watobo 0.9.8.677

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (260) hide show
  1. data/bin/watobo_gui.rb +39 -0
  2. data/certificates/cert.pem +19 -0
  3. data/certificates/privkey.pem +15 -0
  4. data/certificates/watobo_dh.key +5 -0
  5. data/config/datastore.yml +5 -0
  6. data/config/forwarding_proxy.yml +12 -0
  7. data/config/general.yml +4 -0
  8. data/config/gui.yml +23 -0
  9. data/config/interceptor.yml +16 -0
  10. data/config/scan_policy.yml +13 -0
  11. data/config/scanner.yml +34 -0
  12. data/icons/Add.ico +0 -0
  13. data/icons/Add_24x24.ico +0 -0
  14. data/icons/Bandwidth.ico +0 -0
  15. data/icons/Bandwidth_24x24.ico +0 -0
  16. data/icons/Mr. Bomb.ico +0 -0
  17. data/icons/Mr. Bomb_16x16.ico +0 -0
  18. data/icons/Mr. Bomb_24x24.ico +0 -0
  19. data/icons/Orange Ball.ico +0 -0
  20. data/icons/Orange Ball_16x16.ico +0 -0
  21. data/icons/Orange Ball_24x24.ico +0 -0
  22. data/icons/Pause.ico +0 -0
  23. data/icons/Play.ico +0 -0
  24. data/icons/Play_24x24.ico +0 -0
  25. data/icons/Red Ball.ico +0 -0
  26. data/icons/Red Ball_16x16.ico +0 -0
  27. data/icons/Red Ball_24x24.ico +0 -0
  28. data/icons/Run.ico +0 -0
  29. data/icons/Stop.ico +0 -0
  30. data/icons/Stop_24x24.ico +0 -0
  31. data/icons/Terminal.ico +0 -0
  32. data/icons/Transfer.ico +0 -0
  33. data/icons/Transfer_16x16.ico +0 -0
  34. data/icons/User.ico +0 -0
  35. data/icons/User_16x16.ico +0 -0
  36. data/icons/User_24x24.ico +0 -0
  37. data/icons/Web Browser.ico +0 -0
  38. data/icons/Web Browser_16x16.ico +0 -0
  39. data/icons/Write Document.ico +0 -0
  40. data/icons/Yellow Ball.ico +0 -0
  41. data/icons/Yellow Ball_16x16.ico +0 -0
  42. data/icons/Yellow Ball_24x24.ico +0 -0
  43. data/icons/advanced.ico +0 -0
  44. data/icons/advanced_16x16.ico +0 -0
  45. data/icons/advanced_24x24.ico +0 -0
  46. data/icons/applications.ico +0 -0
  47. data/icons/applications_16x16.ico +0 -0
  48. data/icons/applications_24x24.ico +0 -0
  49. data/icons/browser_16x16.ico +0 -0
  50. data/icons/browser_24x24.ico +0 -0
  51. data/icons/burn.ico +0 -0
  52. data/icons/burn_16x16.ico +0 -0
  53. data/icons/burn_24x24.ico +0 -0
  54. data/icons/calculator.ico +0 -0
  55. data/icons/calculator_24x24.ico +0 -0
  56. data/icons/cb_checked.ico +0 -0
  57. data/icons/cb_checked_orange.ico +0 -0
  58. data/icons/cb_unchecked.ico +0 -0
  59. data/icons/coin_24x24.ico +0 -0
  60. data/icons/conversation.ico +0 -0
  61. data/icons/conversation_24x24.ico +0 -0
  62. data/icons/engine.ico +0 -0
  63. data/icons/filter.ico +0 -0
  64. data/icons/folder.ico +0 -0
  65. data/icons/folder_16x16.ico +0 -0
  66. data/icons/fuzzer_16x16.ico +0 -0
  67. data/icons/fuzzer_24x24.ico +0 -0
  68. data/icons/go-down_16x16.png +0 -0
  69. data/icons/go-up_16x16.png +0 -0
  70. data/icons/help.ico +0 -0
  71. data/icons/help_16x16.ico +0 -0
  72. data/icons/help_24x24.ico +0 -0
  73. data/icons/iChat.ico +0 -0
  74. data/icons/iChat_16x16.ico +0 -0
  75. data/icons/iChat_24x24.ico +0 -0
  76. data/icons/icons.txt +3 -0
  77. data/icons/info.ico +0 -0
  78. data/icons/info_16x16.ico +0 -0
  79. data/icons/info_24x24.ico +0 -0
  80. data/icons/interceptor_24x24.ico +0 -0
  81. data/icons/lock.ico +0 -0
  82. data/icons/lock_12x12.ico +0 -0
  83. data/icons/lock_16x16.ico +0 -0
  84. data/icons/monitor.ico +0 -0
  85. data/icons/plugin.ico +0 -0
  86. data/icons/plugin_24x24.ico +0 -0
  87. data/icons/scan_16x16.png +0 -0
  88. data/icons/send.ico +0 -0
  89. data/icons/server.ico +0 -0
  90. data/icons/server_16x16.ico +0 -0
  91. data/icons/siberas_logo_x24.gif +0 -0
  92. data/icons/tag_blue_32x32.ico +0 -0
  93. data/icons/watobo-48x48.png +0 -0
  94. data/icons/watobo-logo.png +0 -0
  95. data/icons/watobo.ico +0 -0
  96. data/lib/watobo/adapters/data_store.rb +38 -0
  97. data/lib/watobo/adapters/file/file_store.rb +211 -0
  98. data/lib/watobo/adapters/session_store.rb +27 -0
  99. data/lib/watobo/adapters.rb +26 -0
  100. data/lib/watobo/config.rb +143 -0
  101. data/lib/watobo/constants.rb +92 -0
  102. data/lib/watobo/core/active_check.rb +404 -0
  103. data/lib/watobo/core/cookie.rb +69 -0
  104. data/lib/watobo/core/fuzz_gen.rb +160 -0
  105. data/lib/watobo/core/http_socket.rb +142 -0
  106. data/lib/watobo/core/interceptor.rb +729 -0
  107. data/lib/watobo/core/passive_check.rb +141 -0
  108. data/lib/watobo/core/project.rb +1058 -0
  109. data/lib/watobo/core/scanner.rb +396 -0
  110. data/lib/watobo/core/session.rb +1320 -0
  111. data/lib/watobo/core/simple_ca.rb +393 -0
  112. data/lib/watobo/core.rb +34 -0
  113. data/lib/watobo/defaults.rb +40 -0
  114. data/lib/watobo/external/diff/lcs/array.rb +42 -0
  115. data/lib/watobo/external/diff/lcs/block.rb +72 -0
  116. data/lib/watobo/external/diff/lcs/callbacks.rb +343 -0
  117. data/lib/watobo/external/diff/lcs/change.rb +190 -0
  118. data/lib/watobo/external/diff/lcs/hunk.rb +279 -0
  119. data/lib/watobo/external/diff/lcs/ldiff.rb +247 -0
  120. data/lib/watobo/external/diff/lcs/string.rb +40 -0
  121. data/lib/watobo/external/diff/lcs.rb +1124 -0
  122. data/lib/watobo/external/ntlm/ntlm.rb +797 -0
  123. data/lib/watobo/externals.rb +28 -0
  124. data/lib/watobo/framework/create_project.rb +55 -0
  125. data/lib/watobo/framework/init.rb +149 -0
  126. data/lib/watobo/framework/init_modules.rb +116 -0
  127. data/lib/watobo/framework/license_text.rb +50 -0
  128. data/lib/watobo/framework.rb +26 -0
  129. data/lib/watobo/gui/about_watobo.rb +68 -0
  130. data/lib/watobo/gui/browser_preview.rb +460 -0
  131. data/lib/watobo/gui/certificate_dialog.rb +132 -0
  132. data/lib/watobo/gui/chat_diff.rb +415 -0
  133. data/lib/watobo/gui/chatviewer_frame.rb +427 -0
  134. data/lib/watobo/gui/checkboxtree.rb +221 -0
  135. data/lib/watobo/gui/checks_policy_frame.rb +123 -0
  136. data/lib/watobo/gui/client_cert_dialog.rb +227 -0
  137. data/lib/watobo/gui/confirm_scan_dialog.rb +67 -0
  138. data/lib/watobo/gui/conversation_table.rb +386 -0
  139. data/lib/watobo/gui/conversation_table_ctrl.rb +175 -0
  140. data/lib/watobo/gui/csrf_token_dialog.rb +446 -0
  141. data/lib/watobo/gui/dashboard.rb +341 -0
  142. data/lib/watobo/gui/define_scope_frame.rb +380 -0
  143. data/lib/watobo/gui/edit_comment.rb +70 -0
  144. data/lib/watobo/gui/edit_scope_dialog.rb +69 -0
  145. data/lib/watobo/gui/finding_info.rb +212 -0
  146. data/lib/watobo/gui/findings_tree.rb +459 -0
  147. data/lib/watobo/gui/full_scan_dialog.rb +269 -0
  148. data/lib/watobo/gui/fuzzer_gui.rb +1522 -0
  149. data/lib/watobo/gui/hex_viewer.rb +106 -0
  150. data/lib/watobo/gui/interceptor_gui.rb +994 -0
  151. data/lib/watobo/gui/interceptor_settings_dialog.rb +201 -0
  152. data/lib/watobo/gui/log_viewer.rb +97 -0
  153. data/lib/watobo/gui/login_wizzard.rb +301 -0
  154. data/lib/watobo/gui/main_window.rb +1815 -0
  155. data/lib/watobo/gui/manual_request_editor.rb +1105 -0
  156. data/lib/watobo/gui/master_pw_dialog.rb +142 -0
  157. data/lib/watobo/gui/password_policy_dialog.rb +98 -0
  158. data/lib/watobo/gui/plugin/base.rb +82 -0
  159. data/lib/watobo/gui/plugin_board.rb +95 -0
  160. data/lib/watobo/gui/preferences_dialog.rb +116 -0
  161. data/lib/watobo/gui/progress_window.rb +102 -0
  162. data/lib/watobo/gui/project_wizzard.rb +369 -0
  163. data/lib/watobo/gui/proxy_dialog.rb +550 -0
  164. data/lib/watobo/gui/quick_scan_dialog.rb +242 -0
  165. data/lib/watobo/gui/request_editor.rb +480 -0
  166. data/lib/watobo/gui/save_chat_dialog.rb +158 -0
  167. data/lib/watobo/gui/scanner_settings_dialog.rb +360 -0
  168. data/lib/watobo/gui/select_chat_dialog.rb +169 -0
  169. data/lib/watobo/gui/session_management_dialog.rb +688 -0
  170. data/lib/watobo/gui/sites_tree.rb +347 -0
  171. data/lib/watobo/gui/status_bar.rb +88 -0
  172. data/lib/watobo/gui/table_editor.rb +445 -0
  173. data/lib/watobo/gui/tagless_viewer.rb +62 -0
  174. data/lib/watobo/gui/templates/plugin.rb +80 -0
  175. data/lib/watobo/gui/templates/plugin2.rb +103 -0
  176. data/lib/watobo/gui/text_viewer.rb +247 -0
  177. data/lib/watobo/gui/transcoder_window.rb +215 -0
  178. data/lib/watobo/gui/utils/gui_utils.rb +129 -0
  179. data/lib/watobo/gui/utils/init_icons.rb +106 -0
  180. data/lib/watobo/gui/utils/load_icons.rb +54 -0
  181. data/lib/watobo/gui/utils/load_plugins.rb +94 -0
  182. data/lib/watobo/gui/utils/master_password.rb +90 -0
  183. data/lib/watobo/gui/utils/save_default_settings.rb +99 -0
  184. data/lib/watobo/gui/utils/save_project_settings.rb +21 -0
  185. data/lib/watobo/gui/utils/save_proxy_settings.rb +45 -0
  186. data/lib/watobo/gui/utils/save_session_settings.rb +21 -0
  187. data/lib/watobo/gui/utils/session_history.rb +134 -0
  188. data/lib/watobo/gui/workspace_dialog.rb +89 -0
  189. data/lib/watobo/gui/www_auth_dialog.rb +348 -0
  190. data/lib/watobo/gui/xml_viewer_frame.rb +114 -0
  191. data/lib/watobo/gui.rb +139 -0
  192. data/lib/watobo/mixins/httpparser.rb +664 -0
  193. data/lib/watobo/mixins/request_parser.rb +210 -0
  194. data/lib/watobo/mixins/shapers.rb +345 -0
  195. data/lib/watobo/mixins/transcoders.rb +88 -0
  196. data/lib/watobo/mixins.rb +32 -0
  197. data/lib/watobo/utils/check_regex.rb +36 -0
  198. data/lib/watobo/utils/copy_object.rb +29 -0
  199. data/lib/watobo/utils/crypto.rb +74 -0
  200. data/lib/watobo/utils/expand_range.rb +45 -0
  201. data/lib/watobo/utils/file_management.rb +73 -0
  202. data/lib/watobo/utils/load_chat.rb +219 -0
  203. data/lib/watobo/utils/load_icon.rb +47 -0
  204. data/lib/watobo/utils/print_debug.rb +34 -0
  205. data/lib/watobo/utils/response_hash.rb +143 -0
  206. data/lib/watobo/utils/secure_eval.rb +57 -0
  207. data/lib/watobo/utils/text2request.rb +96 -0
  208. data/lib/watobo/utils.rb +32 -0
  209. data/lib/watobo.rb +76 -0
  210. data/modules/active/Apache/mod_status.rb +123 -0
  211. data/modules/active/Flash/crossdomain.rb +102 -0
  212. data/modules/active/directories/dirwalker.rb +89 -0
  213. data/modules/active/discovery/fileextensions.rb +151 -0
  214. data/modules/active/discovery/http_methods.rb +135 -0
  215. data/modules/active/domino/domino_db.lst +164 -0
  216. data/modules/active/domino/domino_db.rb +128 -0
  217. data/modules/active/fileinclusion/lfi_simple.rb +134 -0
  218. data/modules/active/jboss/jboss_basic.rb +119 -0
  219. data/modules/active/sap/business_objects.rb +73 -0
  220. data/modules/active/sap/its_commands.rb +101 -0
  221. data/modules/active/sap/its_service_parameter.rb +105 -0
  222. data/modules/active/sap/its_services.rb +103 -0
  223. data/modules/active/sap/its_xss.rb +98 -0
  224. data/modules/active/sqlinjection/sql_boolean.rb +262 -0
  225. data/modules/active/sqlinjection/sqli_simple.rb +205 -0
  226. data/modules/active/xss/xss_simple.rb +179 -0
  227. data/modules/passive/cookie_options.rb +97 -0
  228. data/modules/passive/cookie_xss.rb +85 -0
  229. data/modules/passive/detect_code.rb +89 -0
  230. data/modules/passive/detect_fileupload.rb +80 -0
  231. data/modules/passive/detect_infrastructure.rb +98 -0
  232. data/modules/passive/detect_one_time_tokens.rb +86 -0
  233. data/modules/passive/dirindexing.rb +81 -0
  234. data/modules/passive/disclosure_emails.rb +82 -0
  235. data/modules/passive/disclosure_ipaddr.rb +87 -0
  236. data/modules/passive/filename_as_parameter.rb +85 -0
  237. data/modules/passive/form_spotter.rb +75 -0
  238. data/modules/passive/hotspots.rb +86 -0
  239. data/modules/passive/in_script_parameter.rb +92 -0
  240. data/modules/passive/multiple_server_headers.rb +98 -0
  241. data/modules/passive/possible_login.rb +134 -0
  242. data/modules/passive/redirect_url.rb +88 -0
  243. data/modules/passive/redirectionz.rb +96 -0
  244. data/modules/passive/xss_dom.rb +91 -0
  245. data/plugins/catalog/catalog.ico +0 -0
  246. data/plugins/catalog/catalog.rb +726 -0
  247. data/plugins/catalog/db_tests +6483 -0
  248. data/plugins/catalog/db_variables +29 -0
  249. data/plugins/filefinder/dbs/hbci.db +12 -0
  250. data/plugins/filefinder/filefinder.rb +602 -0
  251. data/plugins/sslchecker/cli/sslchecker_cli.rb +21 -0
  252. data/plugins/sslchecker/gui/cipher_table.rb +260 -0
  253. data/plugins/sslchecker/gui/gui.rb +245 -0
  254. data/plugins/sslchecker/gui/sslchecker.rb +26 -0
  255. data/plugins/sslchecker/icons/green_16x16.ico +0 -0
  256. data/plugins/sslchecker/icons/grey_16x16.ico +0 -0
  257. data/plugins/sslchecker/icons/red_16x16.ico +0 -0
  258. data/plugins/sslchecker/icons/sslchecker.ico +0 -0
  259. data/plugins/sslchecker/lib/check.rb +117 -0
  260. metadata +317 -0
@@ -0,0 +1,179 @@
1
+ # .
2
+ # xss_simple.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Active
25
+ module Xss
26
+
27
+
28
+ class Xss_simple < Watobo::ActiveCheck
29
+
30
+ def initialize(project, prefs={})
31
+ super(project, prefs)
32
+
33
+ threat =<<'EOF'
34
+ Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance.
35
+ A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser
36
+ within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to
37
+ VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
38
+
39
+ When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the
40
+ hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible
41
+ by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another
42
+ location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially
43
+ compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content
44
+ from the file system may execute code under the local machine zone allowing for system compromise.
45
+
46
+ Source: http://projects.webappsec.org/Cross-Site+Scripting
47
+ EOF
48
+
49
+ measure = "All user input should be filtered and/or escaped using a method appropriate for the output context"
50
+
51
+ @info.update(
52
+ :check_name => 'Simple Cross Site Scripting Checks', # name of check which briefly describes functionality, will be used for tree and progress views
53
+ :check_group => AC_GROUP_XSS,
54
+ :description => "Check for every parameter if response contains XSS'able content.", # description of checkfunction
55
+ :author => "Andreas Schmidt", # author of check
56
+ :version => "0.9" # check version
57
+ )
58
+
59
+ @finding.update(
60
+ :threat => threat, # thread of vulnerability, e.g. loss of information
61
+ :class => "Reflected XSS", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
62
+ :type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
63
+ :rating => VULN_RATING_HIGH,
64
+ :measure => measure
65
+ )
66
+
67
+ @xss_checks=[
68
+ ["<script>watobo</script>", "<script>watobo</script>"],
69
+ ["%3Cscript%3Ewatobo%3C/script%3E", "<script>watobo</script>"],
70
+ ["%0a<script>watobo</script>", "<script>watobo</script>"], # prepend %0A can circumvent checks ... seen in the wild
71
+ ["%0a%3Cscript%3Ewatobo%3C/script%3E", "<script>watobo</script>"], # prepend %0A can circumvent checks ... seen in the wild
72
+ ["<watobo", "<watobo"],
73
+ ["%00<watobo", "<watobo"],
74
+ ["%3Cwatobo%3E", "<watobo>"],
75
+ ]
76
+
77
+
78
+ end
79
+
80
+
81
+ def generateChecks(chat)
82
+ #
83
+ # Check GET-Parameters
84
+ #
85
+ begin
86
+
87
+
88
+ chat.request.get_parm_names.each do |parm|
89
+ # puts parm
90
+ # puts "#{Module.nesting[0].name}: run check on chat-id (#{chat.id}) with parm (#{parm})"
91
+ @xss_checks.each do |check, pattern|
92
+ checker = proc {
93
+ test_request = nil
94
+ test_response = nil
95
+ test = chat.copyRequest
96
+ test.replace_get_parm(parm, check)
97
+ test_request,test_response = doRequest(test)
98
+
99
+ if not test_response then
100
+ puts "got no respons :("
101
+ elsif test_response.join =~ /(#{pattern})/i
102
+ match = $1
103
+ # puts "found xss (get)"
104
+ # test_chat = Chat.new(test,test_response,chat.id)
105
+
106
+ # resource = "/" + test_request.resource
107
+
108
+ addFinding(test_request, test_response,
109
+ :check_pattern => "#{check}",
110
+ :proof_pattern => "#{match}",
111
+ :test_item => parm,
112
+ :class => "Reflected XSS [GET]",
113
+ :chat => chat,
114
+ :title => "[#{parm}] - #{test_request.path}"
115
+ )
116
+ end
117
+ #@project.new_finding(:short_name=>"#{parm}", :check=>"#{check}", :proof=>"#{pattern}", :kategory=>"XSS-Post", :type=>"Vuln", :chat=>test_chat, :rating=>"High")
118
+ [ test_request, test_response ]
119
+ }
120
+ yield checker
121
+ end
122
+ end
123
+
124
+
125
+
126
+ #
127
+ # Check POST-Parameters
128
+ #
129
+
130
+ chat.request.post_parm_names.each do |parm|
131
+ #puts "#{chat.id}: run check on post parm #{parm}"
132
+ @xss_checks.each do |check, pattern|
133
+
134
+
135
+ checker = proc {
136
+
137
+ test = chat.copyRequest
138
+ # modify the test request
139
+ test.replace_post_parm(parm, check)
140
+ test_request,test_response = doRequest(test)
141
+
142
+ match = nil
143
+ if test_response.join =~ /(#{pattern})/i
144
+ match = $1
145
+ # puts "Reflected XSS [POST] - #{parm}"
146
+ # test_chat = Chat.new(test, test_response, chat.id)
147
+ # resource = "/" + test_request.resource
148
+ addFinding(test_request, test_response,
149
+ :test_item => parm,
150
+ :check_pattern => "#{check}",
151
+ :proof_pattern => "#{match}",
152
+ :class => "Reflected XSS [POST]",
153
+ :chat => chat,
154
+ :title => "[#{parm}] - #{test_request.path}"
155
+ )
156
+ end
157
+ # don't use 'return' here
158
+ [ test_request, test_response ]
159
+ }
160
+ yield checker
161
+ end
162
+ end
163
+
164
+ rescue => bang
165
+ puts bang
166
+ puts bang.backtrace if $DEBUG
167
+ puts "ERROR!! #{Module.nesting[0].name}"
168
+ raise
169
+
170
+
171
+ end
172
+ end
173
+
174
+ end
175
+
176
+ end
177
+ end
178
+ end
179
+ end
@@ -0,0 +1,97 @@
1
+ # .
2
+ # cookie_options.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ # .
23
+ # cookie_options.rb
24
+ #
25
+ # Copyright 2010 by siberas, http://www.siberas.de
26
+ #
27
+ # This file is part of WATOBO (Web Application Tool Box)
28
+ # http://watobo.sourceforge.com
29
+ #
30
+ # WATOBO is free software; you can redistribute it and/or modify
31
+ # it under the terms of the GNU General Public License as published by
32
+ # the Free Software Foundation version 2 of the License.
33
+ #
34
+ # WATOBO is distributed in the hope that it will be useful,
35
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
36
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
37
+ # GNU General Public License for more details.
38
+ #
39
+ # You should have received a copy of the GNU General Public License
40
+ # along with WATOBO; if not, write to the Free Software
41
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
42
+ # .
43
+ module Watobo
44
+ module Modules
45
+ module Passive
46
+
47
+
48
+ class Cookie_options < Watobo::PassiveCheck
49
+
50
+ def initialize(project)
51
+
52
+ @project = project
53
+ super(project)
54
+ @info.update(
55
+ :check_name => 'Cookie Security', # name of check which briefly describes functionality, will be used for tree and progress views
56
+ :description => 'Cookies especially Session Cookies should be set only over a secure channel. Additionally there should be set some security options.', # description of checkfunction
57
+ :author => "Andreas Schmidt", # author of check
58
+ :version => "0.9" # check version
59
+ )
60
+
61
+ @finding.update(
62
+ :threat => 'Cookies used in this application are not secured by special Cookie Options like Secure or HTTPOnly. If Cookie Security is not in place, sensitive cookie information may be revealed.', # thread of vulnerability, e.g. loss of information
63
+ :class => "Cookie Security",# vulnerability class, e.g. Stored XSS, SQL-Injection, ...
64
+ :type => FINDING_TYPE_VULN, # e.g. Hints, Info, Vuln
65
+ :rating=> VULN_RATING_MEDIUM # [Symbol] Critical, High, Medium, Low, Info
66
+ )
67
+ end
68
+
69
+ def do_test(chat)
70
+ begin
71
+ # puts "running module: #{Module.nesting[0].name}"
72
+ if chat.response.headers.each do |h|
73
+ if h =~ /(^Set-Cookie.*)/ then
74
+ dummy = h.split(";")
75
+ cookie = dummy.shift
76
+ options = dummy.join(";")
77
+
78
+ if (chat.request.proto =~ /https/i and options !~ /secure/i) or options !~ /httponly/i then
79
+ cookie.gsub!(/=.*/,"")
80
+ addFinding( :proof_pattern => options,
81
+ :check_pattern => "Set-Cookie:.*",
82
+ :chat => chat,
83
+ :title => 'Security Options',
84
+ :unique => cookie)
85
+ end
86
+ end
87
+ end
88
+ end
89
+ rescue
90
+ puts "ERROR!! #{Module.nesting[0].name}"
91
+ end
92
+ end
93
+ end
94
+
95
+ end
96
+ end
97
+ end
@@ -0,0 +1,85 @@
1
+ # .
2
+ # cookie_xss.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+
23
+ module Watobo
24
+ module Modules
25
+ module Passive
26
+
27
+
28
+ class Cookie_xss < Watobo::PassiveCheck
29
+
30
+ def initialize(project)
31
+ @project = project
32
+ super(project)
33
+
34
+ @info.update(
35
+ :check_name => 'Cookie XSS', # name of check which briefly describes functionality, will be used for tree and progress views
36
+ :description => "If cookies will be used in the content body, they can be misused for XSS-Attacks.", # description of checkfunction
37
+ :author => "Andreas Schmidt", # author of check
38
+ :version => "0.9" # check version
39
+ )
40
+
41
+ @finding.update(
42
+ :threat => 'A cookie value has been found in the body of the HTML page. This may be exploited for XSS attacks.', # thread of vulnerability, e.g. loss of information
43
+ :class => "Cookie Security", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
44
+ :type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
45
+ )
46
+ end
47
+
48
+ def do_test(chat)
49
+ begin
50
+ # puts "running module: #{Module.nesting[0].name}"
51
+ return if chat.response.nil? or chat.response.body.nil?
52
+ if chat.response.content_type =~ /text/
53
+ all_cookies = chat.request.cookies
54
+ if all_cookies
55
+ # puts all_parms
56
+ all_cookies.each do |cookie|
57
+ dummy = cookie.split("=")
58
+ cname = dummy.shift
59
+ cval = Regexp.quote(dummy.join)
60
+
61
+ if chat.response.body =~ /#{cval}/ and cval.length > 5 then
62
+
63
+ addFinding(:proof_pattern => "#{cval}",
64
+ :check_pattern => "#{cval}",
65
+ :chat => chat,
66
+ :title => "[#{cname}] - #{chat.request.path}")
67
+ break
68
+ end
69
+
70
+ end
71
+ return true
72
+
73
+ end
74
+ end
75
+ end
76
+ rescue => bang
77
+ puts "ERROR!! #{Module.nesting[0].name}"
78
+ puts bang
79
+ puts bang.backtrace if $DEBUG
80
+ end
81
+ end
82
+
83
+ end
84
+ end
85
+ end
@@ -0,0 +1,89 @@
1
+ # .
2
+ # detect_code.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+
26
+
27
+ class Detect_code < Watobo::PassiveCheck
28
+
29
+ def initialize(project)
30
+ @project = project
31
+ super(project)
32
+
33
+ @info.update(
34
+ :check_name => 'Detect Code Snippets', # name of check which briefly describes functionality, will be used for tree and progress views
35
+ :description => "Detects code snippets which may reveal sensitive information.", # description of checkfunction
36
+ :author => "Andreas Schmidt", # author of check
37
+ :version => "0.9" # check version
38
+ )
39
+
40
+ @finding.update(
41
+ :threat => 'Code snippets may reveal internal information like database passwords.', # thread of vulnerability, e.g. loss of information
42
+ :class => "Code Snippets", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
43
+ :type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
44
+ )
45
+
46
+
47
+ @pattern_list = []
48
+ @pattern_list << ['<\?php', "PHP" ]
49
+ @pattern_list << [ '<!--.*select ', "COMMENT" ]
50
+ @pattern_list << [ 'sample code', "COMMENT" ]
51
+ @pattern_list << [ '<%[^<%]*%>', "ASP" ]
52
+
53
+
54
+ end
55
+
56
+ def do_test(chat)
57
+ begin
58
+ # puts "running module: #{Module.nesting[0].name}"
59
+ # puts "body" + chat.response.body.join
60
+ return if chat.response.nil? or chat.response.body.nil?
61
+ if chat.response.content_type =~ /text/ then
62
+
63
+ @pattern_list.each do |pat, type|
64
+ # puts "+check pattern #{pat}"
65
+ if chat.response.body =~ /(#{pat})/i then
66
+ # puts "!!! MATCH !!!"
67
+
68
+ match = $1
69
+ path = "/" + chat.request.path
70
+ addFinding(
71
+ :proof_pattern => "#{match}",
72
+ :chat => chat,
73
+ :title => "[#{type}] - #{path}"
74
+ )
75
+ end
76
+ end
77
+ end
78
+ rescue => bang
79
+ #raise
80
+ puts "ERROR!! #{Module.nesting[0].name}"
81
+ puts bang
82
+ puts bang.backtrace if $DEBUG
83
+ end
84
+ end
85
+ end
86
+
87
+ end
88
+ end
89
+ end
@@ -0,0 +1,80 @@
1
+ # .
2
+ # detect_fileupload.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+ class Detect_fileupload < Watobo::PassiveCheck
26
+ def initialize(project)
27
+ @project = project
28
+ super(project)
29
+
30
+ @info.update(
31
+ :check_name => 'Detect File Upload Functionality', # name of check which briefly describes functionality, will be used for tree and progress views
32
+ :description => "Detects file upload functions which may be exploited to upload malicious file contents.", # description of checkfunction
33
+ :author => "Andreas Schmidt", # author of check
34
+ :version => "0.9" # check version
35
+ )
36
+
37
+ @finding.update(
38
+ :threat => 'File upload functions sometimes can be exploited to upload malicious code. This can lead to server- or client-side code excecution.', # thread of vulnerability, e.g. loss of information
39
+ :class => "File Uploads", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
40
+ :type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
41
+ )
42
+
43
+ @pattern_list = []
44
+ @pattern_list << Regexp.new("<input [^>]*type=.file.")
45
+
46
+ end
47
+
48
+ def do_test(chat)
49
+ begin
50
+ return if chat.response.nil? or chat.response.body.nil?
51
+ if chat.response.content_type =~ /text/
52
+
53
+ @pattern_list.each do |pat|
54
+ #puts "+check pattern #{pat}"
55
+ if pat.match(chat.response.body) # =~ /(#{pat})/i then
56
+ # puts "!!! MATCH (FILE UPLOAD)!!!"
57
+ match = $1
58
+ # puts match
59
+ addFinding(
60
+ :check_pattern => "#{pat}",
61
+ :proof_pattern => "#{match}",
62
+ :title => "#{chat.request.path_ext}",
63
+ :chat => chat
64
+ )
65
+
66
+ end
67
+ end
68
+ else
69
+ # puts chat.response.content_type
70
+ end
71
+ rescue => bang
72
+ puts "ERROR!! #{Module.nesting[0].name}"
73
+ puts bang
74
+ end
75
+ end
76
+ end
77
+
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,98 @@
1
+ # .
2
+ # detect_infrastructure.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+ class Detect_infrastructure < Watobo::PassiveCheck
26
+ def initialize(project)
27
+ @project = project
28
+ super(project)
29
+
30
+ @info.update(
31
+ :check_name => 'Infrastructure Information', # name of check which briefly describes functionality, will be used for tree and progress views
32
+ :description => "Searching for information in response body which may reveal information about Plattform, CMS-Systems, Application Server, ...", # description of checkfunction
33
+ :author => "Andreas Schmidt", # author of check
34
+ :version => "0.9" # check version
35
+ )
36
+
37
+ @finding.update(
38
+ :threat => 'Information about the underlying infrastructure may help an attacker to perform specialized attacks.', # thread of vulnerability, e.g. loss of information
39
+ :class => "Infrastructure", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
40
+ :type => FINDING_TYPE_INFO # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
41
+ )
42
+
43
+ @pattern_list = []
44
+ @pattern_list << [ 'Server', Regexp.new('<address>(.*)Server at') ]
45
+ @pattern_list << [ 'eZPublish CMS', Regexp.new('title="(eZ Publish)')]
46
+ @pattern_list << [ 'Imperia CMS', Regexp.new('content=[^>]*(IMPERIA [\d\.]*)')]
47
+ @pattern_list << [ 'Typo3 CMS', Regexp.new('content=[^>]*(TYPO3 [\d\.]* CMS)')]
48
+ @pattern_list << [ 'Open Text CMS', Regexp.new('published by[^>]*(Open Text Web Solutions[\-\s\d\.]*)')]
49
+ #<meta name="generator" content="Sefrengo / www.sefrengo.org" >
50
+ #<meta name="author" content="CMS Sefrengo">
51
+ @pattern_list << [ 'Sefrengo CMS', Regexp.new('content=[^>]*(Sefrengo[\s\d\.]*)')]
52
+ @pattern_list << [ 'Tomcat', Regexp.new('(Apache Tomcat\/\d{1,4}\.\d{1,4}\.\d{1,4})') ]
53
+ @pattern_list << [ 'Microsoft-IIS', Regexp.new('<img src="welcome.png" alt="(IIS7)"')]
54
+ # When it’s a SharePoint 2010 site, you will get the result is like this: MicrosoftSharePointTeamServices: 14.0.0.6106
55
+ @pattern_list << [ 'SharePoint 2010', Regexp.new('MicrosoftSharePointTeamServices.*14.0.0.6106')]
56
+ # And in SharePoint 2007 site, the result is like this: MicrosoftSharePointTeamServices:12.0.0.4518
57
+ @pattern_list << [ 'SharePoint 2007', Regexp.new('MicrosoftSharePointTeamServices.*12.0.0.4518')]
58
+
59
+
60
+ #@pattern_list << 'sample code'
61
+
62
+ end
63
+
64
+ def do_test(chat)
65
+ begin
66
+ # puts "running module: #{Module.nesting[0].name}"
67
+ # puts "body" + chat.response.body.join
68
+ return if chat.response.nil? or chat.response.body.nil?
69
+ if chat.response.content_type =~ /text/ then
70
+
71
+ @pattern_list.each do |pat|
72
+
73
+ if chat.response.join =~ /(#{pat[1]})/i then
74
+ # puts "!!! MATCH !!!"
75
+ match = $1
76
+ addFinding(
77
+ :proof_pattern => "#{match}",
78
+ :chat => chat,
79
+ :title => "[#{pat[0]}] - #{match.slice(0..15)}"
80
+ )
81
+ break
82
+ end
83
+ end
84
+ end
85
+ rescue => bang
86
+ puts "ERROR!! #{Module.nesting[0].name}"
87
+ puts bang
88
+ if $DEBUG
89
+ puts bang.backtrace
90
+ puts chat.response.join
91
+ end
92
+ end
93
+ end
94
+ end
95
+
96
+ end
97
+ end
98
+ end