Module: BscanHelper

Included in:
BScan
Defined in:
lib/bscan/utils/bscan_helper.rb

Defined Under Namespace

Classes: Issue, Message

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#activityObject

Returns the value of attribute activity.



23
24
25
 
# File 'lib/bscan/utils/bscan_helper.rb', line 23

def activity
  @activity
end

#bscan_configObject (readonly)

Returns the value of attribute bscan_config.



21
22
23
 
# File 'lib/bscan/utils/bscan_helper.rb', line 21

def bscan_config
  @bscan_config
end

#modules_onlyObject (readonly)

Returns the value of attribute modules_only.



20
21
22
 
# File 'lib/bscan/utils/bscan_helper.rb', line 20

def modules_only
  @modules_only
end

#statObject

Returns the value of attribute stat.



22
23
24
 
# File 'lib/bscan/utils/bscan_helper.rb', line 22

def stat
  @stat
end

Instance Method Details

#add_multi(map, k, v) ⇒ Object 



337
338
339
340
341
342
343
344
345
346
347
348
 
# File 'lib/bscan/utils/bscan_helper.rb', line 337

def add_multi map,k,v
  if (map[k])
    ov = map[k];
    if (ov.kind_of?(Array))
      map[k] << v
    else 
      map[k] = [ov,v]
    end
  else
    map[k] = v  
  end
end

#copy_vars(from) ⇒ Object 



51
52
53
54
55
56
 
# File 'lib/bscan/utils/bscan_helper.rb', line 51

def copy_vars from
  from.instance_variables.each do |nm| 
    self.instance_variable_set(nm, from.instance_variable_get(nm))
#      puts "#{nm} => #{from.instance_variable_get(nm)}"
  end
end

#do_scan(msg, trg, inj) ⇒ Object 



99
100
101
102
103
104
105
106
107
108
109
 
# File 'lib/bscan/utils/bscan_helper.rb', line 99

def do_scan msg, trg, inj
  @activity[0]=true
  Log 2, "#{@mid}do_scan Scanning: #{trg}"
#    msg.url = trg
  path = $1 if trg =~ /\/\/[^\/]+(\/.*)/
  path = '/' if (not path) or (path.length < 1)
  req = msg.req_str.sub(/(GET|POST|)\s*(.+)\s*HTTP/, "\\1 #{path} HTTP")
  
  send_req req, msg.getProtocol, inj
  
end

#esc(exp) ⇒ Object 



225
226
227
 
# File 'lib/bscan/utils/bscan_helper.rb', line 225

def esc exp
  Regexp.escape exp
end

#get_par(k, defv, str = false) ⇒ Object 



62
63
64
65
66
67
68
 
# File 'lib/bscan/utils/bscan_helper.rb', line 62

def get_par k,defv,str=false
  p = @bscan_config[prop(k)] 
  p = p.to_i if !str && p && p.to_i.to_s == p
  p = true if !str && (p == 'true' or p == 'yes')
  p = false if !str && (p == 'false' or p == 'no')
  p ? p:defv 
end

#get_url_host_port(req, proto) ⇒ Object 



111
112
113
114
115
116
117
118
119
 
# File 'lib/bscan/utils/bscan_helper.rb', line 111

def get_url_host_port req,proto
  host,port = $1.split(/\s*:\s*/,2) if req =~ /host\s*:\s*([^\s]+)\s*\r?\n/i
  if not port
    port = '80' if proto == 'http'
    port = '443' if proto == 'https'
  end  
  path = $2 if req =~/(GET|POST|)\s+(.+)\s+HTTP/
  ["#{proto}://#{host}:#{port}"+path,host,port.to_i]
end

#init_internals(cmd_params) ⇒ Object 



361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
 
# File 'lib/bscan/utils/bscan_helper.rb', line 361

def init_internals  cmd_params
  
  init_stat
  @activity ||= [false]

#    @cmd_params ||= JSON.parse args[0]
  @cmd_params ||= cmd_params
  @ll =  @cmd_params['loglevel'].to_i

  lfile = @cmd_params['logfile']
  if lfile != nil
      begin
        @log = java.io.PrintStream.new(lfile)
      rescue Exception => e
        $stderr.puts("BscanHelper.init_internals  Error: can't open log file '#{lfile}', exception: #{e.message}")
        $stderr.puts(e.backtrace.join("\n"))
        Process.exit!(2)
      end
  else
    @log = $stdout
  end

  Log 2, "BscanHelper.init_internals CMD_PARAMS: #{@cmd_params}"
  @cmd_params.each_pair do |k,v|
    Log 2,"BscanHelper.init_internals #{k}:#{v}"
  end
  
  @bscan_config = @cmd_params['bscan_config']
  @burp_config = @cmd_params['burp_config']
  @issues = @bscan_config['bscan.issues']
  @modules_only = (@bscan_config['bscan.modules_only'] and @bscan_config['bscan.modules_only'] == 'true') 
  @modules ||= @bscan_config['bscan.modules']
  @modules ||= [] if not @modules
  @modules = [@modules] if not @modules.kind_of?(Array)
  mods = []
  @modules.each do |m|
    mods << m.split(',')
  end
  @modules = mods.flatten 
   
    
  Log 1, "BscanHelper.init_internals No issues dir provided. Issues will not be logged." if not @issues
  if (@issues)
    begin 
      dt = Time.now.strftime("%y%m%d_%H%M%S")
      File.directory? @issues or %x{mkdir -p "#{@issues}"}
      @sstream = "#{@issues}/session.#{dt}.zip"
      ifile = "#{@issues}/issues.#{dt}.txt"
      @istream = java.io.PrintStream.new(ifile)
      @stat['issues'] = ifile
    rescue Exception => e
      Log 0, "BscanHelper.init_internals Can't create issues or session files, Exception: #{e.message}"
      Log 0,  e.backtrace.join("\n")
      exit_suite
    end
  end
  
end

#init_statObject 



350
351
352
353
354
355
356
357
358
359
 
# File 'lib/bscan/utils/bscan_helper.rb', line 350

def init_stat
  @stat ||= {}
  @stat['start_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S")
  @stat['end_time'] = ''
  @stat['high'] = 0
  @stat['med'] = 0
  @stat['low'] = 0
  @stat['issues'] = ''
  @stat['urls'] = ''
end

#is_module_static(n, p) ⇒ Object 



420
421
422
423
424
 
# File 'lib/bscan/utils/bscan_helper.rb', line 420

def is_module_static n,p
  pref = 'bscan.' + n + '.'
  pref += p + '.' if p and p.length > 0
  @bscan_config[pref + 'static_request'] == 'true'  
end

#log(ll, stream) ⇒ Object 



333
334
335
 
# File 'lib/bscan/utils/bscan_helper.rb', line 333

def log ll, stream
  stream.puts if true 
end

#Log(mtype, *msgs) ⇒ Object 



252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
 
# File 'lib/bscan/utils/bscan_helper.rb', line 252

def Log (mtype, *msgs)
  pr = "Unknown:"
  case mtype
  when 0
    pr = "ERROR:"
  when 1
    pr = "WARN:"
  when 2
    pr = "INFO:"
  when 3
    pr = "DEBUG:"
  end  
  msgs.each do |msg|
    if (@ll >= mtype)
      dt = Time.now.strftime("%y%m%d %H%M%S")
      @log.println "#{dt} #{pr} #{msg}"
    end
  end
  @log.flush
end

#make_request_socket(host, port, https, req) ⇒ Object 



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
# File 'lib/bscan/utils/bscan_helper.rb', line 137

def make_request_socket host, port, https, req
 begin
    rsp = ''
    s = TCPSocket.new(host, port)
    Log 2, "#{@mid}make_request_socket new socket #{host} #{port} #{https}"
    if (https)
      ctx = OpenSSL::SSL::SSLContext.new
      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE 
      s = OpenSSL::SSL::SSLSocket.new(s, ctx)
      s.connect
    end
    s.syswrite(req)
    Log 2, "#{@mid}make_request_socket write succeeded for  #{req}"
    rsp = read_response_socket s
    while ((u = redirect? rsp))
      rsp = redirect u,req
    end
    Log 2, "#{@mid}make_request_socket read succeeded #{rsp}"
  rescue Exception => e
    Log 1, "#{@mid}make_request_socket failed: #{e.message}"
    Log 1, e.backtrace.join("\n")
  end
  begin
    s.close
  rescue
  end  
  rsp
end

#msg_end(rsp) ⇒ Object 



185
186
187
 
# File 'lib/bscan/utils/bscan_helper.rb', line 185

def msg_end rsp
  rsp[-4..-1] == "\r\n\r\n" || rsp[-2..-1] == "\n\n"
end

#open_in_path(file, pathonly = false) ⇒ Object 



79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/bscan/utils/bscan_helper.rb', line 79

def open_in_path file,pathonly=false
  io = nil
  files = search_path_file(file)
  files.each do |p|
      if File.file?(p)
        return p if pathonly
        io = File.open(p,"r") 
        return io if io
      end
  end
  raise "Can't find file in: #{files.join(':')}"
end

#prop(nm) ⇒ Object 



58
59
60
 
# File 'lib/bscan/utils/bscan_helper.rb', line 58

def prop nm
    @prop_pref + nm   
end

#read_response_socket(s) ⇒ Object 



189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
 
# File 'lib/bscan/utils/bscan_helper.rb', line 189

def read_response_socket s
    rsp=''
    begin
      while (ch=s.sysread(1))
        rsp += ch
        break if msg_end rsp
        if rsp =~ /Content-Length\s*:\s*(\d+)\r?\n$/i
          len = $1.to_i
          while (c=s.sysread(1))
            rsp += c
            if msg_end rsp
              return rsp if len <= 0
              rsp += s.sysread(len)
              return rsp;
            end
          end  
          break  
        end
      end
    rescue Exception => e
      Log 1, "#{@mid}read_response_socket failed: #{e.message}\nResponse:\n#{rsp}"
      Log 1, e.backtrace.join("\n")
    end      
    rsp
end

#redirect(u, req) ⇒ Object 



173
174
175
176
177
178
179
180
181
182
 
# File 'lib/bscan/utils/bscan_helper.rb', line 173

def redirect u, req
  uri = URI.parse(u)
  proto = uri.scheme 
  host = uri.host 
  port = uri.port 
  path = uri.path 
  path += '?' + uri.query if uri.query 
  make_request_socket host, port, ('https'==proto),
    req.sub(/^(POST|GET)\s+\/[^\s]+/, "\\1 #{path}")
end

#redirect?(req) ⇒ Boolean

Returns:

  • (Boolean) 


166
167
168
169
170
171
 
# File 'lib/bscan/utils/bscan_helper.rb', line 166

def redirect? req
  if req =~ /^HTTP\/[^\s]+\s+3\d\d/i
    return $1 if  req =~ /\nLocation\s*:\s*([^\r\n]+)\r?\n/i 
  end 
  nil
end

#run_modules(base, msg = nil) ⇒ Object 



273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
 
# File 'lib/bscan/utils/bscan_helper.rb', line 273

def run_modules base, msg=nil
  if @modules 
    @modules.each do |m|
      begin
        mod,prop=m.split(':',2)
        prop ||=''
        mn = File.basename(mod,".rb")
        is_static = is_module_static(mn,prop)
        Log 2, "BscanHelper.run_modules executing module #{mod}:#{prop} #{is_static}"
        mn.camelize!
        if (is_static && !msg) || (!is_static && msg)
          eval("
#           puts '=====================MODULE PATH: ' + $:.join(':') 
            require '#{mod}'
            require 'bscan/utils/bscan_helper.rb'
            
            class #{mn}#{prop}Class
              include #{mn}
              include BscanHelper
            end
            modins = #{mn}#{prop}Class.new
            modins.copy_vars base if base
            modins.run(self, msg, prop)
            ")
        end
      rescue Exception => e
        Log 1, "BscanHelper.run_modules Can't exceute module #{mod}, Exception: #{e.message}"
        Log 1, e.backtrace.join("\n")
      end
    end
  end
end

#search_pathObject 



70
71
72
73
 
# File 'lib/bscan/utils/bscan_helper.rb', line 70

def search_path
    path = []
    path << File.expand_path('.') << File.expand_path(File.join('.','lib')) << File.expand_path(File.join('~','.bscan')) << File.expand_path(File.join('etc','bscan')) << $:
end

#search_path_file(file) ⇒ Object 



75
76
77
 
# File 'lib/bscan/utils/bscan_helper.rb', line 75

def search_path_file file
  Pathname.new(file).absolute? ? [file] : search_path.map! {|p| File.join(p,file)}
end

#send_only(req, proto, inj) ⇒ Object 



121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
 
# File 'lib/bscan/utils/bscan_helper.rb', line 121

def send_only req, proto, inj
  begin
   trg,host,port = get_url_host_port req,proto
   https = proto == "https" ? true : false
   start = Time.now   
   Log 2, "#{@mid}send_req make_req: '#{trg}' '#{host}' '#{port}'\n#{req}"
#      rsp = @bscan.make_request(host, port, https, req)
   rsp = make_request_socket host, port, https, req
   rt = Time.now - start
   return [rsp,rt,trg,host,port] 
 rescue Exception => e
   Log 0, "#{@mid}send_req Exception: #{e.message}"
   Log 0, e.backtrace.join("\n")
 end 
end

#send_req(req, proto, inj) ⇒ Object 



215
216
217
218
219
220
221
222
223
 
# File 'lib/bscan/utils/bscan_helper.rb', line 215

def send_req req, proto, inj
    rsp,rt,trg,host,port = send_only req, proto, inj
    https = proto == "https" ? true : false
    if not @modules_only
      Log 2, "#{@mid}send_req do_passive: '#{trg}' '#{host}' '#{port}'\n#{req}\n#{rsp}"
      @burp.do_passive_scan(host, port, https, req, rsp) 
    end
    verify_response trg, req, rsp, inj, rt
end

#set_len(r) ⇒ Object 



92
93
94
95
96
 
# File 'lib/bscan/utils/bscan_helper.rb', line 92

def set_len r
    mbody = r.match(/(\r?\n\r?\n)/)
    body_pos = mbody.end(0)
    r.sub!(/content-length\s*:\s*\d+/i, "Content-Length: "+(r.length-body_pos).to_s)
end

#verify_response(u, req, rsp, inj, time) ⇒ Object 



229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
 
# File 'lib/bscan/utils/bscan_helper.rb', line 229

def verify_response u, req, rsp, inj, time
 
 Log 2, "#{@mid}verify_response: #{u} #{inj} #{time} #{req} #{rsp}"

  st = $1 if rsp =~ /^\s*HTTP.*\s+(\d+)\s+/
  st ||= '0'
  st = st.to_i
  issue = nil
  if (st >= 500 and @config[prop('check_status')]=='true')
    issue = Issue.new "#{@mid.chop}: Unexpected Error", u, "Medium", "Retest", req, rsp
  end
  mt = @config[prop('check_rsp_max_time')]
  mt = mt.to_i if mt
  if (mt and mt > 0 and time > mt)
    issue = Issue.new "#{@mid.chop}: Long Response Time", u, "Medium", "Retest", req, rsp, "Response time is longer that #{mt}"
  end
  if (rsp =~ /#{esc(inj)}/  and @config[prop('check_replay')]=='true')
    issue = Issue.new "#{@mid.chop}: Possible XSS", u, "High", "Retest", req, rsp, "The following input has been replayed in a response #{inj}"
  end
  
  write_issue_state issue if issue
end

#write_issue_state(issue) ⇒ Object 



306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
 
# File 'lib/bscan/utils/bscan_helper.rb', line 306

def write_issue_state issue
#   Log 2,"INSPECT: #{issue.http_messages[0].methods}  #{issue.http_messages[0].inspect}  #{issue.http_messages[0].to_s} "
  
  @stat['high'] += 1 if issue.severity =~ /High/i
  @stat['med'] += 1 if issue.severity =~ /Med/i
  @stat['low'] += 1 if issue.severity =~ /Low/i
  @stat['urls'] += "  #{issue.url}\n"
  
  Log 2,"BscanHelper.write_issue_state #{not @istream} #{issue.http_messages[0].methods}  #{issue.http_messages[0].to_s} "
  @istream or return
  begin 
    @istream.println '#'*70
    @istream.println "#{issue.issue_name} : #{issue.url}"
    @istream.println "Severity: #{issue.severity}(#{issue.confidence})"
    @istream.println "Background: #{issue.issue_background}"
    @istream.println "Details: #{issue.issue_detail}" 
    @istream.println "Remediation: #{issue.remediation_background}"
    @istream.println "Request: #{issue.http_messages[0].req_str}" 
    @istream.println "Response: #{issue.http_messages[0].rsp_str}"
    # sync_save_state issue throws exceptions
    @istream.flush 
  rescue Exception => e
    Log 0, "BscanHelper.write_issue_state Can't write issue #{issue.issue_name}, Exception: #{e.message}"
    Log 0,  e.backtrace.join("\n")
  end
end