def parseAllConfFiles(self, files):
"""
Parse all *.conf files into the config directory
@Args files: list of config files to parse
@Returns None
"""
# ----
# Parse INSTALL_STATUS_CONF_FILE
if INSTALL_STATUS_CONF_FILE + CONF_EXT not in files:
self.output.printError(
'Install status file ({0}/{1}.{2}) is missing'.format(
SETTINGS_DIR, INSTALL_STATUS_CONF_FILE, CONF_EXT))
sys.exit(0)
self.config_parsers[INSTALL_STATUS_CONF_FILE] = DefaultConfigParser()
self.config_parsers[INSTALL_STATUS_CONF_FILE].read(
FileUtils.concat_path(self.settings_dir,
INSTALL_STATUS_CONF_FILE + CONF_EXT))
files.remove(INSTALL_STATUS_CONF_FILE + CONF_EXT)
# ----
# Parse MULTI_SERVICES_CONF_FILE
support_multi_services_tools = MULTI_SERVICES_CONF_FILE + CONF_EXT in files
self.parseToolsConfFile(MULTI_SERVICES_CONF_FILE + CONF_EXT)
files.remove(MULTI_SERVICES_CONF_FILE + CONF_EXT)
# ----
# Parse services *.conf files
for f in files:
self.parseToolsConfFile(f)
def parseConfFiles(self, files):
"""
Parse all *.conf files into the config directory
@Args files: list of config files to parse
@Returns None
"""
# Process *.conf files
for f in files:
self.output.printInfo(
'Parsing configuration file "{0}" ...'.format(f))
full_path = FileUtils.concat_path(self.settings_dir, f)
service_name = f[:f.rfind(CONF_EXT)].lower().strip()
self.config_parsers[service_name] = DefaultConfigParser()
self.config_parsers[service_name].read(full_path)
#config_parser = DefaultConfigParser()
#config_parser.read(full_path)
# Add the entry into general settings for the service
self.general_settings[service_name] = {}
# General settings - [general] in .conf file
self.general_settings[service_name]['tools_categories'] = [
e.lower()
for e in self.config_parsers[service_name].safeGetList(
'general', 'tools_categories', ',', [])
]
# General settings - Optional/Specific settings (depends on the targeted servicee)
if service_name in SPECIFIC_TOOL_OPTIONS.keys():
for option in SPECIFIC_TOOL_OPTIONS[service_name]:
if SPECIFIC_TOOL_OPTIONS[service_name][option]:
setting_name = SPECIFIC_TOOL_OPTIONS[service_name][
option]
self.general_settings[service_name][setting_name] = \
[ e.lower() for e in self.config_parsers[service_name].safeGetList('general', setting_name, ',', []) ]
# Check general settings for the current service
self.checkGeneralSettings(service_name)
# Add service as new toolbox section
self.toolbox.addService(service_name)
# Add tools in current config file into the toolbox, under the correct service section
for section in self.config_parsers[service_name].sections():
if section.startswith('tool_'):
newtool = self.createToolFromConfiguration(
section, service_name)
if newtool:
if not self.toolbox.addTool(newtool, service_name):
self.output.printWarning(
'Unable to add tool "{0}" into the toolbox'.
format(newtool.name))
else:
#self.output.printSettings('Tool "{0}" added into the toolbox (category "{1}")'.format(newtool.name,
# newtool.category))
pass
def __parse_conf_file(self):
parser = DefaultConfigParser()
# Utf-8 to avoid encoding issues
parser.read(EXPLOITS_CONF, 'utf8')
for section in parser.sections():
type_ = parser.safe_get(section, 'type', '', None)
if type_ not in SUPPORTED_TYPES:
raise SettingsException('Unsupported exploit type for [{}]'.format(type_))
rawcmd = parser.safe_get(section, 'command', '', None)
if not rawcmd:
raise SettingsException('No command specified for [{}]'.format(rawcmd))
description = parser.safe_get(section, 'description', '', None)
success = parser.safe_get(section, 'success', '', None)
exploit = Exploit(section, description, type_, rawcmd, success)
self.exploits.append(exploit)
def __parse_all_conf_files(self, files):
"""
Parse all *.conf files into the settings directory.
Initialize ServicesConfig object with list of supported services
:param files: List of files in settings directory
:return: None
"""
list_services = list()
for f in files:
name = FileUtils.remove_ext(f).lower().strip()
if name not in (INSTALL_STATUS_CONF_FILE, TOOLBOX_CONF_FILE):
list_services.append(name)
full_path = FileUtils.concat_path(SETTINGS_DIR, f)
self.config_parsers[name] = DefaultConfigParser()
self.config_parsers[name].read(full_path, 'utf8') # utf8 to avoid encoding issues
list_services.append('multi') # Add support for special "multi" service
self.services = ServicesConfig(list_services)
def parseConfig(self):
config = DefaultConfigParser()
configPath = FileUtils.buildPath(self.script_path, "default.conf")
config.read(configPath)
# General
self.threadsCount = config.safe_getint("general", "threads", 10, list(range(1, 50)))
self.excludeStatusCodes = config.safe_get("general", "exclude-status", None)
self.redirect = config.safe_getboolean("general", "follow-redirects", False)
self.recursive = config.safe_getboolean("general", "recursive", False)
self.recursive_level_max = config.safe_getint("general", "recursive-level-max", 1)
self.suppressEmpty = config.safe_getboolean("general", "suppress-empty", False)
self.testFailPath = config.safe_get("general", "scanner-fail-path", "").strip()
self.saveHome = config.safe_getboolean("general", "save-logs-home", False)
# Reports
self.autoSave = config.safe_getboolean("reports", "autosave-report", False)
self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"])
# Dictionary
self.wordlist = config.safe_get("dictionary", "wordlist",
FileUtils.buildPath(self.script_path, "db", "dicc.txt"))
self.lowercase = config.safe_getboolean("dictionary", "lowercase", False)
self.forceExtensions = config.safe_get("dictionary", "force-extensions", False)
# Connection
self.useRandomAgents = config.safe_get("connection", "random-user-agents", False)
self.useragent = config.safe_get("connection", "user-agent", None)
self.delay = config.safe_get("connection", "delay", 0)
self.timeout = config.safe_getint("connection", "timeout", 30)
self.maxRetries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
self.httpmethod = config.safe_get("connection", "httpmethod", "get", ["get", "head", "post"])
self.requestByHostname = config.safe_get("connection", "request-by-hostname", False)
def parseConfig(self):
config = DefaultConfigParser()
configPath = FileUtils.buildPath(self.script_path, "default.conf")
config.read(configPath)
# General
self.threadsCount = config.safe_getint("general", "threads", 10,
list(range(1, 50)))
self.excludeStatusCodes = config.safe_get("general", "exclude-status",
None)
self.redirect = config.safe_getboolean("general", "follow-redirects",
False)
self.recursive = config.safe_getboolean("general", "recursive", False)
self.suppressEmpty = config.safe_getboolean("general",
"suppress-empty", False)
self.testFailPath = config.safe_get("general", "scanner-fail-path",
"").strip()
self.saveHome = config.safe_getboolean("general", "save-logs-home",
False)
# Reports
self.autoSave = config.safe_getboolean("reports", "autosave-report",
False)
self.autoSaveFormat = config.safe_get("reports",
"autosave-report-format",
"plain",
["plain", "json", "simple"])
# Dictionary
self.wordlist = config.safe_get(
"dictionary", "wordlist",
FileUtils.buildPath(self.script_path, "db", "dicc.txt"))
self.lowercase = config.safe_getboolean("dictionary", "lowercase",
False)
self.forceExtensions = config.safe_get("dictionary",
"force-extensions", False)
# Connection
self.useRandomAgents = config.safe_get("connection",
"random-user-agents", False)
self.useragent = config.safe_get("connection", "user-agent", None)
self.delay = config.safe_get("connection", "delay", 0)
self.timeout = config.safe_getint("connection", "timeout", 30)
self.maxRetries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
self.requestByHostname = config.safe_get("connection",
"request-by-hostname", False)
def parseConfig(self):
config = DefaultConfigParser()
configPath = FileUtils.buildPath(self.script_path, "default.conf")
config.read(configPath)
# General
self.threadsCount = config.safe_getint(
"general", "threads", 20, list(range(1, 200))
)
self.includeStatusCodes = config.safe_get("general", "include-status", None)
self.excludeStatusCodes = config.safe_get("general", "exclude-status", None)
self.excludeTexts = config.safe_get("general", "exclude-texts", None)
self.redirect = config.safe_getboolean("general", "follow-redirects", False)
self.recursive = config.safe_getboolean("general", "recursive", False)
self.recursive_level_max = config.safe_getint(
"general", "recursive-level-max", 1
)
self.suppressEmpty = config.safe_getboolean("general", "suppress-empty", False)
self.testFailPath = config.safe_get("general", "scanner-fail-path", "").strip()
self.saveHome = config.safe_getboolean("general", "save-logs-home", False)
self.defaultExtensions = config.safe_get("general", "default-extensions", "php,asp,aspx,jsp,jspx,html,htm,js,txt")
# Reports
self.quietMode = config.safe_get("reports", "quiet-mode", False)
self.autoSave = config.safe_getboolean("reports", "autosave-report", False)
self.autoSaveFormat = config.safe_get(
"reports", "autosave-report-format", "plain", ["plain", "json", "simple"]
)
# Dictionary
self.wordlist = config.safe_get(
"dictionary",
"wordlist",
FileUtils.buildPath(self.script_path, "db", "dicc.txt"),
)
self.lowercase = config.safe_getboolean("dictionary", "lowercase", False)
self.uppercase = config.safe_getboolean("dictionary", "uppercase", False)
self.forceExtensions = config.safe_get("dictionary", "force-extensions", False)
self.noDotExtensions = config.safe_get("dictionary", "no-dot-extensions", False)
# Connection
self.useRandomAgents = config.safe_get(
"connection", "random-user-agents", False
)
self.useragent = config.safe_get("connection", "user-agent", None)
self.delay = config.safe_get("connection", "delay", 0)
self.timeout = config.safe_getint("connection", "timeout", 20)
self.maxRetries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
self.proxylist = config.safe_get("connection", "http-proxy-list", None)
self.httpmethod = config.safe_get(
"connection", "httpmethod", "get", ["get", "head", "post", "put", "delete", "trace", "options"]
)
self.requestByHostname = config.safe_get(
"connection", "request-by-hostname", False
)
def parseConfig(self):
config = DefaultConfigParser()
configPath = FileUtils.buildPath(self.script_path, "default.conf")
config.read(configPath)
# General
self.threadsCount = config.safe_getint("general", "threads", 10,
list(range(1, 50)))
self.excludeStatusCodes = config.safe_get("general", "exclude-status",
None)
self.redirect = config.safe_getboolean("general", "follow-redirects",
False)
self.recursive = config.safe_getboolean("general", "recursive", False)
self.testFailPath = config.safe_get("general", "test-fail-path",
"youCannotBeHere7331").strip()
# Reports
self.autoSave = config.safe_getboolean("reports", "autosave-report",
False)
self.autoSaveFormat = config.safe_get("reports",
"autosave-report-format",
"plain",
["plain", "json", "simple"])
# Dictionary
self.wordlist = config.safe_get(
"dictionary", "wordlist",
FileUtils.buildPath(self.script_path, "db", "dicc.txt"))
self.lowercase = config.safe_getboolean("dictionary", "lowercase",
False)
# Connection
self.useragent = config.safe_get("connection", "user-agent", None)
self.timeout = config.safe_getint("connection", "timeout", 30)
self.maxRetries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
def __parse_conf_file(self):
parser = DefaultConfigParser()
# Utf-8 to avoid encoding issues
parser.read(EXPLOITS_CONF, 'utf8')
for section in parser.sections():
# Vulnerable product name
product = parser.safe_get(section, 'product', '', None)
if not product:
raise SettingsException('No vulnerable product name specified for ' \
'[{}]'.format(section))
# Vulnerability description
description = parser.safe_get(section, 'description', '', None)
if not description:
raise SettingsException('Missing vulnerability description for ' \
'[{}]'.format(section))
# Vulnerability type
type_ = parser.safe_get(section, 'type', '', None)
if type_ not in SUPPORTED_TYPES:
raise SettingsException(
'Unsupported vulnerability type for [{}]'.format(section))
# Detection command
detection_rawcmd = parser.safe_get(section, 'detection_cmd', '',
None)
# Detection command output success
detection_success = parser.safe_get(section, 'detection_success',
'', None)
if detection_rawcmd and len(
detection_rawcmd) > 0 and not detection_success:
raise SettingsException('Missing "detection_success" for [{}] since ' \
'"detection_cmd" is defined'.format(section))
# Exploit command
exploit_rawcmd = parser.safe_get(section, 'exploit_cmd', '', None)
# Exploit RCE output
exploit_rce_output = parser.safe_get_boolean(
section, 'exploit_rce_output', True)
# Exploit command output success (for auto test when exploit_rce_output == True)
exploit_success = parser.safe_get(section, 'exploit_success', '',
None)
if exploit_rawcmd and \
len(exploit_rawcmd) > 0 and \
exploit_rce_output and \
not exploit_success:
raise SettingsException(
'Missing "exploit_success" for [{}] since '
'"exploit_cmd" is defined and "exploit_rce_output=true"'.
format(section))
exploit = Exploit(section, product, description, type_,
detection_rawcmd, detection_success,
exploit_rawcmd, exploit_rce_output,
exploit_success)
self.exploits.append(exploit)
def parseConfig(self):
config = DefaultConfigParser()
configPath = FileUtils.buildPath(self.script_path, "default.conf")
config.read(configPath)
# General
self.threadsCount = config.safe_getint("general", "threads", 10, range(1, 50))
self.excludeStatusCodes = config.safe_get("general", "exclude-status", None)
self.redirect = config.safe_getboolean("general", "follow-redirects", False)
self.recursive = config.safe_getboolean("general", "recursive", False)
self.testFailPath = config.safe_get("general", "test-fail-path", "youCannotBeHere7331").strip()
# Reports
self.autoSave = config.safe_getboolean("reports", "autosave-report", False)
self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"])
# Dictionary
self.wordlist = config.safe_get("dictionary", "wordlist", FileUtils.buildPath(self.script_path, "db", "dicc.txt"))
self.lowercase = config.safe_getboolean("dictionary", "lowercase", False)
# Connection
self.useragent = config.safe_get("connection", "user-agent", None)
self.timeout = config.safe_getint("connection", "timeout", 30)
self.maxRetries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
def parse_config(self):
config = DefaultConfigParser()
config_path = FileUtils.build_path(self.script_path, "default.conf")
config.read(config_path)
# General
self.threads_count = config.safe_getint("general", "threads", 10,
list(range(1, 50)))
self.redirect = config.safe_getboolean("general", "follow-redirects",
False)
# Credentials
self.wordlist = config.safe_get(
"credentials", "userpass-wordlist",
FileUtils.build_path(self.script_path, "db", "default.txt"))
# Connection
self.use_random_agents = config.safe_get("connection",
"random-user-agents", False)
self.useragent = config.safe_get("connection", "user-agent", None)
self.delay = config.safe_get("connection", "delay", 0)
self.timeout = config.safe_getint("connection", "timeout", 30)
self.max_retries = config.safe_getint("connection", "max-retries", 5)
self.proxy = config.safe_get("connection", "http-proxy", None)
self.dns_cache = config.safe_get("connection", "dns-cache", False)
def parseToolsConfFile(self, file):
"""
Parse a given settings file
"""
#self.output.printInfo('Parsing configuration file "{0}" ...'.format(file))
full_path = FileUtils.concat_path(self.settings_dir, file)
conf_filename = FileUtils.remove_ext(file).lower().strip()
self.config_parsers[conf_filename] = DefaultConfigParser()
self.config_parsers[conf_filename].read(full_path)
# Add the entry into general settings for the service
self.general_settings[conf_filename] = {}
if conf_filename == MULTI_SERVICES_CONF_FILE:
self.general_settings[conf_filename]['tools_categories'] = ['all']
else:
# General settings - [general] in .conf file
tools_cats = self.config_parsers[conf_filename].safeGetList(
'general', 'tools_categories', ',', [])
self.general_settings[conf_filename]['tools_categories'] = [
StringUtils.cleanSpecialChars(e).lower() for e in tools_cats
]
# General settings - Optional/Specific settings (depends on the targeted service)
if conf_filename in SPECIFIC_TOOL_OPTIONS.keys():
for option in SPECIFIC_TOOL_OPTIONS[conf_filename]:
setting_name = SPECIFIC_TOOL_OPTIONS[conf_filename][option]
if setting_name:
self.general_settings[conf_filename][setting_name] = \
[ e.lower() for e in self.config_parsers[conf_filename].safeGetList('general', setting_name, ',', []) ]
# Check general settings for the current service
self.checkGeneralSettings(conf_filename)
# Add service as new toolbox section
self.toolbox.addService(conf_filename)
# Add tools in current config file into the toolbox, under the correct service section
for section in self.config_parsers[conf_filename].sections():
if section.startswith(PREFIX_TOOL_SECTIONNAME):
if conf_filename != MULTI_SERVICES_CONF_FILE:
newtool = self.createToolFromConfiguration(
section, conf_filename, tooltype=ToolType.STANDARD)
else:
newtool = self.createToolFromConfiguration(
section,
conf_filename,
tooltype=ToolType.MULTI_SERVICES)
elif section.startswith(PREFIX_TOOL_USEMULTI_SECTIONNAME):
newtool = self.createToolFromConfiguration(
section, conf_filename, tooltype=ToolType.USE_MULTI)
else:
continue
if newtool:
if not self.toolbox.addTool(newtool, conf_filename):
self.output.printWarning(
'Unable to add tool "{0}" into the toolbox'.format(
newtool.name))
else:
#self.output.printSettings('Tool "{0}" added into the toolbox (category "{1}")'.format(newtool.name,
# newtool.category))
pass
def parseConfig(self):
config = DefaultConfigParser()
