Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace Wappalyzer #2727

Merged
merged 26 commits into from
Apr 8, 2024
Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
274b286
Initial version
ammar92 Mar 22, 2024
3f54f6e
Some fixes
ammar92 Mar 26, 2024
7fb65be
Updated requirements
ammar92 Mar 26, 2024
f0b6a45
Merge branch 'main' into feature/replace-wappalyzer
ammar92 Mar 26, 2024
ec03362
Fix for Boefje Dockerfile
ammar92 Mar 28, 2024
3033ea0
Updated Boefjes test workflow
ammar92 Mar 28, 2024
00124a9
Merge branch 'main' into feature/replace-wappalyzer
ammar92 Mar 28, 2024
98748b2
Fixed Boefjes Dockerfile
ammar92 Mar 28, 2024
7cd4495
Test
ammar92 Mar 28, 2024
c9cd627
Revert "Test"
ammar92 Mar 28, 2024
f89dbfa
Small fix
ammar92 Mar 28, 2024
137010f
Bug fix
ammar92 Mar 28, 2024
71d6993
Bug fix
ammar92 Mar 28, 2024
7dc8b3e
Fixed boefje, normalizer and test
ammar92 Mar 28, 2024
c1180bf
Fixed headers normalizer
ammar92 Mar 28, 2024
3fb2d9f
Fixed normalizer
ammar92 Mar 29, 2024
defc7e7
Merge branch 'main' into feature/replace-wappalyzer
underdarknl Apr 1, 2024
3553e49
Merge branch 'main' into feature/replace-wappalyzer
underdarknl Apr 2, 2024
dd30c03
Fix git requirements in Debian packages and rdo github flow
dekkers Apr 2, 2024
696b7b5
Moved Wappalyzer normalizer plugin to its own directory
ammar92 Apr 3, 2024
d995806
Reverted headers normalizer and `openkat-http/headers` format
ammar92 Apr 3, 2024
c453c73
Merge branch 'main' into feature/replace-wappalyzer
ammar92 Apr 3, 2024
eff4297
Rework
ammar92 Apr 4, 2024
531b6e9
Merge remote-tracking branch 'origin/feature/replace-wappalyzer' into…
ammar92 Apr 4, 2024
7de5514
Merge branch 'main' into feature/replace-wappalyzer
ammar92 Apr 4, 2024
d6b9972
Merge branch 'main' into feature/replace-wappalyzer
underdarknl Apr 5, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/boefjes_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
run: python3 -m pip install --upgrade pip

- name: Install dev requirements
run: pip install -r requirements-dev.txt
run: grep -v git+https:// requirements-dev.txt | pip install -r /dev/stdin && grep git+https:// requirements-dev.txt | pip install -r /dev/stdin
working-directory: ./boefjes

- name: Install requirements
Expand Down
10 changes: 8 additions & 2 deletions boefjes/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,14 @@ COPY boefjes/requirements-dev.txt boefjes/requirements.txt .

RUN --mount=type=cache,target=/root/.cache \
pip install --upgrade pip \
&& pip install -r requirements.txt \
&& if [ "$ENVIRONMENT" = "dev" ]; then pip install -r requirements-dev.txt; fi
&& if [ "$ENVIRONMENT" = "dev" ]; \
then \
grep -v git+https:// requirements-dev.txt | pip install -r /dev/stdin ; \
grep git+https:// requirements-dev.txt | pip install -r /dev/stdin ; \
else \
grep -v git+https:// requirements.txt | pip install -r /dev/stdin ;\
grep git+https:// requirements.txt | pip install -r /dev/stdin ; \
fi

FROM dev

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
import binascii
import json
from collections.abc import Iterable

from Wappalyzer import Wappalyzer, WebPage

from boefjes.job_models import NormalizerMeta
from octopoes.models import OOI, Reference
from octopoes.models.ooi.dns.zone import Hostname
from octopoes.models.ooi.network import Network
from octopoes.models.ooi.software import Software, SoftwareInstance


def run(normalizer_meta: NormalizerMeta, raw: bytes | str) -> Iterable[OOI]:
pk = normalizer_meta.raw_data.boefje_meta.input_ooi
tokenized_hostname = Reference.from_str(pk).tokenized["website"]["hostname"]
hostname = Hostname(
network=Network(name=tokenized_hostname["network"]["name"]).reference, name=tokenized_hostname["name"]
)
raw_respsone, body = raw.split(b"\n\n", 1)
response_object = json.loads(raw_respsone)
url = response_object["response"]["url"]

headers = response_object["response"]["headers"]
body = binascii.unhexlify(body.strip())
body = body.decode(response_object.get("encoding") or "utf-8", "replace")

wappalyzer = Wappalyzer.latest()
web_page = WebPage(url, body, headers)
results = wappalyzer.analyze_with_versions_and_categories(web_page)

for name, data in results.items():
software = Software(name=name, version=data["versions"].pop(0))
software_instance = SoftwareInstance(ooi=hostname.reference, software=software.reference)
yield from [software, software_instance]
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"id": "kat_website_software_normalize",
"id": "kat_webpage_analysis_wappalyzer_normalize",
ammar92 marked this conversation as resolved.
Show resolved Hide resolved
"consumes": [
"boefje/website-software"
"openkat-http/response"
],
"produces": [
"Software",
Expand Down
3 changes: 2 additions & 1 deletion boefjes/boefjes/plugins/kat_webpage_analysis/boefje.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@
"HTTPResource"
],
"produces": [
"openkat-http/full",
"openkat-http/response",
"openkat-http/headers",
"openkat-http/body",
"application/javascript",
"application/javascript",
"application/json",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@
def run(normalizer_meta: NormalizerMeta, raw: bytes | str) -> Iterable[OOI]:
# fetch a reference to the original resource where these headers where downloaded from
resource = Reference.from_str(normalizer_meta.raw_data.boefje_meta.input_ooi)
headers = json.loads(raw).get("response", {}).get("headers", {})

for key, value in json.loads(raw).items():
for key, value in headers.items():
yield HTTPHeader(
resource=resource,
key=key,
Expand Down
28 changes: 26 additions & 2 deletions boefjes/boefjes/plugins/kat_webpage_analysis/main.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import binascii
import ipaddress
import json
import mimetypes
Expand Down Expand Up @@ -66,13 +67,36 @@ def run(boefje_meta: BoefjeMeta) -> list[tuple[set, bytes | str]]:
if content_type[0] in ALLOWED_CONTENT_TYPES:
body_mimetypes.add(content_type[0])

# in case of a full response object, we hexdump to avoid issues with binary data or different encoding
response_dump = json.dumps(create_response_object(response))
content = binascii.hexlify(response.content).decode()
dekkers marked this conversation as resolved.
Show resolved Hide resolved

return [
({"openkat-http/full"}, f"{response.headers}\n\n{response.content}"),
({"openkat-http/headers"}, json.dumps(dict(response.headers))),
({"openkat-http/response"}, f"{response_dump}\n\n{content}"),
({"openkat-http/headers"}, response_dump),
ammar92 marked this conversation as resolved.
Show resolved Hide resolved
(body_mimetypes, response.content),
]


# todo: perhaps also implement response.history?
def create_response_object(response: requests.Response) -> dict:
return {
"response": {
"url": response.url,
"status_code": response.status_code,
"headers": dict(response.headers),
"cookies": dict(response.cookies),
"is_redirect": response.is_redirect,
"encoding": response.encoding,
},
"request": {
"url": response.request.url,
"method": response.request.method,
"headers": dict(response.request.headers),
},
}


def do_request(hostname: str, session: Session, uri: str, useragent: str):
response = session.get(
uri,
Expand Down
9 changes: 0 additions & 9 deletions boefjes/boefjes/plugins/kat_website_software/boefje.json

This file was deleted.

Binary file not shown.
3 changes: 0 additions & 3 deletions boefjes/boefjes/plugins/kat_website_software/description.md

This file was deleted.

31 changes: 0 additions & 31 deletions boefjes/boefjes/plugins/kat_website_software/main.py

This file was deleted.

45 changes: 0 additions & 45 deletions boefjes/boefjes/plugins/kat_website_software/normalize.py

This file was deleted.

22 changes: 15 additions & 7 deletions boefjes/poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions boefjes/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,9 @@ shodan = "1.25.0"
cryptography = "^42.0.1"
# required by kat_webpage_analysis
forcediphttpsadapter = "1.1.0"
python-wappalyzer = {git = "https://github.com/chorsley/python-Wappalyzer.git", rev = "0.4.0"}
# required by kat_webpage_analysis (forcediphttpsadapter)
urllib3 = "^2.1.0"
# required by kat_website_software
python-Wappalyzer = "0.3.1"
# required by kat_wpscan
wpscan-out-parse = "1.9.3"
# required by kat_sec_txt
Expand Down
4 changes: 1 addition & 3 deletions boefjes/requirements-dev.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1067,9 +1067,7 @@ python-dotenv==1.0.1 ; python_version >= "3.10" and python_version < "4.0" \
--hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a
python-libnmap==0.7.3 ; python_version >= "3.10" and python_version < "4.0" \
--hash=sha256:d03629256c2ee9ab37390c28d4c4c2ae9637cd0861dd8ab9e0f32779545936c0
python-wappalyzer==0.3.1 ; python_version >= "3.10" and python_version < "4.0" \
--hash=sha256:0c76e4bbc1e782795f2ccda627add6366153cd53d8f8eb5a5b62431c7c4ecdfe \
--hash=sha256:28fc8d5b8ace221aad7c5729b923976af53c5b7116fd0ddc452a0dcaeaf4b831
python-wappalyzer @ git+https://github.com/chorsley/python-Wappalyzer.git@ac651718af77804e52b826944933be831d491387 ; python_version >= "3.10" and python_version < "4.0"
pywin32==306 ; python_version >= "3.10" and python_version < "4.0" and sys_platform == "win32" \
--hash=sha256:06d3420a5155ba65f0b72f2699b5bacf3109f36acbe8923765c22938a69dfc8d \
--hash=sha256:1c73ea9a0d2283d889001998059f5eaaba3b6238f767c9cf2833b13e6a685f65 \
Expand Down
4 changes: 1 addition & 3 deletions boefjes/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1055,9 +1055,7 @@ python-dotenv==1.0.1 ; python_version >= "3.10" and python_version < "4.0" \
--hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a
python-libnmap==0.7.3 ; python_version >= "3.10" and python_version < "4.0" \
--hash=sha256:d03629256c2ee9ab37390c28d4c4c2ae9637cd0861dd8ab9e0f32779545936c0
python-wappalyzer==0.3.1 ; python_version >= "3.10" and python_version < "4.0" \
--hash=sha256:0c76e4bbc1e782795f2ccda627add6366153cd53d8f8eb5a5b62431c7c4ecdfe \
--hash=sha256:28fc8d5b8ace221aad7c5729b923976af53c5b7116fd0ddc452a0dcaeaf4b831
python-wappalyzer @ git+https://github.com/chorsley/python-Wappalyzer.git@ac651718af77804e52b826944933be831d491387 ; python_version >= "3.10" and python_version < "4.0"
pywin32==306 ; python_version >= "3.10" and python_version < "4.0" and sys_platform == "win32" \
--hash=sha256:06d3420a5155ba65f0b72f2699b5bacf3109f36acbe8923765c22938a69dfc8d \
--hash=sha256:1c73ea9a0d2283d889001998059f5eaaba3b6238f767c9cf2833b13e6a685f65 \
Expand Down
65 changes: 65 additions & 0 deletions boefjes/tests/examples/body-page-analysis-normalize.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
{
"id": "312b968d-0453-48fd-8e7b-ecfcb757dc7e",
"raw_data": {
"id": "e20e3de6-4305-4344-bfcf-a8b9ecc76ccd",
"boefje_meta": {
"id": "a8d1830b-3e2e-4dab-928e-4493a9710ff1",
"boefje": {
"id": "webpage-analysis"
},
"organization": "_dev",
"input_ooi": "HTTPResource|internet|134.209.85.72|tcp|443|https|internet|mispo.es|https|internet|mispo.es|443|/",
"arguments": {
"input": {
"object_type": "HTTPResource",
"scan_profile": "reference=Reference('HTTPResource|internet|134.209.85.72|tcp|443|https|internet|mispo.es|https|internet|mispo.es|443|/') level=4 scan_profile_type='inherited'",
"primary_key": "HTTPResource|internet|134.209.85.72|tcp|443|https|internet|mispo.es|https|internet|mispo.es|443|/",
"website": {
"ip_service": {
"ip_port": {
"address": {
"network": {
"name": "internet"
},
"address": "134.209.85.72"
},
"protocol": "tcp",
"port": "443"
},
"service": {
"name": "https"
}
},
"hostname": {
"network": {
"name": "internet"
},
"name": "mispo.es"
}
},
"web_url": {
"scheme": "https",
"netloc": {
"network": {
"name": "internet"
},
"name": "mispo.es"
},
"port": "443",
"path": "/"
},
"redirects_to": "None"
}
}
},
"mime_types": [
{
"value": "openkat-http/response"
}
]
},
"normalizer": {
"id": "kat_webpage_analysis_wappalyzer_normalize",
"version": null
}
}
Loading