def _addOutputPlugin(self, OutputPluginName): ''' Takes a string with the OutputPluginName, creates the object and adds it to the OutputPluginName @parameter OutputPluginName: The name of the plugin to add to the list. @return: No value is returned. ''' if OutputPluginName == 'all': fileList = os.listdir(os.path.join('plugins', 'output')) strReqPlugins = [os.path.splitext(f)[0] for f in fileList if os.path.splitext(f)[1] == '.py'] strReqPlugins.remove ('__init__') for pluginName in strReqPlugins: plugin = factory('plugins.output.' + pluginName) if pluginName in self._pluginsOptions.keys(): plugin.setOptions(self._pluginsOptions[pluginName]) # Append the plugin to the list self._outputPluginList.append(plugin) else: plugin = factory('plugins.output.' + OutputPluginName) if OutputPluginName in self._pluginsOptions.keys(): plugin.setOptions(self._pluginsOptions[OutputPluginName]) # Append the plugin to the list self._outputPluginList.append(plugin)
def _add_output_plugin(self, OutputPluginName): ''' Takes a string with the OutputPluginName, creates the object and adds it to the OutputPluginName :param OutputPluginName: The name of the plugin to add to the list. :return: No value is returned. ''' if OutputPluginName == 'all': fileList = os.listdir(os.path.join('plugins', 'output')) strReqPlugins = [ os.path.splitext(f)[0] for f in fileList if os.path.splitext(f)[1] == '.py' ] strReqPlugins.remove('__init__') for plugin_name in strReqPlugins: plugin = factory('plugins.output.' + plugin_name) if plugin_name in self._plugin_options.keys(): plugin.set_options(self._plugin_options[plugin_name]) # Append the plugin to the list self._output_plugin_instances.append(plugin) else: plugin = factory('plugins.output.' + OutputPluginName) if OutputPluginName in self._plugin_options.keys(): plugin.set_options(self._plugin_options[OutputPluginName]) # Append the plugin to the list self._output_plugin_instances.append(plugin)
def _run_plugins(self, response): ''' Runs password profiling plugins to collect data from HTML, TXT, PDF, etc files. :param response: A HTTPResponse object :return: A map with word:repetitions ''' # Create plugin instances only once if not self._plugins: for plugin_name in self._plugins_names_dict: plugin_klass = 'plugins.grep.password_profiling_plugins.%s' plugin_instance = factory(plugin_klass % plugin_name) self._plugins.append(plugin_instance) res = {} for plugin in self._plugins: wordMap = plugin.get_words(response) if wordMap is not None: # If a plugin returned something thats not None, then we are done. # this plugins only return a something different of None of they # found something res = wordMap break return res
def getPluginOptions( self, pluginType, pluginName ): ''' @return: A dict with the options for a plugin. For example: { 'LICENSE_KEY':'AAAA' } ''' # Get the plugin defaults with their types pluginInstance = factory('plugins.' + pluginType + '.' + pluginName ) optionsMap = pluginInstance.getOptions() for section in self._config.sections(): # Section is something like audit.xss or discovery.webSpider try: type, name = section.split('.') except: pass else: if type == pluginType and name == pluginName: for option in self._config.options(section): try: value = self._config.get(section, option) except KeyError,k: # We should never get here... msg = 'The option "%s" is unknown for the "%s" plugin.' raise w3afException( msg % (option, pluginName) ) else: optionsMap[option].setValue(value)
def get_plugin_options(self, plugin_type, plugin_name): ''' :return: A dict with the options for a plugin. For example: { 'LICENSE_KEY':'AAAA' } ''' # Get the plugin defaults with their types plugin_instance = factory('plugins.' + plugin_type + '.' + plugin_name) options_list = plugin_instance.get_options() for section in self._config.sections(): # Section is something like audit.xss or crawl.web_spider try: type, name = section.split('.') except: pass else: if type == plugin_type and name == plugin_name: for option in self._config.options(section): try: value = self._config.get(section, option) except KeyError: # We should never get here... msg = 'The option "%s" is unknown for the "%s" plugin.' raise w3afException(msg % (option, plugin_name)) else: options_list[option].set_value(value) return options_list
def test_all_wizards(self): mod = 'core.controllers.wizard.wizards.%s' w3af_core = w3afCore() for filename in os.listdir('core/controllers/wizard/wizards/'): wizard_id, ext = os.path.splitext(filename) if wizard_id in ('__init__', '.git') or ext == '.pyc': continue klass = mod % wizard_id wizard_inst = factory(klass, w3af_core) yield self._test_wizard_correct, wizard_inst wizard_inst = factory(klass, w3af_core) yield self._test_wizard_fail, wizard_inst
def _get_instances( self, question_list ): ''' @parameter question_list: A list of question ids @return: A list of question objects ''' res = [] for question_id in question_list: question_instance = factory('core.controllers.wizard.questions.question_' + question_id) question_instance.w3af_core = self.w3af_core res.append( question_instance ) return res
def _get_instances(self, question_list, w3af_core): ''' :param question_list: A list of question ids :param w3af_core: The w3af core object to pass to the question id :return: A list of question objects ''' res = [] mod = 'core.controllers.wizard.questions.question_%s' for question_id in question_list: klass = mod % question_id question_inst = factory(klass, w3af_core) res.append(question_inst) return res
def __init__(self): # Instanciate the w3af plugins print "loading w3af plugins" print "--------------------" for pluginName in plugins: try: print "Loading %s... " % pluginName, plugin = factory('plugins.' + pluginName) self.loadedPlugins.append(plugin) print "%s%s" % (' ' * (30 - len(pluginName)), "Success") except w3afException, e: #print str(e) # This needs to be uncommented to see what is the exception print "%s%s" % (' ' * (30 - len(pluginName)), "Failed")
def getPluginInstance(self, pluginName, pluginType): ''' @return: An instance of a plugin. ''' pluginInst = factory('plugins.' + pluginType + '.' + pluginName) pluginInst.setUrlOpener(self._w3af_core.uriOpener) if pluginName in self._plugins_options[ pluginType ].keys(): pluginInst.setOptions(self._plugins_options[pluginType ][pluginName]) # This will init some plugins like mangle and output if pluginType == 'attack' and not self.initialized: self.init_plugins() return pluginInst
def __init__(self): # Instanciate the w3af plugins print "loading w3af plugins" print "--------------------" for pluginName in plugins: try: print "Loading %s... " % pluginName , plugin = factory('plugins.' + pluginName) self.loadedPlugins.append(plugin) print "%s%s" % (' '*(30-len(pluginName)), "Success") except w3afException, e: #print str(e) # This needs to be uncommented to see what is the exception print "%s%s" % (' '*(30-len(pluginName)), "Failed")
def get_plugin_inst(self, plugin_type, plugin_name): ''' :return: An instance of a plugin. ''' plugin_inst = factory('plugins.' + plugin_type + '.' + plugin_name) plugin_inst.set_url_opener(self._w3af_core.uri_opener) plugin_inst.set_worker_pool(self._w3af_core.worker_pool) if plugin_name in self._plugins_options[plugin_type].keys(): custom_options = self._plugins_options[plugin_type][plugin_name] plugin_inst.set_options(custom_options) # This will init some plugins like mangle and output if plugin_type == 'attack' and not self.initialized: self.init_plugins() return plugin_inst
def test_all_questions(self): ''' This is a very basic test where we perform the following: * Create an instance * Exercise all getters * Exercise all setters * Make sure "back" works ''' mod = 'core.controllers.wizard.questions.%s' w3af_core = w3afCore() for filename in os.listdir('core/controllers/wizard/questions/'): question_id, ext = os.path.splitext(filename) if question_id in ('__init__', '.git') or ext == '.pyc': continue klass = mod % question_id question_inst = factory(klass, w3af_core) yield self._test_qid, question_inst
def _run_plugins( self, response ): ''' Runs password profiling plugins to collect data from HTML, TXT, PDF, etc files. @parameter response: A httpResponse object @return: A map with word:repetitions ''' # Create plugin instances only once if not self._plugins: for plugin_name in self._plugin_name_list: plugin_instance = factory( 'plugins.grep.passwordProfilingPlugins.' + plugin_name ) self._plugins.append( plugin_instance ) res = {} for plugin in self._plugins: wordMap = plugin.getWords( response ) if wordMap is not None: # If a plugin returned something thats not None, then we are done. # this plugins only return a something different of None of they found something res = wordMap break return res
def plugin_factory( self, strReqPlugins, pluginType ): ''' This method creates the requested modules list. @parameter strReqPlugins: A string list with the requested plugins to be executed. @parameter pluginType: [audit|discovery|grep] @return: A list with plugins to be executed, this list is ordered using the exec priority. ''' requestedPluginsList = [] if 'all' in strReqPlugins: fileList = [ f for f in os.listdir('plugins' + os.path.sep+ pluginType + os.path.sep ) ] allPlugins = [ os.path.splitext(f)[0] for f in fileList if os.path.splitext(f)[1] == '.py' ] allPlugins.remove ( '__init__' ) if len ( strReqPlugins ) != 1: # [ 'all', '!sqli' ] # I want to run all plugins except sqli unwantedPlugins = [ x[1:] for x in strReqPlugins if x[0] =='!' ] strReqPlugins = list( set(allPlugins) - set(unwantedPlugins) ) #bleh! v2 else: strReqPlugins = allPlugins # Update the plugin list # This update is usefull for cases where the user selected "all" plugins, # the self._plugin_name_list[pluginType] is useless if it says 'all'. self._plugin_name_list[pluginType] = strReqPlugins for pluginName in strReqPlugins: plugin = factory( 'plugins.' + pluginType + '.' + pluginName ) # Now we are going to check if the plugin dependencies are met for dep in plugin.getPluginDeps(): try: depType, depPlugin = dep.split('.') except: msg = ('Plugin dependencies must be indicated using ' 'pluginType.pluginName notation. This is an error in ' '%s.getPluginDeps().' % pluginName) raise w3afException(msg) if depType == pluginType: if depPlugin not in strReqPlugins: if cf.cf.getData('autoDependencies'): strReqPlugins.append( depPlugin ) om.out.information('Auto-enabling plugin: ' + pluginType + '.' + depPlugin) # nice recursive call, this solves the "dependency of dependency" problem =) return self.plugin_factory( strReqPlugins, depType ) else: msg = ('Plugin "%s" depends on plugin "%s" and ' '"%s" is not enabled.' % (pluginName, dep, dep)) raise w3afException(msg) else: if depPlugin not in self._plugin_name_list[depType]: if cf.cf.getData('autoDependencies'): dependObj = factory( 'plugins.' + depType + '.' + depPlugin ) dependObj.setUrlOpener( self._w3af_core.uriOpener ) if dependObj not in self.plugins[depType]: self.plugins[depType].insert( 0, dependObj ) self._plugin_name_list[depType].append( depPlugin ) om.out.information('Auto-enabling plugin: ' + depType + '.' + depPlugin) else: msg = ('Plugin "%s" depends on plugin "%s" and ' '"%s" is not enabled.' % (pluginName, dep, dep)) raise w3afException(msg) else: # if someone in another planet depends on me... run first self._plugin_name_list[depType].remove( depPlugin ) self._plugin_name_list[depType].insert( 0, depPlugin ) # Now we set the plugin options if pluginName in self._plugins_options[ pluginType ]: pOptions = self._plugins_options[ pluginType ][ pluginName ] plugin.setOptions( pOptions ) # This sets the url opener for each module that is called inside the for loop plugin.setUrlOpener( self._w3af_core.uriOpener ) # Append the plugin to the list requestedPluginsList.append ( plugin ) # The plugins are all on the requestedPluginsList, now I need to order them # based on the module dependencies. For example, if A depends on B , then # B must be run first. orderedPluginList = [] for plugin in requestedPluginsList: deps = plugin.getPluginDeps() if len( deps ) != 0: # This plugin has dependencies, I should add the plugins in order for plugin2 in requestedPluginsList: if pluginType+'.'+plugin2.getName() in deps and plugin2 not in orderedPluginList: orderedPluginList.insert( 1, plugin2) # Check if I was added because of a dep, if I wasnt, add me. if plugin not in orderedPluginList: orderedPluginList.insert( 100, plugin ) # This should never happend. if len(orderedPluginList) != len(requestedPluginsList): error_msg = ('There is an error in the way w3afCore orders ' 'plugins. The ordered plugin list length is not equal to the ' 'requested plugin list.') om.out.error( error_msg, newLine=False) om.out.error('The error was found sorting plugins of type: '+ pluginType +'.') error_msg = ('Please report this bug to the developers including a ' 'complete list of commands that you run to get to this error.') om.out.error(error_msg) om.out.error('Ordered plugins:') for plugin in orderedPluginList: om.out.error('- ' + plugin.getName() ) om.out.error('\nRequested plugins:') for plugin in requestedPluginsList: om.out.error('- ' + plugin.getName() ) sys.exit(-1) return orderedPluginList
def get_quick_instance(plugin_type, plugin_name): plugin_module = '.'.join(['plugins', plugin_type, plugin_name]) return factory(plugin_module)