def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'EMAIL_TARGET': config.get_val('EMAIL_TARGET_DESCRIP'),
'EMAIL_FROM': config.get_val('EMAIL_FROM_DESCRIP'),
'SMTP_LOGIN': config.get_val('SMTP_LOGIN_DESCRIP'),
'SMTP_PASS': config.get_val('SMTP_PASS_DESCRIP'),
'SMTP_HOST': config.get_val('SMTP_HOST_DESCRIP'),
'SMTP_PORT': config.get_val('SMTP_PORT_DESCRIP'),
'EMAIL_PRIORITY': config.get_val('EMAIL_PRIORITY_DESCRIP'),
'EMAIL_SUBJECT': config.get_val('EMAIL_SUBJECT_DESCRIP'),
'EMAIL_BODY': config.get_val('EMAIL_BODY_DESCRIP'),
},
'Optional': {
'EMAIL_ATTACHMENT': config.get_val('EMAIL_ATTACHMENT_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.GetArgs(args, PluginInfo):
plugin_params.set_config(Args) # Update config
if ServiceLocator.get_component("smtp").Send(Args):
cprint("Email delivered succcessfully")
else:
cprint("Email delivery failed")
resource = ServiceLocator.get_component("config").get_resources('SendPhishingAttackviaSET')
Content += ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output', resource,
PluginInfo, Content)
return Content
def run(PluginInfo):
Content = []
config = ServiceLocator.get_component("config")
OWTFLogger.log("WARNING: This plugin requires a small selenium installation, please run '%s' if you have issues" %
config.get_val('INSTALL_SCRIPT'))
plugin_params = ServiceLocator.get_component("plugin_params")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'BASE_URL': 'The URL to be pre-pended to the tests',
'CATEGORY': 'Category to use (i.e. ' + ', '.join(sorted(CATEGORIES)) + ')'
},
'Optional': {'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args)
InputFile = config.get_val("SELENIUM_URL_VECTORS_" + Args['CATEGORY'])
URLLauncher = ServiceLocator.get_component("selenium_handler").CreateURLLauncher({
'BASE_URL': Args['BASE_URL'],
'INPUT_FILE': InputFile
})
URLLauncher.run()
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'EMAIL_TARGET': config.get_val('EMAIL_TARGET_DESCRIP'),
'EMAIL_FROM': config.get_val('EMAIL_FROM_DESCRIP'),
'SMTP_LOGIN': config.get_val('SMTP_LOGIN_DESCRIP'),
'SMTP_PASS': config.get_val('SMTP_PASS_DESCRIP'),
'SMTP_HOST': config.get_val('SMTP_HOST_DESCRIP'),
'SMTP_PORT': config.get_val('SMTP_PORT_DESCRIP'),
'EMAIL_PRIORITY': config.get_val('EMAIL_PRIORITY_DESCRIP'),
'EMAIL_SUBJECT': config.get_val('EMAIL_SUBJECT_DESCRIP'),
'EMAIL_BODY': config.get_val('EMAIL_BODY_DESCRIP'),
},
'Optional': {
'EMAIL_ATTACHMENT': config.get_val('EMAIL_ATTACHMENT_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args) # Update config
if ServiceLocator.get_component("smtp").Send(Args):
cprint("Email delivered succcessfully")
else:
cprint("Email delivery failed")
resource = ServiceLocator.get_component("config").get_resources('SendPhishingAttackviaSET')
Content += ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output', resource,
PluginInfo, Content)
return Content
def run(PluginInfo):
return ServiceLocator.get_component("plugin_helper").CommandDump(
'Test Command',
'Output',
ServiceLocator.get_component("resource").get_resources('DomainBruteForcing'),
PluginInfo,
"") # No previous output
def main(args):
""" The main wrapper which loads everything
:param args: User supplied arguments dictionary
:type args: `dict`
:return:
:rtype: None
"""
banner()
# Get tool path from script path:
root_dir = os.path.dirname(os.path.abspath(args[0])) or '.'
owtf_pid = os.getpid()
try:
ComponentInitialiser.initialisation_phase_1(root_dir, owtf_pid)
except DatabaseNotRunningException:
exit(-1)
args = process_options(args[1:])
ServiceLocator.get_component("config").process_phase1(args)
ComponentInitialiser.initialisation_phase_2(args)
# Initialise Framework.
core = Core()
logging.warn(
"OWTF Version: %s, Release: %s " % (
ServiceLocator.get_component("config").get_val('VERSION'),
ServiceLocator.get_component("config").get_val('RELEASE'))
)
run_owtf(core, args)
def run(PluginInfo):
resource = ServiceLocator.get_component("resource").get_resources(
'SemiPassiveSearchEngineDiscoveryCmd')
Content = ServiceLocator.get_component("plugin_helper").CommandDump(
'Test Command', 'Output', resource, PluginInfo,
[]) # No previous output
return Content
def manage_workers(self):
"""This function manages workers, it polls on each queue of worker
checks if it has done his work and then gives it new work
if there is one
:return: None
:rtype: None
"""
# Loop while there is some work in worklist
for k in range(0, len(self.workers)):
if (not self.workers[k]["worker"].output_q.empty()) or (not check_pid(self.workers[k]["worker"].pid)):
if check_pid(self.workers[k]["worker"].pid):
# Assign target, plugin from tuple work and empty the tuple
self.workers[k]["work"] = ()
self.workers[k]["busy"] = False # Worker is IDLE
self.workers[k]["start_time"] = "NA"
else:
logging.info("Worker with name %s and pid %s seems dead" % (self.workers[k]["worker"].name,
self.workers[k]["worker"].pid))
self.spawn_worker(index=k)
work_to_assign = self.get_task()
if work_to_assign:
logging.info("Work assigned to %s with pid %d" % (self.workers[k]["worker"].name,
self.workers[k]["worker"].pid))
trash_can = self.workers[k]["worker"].output_q.get()
# Assign work ,set target to used,and process to busy
self.workers[k]["worker"].input_q.put(work_to_assign)
self.workers[k]["work"] = work_to_assign
self.workers[k]["busy"] = True
self.workers[k]["start_time"] = strftime("%Y/%m/%d %H:%M:%S")
if not self.keep_working:
if not self.is_any_worker_busy():
logging.info("All jobs have been done. Exiting.")
ServiceLocator.get_component('core').finish()
def run(PluginInfo):
# Vuln search box to be built in core and resued in different plugins:
resource = ServiceLocator.get_component("resource").get_resources(
'PassiveSSL')
Content = ServiceLocator.get_component("plugin_helper").resource_linklist(
'Online Resources', resource)
return Content
def run(PluginInfo):
urls = ServiceLocator.get_component("url_manager").get_urls_to_visit()
for url in urls: # This will return only unvisited urls
ServiceLocator.get_component("requester").get_transaction(True, url) # Use cache if possible
Content = "%s URLs were visited" % str(len(urls))
OWTFLogger.log(Content)
return ServiceLocator.get_component("plugin_helper").HtmlString(Content)
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
smb = ServiceLocator.get_component("smb")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'SMB_HOST': config.get_val('SMB_HOST_DESCRIP'),
'SMB_SHARE': config.get_val('SMB_SHARE_DESCRIP'),
'SMB_MOUNT_POINT': config.get_val('SMB_MOUNT_POINT_DESCRIP'),
},
'Optional': {
'SMB_USER': config.get_val('SMB_USER_DESCRIP'),
'SMB_PASS': config.get_val('SMB_PASS_DESCRIP'),
'SMB_DOWNLOAD': config.get_val('SMB_DOWNLOAD_DESCRIP'),
'SMB_UPLOAD': config.get_val('SMB_UPLOAD_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.GetArgs(args, PluginInfo):
plugin_params.set_config(Args) # Sets the auxiliary plugin arguments as config
smb.Mount(Args, PluginInfo)
smb.Transfer()
if not smb.IsClosed(): # Ensure clean exit if reusing connection
smb.UnMount(PluginInfo)
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'RHOST':
config.get_val('RHOST_DESCRIP'),
'RPORT':
config.get_val('RPORT_DESCRIP'),
'CATEGORY':
'Category to use (i.e. ' + ', '.join(sorted(CATEGORIES)) + ')',
'SUBCATEGORY':
'Subcategory to use (i.e. ' + ', '.join(sorted(SUBCATEGORIES)) +
')'
},
'Optional': {
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.GetArgs(args, PluginInfo):
plugin_params.set_config(Args)
resource = config.get_resources('LaunchExploit_' + Args['CATEGORY'] +
"_" + Args['SUBCATEGORY'])
Content += ServiceLocator.get_component("plugin_helper").CommandDump(
'Test Command', 'Output', resource, PluginInfo, "")
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
Content = plugin_helper.VulnerabilitySearchBox('')
resource = ServiceLocator.get_component("resource").get_resources(
'ExternalCAPTCHA')
Content += plugin_helper.resource_linklist('Tools', resource)
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
smb = ServiceLocator.get_component("smb")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'SMB_HOST': config.get_val('SMB_HOST_DESCRIP'),
'SMB_SHARE': config.get_val('SMB_SHARE_DESCRIP'),
'SMB_MOUNT_POINT': config.get_val('SMB_MOUNT_POINT_DESCRIP'),
},
'Optional': {
'SMB_USER': config.get_val('SMB_USER_DESCRIP'),
'SMB_PASS': config.get_val('SMB_PASS_DESCRIP'),
'SMB_DOWNLOAD': config.get_val('SMB_DOWNLOAD_DESCRIP'),
'SMB_UPLOAD': config.get_val('SMB_UPLOAD_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args) # Sets the auxiliary plugin arguments as config
smb.Mount(Args, PluginInfo)
smb.Transfer()
if not smb.IsClosed(): # Ensure clean exit if reusing connection
smb.UnMount(PluginInfo)
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
resource = ServiceLocator.get_component("resource")
Content = plugin_helper.Requestlink_list(
'Passive Analysis Results',
resource.get_resources('PassiveRobotsAnalysisHTTPRequests'),
PluginInfo)
Content += plugin_helper.resource_linklist(
'Online Resources',
resource.get_resources('PassiveRobotsAnalysisLinks'))
# Try to retrieve the robots.txt file from all defined resources
Count = 0
for Name, Resource in resource.get_resources('PassiveRobots'):
URL = Resource # Just for clarity
# Preparing link chunks for disallowed entries
LinkStart, LinkFinish = URL.split('/robots.txt')
LinkStart = LinkStart.strip()
LinkFinish = LinkFinish.strip()
# Use the cache if possible for speed
Transaction = ServiceLocator.get_component(
"requester").get_transaction(True, URL)
if Transaction is not None and Transaction.found:
Content += plugin_helper.ProcessRobots(
PluginInfo, Transaction.get_raw_response_body(), LinkStart,
LinkFinish, 'robots%s.txt' % str(Count))
Count += 1
else: # Not found or unknown request error
Message = "Could not be retrieved using resource: %s" % Resource
OWTFLogger.log(Message)
Content += plugin_helper.TransactionTableForURLList(True, [URL])
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
resource = ServiceLocator.get_component("resource").get_resources('PassiveSearchEngineDiscoveryCmd')
resource_online = ServiceLocator.get_component("resource").get_resources('PassiveSearchEngineDiscoveryLnk')
Content = plugin_helper.CommandDump('Test Command', 'Output', resource, PluginInfo, [])
Content += plugin_helper.resource_linklist('Online Resources', resource_online)
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'RHOST': config.get_val('RHOST_DESCRIP'),
'RPORT': config.get_val('RPORT_DESCRIP'),
'CATEGORY': 'Category to use (i.e. ' + ', '.join(sorted(CATEGORIES)) + ')'
},
'Optional': {
'BRUTEFORCER': 'Bruteforcer to use (i.e. ' + ', '.join(sorted(BRUTEFORCER)) + ')',
'ONLINE_USER_LIST': config.get_val('ONLINE_USER_LIST_DESCRIP'),
'ONLINE_PASSWORD_LIST': config.get_val('ONLINE_PASSWORD_LIST_DESCRIP'),
'THREADS': config.get_val('THREADS_DESCRIP'),
'_RESPONSE_WAIT': config.get_val('_RESPONSE_WAIT_DESCRIP'),
'CONNECT_WAIT': config.get_val('CONNECT_WAIT_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args)
resource = config.get_resources('PassBruteForce_' + Args['BRUTEFORCER'] + "_" + Args['CATEGORY'])
Content += ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output', resource,
PluginInfo, "") # No previous output
return Content
def run(PluginInfo):
resource = ServiceLocator.get_component("resource").get_resources(
'ActiveSSLCmds')
Content = ServiceLocator.get_component("plugin_helper").CommandDump(
'Test Command', 'Output', resource, PluginInfo,
[]) # No previous output
return Content
def run(PluginInfo):
# True = Use Transaction Cache if possible: Visit the start URLs if not already visited
# Step 1 - Find transactions that set cookies
# Step 2 - Request 10 times per URL that sets cookies
# Step 3 - Compare values and calculate randomness
url_list = []
cookie_dict = defaultdict(list)
# Get all possible values of the cookie names and values
transaction = ServiceLocator.get_component("transaction")
for id in transaction.search_by_regex_names([
ServiceLocator.get_component("config").get('HEADERS_FOR_COOKIES')
]): # Transactions with cookies
url = transaction.get_by_id(
id).URL # Limitation: Not Checking POST, normally not a problem
if url not in url_list: # Only if URL not already processed!
url_list.append(url) # Keep track of processed URLs
for _ in range(0, 10): # Get more cookies to perform analysis
transaction = ServiceLocator.get_component(
"requester").get_transaction(False, url)
cookies = transaction.get_session_tokens()
for cookie in cookies:
cookie_dict[cookie.name].append(str(cookie.value))
# Leave the randomness test upto the user
return json.dumps(cookie_dict)
def run(PluginInfo):
Content = []
config = ServiceLocator.get_component("config")
OWTFLogger.log(
"WARNING: This plugin requires a small selenium installation, please run '%s' if you have issues"
% config.get_val('INSTALL_SCRIPT'))
plugin_params = ServiceLocator.get_component("plugin_params")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'BASE_URL':
'The URL to be pre-pended to the tests',
'CATEGORY':
'Category to use (i.e. ' + ', '.join(sorted(CATEGORIES)) + ')'
},
'Optional': {
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args)
InputFile = config.get_val("SELENIUM_URL_VECTORS_" + Args['CATEGORY'])
URLLauncher = ServiceLocator.get_component(
"selenium_handler").CreateURLLauncher({
'BASE_URL': Args['BASE_URL'],
'INPUT_FILE': InputFile
})
URLLauncher.run()
return Content
def run(PluginInfo):
# Vuln search box to be built in core and resued in different plugins:
resource = ServiceLocator.get_component("resource").get_resources(
'PassiveMethods')
Content = ServiceLocator.get_component("plugin_helper").resource_linklist(
'Online Resources', resource)
OWTFLogger.log("Passive links generated for target")
return Content
def run(PluginInfo):
title = "This plugin looks for server-side protection headers against Clickjacking" + \
"(TODO: Add rudimentary search for frame busting)<br/>"
Content = ServiceLocator.get_component("plugin_helper").HtmlString(title)
Content += ServiceLocator.get_component(
"plugin_helper").FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_CLICKJACKING_PROTECTION')
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
resource = ServiceLocator.get_component("resource")
NiktoOutput = plugin_helper.CommandDump('Test Command', 'Output', resource.get_resources('Nikto_Unauth'),
PluginInfo, [])
Content = plugin_helper.CommandDump('Test Command', 'Output', resource.get_resources('Nikto_Verify_Unauth'),
PluginInfo, NiktoOutput)
return Content + NiktoOutput # Show Nikto Verify FIRST (more useful, with links to findings, etc)
def run(PluginInfo):
# True = Use Transaction Cache if possible: Visit the start URLs if not already visited
plugin_helper = ServiceLocator.get_component("plugin_helper")
TransactionTable = plugin_helper.TransactionTableForURLList(True, ServiceLocator.get_component("target").get_as_list(
['target_url', 'top_url']))
resource = ServiceLocator.get_component("resource").get_resources('SemiPassiveFingerPrint')
Content = plugin_helper.ResearchFingerprintInlog() + TransactionTable
Content += plugin_helper.CommandDump('Test Command', 'Output', resource, PluginInfo, Content)
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
resource = ServiceLocator.get_component("resource")
NiktoOutput = plugin_helper.CommandDump(
'Test Command', 'Output', resource.get_resources('Nikto_Unauth'),
PluginInfo, [])
Content = plugin_helper.CommandDump(
'Test Command', 'Output',
resource.get_resources('Nikto_Verify_Unauth'), PluginInfo, NiktoOutput)
return Content + NiktoOutput # Show Nikto Verify FIRST (more useful, with links to findings, etc)
def run(PluginInfo):
target = ServiceLocator.get_component("target")
URL = target.get('top_url')
# TODO: PUT not working right yet
plugin_helper = ServiceLocator.get_component("plugin_helper")
Content = plugin_helper.TransactionTableForURL(True, URL, Method='TRACE')
resource = ServiceLocator.get_component("resource")
Content += plugin_helper.CommandDump('Test Command', 'Output', resource.get_resources('ActiveHTTPMethods'),
PluginInfo, Content)
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'RHOST': config.get_val('RHOST_DESCRIP'),
'SBD_PORT': config.get_val('SBD_PORT_DESCRIP'),
'SBD_PASSWORD': config.get_val('SBD_PASSWORD_DESCRIP'),
'COMMAND_FILE': config.get_val('COMMAND_FILE_DESCRIP')
},
'Optional': {'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args) # Sets the auxiliary plugin arguments as config
ServiceLocator.get_component("interactive_shell").Open({
'ConnectVia': ServiceLocator.get_component("resource").get_resources('RCE_SBD_Connection'),
'InitialCommands': None,
'ExitMethod': Args['ISHELL_EXIT_METHOD'],
'CommandsBeforeExit': Args['ISHELL_COMMANDS_BEFORE_EXIT'],
'CommandsBeforeExitDelim': Args['ISHELL_COMMANDS_BEFORE_EXIT_DELIM'],
'RHOST': Args['RHOST'],
'RPORT': Args['SBD_PORT']
}, PluginInfo)
Content += ServiceLocator.get_component("interactive_shell").RunCommandList(get_file_as_list(
Args['COMMAND_FILE']), PluginInfo)
if not ServiceLocator.get_component("interactive_shell").IsClosed(): # Ensure clean exit if reusing connection
ServiceLocator.get_component("interactive_shell").Close(PluginInfo)
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'RHOST': config.get_val('RHOST_DESCRIP'),
'RUSER': config.get_val('RUSER_DESCRIP'),
'COMMAND_FILE': config.get_val('COMMAND_FILE_DESCRIP')
},
'Optional': {
'RPORT': config.get_val('RPORT_DESCRIP'),
'PASSPHRASE': config.get_val('PASSPHRASE_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args) # Sets the auxiliary plugin arguments as config
ServiceLocator.get_component("interactive_shell").Open({
'ConnectVia': ServiceLocator.get_component("resource").get_resources('RCE_SSH_Connection'),
'InitialCommands': Args['PASSPHRASE'],
'ExitMethod': Args['ISHELL_EXIT_METHOD'],
'CommandsBeforeExit': Args['ISHELL_COMMANDS_BEFORE_EXIT'],
'CommandsBeforeExitDelim': Args['ISHELL_COMMANDS_BEFORE_EXIT_DELIM'],
'RHOST': Args['RHOST'],
'RPORT': Args['RPORT']
}, PluginInfo)
Content += ServiceLocator.get_component("interactive_shell").RunCommandList(get_file_as_list(
Args['COMMAND_FILE']), PluginInfo)
if not ServiceLocator.get_component("interactive_shell").IsClosed(): # Ensure clean exit if reusing connection
ServiceLocator.get_component("interactive_shell").Close(PluginInfo)
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
target = ServiceLocator.get_component("target")
resource = ServiceLocator.get_component("resource").get_resources(
'SemiPassiveHTTPMethods')
Content = plugin_helper.TransactionTableForURLList(
True, target.get_as_list(['target_url', 'top_url']), 'OPTIONS')
# No previous output
Content += plugin_helper.CommandDump('Test Command', 'Output', resource,
PluginInfo, [])
return Content
def run(PluginInfo):
target = ServiceLocator.get_component("target")
URL = target.get('top_url')
# TODO: PUT not working right yet
plugin_helper = ServiceLocator.get_component("plugin_helper")
Content = plugin_helper.TransactionTableForURL(True, URL, Method='TRACE')
resource = ServiceLocator.get_component("resource")
Content += plugin_helper.CommandDump(
'Test Command', 'Output', resource.get_resources('ActiveHTTPMethods'),
PluginInfo, Content)
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
resource = ServiceLocator.get_component("resource").get_resources(
'PassiveSearchEngineDiscoveryCmd')
resource_online = ServiceLocator.get_component("resource").get_resources(
'PassiveSearchEngineDiscoveryLnk')
Content = plugin_helper.CommandDump('Test Command', 'Output', resource,
PluginInfo, [])
Content += plugin_helper.resource_linklist('Online Resources',
resource_online)
return Content
def run(PluginInfo):
resource = ServiceLocator.get_component("resource")
Content = ServiceLocator.get_component("plugin_helper").Tabbedresource_linklist([
['DNS', resource.get_resources('PassiveAppDiscoveryDNS')],
['WHOIS', resource.get_resources('PassiveAppDiscoveryWHOIS')],
['DB Lookups', resource.get_resources('PassiveAppDiscoveryDbLookup')],
['Ping', resource.get_resources('PassiveAppDiscoveryPing')],
['Traceroute', resource.get_resources('PassiveAppDiscoveryTraceroute')],
['Misc', resource.get_resources('PassiveAppDiscoveryMisc')]
])
return Content
def run(PluginInfo):
url_list = []
for File in ["crossdomain.xml", "clientaccesspolicy.xml"]:
for url in ServiceLocator.get_component("target").get_as_list(['target_url', 'top_url']):
url_list.append(url + "/" + File) # Compute all URL + File combinations
# The requester owtf component will unique the URLs
TransactionList = ServiceLocator.get_component("requester").get_transactions(True, url_list)
# Even though we have transaction list, those transactions do not have id
# because our proxy stores the transactions and not the requester. So the
# best way is to use the url list to retrieve transactions while making the
# report
return ServiceLocator.get_component("plugin_helper").TransactionTableForURLList(True, url_list, "GET")
def run(PluginInfo):
Content = []
Iteration = 1 # Iteration counter initialisation
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'RHOST': config.get_val('RHOST_DESCRIP'),
'SBD_PORT': config.get_val('SBD_PORT_DESCRIP'),
'SBD_PASSWORD': config.get_val('SBD_PASSWORD_DESCRIP'),
'COMMAND_PREFIX': 'The command string to be pre-pended to the tests (i.e. /usr/lib/firefox... http...)',
},
'Optional': {
'TEST': 'The test to be included between prefix and suffix',
'COMMAND_SUFFIX': 'The URL to be appended to the tests (i.e. ...whatever)',
'ISHELL_REUSE_CONNECTION': config.get_val('ISHELL_REUSE_CONNECTION_DESCRIP'),
'ISHELL_EXIT_METHOD': config.get_val('ISHELL_EXIT_METHOD_DESCRIP'),
'ISHELL_DELAY_BETWEEN_COMMANDS': config.get_val('ISHELL_DELAY_BETWEEN_COMMANDS_DESCRIP'),
'ISHELL_COMMANDS_BEFORE_EXIT': config.get_val('ISHELL_COMMANDS_BEFORE_EXIT_DESCRIP'),
'ISHELL_COMMANDS_BEFORE_EXIT_DELIM': config.get_val('ISHELL_COMMANDS_BEFORE_EXIT_DELIM_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args) # Sets the auxiliary plugin arguments as config
REUSE_CONNECTION = (Args['ISHELL_REUSE_CONNECTION'] == 'yes')
DELAY_BETWEEN_COMMANDS = Args['ISHELL_DELAY_BETWEEN_COMMANDS']
if (Iteration == 1) or (not REUSE_CONNECTION):
ServiceLocator.get_component("interactive_shell").Open({
'ConnectVia': config.get_resources('RCE_SBD_Connection'),
'InitialCommands': None,
'ExitMethod': Args['ISHELL_EXIT_METHOD'],
'CommandsBeforeExit': Args['ISHELL_COMMANDS_BEFORE_EXIT'],
'CommandsBeforeExitDelim': Args['ISHELL_COMMANDS_BEFORE_EXIT_DELIM'],
'RHOST': Args['RHOST'],
'RPORT': Args['SBD_PORT']
}, PluginInfo)
else:
OWTFLogger.log("Reusing initial connection..")
Content += ServiceLocator.get_component("interactive_shell").run(
Args['COMMAND_PREFIX'] + Args['TEST'] + Args['COMMAND_SUFFIX'], PluginInfo)
OWTFLogger.log("Sleeping " + DELAY_BETWEEN_COMMANDS + " second(s) (increases reliability)..")
time.sleep(int(DELAY_BETWEEN_COMMANDS))
if not REUSE_CONNECTION:
ServiceLocator.get_component("interactive_shell").Close(PluginInfo)
Iteration += 1 # Increase Iteration counter
if not ServiceLocator.get_component("interactive_shell").IsClosed(): # Ensure clean exit if reusing connection
ServiceLocator.get_component("interactive_shell").Close(PluginInfo)
return Content
def run(PluginInfo):
# True = Use Transaction Cache if possible: Visit the start URLs if not already visited
plugin_helper = ServiceLocator.get_component("plugin_helper")
TransactionTable = plugin_helper.TransactionTableForURLList(
True,
ServiceLocator.get_component("target").get_as_list(
['target_url', 'top_url']))
resource = ServiceLocator.get_component("resource").get_resources(
'SemiPassiveFingerPrint')
Content = plugin_helper.ResearchFingerprintInlog() + TransactionTable
Content += plugin_helper.CommandDump('Test Command', 'Output', resource,
PluginInfo, Content)
return Content
def run(PluginInfo):
mapping = [['All', 'CMS_FingerPrint_All'],
['WordPress', 'CMS_FingerPrint_WordPress'],
['Joomla', 'CMS_FingerPrint_Joomla'],
['Drupal', 'CMS_FingerPrint_Drupal'],
['Mambo', 'CMS_FingerPrint_Mambo']]
# Vuln search box to be built in core and reused in different plugins:
plugin_helper = ServiceLocator.get_component("plugin_helper")
Content = plugin_helper.VulnerabilitySearchBox('')
resource = ServiceLocator.get_component("resource").get_resources(
'PassiveFingerPrint')
Content += plugin_helper.resource_linklist('Online Resources', resource)
Content += plugin_helper.SuggestedCommandBox(
PluginInfo, mapping, 'CMS Fingerprint - Potentially useful commands')
return Content
def run(PluginInfo):
# Define DirBuster Commands to use depending on Interaction Setting:
# DirBuster allows much more control when interactive
# DirBuster can also be run non-interactively for scripting
DirBusterInteraction = {'true': 'DirBusterInteractive', 'false': 'DirBusterNotInteractive'}
# Get settings from the config DB
db_interactive = ServiceLocator.get_component("db_config").get('INTERACTIVE')
resource = ServiceLocator.get_component("resource").get_resources(DirBusterInteraction[db_interactive])
Content = ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output', resource,
PluginInfo, [])
extractURL_resource = ServiceLocator.get_component("resource").get_resources('DirBuster_Extract_URLs')
Content += ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output',
extractURL_resource, PluginInfo, [])
return Content
def run(PluginInfo):
mapping = [
['All', 'CMS_FingerPrint_All'],
['WordPress', 'CMS_FingerPrint_WordPress'],
['Joomla', 'CMS_FingerPrint_Joomla'],
['Drupal', 'CMS_FingerPrint_Drupal'],
['Mambo', 'CMS_FingerPrint_Mambo']
]
# Vuln search box to be built in core and reused in different plugins:
plugin_helper = ServiceLocator.get_component("plugin_helper")
Content = plugin_helper.VulnerabilitySearchBox('')
resource = ServiceLocator.get_component("resource").get_resources('PassiveFingerPrint')
Content += plugin_helper.resource_linklist('Online Resources', resource)
Content += plugin_helper.SuggestedCommandBox(PluginInfo, mapping, 'CMS Fingerprint - Potentially useful commands')
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
target = ServiceLocator.get_component("target")
requester = ServiceLocator.get_component("requester")
top_url = target.get('top_url')
url = "%s/robots.txt" % top_url
test_result = []
# Use transaction cache if possible for speed
http_transaction = requester.get_transaction(True, url, "GET")
if http_transaction is not None and http_transaction.Found:
test_result += plugin_helper.ProcessRobots(PluginInfo, http_transaction.get_raw_response_body(), top_url, '')
else: # robots.txt NOT found
OWTFLogger.log("robots.txt was NOT found")
test_result += plugin_helper.TransactionTableForURLList(True, [url])
return test_result
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
title = "This plugin looks for HTML 5 Cross Origin Resource Sharing (CORS) headers<br/>"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_CORS')
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_REGEXP_FOR_CORS_METHODS')
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
target = ServiceLocator.get_component("target")
requester = ServiceLocator.get_component("requester")
top_url = target.get('top_url')
url = "%s/robots.txt" % top_url
test_result = []
# Use transaction cache if possible for speed
http_transaction = requester.get_transaction(True, url, "GET")
if http_transaction is not None and http_transaction.Found:
test_result += plugin_helper.ProcessRobots(
PluginInfo, http_transaction.get_raw_response_body(), top_url, '')
else: # robots.txt NOT found
OWTFLogger.log("robots.txt was NOT found")
test_result += plugin_helper.TransactionTableForURLList(True, [url])
return test_result
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
title = "This plugin looks for Robots meta tag and X-Robots-Tag HTTP header<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_ROBOTS')
Content += plugin_helper.FindResponseBodyMatchesForRegexpName('RESPONSE_REGEXP_FOR_ROBOTS_META_TAG')
return Content
def get(self, file_url):
config = ServiceLocator.get_component("config")
ui_port = config.get("UI_SERVER_PORT")
fileserver_port = config.get("FILE_SERVER_PORT")
output_files_server = "%s://%s/" % (self.request.protocol, self.request.host.replace(ui_port, fileserver_port))
redirect_file_url = output_files_server + url_escape(file_url, plus=False)
self.redirect(redirect_file_url, permanent=True)
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
title = "This plugin looks for password and form tags to review the autocomplete attribute<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseBodyMatchesForRegexpName(
'RESPONSE_REGEXP_FOR_AUTOCOMPLETE')
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
title = "This plugin looks for cookie setting headers (TODO: Check vuln scanners' output!)<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_COOKIES')
# TODO: Fix up
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
title = "This plugin looks for server-side protection headers to enforce SSL<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_SSL_PROTECTION')
return Content
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
title = "This plugin looks for server-side protection headers and tags against cache snooping<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_CACHE_PROTECTION')
Content += plugin_helper.FindResponseBodyMatchesForRegexpName('RESPONSE_REGEXP_FOR_CACHE_PROTECTION')
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'EMAIL_TARGET': config.get_val('EMAIL_TARGET_DESCRIP'),
'EMAIL_FROM': config.get_val('EMAIL_FROM_DESCRIP'),
'PHISHING_PAYLOAD': config.get_val('PHISHING_PAYLOAD_DESCRIP'),
'SET_FILE_EXTENSION_ATTACK': config.get_val('SET_FILE_EXTENSION_ATTACK_DESCRIP'),
'SET_EMAIL_TEMPLATE': config.get_val('SET_EMAIL_TEMPLATE_DESCRIP'),
'SMTP_LOGIN': config.get_val('SMTP_LOGIN_DESCRIP'),
'SMTP_PASS': config.get_val('SMTP_PASS_DESCRIP'),
'SMTP_HOST': config.get_val('SMTP_HOST_DESCRIP'),
'SMTP_PORT': config.get_val('SMTP_PORT_DESCRIP'),
'EMAIL_PRIORITY': config.get_val('EMAIL_PRIORITY_DESCRIP'),
'PDF_TEMPLATE': config.get_val('PDF_TEMPLATE_DESCRIP'),
'WORD_TEMPLATE': config.get_val('WORD_TEMPLATE_DESCRIP'),
'MSF_LISTENER_IP': config.get_val('MSF_LISTENER_IP_DESCRIP'),
'MSF_LISTENER_PORT': config.get_val('MSF_LISTENER_PORT_DESCRIP'),
'MSF_LISTENER_SETUP': config.get_val('MSF_LISTENER_SETUP_DESCRIP'),
'ATTACHMENT_NAME': config.get_val('ATTACHMENT_NAME_DESCRIP'),
'PHISHING_SCRIPT_DIR': config.get_val('PHISHING_SCRIPT_DIR_DESCRIP')
},
'Optional': {
'PHISHING_CUSTOM_EXE_PAYLOAD_DIR': config.get_val('PHISHING_CUSTOM_EXE_PAYLOAD_DIR_DESCRIP'),
'PHISHING_CUSTOM_EXE_PAYLOAD': config.get_val('PHISHING_CUSTOM_EXE_PAYLOAD_DESCRIP'),
'ISHELL_EXIT_METHOD': config.get_val('ISHELL_EXIT_METHOD_DESCRIP'),
'ISHELL_DELAY_BETWEEN_COMMANDS': config.get_val('ISHELL_DELAY_BETWEEN_COMMANDS_DESCRIP'),
'ISHELL_COMMANDS_BEFORE_EXIT': config.get_val('ISHELL_COMMANDS_BEFORE_EXIT_DESCRIP'),
'ISHELL_COMMANDS_BEFORE_EXIT_DELIM': config.get_val('ISHELL_COMMANDS_BEFORE_EXIT_DELIM_DESCRIP'),
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
# Let user specify the attachment name:
Args['ATTACHMENT_NAME'] = Args['ATTACHMENT_NAME'] + "_" + Args['PHISHING_PAYLOAD'] + "-" + \
Args['SET_EMAIL_TEMPLATE']
plugin_params.set_config(Args) # Only now, after modifying ATTACHMENT_NAME, update config
Content += ServiceLocator.get_component("spear_phishing").run(Args, PluginInfo)
resource = ServiceLocator.get_component("config").get_resources('SendPhishingAttackviaSET')
Content += ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output', resource,
PluginInfo, Content)
return Content
def run(PluginInfo):
regexes = [
'RESPONSE_REGEXP_FOR_HTML_COMMENTS',
'RESPONSE_REGEXP_FOR_CSS_JS_COMMENTS',
'RESPONSE_REGEXP_FOR_JS_COMMENTS',
'RESPONSE_REGEXP_FOR_PHP_SOURCE',
'RESPONSE_REGEXP_FOR_ASP_SOURCE'
]
Content = ServiceLocator.get_component("plugin_helper").FindResponseBodyMatchesForRegexpNames(regexes)
return Content
def run(PluginInfo):
Content = []
plugin_params = ServiceLocator.get_component("plugin_params")
config = ServiceLocator.get_component("config")
args = {
'Description': DESCRIPTION,
'Mandatory': {
'RHOST': config.get_val('RHOST_DESCRIP'),
'RPORT': config.get_val('RPORT_DESCRIP')
},
'Optional': {
'CATEGORY': 'Category to use (i.e. ' + ', '.join(sorted(CATEGORIES)) + ')',
'REPEAT_DELIM': config.get_val('REPEAT_DELIM_DESCRIP')
}
}
for Args in plugin_params.get_args(args, PluginInfo):
plugin_params.set_config(Args)
resource = config.get_resources('DoS_' + Args['CATEGORY'])
Content += ServiceLocator.get_component("plugin_helper").CommandDump('Test Command', 'Output', resource,
PluginInfo, "") # No previous output
return Content
def run(PluginInfo):
# True = Use Transaction Cache if possible: Visit the start URLs if not already visited
# Step 1 - Find transactions that set cookies
# Step 2 - Request 10 times per URL that sets cookies
# Step 3 - Compare values and calculate randomness
url_list = []
cookie_dict = defaultdict(list)
# Get all possible values of the cookie names and values
transaction = ServiceLocator.get_component("transaction")
for id in transaction.search_by_regex_names(
[ServiceLocator.get_component("config").get('HEADERS_FOR_COOKIES')]): # Transactions with cookies
url = transaction.get_by_id(id).URL # Limitation: Not Checking POST, normally not a problem
if url not in url_list: # Only if URL not already processed!
url_list.append(url) # Keep track of processed URLs
for _ in range(0, 10): # Get more cookies to perform analysis
transaction = ServiceLocator.get_component("requester").get_transaction(False, url)
cookies = transaction.get_session_tokens()
for cookie in cookies:
cookie_dict[cookie.name].append(str(cookie.value))
# Leave the randomness test upto the user
return json.dumps(cookie_dict)
def get_plugins_from_arg(arg):
""" Returns a list of requested plugins and plugin groups
:param arg: Comma separated list of plugins
:type arg: `str`
:return: List of plugins and plugin groups
:rtype: `list`
"""
plugins = arg.split(',')
plugin_groups = ServiceLocator.get_component("db_plugin").get_groups_for_plugins(plugins)
if len(plugin_groups) > 1:
usage("The plugins specified belong to several plugin groups: '%s'" % str(plugin_groups))
return [plugins, plugin_groups]
def run(PluginInfo):
plugin_helper = ServiceLocator.get_component("plugin_helper")
resource = ServiceLocator.get_component("resource")
Content = plugin_helper.Requestlink_list('Passive Analysis Results', resource.get_resources('PassiveRobotsAnalysisHTTPRequests'), PluginInfo)
Content += plugin_helper.resource_linklist('Online Resources', resource.get_resources('PassiveRobotsAnalysisLinks'))
# Try to retrieve the robots.txt file from all defined resources
Count = 0
for Name, Resource in resource.get_resources('PassiveRobots'):
URL = Resource # Just for clarity
# Preparing link chunks for disallowed entries
LinkStart, LinkFinish = URL.split('/robots.txt')
LinkStart = LinkStart.strip()
LinkFinish = LinkFinish.strip()
# Use the cache if possible for speed
Transaction = ServiceLocator.get_component("requester").get_transaction(True, URL)
if Transaction is not None and Transaction.found:
Content += plugin_helper.ProcessRobots(PluginInfo, Transaction.get_raw_response_body(), LinkStart, LinkFinish,
'robots%s.txt' % str(Count))
Count += 1
else: # Not found or unknown request error
Message = "Could not be retrieved using resource: %s" % Resource
OWTFLogger.log(Message)
Content += plugin_helper.TransactionTableForURLList(True, [URL])
return Content
def initialisation_phase_2(args):
""" Second phase of the initialization process.
:param dict args: parsed arguments from the command line.
"""
db_config = ServiceLocator.get_component("db_config")
db_config.init()
Timer(db_config.get('DATE_TIME_FORMAT'))
ServiceLocator.get_component("db_plugin").init()
ServiceLocator.get_component("config").init()
PluginHandler(args)
Reporter()
POutputDB()
ServiceLocator.get_component("command_register").init()
ServiceLocator.get_component("worklist_manager").init()
Shell()
PluginParams(args)
SMB()
InteractiveShell()
Selenium()
SMTP()
SETHandler()