From 11a5b8aa7eabfe8512aa574bf29242e35725457b Mon Sep 17 00:00:00 2001 From: Sebastian Date: Fri, 10 Sep 2021 08:59:20 +0200 Subject: [PATCH 1/4] Adding cascading-rule for typo3 scanner (wip) Adds a cascading rule tailored for whatweb findings. Intensiveness is debatable, I think medium or low should suit best Signed-off-by: Sebastian --- .../typo3scan/cascading-rules/scan-typo3.yaml | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 scanners/typo3scan/cascading-rules/scan-typo3.yaml diff --git a/scanners/typo3scan/cascading-rules/scan-typo3.yaml b/scanners/typo3scan/cascading-rules/scan-typo3.yaml new file mode 100644 index 0000000000..cc999bf937 --- /dev/null +++ b/scanners/typo3scan/cascading-rules/scan-typo3.yaml @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: "cascading.securecodebox.io/v1" +kind: CascadingRule +metadata: + name: "typo3scan-cascade" + labels: + securecodebox.io/invasive: non-invasive + securecodebox.io/intensive: medium +spec: + matches: + anyOf: + - category: "WEB APPLICATION" + attributes: + TYPO3: "" #see WhatWeb Findings + - category: "WEB APPLICATION" + attributes: + PoweredBy: "TYPO3" + scanSpec: + scanType: "typo3scan" + parameters: + - "-d" + - "{{$.hostOrIP}}" # Change to the website you want to scan + # Only show vulnerable extensions + - "--vuln" + # Set the number of threads to use for enumerating extensions at 10 + - "--threads" + - "10" From c130459287543e097d5843f2d4caa560ca8bf97a Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Wed, 15 Sep 2021 16:38:30 +0200 Subject: [PATCH 2/4] Added location attribute to cascading rule Signed-off-by: Ilyes Ben Dlala --- scanners/typo3scan/cascading-rules/scan-typo3.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scanners/typo3scan/cascading-rules/scan-typo3.yaml b/scanners/typo3scan/cascading-rules/scan-typo3.yaml index cc999bf937..fd9e4776a2 100644 --- a/scanners/typo3scan/cascading-rules/scan-typo3.yaml +++ b/scanners/typo3scan/cascading-rules/scan-typo3.yaml @@ -12,9 +12,6 @@ metadata: spec: matches: anyOf: - - category: "WEB APPLICATION" - attributes: - TYPO3: "" #see WhatWeb Findings - category: "WEB APPLICATION" attributes: PoweredBy: "TYPO3" @@ -22,7 +19,7 @@ spec: scanType: "typo3scan" parameters: - "-d" - - "{{$.hostOrIP}}" # Change to the website you want to scan + - "{{location}}" # Change to the website you want to scan # Only show vulnerable extensions - "--vuln" # Set the number of threads to use for enumerating extensions at 10 From 759552828b1fc2ae153e7fb99b593a9b9c300d7a Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Wed, 15 Sep 2021 17:09:50 +0200 Subject: [PATCH 3/4] Fixed url encoding for typo3scan cascading rule Signed-off-by: Ilyes Ben Dlala --- scanners/typo3scan/cascading-rules/scan-typo3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/typo3scan/cascading-rules/scan-typo3.yaml b/scanners/typo3scan/cascading-rules/scan-typo3.yaml index fd9e4776a2..323033a8ee 100644 --- a/scanners/typo3scan/cascading-rules/scan-typo3.yaml +++ b/scanners/typo3scan/cascading-rules/scan-typo3.yaml @@ -19,7 +19,7 @@ spec: scanType: "typo3scan" parameters: - "-d" - - "{{location}}" # Change to the website you want to scan + - "{{{location}}}" # Change to the website you want to scan # Only show vulnerable extensions - "--vuln" # Set the number of threads to use for enumerating extensions at 10 From 4d65243e088c73af30ad096b9d978a5388e4778a Mon Sep 17 00:00:00 2001 From: Ilyes Ben Dlala Date: Wed, 15 Sep 2021 17:44:35 +0200 Subject: [PATCH 4/4] Corrected comment in cascading rule of typo3scan Signed-off-by: Ilyes Ben Dlala --- scanners/typo3scan/cascading-rules/scan-typo3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/typo3scan/cascading-rules/scan-typo3.yaml b/scanners/typo3scan/cascading-rules/scan-typo3.yaml index 323033a8ee..ae3731e24d 100644 --- a/scanners/typo3scan/cascading-rules/scan-typo3.yaml +++ b/scanners/typo3scan/cascading-rules/scan-typo3.yaml @@ -19,7 +19,7 @@ spec: scanType: "typo3scan" parameters: - "-d" - - "{{{location}}}" # Change to the website you want to scan + - "{{{location}}}" # Runs a typo3scan upon the 'location' parameter in whatweb findings # Only show vulnerable extensions - "--vuln" # Set the number of threads to use for enumerating extensions at 10