finding to tree"
119
+ # puts finding.details[:title]
120
+ @findings[finding.details[:fid]] = finding
121
+ if @show_scope_only == true
122
+ addFindingItem(finding) if @project.siteInScope?(finding.request.site)
123
+ else
124
+ addFindingItem(finding)
125
+ end
126
+
127
+ end
128
+
129
+ def addFindingItem(finding)
130
+ begin
131
+
132
+ site = nil
133
+ # puts "add finding"
134
+ if not hidden?(finding) then
135
+ site = self.findItem(finding.request.site, nil,SEARCH_FORWARD|SEARCH_IGNORECASE)
136
+
137
+ if not site then
138
+ # found new site
139
+ site = self.appendItem(nil, finding.request.site, @icon_project, @icon_project)
140
+ item = self.appendItem(site, "Vulnerabilities", @icon_vuln, @icon_vuln)
141
+ self.setItemData(item, :finding_type )
142
+ item = self.appendItem(site, "Hints", @icon_hints, @icon_hints)
143
+ self.setItemData(item, :finding_type )
144
+ item = self.appendItem(site, "Info", @icon_info, @icon_info)
145
+ self.setItemData(item, :finding_type )
146
+ #site = @findings_tree.moveItem(project.first,project,site)
147
+ self.setItemData(site, :item_type_site)
148
+
149
+ end
150
+
151
+ finding_type=""
152
+
153
+ case finding.details[:type]
154
+ when FINDING_TYPE_INFO
155
+ finding_type = "Info"
156
+ icon = @icon_info_info
157
+
158
+ when FINDING_TYPE_HINT
159
+ finding_type = "Hints"
160
+ icon = @icon_hints_info
161
+
162
+ when FINDING_TYPE_VULN
163
+ finding_type = "Vulnerabilities"
164
+ if finding.details[:rating] == VULN_RATING_LOW
165
+ icon = @icon_vuln_low
166
+ # puts "low-rating-vuln"
167
+ end
168
+ if finding.details[:rating] == VULN_RATING_MEDIUM
169
+ icon = @icon_vuln_medium
170
+ end
171
+ if finding.details[:rating] == VULN_RATING_HIGH
172
+ icon = @icon_vuln_high
173
+ end
174
+ if finding.details[:rating] == VULN_RATING_CRITICAL
175
+ icon = @icon_vuln_critical
176
+ end
177
+ end
178
+
179
+ sub_tree = self.findItem(finding_type, site, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP)
180
+ if sub_tree and sub_tree.parent == site and finding.details[:class]
181
+
182
+ class_item = self.findItem(finding.details[:class], sub_tree, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP)
183
+ if not class_item or class_item.parent != sub_tree
184
+ class_item = self.appendItem(sub_tree, finding.details[:class], icon, icon)
185
+ self.setItemData(class_item, :finding_class )
186
+ end
187
+ title_item = self.findItem(finding.details[:title], class_item, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP)
188
+ if not title_item or title_item.parent != class_item
189
+ title_item = self.appendItem(class_item, finding.details[:title], nil, nil)
190
+ self.setItemData(title_item, :title )
191
+ # puts finding.details[:title]
192
+ end
193
+ # puts title_item
194
+ resource = finding.request.path_ext
195
+
196
+ request_item = self.findItem(resource, title_item, SEARCH_FORWARD|SEARCH_IGNORECASE|SEARCH_NOWRAP)
197
+ if not request_item or request_item.parent != title_item
198
+ text = "/" + resource
199
+ request_item = self.appendItem(title_item, text)
200
+ self.setItemData(request_item, finding)
201
+ end
202
+ end
203
+
204
+ end
205
+ rescue => bang
206
+ puts "!ERROR: could not add finding to tree"
207
+ puts bang
208
+ puts bang.backtrace if $DEBUG
209
+
210
+ end
211
+ end
212
+
213
+ def initialize(parent, interface, project)
214
+ @project = project
215
+ @interface = interface
216
+ @parent = parent
217
+ @findings = Hash.new
218
+ @show_scope_only = false
219
+ @hide_false_positives = false
220
+
221
+ @event_dispatcher_listeners = Hash.new
222
+
223
+ super(parent, :opts => LAYOUT_FILL_X|LAYOUT_FILL_Y|LAYOUT_TOP|LAYOUT_RIGHT|TREELIST_SHOWS_LINES|TREELIST_SHOWS_BOXES|TREELIST_ROOT_BOXES|TREELIST_EXTENDEDSELECT)
224
+
225
+ useRegularIcons()
226
+
227
+ @filtered_domains = Hash.new # domains which already have been filtered
228
+
229
+ self.connect(SEL_COMMAND) do |sender, sel, item|
230
+ if self.itemLeaf?(item)
231
+ getApp().beginWaitCursor do
232
+ begin
233
+ if item.data
234
+ if item.data.is_a? Watobo::Finding
235
+ #@interface.show_vuln(item.data)
236
+ notify(:vuln_click, item.data)
237
+ end
238
+ end
239
+ rescue => bang
240
+ puts "!!! Error: could not show selected finding"
241
+ puts bang
242
+ end
243
+ end
244
+ elsif item.data == :title then
245
+ #@interface.show_vuln(item.first.data) if item.first.data
246
+ notify(:vuln_click, (item.first.data)) if item.first.data
247
+ end
248
+ end
249
+
250
+ self.connect(SEL_DOUBLECLICKED) do |sender, sel, item|
251
+ if self.itemLeaf?(item)
252
+ begin
253
+ puts item.data.class
254
+ if item.data.is_a? Watobo::Finding
255
+ #TODO: show vulnerability details
256
+ # @interface.showFindingInfo(item.data)
257
+ notify(:finding_click, item.data)
258
+ else
259
+ puts item.data.class.to_s
260
+ end
261
+ rescue => bang
262
+ puts "!!! Error: could not show selected finding"
263
+ puts bang
264
+ end
265
+ end
266
+ end
267
+
268
+ self.connect(SEL_RIGHTBUTTONRELEASE) do |sender, sel, event|
269
+ unless event.moved?
270
+ FXMenuPane.new(self) do |menu_pane|
271
+ item = sender.getItemAt(event.win_x, event.win_y)
272
+
273
+
274
+ unless item.nil?
275
+
276
+ data = self.getItemData(item)
277
+
278
+
279
+ if !self.itemLeaf?(item)
280
+ FXMenuCommand.new(menu_pane, "expand tree" ).connect(SEL_COMMAND) {
281
+ expandFullTree(item)
282
+ }
283
+
284
+ FXMenuCommand.new(menu_pane, "collapse tree" ).connect(SEL_COMMAND) {
285
+ self.collapseFullTree(item)
286
+ }
287
+ FXMenuSeparator.new(menu_pane)
288
+ end
289
+ end
290
+ target = FXMenuCheck.new(menu_pane, "show scope only" )
291
+
292
+ target.check = @show_scope_only
293
+
294
+ target.connect(SEL_COMMAND) { |ts, sl, it|
295
+ @show_scope_only = ts.checked?
296
+ refresh_tree
297
+ }
298
+
299
+ target = FXMenuCheck.new(menu_pane, "hide false-positives" )
300
+
301
+ target.check = @hide_false_positives
302
+
303
+ target.connect(SEL_COMMAND) { |ts, sl, it|
304
+ @hide_false_positives = ts.checked?
305
+ refresh_tree
306
+ }
307
+ unless item.nil?
308
+
309
+ data = self.getItemData(item)
310
+
311
+ FXMenuSeparator.new(menu_pane) unless data == :finding_type
312
+
313
+
314
+ if data == :item_type_site then
315
+ # FXMenuSeparator.new(menu_pane)
316
+ FXMenuCommand.new(menu_pane, "add site to scope" ).connect(SEL_COMMAND) {
317
+
318
+ notify(:add_site_to_scope, item.to_s)
319
+ }
320
+ elsif data == :title
321
+ fp_submenu = FXMenuPane.new(self) do |sub|
322
+
323
+ target = FXMenuCommand.new(sub, "Set False Positive" )
324
+ target.connect(SEL_COMMAND) {
325
+ findings = []
326
+ item.each do |ft|
327
+
328
+ f = self.getItemData(ft)
329
+ findings << f if f.is_a? Watobo::Finding
330
+ end
331
+ puts "* False Positive #{findings.length}"
332
+
333
+ notify(:set_false_positive, findings)
334
+ reload
335
+
336
+ }
337
+ target = FXMenuCommand.new(sub, "Unset False Positive" )
338
+ target.connect(SEL_COMMAND) {
339
+ findings = []
340
+ item.each do |ft|
341
+
342
+ f = self.getItemData(ft)
343
+ findings << f if f.is_a? Watobo::Finding
344
+ end
345
+ puts "* False Positive #{findings.length}"
346
+
347
+ notify(:unset_false_positive, findings)
348
+ reload
349
+ }
350
+
351
+ FXMenuSeparator.new(sub)
352
+
353
+ FXMenuCommand.new(sub, "Purge - NO UNDO!" ).connect(SEL_COMMAND) {
354
+ findings = []
355
+ item.each do |ft|
356
+ f = self.getItemData(ft)
357
+ findings << f if f.is_a? Watobo::Finding
358
+ end
359
+ puts "* purge findings #{findings.length}"
360
+
361
+ notify(:purge_findings, findings)
362
+ reload
363
+ }
364
+ end
365
+ FXMenuCascade.new(menu_pane, "All \"#{item}\"", nil, fp_submenu)
366
+
367
+ elsif data == :finding_class
368
+
369
+ # COPY SUBMENU
370
+ fp_submenu = FXMenuPane.new(self) do |sub|
371
+
372
+ target = FXMenuCommand.new(sub, "Set False Positive" )
373
+ target.connect(SEL_COMMAND) {
374
+ findings = []
375
+ item.each do |c|
376
+ c.each do |ft|
377
+ f = self.getItemData(ft)
378
+ findings << f if f.is_a? Watobo::Finding
379
+ end
380
+
381
+ end
382
+ puts "* False Positive #{findings.length}"
383
+
384
+ notify(:set_false_positive, findings)
385
+ reload
386
+
387
+ }
388
+ target = FXMenuCommand.new(sub, "Unset False Positive" )
389
+ target.connect(SEL_COMMAND) {
390
+ findings = []
391
+ item.each do |c|
392
+ c.each do |ft|
393
+ f = self.getItemData(ft)
394
+ findings << f if f.is_a? Watobo::Finding
395
+ end
396
+
397
+ end
398
+ puts "* False Positive #{findings.length}"
399
+
400
+ notify(:unset_false_positive, findings)
401
+ reload
402
+ }
403
+
404
+ FXMenuSeparator.new(sub)
405
+ FXMenuCommand.new(sub, "Purge - NO UNDO!" ).connect(SEL_COMMAND) {
406
+ findings = []
407
+ item.each do |c|
408
+ c.each do |ft|
409
+ f = self.getItemData(ft)
410
+ findings << f if f.is_a? Watobo::Finding
411
+ end
412
+
413
+ end
414
+ puts "* purge findings #{findings.length}"
415
+
416
+ notify(:purge_findings, findings)
417
+ reload
418
+ }
419
+
420
+ end
421
+ FXMenuCascade.new(menu_pane, "All \"#{item}\"", nil, fp_submenu)
422
+
423
+ elsif data.is_a? Watobo::Finding then
424
+ # FXMenuSeparator.new(menu_pane)
425
+ doManual = FXMenuCommand.new(menu_pane, "Manual Request.." )
426
+ doManual.connect(SEL_COMMAND) {
427
+ # @interface.open_manual_request_editor(item.data)
428
+ notify(:open_manual_request, item.data)
429
+
430
+ }
431
+ info = FXMenuCommand.new(menu_pane, "Details..." )
432
+ info.connect(SEL_COMMAND) {
433
+ #@interface.showFindingDetails(item.data)}
434
+ notify(:show_finding_details, item.data)
435
+ }
436
+ end
437
+
438
+ end
439
+ menu_pane.create
440
+ menu_pane.popup(nil, event.root_x, event.root_y)
441
+ app.runModalWhileShown(menu_pane)
442
+ end
443
+ end
444
+ end
445
+ end
446
+
447
+ private
448
+
449
+ def notify(event, *args)
450
+ if @event_dispatcher_listeners[event]
451
+ @event_dispatcher_listeners[event].each do |m|
452
+ m.call(*args) if m.respond_to? :call
453
+ end
454
+ end
455
+ end
456
+ end
457
+ # namespace end
458
+ end
459
+ end