def crawl(self, fuzzable_request): """ Does a search in archive.org and searches for links on the html. Then searches those URLs in the target site. This is a time machine ! :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ domain = fuzzable_request.get_url().get_domain() if is_private_site(domain): msg = 'There is no point in searching archive.org for "%s"'\ ' because it is a private site that will never be indexed.' om.out.information(msg % domain) raise RunOnce(msg) # Initial check to verify if domain in archive start_url = self.ARCHIVE_START_URL % fuzzable_request.get_url() start_url = URL(start_url) http_response = self._uri_opener.GET(start_url, cache=True) if self.NOT_IN_ARCHIVE in http_response.body: msg = 'There is no point in searching archive.org for "%s"' msg += ' because they are not indexing this site.' om.out.information(msg % domain) raise RunOnce(msg) references = self._spider_archive([ start_url, ], self._max_depth, domain) self._analyze_urls(references)
def crawl(self, fuzzable_request): """ Runs pykto to the site. :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec and not self._mutate_tests: # dont run anymore raise RunOnce() else: # Run the basic scan (only once) url = fuzzable_request.get_url().base_url() if url not in self._already_analyzed: self._already_analyzed.add(url) self._run(url) self._exec = False # And now mutate if the user configured it... if self._mutate_tests: # Tests need to be mutated url = fuzzable_request.get_url().get_domain_path() if url not in self._already_analyzed: # Save the directories I already have tested in order to # avoid testing them more than once... self._already_analyzed.add(url) self._run(url)
def crawl(self, fuzzable_request): """ Finds the version of a WordPress installation. :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: # This will remove the plugin from the crawl plugins to be run. raise RunOnce() # # Check if the server is running wp # domain_path = fuzzable_request.get_url().get_domain_path() # Main scan URL passed from w3af + unique wp file wp_unique_url = domain_path.url_join('wp-login.php') response = self._uri_opener.GET(wp_unique_url, cache=True) # If wp_unique_url is not 404, wordpress = true if not is_404(response): # It was possible to analyze wp-login.php, don't run again self._exec = False # Analyze the identified wordpress installation self._fingerprint_wordpress(domain_path, wp_unique_url, response) # Send link to core fr = FuzzableRequest(response.get_uri()) self.output_queue.put(fr)
def discover(self, fuzzable_request, debugging_id): """ Uses several techniques to try to find out what methods are allowed for an URL. :param debugging_id: A unique identifier for this call to discover() :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: # This will remove the plugin from the infrastructure # plugins to be run raise RunOnce() if self._exec_one_time: self._exec = False domain_path = fuzzable_request.get_url().get_domain_path() if domain_path in self._already_tested: return self._already_tested.add(domain_path) _allowed_methods, id_list = self._identify_allowed_methods(domain_path) self._analyze_methods(domain_path, _allowed_methods, id_list)
def crawl(self, fuzzable_request, debugging_id): """ Finds the version of a WordPress installation. :param debugging_id: A unique identifier for this call to discover() :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: # This will remove the plugin from the crawl plugins to be run. raise RunOnce() # # Check if the server is running wp # domain_path = fuzzable_request.get_url().get_domain_path() # Main scan URL passed from w3af + unique wp file wp_unique_url = domain_path.url_join('wp-login.php') response = self._uri_opener.GET(wp_unique_url, cache=True) if is_404(response): return # It was possible to analyze wp-login.php, don't run again self._exec = False # Analyze the identified wordpress installation self._fingerprint_wordpress(domain_path, wp_unique_url, response)
def discover(self, fuzzable_request): """ It calls the "main" and writes the results to the kb. :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() self._exec = not self._find_OS(fuzzable_request)
def _do_complete_search(self, domain): """ Performs a complete search for email addresses. """ search_string = '@' + self._domain_root try: result_page_objects = self._google.get_n_result_pages( search_string, self._result_limit) except BaseFrameworkException, w3: om.out.error(str(w3)) # If I found an error, I don't want to be run again raise RunOnce()
def discover(self, fuzzable_request, debugging_id): """ It calls the "main" and writes the results to the kb. :param debugging_id: A unique identifier for this call to discover() :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() self._exec = not self._find_OS(fuzzable_request)
def crawl(self, fuzzable_request): """ Find users in a WordPress installation :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() else: # Check if there is a wordpress installation in this directory domain_path = fuzzable_request.get_url().get_domain_path() wp_unique_url = domain_path.url_join('wp-login.php') response = self._uri_opener.GET(wp_unique_url, cache=True) # If wp_unique_url is not 404, wordpress = true if not is_404(response): self._enum_users(fuzzable_request)
def crawl(self, fuzzable_request): """ Get the file and parse it. :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() else: domain_path = fuzzable_request.get_url().get_domain_path() # Should I run more than once? if not self._be_recursive: self._exec = False if domain_path not in self._already_tested: self._already_tested.add(domain_path) self._bruteforce_directories(domain_path)
def crawl(self, fuzzable_request, debugging_id): """ Find users in a WordPress installation :param debugging_id: A unique identifier for this call to discover() :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() # Check if there is a wordpress installation in this directory domain_path = fuzzable_request.get_url().get_domain_path() wp_unique_url = domain_path.url_join('wp-login.php') response = self._uri_opener.GET(wp_unique_url, cache=True) if is_404(response): return self._enum_users(fuzzable_request)
def crawl(self, fuzzable_request): """ :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() else: # Check if there is a wordpress installation in this directory domain_path = fuzzable_request.get_url().get_domain_path() wp_unique_url = domain_path.url_join('wp-login.php') response = self._uri_opener.GET(wp_unique_url, cache=True) # If wp_unique_url is not 404, wordpress = true if not is_404(response): # Only run once self._exec = False extracted_paths = self._extract_paths(domain_path) self._force_disclosures(domain_path, self.CHECK_PATHS + extracted_paths)
def crawl(self, fuzzable_request, debugging_id): """ Get the file and parse it. :param debugging_id: A unique identifier for this call to discover() :param fuzzable_request: A fuzzable_request instance that contains (among other things) the URL to test. """ if not self._exec: raise RunOnce() domain_path = fuzzable_request.get_url().get_domain_path() # Should I run more than once? if not self._be_recursive: self._exec = False if domain_path in self._already_tested: return self._already_tested.add(domain_path) self._bruteforce_directories(domain_path)