fix minor but with waf events scope distance

blacklanternsecurity · Sep 18, 2023 · c43b30c · c43b30c
1 parent ba4fc61
commit c43b30c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/bbot/core/event/base.py b/bbot/core/event/base.py
@@ -947,6 +947,21 @@ class AZURE_TENANT(DictEvent):
     _always_emit = True
 
 
+class WAF(DictHostEvent):
+    _always_emit = True
+
+    class _data_validator(BaseModel):
+        url: str
+        host: str
+        WAF: str
+        info: Optional[str]
+        _validate_url = validator("url", allow_reuse=True)(validators.validate_url)
+        _validate_host = validator("host", allow_reuse=True)(validators.validate_host)
+
+    def _pretty_string(self):
+        return self.data["WAF"]
+
+
 def make_event(
     data,
     event_type=None,

diff --git a/bbot/modules/wafw00f.py b/bbot/modules/wafw00f.py
@@ -21,18 +21,23 @@ class wafw00f(BaseModule):
     per_host_only = True
 
     async def handle_event(self, event):
-        host = f"{event.parsed.scheme}://{event.parsed.netloc}/"
-        WW = await self.scan.run_in_executor(wafw00f_main.WAFW00F, host)
+        url = f"{event.parsed.scheme}://{event.parsed.netloc}/"
+        WW = await self.scan.run_in_executor(wafw00f_main.WAFW00F, url)
         waf_detections = await self.scan.run_in_executor(WW.identwaf)
         if waf_detections:
             for waf in waf_detections:
-                self.emit_event({"host": host, "WAF": waf}, "WAF", source=event)
+                self.emit_event({"host": str(event.host), "url": url, "WAF": waf}, "WAF", source=event)
         else:
             if self.config.get("generic_detect") == True:
                 generic = await self.scan.run_in_executor(WW.genericdetect)
                 if generic:
                     self.emit_event(
-                        {"host": host, "WAF": "generic detection", "info": WW.knowledge["generic"]["reason"]},
+                        {
+                            "host": str(event.host),
+                            "url": url,
+                            "WAF": "generic detection",
+                            "info": WW.knowledge["generic"]["reason"],
+                        },
                         "WAF",
                         source=event,
                     )