Ejemplo n.º 1
0
 def __init__(self, torNodes):
     BasePlugin.__init__(self, torNodes, 'w3afPlugin')
     self.info("[*] w3afPlugin Initialized!")
     self.w3afCorePlugin = w3afCore()
     self.w3afCorePlugin.plugins.init_plugins()
     self.w3afCorePlugin.plugins.zero_enabled_plugins()
     self.miscSettings = MiscSettings()
Ejemplo n.º 2
0
    def save_current_to_profile(self,
                                profile_name,
                                prof_desc='',
                                prof_path='',
                                self_contained=False):
        """
        Save the current configuration of the core to the profile called
        profile_name.

        :return: The new profile instance if the profile was successfully saved.
                 Otherwise raise a BaseFrameworkException.
        """
        # Open the already existing profile
        new_profile = profile(profile_name, workdir=os.path.dirname(prof_path))

        # shortcut
        w3af_plugins = self._w3af_core.plugins

        # Save the enabled plugins
        for plugin_type in w3af_plugins.get_plugin_types():
            enabled_plugins = []
            for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
                enabled_plugins.append(plugin_name)
            new_profile.set_enabled_plugins(plugin_type, enabled_plugins)

        # Save the plugin options
        for plugin_type in w3af_plugins.get_plugin_types():
            for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
                plugin_options = w3af_plugins.get_plugin_options(
                    plugin_type, plugin_name)
                if plugin_options:
                    new_profile.set_plugin_options(
                        plugin_type,
                        plugin_name,
                        plugin_options,
                        self_contained=self_contained)

        # Save the profile targets
        targets = cf.cf.get('targets')
        if targets:
            new_profile.set_target(' , '.join(t.url_string for t in targets))

        # Save the misc and http settings
        misc_settings = MiscSettings()
        new_profile.set_misc_settings(misc_settings.get_options())
        new_profile.set_http_settings(
            self._w3af_core.uri_opener.settings.get_options())

        # Save the profile name and description
        new_profile.set_desc(prof_desc)
        new_profile.set_name(profile_name)

        # Save the profile to the file
        new_profile.save(profile_name)

        return new_profile
Ejemplo n.º 3
0
    def save_current_to_profile(self, profile_name, prof_desc='', prof_path='',
                                self_contained=False):
        """
        Save the current configuration of the core to the profile called
        profile_name.

        :return: The new profile instance if the profile was successfully saved.
                 Otherwise raise a BaseFrameworkException.
        """
        # Open the already existing profile
        new_profile = profile(profile_name, workdir=os.path.dirname(prof_path))

        # shortcut
        w3af_plugins = self._w3af_core.plugins

        # Save the enabled plugins
        for plugin_type in w3af_plugins.get_plugin_types():
            enabled_plugins = []
            for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
                enabled_plugins.append(plugin_name)
            new_profile.set_enabled_plugins(plugin_type, enabled_plugins)

        # Save the plugin options
        for plugin_type in w3af_plugins.get_plugin_types():
            for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
                plugin_options = w3af_plugins.get_plugin_options(plugin_type,
                                                                 plugin_name)
                if plugin_options:
                    new_profile.set_plugin_options(plugin_type,
                                                   plugin_name,
                                                   plugin_options,
                                                   self_contained=self_contained)

        # Save the profile targets
        targets = cf.cf.get('targets')
        if targets:
            new_profile.set_target(' , '.join(t.url_string for t in targets))

        # Save the misc and http settings
        misc_settings = MiscSettings()
        new_profile.set_misc_settings(misc_settings.get_options())
        new_profile.set_http_settings(
            self._w3af_core.uri_opener.settings.get_options())

        # Save the profile name and description
        new_profile.set_desc(prof_desc)
        new_profile.set_name(profile_name)

        # Save the profile to the file
        new_profile.save(profile_name)

        return new_profile
Ejemplo n.º 4
0
    def setUp(self):
        self.kb.cleanup()
        self.w3afcore = w3afCore()
        self.misc_settings = MiscSettings()

        self.request_callback_call_count = 0
        self.request_callback_match = 0

        if self.MOCK_RESPONSES:
            httpretty.reset()
            httpretty.enable()
            
            try:
                url = URL(self.target_url)
            except ValueError, ve:
                msg = ('When using MOCK_RESPONSES you need to set the'
                       ' target_url attribute to a valid URL, exception was:'
                       ' "%s".')
                raise Exception(msg % ve)

            domain = url.get_domain()
            proto = url.get_protocol()
            port = url.get_port()

            self._register_httpretty_uri(proto, domain, port)
Ejemplo n.º 5
0
 def get_misc_settings(self):
     """
     Get the misc settings options.
     :return: The misc settings in an OptionList
     """
     from w3af.core.controllers.misc_settings import MiscSettings
     misc_settings = MiscSettings()
     return self._get_x_settings('misc-settings', misc_settings)
Ejemplo n.º 6
0
 def __init__(self, torNodes=[]):
     BasePlugin.__init__(self, torNodes, 'w3afPlugin')
     self.setPluginDetails('w3afPlugin', 'Plugin to load the W3AF context in Tortazo. You can execute W3AF against the TOR deep web.', '1.0', 'Adastra: @jdaanial')
     if len(torNodes) > 0:
         self.info("[*] w3afPlugin Initialized!")
         self.w3afCorePlugin = w3afCore()
         self.w3afCorePlugin.plugins.init_plugins()
         self.w3afCorePlugin.plugins.zero_enabled_plugins()
         self.miscSettings = MiscSettings()
Ejemplo n.º 7
0
    def test_basic(self):
        opt_lst = MiscSettings().get_options()

        for opt in opt_lst:
            self.assertIn(opt.get_type(), OPTION_TYPES)
            self.assertTrue(opt.get_name())
            self.assertEqual(opt, opt)

            # Just verify that this doesn't crash and that the types
            # are correct
            self.assertIsInstance(opt.get_name(), basestring)
            self.assertIsInstance(opt.get_desc(), basestring)
            self.assertIsInstance(opt.get_type(), basestring)
            self.assertIsInstance(opt.get_help(), basestring)
            self.assertIsInstance(opt.get_value_str(), basestring)
Ejemplo n.º 8
0
    def __init__(self, name, console, core, parent=None):
        menu.__init__(self, name, console, core, parent)
        self._load_help('root')

        #   At first, there is no scan thread
        self._scan_thread = None

        mapDict(self.addChild, {
            'plugins': pluginsMenu,
            'target': (ConfigMenu, self._w3af.target),
            'misc-settings': (ConfigMenu, MiscSettings()),
            'http-settings': (ConfigMenu, self._w3af.uri_opener.settings),
            'profiles': ProfilesMenu,
            'bug-report': bug_report_menu,
            'exploit': exploit,
            'kb': kbMenu
        })
Ejemplo n.º 9
0
    def use_profile(self, profile_name, workdir=None):
        """
        Gets all the information from the profile and stores it in the
        w3af core plugins / target attributes for later use.

        :raise BaseFrameworkException: if the profile to load has some type of
                                       problem, or the plugins are incorrectly
                                       configured.
        """
        error_messages = []

        # Clear all the current configuration before loading a new profile
        self._w3af_core.plugins.zero_enabled_plugins()
        MiscSettings().set_default_values()
        self._w3af_core.uri_opener.settings.set_default_values()

        if profile_name is None:
            # If the profile name is None, I just clear the enabled plugins and
            # return
            return

        # This might raise an exception (which we don't want to handle) when
        # the profile does not exist
        profile_inst = profile(profile_name, workdir)

        # It exists, work with it!

        # Set the target settings of the profile to the core
        self._w3af_core.target.set_options(profile_inst.get_target())

        # Set the misc and http settings
        try:
            profile_misc_settings = profile_inst.get_misc_settings()
        except BaseFrameworkException, e:
            msg = ('Setting the framework misc-settings raised an exception'
                   ' due to unknown or invalid configuration parameters. %s')
            error_messages.append(msg % e)
Ejemplo n.º 10
0
        try:
            profile_misc_settings = profile_inst.get_misc_settings()
        except BaseFrameworkException, e:
            msg = ('Setting the framework misc-settings raised an exception'
                   ' due to unknown or invalid configuration parameters. %s')
            error_messages.append(msg % e)
        else:
            #
            # IGNORE the following parameters from the profile:
            #   - misc_settings.local_ip_address
            #
            if 'local_ip_address' in profile_inst.get_misc_settings():
                local_ip = get_local_ip()
                profile_misc_settings['local_ip_address'].set_value(local_ip)

            misc_settings = MiscSettings()
            misc_settings.set_options(profile_misc_settings)

        try:
            http_settings = profile_inst.get_http_settings()
        except BaseFrameworkException, e:
            msg = ('Setting the framework http-settings raised an exception'
                   ' due to unknown or invalid configuration parameters. %s')
            error_messages.append(msg % e)
        else:
            self._w3af_core.uri_opener.settings.set_options(http_settings)

        #
        #    Handle plugin options
        #
        error_fmt = ('The profile you are trying to load (%s) seems to be'
Ejemplo n.º 11
0
    def use_profile(self, profile_name, workdir=None):
        """
        Gets all the information from the profile and stores it in the
        w3af core plugins / target attributes for later use.

        :raise BaseFrameworkException: if the profile to load has some type of
                                       problem, or the plugins are incorrectly
                                       configured.
        """
        # Clear all enabled plugins if profile_name is None
        if profile_name is None:
            self._w3af_core.plugins.zero_enabled_plugins()
            return

        # This might raise an exception (which we don't want to handle) when
        # the profile does not exist
        profile_inst = profile(profile_name, workdir)

        # It exists, work with it!

        # Set the target settings of the profile to the core
        self._w3af_core.target.set_options(profile_inst.get_target())

        # Set the misc and http settings
        #
        # IGNORE the following parameters from the profile:
        #   - misc_settings.local_ip_address
        #
        profile_misc_settings = profile_inst.get_misc_settings()
        if "local_ip_address" in profile_inst.get_misc_settings():
            profile_misc_settings["local_ip_address"].set_value(get_local_ip())

        misc_settings = MiscSettings()
        misc_settings.set_options(profile_misc_settings)
        self._w3af_core.uri_opener.settings.set_options(profile_inst.get_http_settings())

        #
        #    Handle plugin options
        #
        error_fmt = (
            "The profile you are trying to load (%s) seems to be"
            " outdated, this is a common issue which happens when the"
            " framework is updated and one of its plugins adds/removes"
            " one of the configuration parameters referenced by a"
            " profile, or the plugin is removed all together.\n\n"
            "The profile was loaded but some of your settings might"
            " have been lost. This is the list of issues that were"
            " found:\n\n"
            "    - %s\n"
            "\nWe recommend you review the specific plugin"
            " configurations, apply the required changes and save"
            " the profile in order to update it and avoid this"
            " message. If this warning does not disappear you can"
            " manually edit the profile file to fix it."
        )

        error_messages = []
        core_set_plugins = self._w3af_core.plugins.set_plugins

        for plugin_type in self._w3af_core.plugins.get_plugin_types():
            plugin_names = profile_inst.get_enabled_plugins(plugin_type)

            # Handle errors that might have been triggered from a possibly
            # invalid profile
            try:
                unknown_plugins = core_set_plugins(plugin_names, plugin_type, raise_on_error=False)
            except KeyError:
                msg = 'The profile references the "%s" plugin type which is' " unknown to the w3af framework."
                error_messages.append(msg % plugin_type)
                continue

            for unknown_plugin in unknown_plugins:
                msg = 'The profile references the "%s.%s" plugin which is' " unknown in the current framework version."
                error_messages.append(msg % (plugin_type, unknown_plugin))

            # Now we set the plugin options, which can also trigger errors with
            # "outdated" profiles that users could have in their ~/.w3af/
            # directory.
            for plugin_name in set(plugin_names) - set(unknown_plugins):

                try:
                    plugin_options = profile_inst.get_plugin_options(plugin_type, plugin_name)
                    self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options)
                except BaseFrameworkException, w3e:
                    msg = (
                        'Setting the options for plugin "%s.%s" raised an'
                        " exception due to unknown or invalid configuration"
                        " parameters. %s"
                    )
                    error_messages.append(msg % (plugin_type, plugin_name, w3e))
Ejemplo n.º 12
0
        try:
            profile_misc_settings = profile_inst.get_misc_settings()
        except BaseFrameworkException, e:
            msg = ('Setting the framework misc-settings raised an exception'
                   ' due to unknown or invalid configuration parameters. %s')
            error_messages.append(msg % e)
        else:
            #
            # IGNORE the following parameters from the profile:
            #   - misc_settings.local_ip_address
            #
            if 'local_ip_address' in profile_inst.get_misc_settings():
                local_ip = get_local_ip()
                profile_misc_settings['local_ip_address'].set_value(local_ip)

            misc_settings = MiscSettings()
            misc_settings.set_options(profile_misc_settings)

        try:
            http_settings = profile_inst.get_http_settings()
        except BaseFrameworkException, e:
            msg = ('Setting the framework http-settings raised an exception'
                   ' due to unknown or invalid configuration parameters. %s')
            error_messages.append(msg % e)
        else:
            self._w3af_core.uri_opener.settings.set_options(http_settings)

        #
        #    Handle plugin options
        #
        error_fmt = (
Ejemplo n.º 13
0
    def use_profile(self, profile_name, workdir=None):
        """
        Gets all the information from the profile and stores it in the
        w3af core plugins / target attributes for later use.

        @raise BaseFrameworkException: if the profile to load has some type of problem.
        """
        # Clear all enabled plugins if profile_name is None
        if profile_name is None:
            self._w3af_core.plugins.zero_enabled_plugins()
            return

        # This might raise an exception (which we don't want to handle) when
        # the profile does not exist
        profile_inst = profile(profile_name, workdir)
        
        # It exists, work with it!

        # Set the target settings of the profile to the core
        self._w3af_core.target.set_options(profile_inst.get_target())

        # Set the misc and http settings
        #
        # IGNORE the following parameters from the profile:
        #   - misc_settings.local_ip_address
        #
        profile_misc_settings = profile_inst.get_misc_settings()
        if 'local_ip_address' in profile_inst.get_misc_settings():
            profile_misc_settings['local_ip_address'].set_value(get_local_ip())

        misc_settings = MiscSettings()
        misc_settings.set_options(profile_misc_settings)
        self._w3af_core.uri_opener.settings.set_options(
            profile_inst.get_http_settings())

        #
        #    Handle plugin options
        #
        error_fmt = ('The profile you are trying to load (%s) seems to be'
                     ' outdated, this is a common issue which happens when the'
                     ' framework is updated and one of its plugins adds/removes'
                     ' one of the configuration parameters referenced by a profile'
                     ', or the plugin is removed all together.\n\n'
                     'The profile was loaded but some of your settings might'
                     ' have been lost. This is the list of issues that were found:\n\n'
                     '    - %s\n'
                     '\nWe recommend you review the specific plugin configurations,'
                     ' apply the required changes and save the profile in order'
                     ' to update it and avoid this message. If this warning does not'
                     ' disappear you can manually edit the profile file to fix it.')

        error_messages = []

        for plugin_type in self._w3af_core.plugins.get_plugin_types():
            plugin_names = profile_inst.get_enabled_plugins(plugin_type)

            # Handle errors that might have been triggered from a possibly
            # invalid profile
            try:
                unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names,
                                                                      plugin_type,
                                                                      raise_on_error=False)
            except KeyError:
                msg = 'The profile references the "%s" plugin type which is'\
                      ' unknown to the w3af framework.'
                error_messages.append(msg % plugin_type)
                continue
                
            for unknown_plugin in unknown_plugins:
                msg = 'The profile references the "%s.%s" plugin which is unknown.'
                error_messages.append(msg % (plugin_type, unknown_plugin))

            # Now we set the plugin options, which can also trigger errors with "outdated"
            # profiles that users could have in their ~/.w3af/ directory.
            for plugin_name in set(plugin_names) - set(unknown_plugins):

                try:
                    plugin_options = profile_inst.get_plugin_options(
                        plugin_type,
                        plugin_name)
                    self._w3af_core.plugins.set_plugin_options(plugin_type,
                                                               plugin_name,
                                                               plugin_options)
                except BaseFrameworkException, w3e:
                    msg = 'Setting the options for plugin "%s.%s" raised an' \
                          ' exception due to unknown or invalid configuration' \
                          ' parameters.'
                    msg += ' ' + str(w3e)
                    error_messages.append(msg % (plugin_type, plugin_name))
Ejemplo n.º 14
0
class w3afPlugin(BasePlugin):
    '''
    Class to  implement a simple plugin which prints the TOR Data structure.
    '''

    def __init__(self, torNodes=[]):
        BasePlugin.__init__(self, torNodes, 'w3afPlugin')
        self.setPluginDetails('w3afPlugin', 'Plugin to load the W3AF context in Tortazo. You can execute W3AF against the TOR deep web.', '1.0', 'Adastra: @jdaanial')
        if len(torNodes) > 0:
            self.info("[*] w3afPlugin Initialized!")
            self.w3afCorePlugin = w3afCore()
            self.w3afCorePlugin.plugins.init_plugins()
            self.w3afCorePlugin.plugins.zero_enabled_plugins()
            self.miscSettings = MiscSettings()


    def __del__(self):
        if len(self.torNodes) > 0:
            self.info("[*] w3afPlugin Destroyed!")


    '''
    PLUGIN MANAGEMENT FUNCTIONS.
    '''
    def showPluginsByType(self, type):
        pluginByType = self.w3afCorePlugin.plugins.get_plugin_list(type)
        tablePlugins = PrettyTable(["[*] Plugins for %s "%(type)])
        for plugin in pluginByType:
            tablePlugins.add_row([plugin])
        print tablePlugins

    def showPluginTypes(self):
        types = self.w3afCorePlugin.plugins.get_plugin_types()
        tableTypes = PrettyTable(["[*] Plugin Types"])
        for plugin in types:
            tableTypes.add_row([plugin])
        print tableTypes

    def getEnabledPluginsByType(self, type):
        enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
        tableTypes = PrettyTable(["[*] Enabled plugins by type %s" %(type)])
        for plugin in enabled:
            tableTypes.add_row([plugin])
        print tableTypes

    def getPluginTypeDescription(self, type):
        tableTypes = PrettyTable(["[*] Type %s" %(type)])
        tableTypes.add_row([self.w3afCorePlugin.plugins.get_plugin_type_desc(type)])
        print tableTypes

    def getAllEnabledPlugins(self):
        enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
        tableTypes = PrettyTable(["Type", "Plugins" ])
        for type in enabledPlugins.keys():
            tableTypes.add_row([type,enabledPlugins[type]])
        print tableTypes


    def enablePlugin(self, pluginName, type):
        enabled = [pluginName, ]
        enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
        for plugin in enabledPlugins[type]:
            enabled.append(plugin)
        self.w3afCorePlugin.plugins.set_plugins(enabled, type)
        self.getEnabledPluginsByType(type)

    def disablePlugin(self,pluginName,type):
        enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
        if pluginName in enabled:
            enabled.remove(pluginName)
        print "[*] Plugin Disabled"
        self.w3afCorePlugin.plugins.set_plugins(enabled, type)
        self.getEnabledPluginsByType(type)


    def enableAllPlugins(self, pluginType):
        plugins = self.w3afCorePlugin.plugins.get_plugin_list(pluginType)
        self.w3afCorePlugin.plugins.set_plugins(plugins, pluginType)
        print "[*] All plugins of type %s has been enabled..." %(pluginType)
        self.getAllEnabledPlugins()


    def disableAllPlugins(self, pluginType):
        self.w3afCorePlugin.plugins.set_plugins([], pluginType)
        print "[*] All plugins of type %s has been disabled..." %(pluginType)
        self.getAllEnabledPlugins()

    def getPluginOptions(self, pluginType, pluginName):
        optList = self.w3afCorePlugin.plugins.get_plugin_options(pluginType,pluginName)
        print "[*] Plugin Options for %s " %(pluginName)
        tablePluginOptions = PrettyTable(["Name","Value", "Type"])
        for item in optList._internal_opt_list:
            tablePluginOptions.add_row([item.get_name(),item.get_value(),item.get_type()])
        print tablePluginOptions


    def setPluginOptions(self, pluginType, pluginName, pluginSettingType, pluginSetting, pluginSettingValue):
        opt_list = OptionList()
        opt_list.add( opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting", pluginSettingType) )
        print "[*] Setting %s with value %s on Plugin %s ..." %(pluginSetting,pluginSettingValue,pluginName)
        self.w3afCorePlugin.plugins._plugins_options[pluginType][pluginName] = opt_list
        print "[*] Done!"


    def getPluginStatus(self, pluginType, pluginName):
        enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
        enabled = False
        for type in enabledPlugins.keys():
            if type in pluginType and pluginName in enabledPlugins[type]:
                enabled = True
        if enabled:
            print "[*] The plugin %s status is: ENABLED" %(pluginName)
        else:
            print "[*] The plugin %s status is: DISABLED" %(pluginName)

    '''
    ATTACK MANAGEMENT FUNCTIONS.
    '''
    def setTarget(self, url):
        if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
            options = self.w3afCorePlugin.target.get_options()
            options['target'].set_value(url)
            self.w3afCorePlugin.target.set_options(options)
            print "[*] Target %s configured." %(url)


    def setTargetDeepWeb(self, url):
        self.serviceConnector.setSocksProxy()
        #if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
        options = self.w3afCorePlugin.target.get_options()
        options['target'].set_value(url)
        self.w3afCorePlugin.target.set_options(options)
        print "[*] Target %s configured." %(url)

    def startAttack(self):
        print "[*] W3AF Attack Starting..."
        #print '[*] Starting Attack against: '+str(cf.cf['targets'])
        self.w3afCorePlugin.plugins.init_plugins()
        self.w3afCorePlugin.verify_environment()
        self.w3afCorePlugin.start()
        #self.w3afCorePlugin.plugins.create_instances()
        #self.w3afCorePlugin.start()
        print "[*] W3AF Attack Finished! Check the results using the right functions in this plugin."

    '''
    MISC CONFIGURATION FUNCTIONS
    '''
    def listMiscConfigs(self):
        optList = self.miscSettings.get_options()
        print "[*] MiscSettings List"
        tableMiscOptions = PrettyTable(["Name","Value", "Type"])
        for item in optList._internal_opt_list:
            tableMiscOptions.add_row([item.get_name(),item.get_value(),item.get_type()])
        print tableMiscOptions

    def setMiscConfig(self,setting,value):
        opt_list = OptionList()
        opt_list.add( opt_factory(setting, value, "Misc Setting", "string") )
        print "[*] Setting %s with value %s on MiscsSettings ..." %(setting,value)
        if cf.cf.has_key(setting):
            cf.cf.save(setting, value)
            print "[*] Done!"
            self.listMiscConfigs()
        else:
            print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"

    '''
    PROFILE MANAGEMENT FUNCTIONS
    '''
    def listProfiles(self):
        valid_profiles, invalid_profiles = self.w3afCorePlugin.profiles.get_profile_list()
        print "[*] List of profiles."
        print "\n"
        tableProfiles = PrettyTable(["Description", "Profile File", "Name"])
        for profile in valid_profiles:
            tableProfiles.add_row([profile.get_desc(),
                                   profile.get_profile_file(),
                                   profile.get_name()])
        print tableProfiles



    def useProfile(self,profileName):
        print "[*] Loading profile %s " %(profileName)
        self.w3afCorePlugin.profiles.use_profile(profileName)
        print "[*] Done!"

    def createProfileWithCurrentConfig(self, profileName, profileDescription):
        print "[*] Creating profile %s " %(profileName)
        profile = self.w3afCorePlugin.profiles.save_current_to_new_profile(profileName, profileDescription)
        tableProfiles = PrettyTable(["Description","Profile File", "Name"])
        tableProfiles.add_row([profile.get_desc(),profile.get_profile_file(),profile.get_name()])
        print tableProfiles


    def modifyProfileWithCurrentConfig(self, profileName, profileDescription):
        print "[*] Updating profile %s with the current configuration" %(profileName)
        profile = self.w3afCorePlugin.profiles.save_current_to_profile(profileName,profileDescription)
        tableProfile = PrettyTable(["Profile File", "Name", "Target", "Description"])
        tableProfile.add_row([profile.get_profile_file(),
                               profile.get_name(),
                               profile.get_target(),
                               profile.get_desc()])
        print tableProfile

    def removeProfile(self,profileName):
        removed = self.w3afCorePlugin.profiles.remove_profile(profileName)
        if removed:
            print "[*] Profile %s removed successfully." %(profileName)
        else:
            print "[-] Error removing the profile %s. The profile, already Exists?" %(profileName)

    '''
    SHELLS MANAGEMENT FUNCTIONS
    '''

    def listShells(self):
        shells = kb.get_all_shells()
        print "[*] List of shells."
        tableShells = PrettyTable(["Id","OS","System","User","System Name"])
        for shell in shells:
            tableShells.add_row([shell.id,
                                 shell.get_remote_os(),
                                 shell.get_remote_system(),
                                 shell.get_remote_user(),
                                 shell.get_remote_system_name()])
        print tableShells

    def executeCommand(self,shellId, command,params):
        shells = kb.get_all_shells()
        response = None
        for shell in shells:
            if shell.id == shellId and command is not None:
                response = shell.generic_user_input(command,params)
        if response is not None:
            print "[*] Response: %s" %(response)
        else:
            print "[-] No response received. Check the shell that you've entered. Exists?"


    '''
    VULNS AND INFO MANAGEMENT FUNCTIONS
    '''
    def listAttackPlugins(self):
        self.showPluginsByType('attack')

    def listInfos(self):
        infos = kb.get_all_infos()
        print "[*] List of Infos."
        tableInfos = PrettyTable(["Id","Name","Method","Description","Plugin Name"])
        for info in infos:
            tableInfos.add_row([info.get_id(),
                                 info.get_name(),
                                 info.get_method(),
                                 info.get_desc(),
                                 info.get_plugin_name()])
        print tableInfos

    def listVulnerabilities(self):
        vulns = kb.get_all_vulns()
        print "[*] List of Vulns."
        tableVulns = PrettyTable(["Severity","Description"])
        for vuln in vulns:
            tableVulns.add_row([vuln.get_severity(),vuln.get_desc()])
        print tableVulns

    def exploitAllVulns(self,pluginExploit):
        print "[*] Checking the vulnerability and plugin to exploit..."
        pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst('attack',pluginExploit)
        for vuln in kb.get_all_vulns():
            if vuln.get_id() is not None:
                shells = pluginAttack.exploit(vuln.get_id())
                for shell in shells:
                    print "Shell Generated %s " %(shell.id)

        print "[*] Exploit vulnerability finished."

    def exploitVuln(self,pluginExploit,vulnId):
        print "[*] Checking the vulnerability and plugin to exploit..."
        pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst('attack',pluginExploit)
        for vuln in kb.get_all_vulns():
            if vuln.get_id() is not None:
                if int(vulnId) in vuln.get_id():
                    shells = pluginAttack.exploit(vuln.get_id())
                    for shell in shells:
                        print "Shell Generated %s " %(shell.id)
        print "[*] Exploit vulnerability finished."

    def help(self):
        print "[*] Functions availaible in the Plugin..."
        print "[*] Plugin Management Functions"
        tableHelpPlugins = PrettyTable(["Function", "Description", "Example"])
        tableHelpPlugins.padding_width = 1
        tableHelpPlugins.add_row(['help', 'Help Banner', 'self.help()'])
        tableHelpPlugins.add_row(['printRelaysFound', 'Table with the relays found.', 'self.printRelaysFound()'])
        tableHelpPlugins.add_row(['showPluginsByType', 'List of available plugins filtered by type.', 'self.showPluginsByType("audit")'])
        tableHelpPlugins.add_row(['showPluginTypes', 'List of available plugin types.', 'self.showPluginTypes()'])
        tableHelpPlugins.add_row(['getEnabledPluginsByType', 'Enabled plugins by types.', 'self.getEnabledPluginsByType("audit")'])
        tableHelpPlugins.add_row(['getPluginTypeDescription', 'Description for the plugin type specified.', 'self.getPluginTypeDescription("audit")'])
        tableHelpPlugins.add_row(['getAllEnabledPlugins', 'List of enabled plugins.', 'self.getAllEnabledPlugins()'])
        tableHelpPlugins.add_row(['enablePlugin', 'Enable a plugin.', 'self.enablePlugin("blind_sqli","audit")'])
        tableHelpPlugins.add_row(['disablePlugin', 'Disable a plugin.', 'self.disablePlugin("blind_sqli","audit")'])
        tableHelpPlugins.add_row(['enableAllPlugins', 'Enable all plugins.', 'self.enableAllPlugins("audit")'])
        tableHelpPlugins.add_row(['disableAllPlugins', 'Disable all plugins.', 'self.disableAllPlugins("audit")'])
        tableHelpPlugins.add_row(['getPluginOptions', 'Get Options for the plugin specified.', 'self.getPluginOptions("audit","blind_sqli")'])
        tableHelpPlugins.add_row(['setPluginOptions', 'Set Options for the plugin specified.', 'self.setPluginOptions("audit","eval","boolean","use_time_delay","False")'])
        tableHelpPlugins.add_row(['getPluginStatus', 'Check if the specified plugin is enabled.', 'self.getPluginStatus("audit","eval")'])
        print tableHelpPlugins

        print "\n"
        print "[*] Attack Functions"
        tableHelpAttack = PrettyTable(["Function", "Description", "Example"])
        tableHelpAttack.add_row(['setTarget', 'Sets the target for the attack (clear web)', 'self.setTarget("http://www.target.com")'])
        tableHelpAttack.add_row(['setTargetDeepWeb', 'Sets the target in the DeepWeb of TOR.', 'self.setTarget("http://torlongonionpath.onion")'])
        tableHelpAttack.add_row(['startAttack', 'Starts the attack.', 'self.startAttack()'])
        print tableHelpAttack

        print "\n"
        print "[*] Misc Settings Functions"
        tableHelpMiscSettings = PrettyTable(["Function", "Description", "Example"])
        tableHelpMiscSettings.add_row(['listMiscConfigs', 'List of Misc Settings', 'self.listMiscConfigs()'])
        tableHelpMiscSettings.add_row(['setMiscConfig', 'Sets a Misc Settings', 'self.setMiscConfig("msf_location","/opt/msf")'])
        print tableHelpMiscSettings

        print "\n"
        print "[*] Profile Management Functions"
        tableHelpMiscSettings = PrettyTable(["Function", "Description", "Example"])
        tableHelpMiscSettings.add_row(['listProfiles', 'List of Profiles', 'self.listProfiles()'])
        tableHelpMiscSettings.add_row(['useProfile', 'Use a Profile', 'self.useProfile("profileName")'])
        tableHelpMiscSettings.add_row(['createProfileWithCurrentConfig', 'Creates a new Profile with the current settings', 'self.createProfileWithCurrentConfig("profileName", "Profile Description")'])
        tableHelpMiscSettings.add_row(['modifyProfileWithCurrentConfig', 'Modifies an existing profile with the current settings', 'self.modifyProfileWithCurrentConfig("profileName", "Profile Description")'])
        tableHelpMiscSettings.add_row(['removeProfile', 'Removes an existing profile', 'self.removeProfile("profileName")'])
        print tableHelpMiscSettings

        print "\n"
        print "[*] Shell Management Functions"
        tableHelpShells = PrettyTable(["Function", "Description", "Example"])
        tableHelpShells.add_row(['listShells', 'List of Shells', 'self.listShells()'])
        tableHelpShells.add_row(['executeCommand', 'Executes a command in the specified shell', 'self.executeCommand(1,"lsp")'])
        print tableHelpShells

        print "\n"
        print "[*] Vulns and Info Management Functions"
        tableHelpShells = PrettyTable(["Function", "Description", "Example"])
        tableHelpShells.add_row(['listAttackPlugins', 'List of attack plugins.', 'self.listAttackPlugins()'])
        tableHelpShells.add_row(['listInfos', 'List of Infos in the Knowledge Base of W3AF', 'self.listInfos()'])
        tableHelpShells.add_row(['listVulnerabilities', 'List of Vulns in the Knowledge Base of W3AF', 'self.listVulnerabilities()'])
        tableHelpShells.add_row(['exploitAllVulns', 'Exploits all vulns in the Knowledge Base of W3AF', 'self.exploitVulns("sqli")'])
        tableHelpShells.add_row(['exploitVuln', 'Exploits the specified Vuln in the Knowledge Base of W3AF', 'self.exploitVulns("sqli",18)'])
        print tableHelpShells
Ejemplo n.º 15
0
 def setUp(self):
     MiscSettings().set_default_values()
     create_temp_dir()
     self.vdb = VariantDB()
Ejemplo n.º 16
0
class w3afPlugin(BasePlugin):
    '''
    Class to  implement a simple plugin which prints the TOR Data structure.
    '''
    def __init__(self, torNodes):
        BasePlugin.__init__(self, torNodes, 'w3afPlugin')
        self.info("[*] w3afPlugin Initialized!")
        self.w3afCorePlugin = w3afCore()
        self.w3afCorePlugin.plugins.init_plugins()
        self.w3afCorePlugin.plugins.zero_enabled_plugins()
        self.miscSettings = MiscSettings()

    def __del__(self):
        self.info("[*] w3afPlugin Destroyed!")

    '''
    PLUGIN MANAGEMENT FUNCTIONS.
    '''

    def showPluginsByType(self, type):
        pluginByType = self.w3afCorePlugin.plugins.get_plugin_list(type)
        tablePlugins = PrettyTable(["[*] Plugins for %s " % (type)])
        for plugin in pluginByType:
            tablePlugins.add_row([plugin])
        print tablePlugins

    def showPluginTypes(self):
        types = self.w3afCorePlugin.plugins.get_plugin_types()
        tableTypes = PrettyTable(["[*] Plugin Types"])
        for plugin in types:
            tableTypes.add_row([plugin])
        print tableTypes

    def getEnabledPluginsByType(self, type):
        enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
        tableTypes = PrettyTable(["[*] Enabled plugins by type %s" % (type)])
        for plugin in enabled:
            tableTypes.add_row([plugin])
        print tableTypes

    def getPluginTypeDescription(self, type):
        tableTypes = PrettyTable(["[*] Type %s" % (type)])
        tableTypes.add_row(
            [self.w3afCorePlugin.plugins.get_plugin_type_desc(type)])
        print tableTypes

    def getAllEnabledPlugins(self):
        enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
        tableTypes = PrettyTable(["Type", "Plugins"])
        for type in enabledPlugins.keys():
            tableTypes.add_row([type, enabledPlugins[type]])
        print tableTypes

    def enablePlugin(self, pluginName, type):
        enabled = [
            pluginName,
        ]
        enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
        for plugin in enabledPlugins[type]:
            enabled.append(plugin)
        self.w3afCorePlugin.plugins.set_plugins(enabled, type)
        self.getEnabledPluginsByType(type)

    def disablePlugin(self, pluginName, type):
        enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
        if pluginName in enabled:
            enabled.remove(pluginName)
        print "[*] Plugin Disabled"
        self.w3afCorePlugin.plugins.set_plugins(enabled, type)
        self.getEnabledPluginsByType(type)

    def enableAllPlugins(self, pluginType):
        plugins = self.w3afCorePlugin.plugins.get_plugin_list(pluginType)
        self.w3afCorePlugin.plugins.set_plugins(plugins, pluginType)
        print "[*] All plugins of type %s has been enabled..." % (pluginType)
        self.getAllEnabledPlugins()

    def disableAllPlugins(self, pluginType):
        self.w3afCorePlugin.plugins.set_plugins([], pluginType)
        print "[*] All plugins of type %s has been disabled..." % (pluginType)
        self.getAllEnabledPlugins()

    def getPluginOptions(self, pluginType, pluginName):
        optList = self.w3afCorePlugin.plugins.get_plugin_options(
            pluginType, pluginName)
        print "[*] Plugin Options for %s " % (pluginName)
        tablePluginOptions = PrettyTable(["Name", "Value", "Type"])
        for item in optList._internal_opt_list:
            tablePluginOptions.add_row(
                [item.get_name(),
                 item.get_value(),
                 item.get_type()])
        print tablePluginOptions

    def setPluginOptions(self, pluginType, pluginName, pluginSettingType,
                         pluginSetting, pluginSettingValue):
        opt_list = OptionList()
        opt_list.add(
            opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting",
                        pluginSettingType))
        print "[*] Setting %s with value %s on Plugin %s ..." % (
            pluginSetting, pluginSettingValue, pluginName)
        self.w3afCorePlugin.plugins._plugins_options[pluginType][
            pluginName] = opt_list
        print "[*] Done!"

    def getPluginStatus(self, pluginType, pluginName):
        enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
        enabled = False
        for type in enabledPlugins.keys():
            if type in pluginType and pluginName in enabledPlugins[type]:
                enabled = True
        if enabled:
            print "[*] The plugin %s status is: ENABLED" % (pluginName)
        else:
            print "[*] The plugin %s status is: DISABLED" % (pluginName)

    '''
    ATTACK MANAGEMENT FUNCTIONS.
    '''

    def setTarget(self, url):
        if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
            options = self.w3afCorePlugin.target.get_options()
            options['target'].set_value(url)
            self.w3afCorePlugin.target.set_options(options)
            print "[*] Target %s configured." % (url)

    def setTargetDeepWeb(self, url):
        self.setSocksProxy()
        #if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
        options = self.w3afCorePlugin.target.get_options()
        options['target'].set_value(url)
        self.w3afCorePlugin.target.set_options(options)
        print "[*] Target %s configured." % (url)

    def startAttack(self):
        print "[*] W3AF Attack Starting..."
        #print '[*] Starting Attack against: '+str(cf.cf['targets'])
        self.w3afCorePlugin.plugins.init_plugins()
        self.w3afCorePlugin.verify_environment()
        self.w3afCorePlugin.start()
        #self.w3afCorePlugin.plugins.create_instances()
        #self.w3afCorePlugin.start()
        print "[*] W3AF Attack Finished! Check the results using the right functions in this plugin."

    '''
    MISC CONFIGURATION FUNCTIONS
    '''

    def listMiscConfigs(self):
        optList = self.miscSettings.get_options()
        print "[*] MiscSettings List"
        tableMiscOptions = PrettyTable(["Name", "Value", "Type"])
        for item in optList._internal_opt_list:
            tableMiscOptions.add_row(
                [item.get_name(),
                 item.get_value(),
                 item.get_type()])
        print tableMiscOptions

    def setMiscConfig(self, setting, value):
        opt_list = OptionList()
        opt_list.add(opt_factory(setting, value, "Misc Setting", "string"))
        print "[*] Setting %s with value %s on MiscsSettings ..." % (setting,
                                                                     value)
        if cf.cf.has_key(setting):
            cf.cf.save(setting, value)
            print "[*] Done!"
            self.listMiscConfigs()
        else:
            print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"

    '''
    PROFILE MANAGEMENT FUNCTIONS
    '''

    def listProfiles(self):
        valid_profiles, invalid_profiles = self.w3afCorePlugin.profiles.get_profile_list(
        )
        print "[*] List of profiles."
        print "\n"
        tableProfiles = PrettyTable(["Description", "Profile File", "Name"])
        for profile in valid_profiles:
            tableProfiles.add_row([
                profile.get_desc(),
                profile.get_profile_file(),
                profile.get_name()
            ])
        print tableProfiles

    def useProfile(self, profileName):
        print "[*] Loading profile %s " % (profileName)
        self.w3afCorePlugin.profiles.use_profile(profileName)
        print "[*] Done!"

    def createProfileWithCurrentConfig(self, profileName, profileDescription):
        print "[*] Creating profile %s " % (profileName)
        profile = self.w3afCorePlugin.profiles.save_current_to_new_profile(
            profileName, profileDescription)
        tableProfiles = PrettyTable(["Description", "Profile File", "Name"])
        tableProfiles.add_row([
            profile.get_desc(),
            profile.get_profile_file(),
            profile.get_name()
        ])
        print tableProfiles

    def modifyProfileWithCurrentConfig(self, profileName, profileDescription):
        print "[*] Updating profile %s with the current configuration" % (
            profileName)
        profile = self.w3afCorePlugin.profiles.save_current_to_profile(
            profileName, profileDescription)
        tableProfile = PrettyTable(
            ["Profile File", "Name", "Target", "Description"])
        tableProfile.add_row([
            profile.get_profile_file(),
            profile.get_name(),
            profile.get_target(),
            profile.get_desc()
        ])
        print tableProfile

    def removeProfile(self, profileName):
        removed = self.w3afCorePlugin.profiles.remove_profile(profileName)
        if removed:
            print "[*] Profile %s removed successfully." % (profileName)
        else:
            print "[-] Error removing the profile %s. The profile, already Exists?" % (
                profileName)

    '''
    SHELLS MANAGEMENT FUNCTIONS
    '''

    def listShells(self):
        shells = kb.get_all_shells()
        print "[*] List of shells."
        tableShells = PrettyTable(
            ["Id", "OS", "System", "User", "System Name"])
        for shell in shells:
            tableShells.add_row([
                shell.id,
                shell.get_remote_os(),
                shell.get_remote_system(),
                shell.get_remote_user(),
                shell.get_remote_system_name()
            ])
        print tableShells

    def executeCommand(self, shellId, command, params):
        shells = kb.get_all_shells()
        response = None
        for shell in shells:
            if shell.id == shellId and command is not None:
                response = shell.generic_user_input(command, params)
        if response is not None:
            print "[*] Response: %s" % (response)
        else:
            print "[-] No response received. Check the shell that you've entered. Exists?"

    '''
    VULNS AND INFO MANAGEMENT FUNCTIONS
    '''

    def listAttackPlugins(self):
        self.showPluginsByType('attack')

    def listInfos(self):
        infos = kb.get_all_infos()
        print "[*] List of Infos."
        tableInfos = PrettyTable(
            ["Id", "Name", "Method", "Description", "Plugin Name"])
        for info in infos:
            tableInfos.add_row([
                info.get_id(),
                info.get_name(),
                info.get_method(),
                info.get_desc(),
                info.get_plugin_name()
            ])
        print tableInfos

    def listVulnerabilities(self):
        vulns = kb.get_all_vulns()
        print "[*] List of Vulns."
        tableVulns = PrettyTable(["Severity", "Description"])
        for vuln in vulns:
            tableVulns.add_row([vuln.get_severity(), vuln.get_desc()])
        print tableVulns

    def exploitAllVulns(self, pluginExploit):
        print "[*] Checking the vulnerability and plugin to exploit..."
        pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst(
            'attack', pluginExploit)
        for vuln in kb.get_all_vulns():
            if vuln.get_id() is not None:
                shells = pluginAttack.exploit(vuln.get_id())
                for shell in shells:
                    print "Shell Generated %s " % (shell.id)

        print "[*] Exploit vulnerability finished."

    def exploitVuln(self, pluginExploit, vulnId):
        print "[*] Checking the vulnerability and plugin to exploit..."
        pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst(
            'attack', pluginExploit)
        for vuln in kb.get_all_vulns():
            if vuln.get_id() is not None:
                if int(vulnId) in vuln.get_id():
                    shells = pluginAttack.exploit(vuln.get_id())
                    for shell in shells:
                        print "Shell Generated %s " % (shell.id)
        print "[*] Exploit vulnerability finished."

    def help(self):
        print "[*] Functions availaible in the Plugin..."
        print "[*] Plugin Management Functions"
        tableHelpPlugins = PrettyTable(["Function", "Description", "Example"])
        tableHelpPlugins.padding_width = 1
        tableHelpPlugins.add_row(['help', 'Help Banner', 'self.help()'])
        tableHelpPlugins.add_row([
            'printRelaysFound', 'Table with the relays found.',
            'self.printRelaysFound()'
        ])
        tableHelpPlugins.add_row([
            'showPluginsByType', 'List of available plugins filtered by type.',
            'self.showPluginsByType("audit")'
        ])
        tableHelpPlugins.add_row([
            'showPluginTypes', 'List of available plugin types.',
            'self.showPluginTypes()'
        ])
        tableHelpPlugins.add_row([
            'getEnabledPluginsByType', 'Enabled plugins by types.',
            'self.getEnabledPluginsByType("audit")'
        ])
        tableHelpPlugins.add_row([
            'getPluginTypeDescription',
            'Description for the plugin type specified.',
            'self.getPluginTypeDescription("audit")'
        ])
        tableHelpPlugins.add_row([
            'getAllEnabledPlugins', 'List of enabled plugins.',
            'self.getAllEnabledPlugins()'
        ])
        tableHelpPlugins.add_row([
            'enablePlugin', 'Enable a plugin.',
            'self.enablePlugin("blind_sqli","audit")'
        ])
        tableHelpPlugins.add_row([
            'disablePlugin', 'Disable a plugin.',
            'self.disablePlugin("blind_sqli","audit")'
        ])
        tableHelpPlugins.add_row([
            'enableAllPlugins', 'Enable all plugins.',
            'self.enableAllPlugins("audit")'
        ])
        tableHelpPlugins.add_row([
            'disableAllPlugins', 'Disable all plugins.',
            'self.disableAllPlugins("audit")'
        ])
        tableHelpPlugins.add_row([
            'getPluginOptions', 'Get Options for the plugin specified.',
            'self.getPluginOptions("audit","blind_sqli")'
        ])
        tableHelpPlugins.add_row([
            'setPluginOptions', 'Set Options for the plugin specified.',
            'self.setPluginOptions("audit","eval","boolean","use_time_delay","False")'
        ])
        tableHelpPlugins.add_row([
            'getPluginStatus', 'Check if the specified plugin is enabled.',
            'self.getPluginStatus("audit","eval")'
        ])
        print tableHelpPlugins

        print "\n"
        print "[*] Attack Functions"
        tableHelpAttack = PrettyTable(["Function", "Description", "Example"])
        tableHelpAttack.add_row([
            'setTarget', 'Sets the target for the attack (clear web)',
            'self.setTarget("http://www.target.com")'
        ])
        tableHelpAttack.add_row([
            'setTargetDeepWeb', 'Sets the target in the DeepWeb of TOR.',
            'self.setTarget("http://torlongonionpath.onion")'
        ])
        tableHelpAttack.add_row(
            ['startAttack', 'Starts the attack.', 'self.startAttack()'])
        print tableHelpAttack

        print "\n"
        print "[*] Misc Settings Functions"
        tableHelpMiscSettings = PrettyTable(
            ["Function", "Description", "Example"])
        tableHelpMiscSettings.add_row([
            'listMiscConfigs', 'List of Misc Settings',
            'self.listMiscConfigs()'
        ])
        tableHelpMiscSettings.add_row([
            'setMiscConfig', 'Sets a Misc Settings',
            'self.setMiscConfig("msf_location","/opt/msf")'
        ])
        print tableHelpMiscSettings

        print "\n"
        print "[*] Profile Management Functions"
        tableHelpMiscSettings = PrettyTable(
            ["Function", "Description", "Example"])
        tableHelpMiscSettings.add_row(
            ['listProfiles', 'List of Profiles', 'self.listProfiles()'])
        tableHelpMiscSettings.add_row(
            ['useProfile', 'Use a Profile', 'self.useProfile("profileName")'])
        tableHelpMiscSettings.add_row([
            'createProfileWithCurrentConfig',
            'Creates a new Profile with the current settings',
            'self.createProfileWithCurrentConfig("profileName", "Profile Description")'
        ])
        tableHelpMiscSettings.add_row([
            'modifyProfileWithCurrentConfig',
            'Modifies an existing profile with the current settings',
            'self.modifyProfileWithCurrentConfig("profileName", "Profile Description")'
        ])
        tableHelpMiscSettings.add_row([
            'removeProfile', 'Removes an existing profile',
            'self.removeProfile("profileName")'
        ])
        print tableHelpMiscSettings

        print "\n"
        print "[*] Shell Management Functions"
        tableHelpShells = PrettyTable(["Function", "Description", "Example"])
        tableHelpShells.add_row(
            ['listShells', 'List of Shells', 'self.listShells()'])
        tableHelpShells.add_row([
            'executeCommand', 'Executes a command in the specified shell',
            'self.executeCommand(1,"lsp")'
        ])
        print tableHelpShells

        print "\n"
        print "[*] Vulns and Info Management Functions"
        tableHelpShells = PrettyTable(["Function", "Description", "Example"])
        tableHelpShells.add_row([
            'listAttackPlugins', 'List of attack plugins.',
            'self.listAttackPlugins()'
        ])
        tableHelpShells.add_row([
            'listInfos', 'List of Infos in the Knowledge Base of W3AF',
            'self.listInfos()'
        ])
        tableHelpShells.add_row([
            'listVulnerabilities',
            'List of Vulns in the Knowledge Base of W3AF',
            'self.listVulnerabilities()'
        ])
        tableHelpShells.add_row([
            'exploitAllVulns',
            'Exploits all vulns in the Knowledge Base of W3AF',
            'self.exploitVulns("sqli")'
        ])
        tableHelpShells.add_row([
            'exploitVuln',
            'Exploits the specified Vuln in the Knowledge Base of W3AF',
            'self.exploitVulns("sqli",18)'
        ])
        print tableHelpShells