Extracting PGP Keys from Pages
Also fixes a bug with reporting of headers.
This commit is contained in:
Sarah Jamie Lewis
parent
a29741ed46
commit
eee0c61490
|
|
@ -38,6 +38,7 @@ type OnionScanReport struct {
|
|||
ExifImages []ExifImage `json:"exifImages"`
|
||||
InterestingFiles []string `json:"interestingFiles"`
|
||||
PageReferencedDirectories []string `json:"pageReferencedDirectories"`
|
||||
PGPKeys []string `json:"pgpKeys"`
|
||||
|
||||
Hashes []string `json:"hashes"`
|
||||
SSHKey string `json:"sshKey"`
|
||||
|
|
@ -85,6 +86,11 @@ func (osr *OnionScanReport) AddLinkedSite(site string) {
|
|||
utils.RemoveDuplicates(&osr.LinkedSites)
|
||||
}
|
||||
|
||||
func (osr *OnionScanReport) AddPGPKey(key string) {
|
||||
osr.PGPKeys = append(osr.PGPKeys, key)
|
||||
utils.RemoveDuplicates(&osr.PGPKeys)
|
||||
}
|
||||
|
||||
func (osr *OnionScanReport) AddResponseHeader(name string, value string) {
|
||||
osr.ResponseHeaders[name] = value
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,6 +70,7 @@ func GenerateSimpleReport(reportFile string, report *OnionScanReport) {
|
|||
}
|
||||
}
|
||||
|
||||
if report.WebDetected {
|
||||
if _, ok := report.ResponseHeaders["X-FRAME-OPTIONS"]; !ok {
|
||||
info += 1
|
||||
}
|
||||
|
|
@ -85,6 +86,7 @@ func GenerateSimpleReport(reportFile string, report *OnionScanReport) {
|
|||
if _, ok := report.ResponseHeaders["CONTENT-SECURITY-POLICY"]; !ok {
|
||||
info += 1
|
||||
}
|
||||
}
|
||||
|
||||
buffer := bytes.NewBuffer(nil)
|
||||
buffer.WriteString("--------------- OnionScan Report ---------------\n")
|
||||
|
|
@ -144,7 +146,7 @@ func GenerateSimpleReport(reportFile string, report *OnionScanReport) {
|
|||
buffer.WriteString("\n")
|
||||
}
|
||||
|
||||
if report.ResponseHeaders != nil {
|
||||
if report.ResponseHeaders != nil && report.WebDetected {
|
||||
if _, ok := report.ResponseHeaders["X-FRAME-OPTIONS"]; !ok {
|
||||
buffer.WriteString("Info: Missing X-Frame-Options HTTP header discovered!\n")
|
||||
buffer.WriteString("\t Why this is bad: Provides Clickjacking protection. Values: deny - no rendering within a frame, sameorigin\n\t - no rendering if origin mismatch, allow-from: DOMAIN - allow rendering if framed by frame loaded from DOMAIN\n")
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
package scans
|
||||
|
||||
import (
|
||||
"github.com/s-rah/onionscan/report"
|
||||
)
|
||||
|
||||
type ContentScan interface {
|
||||
ScanContent(content string, report *report.OnionScanReport)
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
package scans
|
||||
|
||||
import (
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"log"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
type PGPContentScan struct {
|
||||
}
|
||||
|
||||
func (cs *PGPContentScan) ScanContent(content string, report *report.OnionScanReport) {
|
||||
log.Printf("\tScanning for PGP Key\n")
|
||||
pgpRegexp := regexp.MustCompile("-----BEGIN PGP PUBLIC KEY BLOCK-----((?s).*)-----END PGP PUBLIC KEY BLOCK-----")
|
||||
foundPGP := pgpRegexp.FindAllString(content, -1)
|
||||
for _, key := range foundPGP {
|
||||
report.AddPGPKey(key)
|
||||
}
|
||||
}
|
||||
|
|
@ -30,6 +30,7 @@ func StandardPageScan(scan Scanner, page string, status int, contents string, re
|
|||
report.PageTitle = pageTitle
|
||||
}
|
||||
|
||||
new(PGPContentScan).ScanContent(contents, report)
|
||||
domains := utils.ExtractDomains(contents)
|
||||
|
||||
for _, domain := range domains {
|
||||
|
|
|
|||
Loading…
Reference in New Issue