def grep_domobjects(http_objs, requests, response_data, dom_regex):
request_URLs = http_objs["request_URL"]
dom_rows = []
hash_group = []
for i in xrange(0, requests):
protocol = request_URLs[i]["protocol"]
url = request_URLs[i]["url"]
path = request_URLs[i]["path"]
params = request_URLs[i]["params"]
query = request_URLs[i]["query"]
full_path = protocol + "://" + url + path
content = re.findall(eval(dom_regex), response_data[i], re.I)
content = str(content)
if content != "[]":
if utils.md5_object(full_path + utils.html_escape(content)) not in hash_group:
dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + utils.html_escape(content) + "</td>")
hash_group.append(utils.md5_object(full_path + utils.html_escape(content)))
return dom_rows
def analysis(http_objs):
requests = http_objs["total_requests"]
response_headers = http_objs["response_headers"]
request_headers = http_objs["request_headers"]
headers = {"Server":"Application Server",
"X-Powered-By":"Platform",
"X-Aspnet-Version":"Asp.Net Version",
"X-Varnish":"Varnish Cache"}
fingerprint_rows = []
servers = []
hash_group = []
rpt = report.htmltags()
for i in xrange(0, requests):
for header in response_headers[i].iterkeys():
if header in headers.iterkeys():
if utils.md5_object(str(request_headers[i]["Host"]) + str(headers[header])) not in hash_group:
servers.append(rpt.href(request_headers[i]["Host"]))
if response_headers[i].has_key("Server"):
fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(response_headers[i]["Server"]) + "</td>")
else:
fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(header) + "</td>")
hash_group.append(utils.md5_object(str(request_headers[i]["Host"]) + str(headers[header])))
collums = {"Fingerprint":["Path", "-"]}
rows = {"Fingerprint":fingerprint_rows}
tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29' target='_blank'>Testing for Web Application Fingerprint</a>"
rpt.make_table("fingerprint", tip, collums, rows)
def grep_domobjects(http_objs, requests, response_data, dom_regex):
request_URLs = http_objs["request_URL"]
dom_rows = []
hash_group = []
for i in xrange(0, requests):
protocol = request_URLs[i]["protocol"]
url = request_URLs[i]["url"]
path = request_URLs[i]["path"]
params = request_URLs[i]["params"]
query = request_URLs[i]["query"]
full_path = protocol + "://" + url + path
content = re.findall(eval(dom_regex), response_data[i], re.I)
content = str(content)
if content != "[]":
if utils.md5_object(full_path +
utils.html_escape(content)) not in hash_group:
dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" +
utils.html_escape(content) + "</td>")
hash_group.append(
utils.md5_object(full_path + utils.html_escape(content)))
return dom_rows
def get_script_body(urls, requests, request_headers, response_data):
js_body_rows = []
js_body_path = []
js_comment_rows = []
js_comment_path = []
hash_group = []
for i in xrange(0, requests):
protocol = urls[i]["protocol"]
domain = urls[i]["url"]
path = urls[i]["path"]
params = urls[i]["params"]
query = urls[i]["query"]
full_path = protocol + "://" + domain + path
body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))
for script in body_js:
if utils.md5_object(full_path + script) not in hash_group:
if full_path not in js_body_path:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(content))
js_body_rows.append("<td>" + rpt.href(full_path) +
"</td><td>" +
rpt.href(str(i) + "body") + "</td>")
hash_group.append(utils.md5_object(full_path + script))
js_body_path.append(full_path)
else:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(content))
rpt.make_module_report_file(content, str(i) + "body")
for comment in comment_js:
if utils.md5_object(full_path + comment) not in hash_group:
if full_path not in js_comment_path:
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(comment))
js_comment_rows.append("<td>" + rpt.href(full_path) +
"</td><td>" +
rpt.href(str(i) + "comment") +
"</td>")
hash_group.append(utils.md5_object(full_path + comment))
js_comment_path.append(full_path)
else:
content = utils.syntaxhighlighter(
"js", rpt.href(full_path), utils.html_escape(comment))
rpt.make_module_report_file(content, str(i) + "comment")
js_body = [js_body_rows, js_comment_rows]
return js_body
def analysis(http_objs):
requests = http_objs["total_requests"]
response_headers = http_objs["response_headers"]
request_headers = http_objs["request_headers"]
headers = {
"Server": "Application Server",
"X-Powered-By": "Platform",
"X-Aspnet-Version": "Asp.Net Version",
"X-Varnish": "Varnish Cache"
}
fingerprint_rows = []
servers = []
hash_group = []
rpt = report.htmltags()
for i in xrange(0, requests):
for header in response_headers[i].iterkeys():
if header in headers.iterkeys():
if utils.md5_object(
str(request_headers[i]["Host"]) +
str(headers[header])) not in hash_group:
servers.append(rpt.href(request_headers[i]["Host"]))
if response_headers[i].has_key("Server"):
fingerprint_rows.append(
"<td>" + request_headers[i]["Host"] + "</td><td>" +
str(response_headers[i]["Server"]) + "</td>")
else:
fingerprint_rows.append("<td>" +
request_headers[i]["Host"] +
"</td><td>" + str(header) +
"</td>")
hash_group.append(
utils.md5_object(
str(request_headers[i]["Host"]) +
str(headers[header])))
collums = {"Fingerprint": ["Path", "-"]}
rows = {"Fingerprint": fingerprint_rows}
tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29' target='_blank'>Testing for Web Application Fingerprint</a>"
rpt.make_table("fingerprint", tip, collums, rows)
def get_script_body(urls, requests, request_headers, response_data):
js_body_rows = []
js_body_path = []
js_comment_rows = []
js_comment_path = []
hash_group = []
for i in xrange(0, requests):
protocol = urls[i]["protocol"]
domain = urls[i]["url"]
path = urls[i]["path"]
params = urls[i]["params"]
query = urls[i]["query"]
full_path = protocol + "://" + domain + path
body_js = re.findall(r'(?s)<script.+?</script>', response_data[i])
comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js))
for script in body_js:
if utils.md5_object(full_path + script) not in hash_group:
if full_path not in js_body_path:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
js_body_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "body") + "</td>")
hash_group.append(utils.md5_object(full_path + script))
js_body_path.append(full_path)
else:
content = jsbeautifier.js_beautify(script, "")
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content))
rpt.make_module_report_file(content, str(i) + "body")
for comment in comment_js:
if utils.md5_object(full_path + comment) not in hash_group:
if full_path not in js_comment_path:
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
js_comment_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "comment") + "</td>")
hash_group.append(utils.md5_object(full_path + comment))
js_comment_path.append(full_path)
else:
content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment))
rpt.make_module_report_file(content, str(i) + "comment")
js_body = [js_body_rows, js_comment_rows]
return js_body
def analysis(http_objs):
requests = http_objs["total_requests"]
response_headers = http_objs["response_headers"]
request_URLs = http_objs["request_URL"]
headers = {"Cache-Control":"Cache-Control",
"Pragma":"Pragma"}
cache_rows = []
hash_group = []
rpt = report.htmltags()
for i in xrange(0, requests):
for header in response_headers[i].iterkeys():
if header in headers.iterkeys():
protocol = request_URLs[i]["protocol"]
url = request_URLs[i]["url"]
path = request_URLs[i]["path"]
params = request_URLs[i]["params"]
query = request_URLs[i]["query"]
full_path = protocol + "://" + url + path
if utils.md5_object(full_path + str(header)) not in hash_group:
cache_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + str(response_headers[i][header]) + "</td>")
hash_group.append(utils.md5_object(full_path + str(header)))
collums = {"Cache":["Path", "Cache Analyzed"]}
rows = {"Cache":cache_rows}
tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Logout_and_Browser_Cache_Management_%28OWASP-AT-007%29' target='_blank'>Testing for Logout and Browser Cache Management</a>"
rpt.make_table("cache", tip, collums, rows)
rpt.html_report()
