diff --git a/main.go b/main.go index ffc3e63..fad3ecd 100644 --- a/main.go +++ b/main.go @@ -5,6 +5,7 @@ import ( "log" "os" + owasp "github.com/mamaoag/binosearch/services/owasp" scanner "github.com/mamaoag/binosearch/services/scanner" resource "github.com/mamaoag/binosearch/services/url" wordlist "github.com/mamaoag/binosearch/services/wordlist" @@ -14,7 +15,8 @@ func main() { const APPNAME string = "Binoscan" var baseUrl string var wordlistPath string - // var resultsFound uint8 = 0 + var endpointsFound []resource.Url + var message string fmt.Printf("%s - an api application scanner.\n", APPNAME) fmt.Print("Enter your base url > ") @@ -34,8 +36,39 @@ func main() { for _, path := range dir { url := resource.Parse(baseUrl, path) - scanner.ScanEndpoint(url) + found := scanner.ScanEndpoint(url) + + if found.Path != "" { + endpointsFound = append(endpointsFound, found) + } + } + + if len(endpointsFound) > 0 { + fmt.Printf("\nScanning for OWASP API Security 2019 Issues\n") + result, err := owasp.BrokenObjectLevelAuth(endpointsFound) + + if err != nil { + log.Fatalln(err) + } + + if result { + message = "There are issues found. ❌" + } else { + message = "No issues found. ✅" + } + + logResult("API1:2019", message) } fmt.Printf("Scanning Complete.\n") } + +func logResult(code string, message string) { + log.Printf( + "%d %d: [%s] %s\n", + log.Ldate, + log.Ltime, + code, + message, + ) +} diff --git a/services/owasp/owasp.go b/services/owasp/owasp.go new file mode 100644 index 0000000..26ea5aa --- /dev/null +++ b/services/owasp/owasp.go @@ -0,0 +1,74 @@ +package services + +import ( + "io/ioutil" + "strings" + + proxy "github.com/mamaoag/binosearch/services/http" + url "github.com/mamaoag/binosearch/services/url" +) + +func unAuthCodes(statusCode int) bool { + switch statusCode { + case + 200, + 400, + 429, + 500, + 503: + return true + } + + return false +} + +// API1:2019 - Broken Object Level Auth. Checks for GUIDs +func BrokenObjectLevelAuth(endpoints []url.Url) (bool, error) { + + var endpointIssue []url.Url + var message string + + for i := 0; i < len(endpoints); i++ { + res, err := proxy.Request(endpoints[i].Full) + + if err != nil { + return false, err + } + + message = "Endpoint shows no data." + + if unAuthCodes(res.StatusCode) { + defer res.Body.Close() + + body, err := ioutil.ReadAll(res.Body) + + if err != nil { + return false, err + } + + bodyString := string(body) + + if strings.Contains(bodyString, "[") { + endpointIssue = append(endpointIssue, endpoints[i]) + message = "Endpoint shows data." + } else if strings.Contains(bodyString, "id") { + endpointIssue = append(endpointIssue, endpoints[i]) + message = "Endpoint shows data." + } + } + + response := proxy.LogHttpResponse{ + Path: endpoints[i].Path, + StatusCode: res.StatusCode, + Message: message, + } + + proxy.LogResponse(response) + } + + if len(endpointIssue) == 0 { + return false, nil + } + + return true, nil +} diff --git a/services/scanner/scanner.go b/services/scanner/scanner.go index d919956..5ca95ef 100644 --- a/services/scanner/scanner.go +++ b/services/scanner/scanner.go @@ -7,8 +7,9 @@ import ( url "github.com/mamaoag/binosearch/services/url" ) -func ScanEndpoint(resource url.Url) { +func ScanEndpoint(resource url.Url) url.Url { var message string + var found url.Url = url.Url{} res, err := proxy.Request(resource.Full) @@ -22,6 +23,7 @@ func ScanEndpoint(resource url.Url) { message = "Not found. ❌" } else { message = "Found. ✅" + found = resource } response := proxy.LogHttpResponse{ @@ -31,4 +33,6 @@ func ScanEndpoint(resource url.Url) { } proxy.LogResponse(response) + + return found }