magmax/automate-scan-spring2shell.yaml

## automate-scan-spring2shell.yaml
---
env:
  contexts:
  - name: "Local"
    urls:
      - "http://localhost:8001"
    includePaths:
      - "robots.txt"
  parameters:
    failOnError: true
    failOnWarning: false
    progressToStdout: true
jobs:
- parameters:
    maxAlertsPerRule: 10
    scanOnlyInScope: true
    maxBodySizeInBytesToScan: 0
    enableTags: false
    disableAllRules: false
  rules: []
  name: "Job PassiveScan without rules"
  type: "passiveScan-config"
- parameters:
    context: "Local"
    user: ""
    url: "http://localhost:8001/robots.txt"
    maxDuration: 0
    maxDepth: 0
    maxChildren: 0
  name: "spider"
  type: "spider"
- parameters:
    context: "Local"
    user: ""
    policy: ""
    maxRuleDurationInMins: 0
    maxScanDurationInMins: 0
    addQueryParam: false
    delayInMs: 0
    handleAntiCSRFTokens: false
    injectPluginIdInHeader: false
    scanHeadersAllRequests: false
    threadPerHost: 24
    maxAlertsPerRule: 0
  policyDefinition:
    defaultStrength: "low"
    defaultThreshold: "off"
    rules:
    - id: 40045
      name: "Spring4Shell"
      threshold: "medium"
      strength: "medium"
  name: "Job ActiveScan"
  type: "activeScan"
- alertFilters:
  - ruleId: 40045
    context: "Local"
    newRisk: "False Positive"
    url: "http://localhost:8001/robots.txt"
    urlRegex: false
  name: "alertFilter"
  type: "alertFilter"
- parameters:
    template: "traditional-html-plus"
    theme: "light"
    reportDir: "/home/miguel/zapreport"
    reportFile: "traditional-html-plus"
    reportTitle: "ZAP Scan"
    reportDescription: ""
    displayReport: false
  risks:
  - "info"
  - "low"
  - "medium"
  - "high"
  confidences:
  - "falsepositive"
  - "low"
  - "medium"
  - "high"
  - "confirmed"
  sections:
  - "passingrules"
  - "instancecount"
  - "alertdetails"
  - "alertcount"
  - "params"
  - "chart"
  - "statistics"
  sites: []
  name: "report"
  type: "report"


## spring4shell-vulnerable.py
#!/usr/env python3
# vim: tw=0
from http.server import BaseHTTPRequestHandler, HTTPServer

class handler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type','text/html')
        self.end_headers()

        message = "Hello, World! Here is a GET response"
        self.wfile.write(bytes(message, "utf8"))

    def do_POST(self):
        print(self.path)
        if self.path == "/robots.txt":
            self.send_response(400)
            self.send_header('Content-type','text/html')
            self.send_header('Content-Type', 'text/html; charset=utf-8')
            self.send_header('Content-Length', '26')
            self.send_header('Connection', 'keep-alive')
            self.end_headers()

            message = "some body keys are invalid"
            self.wfile.write(bytes(message, "utf8"))
            return
        self.send_response(200)
        self.send_header('Content-type','text/html')
        message = "everything is fine"
        self.wfile.write(bytes(message, "utf8"))


with HTTPServer(('', 8001), handler) as server:
    server.serve_forever()
	---
	env:
	contexts:
	- name: "Local"
	urls:
	- "http://localhost:8001"
	includePaths:
	- "robots.txt"
	parameters:
	failOnError: true
	failOnWarning: false
	progressToStdout: true
	jobs:
	- parameters:
	maxAlertsPerRule: 10
	scanOnlyInScope: true
	maxBodySizeInBytesToScan: 0
	enableTags: false
	disableAllRules: false
	rules: []
	name: "Job PassiveScan without rules"
	type: "passiveScan-config"
	- parameters:
	context: "Local"
	user: ""
	url: "http://localhost:8001/robots.txt"
	maxDuration: 0
	maxDepth: 0
	maxChildren: 0
	name: "spider"
	type: "spider"
	- parameters:
	context: "Local"
	user: ""
	policy: ""
	maxRuleDurationInMins: 0
	maxScanDurationInMins: 0
	addQueryParam: false
	delayInMs: 0
	handleAntiCSRFTokens: false
	injectPluginIdInHeader: false
	scanHeadersAllRequests: false
	threadPerHost: 24
	maxAlertsPerRule: 0
	policyDefinition:
	defaultStrength: "low"
	defaultThreshold: "off"
	rules:
	- id: 40045
	name: "Spring4Shell"
	threshold: "medium"
	strength: "medium"
	name: "Job ActiveScan"
	type: "activeScan"
	- alertFilters:
	- ruleId: 40045
	context: "Local"
	newRisk: "False Positive"
	url: "http://localhost:8001/robots.txt"
	urlRegex: false
	name: "alertFilter"
	type: "alertFilter"
	- parameters:
	template: "traditional-html-plus"
	theme: "light"
	reportDir: "/home/miguel/zapreport"
	reportFile: "traditional-html-plus"
	reportTitle: "ZAP Scan"
	reportDescription: ""
	displayReport: false
	risks:
	- "info"
	- "low"
	- "medium"
	- "high"
	confidences:
	- "falsepositive"
	- "low"
	- "medium"
	- "high"
	- "confirmed"
	sections:
	- "passingrules"
	- "instancecount"
	- "alertdetails"
	- "alertcount"
	- "params"
	- "chart"
	- "statistics"
	sites: []
	name: "report"
	type: "report"
	#!/usr/env python3
	# vim: tw=0
	from http.server import BaseHTTPRequestHandler, HTTPServer

	class handler(BaseHTTPRequestHandler):
	def do_GET(self):
	self.send_response(200)
	self.send_header('Content-type','text/html')
	self.end_headers()

	message = "Hello, World! Here is a GET response"
	self.wfile.write(bytes(message, "utf8"))

	def do_POST(self):
	print(self.path)
	if self.path == "/robots.txt":
	self.send_response(400)
	self.send_header('Content-type','text/html')
	self.send_header('Content-Type', 'text/html; charset=utf-8')
	self.send_header('Content-Length', '26')
	self.send_header('Connection', 'keep-alive')
	self.end_headers()

	message = "some body keys are invalid"
	self.wfile.write(bytes(message, "utf8"))
	return
	self.send_response(200)
	self.send_header('Content-type','text/html')
	message = "everything is fine"
	self.wfile.write(bytes(message, "utf8"))


	with HTTPServer(('', 8001), handler) as server:
	server.serve_forever()