def _generate_ignores(self, response):
"""
Generate the list of strings we want to ignore as private IP addresses
"""
if self._ignore_if_match is None:
self._ignore_if_match = set()
requested_domain = response.get_url().get_domain()
self._ignore_if_match.add(requested_domain)
self._ignore_if_match.add(get_local_ip(requested_domain))
self._ignore_if_match.add(get_local_ip())
try:
ip_address = socket.gethostbyname(requested_domain)
except:
pass
else:
self._ignore_if_match.add(ip_address)
def _generate_ignores(self, response):
"""
Generate the list of strings we want to ignore as private IP addresses
"""
if self._ignore_if_match is None:
self._ignore_if_match = set()
requested_domain = response.get_url().get_domain()
self._ignore_if_match.add(requested_domain)
self._ignore_if_match.add(get_local_ip(requested_domain))
self._ignore_if_match.add(get_local_ip())
try:
ip_address = socket.gethostbyname(requested_domain)
except:
pass
else:
self._ignore_if_match.add(ip_address)
def __init__(self):
AuditPlugin.__init__(self)
# Internal variables
self._error_reported = False
self._vulns = []
# User configured parameters
self._listen_port = ports.REMOTEFILEINCLUDE
self._listen_address = get_local_ip() or ''
self._use_w3af_site = True
def __init__(self):
AttackPlugin.__init__(self)
# Internal variables
self._xss_vuln = None
self._exploit_mutant = None
# User configured variables
self._listen_port = ports.RFI_SHELL
self._listen_address = get_local_ip()
self._use_XSS_vuln = True
def __init__(self):
AuditPlugin.__init__(self)
# Internal variables
self._error_reported = False
self._vulns = []
# User configured parameters
self._listen_port = ports.REMOTEFILEINCLUDE
self._listen_address = get_local_ip() or ''
self._use_w3af_site = True
def __init__(self):
AttackPlugin.__init__(self)
# Internal variables
self._xss_vuln = None
self._exploit_mutant = None
# User configured variables
self._listen_port = ports.RFI_SHELL
self._listen_address = get_local_ip()
self._use_XSS_vuln = True
def set_default_values(self):
"""
Load all the default settings
:return: None
"""
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('path_max_variants', PATH_MAX_VARIANTS)
cf.cf.save('params_max_variants', PARAMS_MAX_VARIANTS)
cf.cf.save('max_equal_form_variants', MAX_EQUAL_FORM_VARIANTS)
cf.cf.save('max_discovery_time', 120)
cf.cf.save('max_scan_time', 240)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
# The network interface configuration (for advanced exploits)
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('stop_on_first_exception', False)
# Blacklists
cf.cf.save('blacklist_http_request', [])
cf.cf.save('blacklist_audit', [])
# Form exclusion via IDs
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
# Language to use when reading from vulndb
cf.cf.save('vulndb_language', DBVuln.DEFAULT_LANG)
def set_default_values(self):
"""
Load all the default settings
:return: None
"""
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('path_max_variants', PATH_MAX_VARIANTS)
cf.cf.save('params_max_variants', PARAMS_MAX_VARIANTS)
cf.cf.save('max_equal_form_variants', MAX_EQUAL_FORM_VARIANTS)
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
# The network interface configuration (for advanced exploits)
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
# Form exclusion via IDs
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
# Language to use when reading from vulndb
cf.cf.save('vulndb_language', DBVuln.DEFAULT_LANG)
def get_net_iface():
"""
This function is very OS dependant.
:return: The interface name that is being used to connect to the net.
"""
# Get the IP address thats used to go to the Internet
internet_ip = get_local_ip()
#
# I need to have a default in case everything else fails!
#
ifname = 'eth0'
if os.name == "nt":
#
# TODO: Find out how to do this in Windows!
#
pass
else:
#
# Linux
#
import fcntl
import struct
interfaces = [
"eth0", "eth1", "eth2", "wlan0", "wlan1", "wifi0", "ath0", "ath1",
"ppp0"
]
for ifname in interfaces:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
interface_ip = socket.inet_ntoa(
fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15]))[20:24])
except IOError:
pass
else:
if internet_ip == interface_ip:
break
return ifname
def get_net_iface():
"""
This function is very OS dependant.
:return: The interface name that is being used to connect to the net.
"""
# Get the IP address thats used to go to the Internet
internet_ip = get_local_ip()
#
# I need to have a default in case everything else fails!
#
ifname = 'eth0'
if os.name == "nt":
#
# TODO: Find out how to do this in Windows!
#
pass
else:
#
# Linux
#
import fcntl
import struct
interfaces = ["eth0", "eth1", "eth2", "wlan0", "wlan1",
"wifi0", "ath0", "ath1", "ppp0"]
for ifname in interfaces:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
interface_ip = socket.inet_ntoa(fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15])
)[20:24])
except IOError:
pass
else:
if internet_ip == interface_ip:
break
return ifname
def __init__(self):
"""
Set the defaults and save them to the config dict.
"""
#
# User configured variables
#
if cf.cf.get('fuzz_cookies') is None:
# It's the first time I'm run
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
#
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
def __init__(self):
"""
Set the defaults and save them to the config dict.
"""
#
# User configured variables
#
if cf.cf.get('fuzz_cookies') is None:
# It's the first time I'm run
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
#
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
def set_default_values(self):
"""
Load all the default settings
:return: None
"""
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
# The network interface configuration (for advanced exploits)
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
# Form exclusion via IDs
cf.cf.save('form_id_list', FormIDMatcherList('[]'))
cf.cf.save('form_id_action', EXCLUDE)
def set_default_values(self):
"""
Load all the default settings
:return: None
"""
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
# The network interface configuration (for advanced exploits)
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default
# setting. In most cases, it is the "public" IP address, which will
# work perfectly in all plugins that need a reverse connection
# (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
cf.cf.save('params_max_variants', 10)
cf.cf.save('path_max_variants', 50)
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
if 'local_ip_address' in profile_inst.get_misc_settings():
local_ip = get_local_ip()
profile_misc_settings['local_ip_address'].set_value(local_ip)
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
try:
http_settings = profile_inst.get_http_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework http-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
self._w3af_core.uri_opener.settings.set_options(http_settings)
#
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
:raise BaseFrameworkException: if the profile to load has some type of
problem, or the plugins are incorrectly
configured.
"""
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if "local_ip_address" in profile_inst.get_misc_settings():
profile_misc_settings["local_ip_address"].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = (
"The profile you are trying to load (%s) seems to be"
" outdated, this is a common issue which happens when the"
" framework is updated and one of its plugins adds/removes"
" one of the configuration parameters referenced by a"
" profile, or the plugin is removed all together.\n\n"
"The profile was loaded but some of your settings might"
" have been lost. This is the list of issues that were"
" found:\n\n"
" - %s\n"
"\nWe recommend you review the specific plugin"
" configurations, apply the required changes and save"
" the profile in order to update it and avoid this"
" message. If this warning does not disappear you can"
" manually edit the profile file to fix it."
)
error_messages = []
core_set_plugins = self._w3af_core.plugins.set_plugins
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = core_set_plugins(plugin_names, plugin_type, raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is' " unknown to the w3af framework."
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is' " unknown in the current framework version."
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with
# "outdated" profiles that users could have in their ~/.w3af/
# directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(plugin_type, plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options)
except BaseFrameworkException, w3e:
msg = (
'Setting the options for plugin "%s.%s" raised an'
" exception due to unknown or invalid configuration"
" parameters. %s"
)
error_messages.append(msg % (plugin_type, plugin_name, w3e))
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
if 'local_ip_address' in profile_inst.get_misc_settings():
local_ip = get_local_ip()
profile_misc_settings['local_ip_address'].set_value(local_ip)
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
try:
http_settings = profile_inst.get_http_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework http-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
self._w3af_core.uri_opener.settings.set_options(http_settings)
#
def test_w3af_agent(self):
result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),),
use_api=True)
self.assertEquals('Successfully started the w3afAgent.', result)
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise BaseFrameworkException: if the profile to load has some type of problem.
"""
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if 'local_ip_address' in profile_inst.get_misc_settings():
profile_misc_settings['local_ip_address'].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(
profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = ('The profile you are trying to load (%s) seems to be'
' outdated, this is a common issue which happens when the'
' framework is updated and one of its plugins adds/removes'
' one of the configuration parameters referenced by a profile'
', or the plugin is removed all together.\n\n'
'The profile was loaded but some of your settings might'
' have been lost. This is the list of issues that were found:\n\n'
' - %s\n'
'\nWe recommend you review the specific plugin configurations,'
' apply the required changes and save the profile in order'
' to update it and avoid this message. If this warning does not'
' disappear you can manually edit the profile file to fix it.')
error_messages = []
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names,
plugin_type,
raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is'\
' unknown to the w3af framework.'
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is unknown.'
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(
plugin_type,
plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type,
plugin_name,
plugin_options)
except BaseFrameworkException, w3e:
msg = 'Setting the options for plugin "%s.%s" raised an' \
' exception due to unknown or invalid configuration' \
' parameters.'
msg += ' ' + str(w3e)
error_messages.append(msg % (plugin_type, plugin_name))
