Phillip Tarrant
1eb2a52f17
Core changes
- Centralize detection in the Rules Engine; browser.py now focuses on fetch/extract/persist.
- Add class-based adapters:
- FactAdapter: converts snippets → structured facts.
- FunctionRuleAdapter: wraps dict-based rule functions for engine input (str or dict).
- Register function rules (code-based) alongside YAML rules:
- form_action_missing
- form_http_on_https_page
- form_submits_to_different_host
- script_src_uses_data_or_blob
- script_src_has_dangerous_extension
- script_third_party_host
Rules & YAML
- Expand/normalize YAML rules with severities + tags; tighten patterns.
- Add new regex rules: new_function_usage, unescape_usage, string_timer_usage, long_hex_constants.
- Move iframe rule to `text` category.
- Keep existing script/form/text rules; all compile under IGNORECASE.
Browser / analysis refactor
- browser.py:
- Remove inline heuristics; rely on engine for PASS/FAIL, reason, severity, tags.
- Build page-level overview (`rule_checks`) across categories.
- Analyze forms: add `base_url` + `base_hostname` to snippet so function rules can evaluate; include per-form rule_checks.
- Analyze scripts: **per-script evaluation**:
- Inline -> run regex script rules on inline text.
- External -> run function script rules with a facts dict (src/src_hostname/base_url/base_hostname).
- Only include scripts that matched ≥1 rule; attach severity/tags to matches.
- Persist single source of truth: `/data/<uuid>/results.json`.
- Backward-compat: `fetch_page_artifacts(..., engine=...)` kwarg accepted/ignored.
UI/UX
- Suspicious Scripts table now shows only matched scripts.
- Add severity badges and tag chips; tooltips show rule description.
- Prevent table blowouts:
- Fixed layout + ellipsis + wrapping helpers (`.scripts-table`, `.breakable`, `details pre.code`).
- Shortened inline snippet preview (configurable).
- Minor template niceties (e.g., rel="noopener" on external links where applicable).
Config
- Add `ui.snippet_preview_len` to settings.yaml; default 160.
- Load into `app.config["SNIPPET_PREVIEW_LEN"]` and use in `analyze_scripts`.
Init / wiring
- Import and register function rules as `Rule(...)` objects (not dicts).
- Hook Rules Engine to Flask logger for verbose/diagnostic output.
- Log totals on startup; keep YAML path override via `SNEAKYSCOPE_RULES_FILE`.
Bug fixes
- Fix boot crash: pass `Rule` instances to `engine.add_rule()` instead of dicts.
- Fix “N/A” in scripts table by actually computing per-script matches.
- Ensure form rules fire by including `base_url`/`base_hostname` in form snippets.
Roadmap
- Update roadmap to reflect completed items:
- “Show each check and whether it triggered (pass/fail list per rule)”
- Severity levels + tags in Suspicious Scripts
- Results.json as route source of truth
- Scripts table UX (badges, tooltips, layout fix)
277 lines
7.7 KiB
HTML
277 lines
7.7 KiB
HTML
{% extends "base.html" %}
|
|
{% block content %}
|
|
|
|
<!-- Top Jump List -->
|
|
<div class="card" id="top-jump-list">
|
|
<h2>Jump to Section</h2>
|
|
<ul>
|
|
<li><a href="/">Analyse Another Page</a></li>
|
|
<li><a href="#url-overview">URL Overview</a></li>
|
|
<li><a href="#enrichment">Enrichment</a></li>
|
|
<li><a href="#redirects">Redirects</a></li>
|
|
<li><a href="#forms">Forms</a></li>
|
|
<li><a href="#scripts">Suspicious Scripts</a></li>
|
|
<li><a href="#screenshot">Screenshot</a></li>
|
|
<li><a href="#source">Source</a></li>
|
|
</ul>
|
|
</div>
|
|
|
|
<!-- URL Overview -->
|
|
<div class="card" id="url-overview">
|
|
<h2>URL Overview</h2>
|
|
<p><strong>Submitted URL:</strong> {{ submitted_url }}</p>
|
|
<p><strong>Final URL:</strong> <a href="{{ final_url }}" target="_blank">{{ final_url }}</a></p>
|
|
<p><strong>Permalink:</strong>
|
|
<a href="{{ url_for('main.view_result', run_uuid=uuid, _external=True) }}">
|
|
{{ request.host_url }}results/{{ uuid }}
|
|
</a>
|
|
</p>
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
<!-- Enrichment -->
|
|
<div class="card" id="enrichment">
|
|
<h2>Enrichment</h2>
|
|
|
|
<!-- WHOIS -->
|
|
{% if enrichment.whois %}
|
|
<h3>WHOIS</h3>
|
|
<table class="enrichment-table">
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Value</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
{% for k, v in enrichment.whois.items() %}
|
|
<tr>
|
|
<td>{{ k.replace('_', ' ').title() }}</td>
|
|
<td>{{ v }}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|
|
{% endif %}
|
|
|
|
{% if enrichment.raw_whois %}
|
|
<h3>Raw WHOIS</h3>
|
|
<pre class="code">{{ enrichment.raw_whois }}</pre>
|
|
{% endif %}
|
|
|
|
<!-- GeoIP / IP-API -->
|
|
{% if enrichment.geoip %}
|
|
<h3>GeoIP</h3>
|
|
{% for ip, info in enrichment.geoip.items() %}
|
|
<details class="card" style="padding:0.5rem; margin-bottom:0.5rem;">
|
|
<summary>{{ ip }}</summary>
|
|
<table class="enrichment-table">
|
|
<tbody>
|
|
{% for key, val in info.items() %}
|
|
<tr>
|
|
<td>{{ key.replace('_', ' ').title() }}</td>
|
|
<td>{{ val }}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|
|
</details>
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
<!-- BEC Words -->
|
|
{% if enrichment.bec_words %}
|
|
<h3>BEC Words Detected</h3>
|
|
<table class="enrichment-table">
|
|
<thead>
|
|
<tr><th>Word</th></tr>
|
|
</thead>
|
|
<tbody>
|
|
{% for word in enrichment.bec_words %}
|
|
<tr><td>{{ word }}</td></tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|
|
{% endif %}
|
|
|
|
{% if not enrichment.whois and not enrichment.raw_whois and not enrichment.geoip and not enrichment.bec_words %}
|
|
<p>No enrichment data available.</p>
|
|
{% endif %}
|
|
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
<!-- Redirects -->
|
|
<div class="card" id="redirects">
|
|
<h2>Redirects</h2>
|
|
{% if redirects %}
|
|
<table class="enrichment-table">
|
|
<thead>
|
|
<tr>
|
|
<th>Status</th>
|
|
<th>URL</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
{% for r in redirects %}
|
|
<tr>
|
|
<td>{{ r.status }}</td>
|
|
<td><a href="{{ r.url }}" target="_blank">{{ r.url }}</a></td>
|
|
</tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|
|
{% else %}
|
|
<p>No redirects detected.</p>
|
|
{% endif %}
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
<!-- Forms -->
|
|
<div class="card" id="forms">
|
|
<h2>Forms</h2>
|
|
{% if forms %}
|
|
{% for form in forms %}
|
|
<details class="card {% if form.flagged %}flagged{% endif %}" style="padding:0.5rem; margin-bottom:0.5rem;">
|
|
<summary>{{ form.status }} — Action: {{ form.action }} ({{ form.method | upper }})</summary>
|
|
<table class="enrichment-table">
|
|
<thead>
|
|
<tr>
|
|
<th>Input Name</th>
|
|
<th>Type</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
{% for inp in form.inputs %}
|
|
<tr>
|
|
<td>{{ inp.name }}</td>
|
|
<td>{{ inp.type }}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|
|
{% if form.flagged %}
|
|
<p><strong>Flag Reasons:</strong></p>
|
|
<ul>
|
|
{% for reason in form.flag_reasons %}
|
|
<li>{{ reason }}</li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
</details>
|
|
{% endfor %}
|
|
{% else %}
|
|
<p>No forms detected.</p>
|
|
{% endif %}
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
<!-- Suspicious Scripts -->
|
|
<div class="card" id="scripts">
|
|
<h2>Suspicious Scripts</h2>
|
|
|
|
{% if suspicious_scripts %}
|
|
<table class="enrichment-table scripts-table">
|
|
<thead>
|
|
<tr>
|
|
<th>Type</th>
|
|
<th>Source URL</th>
|
|
<th>Content Snippet</th>
|
|
<th>Matches (Rules & Heuristics)</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
{% for s in suspicious_scripts %}
|
|
<tr>
|
|
<!-- Type -->
|
|
<td>{{ s.type or 'unknown' }}</td>
|
|
|
|
<!-- Source URL -->
|
|
<td class="breakable">
|
|
{% if s.src %}
|
|
<a href="{{ s.src }}" target="_blank">{{ s.src[:50] }}</a>
|
|
{% else %}
|
|
N/A
|
|
{% endif %}
|
|
</td>
|
|
|
|
<!-- Inline content snippet (collapsible) -->
|
|
<td>
|
|
{% if s.content_snippet %}
|
|
<details>
|
|
<summary>View snippet ({{ s.content_snippet|length }} chars) </summary>
|
|
<pre class="code">({{ s.content_snippet}}</pre>
|
|
</details>
|
|
{% else %}
|
|
N/A
|
|
{% endif %}
|
|
</td>
|
|
|
|
<!-- Rules & Heuristics -->
|
|
<td>
|
|
{% set has_rules = s.rules and s.rules|length > 0 %}
|
|
{% set has_heur = s.heuristics and s.heuristics|length > 0 %}
|
|
|
|
{% if has_rules %}
|
|
<strong>Rules</strong>
|
|
<ul>
|
|
{% for r in s.rules %}
|
|
<li title="{{ r.description or '' }}">
|
|
{{ r.name }}
|
|
{% if r.severity %}
|
|
<span class="badge sev-{{ r.severity|lower }}">{{ r.severity|title }}</span>
|
|
{% endif %}
|
|
{% if r.tags %}
|
|
{% for t in r.tags %}
|
|
<span class="chip" title="Tag: {{ t }}">{{ t }}</span>
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if r.description %}
|
|
<small>— {{ r.description }}</small>
|
|
{% endif %}
|
|
</li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
|
|
{% if has_heur %}
|
|
<strong>Heuristics</strong>
|
|
<ul>
|
|
{% for h in s.heuristics %}
|
|
<li>{{ h }}</li>
|
|
{% endfor %}
|
|
</ul>
|
|
{% endif %}
|
|
|
|
{% if not has_rules and not has_heur %}
|
|
N/A
|
|
{% endif %}
|
|
</td>
|
|
</tr>
|
|
{% endfor %}
|
|
</tbody>
|
|
</table>
|
|
{% else %}
|
|
<p>No suspicious scripts detected.</p>
|
|
{% endif %}
|
|
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
|
|
<!-- Screenshot -->
|
|
<div class="card" id="screenshot">
|
|
<h2>Screenshot</h2>
|
|
<img src="{{ url_for('main.artifacts', run_uuid=uuid, filename='screenshot.png') }}" alt="Screenshot">
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
<!-- Source -->
|
|
<div class="card" id="source">
|
|
<h2>Source</h2>
|
|
<p><a href="{{ url_for('main.artifacts', run_uuid=uuid, filename='source.txt') }}" target="_blank">View Source</a></p>
|
|
<p><a href="#top-jump-list">Back to top</a></p>
|
|
</div>
|
|
|
|
{% endblock %}
|