Added dastardly module

blacklanternsecurity · Dec 7, 2023 · d74c689 · d74c689
1 parent dda155f
commit d74c689
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 27 deletions.
diff --git a/bbot/modules/deadly/dastardly.py b/bbot/modules/deadly/dastardly.py
@@ -10,14 +10,7 @@ class dastardly(BaseModule):
 
     deps_apt = ["docker.io"]
     deps_pip = ["lxml~=4.9.2"]
-    deps_ansible = [
-        {
-            "name": "Pull the dastardly image",
-            "docker_image": {
-                "name": "public.ecr.aws/portswigger/dastardly:latest"
-            },
-        }
-    ]
+    deps_shell = ["docker pull public.ecr.aws/portswigger/dastardly:latest"]
     in_scope_only = True
 
     async def setup(self):
@@ -30,7 +23,7 @@ async def handle_event(self, event):
         try:
             await self.helpers.run(command, sudo=True)
             for testsuite in self.parse_dastardly_xml(output_file):
-                url = testcase.endpoint
+                url = testsuite.endpoint
                 for testcase in testsuite.testcases:
                     for failure in testcase.failures:
                         message = failure.instance
@@ -49,7 +42,7 @@ async def handle_event(self, event):
                         else:
                             self.emit_event(
                                 {
-                                    "severity": severity,
+                                    "severity": failure.severity,
                                     "host": str(event.host),
                                     "url": url,
                                     "description": message,
@@ -62,22 +55,24 @@ async def handle_event(self, event):
             output_file.unlink(missing_ok=True)
 
     def construct_command(self, target):
-        temp_filename = self.helpers.temp_filename(extension="xml")
+        temp_path = self.helpers.temp_filename(extension="xml")
+        filename = temp_path.name
+        temp_dir = temp_path.parent
         command = [
-            'docker',
-            'run',
-            '--user',
-            '$(id -u)',
-            '--rm',
-            '-v',
-            '$(pwd):/dastardly',
-            '-e',
-            'BURP_START_URL={target}',
-            '-e',
-            'BURP_REPORT_FILE_PATH=/dastardly/{temp_filename}',
-            'public.ecr.aws/portswigger/dastardly:latest'
+            "docker",
+            "run",
+            "--user",
+            "0",
+            "--rm",
+            "-v",
+            f"{temp_dir}:/dastardly",
+            "-e",
+            f"BURP_START_URL={target}",
+            "-e",
+            f"BURP_REPORT_FILE_PATH=/dastardly/{filename}",
+            "public.ecr.aws/portswigger/dastardly:latest",
         ]
-        return command, temp_filename
+        return command, temp_path
 
     def parse_dastardly_xml(self, xml_file):
         try:
@@ -86,12 +81,13 @@ def parse_dastardly_xml(self, xml_file):
                 for testsuite in et.iter("testsuite"):
                     yield TestSuite(testsuite)
         except Exception as e:
-            self.warning(f"Error parsing Nmap XML at {xml_file}: {e}")
+            self.warning(f"Error parsing Dastardly XML at {xml_file}: {e}")
 
     async def cleanup(self):
         resume_file = self.helpers.current_dir / "resume.cfg"
         resume_file.unlink(missing_ok=True)
 
+
 class Failure:
     def __init__(self, xml):
         self.etree = xml
@@ -101,6 +97,7 @@ def __init__(self, xml):
         self.severity = self.etree.attrib.get("type", "")
         self.text = self.etree.text
 
+
 class TestCase:
     def __init__(self, xml):
         self.etree = xml
@@ -111,7 +108,8 @@ def __init__(self, xml):
         # findings / failures(as dastardly names them)
         self.failures = []
         for failure in self.etree.findall("failure"):
-            self.testcases.append(Failure(failure))
+            self.failures.append(Failure(failure))
+
 
 class TestSuite:
     def __init__(self, xml):
@@ -123,4 +121,4 @@ def __init__(self, xml):
         # test cases
         self.testcases = []
         for testcase in self.etree.findall("testcase"):
-            self.testcases.append(TestCase(testcase))
+            self.testcases.append(TestCase(testcase))
diff --git a/bbot/test/test_step_2/module_tests/test_module_dastardly.py b/bbot/test/test_step_2/module_tests/test_module_dastardly.py
@@ -0,0 +1,19 @@
+from .base import ModuleTestBase
+
+
+class TestDastardly(ModuleTestBase):
+    targets = ["ginandjuice.shop"]
+    modules_overrides = ["nmap", "httpx", "dastardly"]
+
+    def check(self, module_test, events):
+        reflected_xss = False
+        vulnerable_js = False
+        for e in events:
+            if e.type == "VULNERABILITY":
+                if "Cross-site scripting (reflected)" in e.data["description"]:
+                    reflected_xss = True
+            if e.type == "VULNERABILITY":
+                if "Vulnerable JavaScript dependency" in e.data["description"]:
+                    vulnerable_js = True
+        assert reflected_xss
+        assert vulnerable_js