@Override public List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse) { List<IScanIssue> issues = super.doPassiveScan(baseRequestResponse); URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); /* * Here we check possible vulnerabilities related on request path */ if ((tabComponent.getCbxPathScanInScope().isSelected() && !callbacks.isInScope(url)) || !tabComponent.getCbxPathSearch().isSelected()) { return issues; } String domainName = url.getHost(); String path = url.getPath(); Domain domain = domains.get(domainName); if (domain == null) { domains.put(domainName, domain = new Domain()); } if (!domain.getPaths().containsKey(path)) { callbacks.printOutput("[Vulners] adding new path '" + path + "' for domain " + domainName); domain.getPaths().put(path, null); vulnersService.checkURLPath(domainName, path, baseRequestResponse); } return issues; }
public void actionPerformed(final ActionEvent e) { for (Map.Entry<String, Domain> d : domains.entrySet()) { d.getValue().setPaths(new HashMap<String, Set<Vulnerability>>()); } pathsTable.getDefaultModel().setRowCount(0); } });
public void actionPerformed(final ActionEvent e) { for (Map.Entry<String, Domain> d : domains.entrySet()) { d.getValue().setSoftware(new HashMap<String, Software>()); } softwareTable.getDefaultModel().setRowCount(0); } });
domains.put(domainName, domain = new Domain()); if (domain.getSoftware().get(match.getType() + match.getMatchGroup()) != null) { continue; .getSoftware() .put(software.getKey(), software);
@Override public void onScannerSuccess(Set<Vulnerability> vulnerabilities) { for (Vulnerability vulnerability : vulnerabilities) { // update cache domains.get(domainName) .getSoftware() .get(software.getKey()) .getVulnerabilities() .add(vulnerability); } // update gui component tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected()); // add Burp issue callbacks.addScanIssue(new SoftwareIssue( baseRequestResponse, helpers, callbacks, startStop, domains.get(domainName).getSoftware().get(software.getKey()) )); }
@Override public void onScannerSuccess(Set<Vulnerability> vulnerabilities) { // update cache domains.get(domainName) .getPaths() .put(path, vulnerabilities); // update gui component tabComponent.getPathsTable().getDefaultModel().addRow(new Object[]{ domainName, path, Utils.getMaxScore(vulnerabilities), Utils.getVulnersList(vulnerabilities) }); // add Burp issue callbacks.addScanIssue(new PathIssue( baseRequestResponse, helpers, callbacks, path, vulnerabilities )); } });
public void refreshTable(Map<String, Domain> domains , boolean showOnlyVulnerable) { defaultModel.setRowCount(0); for(Map.Entry<String, Domain> d: domains.entrySet()) { for (Map.Entry<String, Software> s: d.getValue().getSoftware().entrySet()) { if (showOnlyVulnerable && s.getValue().getVulnerabilities().size() <= 0) { continue; } defaultModel.addRow(new Object[] { d.getKey(), s.getValue().getName(), s.getValue().getVersion(), Utils.getMaxScore(s.getValue().getVulnerabilities()), //TODO move maxScore field to model Utils.getVulnersList(s.getValue().getVulnerabilities()) }); } } }
@Override public void onFail(JSONObject error) { // update gui component tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected()); callbacks.addScanIssue(new SoftwareIssue( baseRequestResponse, helpers, callbacks, startStop, domains.get(domainName).getSoftware().get(software.getKey()) )); } });