def grep_domobjects(http_objs, requests, response_data, dom_regex): request_URLs = http_objs["request_URL"] dom_rows = [] hash_group = [] for i in xrange(0, requests): protocol = request_URLs[i]["protocol"] url = request_URLs[i]["url"] path = request_URLs[i]["path"] params = request_URLs[i]["params"] query = request_URLs[i]["query"] full_path = protocol + "://" + url + path content = re.findall(eval(dom_regex), response_data[i], re.I) content = str(content) if content != "[]": if utils.md5_object(full_path + utils.html_escape(content)) not in hash_group: dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + utils.html_escape(content) + "</td>") hash_group.append(utils.md5_object(full_path + utils.html_escape(content))) return dom_rows
def analysis(http_objs): requests = http_objs["total_requests"] response_headers = http_objs["response_headers"] request_headers = http_objs["request_headers"] headers = {"Server":"Application Server", "X-Powered-By":"Platform", "X-Aspnet-Version":"Asp.Net Version", "X-Varnish":"Varnish Cache"} fingerprint_rows = [] servers = [] hash_group = [] rpt = report.htmltags() for i in xrange(0, requests): for header in response_headers[i].iterkeys(): if header in headers.iterkeys(): if utils.md5_object(str(request_headers[i]["Host"]) + str(headers[header])) not in hash_group: servers.append(rpt.href(request_headers[i]["Host"])) if response_headers[i].has_key("Server"): fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(response_headers[i]["Server"]) + "</td>") else: fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(header) + "</td>") hash_group.append(utils.md5_object(str(request_headers[i]["Host"]) + str(headers[header]))) collums = {"Fingerprint":["Path", "-"]} rows = {"Fingerprint":fingerprint_rows} tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29' target='_blank'>Testing for Web Application Fingerprint</a>" rpt.make_table("fingerprint", tip, collums, rows)
def grep_domobjects(http_objs, requests, response_data, dom_regex): request_URLs = http_objs["request_URL"] dom_rows = [] hash_group = [] for i in xrange(0, requests): protocol = request_URLs[i]["protocol"] url = request_URLs[i]["url"] path = request_URLs[i]["path"] params = request_URLs[i]["params"] query = request_URLs[i]["query"] full_path = protocol + "://" + url + path content = re.findall(eval(dom_regex), response_data[i], re.I) content = str(content) if content != "[]": if utils.md5_object(full_path + utils.html_escape(content)) not in hash_group: dom_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + utils.html_escape(content) + "</td>") hash_group.append( utils.md5_object(full_path + utils.html_escape(content))) return dom_rows
def get_script_body(urls, requests, request_headers, response_data): js_body_rows = [] js_body_path = [] js_comment_rows = [] js_comment_path = [] hash_group = [] for i in xrange(0, requests): protocol = urls[i]["protocol"] domain = urls[i]["url"] path = urls[i]["path"] params = urls[i]["params"] query = urls[i]["query"] full_path = protocol + "://" + domain + path body_js = re.findall(r'(?s)<script.+?</script>', response_data[i]) comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js)) for script in body_js: if utils.md5_object(full_path + script) not in hash_group: if full_path not in js_body_path: content = jsbeautifier.js_beautify(script, "") content = utils.syntaxhighlighter( "js", rpt.href(full_path), utils.html_escape(content)) js_body_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "body") + "</td>") hash_group.append(utils.md5_object(full_path + script)) js_body_path.append(full_path) else: content = jsbeautifier.js_beautify(script, "") content = utils.syntaxhighlighter( "js", rpt.href(full_path), utils.html_escape(content)) rpt.make_module_report_file(content, str(i) + "body") for comment in comment_js: if utils.md5_object(full_path + comment) not in hash_group: if full_path not in js_comment_path: content = utils.syntaxhighlighter( "js", rpt.href(full_path), utils.html_escape(comment)) js_comment_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "comment") + "</td>") hash_group.append(utils.md5_object(full_path + comment)) js_comment_path.append(full_path) else: content = utils.syntaxhighlighter( "js", rpt.href(full_path), utils.html_escape(comment)) rpt.make_module_report_file(content, str(i) + "comment") js_body = [js_body_rows, js_comment_rows] return js_body
def analysis(http_objs): requests = http_objs["total_requests"] response_headers = http_objs["response_headers"] request_headers = http_objs["request_headers"] headers = { "Server": "Application Server", "X-Powered-By": "Platform", "X-Aspnet-Version": "Asp.Net Version", "X-Varnish": "Varnish Cache" } fingerprint_rows = [] servers = [] hash_group = [] rpt = report.htmltags() for i in xrange(0, requests): for header in response_headers[i].iterkeys(): if header in headers.iterkeys(): if utils.md5_object( str(request_headers[i]["Host"]) + str(headers[header])) not in hash_group: servers.append(rpt.href(request_headers[i]["Host"])) if response_headers[i].has_key("Server"): fingerprint_rows.append( "<td>" + request_headers[i]["Host"] + "</td><td>" + str(response_headers[i]["Server"]) + "</td>") else: fingerprint_rows.append("<td>" + request_headers[i]["Host"] + "</td><td>" + str(header) + "</td>") hash_group.append( utils.md5_object( str(request_headers[i]["Host"]) + str(headers[header]))) collums = {"Fingerprint": ["Path", "-"]} rows = {"Fingerprint": fingerprint_rows} tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Web_Application_Fingerprint_%28OWASP-IG-004%29' target='_blank'>Testing for Web Application Fingerprint</a>" rpt.make_table("fingerprint", tip, collums, rows)
def get_script_body(urls, requests, request_headers, response_data): js_body_rows = [] js_body_path = [] js_comment_rows = [] js_comment_path = [] hash_group = [] for i in xrange(0, requests): protocol = urls[i]["protocol"] domain = urls[i]["url"] path = urls[i]["path"] params = urls[i]["params"] query = urls[i]["query"] full_path = protocol + "://" + domain + path body_js = re.findall(r'(?s)<script.+?</script>', response_data[i]) comment_js = re.findall(r'(?s)/\*.+?\*/', str(body_js)) for script in body_js: if utils.md5_object(full_path + script) not in hash_group: if full_path not in js_body_path: content = jsbeautifier.js_beautify(script, "") content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content)) js_body_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "body") + "</td>") hash_group.append(utils.md5_object(full_path + script)) js_body_path.append(full_path) else: content = jsbeautifier.js_beautify(script, "") content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(content)) rpt.make_module_report_file(content, str(i) + "body") for comment in comment_js: if utils.md5_object(full_path + comment) not in hash_group: if full_path not in js_comment_path: content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment)) js_comment_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + rpt.href(str(i) + "comment") + "</td>") hash_group.append(utils.md5_object(full_path + comment)) js_comment_path.append(full_path) else: content = utils.syntaxhighlighter("js", rpt.href(full_path), utils.html_escape(comment)) rpt.make_module_report_file(content, str(i) + "comment") js_body = [js_body_rows, js_comment_rows] return js_body
def analysis(http_objs): requests = http_objs["total_requests"] response_headers = http_objs["response_headers"] request_URLs = http_objs["request_URL"] headers = {"Cache-Control":"Cache-Control", "Pragma":"Pragma"} cache_rows = [] hash_group = [] rpt = report.htmltags() for i in xrange(0, requests): for header in response_headers[i].iterkeys(): if header in headers.iterkeys(): protocol = request_URLs[i]["protocol"] url = request_URLs[i]["url"] path = request_URLs[i]["path"] params = request_URLs[i]["params"] query = request_URLs[i]["query"] full_path = protocol + "://" + url + path if utils.md5_object(full_path + str(header)) not in hash_group: cache_rows.append("<td>" + rpt.href(full_path) + "</td><td>" + str(response_headers[i][header]) + "</td>") hash_group.append(utils.md5_object(full_path + str(header))) collums = {"Cache":["Path", "Cache Analyzed"]} rows = {"Cache":cache_rows} tip = "Tip: <a href='https://www.owasp.org/index.php/Testing_for_Logout_and_Browser_Cache_Management_%28OWASP-AT-007%29' target='_blank'>Testing for Logout and Browser Cache Management</a>" rpt.make_table("cache", tip, collums, rows) rpt.html_report()