🐛 fix(scan): No crash on no reachable base url

crimson-med · May 12, 2020 · ea8c37c · ea8c37c
1 parent ee68b9d
commit ea8c37c
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 44 deletions.
diff --git a/src/classes/intenseScan.ts b/src/classes/intenseScan.ts
@@ -28,11 +28,19 @@ export default class IntenseScan {
     }
 
     getUrlsSuccess() {
-        return this.requestSuccess.map(e => e.url);
+        let result:string[] = [];
+        if (this.requestSuccess.length > 0) {
+            result = this.requestSuccess.map(e => e.url);
+        }
+        return result;
     }
 
     getUrlsFail() {
-        return this.requestFail.map(e => e.url);
+        let result:string[] = [];
+        if (this.requestFail.length > 0) {
+            result = this.requestFail.map(e => e.url);
+        }
+        return result;
     }
 
     getAllPathsDisclosures() {

diff --git a/src/classes/report.ts b/src/classes/report.ts
@@ -18,17 +18,24 @@ export default class Report {
     startDate: Date;
     endDate: Date;
     elapsedSeconds: number;
-    constructor(response: AxiosResponse) {
-        this.poweredBy = (response.headers['x-powered-by']) ? response.headers['x-powered-by'] : '';
-        this.cors = (response.headers['access-control-allow-origin']) ? response.headers['access-control-allow-origin'] : '';
-        this.lastModified = (response.headers['last-modified']) ? response.headers['last-modified'] : '';
-        this.contentType = (response.headers['content-type']) ? response.headers['content-type'] : '';
+    constructor(target: string) {
+        this.poweredBy = ""
+        this.cors = ""
+        this.lastModified = ""
+        this.contentType = ""
         this.intenseScan = new IntenseScan();
         this.flags = {};
         this.startDate = new Date();
         this.endDate = new Date();
         this.elapsedSeconds = 0;
-        this.target = "";
+        this.target = target;
+    }
+
+    loadFromResponse(response: AxiosResponse) {
+        this.poweredBy = (response.headers['x-powered-by']) ? response.headers['x-powered-by'] : '';
+        this.cors = (response.headers['access-control-allow-origin']) ? response.headers['access-control-allow-origin'] : '';
+        this.lastModified = (response.headers['last-modified']) ? response.headers['last-modified'] : '';
+        this.contentType = (response.headers['content-type']) ? response.headers['content-type'] : '';
     }
 
     exportSummary(type: ReportType = ReportType.MARKDOWN) {
@@ -63,10 +70,10 @@ export default class Report {
             <tr><td>Content Type</td><td>${this.contentType}</td></tr>`;
             let urls = this.intenseScan.getUrlsSuccess().reduce((accumulator: any, currentValue: any) => {
                 return accumulator+`<li>${currentValue}</li>`;
-            })
+            }, "")
             let paths = this.intenseScan.getAllPathsDisclosures().reduce((accumulator: any, currentValue: any) => {
                 return accumulator+`<li>${currentValue}</li>`;
-            })
+            }, "")
             template = template.replace("{url1}", urls);
             template = template.replace("{path1}", paths);
             template = template.replace("{params}", tempParams);

diff --git a/src/commands/scan.ts b/src/commands/scan.ts
@@ -44,7 +44,9 @@ export default class Scan extends Command {
         console.log(flags.method);
         console.log(` - ${chalk.green(formatDate(startDate, "dddd dd MMMM yyyy hh:mm"))}`)
         console.log(` - Targetting: ${chalk.cyan(flags.target)}`)
-        let init: any;
+        let init: any = null;
+        // init report
+        const finalReport = new Report(flags.target);
         // Try to contact base url
         try {
             // Disable SSL verification by default
@@ -54,30 +56,30 @@ export default class Scan extends Command {
             init = await axios.get(flags.target, { httpsAgent: agent });
         } catch (error) {
             if (error.code) {
-                console.log(error.code);
-            } else {
-                console.log(error)
-            }
+                console.log(`Error code: ${error.code}`);
+            } 
         }
         // If base url can be contacted start basic analysis
-        if (init) {
             // Init report
-            const finalReport = new Report(init);
-            // If status was valid keep going
-            if (this.validateStatus(init.status) == true) {
-                console.log(` - Successfully connected to target`)
-                console.log(` - Gathering basic header information`)
-                const result = new Report(init)
-                console.log(` - Target Powered by: ${chalk.cyan(result.poweredBy)}`)
-                console.log(` - Target Last Modified at: ${chalk.cyan(result.lastModified)}`)
-                if (result.cors == "*") {
-                    console.log(` - Target ${chalk.cyan('Not CORS protected')}`)
+            if (init) {
+                finalReport.loadFromResponse(init);
+                if (this.validateStatus(init.status) == true) {
+                    console.log(` - Successfully connected to target`)
+                    console.log(` - Gathering basic header information`)
+                    const result = new Report(init)
+                    console.log(` - Target Powered by: ${chalk.cyan(result.poweredBy)}`)
+                    console.log(` - Target Last Modified at: ${chalk.cyan(result.lastModified)}`)
+                    if (result.cors == "*") {
+                        console.log(` - Target ${chalk.cyan('Not CORS protected')}`)
+                    } else {
+                        console.log(` - Target ${chalk.cyan('Is CORS protected')}`)
+                    }
                 } else {
-                    console.log(` - Target ${chalk.cyan('Is CORS protected')}`)
+                    console.log(init)
+                    console.log(init.status)
                 }
             } else {
-                console.log(init)
-                console.log(init.status)
+                console.log("plop")
             }
             // Init an intense scan
             let intenseResult: IntenseScan | void = await intenseScan(flags.target, flags.shortlist, flags.parameters, flags.method);
@@ -97,9 +99,6 @@ export default class Scan extends Command {
                 console.log(` - ${chalk.green(formatDate(endDate, "dddd dd MMMM yyyy hh:mm"))}`)
                 console.log(` - Time Elapsed: ${chalk.green(finalReport.elapsedSeconds)} seconds`)
             }
-        }
-
-
         //console.log(init);
     }
 

diff --git a/src/tools/scanTools.ts b/src/tools/scanTools.ts
@@ -58,19 +58,21 @@ export const intenseScan = async (target: string, shortlist = true, parameters =
     }
 
     const scanData = (payload: string) => {
-        // regex for urls
-        const str: any = payload.match(/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/g);
-        // regex for paths
-        const str2: any = payload.match(/\/[a-zA-Z0-9\/\-_.]+\/[a-zA-Z0-9\/\-_.]+[^<>",:]/g);
-        let results = [];
-        // If we have regex match push them to array
-        if (str?.length > 0) {
-            results.push(...str);
-        }
-        if (str2?.length > 0) {
-            results.push(...str2);
+        if (typeof payload == "string") {
+            // regex for urls
+            const str: any = payload.match(/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/g);
+            // regex for paths
+            const str2: any = payload.match(/\/[a-zA-Z0-9\/\-_.]+\/[a-zA-Z0-9\/\-_.]+[^<>",:]/g);
+            let results = [];
+            // If we have regex match push them to array
+            if (str?.length > 0) {
+                results.push(...str);
+            }
+            if (str2?.length > 0) {
+                results.push(...str2);
+            }
+            return results;
         }
-        return results;
     }
     // execute all the requests
    return await axios.all(promisesResolved)