def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Stream edition expressions'
h1 = 'Stream edition expressions are strings that tell the sed plugin what to change.'
h1 += ' Sed plugin uses regular expressions, some examples: \n - qh/User/NotLuser/ ;'
h1 += ' This will make sed search in the the re[q]uest [h]eader for the string User'
h1 += ' and replace it with NotLuser.\n - sb/[fF]orm/form ; This will make sed search'
h1 += ' in the re[s]ponse [b]ody for the strings form or Form and replace it with form.'
h1 += ' Multiple expressions can be specified separated by commas.'
o1 = option('expressions', self._expressions, d1, 'list', help=h1)
d2 = 'Fix the content length header after mangling'
o2 = option('fixContentLen', self._user_option_fix_content_len, d2, 'boolean')
d3 = 'Plugin execution priority'
h3 = 'Mangle plugins are ordered using the priority parameter'
o3 = option('priority', self._priority, d3, 'integer', help=h3)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'IP address that the webserver will use to receive requests'
h1 = 'w3af runs a webserver to serve the files to the target web app'
h1 += ' when doing remote file inclusions. This setting configures on what IP address the'
h1 += ' webserver is going to listen.'
o1 = option('listenAddress', self._listen_address, d1, 'string', help=h1)
d2 = 'Port that the webserver will use to receive requests'
h2 = 'w3af runs a webserver to serve the files to the target web app'
h2 += ' when doing remote file inclusions. This setting configures on what IP address'
h2 += ' the webserver is going to listen.'
o2 = option('listenPort', self._listen_port, d2, 'integer', help=h2)
d3 = 'Instead of including a file in a local webserver; include the result of'
d3 += ' exploiting a XSS bug.'
o3 = option('useXssBug', self._use_XSS_vuln, d3, 'boolean')
d4 = 'If true, this plugin will try to generate only one shell object.'
o4 = option('generateOnlyOne', self._generateOnlyOne, d4, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "URL to exploit with fastExploit()"
o1 = option("url", self._url, d1, "string")
d2 = "Method to use with fastExploit()"
o2 = option("method", self._method, d2, "string")
d3 = "Data to send with fastExploit()"
o3 = option("data", self._data, d3, "string")
d4 = "The variable in data that holds the file content. Only used in fastExploit()"
o4 = option("fileVars", self._fileVars, d4, "string")
d5 = "The URI of the uploaded file. Only used with fastExploit()"
o5 = option("fileDest", self._fileDest, d5, "string")
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'URL to exploit with fastExploit()'
o1 = option('url', self._url, d1, 'string')
d2 = 'Method to use with fastExploit()'
o2 = option('method', self._method, d2, 'string')
d3 = 'Data to send with fastExploit()'
o3 = option('data', self._data, d3, 'string')
d4 = 'The variable in data that holds the file content. Only used in fastExploit()'
o4 = option('fileVars', self._fileVars, d4, 'string')
d5 = 'The URI of the uploaded file. Only used with fastExploit()'
o5 = option('fileDest', self._fileDest, d5, 'string')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Wordlist to use in the manifest file name bruteforcing process.'
o1 = option('wordlist', self._wordlist , d1, 'string')
d2 = 'File extensions to use when brute forcing Gears Manifest files'
o2 = option('manifestExtensions', self._extensions, d2, 'list')
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'IP address that the spiderMan proxy will use to receive requests'
o1 = option('listenAddress', self._listenAddress, d1, 'string')
d2 = 'Port that the spiderMan HTTP proxy server will use to receive requests'
o2 = option('listenPort', self._listenPort, d2, 'integer')
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "IP address that the spiderMan proxy will use to receive requests"
o1 = option("listenAddress", self._listenAddress, d1, "string")
d2 = "Port that the spiderMan HTTP proxy server will use to receive requests"
o2 = option("listenPort", self._listenPort, d2, "integer")
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "URL to exploit with fastExploit()"
o1 = option("url", self._url, d1, "string")
d2 = "Exploit only one vulnerability."
o2 = option("generateOnlyOne", self._generateOnlyOne, d2, "boolean")
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "Wordlist to use in the manifest file name bruteforcing process."
o1 = option("wordlist", self._wordlist, d1, "string")
d2 = "File extensions to use when brute forcing Gears Manifest files"
o2 = option("manifestExtensions", self._extensions, d2, "list")
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'URL to exploit with fastExploit()'
o1 = option('url', self._url, d1, 'string')
d2 = 'Exploit only one vulnerability.'
o2 = option('generateOnlyOne', self._generateOnlyOne, d2, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
d1 = 'Destination http port number to analize'
o1 = option('httpPort', self._http_port, d1, option.INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = option('httpsPort', self._https_port, d2, option.INT, help=d2)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Try to identify the remote operating system based on the remote users'
o1 = option('identifyOS', self._identify_OS, d1, 'boolean')
d2 = 'Try to identify applications installed remotely using the available users'
o2 = option('identifyApplications', self._identify_applications, d2, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'File name where this plugin will write to'
o1 = option('fileName', self._file_name, d1, 'string')
d3 = 'True if debug information will be appended to the report.'
o3 = option('verbose', self._verbose, d3, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o3)
return ol
def getOptions(self):
ol = optionList()
d = 'SMTP server ADDRESS to send notifications through, e.g. smtp.yourdomain.com'
o = option('smtpServer', self.smtpServer, d, 'string')
ol.add(o)
d = 'SMTP server PORT'
o = option('smtpPort', self.smtpPort, d, 'integer')
ol.add(o)
d = 'Recipient email address'
o = option('toAddrs', self.toAddrs, d, 'list')
ol.add(o)
d = '"From" email address'
o = option('fromAddr', self.fromAddr, d, 'string')
ol.add(o)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'CGI-BIN dirs where to search for vulnerable scripts.'
h1 = 'Pykto will search for vulnerable scripts in many places, one of them is inside'
h1 += ' cgi-bin directory. The cgi-bin directory can be anything and change from install'
h1 += ' to install, so its a good idea to make this a user setting. The directories should'
h1 += ' be supplied comma separated and with a / at the beggining and one at the end.'
h1 += ' Example: "/cgi/,/cgibin/,/bin/"'
o1 = option('cgiDirs', self._cgi_dirs , d1, 'list', help=h1)
d2 = 'Admin directories where to search for vulnerable scripts.'
h2 = 'Pykto will search for vulnerable scripts in many places, one of them is inside'
h2 += ' administration directories. The admin directory can be anything and change'
h2 += ' from install to install, so its a good idea to make this a user setting. The'
h2 += ' directories should be supplied comma separated and with a / at the beggining and'
h2 += ' one at the end. Example: "/admin/,/adm/"'
o2 = option('adminDirs', self._admin_dirs, d2, 'list', help=h2)
d3 = 'PostNuke directories where to search for vulnerable scripts.'
h3 = 'The directories should be supplied comma separated and with a / at the'
h3 += ' beggining and one at the end. Example: "/forum/,/nuke/"'
o3 = option('nukeDirs', self._nuke, d3, 'list', help=h3)
d4 = 'The path to the nikto scan_databse.db file.'
h4 = 'The default scan database file is ok in most cases.'
o4 = option('dbFile', self._db_file, d4, 'string', help=h4)
d5 = 'Test all files with all root directories'
h5 = 'Define if we will test all files with all root directories.'
o5 = option('mutateTests', self._mutate_tests, d5, 'boolean', help=h5)
d6 = 'Verify that pykto is using the latest scan_database from cirt.net.'
o6 = option('updateScandb', self._update_scandb, d6, 'boolean')
d7 = 'If generic scan is enabled all tests are sent to the remote server without'
d7 += ' checking the server type.'
h7 = 'Pykto will send all tests to the server if generic Scan is enabled. For example,'
h7 += ' if a test in the database is marked as "apache" and the remote server reported'
h7 += ' "iis" then the test is sent anyway.'
o7 = option('genericScan', self._generic_scan, d7, 'boolean', help=h7)
d8 = 'The path to the w3af_scan_databse.db file.'
h8 = 'This is a file which has some extra checks for files that are not present in the'
h8 += ' nikto database.'
o8 = option('extra_db_file', self._extra_db_file, d8, 'string', help=h8)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o8) # Intentionally out of order
ol.add(o5)
ol.add(o6)
ol.add(o7)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'The path to the phishtank database file.'
o1 = option('dbFile', self._phishtank_DB, d1, 'string')
d2 = 'Update the local phishtank database.'
h2 = 'If True, the plugin will download the phishtank database'
h2 += ' from http://www.phishtank.com/ .'
o2 = option('updateDB', self._update_DB, d2, 'boolean', help=h2)
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d2 = 'Fetch the first "resultLimit" results from the Google search'
o2 = option('resultLimit', self._result_limit, d2, 'integer')
d3 = 'Do a fast search, when this feature is enabled, not all mail addresses are found'
h3 = 'This method is faster, because it only searches for emails in the small page '
h3 += 'snippet that google shows to the user after performing a common search.'
o3 = option('fastSearch', self._fast_search, d3, 'boolean', help=h3)
ol = optionList()
ol.add(o2)
ol.add(o3)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "A comma separated list of URLs"
o1 = option("target", ",".join(cf.cf.getData("targets")), d1, "list")
d2 = "Target operating system (" + "/".join(self._operatingSystems) + ")"
h2 = "This setting is here to enhance w3af performance."
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._operatingSystems[:]
tmpList.remove(cf.cf.getData("targetOS"))
tmpList.insert(0, cf.cf.getData("targetOS"))
o2 = comboOption("targetOS", tmpList, d2, "combo", help=h2)
d3 = "Target programming framework (" + "/".join(self._programmingFrameworks) + ")"
h3 = "This setting is here to enhance w3af performance."
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._programmingFrameworks[:]
tmpList.remove(cf.cf.getData("targetFramework"))
tmpList.insert(0, cf.cf.getData("targetFramework"))
o3 = comboOption("targetFramework", tmpList, d3, "combo", help=h3)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'A comma separated list of URLs'
o1 = option('target', ','.join(str(tar) for tar in
cf.cf.getData('targets')), d1, 'list')
d2 = 'Target operating system ('+ '/'.join(self._operatingSystems) +')'
h2 = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._operatingSystems[:]
tmpList.remove( cf.cf.getData('targetOS') )
tmpList.insert(0, cf.cf.getData('targetOS') )
o2 = comboOption('targetOS', tmpList, d2, 'combo', help=h2)
d3 = 'Target programming framework ('+ '/'.join(self._programmingFrameworks) +')'
h3 = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._programmingFrameworks[:]
tmpList.remove( cf.cf.getData('targetFramework') )
tmpList.insert(0, cf.cf.getData('targetFramework') )
o3 = comboOption('targetFramework', tmpList, d3, 'combo', help=h3)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions(self):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Use simple grep mechanism'
h1 = 'Plugin will simply grep responses for risky JavaScript code'
o1 = option('simpleGrep', self._useSimpleGrep, d1, 'boolean', help=h1)
d2 = 'Use smart grep mechanism'
h2 = 'Plugin will use grep templates depended on context to find risky JavaScript code in responses'
o2 = option('smartGrep', self._useSmartGrep, d2, 'boolean', help=h2)
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Wordlist to use in directory bruteforcing process.'
o1 = option('wordlist', self._dir_list , d1, 'string')
d2 = 'If set to True, this plugin will bruteforce all directories, not only the root'
d2 += ' directory.'
o2 = option('be_recursive', self._be_recursive , d2, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "Apply URL fuzzing to all URLs, including images, videos, zip, etc."
h1 = "It's safe to leave this option as the default."
o1 = option("fuzzImages", self._fuzz_images, d1, "boolean", help=h1)
d2 = "Set the top number of sections to fuzz"
h2 = "It's safe to leave this option as the default. For example, with maxDigitSections"
h2 += " = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd."
o2 = option("maxDigitSections", self._max_digit_sections, d2, "integer", help=h2)
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Execute plugin only one time'
h1 = 'Generally the methods allowed for a URL are \
configured system wide, so executing this plugin only one \
time is the faster choice. The safest choice is to run it against every URL.'
o1 = option('execOneTime', self._exec_one_time, d1, 'boolean', help=h1)
d2 = 'Only report findings if uncommon methods are found'
o2 = option('reportDavOnly', self._report_dav_only, d2, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
ol = optionList()
d = "Set minimal amount of days before expiration of the certificate for alerting"
h = "If the certificate will expire in period of minExpireDays w3af will show alert about it"
o = option("minExpireDays", self._min_expire_days, d, "integer", help=h)
ol.add(o)
d = "Set minimal amount of days before expiration of the certificate for alerting"
h = "CA PEM file path"
o = option("caFileName", self._ca_file, d, "string", help=h)
ol.add(o)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'This is the location that the zombies will connect to (do not include the'
d1 += ' hook directory)'
h1 = 'This is configuration is directly passed to beEF XSS exploitation framework.'
o1 = option('beefURL', self._beefURL, d1, 'string', help=h1)
d2 = 'The configuration password for beef.'
h2 = 'This configuration parameter is needed to change the configuration of beEF.'
o2 = option('beefPasswd', self._beefPasswd, d2, 'string', help=h2)
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
h1 = 'It\'s safe to leave this option as the default.'
o1 = option('fuzzImages', self._fuzz_images, d1, 'boolean', help=h1)
d2 = 'Set the top number of sections to fuzz'
h2 = 'It\'s safe to leave this option as the default. For example, with maxDigitSections'
h2 += ' = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd.'
o2 = option('maxDigitSections', self._max_digit_sections, d2, 'integer', help=h2)
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def _getOptionObjects(self):
'''
@return: A list of options for this question.
'''
d1 = 'Target URL'
o1 = option('target','', d1, 'list')
o2 = option('targetOS','unknown', d1, 'string')
o3 = option('targetFramework','unknown', d1, 'string')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Users file to use in bruteforcing'
o1 = option('usersFile', self._usersFile, d1, 'string')
d2 = 'Passwords file to use in bruteforcing'
o2 = option('passwdFile', self._passwdFile, d2, 'string')
d3 = 'This indicates if we will use usernames from emails collected by w3af plugins in bruteforce.'
o3 = option('useMailUsers', self._useMailUsers, d3, 'boolean')
d4 = 'This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce.'
o4 = option('useSvnUsers', self._useSvnUsers, d4, 'boolean')
d5 = 'This indicates if the bruteforce should stop after finding the first correct user and password.'
o5 = option('stopOnFirst', self._stopOnFirst, d5, 'boolean')
d6 = 'This indicates if the bruteforce should try password equal user in logins.'
o6 = option('passEqUser', self._passEqUser, d6, 'boolean')
d7 = 'This indicates if the bruteforce should try l337 passwords'
o7 = option('useLeetPasswd', self._l337_p4sswd, d7, 'boolean')
d8 = 'This indicates if the bruteforcer should use emails collected by w3af plugins as users.'
o8 = option('useMails', self._useMails, d8, 'boolean')
d9 = 'This indicates if the bruteforce should use password profiling to collect new passwords.'
o9 = option('useProfiling', self._useProfiling, d9, 'boolean')
d10 = 'This indicates how many passwords from profiling will be used.'
o10 = option('profilingNumber', self._profilingNumber, d10, 'integer')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
ol.add(o6)
ol.add(o7)
ol.add(o8)
ol.add(o9)
ol.add(o10)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "Users file to use in bruteforcing"
o1 = option("usersFile", self._usersFile, d1, "string")
d2 = "Passwords file to use in bruteforcing"
o2 = option("passwdFile", self._passwdFile, d2, "string")
d3 = "This indicates if we will use usernames from emails collected by w3af plugins in bruteforce."
o3 = option("useMailUsers", self._useMailUsers, d3, "boolean")
d4 = "This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce."
o4 = option("useSvnUsers", self._useSvnUsers, d4, "boolean")
d5 = "This indicates if the bruteforce should stop after finding the first correct user and password."
o5 = option("stopOnFirst", self._stopOnFirst, d5, "boolean")
d6 = "This indicates if the bruteforce should try password equal user in logins."
o6 = option("passEqUser", self._passEqUser, d6, "boolean")
d7 = "This indicates if the bruteforce should try l337 passwords"
o7 = option("useLeetPasswd", self._l337_p4sswd, d7, "boolean")
d8 = "This indicates if the bruteforcer should use emails collected by w3af plugins as users."
o8 = option("useMails", self._useMails, d8, "boolean")
d9 = "This indicates if the bruteforce should use password profiling to collect new passwords."
o9 = option("useProfiling", self._useProfiling, d9, "boolean")
d10 = "This indicates how many passwords from profiling will be used."
o10 = option("profilingNumber", self._profilingNumber, d10, "integer")
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
ol.add(o6)
ol.add(o7)
ol.add(o8)
ol.add(o9)
ol.add(o10)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Use time delay (sleep() implementations)'
h1 = 'If set to True, w3af will checks insecure eval() usage by analyzing'
h1 += ' of time delay result of script execution.'
o1 = option('useTimeDelay', self._use_time_delay, d1, 'boolean', help=h1)
d2 = 'Use echo implementations'
h2 = 'If set to True, w3af will checks insecure eval() usage by grepping'
h2 += ' result of script execution for test strings.'
o2 = option('useEcho', self._use_echo, d2, 'boolean', help=h2)
ol = optionList()
ol.add(o1)
ol.add(o2)
return ol
def getOptions(self):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'The algorithm to use in the comparison of true and false response for blind sql.'
h1 = 'The options are: "stringEq" and "setIntersection". '
h1 += 'Read the long description for details.'
o1 = option('Hierarchical clustering level', self._level, d1, 'integer', help=h1)
ol = optionList()
ol.add(o1)
return ol
