Ecsypno Codename SCNR scripting interface
Powered by DSeL.
require 'scnr/introspector' | |
require 'sinatra/base' | |
class MyApp < Sinatra::Base | |
use SCNR::Introspector, scope: { | |
path_start_with: __FILE__ | |
} | |
def noop | |
end |
$ ./examples/sinatra_xss.rb | |
[*] Preparing plugins... | |
[*] ... done. | |
[*] [HTTP: 200] http://myapp/ | |
[~] Identified as: linux, ruby, rack | |
[~] Analysis resulted in 1 usable paths. | |
[*] Harvesting HTTP responses... | |
[~] Depending on server responsiveness and network conditions this may take a while. | |
[*] XSS: Auditing link input 'v' pointing to: 'http://myapp/' |
require 'pry' | |
require 'scnr/introspector' | |
require 'scnr/introspector/helpers/output' | |
include SCNR | |
include Introspector::Helpers::Output | |
# Location of the web application environment loader. | |
APP_PATH = "#{File.expand_path( File.dirname(__FILE__) )}/sinatra_xss.rb" |
require 'sinatra/base' | |
class MyApp < Sinatra::Base | |
def noop | |
end | |
def process_params( params ) | |
noop | |
params.values.join( ' ' ) |
#!/usr/bin/env ruby | |
require 'pp' | |
require_relative 'rest-http-helpers' | |
# Configure the REST server to use this Agent to provide Instances. | |
request :put, 'agent/url', 'localhost:1111' | |
request :post, 'instances', { | |
url: 'http://testhtml5.vulnweb.com', |
#!/usr/bin/env ruby | |
require 'pp' | |
require_relative 'rest-http-helpers' | |
# Create a new scanner Instance (process) and run a scan with the following options. | |
request :post, 'instances', { | |
# Scan this URL. | |
url: 'http://testhtml5.vulnweb.com', |
require 'json' | |
require 'tmpdir' | |
require 'typhoeus' | |
def response | |
if @last_response.headers['Content-Type'].include? 'json' | |
data = JSON.load( @last_response.body ) | |
else | |
data = @last_response.body | |
end |
# https://github.com/ko1/ractor-tvar | |
# | |
# gem install ractor-tvar | |
require 'ractor/tvar' | |
class Pipe | |
def initialize | |
@pipe = Ractor.new do | |
loop do |
Powered by DSeL.