Skip to content

Commit 3c44159

Browse files
alonz22alonz22
authored
Update Scan-CSRF.ps1
scanning .aspx.cs and .cs in addition to .aspx
1 parent b19cb6b commit 3c44159

File tree

1 file changed

+13
-8
lines changed

1 file changed

+13
-8
lines changed

Scan-CSRF.ps1

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
function Check-CSRFToken {
1+
function Check-CSRFToken {
22
param($file)
33

44
$content = Get-Content -Path $file
@@ -91,13 +91,18 @@ if (-not (Test-Path $path -PathType Container)) {
9191
exit
9292
}
9393

94-
# Get all .aspx files in the given path recursively
94+
95+
# Get all .aspx, .aspx.cs, and .cs files in the given path recursively
9596
$aspxFiles = Get-ChildItem -Path $path -Filter "*.aspx" -Recurse
97+
$aspxCSFiles = Get-ChildItem -Path $path -Filter "*.aspx.cs" -Recurse
98+
$csFiles = Get-ChildItem -Path $path -Filter "*.cs" -Recurse
99+
100+
$allFiles = $aspxFiles + $aspxCSFiles + $csFiles # Combine all the file arrays
96101

97-
# Perform checks on each .aspx file
98102
$matchesFound = $false
99103
$matchCounter = 0 # Initialize total match counter
100-
foreach ($file in $aspxFiles) {
104+
105+
foreach ($file in $allFiles) {
101106
$matches, $count = Check-CSRFToken $file.FullName
102107
if ($matches) {
103108
$matchesFound = $true
@@ -106,9 +111,9 @@ foreach ($file in $aspxFiles) {
106111
}
107112

108113
if ($matchesFound) {
109-
Write-Host "Failing to implement CSRF protection in your web application can expose users to Cross-Site Request Forgery attacks.
114+
Write-Host "`n`nFailing to implement CSRF protection in your web application can expose users to Cross-Site Request Forgery attacks.
110115
`nBy ensuring the presence of secure, hidden CSRF tokens within forms and associating them with session variables,
111-
`nyou can prevent attackers from forging malicious requests and protect user data and actions." -ForegroundColor DarkYellow
116+
`nyou can prevent attackers from forging malicious requests and protect user data and actions."
112117

113118
# Calculate the score based on the total match count
114119
$Severity = "LOW"
@@ -125,10 +130,10 @@ if ($matchesFound) {
125130
}
126131

127132
Write-Host "`nTotal Vulnerability Matches Found: $matchCounter" -ForegroundColor Green
128-
Write-Host "`nSeverity: $Severity" -ForegroundColor DarkYellow
133+
Write-Host "`nSeverity: $Severity" -ForegroundColor Red
129134
Write-Host "`nTotal Vulnerabilities Score: $score" -ForegroundColor DarkYellow
130135
}
131136
else {
132137
Write-Host "`nNo Matches Found For Scanned Vulnerabilities."
133138

134-
}
139+
}

0 commit comments

Comments
 (0)