def _report_finding(self, name, response, protected_by=None): """ Creates a information object based on the name and the response parameter and saves the data in the kb. :param name: The name of the WAF :param response: The HTTP response object that was used to identify the WAF :param protected_by: A more detailed description/version of the WAF """ desc = 'The remote network seems to have a "%s" WAF deployed to' \ ' protect access to the web server.' desc = desc % name if protected_by: desc += ' The following is the WAF\'s version: "%s".' % protected_by i = Info('Web Application Firewall fingerprint', desc, response.id, self.get_name()) i.set_url(response.get_url()) i.set_id(response.id) kb.kb.append(self, name, i) om.out.information(i.get_desc())
def _grep_worker(self, request, response, kb_key, domain=None): """ Helper method for using in self.grep() :param request: The HTTP request :param response: The HTTP response :param kb_key: Knowledge base dict key :param domain: Target domain for get_emails filter :return: None """ try: dp = parser_cache.dpc.get_document_parser_for(response) except BaseFrameworkException: msg = 'Failed to get document parser for "%s" at get_emails.' om.out.debug(msg % response.get_url()) return emails = dp.get_emails(domain) for mail_address in emails: # Reduce false positives if request.sent(mail_address): continue # Email address are case insensitive mail_address = mail_address.lower() url = response.get_url() email_map = {} for info_obj in kb.kb.get('emails', 'emails'): mail_string = info_obj['mail'] email_map[mail_string] = info_obj if mail_address not in email_map: # Create a new info object, and report it desc = 'The mail account: "%s" was found in: \n- %s'\ ' - In request with id: %s.' desc = desc % (mail_address, url, response.id) i = Info('Exposed email address', desc, response.id, self.get_name()) i.set_url(url) i['mail'] = mail_address i['url_list'] = set([ url, ]) i['user'] = mail_address.split('@')[0] i.add_to_highlight(mail_address) self.kb_append('emails', kb_key, i) else: # Get the corresponding info object. i = email_map[mail_address] # And work if url not in i['url_list']: # This email was already found in some other URL # I'm just going to modify the url_list and the description # message of the information object. id_list_of_info = i.get_id() id_list_of_info.append(response.id) i.set_id(id_list_of_info) i.set_url(url) desc = i.get_desc() desc += '\n- %s - In request with id: %s.' desc = desc % (url, response.id) i.set_desc(desc) i['url_list'].add(url)
def _grep_worker(self, request, response, kb_key, domain=None): """ Helper method for using in self.grep() :param request: The HTTP request :param response: The HTTP response :param kb_key: Knowledge base dict key :param domain: Target domain for get_emails filter :return: None """ try: dp = parser_cache.dpc.get_document_parser_for(response) except BaseFrameworkException: msg = 'If I can\'t parse the document, I won\'t be able to find'\ ' any emails. Ignoring the response for "%s".' om.out.debug(msg % response.get_url()) return emails = dp.get_emails(domain) for mail_address in emails: # Reduce false positives if request.sent(mail_address): continue # Email address are case insensitive mail_address = mail_address.lower() url = response.get_url() email_map = {} for info_obj in kb.kb.get('emails', 'emails'): mail_string = info_obj['mail'] email_map[mail_string] = info_obj if mail_address not in email_map: # Create a new info object, and report it desc = 'The mail account: "%s" was found in: \n- %s'\ ' - In request with id: %s.' desc = desc % (mail_address, url, response.id) i = Info('Exposed email address', desc, response.id, self.get_name()) i.set_url(url) i['mail'] = mail_address i['url_list'] = set([url,]) i['user'] = mail_address.split('@')[0] i.add_to_highlight(mail_address) self.kb_append('emails', kb_key, i) else: # Get the corresponding info object. i = email_map[mail_address] # And work if url not in i['url_list']: # This email was already found in some other URL # I'm just going to modify the url_list and the description # message of the information object. id_list_of_info = i.get_id() id_list_of_info.append(response.id) i.set_id(id_list_of_info) i.set_url(url) desc = i.get_desc() desc += '\n- %s - In request with id: %s.' desc = desc % (url, response.id) i.set_desc(desc) i['url_list'].add(url)