Beispiel #1
    def _bruteforce(self, fr_list):
        @parameter fr_list: A list of fr's to be analyzed by the bruteforce plugins
        @return: A list of the URL's that have been successfully bruteforced
        res = []
        # Status
        om.out.debug('Called _bruteforce()' )
        # Progress
        bruteforce_plugin_num = len(self._w3af_core.plugins.plugins['bruteforce'])
        amount_of_tests = bruteforce_plugin_num * len(fr_list) 
        self._w3af_core.progress.set_total_amount( amount_of_tests )
        for plugin in self._w3af_core.plugins.plugins['bruteforce']:

            # Status
            self._w3af_core.status.set_running_plugin( plugin.getName() )
            for fr in fr_list:
                # Status
                self._w3af_core.status.set_current_fuzzable_request( fr )
                # Sends each URL to the bruteforce plugin
                        new_frs = plugin.bruteforce_wrapper( fr )
                        tm.join( plugin )
                except w3afException, e:
                    om.out.error( str(e) )
                except Exception, e:
                    # Smart error handling, much better than just crashing.
                    # Doing this here and not with something similar to:
                    # sys.excepthook = handle_crash because we want to handle
                    # plugin exceptions in this way, and not framework 
                    # exceptions                    
                    exec_info = sys.exc_info()
                    enabled_plugins = pprint_plugins(self._w3af_core)
                    exception_handler.handle( self._w3af_core.status, e , 
                                              exec_info, enabled_plugins )
                    res.extend( new_frs )
                # Progress, I performed one test (no matter if it failed or not)
Beispiel #2
    def _audit(self):
        om.out.debug('Called _audit()' )

        enabled_plugins = self._w3af_core.plugins.getEnabledPlugins('audit')
        audit_plugins = self._w3af_core.plugins.plugin_factory( enabled_plugins, 'audit')

        # For progress reporting
        amount_of_tests = len(audit_plugins) * len(self._fuzzable_request_set)
        self._w3af_core.progress.set_total_amount( amount_of_tests )

        # This two loops do all the audit magic [KISS]
        for plugin in audit_plugins:

            # For status
            self._w3af_core.status.set_running_plugin( plugin.getName() )
            # Before running each plugin let's make sure we're logged in

            #TODO: This is a horrible thing to do, we consume lots of memory
            #      for just a loop. The issue is that we had some strange
            #      "RuntimeError: Set changed size during iteration" and I had
            #      no time to solve them.
            for fr in set(self._fuzzable_request_set):
                # Sends each fuzzable request to the plugin
                self._w3af_core.status.set_current_fuzzable_request( fr )
                        plugin.audit_wrapper( fr )
                        tm.join( plugin )
                except w3afException, e:
                    om.out.error( str(e) )
                except Exception, e:
                    # Smart error handling, much better than just crashing.
                    # Doing this here and not with something similar to:
                    # sys.excepthook = handle_crash because we want to handle
                    # plugin exceptions in this way, and not framework 
                    # exceptions                    
                    exec_info = sys.exc_info()
                    enabled_plugins = pprint_plugins(self._w3af_core)
                    exception_handler.handle( self._w3af_core.status, e , 
                                              exec_info, enabled_plugins )
                # Performed one test, report it
Beispiel #3
    def _grep_worker( self , grep_plugin, request, response):
        This method applies the grep_plugin to a request / response pair.

        @parameter grep_plugin: The grep plugin to run.
        @parameter request: The request which generated the response. A request object.
        @parameter response: The response which was generated by the request (first parameter).
                             A httpResponse object.
        # Create a wrapper that will timeout in "timeout_seconds" seconds.
        # TODO:
        # For now I leave it at 5, but I have to debug grep plugins and I will lower this eventually
        timeout_seconds = 5
        timedout_grep_wrapper = TimeLimited( grep_plugin.grep_wrapper, timeout_seconds)
            timedout_grep_wrapper(request, response)
        except KeyboardInterrupt:
            # Correct control+c handling...
        except TimeLimitExpired:
            msg = 'The "%s" plugin took more than %s seconds to run. ' \
            'For a plugin that should only perform pattern matching, ' \
            'this is too much, please review its source code.' % \
            (grep_plugin.getName(), timeout_seconds)
        except Exception, e:
            # Smart error handling, much better than just crashing.
            # Doing this here and not with something similar to:
            # sys.excepthook = handle_crash because we want to handle
            # plugin exceptions in this way, and not framework 
            # exceptions
            class fake_status(w3af_core_status):

            status = fake_status()
            status.set_running_plugin( grep_plugin.getName() )
            status.set_phase( 'grep' )
            status.set_current_fuzzable_request( request )
            exec_info = sys.exc_info()
            from core.controllers.w3afCore import w3af_core as w3af_core
            enabled_plugins = pprint_plugins(w3af_core)
            exception_handler.handle( status, e , exec_info, enabled_plugins )
Beispiel #4
    def handle_exception(self, phase, plugin_name, fuzzable_request, _exception):
        Get the exception information, and put it into the output queue
        then, the strategy will get the items from the output queue and
        handle the exceptions.

        :param plugin_name: The plugin that generated the exception
        :param fuzzable_request: The fuzzable request that was sent as input to
                                 the plugin when the exception was raised
        :param _exception: The exception object
        except_type, except_class, tb = sys.exc_info()
        enabled_plugins = pprint_plugins(self._w3af_core)

        status = w3af_core_status(self._w3af_core)
        status.set_running_plugin(phase, plugin_name, log=False)
        status.set_current_fuzzable_request(phase, fuzzable_request)

        exception_data = ExceptionData(status, _exception, tb,
Beispiel #5
    def _auth_login(self):
        Make login to the web application when it is needed.
        for plugin in self._w3af_core.plugins.plugins['auth']:

                    if not plugin.is_logged():
            except Exception, e:
                # Smart error handling, much better than just crashing.
                # Doing this here and not with something similar to:
                # sys.excepthook = handle_crash because we want to handle
                # plugin exceptions in this way, and not framework 
                # exceptions                        
                exec_info = sys.exc_info()
                enabled_plugins = pprint_plugins(self._w3af_core)
                exception_handler.handle( self._w3af_core.status, e , 
                                          exec_info, enabled_plugins )
Beispiel #6
 def _discover_worker(self, to_walk):
     This method will run discovery plugins in a loop until no new knowledge
     (ie fuzzable requests) is found.
     TODO: unit-test this method
     @return: A list with the found fuzzable requests.
     om.out.debug('Called _discover_worker()' )
     result = []
     while to_walk:
         # Progress stuff, do this inside the while loop, because the to_walk 
         # variable changes in each loop
         amount_of_tests = len(self._w3af_core.plugins.plugins['discovery']) * len(to_walk)
         plugins_to_remove_list = []
         fuzz_reqs = {}
         for plugin in self._w3af_core.plugins.plugins['discovery']:
             # Login is needed,
             for fr in to_walk:
                 # Should I continue with the discovery phase? If not, return
                 # what I know for now and forget about all the remaining work
                 if self._should_stop_discovery(): return result
                 # Status reporting
                 status = self._w3af_core.status
                         # Perform the actual work
                         plugin_result = plugin.discover_wrapper(fr)
                 except KeyboardInterrupt:
                     om.out.information('The user interrupted the discovery phase, '
                                        'continuing with audit.')
                     return result
                 except w3afException,e:
                 except w3afRunOnce:
                     # Some plugins are meant to be run only once
                     # that is implemented by raising a w3afRunOnce
                     # exception
                 except Exception, e:
                     # Smart error handling, much better than just crashing.
                     # Doing this here and not with something similar to:
                     # sys.excepthook = handle_crash because we want to handle
                     # plugin exceptions in this way, and not framework 
                     # exceptions                        
                     exec_info = sys.exc_info()
                     enabled_plugins = pprint_plugins(self._w3af_core)
                     exception_handler.handle( self._w3af_core.status, e , 
                                               exec_info, enabled_plugins )
                     # We don't trust plugins, i'll only work if this
                     # is a list or something else that is iterable
                     lst = fuzz_reqs.setdefault(plugin.getName(), [])
                     if hasattr(plugin_result, '__iter__'):
                         lst.extend(fr for fr in plugin_result)
                 # Finished one loop, inc!