watobo 0.9.19 → 0.9.20

data/CHANGELOG.md

@@ -1,3 +1,107 @@
+Version 0.9.20
+===
+
+News
+---
+
+**Export**
+
+ * added an XML export function available via File->Export
+ 
+**SitesTree**
+
+ * added findings to sites tree view
+
+**Platform**
+
+ * watobo is running under Ruby 2.0 (2.1 not tested yet)
+
+**ForwardingProxy**
+  
+  * introduced per-site proxying
+
+**ActiveChecks**
+
+ * added ShellShock module (Generic->ShellShock)
+ * added Apache MultiViews module
+
+**Interceptor**
+
+ * added TableEditor to request
+ 
+**TableEditor**
+
+ * added new menu item "to clipboard" which exports the table fields as a CSV (comma seperated values) to the clipboard
+ * column width does not change after refresh
+ 
+**SSL-Checker**
+ 
+ * optimized ssl checks - but keep in mihd number of checked ciphers depends on installed ruby version :/
+
+Fixes
+---
+
+** General **
+ 
+ * post parameter values containing equal signs ('=') will no longer be truncated
+ 
+**Transcoder**
+
+ * now LineFeeds will not be replaced in text-view
+
+**HexViewer**
+
+ * changed font type to courier
+ * fixed crash on invalid UTF-8 sequences
+ * now works in request viewer
+ * shows header & body
+ 
+**ChunkEncoding**
+
+ * fixed handling of chunk encoded data
+ 
+**NTLM**
+
+ * fixed ntlm authentication
+ 
+**Crawler**
+
+ * Fixed status bar infos
+ 
+**CatalogScanner**
+ 
+ * if match value contains 3 digits it will be treated as response code (reduces false positives)  
+  
+**CA**
+ 
+ * CA serial now starts with current time to avoid serial number conflicts after reinitializing CA
+ 
+**Modules**
+
+ * fixed cookie access in passive module 'possible_login'
+ * little fix in xxe module
+ * fixed proof pattern for hidden field detection in hidden_fields.rb
+ 
+**Conversation Table**
+
+ * fixed chat filter, now request and response can be filterd together
+ * new chats run through filter before they are added
+
+**GUI**
+
+ * fixed crash when selecting 'scope only' in sites-tree
+ * fixed transcoder, so all CRLF will be removed before Base64 decoding
+ 
+**Interceptor**
+ 
+ * now removes Expect-100-continue headers from client
+ 
+**General**
+
+ * added json support for table editor (only first level paramaters)
+ * fixed redirect mechanism, now also 301 and 308 codes are supported as well as absolut path locations
+ * now post-parameters with empty names will be handled correctly
+ 
 Version 0.9.19
 ===
 

data/bin/nfq_server.rb

@@ -1,25 +1,13 @@
 #!/usr/bin/ruby
-# .
+#.
 # nfq_server.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 require 'drb'
 require 'yaml'
 require 'openssl'

data/bin/watobo_gui.rb

@@ -1,25 +1,13 @@
 #!/usr/bin/ruby
-# .
+#.
 # watobo_gui.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 if $0 == __FILE__
   inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")) # this is the same as rubygems would do
   $: << inc_path

data/config/forwarding_proxy.yml

@@ -8,5 +8,5 @@ webscarab:
       :name: webscarab
       :port: "8008"
       :workstation: ""
-
-:default_proxy: ""  
+      :enabled: true
+      :target_pattern: "siberas.de"

data/lib/watobo.rb

@@ -1,25 +1,13 @@
 #!/usr/bin/ruby
-# .
+#.
 # watobo.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 #Encoding: UTF-8
 require 'rubygems'
 require 'yaml'
@@ -36,7 +24,9 @@ require 'base64'
 require 'cgi'
 require 'uri'
 require 'pathname'
-require 'net/ntlm'
+#require 'rubyntlm'
+#require 'net/ntlm'
+#require 'httpi'
 require 'drb'
 require 'nokogiri'
 require 'stringio'
@@ -62,7 +52,7 @@ dont_know_why_REQUIRE_hangs = Mechanize.new
 # @private 
 module Watobo#:nodoc: all #:nodoc: all
 
-  VERSION = "0.9.19"
+  VERSION = "0.9.20"
 
   def self.base_directory
     @base_directory ||= ""

data/lib/watobo/adapters.rb

@@ -1,26 +1,14 @@
-# .
+#.
 # adapters.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
-%w( data_store session_store ).each do |lib|
-  require "watobo/adapters/#{lib}"
-end
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
-require "watobo/adapters/file/file_store"
+%w( data_store session_store ).each do |lib|
+  require "watobo/adapters/#{lib}"
+end
+
+require "watobo/adapters/file/file_store"

data/lib/watobo/adapters/data_store.rb

@@ -1,73 +1,83 @@
-# .
+#.
 # data_store.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 # @private 
-module Watobo#:nodoc: all
-  class DataStore
-    
-    @engine = nil
-    
-    def self.engine
-      @engine
-    end  
-      
-    def self.connect(project_name, session_name)
-      a = Watobo::Conf::Datastore.adapter
-      store = case
-      when 'file'
-        FileSessionStore.new(project_name, session_name)
-      else
-        nil
-      end
-      @engine = store
-      store
-    end
-    
-    def self.method_missing(name, *args, &block)
-      super unless @engine.respond_to? name
-      @engine.send name, *args, &block
+module Watobo#:nodoc: all
+  class DataStore
+    
+    @engine = nil
+    
+    def self.engine
+      @engine
     end
     
-        
-  end
-  
-  def self.logs
-    return "" if DataStore.engine.nil?
-    DataStore.engine.logs
-  end
-  
-  def self.log(message, prefs={})
-    
-    text = message
-    if message.is_a? Array
-      text = message.join("\n| ")
-    end
-    
-    #clean up sender's name
-    if prefs.has_key? :sender
-      prefs[:sender].gsub!(/.*::/,'')
+    def self.projects(&block)
+      ps = []
+       Dir.glob("#{Watobo.workspace_path}/*").each do |p|
+         pname = File.basename(p)
+         yield pname if block_given?
+         ps << pname
+       end
+       ps
     end
     
-    if DataStore.engine.respond_to? :logger
-      DataStore.engine.logger message, prefs
-    end
-  end
+    def self.sessions(project_name, &block)
+      ss = []
+      project_name = project_name.to_s if project_name.is_a? Symbol
+      return ps unless File.exist? "#{Watobo.workspace_path}/#{project_name}"
+       Dir.glob("#{Watobo.workspace_path}/#{project_name}/*").each do |s|
+         sname = File.basename(s)
+         yield sname if block_given?
+         ss << sname
+       end
+       ss
+    end    
+      
+    def self.connect(project_name, session_name)
+      a = Watobo::Conf::Datastore.adapter
+      store = case
+      when 'file'
+        FileSessionStore.new(project_name, session_name)
+      else
+        nil
+      end
+      @engine = store
+      store
+    end
+    
+    def self.method_missing(name, *args, &block)
+      super unless @engine.respond_to? name
+      @engine.send name, *args, &block
+    end
+    
+        
+  end
+  
+  def self.logs
+    return "" if DataStore.engine.nil?
+    DataStore.engine.logs
+  end
+  
+  def self.log(message, prefs={})
+    
+    text = message
+    if message.is_a? Array
+      text = message.join("\n| ")
+    end
+    
+    #clean up sender's name
+    if prefs.has_key? :sender
+      prefs[:sender].gsub!(/.*::/,'')
+    end
+    
+    if DataStore.engine.respond_to? :logger
+      DataStore.engine.logger message, prefs
+    end
+  end
 end

data/lib/watobo/adapters/file/file_store.rb

@@ -1,314 +1,302 @@
-# .
+#.
 # file_store.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
-# @private 
-module Watobo#:nodoc: all
-  class FileSessionStore < SessionStore
-    def num_chats
-      get_file_list(@conversation_path, "*-chat*").length
-    end
-
-    def num_findings
-      get_file_list(@findings_path, "*-finding*").length
-    end
-
-    def add_finding(finding)
-      return false unless finding.respond_to? :request
-      return false unless finding.respond_to? :response
-
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
-      if not File.exists?(finding_file) then
-
-        finding_data = {
-          :request => finding.request.map{|x| x.inspect},
-          :response => finding.response.map{|x| x.inspect},
-          :details => Hash.new
-        }
-        finding_data[:details].update(finding.details)
-
-        fh = File.new(finding_file, "w+b")
-        fh.print YAML.dump(finding_data)
-      fh.close
-      return true
-      end
-      return false
-    end
-
-    def delete_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
-      File.delete finding_file if File.exist? finding_file
-      finding_file << ".yml"
-      File.delete finding_file if File.exist? finding_file
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
-    end
-
-    def update_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
-      finding_data = {
-        :request => finding.request.map{|x| x.inspect},
-        :response => finding.response.map{|x| x.inspect},
-        :details => Hash.new
-      }
-      finding_data[:details].update(finding.details)
-
-      if File.exists?(finding_file) then
-        fh = File.new(finding_file, "w+b")
-        fh.print YAML.dump(finding_data)
-      fh.close
-      end
-
-    end
-
-    # add_scan_log
-    # adds a chat to a specific log store, e.g. if you want to log scan results.
-    # needs a scan_name (STRING) as its destination which will be created
-    # if the scan name does not exist.
-    def add_scan_log(chat, scan_name = nil)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
+# @private 
+module Watobo#:nodoc: all
+  class FileSessionStore < SessionStore
+    def num_chats
+      get_file_list(@conversation_path, "*-chat*").length
+    end
+
+    def num_findings
+      get_file_list(@findings_path, "*-finding*").length
+    end
+
+    def add_finding(finding)
+      return false unless finding.respond_to? :request
+      return false unless finding.respond_to? :response
+
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
+      if not File.exists?(finding_file) then
+
+        finding_data = {
+          :request => finding.request.map{|x| x.inspect},
+          :response => finding.response.map{|x| x.inspect},
+          :details => Hash.new
+        }
+        finding_data[:details].update(finding.details)
+
+        fh = File.new(finding_file, "w+b")
+        fh.print YAML.dump(finding_data)
+      fh.close
+      return true
+      end
+      return false
+    end
+
+    def delete_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
+      File.delete finding_file if File.exist? finding_file
+      finding_file << ".yml"
+      File.delete finding_file if File.exist? finding_file
+
+    end
+
+    def update_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
+      finding_data = {
+        :request => finding.request.map{|x| x.inspect},
+        :response => finding.response.map{|x| x.inspect},
+        :details => Hash.new
+      }
+      finding_data[:details].update(finding.details)
+
+      if File.exists?(finding_file) then
+        fh = File.new(finding_file, "w+b")
+        fh.print YAML.dump(finding_data)
+      fh.close
+      end
+
+    end
+
+    # add_scan_log
+    # adds a chat to a specific log store, e.g. if you want to log scan results.
+    # needs a scan_name (STRING) as its destination which will be created
+    # if the scan name does not exist.
+    def add_scan_log(chat, scan_name = nil)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
       begin
-      
+      
         return false if scan_name.nil?
         return false if scan_name.empty?
         
-        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
-        # puts ">> scan_name"
-        path = File.join(@scanlog_path, scan_name_clean)
-
-        Dir.mkdir path unless File.exist? path
-
-        log_file = File.join( path, "log_" + Time.now.to_f.to_s + ".yml")
-
-        chat_data = {
-          :request => chat.request.map{|x| x.inspect},
-          :response => chat.response.map{|x| x.inspect},
-        }
-        # puts log_file
-        chat_data.update(chat.settings)
-        File.open(log_file, "w") { |fh|
-          YAML.dump(chat_data, fh)
-        }
-        return true
-      rescue => bang
-        puts bang
-        puts bang.backtrace if $DEBUG
-      end
-      return false
-    end
-
-    def add_chat(chat)
-      return false unless chat_valid? chat
-      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.yml")
-      chat_data = {
-        :request => chat.request.map{|x| x.inspect},
-        :response => chat.response.map{|x| x.inspect},
-      }
-
-      chat_data.update(chat.settings)
-      if not File.exists?(chat_file) then
-        File.open(chat_file, "w") { |fh|
-          YAML.dump(chat_data, fh)
-        }
-      chat.file = chat_file
-      return true
-      end
-      return false
-    end
-
-    def each_chat(&block)
-      get_file_list(@conversation_path, "*-chat*").each do |fname|
-        chat = Watobo::Utils.loadChatYAML(fname)
-        next unless chat
-        yield chat if block_given?
-      end
-    end
-
-    def each_finding(&block)
-      get_file_list(@findings_path, "*-finding*").each do |fname|
-        f = Watobo::Utils.loadFindingYAML(fname)
-        next unless f
-        yield f if block_given?
-      end
-    end
-
-    def initialize(project_name, session_name)
-
-      wsp = Watobo.workspace_path
-      return false unless File.exist? wsp
-      puts "* using workspace path: #{wsp}" if $DEBUG
-
-      @log_file = nil
-      @log_lock = Mutex.new
-
-      @project_path = File.join(wsp, project_name)
-      unless File.exist? @project_path
-        puts "* create project path: #{@project_path}" if $DEBUG
-        Dir.mkdir(@project_path)
-      end
-
-      @project_config_path = File.join(@project_path, ".config")
-      Dir.mkdir @project_config_path unless File.exist? @project_config_path
-
-      @session_path = File.join(@project_path, session_name)
-
-      unless File.exist? @session_path
-        puts "* create session path: #{@session_path}" if $DEBUG
-        Dir.mkdir(@session_path)
-      end
-
-      @session_config_path = File.join(@session_path, ".config")
-      Dir.mkdir @session_config_path unless File.exist? @session_config_path
-
-      sext = Watobo::Conf::General.session_settings_file_ext
-
-      @session_file = File.join(@session_path, session_name + sext)
-      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
-
-      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
-
-      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
-      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
-      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
-
-      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
-        if not File.exists?(folder) then
-          puts "create path #{folder}"
-          begin
-            Dir.mkdir(folder)
-          rescue SystemCallError => bang
-            puts "!!!ERROR:"
-            puts bang
-          rescue => bang
-            puts "!!!ERROR:"
-            puts bang
-          end
-        end
-      end
-
-      @log_file = File.join(@log_path, session_name + ".log")
-
-    #     @chat_files = get_file_list(@conversation_path, "*-chat")
-    #     @finding_files = get_file_list(@findings_path, "*-finding")
-    end
-
-    def save_session_settings(group, session_settings)
-      # puts ">> save_session_settings <<"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      session_file = File.join(@session_config_path, file)
-      # puts "Dest.File: #{session_file}"
-      #  puts session_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(session_file, session_settings)
-    end
-
-    def load_session_settings(group)
-      # puts ">> load_session_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      session_file = File.join(@session_config_path, file)
-      # puts "File: #{session_file}"
-      #  puts "---"
-
-      s = Watobo::Utils.load_settings(session_file)
-      s
-    end
-
-    def save_project_settings(group, project_settings)
-      # puts ">> save_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      project_file = File.join(@project_config_path, file)
-      # puts "Dest.File: #{project_file}"
-      # puts project_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(project_file, project_settings)
-
-    end
-
-    def load_project_settings(group)
-      # puts ">> load_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      project_file = File.join(@project_config_path, file)
-      # puts "File: #{project_file}"
-      # puts "---"
-
-      s = Watobo::Utils.load_settings(project_file)
-      s
-
-    end
-
-    def logs
-      l = ''
-      @log_lock.synchronize do
-        l = File.open(@log_file).read
-      end
-      l
-    end
-
-    def logger( message, prefs = {} )
-      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
-      opts.update prefs
-      return false if @log_file.nil?
-      begin
-        t = Time.now
-        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
-        log_message = [ now ]
-        log_message << "#{opts[:sender]}"
-        if message.is_a? Array
-          log_message << message.join("\n| ")
-          log_message << "\n-"
-        else
-        log_message << message
-        end
-        @log_lock.synchronize do
-          File.open(@log_file,"a") do |lfh|
-            lfh.puts log_message.join("|")
-          end
-        end
-      rescue => bang
-        puts bang
-      end
-
-    end
-
-    private
-
-    def chat_valid?(chat)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
-      true
-    end
-
-    def get_file_list(path, pattern)
-      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
-      #puts fl.length
-      fl
-    end
-
-  end
-
+        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
+        # puts ">> scan_name"
+        path = File.join(@scanlog_path, scan_name_clean)
+
+        Dir.mkdir path unless File.exist? path
+
+        log_file = File.join( path, "log_" + Time.now.to_f.to_s + ".yml")
+
+        chat_data = {
+          :request => chat.request.map{|x| x.inspect},
+          :response => chat.response.map{|x| x.inspect},
+        }
+        # puts log_file
+        chat_data.update(chat.settings)
+        File.open(log_file, "w") { |fh|
+          YAML.dump(chat_data, fh)
+        }
+        return true
+      rescue => bang
+        puts bang
+        puts bang.backtrace if $DEBUG
+      end
+      return false
+    end
+
+    def add_chat(chat)
+      return false unless chat_valid? chat
+      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.yml")
+      chat_data = {
+        :request => chat.request.map{|x| x.inspect},
+        :response => chat.response.map{|x| x.inspect},
+      }
+
+      chat_data.update(chat.settings)
+      if not File.exists?(chat_file) then
+        File.open(chat_file, "w") { |fh|
+          YAML.dump(chat_data, fh)
+        }
+      chat.file = chat_file
+      return true
+      end
+      return false
+    end
+
+    def each_chat(&block)
+      get_file_list(@conversation_path, "*-chat*").each do |fname|
+        chat = Watobo::Utils.loadChatYAML(fname)
+        next unless chat
+        yield chat if block_given?
+      end
+    end
+
+    def each_finding(&block)
+      get_file_list(@findings_path, "*-finding*").each do |fname|
+        f = Watobo::Utils.loadFindingYAML(fname)
+        next unless f
+        yield f if block_given?
+      end
+    end
+
+    def initialize(project_name, session_name)
+
+      wsp = Watobo.workspace_path
+      return false unless File.exist? wsp
+      puts "* using workspace path: #{wsp}" if $DEBUG
+
+      @log_file = nil
+      @log_lock = Mutex.new
+
+      @project_path = File.join(wsp, project_name)
+      unless File.exist? @project_path
+        puts "* create project path: #{@project_path}" if $DEBUG
+        Dir.mkdir(@project_path)
+      end
+
+      @project_config_path = File.join(@project_path, ".config")
+      Dir.mkdir @project_config_path unless File.exist? @project_config_path
+
+      @session_path = File.join(@project_path, session_name)
+
+      unless File.exist? @session_path
+        puts "* create session path: #{@session_path}" if $DEBUG
+        Dir.mkdir(@session_path)
+      end
+
+      @session_config_path = File.join(@session_path, ".config")
+      Dir.mkdir @session_config_path unless File.exist? @session_config_path
+
+      sext = Watobo::Conf::General.session_settings_file_ext
+
+      @session_file = File.join(@session_path, session_name + sext)
+      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
+
+      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
+
+      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
+      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
+      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
+
+      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
+        if not File.exists?(folder) then
+          puts "create path #{folder}"
+          begin
+            Dir.mkdir(folder)
+          rescue SystemCallError => bang
+            puts "!!!ERROR:"
+            puts bang
+          rescue => bang
+            puts "!!!ERROR:"
+            puts bang
+          end
+        end
+      end
+
+      @log_file = File.join(@log_path, session_name + ".log")
+
+    #     @chat_files = get_file_list(@conversation_path, "*-chat")
+    #     @finding_files = get_file_list(@findings_path, "*-finding")
+    end
+
+    def save_session_settings(group, session_settings)
+      # puts ">> save_session_settings <<"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      session_file = File.join(@session_config_path, file)
+      # puts "Dest.File: #{session_file}"
+      #  puts session_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(session_file, session_settings)
+    end
+
+    def load_session_settings(group)
+      # puts ">> load_session_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      session_file = File.join(@session_config_path, file)
+      # puts "File: #{session_file}"
+      #  puts "---"
+
+      s = Watobo::Utils.load_settings(session_file)
+      s
+    end
+
+    def save_project_settings(group, project_settings)
+      # puts ">> save_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      project_file = File.join(@project_config_path, file)
+      # puts "Dest.File: #{project_file}"
+      # puts project_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(project_file, project_settings)
+
+    end
+
+    def load_project_settings(group)
+      # puts ">> load_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      project_file = File.join(@project_config_path, file)
+      # puts "File: #{project_file}"
+      # puts "---"
+
+      s = Watobo::Utils.load_settings(project_file)
+      s
+
+    end
+
+    def logs
+      l = ''
+      @log_lock.synchronize do
+        l = File.open(@log_file).read
+      end
+      l
+    end
+
+    def logger( message, prefs = {} )
+      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
+      opts.update prefs
+      return false if @log_file.nil?
+      begin
+        t = Time.now
+        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
+        log_message = [ now ]
+        log_message << "#{opts[:sender]}"
+        if message.is_a? Array
+          log_message << message.join("\n| ")
+          log_message << "\n-"
+        else
+        log_message << message
+        end
+        @log_lock.synchronize do
+          File.open(@log_file,"a") do |lfh|
+            lfh.puts log_message.join("|")
+          end
+        end
+      rescue => bang
+        puts bang
+      end
+
+    end
+
+    private
+
+    def chat_valid?(chat)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
+      true
+    end
+
+    def get_file_list(path, pattern)
+      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
+      #puts fl.length
+      fl
+    end
+
+  end
+
 end