# Show the plugin information.
try:
to_print = []
plugin_infos = []
for plugin_id in P.targets:
m_found = manager.search_plugins_by_mask(plugin_id)
plugin_infos.extend( m_found.values() )
if not plugin_infos:
raise KeyError()
for m_plugin_info in plugin_infos:
Config._context = PluginContext( orchestrator_pid = getpid(),
orchestrator_tid = get_ident(),
plugin_info = m_plugin_info,
msg_queue = None )
m_plugin_obj = manager.load_plugin_by_id(m_plugin_info.plugin_id)
m_root = cmdParams.plugins_folder
m_root = path.abspath(m_root)
if not m_root.endswith(path.sep):
m_root += path.sep
m_location = m_plugin_info.descriptor_file[len(m_root):]
a, b = path.split(m_location)
b = colorize(b, "cyan")
m_location = path.join(a, b)
m_src = m_plugin_info.plugin_module[len(m_root):]
a, b = path.split(m_src)
b = colorize(b, "cyan")
m_src = path.join(a, b)
m_name = m_plugin_info.plugin_id
p = m_name.rfind("/") + 1
m_name = m_name[:p] + colorize(m_name[p:], "cyan")
def command_run(parser, P, cmdParams, auditParams):
# For the SCAN command, assume targets are URLs whenever feasible.
if P.command == "SCAN":
guessed_urls = []
for target in auditParams.targets:
if not "://" in target:
guessed_urls.append("http://" + target)
auditParams.targets.extend(guessed_urls)
# For all other commands, disable the testing plugins.
else:
auditParams.plugin_load_overrides.append((False, "testing"))
# For the IMPORT command, targets are import files.
if P.command == "IMPORT":
auditParams.imports = auditParams.targets # magic
del auditParams.targets # magic
# For the REPORT command, targets are report files.
elif P.command == "REPORT":
auditParams.reports = auditParams.targets # magic
del auditParams.targets # magic
# If we reached this point, we have an internal error!
else:
raise RuntimeError("Unsupported command: %s" % P.command)
# Expand wildcards for filenames on Windows.
# On other platforms this is not needed,
# as the shell already does it for us.
if os.path.sep == "\\":
auditParams._imports = expand_wildcards(auditParams._imports)
auditParams._reports = expand_wildcards(auditParams._reports)
try:
# Load the plugins.
manager = PluginManager()
manager.find_plugins(cmdParams)
# Sanitize the plugin arguments.
try:
if P.raw_plugin_args:
P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args)
except KeyError, e:
##raise # XXX DEBUG
parser.error("error parsing plugin arguments: %s" % str(e))
# Prompt for passwords.
for plugin_id in P.plugin_args.keys():
plugin_info = manager.get_plugin_by_id(plugin_id)
target_args = P.plugin_args[plugin_id]
for key, value in target_args.items():
if not value and key in plugin_info.plugin_passwd_args:
if len(plugin_info.plugin_passwd_args) > 1:
msg = "Enter password for %s (%s): "
msg %= (plugin_info.display_name, key)
else:
msg = "Enter password for %s: "
msg %= plugin_info.display_name
target_args[key] = getpass(msg)
# Save the plugin arguments for the Orchestrator and the Audit.
cmdParams.plugin_args = P.plugin_args
auditParams.plugin_args = P.plugin_args
# Check the parameters.
cmdParams.check_params()
auditParams.check_params()
# Set the plugin arguments before loading the UI plugin.
for plugin_id, plugin_args in cmdParams.plugin_args.iteritems():
status = manager.set_plugin_args(plugin_id, plugin_args)
if status != 0: # should never happen, but just in case...
if status == 1:
msg = "Unknown plugin: %s"
elif status == 2:
msg = "Invalid arguments for plugin: %s"
else:
msg = "Error setting arguments for plugin: %s"
parser.error(msg % plugin_id)
# Load the UI plugin.
ui_plugin_id = "ui/" + cmdParams.ui_mode
ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
def command_run(parser, P, cmdParams, auditParams):
# For the SCAN command, assume targets are URLs whenever feasible.
if P.command == "SCAN":
guessed_urls = []
for target in auditParams.targets:
if not "://" in target:
guessed_urls.append("http://" + target)
auditParams.targets.extend(guessed_urls)
# For all other commands, disable the testing plugins.
else:
auditParams.plugin_load_overrides.append( (False, "testing") )
# For the IMPORT command, targets are import files.
if P.command == "IMPORT":
auditParams.imports = auditParams.targets # magic
del auditParams.targets # magic
# For the REPORT command, targets are report files.
elif P.command == "REPORT":
auditParams.reports = auditParams.targets # magic
del auditParams.targets # magic
# If we reached this point, we have an internal error!
else:
raise RuntimeError("Unsupported command: %s" % P.command)
# Expand wildcards for filenames on Windows.
# On other platforms this is not needed,
# as the shell already does it for us.
if os.path.sep == "\\":
auditParams._imports = expand_wildcards(auditParams._imports)
auditParams._reports = expand_wildcards(auditParams._reports)
try:
# Load the plugins.
manager = PluginManager()
manager.find_plugins(cmdParams)
# Sanitize the plugin arguments.
try:
if P.raw_plugin_args:
P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args)
except KeyError, e:
##raise # XXX DEBUG
parser.error("error parsing plugin arguments: %s" % str(e))
# Prompt for passwords.
for plugin_id in P.plugin_args.keys():
plugin_info = manager.get_plugin_by_id(plugin_id)
target_args = P.plugin_args[plugin_id]
for key, value in target_args.items():
if not value and key in plugin_info.plugin_passwd_args:
if len(plugin_info.plugin_passwd_args) > 1:
msg = "Enter password for %s (%s): "
msg %= (plugin_info.display_name, key)
else:
msg = "Enter password for %s: "
msg %= plugin_info.display_name
target_args[key] = getpass(msg)
# Save the plugin arguments for the Orchestrator and the Audit.
cmdParams.plugin_args = P.plugin_args
auditParams.plugin_args = P.plugin_args
# Check the parameters.
cmdParams.check_params()
auditParams.check_params()
# Set the plugin arguments before loading the UI plugin.
for plugin_id, plugin_args in cmdParams.plugin_args.iteritems():
status = manager.set_plugin_args(plugin_id, plugin_args)
if status != 0: # should never happen, but just in case...
if status == 1:
msg = "Unknown plugin: %s"
elif status == 2:
msg = "Invalid arguments for plugin: %s"
else:
msg = "Error setting arguments for plugin: %s"
parser.error(msg % plugin_id)
# Load the UI plugin.
ui_plugin_id = "ui/" + cmdParams.ui_mode
ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
