Exemplo n.º 1
0
def grep_domobjects(http_objs, requests, response_data, dom_regex):

    request_URLs = http_objs["request_URL"]

    dom_rows = []

    hash_group = []
                    
    for i in xrange(0, requests):
        protocol = request_URLs[i]["protocol"]
        url = request_URLs[i]["url"]
        path = request_URLs[i]["path"]
        params = request_URLs[i]["params"]
        query = request_URLs[i]["query"]

        full_path = protocol + "://" + url + path
        
        content = re.findall(eval(dom_regex), response_data[i], re.I) 
        content = str(content)
        if content != "[]":
            if utils.md5_object(full_path + utils.html_escape(content)) not in hash_group:
                dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + utils.html_escape(content) + "</td>")
            hash_group.append(utils.md5_object(full_path + utils.html_escape(content)))

    return dom_rows
Exemplo n.º 2
0
def analysis(http_objs):
    requests = http_objs["total_requests"]
    response_headers = http_objs["response_headers"]
    request_headers = http_objs["request_headers"]
    
    headers = {"Server":"Application Server",
    "X-Powered-By":"Platform",
    "X-Aspnet-Version":"Asp.Net Version",
    "X-Varnish":"Varnish Cache"}
    
    fingerprint_rows = []
    servers = []
    
    hash_group = []
    rpt = report.htmltags()
    
    for i in xrange(0, requests):
        for header in response_headers[i].iterkeys():
            if header in headers.iterkeys():
                if utils.md5_object(str(request_headers[i]["Host"]) + str(headers[header])) not in hash_group:
                    servers.append(rpt.href(request_headers[i]["Host"]))
                    if response_headers[i].has_key("Server"):                    
                        fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(response_headers[i]["Server"]) + "</td>")
                    else:
                        fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(header) + "</td>")
                        
                    hash_group.append(utils.md5_object(str(request_headers[i]["Host"]) +  str(headers[header])))
                    

    collums = {"Fingerprint":["Path", "-"]}
    rows = {"Fingerprint":fingerprint_rows}

    tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29' target='_blank'>Testing for Web Application Fingerprint</a>"

    rpt.make_table("fingerprint", tip, collums, rows)
Exemplo n.º 3
0
def grep_domobjects(http_objs, requests, response_data, dom_regex):

    request_URLs = http_objs["request_URL"]

    dom_rows = []

    hash_group = []

    for i in xrange(0, requests):
        protocol = request_URLs[i]["protocol"]
        url = request_URLs[i]["url"]
        path = request_URLs[i]["path"]
        params = request_URLs[i]["params"]
        query = request_URLs[i]["query"]

        full_path = protocol + "://" + url + path

        content = re.findall(eval(dom_regex), response_data[i], re.I)
        content = str(content)
        if content != "[]":
            if utils.md5_object(full_path +
                                utils.html_escape(content)) not in hash_group:
                dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" +
                                utils.html_escape(content) + "</td>")
            hash_group.append(
                utils.md5_object(full_path + utils.html_escape(content)))

    return dom_rows
Exemplo n.º 4
0
def get_script_body(urls, requests, request_headers, response_data):

    js_body_rows = []
    js_body_path = []
    js_comment_rows = []
    js_comment_path = []
    hash_group = []

    for i in xrange(0, requests):
        protocol = urls[i]["protocol"]
        domain = urls[i]["url"]
        path = urls[i]["path"]
        params = urls[i]["params"]
        query = urls[i]["query"]

        full_path = protocol + "://" + domain + path

        body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
        comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))

        for script in body_js:
            if utils.md5_object(full_path + script) not in hash_group:
                if full_path not in js_body_path:
                    content = jsbeautifier.js_beautify(script, "")
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(content))
                    js_body_rows.append("<td>" + rpt.href(full_path) +
                                        "</td><td>" +
                                        rpt.href(str(i) + "body") + "</td>")
                    hash_group.append(utils.md5_object(full_path + script))
                    js_body_path.append(full_path)
                else:
                    content = jsbeautifier.js_beautify(script, "")
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(content))
                rpt.make_module_report_file(content, str(i) + "body")

        for comment in comment_js:
            if utils.md5_object(full_path + comment) not in hash_group:
                if full_path not in js_comment_path:
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(comment))
                    js_comment_rows.append("<td>" + rpt.href(full_path) +
                                           "</td><td>" +
                                           rpt.href(str(i) + "comment") +
                                           "</td>")
                    hash_group.append(utils.md5_object(full_path + comment))
                    js_comment_path.append(full_path)
                else:
                    content = utils.syntaxhighlighter(
                        "js", rpt.href(full_path), utils.html_escape(comment))
                rpt.make_module_report_file(content, str(i) + "comment")

    js_body = [js_body_rows, js_comment_rows]
    return js_body
Exemplo n.º 5
0
def analysis(http_objs):
    requests = http_objs["total_requests"]
    response_headers = http_objs["response_headers"]
    request_headers = http_objs["request_headers"]

    headers = {
        "Server": "Application Server",
        "X-Powered-By": "Platform",
        "X-Aspnet-Version": "Asp.Net Version",
        "X-Varnish": "Varnish Cache"
    }

    fingerprint_rows = []
    servers = []

    hash_group = []
    rpt = report.htmltags()

    for i in xrange(0, requests):
        for header in response_headers[i].iterkeys():
            if header in headers.iterkeys():
                if utils.md5_object(
                        str(request_headers[i]["Host"]) +
                        str(headers[header])) not in hash_group:
                    servers.append(rpt.href(request_headers[i]["Host"]))
                    if response_headers[i].has_key("Server"):
                        fingerprint_rows.append(
                            "<td>" + request_headers[i]["Host"] + "</td><td>" +
                            str(response_headers[i]["Server"]) + "</td>")
                    else:
                        fingerprint_rows.append("<td>" +
                                                request_headers[i]["Host"] +
                                                "</td><td>" + str(header) +
                                                "</td>")

                    hash_group.append(
                        utils.md5_object(
                            str(request_headers[i]["Host"]) +
                            str(headers[header])))

    collums = {"Fingerprint": ["Path", "-"]}
    rows = {"Fingerprint": fingerprint_rows}

    tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29' target='_blank'>Testing for Web Application Fingerprint</a>"

    rpt.make_table("fingerprint", tip, collums, rows)
Exemplo n.º 6
0
def get_script_body(urls, requests, request_headers, response_data):

    js_body_rows = []
    js_body_path = []
    js_comment_rows = []
    js_comment_path = []
    hash_group = []

    for i in xrange(0, requests):
        protocol = urls[i]["protocol"]
        domain = urls[i]["url"]
        path = urls[i]["path"]
        params = urls[i]["params"]
        query = urls[i]["query"]

        full_path = protocol + "://" + domain + path
        
        body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
        comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))	
        
        for script in body_js:
            if utils.md5_object(full_path + script) not in hash_group:
               if full_path not in js_body_path:
                   content = jsbeautifier.js_beautify(script, "")
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
                   js_body_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "body") + "</td>")
                   hash_group.append(utils.md5_object(full_path + script))
                   js_body_path.append(full_path)
               else:
                   content = jsbeautifier.js_beautify(script, "")
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
               rpt.make_module_report_file(content, str(i) + "body")

        for comment in comment_js:
            if utils.md5_object(full_path + comment) not in hash_group:
               if full_path not in js_comment_path:
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
                   js_comment_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "comment") + "</td>")
                   hash_group.append(utils.md5_object(full_path + comment))
                   js_comment_path.append(full_path)
               else:
                   content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
               rpt.make_module_report_file(content, str(i) + "comment")
               
    js_body = [js_body_rows, js_comment_rows]    
    return js_body
Exemplo n.º 7
0
def analysis(http_objs):

    requests = http_objs["total_requests"]
    response_headers = http_objs["response_headers"]
    request_URLs = http_objs["request_URL"]

    headers = {"Cache-Control":"Cache-Control",
    "Pragma":"Pragma"}
    
    cache_rows = []
    hash_group = []

    rpt = report.htmltags()

    for i in xrange(0, requests):
        for header in response_headers[i].iterkeys():
            if header in headers.iterkeys():
                protocol = request_URLs[i]["protocol"]
                url = request_URLs[i]["url"]
                path = request_URLs[i]["path"]
                params = request_URLs[i]["params"]
                query = request_URLs[i]["query"]

                full_path = protocol + "://" + url + path

                if utils.md5_object(full_path + str(header)) not in hash_group:
                    cache_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + str(response_headers[i][header]) + "</td>")
                
                hash_group.append(utils.md5_object(full_path + str(header)))

    collums = {"Cache":["Path", "Cache Analyzed"]}
    rows = {"Cache":cache_rows}
    
    tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Logout_and_Browser_Cache_Management_%28OWASP-AT-007%29' target='_blank'>Testing for Logout and Browser Cache Management</a>"

    rpt.make_table("cache", tip, collums, rows)
    rpt.html_report()