def discover(self, fuzzableRequest): """ Search zone_h and parse the output. @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. """ if not self._exec: # This will remove the plugin from the discovery plugins to be runned. raise w3afRunOnce() else: # Only run once self._exec = False target_domain = urlParser.getRootDomain(fuzzableRequest.getURL()) # Example URL: # http://www.zone-h.org/archive/domain=cyprus-stones.com # TODO: Keep this URL updated! zone_h_url = "http://www.zone-h.org/archive/domain=" + target_domain try: response = self._urlOpener.GET(zone_h_url) except w3afException, e: msg = "An exception was raised while running zone-h plugin. Exception: " + str(e) om.out.debug(msg) else:
def discover(self, fuzzableRequest ): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' if not self._run: # This will remove the plugin from the discovery plugins to be runned. raise w3afRunOnce() else: # This plugin will only run one time. self._run = False pks_se = pks( self._urlOpener) url = fuzzableRequest.getURL() domain_root = urlParser.getRootDomain( url ) results = pks_se.search( domain_root ) for result in results: i = info.info() i.setPluginName(self.getName()) i.setURL( 'http://pgp.mit.edu:11371/' ) i.setId( [] ) mail = result.username +'@' + domain_root i.setName( mail ) i.setDesc( 'The mail account: "'+ mail + '" was found in the MIT PKS server. ' ) i['mail'] = mail i['user'] = result.username i['name'] = result.name i['url_list'] = ['http://pgp.mit.edu:11371/', ] kb.kb.append( 'mails', 'mails', i ) # Don't save duplicated information in the KB. It's useless. #kb.kb.append( self, 'mails', i ) om.out.information( i.getDesc() ) return []
def _get_to_check( self, domain ): ''' @return: From the domain, get a list of FQDN, rootDomain and IP address. ''' res = [] addrinfo = None try: addrinfo = socket.getaddrinfo( domain, 0) except: pass else: res.extend( [info[4][0] for info in addrinfo] ) fqdn = '' try: fqdn = socket.getfqdn( domain ) except: pass else: res.append( fqdn ) rootDomain = '' try: rootDomain = urlParser.getRootDomain( domain ) except Exception, e: om.out.debug( str(e) )
def _get_common_virtualhosts( self, domain ): ''' @parameter domain: The original domain name. @return: A list of possible domain names that could be hosted in the same web server that "domain". ''' res = [] common_virtual_hosts = ['intranet', 'intra', 'extranet', 'extra' , 'test' , 'test1' 'old' , 'new' , 'admin', 'adm', 'webmail', 'services', 'console', 'apps', 'mail', 'corporate', 'ws', 'webservice', 'private', 'secure', 'safe', 'hidden', 'public' ] for subdomain in common_virtual_hosts: # intranet res.append( subdomain ) # intranet.www.targetsite.com res.append( subdomain + '.' + domain ) # intranet.targetsite.com res.append( subdomain + '.' + urlParser.getRootDomain( domain ) ) # This is for: # intranet.targetsite res.append( subdomain + '.' + urlParser.getRootDomain( domain ).split('.')[0] ) return res
def grep(self, request, response): ''' Plugin entry point, get the emails and save them to the kb. @parameter request: The HTTP request @parameter request: The HTTP response @return: None ''' uri = response.getURI() if uri not in self._already_inspected: self._already_inspected.add(uri) self._grep_worker(request, response, 'mails', \ urlParser.getRootDomain(response.getURL())) if not self._only_target_domain: self._grep_worker(request, response, 'external_mails')
def __init__( self, httpResponse ): # "setBaseUrl" url = httpResponse.getURL() redirURL = httpResponse.getRedirURL() if redirURL: url = redirURL self._baseUrl = url self._baseDomain = urlParser.getDomain(url) self._rootDomain = urlParser.getRootDomain(url) # A nice default self._encoding = 'utf-8' # To store results self._emails = [] self._re_URLs = []
def get_webroot_dirs( domain=None ): ''' @return: A list of strings with possible webroots. This function also analyzed the contents of the knowledgeBase and tries to use that information in order to guess. ''' result = [] # This one has more probability of success that all the other ones together obtained_webroot = kb.kb.getData( 'pathDisclosure', 'webroot' ) if obtained_webroot: result.append(obtained_webroot) if domain: root_domain = urlParser.getRootDomain( 'http://' + domain ) result.append('/var/www/' + domain ) result.append( '/var/www/' + domain + '/www/' ) result.append( '/var/www/' + domain + '/html/' ) result.append( '/var/www/' + domain + '/htdocs/' ) result.append( '/home/' + domain ) result.append( '/home/' + domain + '/www/' ) result.append( '/home/' + domain + '/html/' ) result.append( '/home/' + domain + '/htdocs/' ) if domain != root_domain: result.append( '/home/' + root_domain ) result.append( '/home/' + root_domain + '/www/' ) result.append( '/home/' + root_domain + '/html/' ) result.append( '/home/' + root_domain + '/htdocs/' ) result.append('/var/www/' + root_domain ) result.append( '/var/www/' + root_domain + '/www/' ) result.append( '/var/www/' + root_domain + '/html/' ) result.append( '/var/www/' + root_domain + '/htdocs/' ) result.append('/var/www/') result.append('/var/www/html/') result.append('/var/www/htdocs/') return result
def discover(self, fuzzableRequest): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' result = [] # This will remove the plugin from the discovery plugins to be runned. if not self._run: raise w3afRunOnce() # This plugin will only run one time. self._run = False bingSE = bing(self._urlOpener) self._domain = domain = urlParser.getDomain(fuzzableRequest.getURL()) self._domainRoot = urlParser.getRootDomain(domain) results = bingSE.getNResults('@'+self._domainRoot, self._resultLimit) for result in results: targs = (result,) self._tm.startFunction(target=self._findAccounts, args=targs, ownerObj=self) self._tm.join(self) self.printUniq(kb.kb.getData('fingerBing', 'mails'), None) return result
def discover(self, fuzzableRequest ): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' if not self._run: # This will remove the plugin from the discovery plugins to be runned. raise w3afRunOnce() else: # This plugin will only run one time. self._run = False self._google = google(self._urlOpener) self._domain = domain = urlParser.getDomain( fuzzableRequest.getURL() ) self._domain_root = urlParser.getRootDomain( domain ) if self._fast_search: self._do_fast_search( domain ) else: self._do_complete_search( domain ) self._tm.join( self ) self.printUniq( kb.kb.getData( 'fingerGoogle', 'mails' ), None ) return []
def discover(self, fuzzableRequest ): ''' Search in xssed.com and parse the output. @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' if not self._exec : # This will remove the plugin from the discovery plugins to be runned. raise w3afRunOnce() else: # Only run once self._exec = False target_domain = urlParser.getRootDomain( fuzzableRequest.getURL() ) try: response = self._urlOpener.GET( self._xssed_url + "/search?key=." + target_domain ) except w3afException, e: msg = 'An exception was raised while running xssedDotCom plugin. Exception: ' msg += '"' + str(e) + '".' om.out.debug( msg ) else: