✨ feat(intense-scan): Adding intense scan.

package.json

@@ -11,7 +11,9 @@
     "@oclif/command": "^1",
     "@oclif/config": "^1",
     "@oclif/plugin-help": "^2",
+    "@types/chalk": "^2.2.0",
     "axios": "^0.19.2",
+    "chalk": "^3.0.0",
     "crimson-progressbar": "^1.3.0",
     "tslib": "^1"
   },

src/classes/intenseScan.ts

@@ -0,0 +1,28 @@
+import VestigoResponse from '../classes/response'
+import * as chalk from 'chalk';
+
+export default class IntenseScan {
+    fail: number;
+    success: number;
+    total: number;
+    requestSuccess: VestigoResponse[];
+    requestFail: VestigoResponse[];
+    constructor(fail = 0, success = 0, total = 0, requestSuccess: VestigoResponse[] = [], requestFail: VestigoResponse[] = []) {
+        this.fail = fail;
+        this.success = success;
+        this.total = total;
+        this.requestSuccess = requestSuccess;
+        this.requestFail = requestFail;
+    }
+
+    exportSummary() {
+        console.log(` --- Successfull Requests: ${chalk.green(this.success)}`)
+        console.log(` --- Failed Requests: ${chalk.green(this.fail)}`)
+        console.log(` --- Total Requests: ${chalk.green(this.total)}`)
+        console.log(chalk.green(` --- Successfull Urls`));
+        const successUrls = this.requestSuccess.map(e => e.url);
+        successUrls.forEach(e => {
+            console.log(` ------ ${chalk.cyan(e)}`);
+        })
+    }
+}

src/classes/report.ts

@@ -5,8 +5,8 @@ export default class Report {
     cors: string;
     lastModified: string;
     contentType: string;
+
     constructor(response: AxiosResponse) {
-        console.log(response.headers);
         this.poweredBy = (response.headers['x-powered-by']) ? response.headers['x-powered-by'] : '';
         this.cors = (response.headers['access-control-allow-origin']) ? response.headers['access-control-allow-origin'] : '';
         this.lastModified = (response.headers['last-modified']) ? response.headers['last-modified'] : '';

src/classes/response.ts

@@ -0,0 +1,23 @@
+
+export default class VestigoResponse {
+    url: string;
+    success: boolean;
+    method: string;
+    headers: object;
+    status: number;
+    statusText: string;
+    date: string;
+    urls: Array<string>;
+    pathsDisclosed: Array<string>;
+    constructor(payload: {url: string, success: boolean, method: string, headers: object, status: number, statusText: string, date: string, urls: Array<string>}) {
+        this.url = payload.url;
+        this.success = payload.success;
+        this.method = payload.method;
+        this.headers = payload.headers;
+        this.status = payload.status;
+        this.statusText = payload.statusText;
+        this.date = payload.date;
+        this.urls = payload.urls;
+        this.pathsDisclosed = [];
+    }
+}

src/commands/scan.ts

@@ -1,7 +1,9 @@
 import { Command, flags } from '@oclif/command'
 import axios, { AxiosResponse } from 'axios';
+import * as chalk from 'chalk';
 import Report from '../classes/report';
 import {intenseScan} from '../tools/scanTools';
+import IntenseScan from '../classes/intenseScan';
 export default class Scan extends Command {
     static description = 'Scan an API'
 
@@ -13,34 +15,42 @@ export default class Scan extends Command {
         help: flags.help({ char: 'h' }),
         // flag with a value (-n, --name=VALUE)
         target: flags.string({ char: 't', description: 'target to scan', required: true }),
+        shortlist: flags.boolean({ char: 's', description: 'use the shortlist for endpoints', required: true, default: true, allowNo: true}),
+        parameters: flags.boolean({ char: 'p', description: 'use extra parameters on endpoints', required: true, default: true, allowNo: true}),
     }
 
     static args = [{ name: 'file' }]
 
     async run() {
         const { args, flags } = this.parse(Scan)
-        console.log(` - Targetting: ${flags.target}`)
+        console.log(` - Targetting: ${chalk.cyan(flags.target)}`)
         let init: any;
         try {
-            init = await axios.post(flags.target);
+            init = await axios.get(flags.target);
 
         } catch (error) {
             //console.log(error)
         }
-        /*axios.post(flags.target).then(val => {
-            //console.log(val);
-        }).catch(err => {
-            //console.log(err)
-        })*/
-        console.log(init)
-        //const result = new Report(init);
-        intenseScan(flags.target);
-        if (/*this.validateStatus(init.status)*/true) {
-            console.log(` - Successfully connected to target`)
-            console.log(` - Gathering basic header information`)
-            console.log(` - Gathering path disclosures`)
-            //const str = init.data.match(/\/.*\.[\w:]+/g);
-            //console.log(str);
+        if (init) {
+            if (this.validateStatus(init.status) == true) {
+                console.log(` - Successfully connected to target`)
+                console.log(` - Gathering basic header information`)
+                //console.log(` - Gathering path disclosures`)
+                // TODO: get path disclosures for basic get
+                const result = new Report(init)
+                console.log(` - Target Powered by: ${chalk.cyan(result.poweredBy)}`)
+                console.log(` - Target Last Modified at: ${chalk.cyan(result.lastModified)}`)
+                if (result.cors == "*") {
+                    console.log(` - Target ${chalk.cyan('Not CORS protected')}`)
+                } else {
+                    console.log(` - Target ${chalk.cyan('Is CORS protected')}`)
+                }
+            }
+        }
+        console.log(flags.shortlist);
+        let intenseResult: IntenseScan | void = await intenseScan(flags.target, flags.shortlist, flags.parameters);
+        if (intenseResult) {
+            intenseResult.exportSummary();
         }
         //console.log(init);
     }

src/tools/scanTools.ts

@@ -1,19 +1,31 @@
-import {shortList as endpoints} from '../resources/endpoints';
+import {shortList, longList} from '../resources/endpoints';
 import * as crimsonProgressBar from 'crimson-progressbar';
-import axios from 'axios';
-export const intenseScan = async (target: string) => {
+import axios, { AxiosResponse, AxiosError } from 'axios';
+import VestigoResponse from '../classes/response';
+import IntenseScan from '../classes/intenseScan';
+import Axios from 'axios';
+export const intenseScan = async (target: string, shortlist = true, parameters = true ) => {
+    let endpoints = '';
+    if (shortlist) {
+        endpoints = shortList;
+    } else {
+        endpoints = longList;
+    }
     const values = endpoints.split('\n');
     let counter = 0;
     console.log(" - Running intense scan")
     let promises: any[] = [];
-    promises.push(axios.get("https://google.com"));
-    promises.push(axios.get("http://burletmederic.com"));
     values.forEach((element): any => {
         promises.push(axios.get(target+element));
+        if (parameters) {
+            promises.push(axios.get(target+element+'/0'));
+            promises.push(axios.get(target+element+'/1'));
+            promises.push(axios.get(target+element+'/10'));
+        }
     })
     const promisesResolved = promises.map(promise => promise.catch((error: any) => ({ error })))
 
-    function checkFailed(then: { ([someUrl, anotherUrl]: any): void; (arg0: any): any; }) {
+    const checkFailed = (then: { ([someUrl, anotherUrl]: any): void; (arg0: any): any; }) => {
         return function (responses: any[]) {
             const someFailed = responses.some((response: { error: any; }) => response.error)
 
@@ -25,32 +37,86 @@ export const intenseScan = async (target: string) => {
         }
     }
 
-    axios.all(promisesResolved)
+    const scanData = (payload: string) => {
+        // regex for urls
+        const str: any = payload.match(/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/g);
+        // regex for paths
+        const str2: any = payload.match(/\/.*\.[\w:]+/g);
+        let results = [];
+        if (str?.length > 0) {
+            results.push(...str);
+        }
+        if (str2?.length > 0) {
+            results.push(...str2);
+        }
+        return results;
+    }
+
+   return await axios.all(promisesResolved)
         .then(checkFailed(([someUrl, anotherUrl]: any) => {
             console.log('SUCCESS', someUrl, anotherUrl)
             console.log("SUCCESS: "+someUrl.length+" / "+ values.length);
-
+            return new IntenseScan();
         }))
         .catch((err) => {
             //console.log("FAILED: "+err.length+" / "+ promises.length);
             //console.log('FAIL', err[0])
             let success = 0;
             let fail = 0;
-            err.forEach(elem => {
-
+            let round = 0;
+            let pathsDisclosed: any[] = [];
+            let results: VestigoResponse[] = [];
+            err.forEach((elem: AxiosResponse | any) => {
+                let pathed = [];
+                let result: VestigoResponse;
                 if (elem.status && validateStatus(elem.status)) {
-                    if (elem.config && elem.config.url) {
-                        console.log(elem.config.url)
+                    if (elem.data && elem.data !== "") {
+                        pathed = scanData(elem.data)
                     }
+                    result = new VestigoResponse({
+                        url: elem?.config?.url as string,
+                        success: true,
+                        method: elem?.config?.method as string,
+                        headers: elem?.headers as object,
+                        status: elem?.status as number,
+                        statusText: elem?.statusText as string,
+                        date: elem?.headers?.date as string,
+                        urls: pathed
+                    })
                     success++;
                 } else {
                     fail++;
+                    if (elem?.error?.response?.data && elem.error.response.data.length > 0) {
+                        pathed = scanData(elem.error.response.data)
+                    }
+                    result = new VestigoResponse({
+                        url: elem?.error?.response?.config?.url as string,
+                        success: false,
+                        method: elem?.error?.response?.config?.method as string,
+                        headers: elem?.error?.response?.headers as object,
+                        status: elem?.error?.response?.status as number,
+                        statusText: elem?.error?.response?.statusText as string,
+                        date: elem?.error?.response?.headers?.date as string,
+                        urls: pathed
+                    })
                 }
+                if (pathed) {
+                    result.pathsDisclosed = pathed;
+                    pathsDisclosed.push(...pathed);
+                }
+                round++;
+                results.push(result);
             });
+            pathsDisclosed = [...new Set(pathsDisclosed)];
+            const resultsSuccess: VestigoResponse[] = results.filter(e => e.success == true);
+            const resultsFail: VestigoResponse[] = results.filter(e => e.success == false);
+            const final = new IntenseScan(fail, success, err.length, resultsSuccess, resultsFail);
+            return final;
+            console.log(pathsDisclosed);
             console.log(`SUCC ${success}`)
             console.log(`FAIL ${fail}`)
             console.log(`TOTAL ${err.length}`)
-
+            console.log(results);
         });
     /*values.forEach(async (element) => {
         //console.log(element)

yarn.lock

@@ -206,6 +206,18 @@
   resolved "https://registry.yarnpkg.com/@types/chai/-/chai-4.2.9.tgz#194332625ed2ae914aef00b8d5ca3b77e7924cc6"
   integrity sha512-NeXgZj+MFL4izGqA4sapdYzkzQG+MtGra9vhQ58dnmDY++VgJaRUws+aLVV5zRJCYJl/8s9IjMmhiUw1WsKSmw==
 
+"@types/chalk@^2.2.0":
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/@types/chalk/-/chalk-2.2.0.tgz#b7f6e446f4511029ee8e3f43075fb5b73fbaa0ba"
+  integrity sha512-1zzPV9FDe1I/WHhRkf9SNgqtRJWZqrBWgu7JGveuHmmyR9CnAPCie2N/x+iHrgnpYBIcCJWHBoMRv2TRWktsvw==
+  dependencies:
+    chalk "*"
+
+"@types/color-name@^1.1.1":
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/@types/color-name/-/color-name-1.1.1.tgz#1c1261bbeaa10a8055bbc5d8ab84b7b2afc846a0"
+  integrity sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==
+
 "@types/events@*":
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/@types/events/-/events-3.0.0.tgz#2862f3f58a9a7f7c3e78d79f130dd4d71c25c2a7"
@@ -282,6 +294,14 @@ ansi-styles@^3.2.0, ansi-styles@^3.2.1:
   dependencies:
     color-convert "^1.9.0"
 
+ansi-styles@^4.1.0:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.2.1.tgz#90ae75c424d008d2624c5bf29ead3177ebfcf359"
+  integrity sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==
+  dependencies:
+    "@types/color-name" "^1.1.1"
+    color-convert "^2.0.1"
+
 ansicolors@~0.3.2:
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/ansicolors/-/ansicolors-0.3.2.tgz#665597de86a9ffe3aa9bfbe6cae5c6ea426b4979"
@@ -400,6 +420,14 @@ chai@^4:
     pathval "^1.1.0"
     type-detect "^4.0.5"
 
+chalk@*, chalk@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/chalk/-/chalk-3.0.0.tgz#3f73c2bf526591f574cc492c51e2456349f844e4"
+  integrity sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==
+  dependencies:
+    ansi-styles "^4.1.0"
+    supports-color "^7.1.0"
+
 chalk@^2.0.0, chalk@^2.4.1, chalk@^2.4.2:
   version "2.4.2"
   resolved "https://registry.yarnpkg.com/chalk/-/chalk-2.4.2.tgz#cd42541677a54333cf541a49108c1432b44c9424"
@@ -485,11 +513,23 @@ color-convert@^1.9.0:
   dependencies:
     color-name "1.1.3"
 
+color-convert@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3"
+  integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
+  dependencies:
+    color-name "~1.1.4"
+
 color-name@1.1.3:
   version "1.1.3"
   resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25"
   integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=
 
+color-name@~1.1.4:
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2"
+  integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
+
 colors@^1.1.2, colors@^1.2.1:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/colors/-/colors-1.4.0.tgz#c50491479d4c1bdaed2c9ced32cf7c7dc2360f78"
@@ -881,6 +921,11 @@ has-flag@^3.0.0:
   resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-3.0.0.tgz#b5d454dc2199ae225699f3467e5a07f3b955bafd"
   integrity sha1-tdRU3CGZriJWmfNGfloH87lVuv0=
 
+has-flag@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b"
+  integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==
+
 hasha@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/hasha/-/hasha-3.0.0.tgz#52a32fab8569d41ca69a61ff1a214f8eb7c8bd39"
@@ -1794,6 +1839,13 @@ supports-color@^6.1.0:
   dependencies:
     has-flag "^3.0.0"
 
+supports-color@^7.1.0:
+  version "7.1.0"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.1.0.tgz#68e32591df73e25ad1c4b49108a2ec507962bfd1"
+  integrity sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==
+  dependencies:
+    has-flag "^4.0.0"
+
 supports-hyperlinks@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/supports-hyperlinks/-/supports-hyperlinks-1.0.1.tgz#71daedf36cc1060ac5100c351bb3da48c29c0ef7"