watobo 0.9.8.677

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (260) hide show
  1. data/bin/watobo_gui.rb +39 -0
  2. data/certificates/cert.pem +19 -0
  3. data/certificates/privkey.pem +15 -0
  4. data/certificates/watobo_dh.key +5 -0
  5. data/config/datastore.yml +5 -0
  6. data/config/forwarding_proxy.yml +12 -0
  7. data/config/general.yml +4 -0
  8. data/config/gui.yml +23 -0
  9. data/config/interceptor.yml +16 -0
  10. data/config/scan_policy.yml +13 -0
  11. data/config/scanner.yml +34 -0
  12. data/icons/Add.ico +0 -0
  13. data/icons/Add_24x24.ico +0 -0
  14. data/icons/Bandwidth.ico +0 -0
  15. data/icons/Bandwidth_24x24.ico +0 -0
  16. data/icons/Mr. Bomb.ico +0 -0
  17. data/icons/Mr. Bomb_16x16.ico +0 -0
  18. data/icons/Mr. Bomb_24x24.ico +0 -0
  19. data/icons/Orange Ball.ico +0 -0
  20. data/icons/Orange Ball_16x16.ico +0 -0
  21. data/icons/Orange Ball_24x24.ico +0 -0
  22. data/icons/Pause.ico +0 -0
  23. data/icons/Play.ico +0 -0
  24. data/icons/Play_24x24.ico +0 -0
  25. data/icons/Red Ball.ico +0 -0
  26. data/icons/Red Ball_16x16.ico +0 -0
  27. data/icons/Red Ball_24x24.ico +0 -0
  28. data/icons/Run.ico +0 -0
  29. data/icons/Stop.ico +0 -0
  30. data/icons/Stop_24x24.ico +0 -0
  31. data/icons/Terminal.ico +0 -0
  32. data/icons/Transfer.ico +0 -0
  33. data/icons/Transfer_16x16.ico +0 -0
  34. data/icons/User.ico +0 -0
  35. data/icons/User_16x16.ico +0 -0
  36. data/icons/User_24x24.ico +0 -0
  37. data/icons/Web Browser.ico +0 -0
  38. data/icons/Web Browser_16x16.ico +0 -0
  39. data/icons/Write Document.ico +0 -0
  40. data/icons/Yellow Ball.ico +0 -0
  41. data/icons/Yellow Ball_16x16.ico +0 -0
  42. data/icons/Yellow Ball_24x24.ico +0 -0
  43. data/icons/advanced.ico +0 -0
  44. data/icons/advanced_16x16.ico +0 -0
  45. data/icons/advanced_24x24.ico +0 -0
  46. data/icons/applications.ico +0 -0
  47. data/icons/applications_16x16.ico +0 -0
  48. data/icons/applications_24x24.ico +0 -0
  49. data/icons/browser_16x16.ico +0 -0
  50. data/icons/browser_24x24.ico +0 -0
  51. data/icons/burn.ico +0 -0
  52. data/icons/burn_16x16.ico +0 -0
  53. data/icons/burn_24x24.ico +0 -0
  54. data/icons/calculator.ico +0 -0
  55. data/icons/calculator_24x24.ico +0 -0
  56. data/icons/cb_checked.ico +0 -0
  57. data/icons/cb_checked_orange.ico +0 -0
  58. data/icons/cb_unchecked.ico +0 -0
  59. data/icons/coin_24x24.ico +0 -0
  60. data/icons/conversation.ico +0 -0
  61. data/icons/conversation_24x24.ico +0 -0
  62. data/icons/engine.ico +0 -0
  63. data/icons/filter.ico +0 -0
  64. data/icons/folder.ico +0 -0
  65. data/icons/folder_16x16.ico +0 -0
  66. data/icons/fuzzer_16x16.ico +0 -0
  67. data/icons/fuzzer_24x24.ico +0 -0
  68. data/icons/go-down_16x16.png +0 -0
  69. data/icons/go-up_16x16.png +0 -0
  70. data/icons/help.ico +0 -0
  71. data/icons/help_16x16.ico +0 -0
  72. data/icons/help_24x24.ico +0 -0
  73. data/icons/iChat.ico +0 -0
  74. data/icons/iChat_16x16.ico +0 -0
  75. data/icons/iChat_24x24.ico +0 -0
  76. data/icons/icons.txt +3 -0
  77. data/icons/info.ico +0 -0
  78. data/icons/info_16x16.ico +0 -0
  79. data/icons/info_24x24.ico +0 -0
  80. data/icons/interceptor_24x24.ico +0 -0
  81. data/icons/lock.ico +0 -0
  82. data/icons/lock_12x12.ico +0 -0
  83. data/icons/lock_16x16.ico +0 -0
  84. data/icons/monitor.ico +0 -0
  85. data/icons/plugin.ico +0 -0
  86. data/icons/plugin_24x24.ico +0 -0
  87. data/icons/scan_16x16.png +0 -0
  88. data/icons/send.ico +0 -0
  89. data/icons/server.ico +0 -0
  90. data/icons/server_16x16.ico +0 -0
  91. data/icons/siberas_logo_x24.gif +0 -0
  92. data/icons/tag_blue_32x32.ico +0 -0
  93. data/icons/watobo-48x48.png +0 -0
  94. data/icons/watobo-logo.png +0 -0
  95. data/icons/watobo.ico +0 -0
  96. data/lib/watobo/adapters/data_store.rb +38 -0
  97. data/lib/watobo/adapters/file/file_store.rb +211 -0
  98. data/lib/watobo/adapters/session_store.rb +27 -0
  99. data/lib/watobo/adapters.rb +26 -0
  100. data/lib/watobo/config.rb +143 -0
  101. data/lib/watobo/constants.rb +92 -0
  102. data/lib/watobo/core/active_check.rb +404 -0
  103. data/lib/watobo/core/cookie.rb +69 -0
  104. data/lib/watobo/core/fuzz_gen.rb +160 -0
  105. data/lib/watobo/core/http_socket.rb +142 -0
  106. data/lib/watobo/core/interceptor.rb +729 -0
  107. data/lib/watobo/core/passive_check.rb +141 -0
  108. data/lib/watobo/core/project.rb +1058 -0
  109. data/lib/watobo/core/scanner.rb +396 -0
  110. data/lib/watobo/core/session.rb +1320 -0
  111. data/lib/watobo/core/simple_ca.rb +393 -0
  112. data/lib/watobo/core.rb +34 -0
  113. data/lib/watobo/defaults.rb +40 -0
  114. data/lib/watobo/external/diff/lcs/array.rb +42 -0
  115. data/lib/watobo/external/diff/lcs/block.rb +72 -0
  116. data/lib/watobo/external/diff/lcs/callbacks.rb +343 -0
  117. data/lib/watobo/external/diff/lcs/change.rb +190 -0
  118. data/lib/watobo/external/diff/lcs/hunk.rb +279 -0
  119. data/lib/watobo/external/diff/lcs/ldiff.rb +247 -0
  120. data/lib/watobo/external/diff/lcs/string.rb +40 -0
  121. data/lib/watobo/external/diff/lcs.rb +1124 -0
  122. data/lib/watobo/external/ntlm/ntlm.rb +797 -0
  123. data/lib/watobo/externals.rb +28 -0
  124. data/lib/watobo/framework/create_project.rb +55 -0
  125. data/lib/watobo/framework/init.rb +149 -0
  126. data/lib/watobo/framework/init_modules.rb +116 -0
  127. data/lib/watobo/framework/license_text.rb +50 -0
  128. data/lib/watobo/framework.rb +26 -0
  129. data/lib/watobo/gui/about_watobo.rb +68 -0
  130. data/lib/watobo/gui/browser_preview.rb +460 -0
  131. data/lib/watobo/gui/certificate_dialog.rb +132 -0
  132. data/lib/watobo/gui/chat_diff.rb +415 -0
  133. data/lib/watobo/gui/chatviewer_frame.rb +427 -0
  134. data/lib/watobo/gui/checkboxtree.rb +221 -0
  135. data/lib/watobo/gui/checks_policy_frame.rb +123 -0
  136. data/lib/watobo/gui/client_cert_dialog.rb +227 -0
  137. data/lib/watobo/gui/confirm_scan_dialog.rb +67 -0
  138. data/lib/watobo/gui/conversation_table.rb +386 -0
  139. data/lib/watobo/gui/conversation_table_ctrl.rb +175 -0
  140. data/lib/watobo/gui/csrf_token_dialog.rb +446 -0
  141. data/lib/watobo/gui/dashboard.rb +341 -0
  142. data/lib/watobo/gui/define_scope_frame.rb +380 -0
  143. data/lib/watobo/gui/edit_comment.rb +70 -0
  144. data/lib/watobo/gui/edit_scope_dialog.rb +69 -0
  145. data/lib/watobo/gui/finding_info.rb +212 -0
  146. data/lib/watobo/gui/findings_tree.rb +459 -0
  147. data/lib/watobo/gui/full_scan_dialog.rb +269 -0
  148. data/lib/watobo/gui/fuzzer_gui.rb +1522 -0
  149. data/lib/watobo/gui/hex_viewer.rb +106 -0
  150. data/lib/watobo/gui/interceptor_gui.rb +994 -0
  151. data/lib/watobo/gui/interceptor_settings_dialog.rb +201 -0
  152. data/lib/watobo/gui/log_viewer.rb +97 -0
  153. data/lib/watobo/gui/login_wizzard.rb +301 -0
  154. data/lib/watobo/gui/main_window.rb +1815 -0
  155. data/lib/watobo/gui/manual_request_editor.rb +1105 -0
  156. data/lib/watobo/gui/master_pw_dialog.rb +142 -0
  157. data/lib/watobo/gui/password_policy_dialog.rb +98 -0
  158. data/lib/watobo/gui/plugin/base.rb +82 -0
  159. data/lib/watobo/gui/plugin_board.rb +95 -0
  160. data/lib/watobo/gui/preferences_dialog.rb +116 -0
  161. data/lib/watobo/gui/progress_window.rb +102 -0
  162. data/lib/watobo/gui/project_wizzard.rb +369 -0
  163. data/lib/watobo/gui/proxy_dialog.rb +550 -0
  164. data/lib/watobo/gui/quick_scan_dialog.rb +242 -0
  165. data/lib/watobo/gui/request_editor.rb +480 -0
  166. data/lib/watobo/gui/save_chat_dialog.rb +158 -0
  167. data/lib/watobo/gui/scanner_settings_dialog.rb +360 -0
  168. data/lib/watobo/gui/select_chat_dialog.rb +169 -0
  169. data/lib/watobo/gui/session_management_dialog.rb +688 -0
  170. data/lib/watobo/gui/sites_tree.rb +347 -0
  171. data/lib/watobo/gui/status_bar.rb +88 -0
  172. data/lib/watobo/gui/table_editor.rb +445 -0
  173. data/lib/watobo/gui/tagless_viewer.rb +62 -0
  174. data/lib/watobo/gui/templates/plugin.rb +80 -0
  175. data/lib/watobo/gui/templates/plugin2.rb +103 -0
  176. data/lib/watobo/gui/text_viewer.rb +247 -0
  177. data/lib/watobo/gui/transcoder_window.rb +215 -0
  178. data/lib/watobo/gui/utils/gui_utils.rb +129 -0
  179. data/lib/watobo/gui/utils/init_icons.rb +106 -0
  180. data/lib/watobo/gui/utils/load_icons.rb +54 -0
  181. data/lib/watobo/gui/utils/load_plugins.rb +94 -0
  182. data/lib/watobo/gui/utils/master_password.rb +90 -0
  183. data/lib/watobo/gui/utils/save_default_settings.rb +99 -0
  184. data/lib/watobo/gui/utils/save_project_settings.rb +21 -0
  185. data/lib/watobo/gui/utils/save_proxy_settings.rb +45 -0
  186. data/lib/watobo/gui/utils/save_session_settings.rb +21 -0
  187. data/lib/watobo/gui/utils/session_history.rb +134 -0
  188. data/lib/watobo/gui/workspace_dialog.rb +89 -0
  189. data/lib/watobo/gui/www_auth_dialog.rb +348 -0
  190. data/lib/watobo/gui/xml_viewer_frame.rb +114 -0
  191. data/lib/watobo/gui.rb +139 -0
  192. data/lib/watobo/mixins/httpparser.rb +664 -0
  193. data/lib/watobo/mixins/request_parser.rb +210 -0
  194. data/lib/watobo/mixins/shapers.rb +345 -0
  195. data/lib/watobo/mixins/transcoders.rb +88 -0
  196. data/lib/watobo/mixins.rb +32 -0
  197. data/lib/watobo/utils/check_regex.rb +36 -0
  198. data/lib/watobo/utils/copy_object.rb +29 -0
  199. data/lib/watobo/utils/crypto.rb +74 -0
  200. data/lib/watobo/utils/expand_range.rb +45 -0
  201. data/lib/watobo/utils/file_management.rb +73 -0
  202. data/lib/watobo/utils/load_chat.rb +219 -0
  203. data/lib/watobo/utils/load_icon.rb +47 -0
  204. data/lib/watobo/utils/print_debug.rb +34 -0
  205. data/lib/watobo/utils/response_hash.rb +143 -0
  206. data/lib/watobo/utils/secure_eval.rb +57 -0
  207. data/lib/watobo/utils/text2request.rb +96 -0
  208. data/lib/watobo/utils.rb +32 -0
  209. data/lib/watobo.rb +76 -0
  210. data/modules/active/Apache/mod_status.rb +123 -0
  211. data/modules/active/Flash/crossdomain.rb +102 -0
  212. data/modules/active/directories/dirwalker.rb +89 -0
  213. data/modules/active/discovery/fileextensions.rb +151 -0
  214. data/modules/active/discovery/http_methods.rb +135 -0
  215. data/modules/active/domino/domino_db.lst +164 -0
  216. data/modules/active/domino/domino_db.rb +128 -0
  217. data/modules/active/fileinclusion/lfi_simple.rb +134 -0
  218. data/modules/active/jboss/jboss_basic.rb +119 -0
  219. data/modules/active/sap/business_objects.rb +73 -0
  220. data/modules/active/sap/its_commands.rb +101 -0
  221. data/modules/active/sap/its_service_parameter.rb +105 -0
  222. data/modules/active/sap/its_services.rb +103 -0
  223. data/modules/active/sap/its_xss.rb +98 -0
  224. data/modules/active/sqlinjection/sql_boolean.rb +262 -0
  225. data/modules/active/sqlinjection/sqli_simple.rb +205 -0
  226. data/modules/active/xss/xss_simple.rb +179 -0
  227. data/modules/passive/cookie_options.rb +97 -0
  228. data/modules/passive/cookie_xss.rb +85 -0
  229. data/modules/passive/detect_code.rb +89 -0
  230. data/modules/passive/detect_fileupload.rb +80 -0
  231. data/modules/passive/detect_infrastructure.rb +98 -0
  232. data/modules/passive/detect_one_time_tokens.rb +86 -0
  233. data/modules/passive/dirindexing.rb +81 -0
  234. data/modules/passive/disclosure_emails.rb +82 -0
  235. data/modules/passive/disclosure_ipaddr.rb +87 -0
  236. data/modules/passive/filename_as_parameter.rb +85 -0
  237. data/modules/passive/form_spotter.rb +75 -0
  238. data/modules/passive/hotspots.rb +86 -0
  239. data/modules/passive/in_script_parameter.rb +92 -0
  240. data/modules/passive/multiple_server_headers.rb +98 -0
  241. data/modules/passive/possible_login.rb +134 -0
  242. data/modules/passive/redirect_url.rb +88 -0
  243. data/modules/passive/redirectionz.rb +96 -0
  244. data/modules/passive/xss_dom.rb +91 -0
  245. data/plugins/catalog/catalog.ico +0 -0
  246. data/plugins/catalog/catalog.rb +726 -0
  247. data/plugins/catalog/db_tests +6483 -0
  248. data/plugins/catalog/db_variables +29 -0
  249. data/plugins/filefinder/dbs/hbci.db +12 -0
  250. data/plugins/filefinder/filefinder.rb +602 -0
  251. data/plugins/sslchecker/cli/sslchecker_cli.rb +21 -0
  252. data/plugins/sslchecker/gui/cipher_table.rb +260 -0
  253. data/plugins/sslchecker/gui/gui.rb +245 -0
  254. data/plugins/sslchecker/gui/sslchecker.rb +26 -0
  255. data/plugins/sslchecker/icons/green_16x16.ico +0 -0
  256. data/plugins/sslchecker/icons/grey_16x16.ico +0 -0
  257. data/plugins/sslchecker/icons/red_16x16.ico +0 -0
  258. data/plugins/sslchecker/icons/sslchecker.ico +0 -0
  259. data/plugins/sslchecker/lib/check.rb +117 -0
  260. metadata +317 -0
@@ -0,0 +1,98 @@
1
+ # .
2
+ # multiple_server_headers.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+
26
+ class Multiple_server_headers < Watobo::PassiveCheck
27
+
28
+ def initialize(project)
29
+ @project = project
30
+ super(project)
31
+
32
+ @info.update(
33
+ :check_name => 'Collect Server Headers', # name of check which briefly describes functionality, will be used for tree and progress views
34
+ :description => "Identify Server Header Information, e.g. Apache 6.x ", # description of checkfunction
35
+ :author => "Andreas Schmidt", # author of check
36
+ :version => "0.9" # check version
37
+ )
38
+
39
+ @finding.update(
40
+ :threat => 'Information about the system maybe revealed', # thread of vulnerability, e.g. loss of information
41
+ :class => "Server Headers", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
42
+ :type => FINDING_TYPE_INFO # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
43
+ )
44
+
45
+ @server_list = []
46
+ end
47
+
48
+ def do_test(chat)
49
+ begin
50
+
51
+ chat.response.headers.each do |header|
52
+ if header =~ /^server: (.*)/i then
53
+ server_banner = $1.strip
54
+ #server_banner.gsub!(/^[ ]+/,"")
55
+
56
+ unless @server_list.include?(chat.request.site + server_banner)
57
+ #puts "found different server header"
58
+ @server_list.push chat.request.site + server_banner
59
+ # puts "[#{chat.id}]: #{server_banner}"
60
+ addFinding(
61
+ :proof_pattern => "Server: #{server_banner}",
62
+ :chat => chat,
63
+ :title => server_banner
64
+ )
65
+ end
66
+
67
+ end
68
+
69
+ if header =~ /X-Powered-By: (.*)/i then
70
+ match = $1.strip
71
+ unless @server_list.include?(chat.request.site + match)
72
+ #puts "found different server header"
73
+ @server_list.push chat.request.site + match
74
+ # puts "[#{chat.id}]: #{server_banner}"
75
+ addFinding(
76
+ :proof_pattern => "#{match}",
77
+ :chat => chat,
78
+ :title => "#{match}"
79
+ )
80
+ end
81
+
82
+ end
83
+
84
+ end
85
+
86
+ end
87
+ rescue => bang
88
+ puts "ERROR!! #{Module.nesting[0].name}"
89
+ puts bang
90
+ puts bang.backtrace if $DEBUG
91
+ puts chat.request.url
92
+ end
93
+ end
94
+
95
+
96
+ end
97
+ end
98
+ end
@@ -0,0 +1,134 @@
1
+ # .
2
+ # possible_login.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+
26
+
27
+ class Possible_login < Watobo::PassiveCheck
28
+
29
+
30
+ def initialize(project)
31
+ @project = project
32
+ super(project)
33
+
34
+ @info.update(
35
+ :check_name => 'Detect Logins', # name of check which briefly describes functionality, will be used for tree and progress views
36
+ :description => "Detect possible and also unencrypted logins.", # description of checkfunction
37
+ :author => "Andreas Schmidt", # author of check
38
+ :version => "0.9" # check version
39
+ )
40
+
41
+ @finding.update(
42
+ :threat => 'If login credentials are sent over an unencrypted channel, an attacker may eavesdrop these information.' # thread of vulnerability, e.g. loss of information
43
+
44
+ )
45
+
46
+ @check_name = "Detect Logins"
47
+ @description = "maybe usefull?"
48
+
49
+
50
+ @possible_login_patterns=%w[ (username) (password) (passwd) (pass) (uid) (userid) ]
51
+ end
52
+
53
+ def do_test(chat)
54
+ begin
55
+ # puts "running module: #{Module.nesting[0].name}"
56
+ all_parms = chat.request.post_parms
57
+ if all_parms
58
+ # puts all_parms
59
+ # resource = "/" + chat.request.resource
60
+ all_parms.each do |parm|
61
+ @possible_login_patterns.each do |pattern|
62
+ # puts "Testing pattern #{pattern} on postparms\r\n#{parm}"
63
+ if parm =~ /#{pattern}/i
64
+ match = $1
65
+
66
+ addFinding(
67
+ :class => "Logins", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
68
+ :type => FINDING_TYPE_HINT, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
69
+ :check_pattern => "#{parm}",
70
+ :chat => chat,
71
+ :title => "#{chat.request.path_ext}"
72
+ #:debug => true
73
+ )
74
+ # check for unecrypted transfer
75
+
76
+ if not chat.request.proto =~ /https/i
77
+ addFinding(
78
+ :class => "Unencrypted Logins", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
79
+ :type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
80
+ :check_pattern => "#{chat.request.proto}",
81
+ :chat => chat,
82
+ :rating => VULN_RATING_HIGH,
83
+ :title => "#{chat.request.path_ext}"
84
+ # :debug => true
85
+ )
86
+ end
87
+
88
+ # also check if session id has been redefined
89
+ puts "* check session managment"
90
+ old_cookies = chat.request.cookies.select do |rc|
91
+ cookie_old = true
92
+ chat.response.new_cookies do |nc|
93
+ if rc =~ /^#{nc.name}/
94
+ rc_name, rc_value = rc.split("=")
95
+ cookie_old = false unless rc_value == nc.value
96
+ end
97
+ puts ":#{rc} - #{nc.name} - #{cookie_old}"
98
+ end
99
+ puts ":#{rc} >> #{cookie_old}"
100
+ cookie_old
101
+ end
102
+ puts "old cookies (#{old_cookies.length})"
103
+ old_cookies.map do |c|
104
+ addFinding(
105
+ :class => "Session Managment", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
106
+ :type => FINDING_TYPE_VULN, # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
107
+ :check_pattern => "#{c}",
108
+ :chat => chat,
109
+ :rating => VULN_RATING_MEDIUM,
110
+ :title => "#{chat.request.path_ext}",
111
+ :threat => "Session Cookie has not been renewed after login. Session-Fixation attacks may be possible."
112
+ # :debug => true
113
+ )
114
+ end
115
+
116
+ return true
117
+ end
118
+
119
+
120
+ end
121
+
122
+ end
123
+ end
124
+ rescue => bang
125
+ puts "ERROR!! #{Module.nesting[0].name}"
126
+ puts bang
127
+ puts bang.backtrace if $DEBUG
128
+ end
129
+ end
130
+
131
+ end
132
+ end
133
+ end
134
+ end
@@ -0,0 +1,88 @@
1
+ # .
2
+ # redirect_url.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+
26
+
27
+ class Redirect_url < Watobo::PassiveCheck
28
+
29
+ def initialize(project)
30
+ @project = project
31
+ super(project)
32
+
33
+ @info.update(
34
+ :check_name => 'Detect Redirect Parameters', # name of check which briefly describes functionality, will be used for tree and progress views
35
+ :description => "Checks parameters for suspicious names like 'url' or 'goto'.", # description of checkfunction
36
+ :author => "Andreas Schmidt", # author of check
37
+ :version => "0.9" # check version
38
+ )
39
+
40
+ @finding.update(
41
+ :threat => 'Redirect functionalities can be exploited by an attacker redirect a user to an malicious site (Drive By Attacks).', # thread of vulnerability, e.g. loss of information
42
+ :class => "Redirect Parameters", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
43
+ :type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
44
+ )
45
+
46
+ @suspicious_names = ['url', 'extern', 'goto']
47
+ end
48
+
49
+ def do_test(chat)
50
+ begin
51
+ chat.request.get_parm_names.each do |parm|
52
+ @suspicious_names.each do |sn|
53
+ # puts "#{parm} : #{sn}"
54
+ if parm =~ /(#{sn})/i then
55
+
56
+ addFinding(
57
+ :check_pattern => "#{parm}=",
58
+ :proof_pattern =>"#{parm}=",
59
+ :chat => chat,
60
+ :title => parm
61
+ )
62
+ end
63
+ end
64
+ end
65
+
66
+ chat.request.post_parm_names.each do |parm|
67
+ @suspicious_names.each do |sn|
68
+ if parm =~ /(#{sn})/i then
69
+ addFinding(
70
+ :check_pattern => "#{parm}=",
71
+ :proof_pattern =>"#{parm}=",
72
+ :chat => chat,
73
+ :title => parm
74
+ )
75
+ end
76
+ end
77
+ end
78
+ rescue => bang
79
+ raise
80
+ puts "ERROR!! #{Module.nesting[0].name}"
81
+ puts bang
82
+ end
83
+ end
84
+
85
+ end
86
+ end
87
+ end
88
+ end
@@ -0,0 +1,96 @@
1
+ # .
2
+ # redirectionz.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ module Watobo
23
+ module Modules
24
+ module Passive
25
+
26
+
27
+ class Redirectionz < Watobo::PassiveCheck
28
+
29
+ def initialize(project)
30
+ @project = project
31
+ super(project)
32
+
33
+ @info.update(
34
+ :check_name => 'Redirections By Value', # name of check which briefly describes functionality, will be used for tree and progress views
35
+ :description => "Checks if parameter values are used in location header.", # description of checkfunction
36
+ :author => "Andreas Schmidt", # author of check
37
+ :version => "0.9" # check version
38
+ )
39
+
40
+ @finding.update(
41
+ :threat => 'Redirect functionalities can be exploited by an attacker redirect a user to an malicious site (Drive By Attacks).', # thread of vulnerability, e.g. loss of information
42
+ :class => "Redirect Parameters", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
43
+ :type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
44
+ )
45
+
46
+ end
47
+
48
+ def showError(chatid, message)
49
+ puts "!!! Error"
50
+ puts "Chat: [#{chatid}]"
51
+ puts message
52
+ end
53
+
54
+ def do_test(chat)
55
+ begin
56
+ chat.request.get_parm_names.each do |parm|
57
+ parm_value=Regexp.quote(chat.request.get_parm_value(parm))
58
+ if parm_value.length > 5 then # check for minimum parameter length (False Positive Reduction)
59
+ chat.response.headers.each do |header|
60
+ if header =~ /Location.*#{parm_value}.*/i then
61
+ addFinding(
62
+ :check_pattern => "#{parm_value}",
63
+ :proof_pattern => "#{parm_value}",
64
+ :chat=>chat,
65
+ :title => parm_value
66
+ )
67
+ end
68
+ end
69
+ end
70
+ #puts ""
71
+ chat.request.post_parm_names.each do |parm|
72
+ parm_value=chat.request.post_parm_value(parm)
73
+ if parm_value.length > 5 then # check for minimum parameter length (False Positive Reduction)
74
+ chat.response.headers.each do |header|
75
+ if header =~ /Location.*#{parm_value}.*/i then
76
+ addFinding(
77
+ :check_pattern => "#{parm_value}",
78
+ :proof_pattern => "#{parm_value}",
79
+ :chat=>chat,
80
+ :title => parm_value
81
+ )
82
+ end
83
+ end
84
+ end
85
+ end
86
+ end
87
+ rescue => bang
88
+ # raise
89
+ showError(chat.id, bang)
90
+ end
91
+ end
92
+
93
+ end
94
+ end
95
+ end
96
+ end
@@ -0,0 +1,91 @@
1
+ # .
2
+ # xss_dom.rb
3
+ #
4
+ # Copyright 2012 by siberas, http://www.siberas.de
5
+ #
6
+ # This file is part of WATOBO (Web Application Tool Box)
7
+ # http://watobo.sourceforge.com
8
+ #
9
+ # WATOBO is free software; you can redistribute it and/or modify
10
+ # it under the terms of the GNU General Public License as published by
11
+ # the Free Software Foundation version 2 of the License.
12
+ #
13
+ # WATOBO is distributed in the hope that it will be useful,
14
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
15
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
+ # GNU General Public License for more details.
17
+ #
18
+ # You should have received a copy of the GNU General Public License
19
+ # along with WATOBO; if not, write to the Free Software
20
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
+ # .
22
+ require 'cgi'
23
+
24
+ module Watobo
25
+ module Modules
26
+ module Passive
27
+
28
+
29
+ class Xss_dom < Watobo::PassiveCheck
30
+
31
+ def initialize(project)
32
+ @project = project
33
+ super(project)
34
+
35
+ @info.update(
36
+ :check_name => 'DOM XSS', # name of check which briefly describes functionality, will be used for tree and progress views
37
+ :description => "Checks for suspcious javascript functions which manipulate the Browsers DOM and may be misused for Cross-Site-Scripting-Attacks.", # description of checkfunction
38
+ :author => "Andreas Schmidt", # author of check
39
+ :version => "0.9" # check version
40
+ )
41
+
42
+ @finding.update(
43
+ :threat => 'Parameter value may be exploitable for XSS.', # thread of vulnerability, e.g. loss of information
44
+ :class => "DOM XSS", # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
45
+ :type => FINDING_TYPE_HINT # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN
46
+ )
47
+
48
+ @dom_functions = [ 'document\.write',
49
+ 'document\.body',
50
+ 'document\.location',
51
+ 'document\.execCommand',
52
+ 'document\.attachEvent',
53
+ 'eval\(',
54
+ 'window\.open',
55
+ 'window\.location',
56
+ 'document\.create']
57
+ end
58
+
59
+ def showError(chatid, message)
60
+ puts "!!! Error"
61
+ puts "Chat: [#{chatid}]"
62
+ puts message
63
+ end
64
+
65
+ def do_test(chat)
66
+ begin
67
+
68
+ return true unless chat.response.content_type =~ /(text|script)/
69
+
70
+ @dom_functions.each do |pattern|
71
+ if chat.response.body =~ /#{pattern}/i then
72
+
73
+ addFinding(
74
+ :check_pattern => "#{pattern}",
75
+ :proof_pattern => "#{pattern}",
76
+ :chat=>chat,
77
+ :title =>"[#{pattern}] - #{chat.request.path}"
78
+ )
79
+
80
+ end
81
+ end
82
+ rescue => bang
83
+ # raise
84
+ showError(chat.id, bang)
85
+ end
86
+ end
87
+
88
+ end
89
+ end
90
+ end
91
+ end
Binary file