Ecsypno Codename SCNR scripting interface
Powered by DSeL.
Tasos Laskos Zapotek
Zapotek
/ sinatra_introspector_app.rb
Created
January 8, 2024 08:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'scnr/introspector' | |
| require 'sinatra/base' | |
| class MyApp < Sinatra::Base | |
| use SCNR::Introspector, scope: { | |
| path_start_with: __FILE__ | |
| } | |
| def noop | |
| end |
Zapotek
/ scnr_introspector_output.txt
Last active
May 20, 2023 18:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./examples/sinatra_xss.rb | |
| [*] Preparing plugins... | |
| [*] ... done. | |
| [*] [HTTP: 200] http://myapp/ | |
| [~] Identified as: linux, ruby, rack | |
| [~] Analysis resulted in 1 usable paths. | |
| [*] Harvesting HTTP responses... | |
| [~] Depending on server responsiveness and network conditions this may take a while. | |
| [*] XSS: Auditing link input 'v' pointing to: 'http://myapp/' |
Zapotek
/ scnr_introspector_sinatra.rb
Created
May 20, 2023 17:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'pry' | |
| require 'scnr/introspector' | |
| require 'scnr/introspector/helpers/output' | |
| include SCNR | |
| include Introspector::Helpers::Output | |
| # Location of the web application environment loader. | |
| APP_PATH = "#{File.expand_path( File.dirname(__FILE__) )}/sinatra_xss.rb" |
Zapotek
/ sinatra_xss.rb
Created
May 20, 2023 17:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'sinatra/base' | |
| class MyApp < Sinatra::Base | |
| def noop | |
| end | |
| def process_params( params ) | |
| noop | |
| params.values.join( ' ' ) |
Zapotek
/ rest-agent.rb
Created
May 17, 2023 18:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'pp' | |
| require_relative 'rest-http-helpers' | |
| # Configure the REST server to use this Agent to provide Instances. | |
| request :put, 'agent/url', 'localhost:1111' | |
| request :post, 'instances', { | |
| url: 'http://testhtml5.vulnweb.com', |
Zapotek
/ rest-single.rb
Created
May 17, 2023 17:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'pp' | |
| require_relative 'rest-http-helpers' | |
| # Create a new scanner Instance (process) and run a scan with the following options. | |
| request :post, 'instances', { | |
| # Scan this URL. | |
| url: 'http://testhtml5.vulnweb.com', |
Zapotek
/ rest-http-helpers.rb
Created
May 17, 2023 17:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'json' | |
| require 'tmpdir' | |
| require 'typhoeus' | |
| def response | |
| if @last_response.headers['Content-Type'].include? 'json' | |
| data = JSON.load( @last_response.body ) | |
| else | |
| data = @last_response.body | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/ko1/ractor-tvar | |
| # | |
| # gem install ractor-tvar | |
| require 'ractor/tvar' | |
| class Pipe | |
| def initialize | |
| @pipe = Ractor.new do | |
| loop do |
Zapotek
/ scan_script.md
Last active
December 5, 2017 19:50
NewerOlder