Example #1
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     # Compile the XPATH
     self._tag_xpath = etree.XPath('//object | //applet')
     self._tag_names = ('object', 'applet')
     self._already_analyzed = scalable_bloomfilter()
 def __init__(self):
     baseGrepPlugin.__init__(self)
     # This is nicer, but htmlParser inherits from SGMLParser that IS NOT
     # thread safe, So i have to create an instance of htmlParser for every
     # call to testResponse
     #self._htmlParser = htmlParser.htmlParser()
     kb.kb.save( self, 'passwordProfiling', {} )
     
     # names of plugins to run
     ### TODO: develop more plugins, there is a nice ( all python ) metadata reader named hachoir-metadata
     ### it will be usefull for doing A LOT of plugins
     self._plugin_name_list = ['html', 'pdf']
     
     # plugin instances, they are created in the first call to self._run_plugins
     self._plugins = []
     
     # This are common words I dont want to use as passwords
     self._commonWords = {}
     self._commonWords['en'] = [ 'type', 'that', 'from', 'this', 'been', 'there', 'which', 
     'line', 'error', 'warning', 'file', 'fatal', 'failed', 'open', 'such', 'required', 
     'directory', 'valid', 'result', 'argument', 'there', 'some']
     
     self._commonWords['es'] = [ 'otro', 'otra', 'para', 'pero', 'hacia', 'algo', 'poder',
     'error']
     
     self._commonWords['unknown'] = self._commonWords['en']
     
     # Some words that are banned
     self._banned_words = [ 'forbidden', 'browsing', 'index' ]
Example #3
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     self._rss_tag_attr = [('rss', 'version', 'RSS'),# <rss version="...">
                           ('feed', 'version', 'OPML'),# <feed version="..."
                           ('opml', 'version', 'OPML') # <opml version="...">
                           ]
     self._already_inspected = scalable_bloomfilter()
Example #4
0
    def __init__(self):
        baseGrepPlugin.__init__(self)
        
        # Internal variables
        self._exec = True
        
        # Some constants
        self._prepositions = {}
        
        self._prepositions[ 'en' ] = ['aboard', 'about', 'above', 'absent', 'across', 'after', 
        'against', 'along', 'alongside', 'amid', 'amidst', 'among', 'amongst', 'around', 'as', 
        'astride', 'at', 'atop', 'before', 'behind', 'below', 'beneath', 'beside', 'besides',
        'between', 'beyond', 'but', 'by', 'despite', 'down', 'during', 'except', 'following',
        'for', 'from', 'in', 'inside', 'into', 'like', 'mid', 'minus', 'near', 'nearest', 
        'notwithstanding', 'of', 'off', 'on', 'onto', 'opposite', 'out', 'outside', 'over', 
        'past', 're', 'round', 'save', 'since', 'than', 'through', 'throughout', 'till', 'to',
        'toward', 'towards', 'under', 'underneath', 'unlike', 'until', 'up', 'upon', 'via',
        'with', 'within', 'without']

        
        # The 'a' preposition was removed, cause its also used in english
        self._prepositions[ 'es' ] = ['ante', 'bajo', 'cabe', 'con' , 'contra' , 'de',
        'desde', 'en', 'entre', 'hacia', 'hasta', 'para', 'por' , 'segun', 'si', 'so', 
        'sobre', 'tras']
        
        # Turkish
        # Sertan Kolat <*****@*****.**>
        self._prepositions[ 'tr' ] = ['ancak', 'burada', 'duyuru', 'evet', 'fakat', 
        'gibi', 'haber', 'kadar', 'karar', 'kaynak', 'olarak', 'sayfa', 'siteye', 
        'sorumlu', 'tamam', 'yasak', 'zorunlu']
Example #5
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._already_reported = scalable_bloomfilter()
     
     # regex to split between words
     self._split_re = re.compile('[^\w]')
Example #6
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._tag_names = []
     self._tag_names.append('object')
     self._tag_names.append('applet')
     
     self._already_analyzed = ScalableBloomFilter()
Example #7
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        # Only generate the lists once.
        # Adding 0,001% performance ;)
        self._already_inspected = scalable_bloomfilter()
        self._wsdl_strings = self._get_WSDL_strings()
        self._disco_strings = ['disco:discovery ']
Example #8
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     # Internal variables
     self._already_inspected = scalable_bloomfilter()
     self._autocomplete_forms_xpath = etree.XPath( AUTOCOMPLETE_FORMS_XPATH )
     self._pwd_input_xpath = etree.XPath( PWD_INPUT_XPATH )
     self._text_input_xpath =  etree.XPath( TEXT_INPUT_XPATH )
Example #9
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     # User configured parameters
     self._useSmartGrep = True
     self._useSimpleGrep = False
     # Compile the regular expressions
     self._scriptRe = re.compile('< *script *>(.*?)</ *script *>', re.IGNORECASE | re.DOTALL)
     # Function regular expressions
     self._functionNamesRe = [ re.compile(i, re.IGNORECASE) for i in self._getFunctionNames(True) ]
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._already_visited = ScalableBloomFilter()
     
     # Added performance by compiling all the regular expressions
     # before using them. The setup time of the whole plugin raises,
     # but the execution time is lowered *a lot*.
     self._compiled_regex_list = [ re.compile(regex, re.IGNORECASE | re.DOTALL) for regex in self._get_indexing_regex() ]
Example #11
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     # Internal variables
     self._already_added = []
     
     # Compile all regular expressions now
     self._compiled_regexes = {}
     self._compile_regex()
Example #12
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        # Internal variables
        self._comments = {}
        self._already_reported_interesting = []
        
        # User configurations
        self._search404 = False
Example #13
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     # Internal variables
     self._already_inspected = ScalableBloomFilter()
     
     # Create the regular expression to search for AJAX
     ajax_regex_string = '(XMLHttpRequest|eval\(|ActiveXObject|Msxml2\.XMLHTTP|'
     ajax_regex_string += 'ActiveXObject|Microsoft\.XMLHTTP)'
     self._ajax_regex_re = re.compile( ajax_regex_string, re.IGNORECASE )
Example #14
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     self._feed_types = {'rss': 'RSS', # <rss version="...">
                         'feed': 'OPML',# <feed version="..."
                         'opml': 'OPML' # <opml version="...">
                        }
     self._already_inspected = scalable_bloomfilter()
     
     # Compile the XPATH
     self._tag_xpath = etree.XPath('//rss | //feed | //opml')
Example #15
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     # For more info regarding this regular expression, please see:
     # https://sourceforge.net/mailarchive/forum.php?thread_name=1955593874.20090122023644%40
     #mlists.olympos.org&forum_name=w3af-develop
     regex_str = '(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.'
     regex_str += '254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-'
     regex_str += '9]?)){2}(?!\d)(?!\.)'
     self._private_ip_address = re.compile(regex_str)
     self._regex_list = [self._private_ip_address ]
Example #16
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     self._already_inspected = ScalableBloomFilter()
     # Add the regex to match something like this:
     #
     #   $Id: lzio.c,v 1.24 2003/03/20 16:00:56 roberto Exp $
     #   $Id: file name, version, timestamp, creator Exp $
     #
     regex = '\$.{1,12}: .*? .*? \d{4}[-/]\d{1,2}[-/]\d{1,2}'
     regex += ' \d{1,2}:\d{1,2}:\d{1,2}.*? (.*?) (Exp )?\$'
     self._regex_list = [ re.compile(regex) ]
Example #17
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        # User defined options
        self._single_regex = ""
        self._regex_file_path = ""

        # Internal variables
        # Improved performance by compiling all the regular expressions
        # before using them (see setOptions method)
        self._regexlist_compiled = []
        self._all_in_one = None
Example #18
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        # The following regex matches a valid url as well as the text about:internet.
        # Also it validates the number in the parenthesis. It should be a 4 digit number
        # and must tell about the length of the url that follows
        regex = r"""<!--\s*saved from url=\(([\d]{4})\)(https?://([-\w\.]+)"""
        regex += r"""+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?|about:internet)\s{1}\-\->"""
        self._motw_re = re.compile(regex)

        # User configured parameter
        self._withoutMOTW = False
Example #19
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._comments = {}
     self._search404 = False
     
     self._interesting_words = {'user':None, 'pass':None, 'microsoft':None,
     'visual':None, 'linux':None, 'source':None, 'author':None, 'release':None,
     'version':None, 'verify-v1':'Google Sitemap' }
     self._already_inspected = ScalableBloomFilter()
     
     '''
Example #20
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._already_inspected = ScalableBloomFilter()
     
     # re that searches for
     #GET / HTTP/1.0
     self._re_request = re.compile('[a-zA-Z]{3,6} .*? HTTP/1.[01]')
     
     # re that searches for
     #HTTP/1.1 200 OK
     self._re_response = re.compile('HTTP/1.[01] [0-9][0-9][0-9] [a-zA-Z]*')
Example #21
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     # Internal variables
     self._already_inspected = scalable_bloomfilter()
     
     # Create the regular expression to search for AJAX
     ajax_regex_string = '(XMLHttpRequest|eval\(|ActiveXObject|Msxml2\.XMLHTTP|'
     ajax_regex_string += 'ActiveXObject|Microsoft\.XMLHTTP)'
     self._ajax_regex_re = re.compile( ajax_regex_string, re.IGNORECASE )
     
     # Compile the XPATH
     self._script_xpath = etree.XPath('.//script')
Example #22
0
    def __init__(self):
        baseGrepPlugin.__init__(self)
        self._w3c_reasons = {
            100: ['continue',],
            101: ['switching protocols',],

            200: ['ok',],
            201: ['created',],
            202: ['accepted',],
            203: ['non-authoritative information',],
            204: ['no content',],
            205: ['reset content',],
            206: ['partial content',],

            300: ['multiple choices',],
            301: ['moved permanently',],
            302: ['found',],
            303: ['see other',],
            304: ['not modified',],
            305: ['use proxy',],
            306: ['(unused)',],
            307: ['temporary redirect',],

            400: ['bad request',],
            401: ['unauthorized', 'authorization required'],
            402: ['payment required',],
            403: ['forbidden',],
            404: ['not found',],
            405: ['method not allowed','not allowed'],
            406: ['not acceptable',],
            407: ['proxy authentication required',],
            408: ['request timeout',],
            409: ['conflict',],
            410: ['gone',],
            411: ['length required',],
            412: ['precondition failed',],
            413: ['request entity too large',],
            414: ['request-uri too long',],
            415: ['unsupported media type',],
            416: ['requested range not satisfiable',],
            417: ['expectation failed',],

            500: ['internal server error',],
            501: ['not implemented',],
            502: ['bad gateway',],
            503: ['service unavailable',],
            504: ['gateway timeout',],
            505: ['http version not supported',],
        }
Example #23
0
    def __init__(self):
        baseGrepPlugin.__init__(self)
        self._cardResponses = []

        cc_regex = '((^|[^\d])\d{4}[- ]?(\d{4}[- ]?\d{4}|\d{6})[- ]?(\d{5}|\d{4})($|[^\d]))'
        #    (^|[^\d])                        Match the start of the string, or something that's NOT a digit
        #    \d{4}[- ]?                       Match four digits, and then (optionally) a "-" or a space
        #    (\d{4}[- ]?\d{4}|\d{6})          Match one of the following:
        #            - Four digits, and then (optionally) a "-" or a space and then four digits again (VISA cards)
        #            - Six digits (AMEX cards)
        #    [- ]?                            Match a "-" or a space (optionally)
        #    (\d{5}|\d{4})                    Match the final digits, five or four digits
        #    ($|[^\d])                        Match the end of the string, or something that's NOT a digit

        self._cc_regex = re.compile(cc_regex, re.M)
Example #24
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        vsRegex = r'<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value=".*?" />'
        self._viewstate = re.compile( vsRegex, re.IGNORECASE|re.DOTALL)
        
        evRegex = r'<input type="hidden" name="__EVENTVALIDATION" '
        evRegex += 'id="__EVENTVALIDATION" value=".*?" />'
        self._eventvalidation = re.compile( evRegex, re.IGNORECASE|re.DOTALL)

        encryptedVsRegex = r'<input type="hidden" name="__VIEWSTATEENCRYPTED" '
        encryptedVsRegex += 'id="__VIEWSTATEENCRYPTED" value=".*?" />'
        self._encryptedVs = re.compile( encryptedVsRegex, re.IGNORECASE|re.DOTALL)

        self._already_reported = scalable_bloomfilter()
Example #25
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        # Internal variables
        self._comments = {}
        self._interestingWords = ['user', 'pass', 'xxx', 'fix', 'bug', 'broken', 'oops', 'hack', 
        'caution', 'todo', 'note', 'warning', '!!!', '???', 'shit','stupid', 'tonto', 'porqueria',
        'ciudado', 'usuario', 'contrase', 'puta',
        'secret','@', 'email','security','captcha',
        # some in Portuguese
        'banco', 'bradesco', 'itau', 'visa', 'bancoreal', 'transfêrencia', 'depósito', 'cartão', 'crédito', 'dados pessoais'
        ]
        self._already_reported_interesting = []

        # User configurations
        self._search404 = False
Example #26
0
    def __init__(self):
        baseGrepPlugin.__init__(self)

        self._comments = {}
        self._search404 = False

        self._interesting_words = {
            "user": None,
            "pass": None,
            "microsoft": None,
            "visual": None,
            "linux": None,
            "source": None,
            "author": None,
            "release": None,
            "version": None,
            "verify-v1": "Google Sitemap",
        }
        self._already_inspected = scalable_bloomfilter()

        """
Example #27
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     # User configured variables
     self._only_target_domain = True
     self._already_inspected = ScalableBloomFilter()
Example #28
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._auth_uri_regex = re.compile('.*://[\w%]*?:[\w%]*?@[\w\.]{3,40}')
Example #29
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     
     self._error_500_responses = set()
Example #30
0
 def __init__(self):
     baseGrepPlugin.__init__(self)
     self._already_reported = ScalableBloomFilter()