watobo 0.9.21 → 0.9.23

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e79414053ae38bea886b65d60a350e8ac62258d8
+  data.tar.gz: 437d2cc8cd2bba344f17d8099e618366385842eb
+SHA512:
+  metadata.gz: 43e8ed6af9219845fd1c1a1da5f37be56e845c408e699054a5b45db5afa48352b660d0e9023ed70252d956331811184a1cd1c297cd7dc58320153d424aba46d6
+  data.tar.gz: 93bd513d65ab88646cf9801c094dde4fc2fe84ce488f3306d2414ec05f2566daf9d1e2bce7e5052da11fd4a835946211803e70e3ba4b558306e1a8b4b4b8591b

data/CHANGELOG.md

@@ -1,3 +1,48 @@
+#Version 0.9.22
+
+## News
+
+**ManualRequestEditor**
+
+* added dynamic egress handler support. Useful for more complex request transformations, e.g. if you need a http header with a hmac which is based on the request body   
+
+**SSL-Checker**
+
+* the results can now be saved
+* bad ciphers will be added to findings
+ 
+##Fixes
+
+**Proxy**
+
+* fixed duplicated serial numbers in fake certificates
+
+**WShell**
+
+* fixed a bug which prevented work on linux boxes
+* switched command execution to thread via runOnUiThread
+
+**Client-Certificates**
+
+* settings will be saved and reloaded on project start
+
+**Transparent Proxy**
+
+* crash fixed
+
+**SQLMap Plugin**
+
+* fixed load_config error
+
+**General**
+
+* fixed old yaml style file format after editing comments
+
+**Contributions**
+* Work around error 'FXComposeContext: illegal window parameter' (by Lars Kanis)
+* Use runOnUiThread for GUI activity while loading plugins in a thread (by Lars Kanis)
+
+
 Version 0.9.21
 ===
 
@@ -15,7 +60,7 @@ News
  
 **Plugins**
 
-* added Adobe Experience Manager Enumeration, crawles the site by using information of AEM/CQ5 json-Extensions
+* added Adobe Experience Manager Enumeration, crawls the site by using information of AEM/CQ5 json-Extensions
 
 **Fuzzer**
 

data/bin/nfq_server.rb

@@ -1,13 +1,4 @@
 #!/usr/bin/ruby
-#.
-# nfq_server.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 require 'drb'
 require 'yaml'
 require 'openssl'

data/bin/watobo_gui.rb

@@ -1,16 +1,7 @@
 #!/usr/bin/ruby
-#.
-# watobo_gui.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 if $0 == __FILE__
   inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")) # this is the same as rubygems would do
-  $: << inc_path
+$: << inc_path
 end
 
 puts "#############################################################"
@@ -22,10 +13,9 @@ puts
 puts "#############################################################"
 
 require 'watobo'
+require 'watobo/gui'
 
-Watobo.print_summary
+puts Watobo::Gui.info
 
 puts ">> Starting GUI ..."
-require 'watobo/gui'
-
 Watobo::Gui.start

data/custom-views/prettify-json.rb

@@ -1,19 +1,10 @@
-#.
-# prettify-json.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
-lambda{|response|
-  begin
-    jb = JSON.parse(response.body.to_s)
-    out = JSON.pretty_generate jb
-  rescue => bang
-    out = "Could prettify response :(\n\n"
-    out << bang.to_s
-  end
-  out  
+lambda{|response|
+  begin
+    jb = JSON.parse(response.body.to_s)
+    out = JSON.pretty_generate jb
+  rescue => bang
+    out = "Could prettify response :(\n\n"
+    out << bang.to_s
+  end
+  out
 }

data/lib/watobo.rb

@@ -1,15 +1,13 @@
 #!/usr/bin/ruby
-#.
-# watobo.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 #Encoding: UTF-8
 require 'rubygems'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts "You will need bundler to run watobo!"
+  puts "please run\n gem install bundler\n bundle install\n"
+  exit
+end
 require 'yaml'
 require 'json'
 require 'thread'
@@ -31,6 +29,7 @@ require 'drb'
 require 'nokogiri'
 require 'stringio'
 require 'mechanize'
+require 'jwt'
 
 require 'watobo/constants'
 require 'watobo/utils'
@@ -52,7 +51,7 @@ dont_know_why_REQUIRE_hangs = Mechanize.new
 # @private 
 module Watobo#:nodoc: all #:nodoc: all
 
-  VERSION = "0.9.21"
+  VERSION = "0.9.23"
 
   def self.base_directory
     @base_directory ||= ""
@@ -78,15 +77,7 @@ module Watobo#:nodoc: all #:nodoc: all
     Watobo::VERSION
   end
   
-  def self.print_summary
-    puts "--- Info ---"
-    puts "Version: " + version
-    puts "Working Directory: " + Watobo.working_directory
-    puts "Active Checks Location: " + Watobo.active_module_path
-    puts "Passive Checks Location: " + Watobo.passive_module_path
-    puts "---"
-    puts
-  end
+  
 end
 
 Watobo.init_framework

data/lib/watobo/adapters.rb

@@ -1,15 +1,6 @@
-#.
-# adapters.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+%w( data_store session_store ).each do |lib|
+  require "watobo/adapters/#{lib}"
+end
 
-%w( data_store session_store ).each do |lib|
-  require "watobo/adapters/#{lib}"
-end
-
-#require "watobo/adapters/file/file_store"
-require "watobo/adapters/file/marshal_store"
+#require "watobo/adapters/file/file_store"
+require "watobo/adapters/file/marshal_store"

data/lib/watobo/adapters/data_store.rb

@@ -1,20 +1,11 @@
-#.
-# data_store.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  class DataStore
-    
-    @engine = nil
-    
-    def self.engine
-      @engine
+module Watobo#:nodoc: all
+  class DataStore
+    
+    @engine = nil
+    
+    def self.engine
+      @engine
     end
     
     def self.projects(&block)
@@ -37,47 +28,47 @@ module Watobo#:nodoc: all
          ss << sname
        end
        ss
-    end    
-      
-    def self.connect(project_name, session_name)
-      a = Watobo::Conf::Datastore.adapter
-      store = case
-      when 'file'
-        FileSessionStore.new(project_name, session_name)
-      else
-        nil
-      end
-      @engine = store
-      store
-    end
-    
-    def self.method_missing(name, *args, &block)
-      super unless @engine.respond_to? name
-      @engine.send name, *args, &block
-    end
-    
-        
-  end
-  
-  def self.logs
-    return "" if DataStore.engine.nil?
-    DataStore.engine.logs
-  end
-  
-  def self.log(message, prefs={})
-    
-    text = message
-    if message.is_a? Array
-      text = message.join("\n| ")
-    end
-    
-    #clean up sender's name
-    if prefs.has_key? :sender
-      prefs[:sender].gsub!(/.*::/,'')
-    end
-    
-    if DataStore.engine.respond_to? :logger
-      DataStore.engine.logger message, prefs
-    end
-  end
+    end    
+      
+    def self.connect(project_name, session_name)
+      a = Watobo::Conf::Datastore.adapter
+      store = case
+      when 'file'
+        FileSessionStore.new(project_name, session_name)
+      else
+        nil
+      end
+      @engine = store
+      store
+    end
+    
+    def self.method_missing(name, *args, &block)
+      super unless @engine.respond_to? name
+      @engine.send name, *args, &block
+    end
+    
+        
+  end
+  
+  def self.logs
+    return "" if DataStore.engine.nil?
+    DataStore.engine.logs
+  end
+  
+  def self.log(message, prefs={})
+    
+    text = message
+    if message.is_a? Array
+      text = message.join("\n| ")
+    end
+    
+    #clean up sender's name
+    if prefs.has_key? :sender
+      prefs[:sender].gsub!(/.*::/,'')
+    end
+    
+    if DataStore.engine.respond_to? :logger
+      DataStore.engine.logger message, prefs
+    end
+  end
 end

data/lib/watobo/adapters/file/file_store.rb

@@ -1,302 +1,293 @@
-#.
-# file_store.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  class FileSessionStore < SessionStore
-    def num_chats
-      get_file_list(@conversation_path, "*-chat*").length
-    end
-
-    def num_findings
-      get_file_list(@findings_path, "*-finding*").length
-    end
-
-    def add_finding(finding)
-      return false unless finding.respond_to? :request
-      return false unless finding.respond_to? :response
-
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
-      if not File.exists?(finding_file) then
-
-        finding_data = {
-          :request => finding.request.map{|x| x.inspect},
-          :response => finding.response.map{|x| x.inspect},
-          :details => Hash.new
-        }
-        finding_data[:details].update(finding.details)
-
-        fh = File.new(finding_file, "w+b")
-        fh.print YAML.dump(finding_data)
-      fh.close
-      return true
-      end
-      return false
-    end
-
-    def delete_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
-      File.delete finding_file if File.exist? finding_file
-      finding_file << ".yml"
-      File.delete finding_file if File.exist? finding_file
-
-    end
-
-    def update_finding(finding)
-      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
-      finding_data = {
-        :request => finding.request.map{|x| x.inspect},
-        :response => finding.response.map{|x| x.inspect},
-        :details => Hash.new
-      }
-      finding_data[:details].update(finding.details)
-
-      if File.exists?(finding_file) then
-        fh = File.new(finding_file, "w+b")
-        fh.print YAML.dump(finding_data)
-      fh.close
-      end
-
-    end
-
-    # add_scan_log
-    # adds a chat to a specific log store, e.g. if you want to log scan results.
-    # needs a scan_name (STRING) as its destination which will be created
-    # if the scan name does not exist.
-    def add_scan_log(chat, scan_name = nil)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
+module Watobo#:nodoc: all
+  class FileSessionStore < SessionStore
+    def num_chats
+      get_file_list(@conversation_path, "*-chat*").length
+    end
+
+    def num_findings
+      get_file_list(@findings_path, "*-finding*").length
+    end
+
+    def add_finding(finding)
+      return false unless finding.respond_to? :request
+      return false unless finding.respond_to? :response
+
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
+      if not File.exists?(finding_file) then
+
+        finding_data = {
+          :request => finding.request.map{|x| x.inspect},
+          :response => finding.response.map{|x| x.inspect},
+          :details => Hash.new
+        }
+        finding_data[:details].update(finding.details)
+
+        fh = File.new(finding_file, "w+b")
+        fh.print YAML.dump(finding_data)
+      fh.close
+      return true
+      end
+      return false
+    end
+
+    def delete_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding")
+      File.delete finding_file if File.exist? finding_file
+      finding_file << ".yml"
+      File.delete finding_file if File.exist? finding_file
+
+    end
+
+    def update_finding(finding)
+      finding_file = File.join("#{@findings_path}", "#{finding.id}-finding.yml")
+      finding_data = {
+        :request => finding.request.map{|x| x.inspect},
+        :response => finding.response.map{|x| x.inspect},
+        :details => Hash.new
+      }
+      finding_data[:details].update(finding.details)
+
+      if File.exists?(finding_file) then
+        fh = File.new(finding_file, "w+b")
+        fh.print YAML.dump(finding_data)
+      fh.close
+      end
+
+    end
+
+    # add_scan_log
+    # adds a chat to a specific log store, e.g. if you want to log scan results.
+    # needs a scan_name (STRING) as its destination which will be created
+    # if the scan name does not exist.
+    def add_scan_log(chat, scan_name = nil)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
       begin
-      
+      
         return false if scan_name.nil?
         return false if scan_name.empty?
         
-        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
-        # puts ">> scan_name"
-        path = File.join(@scanlog_path, scan_name_clean)
-
-        Dir.mkdir path unless File.exist? path
-
-        log_file = File.join( path, "log_" + Time.now.to_f.to_s + ".yml")
-
-        chat_data = {
-          :request => chat.request.map{|x| x.inspect},
-          :response => chat.response.map{|x| x.inspect},
-        }
-        # puts log_file
-        chat_data.update(chat.settings)
-        File.open(log_file, "w") { |fh|
-          YAML.dump(chat_data, fh)
-        }
-        return true
-      rescue => bang
-        puts bang
-        puts bang.backtrace if $DEBUG
-      end
-      return false
-    end
-
-    def add_chat(chat)
-      return false unless chat_valid? chat
-      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.yml")
-      chat_data = {
-        :request => chat.request.map{|x| x.inspect},
-        :response => chat.response.map{|x| x.inspect},
-      }
-
-      chat_data.update(chat.settings)
-      if not File.exists?(chat_file) then
-        File.open(chat_file, "w") { |fh|
-          YAML.dump(chat_data, fh)
-        }
-      chat.file = chat_file
-      return true
-      end
-      return false
-    end
-
-    def each_chat(&block)
-      get_file_list(@conversation_path, "*-chat*").each do |fname|
-        chat = Watobo::Utils.loadChatYAML(fname)
-        next unless chat
-        yield chat if block_given?
-      end
-    end
-
-    def each_finding(&block)
-      get_file_list(@findings_path, "*-finding*").each do |fname|
-        f = Watobo::Utils.loadFindingYAML(fname)
-        next unless f
-        yield f if block_given?
-      end
-    end
-
-    def initialize(project_name, session_name)
-
-      wsp = Watobo.workspace_path
-      return false unless File.exist? wsp
-      puts "* using workspace path: #{wsp}" if $DEBUG
-
-      @log_file = nil
-      @log_lock = Mutex.new
-
-      @project_path = File.join(wsp, project_name)
-      unless File.exist? @project_path
-        puts "* create project path: #{@project_path}" if $DEBUG
-        Dir.mkdir(@project_path)
-      end
-
-      @project_config_path = File.join(@project_path, ".config")
-      Dir.mkdir @project_config_path unless File.exist? @project_config_path
-
-      @session_path = File.join(@project_path, session_name)
-
-      unless File.exist? @session_path
-        puts "* create session path: #{@session_path}" if $DEBUG
-        Dir.mkdir(@session_path)
-      end
-
-      @session_config_path = File.join(@session_path, ".config")
-      Dir.mkdir @session_config_path unless File.exist? @session_config_path
-
-      sext = Watobo::Conf::General.session_settings_file_ext
-
-      @session_file = File.join(@session_path, session_name + sext)
-      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
-
-      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
-
-      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
-      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
-      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
-
-      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
-        if not File.exists?(folder) then
-          puts "create path #{folder}"
-          begin
-            Dir.mkdir(folder)
-          rescue SystemCallError => bang
-            puts "!!!ERROR:"
-            puts bang
-          rescue => bang
-            puts "!!!ERROR:"
-            puts bang
-          end
-        end
-      end
-
-      @log_file = File.join(@log_path, session_name + ".log")
-
-    #     @chat_files = get_file_list(@conversation_path, "*-chat")
-    #     @finding_files = get_file_list(@findings_path, "*-finding")
-    end
-
-    def save_session_settings(group, session_settings)
-      # puts ">> save_session_settings <<"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      session_file = File.join(@session_config_path, file)
-      # puts "Dest.File: #{session_file}"
-      #  puts session_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(session_file, session_settings)
-    end
-
-    def load_session_settings(group)
-      # puts ">> load_session_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      session_file = File.join(@session_config_path, file)
-      # puts "File: #{session_file}"
-      #  puts "---"
-
-      s = Watobo::Utils.load_settings(session_file)
-      s
-    end
-
-    def save_project_settings(group, project_settings)
-      # puts ">> save_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      project_file = File.join(@project_config_path, file)
-      # puts "Dest.File: #{project_file}"
-      # puts project_settings.to_yaml
-      # puts "---"
-      Watobo::Utils.save_settings(project_file, project_settings)
-
-    end
-
-    def load_project_settings(group)
-      # puts ">> load_project_settings : #{group}"
-      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
-      file << ".yml"
-
-      project_file = File.join(@project_config_path, file)
-      # puts "File: #{project_file}"
-      # puts "---"
-
-      s = Watobo::Utils.load_settings(project_file)
-      s
-
-    end
-
-    def logs
-      l = ''
-      @log_lock.synchronize do
-        l = File.open(@log_file).read
-      end
-      l
-    end
-
-    def logger( message, prefs = {} )
-      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
-      opts.update prefs
-      return false if @log_file.nil?
-      begin
-        t = Time.now
-        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
-        log_message = [ now ]
-        log_message << "#{opts[:sender]}"
-        if message.is_a? Array
-          log_message << message.join("\n| ")
-          log_message << "\n-"
-        else
-        log_message << message
-        end
-        @log_lock.synchronize do
-          File.open(@log_file,"a") do |lfh|
-            lfh.puts log_message.join("|")
-          end
-        end
-      rescue => bang
-        puts bang
-      end
-
-    end
-
-    private
-
-    def chat_valid?(chat)
-      return false unless chat.respond_to? :request
-      return false unless chat.respond_to? :response
-      true
-    end
-
-    def get_file_list(path, pattern)
-      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
-      #puts fl.length
-      fl
-    end
-
-  end
-
+        scan_name_clean = scan_name.gsub(/[:\\\/\.]*/,"_")
+        # puts ">> scan_name"
+        path = File.join(@scanlog_path, scan_name_clean)
+
+        Dir.mkdir path unless File.exist? path
+
+        log_file = File.join( path, "log_" + Time.now.to_f.to_s + ".yml")
+
+        chat_data = {
+          :request => chat.request.map{|x| x.inspect},
+          :response => chat.response.map{|x| x.inspect},
+        }
+        # puts log_file
+        chat_data.update(chat.settings)
+        File.open(log_file, "w") { |fh|
+          YAML.dump(chat_data, fh)
+        }
+        return true
+      rescue => bang
+        puts bang
+        puts bang.backtrace if $DEBUG
+      end
+      return false
+    end
+
+    def add_chat(chat)
+      return false unless chat_valid? chat
+      chat_file = File.join("#{@conversation_path}", "#{chat.id}-chat.yml")
+      chat_data = {
+        :request => chat.request.map{|x| x.inspect},
+        :response => chat.response.map{|x| x.inspect},
+      }
+
+      chat_data.update(chat.settings)
+      if not File.exists?(chat_file) then
+        File.open(chat_file, "w") { |fh|
+          YAML.dump(chat_data, fh)
+        }
+      chat.file = chat_file
+      return true
+      end
+      return false
+    end
+
+    def each_chat(&block)
+      get_file_list(@conversation_path, "*-chat*").each do |fname|
+        chat = Watobo::Utils.loadChatYAML(fname)
+        next unless chat
+        yield chat if block_given?
+      end
+    end
+
+    def each_finding(&block)
+      get_file_list(@findings_path, "*-finding*").each do |fname|
+        f = Watobo::Utils.loadFindingYAML(fname)
+        next unless f
+        yield f if block_given?
+      end
+    end
+
+    def initialize(project_name, session_name)
+
+      wsp = Watobo.workspace_path
+      return false unless File.exist? wsp
+      puts "* using workspace path: #{wsp}" if $DEBUG
+
+      @log_file = nil
+      @log_lock = Mutex.new
+
+      @project_path = File.join(wsp, project_name)
+      unless File.exist? @project_path
+        puts "* create project path: #{@project_path}" if $DEBUG
+        Dir.mkdir(@project_path)
+      end
+
+      @project_config_path = File.join(@project_path, ".config")
+      Dir.mkdir @project_config_path unless File.exist? @project_config_path
+
+      @session_path = File.join(@project_path, session_name)
+
+      unless File.exist? @session_path
+        puts "* create session path: #{@session_path}" if $DEBUG
+        Dir.mkdir(@session_path)
+      end
+
+      @session_config_path = File.join(@session_path, ".config")
+      Dir.mkdir @session_config_path unless File.exist? @session_config_path
+
+      sext = Watobo::Conf::General.session_settings_file_ext
+
+      @session_file = File.join(@session_path, session_name + sext)
+      @project_file = File.join(@project_path, project_name + Watobo::Conf::General.project_settings_file_ext)
+
+      @conversation_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.conversations))
+
+      @findings_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.findings))
+      @log_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.event_logs_dir))
+      @scanlog_path = File.expand_path(File.join(@session_path, Watobo::Conf::Datastore.scan_logs_dir))
+
+      [ @conversation_path, @findings_path, @log_path, @scanlog_path ].each do |folder|
+        if not File.exists?(folder) then
+          puts "create path #{folder}"
+          begin
+            Dir.mkdir(folder)
+          rescue SystemCallError => bang
+            puts "!!!ERROR:"
+            puts bang
+          rescue => bang
+            puts "!!!ERROR:"
+            puts bang
+          end
+        end
+      end
+
+      @log_file = File.join(@log_path, session_name + ".log")
+
+    #     @chat_files = get_file_list(@conversation_path, "*-chat")
+    #     @finding_files = get_file_list(@findings_path, "*-finding")
+    end
+
+    def save_session_settings(group, session_settings)
+      # puts ">> save_session_settings <<"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      session_file = File.join(@session_config_path, file)
+      # puts "Dest.File: #{session_file}"
+      #  puts session_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(session_file, session_settings)
+    end
+
+    def load_session_settings(group)
+      # puts ">> load_session_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      session_file = File.join(@session_config_path, file)
+      # puts "File: #{session_file}"
+      #  puts "---"
+
+      s = Watobo::Utils.load_settings(session_file)
+      s
+    end
+
+    def save_project_settings(group, project_settings)
+      # puts ">> save_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      project_file = File.join(@project_config_path, file)
+      # puts "Dest.File: #{project_file}"
+      # puts project_settings.to_yaml
+      # puts "---"
+      Watobo::Utils.save_settings(project_file, project_settings)
+
+    end
+
+    def load_project_settings(group)
+      # puts ">> load_project_settings : #{group}"
+      file = Watobo::Utils.snakecase group.gsub(/\.yml/,'')
+      file << ".yml"
+
+      project_file = File.join(@project_config_path, file)
+      # puts "File: #{project_file}"
+      # puts "---"
+
+      s = Watobo::Utils.load_settings(project_file)
+      s
+
+    end
+
+    def logs
+      l = ''
+      @log_lock.synchronize do
+        l = File.open(@log_file).read
+      end
+      l
+    end
+
+    def logger( message, prefs = {} )
+      opts = { :sender => "unknown", :level => Watobo::Constants::LOG_INFO }
+      opts.update prefs
+      return false if @log_file.nil?
+      begin
+        t = Time.now
+        now = t.strftime("%m/%d/%Y @ %H:%M:%S")
+        log_message = [ now ]
+        log_message << "#{opts[:sender]}"
+        if message.is_a? Array
+          log_message << message.join("\n| ")
+          log_message << "\n-"
+        else
+        log_message << message
+        end
+        @log_lock.synchronize do
+          File.open(@log_file,"a") do |lfh|
+            lfh.puts log_message.join("|")
+          end
+        end
+      rescue => bang
+        puts bang
+      end
+
+    end
+
+    private
+
+    def chat_valid?(chat)
+      return false unless chat.respond_to? :request
+      return false unless chat.respond_to? :response
+      true
+    end
+
+    def get_file_list(path, pattern)
+      fl = Dir["#{path}/#{pattern}"].sort_by{ |x| File.basename(x).sub(/[^0-9]*/,'').to_i }
+      #puts fl.length
+      fl
+    end
+
+  end
+
 end