watobo 0.9.8.677

data/modules/passive/multiple_server_headers.rb

@@ -0,0 +1,98 @@
+# .
+# multiple_server_headers.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Modules
+    module Passive
+      
+      class Multiple_server_headers < Watobo::PassiveCheck
+        
+        def initialize(project)
+          @project = project
+          super(project)
+          
+          @info.update(
+                       :check_name => 'Collect Server Headers',    # name of check which briefly describes functionality, will be used for tree and progress views
+          :description => "Identify Server Header Information, e.g. Apache 6.x ",   # description of checkfunction
+          :author => "Andreas Schmidt", # author of check
+          :version => "0.9"   # check version
+          )
+          
+          @finding.update(
+                          :threat => 'Information about the system maybe revealed',        # thread of vulnerability, e.g. loss of information
+          :class => "Server Headers",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+          :type => FINDING_TYPE_INFO         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+          )
+          
+          @server_list = []
+        end
+        
+        def do_test(chat)
+          begin
+            
+            chat.response.headers.each do |header|
+              if header =~ /^server: (.*)/i then
+                server_banner = $1.strip 
+                #server_banner.gsub!(/^[ ]+/,"")
+                
+                unless @server_list.include?(chat.request.site + server_banner)
+                  #puts "found different server header"
+                  @server_list.push chat.request.site + server_banner
+                  # puts "[#{chat.id}]: #{server_banner}"
+                  addFinding(
+                             :proof_pattern => "Server: #{server_banner}", 
+                  :chat => chat,
+                  :title => server_banner
+                  )
+                end
+                
+              end
+              
+              if header =~ /X-Powered-By: (.*)/i then
+                match = $1.strip               
+                unless @server_list.include?(chat.request.site + match)
+                  #puts "found different server header"
+                  @server_list.push chat.request.site + match
+                  # puts "[#{chat.id}]: #{server_banner}"
+                  addFinding(
+                             :proof_pattern => "#{match}", 
+                  :chat => chat,
+                  :title => "#{match}"
+                  )
+                end
+                
+              end
+              
+            end
+            
+          end
+        rescue => bang
+          puts "ERROR!! #{Module.nesting[0].name}"
+          puts bang
+          puts bang.backtrace if $DEBUG
+          puts chat.request.url
+        end
+      end
+      
+      
+    end
+  end
+end

data/modules/passive/possible_login.rb

@@ -0,0 +1,134 @@
+# .
+# possible_login.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Modules
+    module Passive
+      
+      
+      class Possible_login < Watobo::PassiveCheck
+        
+        
+        def initialize(project)
+          @project = project
+          super(project)
+          
+          @info.update(
+                       :check_name => 'Detect Logins',    # name of check which briefly describes functionality, will be used for tree and progress views
+          :description => "Detect possible and also unencrypted logins.",   # description of checkfunction
+          :author => "Andreas Schmidt", # author of check
+          :version => "0.9"   # check version
+          )
+          
+          @finding.update(
+                          :threat => 'If login credentials are sent over an unencrypted channel, an attacker may eavesdrop these information.'        # thread of vulnerability, e.g. loss of information
+          
+          )
+          
+          @check_name = "Detect Logins"
+          @description = "maybe usefull?"
+          
+          
+          @possible_login_patterns=%w[ (username) (password) (passwd) (pass) (uid) (userid) ]
+        end
+        
+        def do_test(chat)
+          begin
+            #  puts "running module: #{Module.nesting[0].name}"
+            all_parms = chat.request.post_parms
+            if all_parms
+              # puts all_parms
+            #  resource = "/" + chat.request.resource
+              all_parms.each do |parm|
+                @possible_login_patterns.each do |pattern|
+                  #  puts "Testing pattern #{pattern} on postparms\r\n#{parm}"
+                  if parm =~ /#{pattern}/i
+                    match = $1
+                    
+                    addFinding(
+                               :class => "Logins",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+                    :type => FINDING_TYPE_HINT,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+                    :check_pattern => "#{parm}", 
+                    :chat => chat,
+                    :title => "#{chat.request.path_ext}"
+                    #:debug => true
+                    )
+                    # check for unecrypted transfer
+                    
+                    if not chat.request.proto =~ /https/i
+                      addFinding(
+                                 :class => "Unencrypted Logins",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+                      :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+                      :check_pattern => "#{chat.request.proto}",
+                      :chat => chat,
+                      :rating => VULN_RATING_HIGH,
+                      :title => "#{chat.request.path_ext}"
+                     # :debug => true
+                      )
+                    end
+                    
+                    # also check if session id has been redefined
+                    puts "* check session managment"
+                    old_cookies = chat.request.cookies.select do |rc|
+                      cookie_old = true
+                      chat.response.new_cookies do |nc|
+                        if rc =~ /^#{nc.name}/
+                          rc_name, rc_value = rc.split("=") 
+                          cookie_old = false unless rc_value == nc.value
+                        end
+                         puts ":#{rc} - #{nc.name} - #{cookie_old}"                        
+                      end
+                      puts ":#{rc} >> #{cookie_old}"     
+                      cookie_old
+                    end
+                    puts "old cookies (#{old_cookies.length})"
+                    old_cookies.map do |c|
+                      addFinding(
+                                 :class => "Session Managment",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+                      :type => FINDING_TYPE_VULN,         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+                      :check_pattern => "#{c}",
+                      :chat => chat,
+                      :rating => VULN_RATING_MEDIUM,
+                      :title => "#{chat.request.path_ext}",
+                      :threat => "Session Cookie has not been renewed after login. Session-Fixation attacks may be possible."
+                     # :debug => true
+                      )
+                    end
+                    
+                    return true
+                  end
+                  
+                  
+                end
+                
+              end
+            end
+          rescue => bang
+            puts "ERROR!! #{Module.nesting[0].name}"
+            puts bang
+            puts bang.backtrace if $DEBUG
+          end
+        end
+        
+      end
+    end
+  end
+end

data/modules/passive/redirect_url.rb

@@ -0,0 +1,88 @@
+# .
+# redirect_url.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Modules
+    module Passive
+      
+      
+      class Redirect_url < Watobo::PassiveCheck
+        
+        def initialize(project)
+         @project = project
+          super(project)
+          
+          @info.update(
+                        :check_name => 'Detect Redirect Parameters',    # name of check which briefly describes functionality, will be used for tree and progress views
+          :description => "Checks parameters for suspicious names like 'url' or 'goto'.",   # description of checkfunction
+          :author => "Andreas Schmidt", # author of check
+          :version => "0.9"   # check version
+          )
+          
+          @finding.update(
+                          :threat => 'Redirect functionalities can be exploited by an attacker redirect a user to an malicious site (Drive By Attacks).',        # thread of vulnerability, e.g. loss of information
+          :class => "Redirect Parameters",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+          :type => FINDING_TYPE_HINT         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+          )
+          
+          @suspicious_names = ['url', 'extern', 'goto']
+        end
+        
+        def do_test(chat)
+          begin
+            chat.request.get_parm_names.each do |parm|
+              @suspicious_names.each do |sn|
+               # puts "#{parm} : #{sn}"
+                if parm =~ /(#{sn})/i  then
+                  
+                  addFinding(
+                              :check_pattern => "#{parm}=", 
+                              :proof_pattern =>"#{parm}=",
+                              :chat => chat,
+                              :title => parm  
+                              )
+                end
+              end
+            end
+            
+            chat.request.post_parm_names.each do |parm|              
+              @suspicious_names.each do |sn|
+                if parm =~ /(#{sn})/i  then
+                  addFinding(
+                              :check_pattern => "#{parm}=", 
+                              :proof_pattern =>"#{parm}=",
+                              :chat => chat,
+                              :title => parm
+                                          )
+                end
+              end
+            end       
+          rescue => bang
+            raise
+            puts "ERROR!! #{Module.nesting[0].name}"
+            puts bang
+          end
+        end
+        
+      end
+    end
+  end
+end

data/modules/passive/redirectionz.rb

@@ -0,0 +1,96 @@
+# .
+# redirectionz.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  module Modules
+    module Passive
+      
+      
+      class Redirectionz < Watobo::PassiveCheck
+        
+        def initialize(project)
+         @project = project
+          super(project)
+          
+          @info.update(
+                        :check_name => 'Redirections By Value',    # name of check which briefly describes functionality, will be used for tree and progress views
+          :description => "Checks if parameter values are used in location header.",   # description of checkfunction
+          :author => "Andreas Schmidt", # author of check
+          :version => "0.9"   # check version
+          )
+          
+          @finding.update(
+                          :threat => 'Redirect functionalities can be exploited by an attacker redirect a user to an malicious site (Drive By Attacks).',        # thread of vulnerability, e.g. loss of information
+          :class => "Redirect Parameters",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+          :type => FINDING_TYPE_HINT         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+          )
+         
+        end
+        
+        def showError(chatid, message)
+          puts "!!! Error"  
+          puts "Chat: [#{chatid}]"
+          puts message
+        end
+        
+        def do_test(chat)
+          begin
+            chat.request.get_parm_names.each do |parm|
+              parm_value=Regexp.quote(chat.request.get_parm_value(parm))
+              if parm_value.length > 5 then # check for minimum parameter length (False Positive Reduction)
+                chat.response.headers.each do |header|
+                  if header =~ /Location.*#{parm_value}.*/i then
+                    addFinding(
+                                :check_pattern => "#{parm_value}", 
+                                :proof_pattern => "#{parm_value}",
+                                :chat=>chat,
+                                            :title => parm_value
+                                )
+                  end
+                end
+              end
+              #puts ""
+              chat.request.post_parm_names.each do |parm|              
+                parm_value=chat.request.post_parm_value(parm)
+                if parm_value.length > 5 then # check for minimum parameter length (False Positive Reduction)
+                  chat.response.headers.each do |header|                
+                    if header =~ /Location.*#{parm_value}.*/i  then
+                      addFinding(
+                                :check_pattern => "#{parm_value}", 
+                                :proof_pattern => "#{parm_value}",
+                                :chat=>chat,
+                                            :title => parm_value
+                                )                  
+                    end
+                  end
+                end
+              end
+            end       
+          rescue => bang
+            # raise
+            showError(chat.id, bang)
+          end
+        end
+        
+      end
+    end
+  end
+end

data/modules/passive/xss_dom.rb

@@ -0,0 +1,91 @@
+# .
+# xss_dom.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+require 'cgi'
+
+module Watobo
+  module Modules
+    module Passive
+      
+      
+      class Xss_dom < Watobo::PassiveCheck
+        
+        def initialize(project)
+          @project = project
+          super(project)
+          
+          @info.update(
+                       :check_name => 'DOM XSS',    # name of check which briefly describes functionality, will be used for tree and progress views
+          :description => "Checks for suspcious javascript functions which manipulate the Browsers DOM and may be misused for Cross-Site-Scripting-Attacks.",   # description of checkfunction
+          :author => "Andreas Schmidt", # author of check
+          :version => "0.9"   # check version
+          )
+          
+          @finding.update(
+                          :threat => 'Parameter value may be exploitable for XSS.',        # thread of vulnerability, e.g. loss of information
+          :class => "DOM XSS",    # vulnerability class, e.g. Stored XSS, SQL-Injection, ...
+          :type => FINDING_TYPE_HINT         # FINDING_TYPE_HINT, FINDING_TYPE_INFO, FINDING_TYPE_VULN 
+          )
+          
+            @dom_functions = [ 'document\.write',
+                               'document\.body',
+                               'document\.location',
+                               'document\.execCommand',
+                               'document\.attachEvent',
+                               'eval\(',
+                               'window\.open',
+                               'window\.location',
+                               'document\.create']
+        end
+        
+        def showError(chatid, message)
+          puts "!!! Error"  
+          puts "Chat: [#{chatid}]"
+          puts message
+        end
+        
+        def do_test(chat)
+          begin
+
+            return true unless chat.response.content_type =~ /(text|script)/ 
+            
+            @dom_functions.each do |pattern|
+              if chat.response.body =~ /#{pattern}/i then
+               
+                addFinding(
+                           :check_pattern => "#{pattern}", 
+                :proof_pattern => "#{pattern}",
+                :chat=>chat,
+                :title =>"[#{pattern}] - #{chat.request.path}"              
+                )
+                
+              end
+            end
+          rescue => bang
+            # raise
+            showError(chat.id, bang)
+          end
+        end
+        
+      end
+    end
+  end
+end