ThreatScript Web Client » History » Version 3
Luke Murphey, 05/19/2010 11:53 PM
| 1 | 1 | Luke Murphey | h1. ThreatScript Web Client |
|---|---|---|---|
| 2 | 1 | Luke Murphey | |
| 3 | 1 | Luke Murphey | ThreatScript definitions can actively access and gather information from websites using one of the HTTP request classes. The following classes are available (each corresponding to the associated HTTP verb): |
| 4 | 1 | Luke Murphey | |
| 5 | 1 | Luke Murphey | * GetRequest |
| 6 | 1 | Luke Murphey | * PostRequest |
| 7 | 1 | Luke Murphey | * DeleteRequest |
| 8 | 1 | Luke Murphey | * PutRequest |
| 9 | 1 | Luke Murphey | * TraceRequest |
| 10 | 1 | Luke Murphey | * HeadRequest |
| 11 | 1 | Luke Murphey | * OptionsRequest |
| 12 | 1 | Luke Murphey | |
| 13 | 3 | Luke Murphey | Below is an example of a definition that determines how many links to the given page exists (via Google): |
| 14 | 3 | Luke Murphey | |
| 15 | 1 | Luke Murphey | <pre> |
| 16 | 1 | Luke Murphey | <code class="Javascript"> |
| 17 | 1 | Luke Murphey | /* |
| 18 | 2 | Luke Murphey | * Name: Test.Test.LinkCount |
| 19 | 1 | Luke Murphey | * ID: 1200001 |
| 20 | 1 | Luke Murphey | * Version: 1 |
| 21 | 2 | Luke Murphey | * Message: Detects the number of websites linking to this page |
| 22 | 1 | Luke Murphey | * Severity: Low |
| 23 | 1 | Luke Murphey | */ |
| 24 | 1 | Luke Murphey | |
| 25 | 1 | Luke Murphey | importPackage(Packages.ThreatScript); |
| 26 | 1 | Luke Murphey | importPackage(Packages.HTTP); |
| 27 | 1 | Luke Murphey | |
| 28 | 1 | Luke Murphey | function analyze( httpResponse, variables, environment ){ |
| 29 | 3 | Luke Murphey | |
| 30 | 2 | Luke Murphey | var get = new GetRequest("http://www.google.com/search?q=site+to+" + httpResponse.getLocation() ); |
| 31 | 1 | Luke Murphey | var httpResponse = get.run(); |
| 32 | 1 | Luke Murphey | var s = httpResponse.getResponseBodyAsString(); |
| 33 | 1 | Luke Murphey | |
| 34 | 1 | Luke Murphey | if( s == null ){ |
| 35 | 2 | Luke Murphey | return new Result( true, "Could not get a response from Google.com"); |
| 36 | 1 | Luke Murphey | } |
| 37 | 1 | Luke Murphey | |
| 38 | 2 | Luke Murphey | var resultsCount = /About ([,0-9]+) results/; |
| 39 | 2 | Luke Murphey | var result = resultsCount.exec(s); |
| 40 | 2 | Luke Murphey | |
| 41 | 2 | Luke Murphey | var linkcount = result[1]; |
| 42 | 2 | Luke Murphey | |
| 43 | 2 | Luke Murphey | return new Result( true, "Number of sites that link to this page: " + linkcount); |
| 44 | 1 | Luke Murphey | } |
| 45 | 1 | Luke Murphey | </code> |
| 46 | 1 | Luke Murphey | </pre> |