def requester(url, data, headers, GET, delay, timeout):
if getVar('jsonData'):
data = converter(data)
elif getVar('path'):
url = converter(data, url)
data = []
GET, POST = True, False
time.sleep(delay)
user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991']
if ('User-Agent' not in headers) or (headers['User-Agent'] == '$'):
headers['User-Agent'] = random.choice(user_agents)
logger.debug('Requester url: {}'.format(url))
logger.debug('Requester GET: {}'.format(GET))
logger.debug_json('Requester data:', data)
logger.debug_json('Requester headers:', headers)
try:
if GET:
response = requests.get(url, params=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
elif getVar('jsonData'):
response = requests.post(url, json=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
else:
response = requests.post(url, data=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
return response
except ProtocolError:
logger.warning('WAF is dropping suspicious requests.')
logger.warning('Scanning will continue after 10 minutes.')
time.sleep(600)
def requester(url,data,headers,GET,delay,timeout):
if url == 'https://portal.biznetgio.net/signout':
print("URL CHANGED")
url = 'https://portal.biznetgio.net/dashboard'
print("====================URL=====================")
print(url)
print("============================================")
webdriver = container.vars['driver']
if getVar('jsonData'):
data = converter(data)
elif getVar('path'):
url = converter(data, url)
data = []
GET, POST = True, False
time.sleep(delay)
user_agents = ['Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 OPR/43.0.2442.991']
if 'User-Agent' not in headers:
headers['User-Agent'] = random.choice(user_agents)
elif headers['User-Agent'] == '$':
headers['User-Agent'] = random.choice(user_agents)
logger.debug('Requester url: {}'.format(url))
logger.debug('Requester GET: {}'.format(GET))
logger.debug_json('Requester data:', data)
logger.debug_json('Requester headers:', headers)
try:
if GET:
response = webdriver.request('GET',url, params=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
elif getVar('jsonData'):
response = webdriver.request('POST',url, json=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
else:
response = webdriver.request('POST',url, data=data, headers=headers,
timeout=timeout, verify=False, proxies=core.config.proxies)
if url == 'https://portal.biznetgio.net/other-services':
print("==================================RESPONSE======================================")
print(response.text)
print("===============================RESPONSE END=====================================")
print("==================================Container======================================")
print(container.vars)
print("===============================Cookies END=====================================")
return response
except ProtocolError:
logger.warning('WAF is dropping suspicious requests.')
logger.warning('Scanning will continue after 10 minutes.')
time.sleep(600)
except Exception as e:
print("LAH ERROR")
print(str(e))
def retireJs(url, response):
vulnerable_component = list()
scripts = js_extractor(response)
for index, script in enumerate(scripts):
if script not in getVar('checkedScripts'):
updateVar('checkedScripts', script, 'add')
uri = handle_anchor(url, script)
response = requester(uri, '', getVar('headers'), True,
getVar('delay'), getVar('timeout')).text
result = main_scanner(uri, response)
if result:
component_report = dict()
logger.red_line()
logger.good('Vulnerable component: ' + result['component'] +
' v' + result['version'])
logger.info('Component location: %s' % uri)
details = result['vulnerabilities']
logger.info('Total vulnerabilities: %i' % len(details))
component_report['vulnerable_component'] = result[
'component'] + ' v' + result['version']
component_report['component_location'] = uri
component_report['total_vulnerabilities'] = len(details)
component_report['details'] = list()
for detail in details:
detail_report = dict()
identifiers = detail['identifiers']
summary = identifiers.get('summary', "None")
severity = identifiers.get('severity', "None")
_cve = identifiers.get('CVE', ["None"])
cve = _cve[0]
logger.info('%sSummary:%s %s' % (green, end, summary))
logger.info('Severity: %s' % severity)
logger.info('CVE: %s' % cve)
detail_report['summary'] = summary
detail_report['severity'] = severity
detail_report['cve'] = cve
component_report['details'].append(detail_report)
logger.red_line()
print("\n{}\n".format(component_report))
vulnerable_component.append(component_report)
return vulnerable_component
def retireJs(url, response):
scripts = js_extractor(response)
for script in scripts:
if script not in getVar('checkedScripts'):
updateVar('checkedScripts', script, 'add')
uri = handle_anchor(url, script)
response = requester(uri, '', getVar('headers'), True,
getVar('delay'), getVar('timeout')).text
result = main_scanner(uri, response)
if result:
logger.red_line()
logger.good('Vulnerable component: ' + result['component'] +
' v' + result['version'])
logger.info('Component location: %s' % uri)
details = result['vulnerabilities']
logger.info('Total vulnerabilities: %i' % len(details))
for detail in details:
logger.info('%sSummary:%s %s' %
(green, end, detail['identifiers']['summary']))
logger.info('Severity: %s' % detail['severity'])
logger.info('CVE: %s' % detail['identifiers']['CVE'][0])
logger.red_line()
def main_scanner(uri, response):
definitions = getVar('definitions')
uri_scan_result = scan_uri(uri, definitions)
filecontent = response
filecontent_scan_result = scan_file_content(filecontent, definitions)
uri_scan_result.extend(filecontent_scan_result)
result = {}
if uri_scan_result:
result['component'] = uri_scan_result[0]['component']
result['version'] = uri_scan_result[0]['version']
result['vulnerabilities'] = []
vulnerabilities = set()
for i in uri_scan_result:
k = set()
try:
for j in i['vulnerabilities']:
vulnerabilities.add(str(j))
except KeyError:
pass
for vulnerability in vulnerabilities:
result['vulnerabilities'].append(
json.loads(vulnerability.replace('\'', '"')))
return result