Exemple #1
0
    def _report_finding(self, name, response, protected_by=None):
        """
        Creates a information object based on the name and the response
        parameter and saves the data in the kb.

        :param name: The name of the WAF
        :param response: The HTTP response object that was used to identify the WAF
        :param protected_by: A more detailed description/version of the WAF
        """
        desc = 'The remote network seems to have a "%s" WAF deployed to' \
               ' protect access to the web server.'
        desc = desc % name
        
        if protected_by:
            desc += ' The following is the WAF\'s version: "%s".' % protected_by
        
        i = Info('Web Application Firewall fingerprint', desc, response.id,
                 self.get_name())
        i.set_url(response.get_url())
        i.set_id(response.id)

        kb.kb.append(self, name, i)
        om.out.information(i.get_desc())
    def _report_finding(self, name, response, protected_by=None):
        """
        Creates a information object based on the name and the response
        parameter and saves the data in the kb.

        :param name: The name of the WAF
        :param response: The HTTP response object that was used to identify the WAF
        :param protected_by: A more detailed description/version of the WAF
        """
        desc = 'The remote network seems to have a "%s" WAF deployed to' \
               ' protect access to the web server.'
        desc = desc % name

        if protected_by:
            desc += ' The following is the WAF\'s version: "%s".' % protected_by

        i = Info('Web Application Firewall fingerprint', desc, response.id,
                 self.get_name())
        i.set_url(response.get_url())
        i.set_id(response.id)

        kb.kb.append(self, name, i)
        om.out.information(i.get_desc())
Exemple #3
0
    def _grep_worker(self, request, response, kb_key, domain=None):
        """
        Helper method for using in self.grep()

        :param request: The HTTP request
        :param response: The HTTP response
        :param kb_key: Knowledge base dict key
        :param domain: Target domain for get_emails filter
        :return: None
        """
        try:
            dp = parser_cache.dpc.get_document_parser_for(response)
        except BaseFrameworkException:
            msg = 'Failed to get document parser for "%s" at get_emails.'
            om.out.debug(msg % response.get_url())
            return

        emails = dp.get_emails(domain)

        for mail_address in emails:
            # Reduce false positives
            if request.sent(mail_address):
                continue

            # Email address are case insensitive
            mail_address = mail_address.lower()
            url = response.get_url()

            email_map = {}
            for info_obj in kb.kb.get('emails', 'emails'):
                mail_string = info_obj['mail']
                email_map[mail_string] = info_obj

            if mail_address not in email_map:
                # Create a new info object, and report it
                desc = 'The mail account: "%s" was found in: \n- %s'\
                       ' - In request with id: %s.'
                desc = desc % (mail_address, url, response.id)

                i = Info('Exposed email address', desc, response.id,
                         self.get_name())
                i.set_url(url)
                i['mail'] = mail_address
                i['url_list'] = set([
                    url,
                ])
                i['user'] = mail_address.split('@')[0]
                i.add_to_highlight(mail_address)

                self.kb_append('emails', kb_key, i)

            else:

                # Get the corresponding info object.
                i = email_map[mail_address]
                # And work
                if url not in i['url_list']:
                    # This email was already found in some other URL
                    # I'm just going to modify the url_list and the description
                    # message of the information object.
                    id_list_of_info = i.get_id()
                    id_list_of_info.append(response.id)
                    i.set_id(id_list_of_info)
                    i.set_url(url)
                    desc = i.get_desc()
                    desc += '\n- %s - In request with id: %s.'
                    desc = desc % (url, response.id)
                    i.set_desc(desc)
                    i['url_list'].add(url)
Exemple #4
0
    def _grep_worker(self, request, response, kb_key, domain=None):
        """
        Helper method for using in self.grep()

        :param request: The HTTP request
        :param response: The HTTP response
        :param kb_key: Knowledge base dict key
        :param domain: Target domain for get_emails filter
        :return: None
        """
        try:
            dp = parser_cache.dpc.get_document_parser_for(response)
        except BaseFrameworkException:
            msg = 'If I can\'t parse the document, I won\'t be able to find'\
                  '  any emails. Ignoring the response for "%s".'
            om.out.debug(msg % response.get_url())
            return

        emails = dp.get_emails(domain)

        for mail_address in emails:
            # Reduce false positives
            if request.sent(mail_address):
                continue

            # Email address are case insensitive
            mail_address = mail_address.lower()
            url = response.get_url()

            email_map = {}
            for info_obj in kb.kb.get('emails', 'emails'):
                mail_string = info_obj['mail']
                email_map[mail_string] = info_obj

            if mail_address not in email_map:
                # Create a new info object, and report it
                desc = 'The mail account: "%s" was found in: \n- %s'\
                       ' - In request with id: %s.'
                desc = desc % (mail_address, url, response.id)

                i = Info('Exposed email address', desc, response.id,
                         self.get_name())
                i.set_url(url)
                i['mail'] = mail_address
                i['url_list'] = set([url,])
                i['user'] = mail_address.split('@')[0]
                i.add_to_highlight(mail_address)
                
                self.kb_append('emails', kb_key, i)

            else:

                # Get the corresponding info object.
                i = email_map[mail_address]
                # And work
                if url not in i['url_list']:
                    # This email was already found in some other URL
                    # I'm just going to modify the url_list and the description
                    # message of the information object.
                    id_list_of_info = i.get_id()
                    id_list_of_info.append(response.id)
                    i.set_id(id_list_of_info)
                    i.set_url(url)
                    desc = i.get_desc()
                    desc += '\n- %s - In request with id: %s.'
                    desc = desc % (url, response.id)
                    i.set_desc(desc)
                    i['url_list'].add(url)