def discover(self, fuzzableRequest):
'''
@parameter fuzzableRequest: A fuzzableRequest instance that contains
(among other things) the URL to test.
'''
if not self._run:
# This will remove the plugin from the discovery plugins to be run.
raise w3afRunOnce()
# I will only run this one time. All calls to bing_spider return the same url's
self._run = False
bingSE = bing(self._uri_opener)
domain = fuzzableRequest.getURL().getDomain()
if is_private_site(domain):
msg = 'There is no point in searching Bing for "site:'+ domain + '".'
msg += ' Bing doesnt index private pages.'
raise w3afException( msg )
results = bingSE.getNResults('site:'+ domain, self._resultLimit)
for res in results:
self._run_async(meth=self._genFuzzableRequests, args=(res.URL,))
self._join()
return self._fuzzableRequests
def discover(self, fuzzableRequest):
'''
@parameter fuzzableRequest: A fuzzableRequest instance that contains
(among other things) the URL to test.
'''
result = []
# This will remove the plugin from the discovery plugins to be run.
if not self._run:
raise w3afRunOnce()
# This plugin will only run one time.
self._run = False
bingSE = bing(self._uri_opener)
self._domain = fuzzableRequest.getURL().getDomain()
self._domain_root = fuzzableRequest.getURL().getRootDomain()
results = bingSE.getNResults('@'+self._domain_root, self._resultLimit)
for result in results:
self._run_async(meth=self._findAccounts, args=(result,))
self._join()
self.printUniq(kb.kb.getData('fingerBing', 'mails'), None)
return result
def discover(self, fuzzableRequest):
'''
@parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test.
'''
result = []
# This will remove the plugin from the discovery plugins to be runned.
if not self._run:
raise w3afRunOnce()
# This plugin will only run one time.
self._run = False
bingSE = bing(self._urlOpener)
self._domain = domain = urlParser.getDomain(fuzzableRequest.getURL())
self._domainRoot = urlParser.getRootDomain(domain)
results = bingSE.getNResults('@'+self._domainRoot, self._resultLimit)
for result in results:
targs = (result,)
self._tm.startFunction(target=self._findAccounts, args=targs, ownerObj=self)
self._tm.join(self)
self.printUniq(kb.kb.getData('fingerBing', 'mails'), None)
return result
def discover(self, fuzzableRequest ):
'''
@parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test.
'''
if not self._run:
# This will remove the plugin from the discovery plugins to be runned.
raise w3afRunOnce()
else:
# I will only run this one time. All calls to sharedHosting return the same url's
self._run = False
bing_wrapper = bing( self._urlOpener )
domain = urlParser.getDomain( fuzzableRequest.getURL() )
if is_private_site( domain ):
msg = 'sharedHosting plugin is not checking for subdomains for domain: '
msg += domain + ' because its a private address.'
om.out.debug(msg)
else:
# Get the ip and do the search
addrinfo = None
try:
addrinfo = socket.getaddrinfo(domain, 0)
except:
raise w3afException('Could not resolve hostname: ' + domain )
ip_address_list = [info[4][0] for info in addrinfo]
ip_address_list = list( set(ip_address_list) )
# This is the best way to search, one by one!
for ip_address in ip_address_list:
results = bing_wrapper.getNResults('ip:'+ ip_address, self._result_limit )
results = [ urlParser.baseUrl( r.URL ) for r in results ]
results = list( set( results ) )
# not vuln by default
is_vulnerable = False
if len(results) > 1:
# We may have something...
is_vulnerable = True
if len(results) == 2:
# Maybe we have this case:
# [Mon 09 Jun 2008 01:08:26 PM ART] - http://216.244.147.14/
# [Mon 09 Jun 2008 01:08:26 PM ART] - http://www.business.com/
# Where www.business.com resolves to 216.244.147.14; so we don't really
# have more than one domain in the same server.
res0 = socket.gethostbyname( urlParser.getDomain( results[0] ) )
res1 = socket.gethostbyname( urlParser.getDomain( results[1] ) )
if res0 == res1:
is_vulnerable = False
if is_vulnerable:
severityOfThisVuln = severity.MEDIUM
v = vuln.vuln()
v.setPluginName(self.getName())
v.setURL(fuzzableRequest.getURL())
v.setId(1)
v['alsoInHosting'] = results
msg = 'The web application under test seems to be in a shared hosting. '
msg += 'This list of domains, and the domain of the web application under '
msg += 'test, all point to the same IP address (%s):\n' % ip_address
for url in results:
domain = urlParser.getDomain(url)
msg += '- %s\n' % url
kb.kb.append( self, 'domains', domain)
v.setDesc( msg )
v.setName( 'Shared hosting' )
v.setSeverity(severityOfThisVuln)
om.out.vulnerability( msg, severity=severityOfThisVuln )
kb.kb.append( self, 'sharedHosting', v )
return []
