@Override public Double apply(Vulnerability vulnerability) { return vulnerability.getCvssScore(); } }
@Override public String apply(Vulnerability vulnerability) { return vulnerability.getId(); } }
public String getItemLink() { return getItemLink(id); }
private String getVulnerableIssue() { String template = "The following vulnerabilities for software <b>%s - %s</b> found: <br/>"; String itemTemplate = "<li> %s - %s %s - %s <br/> %s <br/><br/>"; StringBuilder string = new StringBuilder(); string.append(String.format(template, software.getName(), software.getVersion())); for (final Vulnerability v: software.getVulnerabilities()) { string.append(String.format(itemTemplate, v.getItemLink(), v.getItemCvssScore(), v.getExploitLink(), v.getTitle(), v.getItemDescription() )); } return string.toString(); }
@Override public String getIssueDetail() { String template = "! All found vulnerabilities have to be checked " + "" + "The following vulnerabilities for path <b>%s</b> found: <br/>"; String itemTemplate = "<li> %s - %s %s - %s <br/> %s <br/><br/>"; StringBuilder string = new StringBuilder(); string.append(String.format(template, path)); for (final Vulnerability v: vulnerabilities) { string.append(String.format(itemTemplate, v.getItemLink(), v.getItemCvssScore(), v.getExploitLink(), v.getTitle(), v.getItemDescription() )); } return string.toString(); }
public void refreshTable(Map<String, Domain> domains , boolean showOnlyVulnerable) { defaultModel.setRowCount(0); for(Map.Entry<String, Domain> d: domains.entrySet()) { for (Map.Entry<String, Software> s: d.getValue().getSoftware().entrySet()) { if (showOnlyVulnerable && s.getValue().getVulnerabilities().size() <= 0) { continue; } defaultModel.addRow(new Object[] { d.getKey(), s.getValue().getName(), s.getValue().getVersion(), Utils.getMaxScore(s.getValue().getVulnerabilities()), //TODO move maxScore field to model Utils.getVulnersList(s.getValue().getVulnerabilities()) }); } } }
domains.put(domainName, domain = new Domain()); if (domain.getSoftware().get(match.getType() + match.getMatchGroup()) != null) { continue; Software software = new Software( match.getType() + match.getMatchGroup(), match.getType(), .getSoftware() .put(software.getKey(), software);
@Override public void onScannerSuccess(Set<Vulnerability> vulnerabilities) { for (Vulnerability vulnerability : vulnerabilities) { // update cache domains.get(domainName) .getSoftware() .get(software.getKey()) .getVulnerabilities() .add(vulnerability); } // update gui component tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected()); // add Burp issue callbacks.addScanIssue(new SoftwareIssue( baseRequestResponse, helpers, callbacks, startStop, domains.get(domainName).getSoftware().get(software.getKey()) )); }
private String getClearIssue() { String template = "The following software was detected <b>%s - %s</b>\n" + "No vulnerabilities found for current version."; return String.format(template, software.getName(), software.getVersion()); }
@Override public void onFail(JSONObject error) { // update gui component tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected()); callbacks.addScanIssue(new SoftwareIssue( baseRequestResponse, helpers, callbacks, startStop, domains.get(domainName).getSoftware().get(software.getKey()) )); } });
private boolean hasVulnerabilities() { return software.getVulnerabilities().size() > 0; }
@Override protected IScanIssue getScanIssue(IHttpRequestResponse baseRequestResponse, List<ScannerMatch> matches, List<int[]> startStop) { return new SoftwareIssue(baseRequestResponse, helpers, callbacks, startStop, new Software("", "", "", "", "")); //TODO }
public void onSuccess(JSONObject data) { JSONArray bulletins = data.getJSONArray("search"); Set<Vulnerability> vulnerabilities = new HashSet<>(); for (Object bulletin : bulletins) { vulnerabilities.add( new Vulnerability(((JSONObject) bulletin).getJSONObject("_source")) ); } onScannerSuccess(vulnerabilities); }
public void actionPerformed(final ActionEvent e) { for (Map.Entry<String, Domain> d : domains.entrySet()) { d.getValue().setSoftware(new HashMap<String, Software>()); } softwareTable.getDefaultModel().setRowCount(0); } });
public void actionPerformed(final ActionEvent e) { for (Map.Entry<String, Domain> d : domains.entrySet()) { d.getValue().setPaths(new HashMap<String, Set<Vulnerability>>()); } pathsTable.getDefaultModel().setRowCount(0); } });
@Override public void onScannerSuccess(Set<Vulnerability> vulnerabilities) { // update cache domains.get(domainName) .getPaths() .put(path, vulnerabilities); // update gui component tabComponent.getPathsTable().getDefaultModel().addRow(new Object[]{ domainName, path, Utils.getMaxScore(vulnerabilities), Utils.getVulnersList(vulnerabilities) }); // add Burp issue callbacks.addScanIssue(new PathIssue( baseRequestResponse, helpers, callbacks, path, vulnerabilities )); } });
@Override public Double apply(Vulnerability vulnerability) { return vulnerability.getCvssScore(); } }
public String getExploitLink() { return "".equals(exploit) ? "" : getItemLink("Exploit"); }
@Override public String getSeverity() { if (hasVulnerabilities()) { Collection<Double> scores = Collections2.transform( software.getVulnerabilities(), new Function<Vulnerability, Double>() { @Override public Double apply(Vulnerability vulnerability) { return vulnerability.getCvssScore(); } } ); Double maxValue = Ordering.natural().max(scores); if (maxValue > 7) { return ScanIssueSeverity.HIGH.getName(); } else if (maxValue > 4) { return ScanIssueSeverity.MEDIUM.getName(); } return ScanIssueSeverity.LOW.getName(); } return ScanIssueSeverity.INFO.getName(); }
@Override public Double apply(Vulnerability vulnerability) { return vulnerability.getCvssScore(); } }