Merge pull request #487 from yogeshojha/fix/xss_hunter_target_summary

Fix/xss hunter target summary
yogeshojha · Aug 31, 2021 · 8e54661 · 8e54661
2 parents f21e832 + 7f2748d
commit 8e54661
Show file tree

Hide file tree

Showing 8 changed files with 360 additions and 560 deletions.
diff --git a/web/recon_note/static/note/js/todo.js b/web/recon_note/static/note/js/todo.js
@@ -99,9 +99,9 @@ function populateTodofunction(){
     '</div>'+
 
     '<div class="todo-content">'+
-    '<h5 class="todo-heading">'+$_task+'</h5>'+
+    '<h5 class="todo-heading">'+htmlEncode($_task)+'</h5>'+
     '<p class="target">'+$_targetText+'</h5>'+
-    "<p class='todo-text' >"+$_taskDescriptionText+"</p>"+
+    "<p class='todo-text' >"+htmlEncode($_taskDescriptionText)+"</p>"+
     '</div>'+
 
     '<div class="action-dropdown">'+

diff --git a/web/scanEngine/static/scanEngine/js/custom_tools.js b/web/scanEngine/static/scanEngine/js/custom_tools.js
@@ -7,7 +7,7 @@ function load_gf_template(pattern_name){
   $('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
   $.getJSON(`/api/getFileContents?gf_pattern&name=${pattern_name}&format=json`, function(data) {
     $('#modal-loader').empty();
-    $('#modal-text-content').append(`<pre>${data['content']}</pre>`);
+    $('#modal-text-content').append(`<pre>${htmlEncode(data['content'])}</pre>`);
   }).fail(function(){
     $('#modal-loader').empty();
     $("#modal-text-content").append(`<p class='text-danger'>Error loading GF Pattern</p>`);
@@ -24,7 +24,7 @@ function load_nuclei_template(pattern_name){
   $('.modal-text').append(`<div class='outer-div' id="modal-loader"><span class="inner-div spinner-border text-info align-self-center loader-sm"></span></div>`);
   $.getJSON(`/api/getFileContents?nuclei_template&name=${pattern_name}&format=json`, function(data) {
     $('#modal-loader').empty();
-    $('#modal-text-content').append(`<pre>${data['content']}</pre>`);
+    $('#modal-text-content').append(`<pre>${htmlEncode(data['content'])}</pre>`);
   }).fail(function(){
     $('#modal-loader').empty();
     $("#modal-text-content").append(`<p class='text-danger'>Error loading Nuclei Template</p>`);
@@ -52,7 +52,7 @@ $("#nuclei_config_text_area").dblclick(function() {
 // get Subfinder config
 $.getJSON(`/api/getFileContents?subfinder_config&format=json`, function(data) {
   $("#subfinder_config_text_area").attr("rows", 14);
-  $("textarea#subfinder_config_text_area").html(data['content']);
+  $("textarea#subfinder_config_text_area").html(htmlEncode(data['content']));
 }).fail(function(){
   $("#subfinder_config_text_area").removeAttr("readonly");
   $("textarea#subfinder_config_text_area").html(`# Your Subfinder configuration here.`);
@@ -69,7 +69,7 @@ $("#subfinder_config_text_area").dblclick(function() {
 // get Naabu config
 $.getJSON(`/api/getFileContents?naabu_config&format=json`, function(data) {
   $("#naabu_config_text_area").attr("rows", 14);
-  $("textarea#naabu_config_text_area").html(data['content']);
+  $("textarea#naabu_config_text_area").html(htmlEncode(data['content']));
 }).fail(function(){
   $("#naabu_config_text_area").removeAttr("readonly");
   $("textarea#naabu_config_text_area").html(`# Your Naabu configuration here.`);
@@ -87,7 +87,7 @@ $("#naabu_config_text_area").dblclick(function() {
 // get amass config
 $.getJSON(`/api/getFileContents?amass_config&format=json`, function(data) {
   $("#amass_config_text_area").attr("rows", 14);
-  $("textarea#amass_config_text_area").html(data['content']);
+  $("textarea#amass_config_text_area").html(htmlEncode(data['content']));
 }).fail(function(){
   $("#amass_config_text_area").removeAttr("readonly");
   $("textarea#amass_config_text_area").html(`# Your amass configuration here.`);

diff --git a/web/startScan/static/startScan/js/detail_scan.js b/web/startScan/static/startScan/js/detail_scan.js
diff --git a/web/startScan/templates/startScan/detail_scan.html b/web/startScan/templates/startScan/detail_scan.html
@@ -1847,9 +1847,9 @@ <h5 class="">Add Todo for <span id="todo-modal-subdomain-name"></span></h5>
 get_endpoint_changes({{scan_history_id}});
 
 // get interesting subdomain
-get_interesting_subdomains({{scan_history_id}});
+get_interesting_subdomains(null, {{scan_history_id}});
 // get interesting endpoint
-get_interesting_endpoint({{scan_history_id}});
+get_interesting_endpoint(null, {{scan_history_id}});
 
 
 // get screenshots
@@ -1881,7 +1881,7 @@ <h5 class="">Add Todo for <span id="todo-modal-subdomain-name"></span></h5>
 	visualise_scan_results({{scan_history_id}});
 });
 
-get_important_subdomains({{scan_history_id}});
+get_important_subdomains(null, {{scan_history_id}});
 
 get_ips({{scan_history_id}});
 
@@ -1893,7 +1893,7 @@ <h5 class="">Add Todo for <span id="todo-modal-subdomain-name"></span></h5>
 
 get_dork_summary({{scan_history_id}});
 
-get_recon_notes({{scan_history_id}});
+get_recon_notes(null, {{scan_history_id}});
 
 {% if history.fetch_url and history.used_gf_patterns %}
 // gf patterns

diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
@@ -470,3 +470,228 @@ function report_hackerone(vulnerability_id, severity){
 		}
 	}])
 }
+
+function get_interesting_subdomains(target_id, scan_history_id){
+	if (target_id) {
+		url = `/api/listInterestingEndpoints/?target_id=${target_id}&format=datatables`;
+		non_orderable_targets = [0, 1, 2, 3];
+	}
+	else if (scan_history_id) {
+		url  = `/api/listInterestingSubdomains/?scan_id=${scan_history_id}&format=datatables`;
+		non_orderable_targets = [];
+	}
+	var interesting_subdomain_table = $('#interesting_subdomains').DataTable({
+		"drawCallback": function(settings, start, end, max, total, pre) {
+			$('#interesting_subdomain_count_badge').empty();
+			$('#interesting_subdomain_count_badge').html(`<span class="badge outline-badge-danger">${this.fnSettings().fnRecordsTotal()}</span>`);
+		},
+		"oLanguage": {
+			"oPaginate": { "sPrevious": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>', "sNext": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg>' },
+			"sInfo": "Showing page _PAGE_ of _PAGES_",
+			"sSearch": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"><circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line></svg>',
+			"sSearchPlaceholder": "Search...",
+			"sLengthMenu": "Results :  _MENU_",
+			"sProcessing": "Processing... Please wait..."
+		},
+		"processing": true,
+		"dom": "<'row'<'col-lg-10 col-md-10 col-12'f><'col-lg-2 col-md-2 col-12'l>>" +
+		"<'row'<'col'tr>>" +
+		"<'dt--bottom-section d-sm-flex justify-content-sm-between text-center'<'dt--pages-count  mb-sm-0 mb-3'i><'dt--pagination'p>>",
+		"destroy": true,
+		"bInfo": false,
+		"stripeClasses": [],
+		'serverSide': true,
+		"ajax": url,
+		"order": [[3, "desc"]],
+		"columns": [
+			{'data': 'name'},
+			{'data': 'page_title'},
+			{'data': 'http_status'},
+			{'data': 'content_length'},
+			{'data': 'http_url'},
+			{'data': 'technologies'},
+		],
+		"columnDefs": [
+			{ "orderable": false, "targets": non_orderable_targets},
+			{
+				"targets": [ 4 ],
+				"visible": false,
+				"searchable": false,
+			},
+			{
+				"targets": [ 5 ],
+				"visible": false,
+				"searchable": true,
+			},
+			{"className": "text-center", "targets": [ 2 ]},
+			{
+				"render": function ( data, type, row ) {
+					tech_badge = '';
+					if (row['technologies']){
+						tech_badge = `</br>` + parse_technology(row['technologies'], "info", outline=true, scan_id=null);
+					}
+					if (row['http_url']) {
+						return `<a href="`+row['http_url']+`" class="text-info" target="_blank">`+data+`</a>` + tech_badge;
+					}
+					return `<a href="https://`+data+`" class="text-info" target="_blank">`+data+`</a>` + tech_badge;
+				},
+				"targets": 0
+			},
+			{
+				"render": function ( data, type, row ) {
+					// display badge based on http status
+					// green for http status 2XX, orange for 3XX and warning for everything else
+					if (data >= 200 && data < 300) {
+						return "<span class='badge badge-pills badge-success'>"+data+"</span>";
+					}
+					else if (data >= 300 && data < 400) {
+						return "<span class='badge badge-pills badge-warning'>"+data+"</span>";
+					}
+					else if (data == 0){
+						// datatable throws error when no data is returned
+						return "";
+					}
+					return `<span class='badge badge-pills badge-danger'>`+data+`</span>`;
+				},
+				"targets": 2,
+			},
+		],
+	});
+}
+
+function get_interesting_endpoint(target_id, scan_history_id){
+	if (target_id) {
+		url = `/api/listInterestingEndpoints/?target_id=${target_id}&format=datatables`;
+		non_orderable_targets = [0, 1, 2, 3];
+	}
+	else if (scan_history_id) {
+		url = `/api/listInterestingEndpoints/?scan_id=${scan_history_id}&format=datatables`;
+		non_orderable_targets = [0, 1, 2, 3];
+	}
+	$('#interesting_endpoints').DataTable({
+		"drawCallback": function(settings, start, end, max, total, pre) {
+			$('#interesting_endpoint_count_badge').empty();
+			$('#interesting_endpoint_count_badge').html(`<span class="badge outline-badge-danger">${this.fnSettings().fnRecordsTotal()}</span>`);
+		},
+		"oLanguage": {
+			"oPaginate": { "sPrevious": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>', "sNext": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg>' },
+			"sInfo": "Showing page _PAGE_ of _PAGES_",
+			"sSearch": '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"><circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line></svg>',
+			"sSearchPlaceholder": "Search...",
+			"sLengthMenu": "Results :  _MENU_",
+			"sProcessing": "Processing... Please wait..."
+		},
+		"processing":true,
+		"dom": "<'row'<'col-lg-10 col-md-10 col-12'f><'col-lg-2 col-md-2 col-12'l>>" +
+		"<'row'<'col'tr>>" +
+		"<'dt--bottom-section d-sm-flex justify-content-sm-between text-center'<'dt--pages-count  mb-sm-0 mb-3'i><'dt--pagination'p>>",
+		'serverSide': true,
+		"bInfo": false,
+		"ajax": url,
+		"order": [[3, "desc"]],
+		"columns": [
+			{'data': 'http_url'},
+			{'data': 'page_title'},
+			{'data': 'http_status'},
+			{'data': 'content_length'},
+		],
+		"columnDefs": [
+			{ "orderable": false, "targets": non_orderable_targets},
+			{"className": "text-center", "targets": [ 2 ]},
+			{
+				"render": function ( data, type, row ) {
+					var url = split(data, 70);
+					return "<a href='"+data+"' target='_blank' class='text-info'>"+url+"</a>";
+				},
+				"targets": 0
+			},
+			{
+				"render": function ( data, type, row ) {
+					// display badge based on http status
+					// green for http status 2XX, orange for 3XX and warning for everything else
+					if (data >= 200 && data < 300) {
+						return "<span class='badge badge-pills badge-success'>"+data+"</span>";
+					}
+					else if (data >= 300 && data < 400) {
+						return "<span class='badge badge-pills badge-warning'>"+data+"</span>";
+					}
+					else if (data == 0){
+						// datatable throws error when no data is returned
+						return "";
+					}
+					return `<span class='badge badge-pills badge-danger'>`+data+`</span>`;
+				},
+				"targets": 2,
+			},
+		],
+	});
+}
+
+
+function get_important_subdomains(target_id, scan_history_id){
+	if (target_id) {
+		url = `/api/querySubdomains/?target_id=${target_id}&only_important&no_lookup_interesting&format=json`;
+	}
+	else if (scan_history_id) {
+		url = `/api/querySubdomains/?scan_id=${scan_history_id}&only_important&no_lookup_interesting&format=json`;
+	}
+	$.getJSON(url, function(data) {
+		$('#important-count').empty();
+		$('#important-subdomains-list').empty();
+		if (data['subdomains'].length > 0){
+			$('#important-count').html(`<span class="badge outline-badge-dark">${data['subdomains'].length}</span>`);
+			for (var val in data['subdomains']){
+				subdomain = data['subdomains'][val];
+				div_id = 'important_' + subdomain['id'];
+				$("#important-subdomains-list").append(`
+					<div id="${div_id}">
+					<p>
+					<span id="subdomain_${subdomain['id']}"> ${subdomain['name']}
+					<span class="">
+					<a href="javascript:;" data-clipboard-action="copy" class="m-1 float-right badge-link text-info copyable text-primary" data-toggle="tooltip" data-placement="top" title="Copy Subdomain!" data-clipboard-target="#subdomain_${subdomain['id']}">
+					<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-copy"><rect x="9" y="9" width="13" height="13" rx="2" ry="2"></rect><path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"></path></svg></span>
+					</a>
+					</span>
+					</p>
+					</div>
+					<hr />
+					`
+				);
+			}
+		}
+		else{
+			$('#important-count').html(`<span class="badge outline-badge-dark">0</span>`);
+			$('#important-subdomains-list').append(`<p>No subdomains markerd as important!</p>`);
+		}
+		$('.bs-tooltip').tooltip();
+	});
+}
+
+
+function mark_important_subdomain(subdomain_id, target_summary){
+	if (target_summary) {
+		subdomainImpApi = "../../scan/toggle/subdomain/important/" + subdomain_id;
+	}
+	else{
+		subdomainImpApi = "../toggle/subdomain/important/" + subdomain_id;
+	}
+  if($("#important_subdomain_" + subdomain_id).length == 0) {
+    $("#subdomain-"+subdomain_id).prepend(`<span id="important_subdomain_${subdomain_id}" class="text-danger bs-tooltip" title="Important Subdomain">
+    <svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-alert-triangle"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"></path><line x1="12" y1="9" x2="12" y2="13"></line><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>
+    </span>`);
+    setTooltip("#subdomain-"+subdomain_id, 'Marked Important!');
+  }
+  else{
+    $("#important_subdomain_" + subdomain_id).remove();
+    setTooltip("#subdomain-"+subdomain_id, 'Marked Un-Important!');
+  }
+  hideTooltip("#subdomain-"+subdomain_id);
+
+  return fetch(subdomainImpApi, {
+    method: 'POST',
+    credentials: "same-origin",
+    headers: {
+      "X-CSRFToken": getCookie("csrftoken")
+    }
+  });
+}