watobo 0.9.8.677

data/bin/watobo_gui.rb

@@ -0,0 +1,39 @@
+#!/usr/bin/ruby
+# .
+# watobo_gui.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+if $0 == __FILE__
+  inc_path = File.expand_path(File.join(File.dirname(__FILE__), "..", "lib")) # this is the same as rubygems would do
+  $: << inc_path
+end
+
+require 'watobo'
+
+puts "#############################################################"
+puts
+puts "     W A T O B O - Web Application Toolbox  (#{Watobo::VERSION})"
+puts "     brought to you by siberas http://www.siberas.de"
+puts
+puts "#############################################################"
+
+require 'watobo/gui'
+
+Watobo::Gui.start

data/certificates/cert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEjCCAfqgAwIBAgIBATANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJERTEV
+MBMGA1UECgwMd2F0b2JvLmxvY2FsMQ8wDQYDVQQLDAZXQVRPQk8xCzAJBgNVBAMM
+AkNBMB4XDTEwMDMxMTE1MDQ1NVoXDTExMDMxMTE1MDQ1NVowUzELMAkGA1UEBhMC
+REUxFTATBgNVBAoMDHdhdG9iby5sb2NhbDEPMA0GA1UECwwGV0FUT0JPMQswCQYD
+VQQLDAJDQTEPMA0GA1UEAwwGV0FUT0JPMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDHRpPBqG+nXn4KBP4H2Mn4OQ7dkxkyIEfOf7+0NLxkxPdCNuA1xdJrfsw3
+kt+pGq+L6IxplXcGffiK2iCLwmNEa0E+RWDyA79MKCswyIvtzb/2R/pOsQNBjtp+
+hJdfro1lqVIi4lZtidXnXfLJGbRtmI3rRZ/WV7z95vVxcrd+qwIDAQABo4GFMIGC
+MAwGA1UdEwEB/wQCMAAwMQYJYIZIAYb4QgENBCQWIlJ1YnkvT3BlblNTTCBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEGaqp0fDnY0REtlFm7E/yXJwlHi
+MAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF
+AAOCAQEABJyfIruQ/6TiF5D0DC9GQm1sy0lLWAEdpsRCZcuwPpS1IkGGQ+HRJgu8
+9IfUsGSZhtPV0drmxzdVmRl2R2zmmn3XUwGxW3HNMF9vdgxAvw11zh03dkj3gFHB
+kjpdWZr55XbT7r3O77ffL2flQcOITmYNetafUTDvOXb6xOF1Rj9KjkCbM/+OZaXF
+jZNBzx+SMIBb72AtC37VTjxJm9VDq/mw1E9Zt26GJXezieKKAvjai730fu26DkjH
+2O/82fSveN8Q7Q0JoAgv6VDupyFwlpagqUZK2XPV93KjKyTzCK7prthMoy1r8Dat
+7KVHZ6MJ3V4XGpIQ6ShBnYFYUTgXYA==
+-----END CERTIFICATE-----

data/certificates/privkey.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDHRpPBqG+nXn4KBP4H2Mn4OQ7dkxkyIEfOf7+0NLxkxPdCNuA1
+xdJrfsw3kt+pGq+L6IxplXcGffiK2iCLwmNEa0E+RWDyA79MKCswyIvtzb/2R/pO
+sQNBjtp+hJdfro1lqVIi4lZtidXnXfLJGbRtmI3rRZ/WV7z95vVxcrd+qwIDAQAB
+AoGBAKKGun3I7X+Y/r0XQ0SNGHS9vJUUowkR8N7HrEfCdyDM0EkNzqGsvSh1GwP8
+YzRdkm1Odi6q+4+s8Cf3LXIvUZuKuAiYMMU4sDtTIJjtSPZeUtcxOGaehhiGl9Yg
+c0+V8KKs5EVe3Dn9LQVCvtwmU9M7A3NYH/2jA0Ge2RtCIU5BAkEA+DtXbEWXKYU1
+ZIrttdyYesmHYLHiTRbQxlTg7gpfDKgrDOKwT897mYEijhr14qIOreHVMPp2yCV4
+LdPuDZap4QJBAM2DCKViTvGXpoMy7bYjowMZC0JNoVosde70lVMvcNLcjWYQ4juL
+Gl/B2wpvuPG2GEml8I/wUwM4CYSu4eiYcgsCQQCSWPoLvWOHeR+nbTkEVVAYZCRK
+X9WZuW/Q3k3WSYsMPUFUUXm9NAgc0kN7IG4C9aRN46z7OU86ZMzbx+y7Wi5BAkAf
+512qPw6+VqqU540bn4Co9HRZALAxzYEpbXLZDR5YvcB9vdVBJSEdCH02q41siLZQ
+iKBF2Csq7sIbhQKxFyltAkBTenvTKpGBeACzfdEbI9U2sMeeoKFLY2D/RdM4t7nn
+9QDcP+cMvHGx5ROCOSkddmO2ZMBuQn29ks6jRcF9vOts
+-----END RSA PRIVATE KEY-----

data/certificates/watobo_dh.key

@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBANvNYTELcuTufyiWwTmvxedC8jROJoJbK9Cf9qDZcNwrSeSokrjaw/9m
+xhlvWMGOgFMB0WhZc+C/j+OhgDdwYiIWE4GXurxVLGxBju1G5AGMIJHR8xYirxSe
+kKaUTdgytBzydNEIQNHByZzl5b/O9ERH/0FxHoTkCj06iJ0M88MbAgEC
+-----END DH PARAMETERS-----

data/config/datastore.yml

@@ -0,0 +1,5 @@
+:adapter: :file
+:findings: findings
+:conversations: conversations
+:event_logs_dir: logs
+:scan_logs_dir: scan_logs

data/config/forwarding_proxy.yml

@@ -0,0 +1,12 @@
+webscarab: 
+      :description: ""
+      :auth_type: ""
+      :username: ""
+      :password: ""
+      :host: 127.0.0.1
+      :domain: ""
+      :name: webscarab
+      :port: "8008"
+      :workstation: ""
+
+:default_proxy: ""  

data/config/general.yml

@@ -0,0 +1,4 @@
+:workspace_name: "workspace"
+:project_settings_file_ext: .wps
+:session_settings_file_ext: .wss
+:watobo_folder: ".watobo"

data/config/gui.yml

@@ -0,0 +1,23 @@
+:history_file: "history.yml"
+:save_passwords: false
+:save_without_master: false
+:fext_img:
+  - jpg
+  - gif
+  - bmp
+  - ico
+  - png
+  - jpeg 
+:fext_docs:
+  - ppt
+  - doc
+  - xls
+  - pptx
+  - docx
+  - xlsx
+  - pdf
+:fext_javascript: 
+  - js
+  - json
+:fext_style:
+  - css

data/config/interceptor.yml

@@ -0,0 +1,16 @@
+:cert_file: cert.pem
+:key_file: privkey.pem
+:dh_key_file: watobo_dh.key
+:pass_through: 
+  :content_types: 
+  - application\/audio
+  - application\/video
+  - application\/image
+  - application\/pdf
+  - application\/.*flash
+  - image\/
+  :content_length: 100000
+:certificate_path: certificates
+:port: 8081
+:server: "127.0.0.1"
+  

data/config/scan_policy.yml

@@ -0,0 +1,13 @@
+default: 
+    Watobo::Modules::Active::Xss::Xss_simple: true
+    Watobo::Modules::Active::Sap::Its_service_parameter: false
+    Watobo::Modules::Active::Sqlinjection::Sql_numerical: false
+    Watobo::Modules::Active::Discovery::Http_methods: false
+    Watobo::Modules::Active::Sap::Its_xss: false
+    Watobo::Modules::Active::Sqlinjection::Sqli_simple: true
+    Watobo::Modules::Active::Sap::Its_services: false
+    Watobo::Modules::Active::Sap::Its_commands: false
+    Watobo::Modules::Active::Domino::Domino_db: false
+    Watobo::Modules::Active::Directories::Dir_indexing: false
+    Watobo::Modules::Active::Sqlinjection::Sql_boolean: true
+:default_policy: default

data/config/scanner.yml

@@ -0,0 +1,34 @@
+:sid_patterns: 
+- name="(sessid)" value="([0-9a-zA-Z!-]*)"
+- (sessid)=([-0-9a-zA-Z_:]*)(;|&)?
+- (SESSIONID)=([-0-9a-zA-Z_:\.\(\)]*)(;|&)?
+- (PHPSESSID)=([0-9a-zA-Z]*)(;|&)?
+- (ASPSESSIONID)\w*=([0-9a-zA-Z]*)(;|&)?
+- (MYSAPSSO2)=([0-9a-zA-Z.=%]*)(;|&)?
+- (ELEXIRSID)=([0-9a-zA-Z!-]*)(;|&)?
+- (SLSID)=([0-9a-zA-Z!-]*)(;|&)?
+- (sid)=([0-9a-z]*)(')?
+- (saplb_\*)=([-0-9a-zA-Z_:\(\)]*)(;|&)?
+- (DomAuthSessId)=([0-9a-zA-Z]*)(;|&)?
+- (wgate)\/([\w]{4,}\/[\w=~]*)(;|&|'|")?
+- (session)=([-0-9a-zA-Z_:\.]*)(;|&)?
+:logout_signatures: 
+- ^Location.*login
+:smart_scan: true
+:custom_error_patterns: []
+:excluded_chats: []
+:max_parallel_checks: 15
+:excluded_parms:
+  - __VIEWSTATE
+  - __EVENTVALIDATION
+:non_unique_parms: []
+:smart_scan: true
+:www_auth: {}
+:scope: {}  
+:run_passive_checks: false
+:client_certificates: {}
+:csrf_patterns:
+  - name="(token)" value="([0-9a-zA-Z!-]*)"
+  - (token)=([-0-9a-zA-Z_:]*)(;|&)?
+
+  

data/icons/icons.txt

@@ -0,0 +1,3 @@
+Special thanks to:
+- Jonas Rask(DRF): http://www.iconfinder.net/search/5/?q=iconset:drf
+- Sekkyumo: http://sekkyumu.deviantart.com/art/Developpers-Icons-63052312

data/lib/watobo/adapters/data_store.rb

@@ -0,0 +1,38 @@
+# .
+# data_store.rb
+# 
+# Copyright 2012 by siberas, http://www.siberas.de
+# 
+# This file is part of WATOBO (Web Application Tool Box)
+#        http://watobo.sourceforge.com
+# 
+# WATOBO is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation version 2 of the License.
+# 
+# WATOBO is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with WATOBO; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+# .
+module Watobo
+  class DataStore  
+      
+    def self.aquire(project_name, session_name)
+      a = Watobo::Conf::Datastore.adapter
+      store = case
+      when 'file'
+        FileSessionStore.new(project_name, session_name)
+      else
+        nil
+      end
+      store
+    end
+    
+        
+  end
+end