crash.software
Projects
Pull Requests
Issues
Builds
Taipan
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY Taipan Commits a427e163
🤬
  • ■ ■ ■ ■ ■ ■
    .gitignore
    1  -#################
    2  -## Taipan
    3  -#################
    4  - 
    5  -ES.Taipan.Infrastructure/Network/Windows/*
    6  -ES.Taipan.Infrastructure/Network/Unix32/*
    7  -ES.Taipan.Infrastructure/Network/Unix64/*
    8  -Bins/*
    9  - 
    10  - 
    11  -#################
    12  -## Eclipse
    13  -#################
    14  - 
    15  -*.pydevproject
    16  -.project
    17  -.metadata
    18  -bin/
    19  -tmp/
    20  -.fake/
    21  -*.tmp
    22  -*.bak
    23  -*.swp
    24  -*~.nib
    25  -local.properties
    26  -.classpath
    27  -.settings/
    28  -.loadpath
    29  - 
    30  -# External tool builders
    31  -.externalToolBuilders/
    32  - 
    33  -# Locally stored "Eclipse launch configurations"
    34  -*.launch
    35  - 
    36  -# CDT-specific
    37  -.cproject
    38  - 
    39  -# PDT-specific
    40  -.buildpath
    41  - 
    42  - 
    43  -#################
    44  -## Visual Studio
    45  -#################
    46  - 
    47  -## Ignore Visual Studio temporary files, build results, and
    48  -## files generated by popular Visual Studio add-ons.
    49  - 
    50  -# User-specific files
    51  -*.suo
    52  -*.user
    53  -*.sln.docstates
    54  -.vs/
    55  -Data/Signatures/PHP/*.zip
    56  - 
    57  -# Build results
    58  - 
    59  -[Dd]ebug/
    60  -[Rr]elease/
    61  -x64/
    62  -build/
    63  -[Bb]in/
    64  -[Oo]bj/
    65  -packages/
    66  -deploy/
    67  - 
    68  -# MSTest test Results
    69  -[Tt]est[Rr]esult*/
    70  -[Bb]uild[Ll]og.*
    71  - 
    72  -*_i.c
    73  -*_p.c
    74  -*.ilk
    75  -*.meta
    76  -*.obj
    77  -*.pch
    78  -*.pdb
    79  -*.pgc
    80  -*.pgd
    81  -*.rsp
    82  -*.sbr
    83  -*.tlb
    84  -*.tli
    85  -*.tlh
    86  -*.tmp
    87  -*.tmp_proj
    88  -*.log
    89  -*.vspscc
    90  -*.vssscc
    91  -.builds
    92  -*.pidb
    93  -*.log
    94  -*.scc
    95  - 
    96  -# Visual C++ cache files
    97  -ipch/
    98  -*.aps
    99  -*.ncb
    100  -*.opensdf
    101  -*.sdf
    102  -*.cachefile
    103  - 
    104  -# Visual Studio profiler
    105  -*.psess
    106  -*.vsp
    107  -*.vspx
    108  - 
    109  -# Guidance Automation Toolkit
    110  -*.gpState
    111  - 
    112  -# ReSharper is a .NET coding add-in
    113  -_ReSharper*/
    114  -*.[Rr]e[Ss]harper
    115  - 
    116  -# TeamCity is a build add-in
    117  -_TeamCity*
    118  - 
    119  -# DotCover is a Code Coverage Tool
    120  -*.dotCover
    121  - 
    122  -# NCrunch
    123  -*.ncrunch*
    124  -.*crunch*.local.xml
    125  - 
    126  -# Installshield output folder
    127  -[Ee]xpress/
    128  - 
    129  -# DocProject is a documentation generator add-in
    130  -DocProject/buildhelp/
    131  -DocProject/Help/*.HxT
    132  -DocProject/Help/*.HxC
    133  -DocProject/Help/*.hhc
    134  -DocProject/Help/*.hhk
    135  -DocProject/Help/*.hhp
    136  -DocProject/Help/Html2
    137  -DocProject/Help/html
    138  - 
    139  -# Click-Once directory
    140  -publish/
    141  - 
    142  -# Publish Web Output
    143  -*.Publish.xml
    144  -*.pubxml
    145  - 
    146  -# NuGet Packages Directory
    147  -## TODO: If you have NuGet Package Restore enabled, uncomment the next line
    148  -#packages/
    149  - 
    150  -# Windows Azure Build Output
    151  -csx
    152  -*.build.csdef
    153  - 
    154  -# Windows Store app package directory
    155  -AppPackages/
    156  - 
    157  -# Others
    158  -sql/
    159  -*.Cache
    160  -ClientBin/
    161  -[Ss]tyle[Cc]op.*
    162  -~$*
    163  -*~
    164  -*.dbmdl
    165  -*.[Pp]ublish.xml
    166  -*.pfx
    167  -*.publishsettings
    168  - 
    169  -# RIA/Silverlight projects
    170  -Generated_Code/
    171  - 
    172  -# Backup & report files from converting an old project file to a newer
    173  -# Visual Studio version. Backup files are not needed, because we have git ;-)
    174  -_UpgradeReport_Files/
    175  -Backup*/
    176  -UpgradeLog*.XML
    177  -UpgradeLog*.htm
    178  - 
    179  -# SQL Server files
    180  -App_Data/*.mdf
    181  -App_Data/*.ldf
    182  - 
    183  -#############
    184  -## Windows detritus
    185  -#############
    186  - 
    187  -# Windows image file caches
    188  -Thumbs.db
    189  -ehthumbs.db
    190  - 
    191  -# Folder config file
    192  -Desktop.ini
    193  - 
    194  -# Recycle Bin used on file shares
    195  -$RECYCLE.BIN/
    196  - 
    197  -# Mac crap
    198  -.DS_Store
    199  - 
    200  - 
    201  -#############
    202  -## Python
    203  -#############
    204  - 
    205  -*.py[co]
    206  - 
    207  -# Packages
    208  -*.egg
    209  -*.egg-info
    210  -dist/
    211  -build/
    212  -eggs/
    213  -parts/
    214  -var/
    215  -sdist/
    216  -develop-eggs/
    217  -.installed.cfg
    218  - 
    219  -# Installer logs
    220  -pip-log.txt
    221  - 
    222  -# Unit test / coverage reports
    223  -.coverage
    224  -.tox
    225  - 
    226  -#Translations
    227  -*.mo
    228  - 
    229  -#Mr Developer
    230  -.mr.developer.cfg
    231  - 
  • ■ ■ ■ ■ ■ ■
    Doc/Authentication.md
    1  -# Run an authenticated Scan
    2  - 
    3  -By modifiying the profile file, it is possible to create an authenticated scan. There are various kind of Authentication:
    4  - 
    5  -* Add to Taipan an authenticated cookie
    6  -* Configure an HTTP Basic/Digest authentication
    7  -* Configure a Bearer (token based) authentication
    8  -* Web form authentication
    9  - 
    10  -## Add an authenticated cookie
    11  -This method is probably the easier one. The first step is to obtain a cookie that was authenticated. In order to do you can login into your web application and then extracts the value of the coookie that was returned by server in order to identify your session. To grab the cookie you can use one the many available HTTP proxy.
    12  - 
    13  -Once that you have the cookie you have to modify the given scan profile. In the profile you have to identify the XML element **AdditionalCookies** which is a children of the XML element **HttpRequestorSettings**. Once identified you have to add a new XML child named **Cookie** with two other childrens named **Name** and **Value**. An example of configuration is the following:
    14  - 
    15  - <AdditionalCookies>
    16  - <Cookie>
    17  - <Name>Cookie Name</Name>
    18  - <Value>Cookie Value</Value>
    19  - </Cookie>
    20  - </AdditionalCookies>
    21  -
    22  -If you need more than one cookie for the authentication just add more **Cookie** elements to the **AdditionalCookies** element. Once done that, *Taipan* will send the configured cookie in all its requests.
    23  - 
    24  -## Configure an HTTP Basic/Digest authentication
    25  -To configure an HTTP Basic/Digest authentication is necessary to modify the used scan profile. You have to identify the XML element **AuthenticationInfo** which is a children of the XML element **HttpRequestorSettings**. Once identified you have to add the childrens **Type**, **Username** and **Password**, where *Type* must assume the value **Basic** or **Digest**. All the other items must be empty. An example of configuration is the following:
    26  - 
    27  - <AuthenticationInfo>
    28  - <Type>Basic</Type>
    29  - <Username>admin</Username>
    30  - <Password>admin</Password>
    31  - <Token></Token>
    32  - <Enabled>true</Enabled>
    33  - <LoginPattern />
    34  - <LogoutPattern />
    35  - <DynamicAuthParameterPatterns />
    36  - </AuthenticationInfo>
    37  -
    38  -## Configure a Bearer (token based) authentication
    39  -To configure an Bearer authentication (also known as token based authentication) is necessary to modify the used scan profile. You have to identify the XML element **AuthenticationInfo** which is a children of the XML element **HttpRequestorSettings**. Once identified you have to add the childrens **Type** and **Token**, where *Type* must assume the value **Bearer**. All the other items must be empty. An example of configuration is the following:
    40  - 
    41  - <AuthenticationInfo>
    42  - <Type>Bearer</Type>
    43  - <Username></Username>
    44  - <Password></Password>
    45  - <Token>1234567890qwertyuiop</Token>
    46  - <Enabled>true</Enabled>
    47  - <LoginPattern />
    48  - <LogoutPattern />
    49  - <DynamicAuthParameterPatterns />
    50  - </AuthenticationInfo>
    51  -
    52  -## Web form authentication
    53  - 
  • ■ ■ ■ ■ ■ ■
    Doc/Hidden resource discovery.md
    1  -# Hidden resource discovery
    2  -Taipan allows to identify hidden resources. With hidden resource I mean any content that is not directly accessible by direct web application navigation. Example of hidden content are
    3  -test pages, backup files or any URLs which is not directly navigable.
    4  - 
    5  -This process is based on _wordlist_ of keywords. Taipan allwos to customize this process by specifing a possible extension to use during the scan. The profile that you must use in order
    6  -to execute an hidden discovery scan is *Identify hidden resources* (you can see it by running Taipan with the command _--show-profiles_).
  • ■ ■ ■ ■ ■ ■
    Doc/Http and Web Form bruteforcing.md
    1  -# Http and Web Form bruteforcing
    2  -This AddOn allows to execute an HTTP or Web Form authentication bruteforcing. In order to do so it verify the response code (in case of HTTP bruteforcing) or use a custom heuristic in order to identify if the page returned an authenticated content or not (in case of Web Form authentication).
    3  - 
    4  -Under the folder _Data\AddOnStorage\Web Form Bruteforcer AddOn_ you will find three XML files (the file format is self explanatory):
    5  - * **Combinations.xml** contains the combination of user/password to use. This is useful to test for default account
    6  - * **Usernames.xml** contaions the list of username to bruteforce. It is suggested to not include a long list, since for each username the entire password list is used in order to bruteforce it
    7  - * **Passwords.xml** contains the password to use in order to bruteforce all usernames
    8  - 
  • ■ ■ ■ ■ ■ ■
    Doc/LuaScript.md
    1  -# Implements a new Luca script to fingerprint web applications
    2  -The identification of a given Web Application is done through two diferent processes. The first one is signature based and the second one is via custom LUA script. It is possible to add new script by following some simple guidelines.
    3  - 
    4  -All LUA scripts are stored in **Data\Scripts\<language>** folder. Inside this folder there are the script that identify a specific directory. Each script is sotred in afolder with the same name as the identified application. For example the LUA script to fingerprint Wordpress is stored in the folder: **Data\Scripts\Php\Wordpress**.
    5  - 
    6  -To create a new script is necessary to create a new application folder insider the corresponding *language folder*. There are two files that must be defined, the first one is the descriptor file, which is an XML file that describe the script. Find below the script for theWordpress application:
    7  - 
    8  - <LuaScriptSignature>
    9  - <Id>10BEAE33-CAC7-4862-BD07-9E42A12258E6</Id>
    10  - <ApplicationName>Wordpress</ApplicationName>
    11  - <TargetLanguage>Php</TargetLanguage>
    12  - </LuaScriptSignature>
    13  - 
    14  -The parameters meaning are:
    15  - * **Id** is a GUID and if the identifier of the script
    16  - * **ApplicationName** The application name that is identified. This name will be displayed in the result report
    17  - * **TargetLanguage** The language that was used to develop the application. For Wordpress is PHP
    18  -
    19  -## Global vars
    20  -In order to report to Taipan the Application that was identified and its version, the script must set a couple of global vars that will be later used by the Taipan scanner. Each script must return a _Boolean_ result after its execution. The result meaning is:
    21  - 
    22  -* True: if the script was able to identify a given application version
    23  -* False: otherwise
    24  - 
    25  -If the script is able to identify the application, the version must be placed in a global vaiables named *appVersion*.
    26  - 
    27  -The format of this variable must be compliant to the <a href="https://semver.org/">Semantic Version</a> standard. For a sample of LUA script take a look at the <a href="https://github.com/enkomio/Taipan/blob/master/Src/ES.Taipan.Fingerprinter/Lua/Php/Joomla/joomla.lua">Joomla fingeprintg script</a>.
    28  - 
    29  - 
  • ■ ■ ■ ■ ■ ■
    RELEASE_NOTES.md
    1  -### 2.1.0 - 05/01/2019
    2  -* Improved profile displaying
    3  -* Improved Error page detection by identifying JBoss error pages
    4  -* Added Web Form authentication bruteforcer
    5  -* Minor bug fixing
    6  - 
    7  -### 2.0.0 - 04/11/2018
    8  -* Improved error reporting and enabled saving a txt format of the generated report
    9  -* Improved testing of multipart input, included file input
    10  -* Added integrity check when testing web form with password fields. If the values of the password fields is different there may be false negative
    11  -* Added HTTP Basic bruteforce plugin
    12  - 
    13  -### 1.7.0 - 06/08/2018
    14  -* Created Vulnerability Editor in order to create application vulnerabilities
    15  -* Improved system metrics generation
    16  -* Improved code to load signature by decreasing the load time
    17  -* Added more signatures and improved discovery process
    18  -* Fixed minor bug in Fingerprinter and Vulnerability Scanner
    19  -* Added web vulnerabilities
    20  -* Added support to Brotli decompression
    21  -* Updated TestSSL AddOn
    22  - 
    23  -### 1.6.0 - 28/03/2018
    24  -* Resolved resource leak in ChromeDriver usage
    25  -* Fixed some bugs (FPs, Mem leak, ...)
    26  -* Improved Reflected XSS AddOn
    27  -* Authentication HTTP Basic, Digest, Bearer
    28  -* Authentication via WebForm
    29  -* Adjusted versioning
    30  - 
    31  -### 1.2.5 - 06/02/2018
    32  -* Implemented Re-Crawling of identified web pages
    33  -* Minor bug fixes
    34  -* Added Stored Cross Site Scripting check
    35  -* Added Exposed Session Variables check
    36  - 
    37  -### 1.2.4 - 21/12/2017
    38  -* Added Blind SQL Injection check
    39  -* Added Missing HttpOnly cookie flag check
    40  -* Added Missing Secure cookie flag check
    41  -* Added Password sent over insecure channel check
    42  -* Added Password field with autocomplete enabled check
    43  - 
    44  -### 1.2.3 - 06/09/2017
    45  -* Implemented Javascript Engine
    46  -* Improved Scan information section
    47  -* Bug fixing
    48  -* Vulnerabilities added:
    49  - - Woocommerce: Reflected XSS vulnerability in vendor_description parameter
    50  - 
    51  -### 1.2.2 - 25/07/2017
    52  -* Journey Scan implemented
    53  -* SQL Injection addOn
    54  -* Availability of HTML and JSON Report
    55  -* Added feature to set default value for specific parameters
    56  -* Added info on the connected Scan Managers and enabled the editing of specific properties
    57  -* Improved UX
    58  -* Improved resource discovery process
    59  -* Implemented process to satify anti-CSRF token submission during SQL Injection and Cross Site Scripting testing
    60  -* Vulnerabilities added:
    61  - - Joomla: CVE-2015-8564, CVE-2015-8769, CVE-2016-8869, CVE-2016-8870, CVE-2016-9081, CVE-2016-9836, CVE-2017-8917
    62  - - Wordpress: CVE-2015-2213, CVE-2016-6896, CVE-2017-9064, CVE-2017-5611, CVE-2016-7169
    63  -* Bug fixing and testing
    64  - 
    65  -### 1.2.0 - 22/09/2016
    66  -* Added more vulnerability AddOn checks
    67  -* Added more signatures
    68  -* General imrpovements
    69  - 
    70  -### 1.1.0 - 28/07/2016
    71  -* Added Crawler component
    72  -* Added vulnerability scanner component
    73  -* Added Directory Listing vulnerability addon
    74  -* Added more signature to the web application fingerprinter
    75  -* Improved hidden resource discoverer
    76  - 
    77  -### 1.0.0 - 10/06/2016
    78  -* First Beta Release.
Please wait...
Page is in error, reload to recover