def test_from_file(self): failed_json_files = [] processed_files = [] for language in DBVuln.get_all_languages(): json_path = os.path.join(DBVuln.DB_PATH, language) for _fname in os.listdir(json_path): _file_path = os.path.join(json_path, _fname) if os.path.isdir(_file_path): continue try: DBVuln.LANG = language dbv = DBVuln.from_file(_file_path) except: failed_json_files.append(_fname) continue processed_files.append(_fname) self.assertIsInstance(dbv.title, basestring) self.assertIsInstance(dbv.description, basestring) self.assertIsInstance(dbv.id, int) self.assertIsInstance(dbv.severity, basestring) self.assertIsInstance(dbv.wasc, (type(None), list)) self.assertIsInstance(dbv.tags, (type(None), list)) self.assertIsInstance(dbv.cwe, (type(None), list)) self.assertIsInstance(dbv.owasp_top_10, (type(None), dict)) self.assertIsInstance(dbv.fix_effort, int) self.assertIsInstance(dbv.fix_guidance, basestring) for ref in dbv.references: self.assertIsInstance(ref, Reference) self.assertEqual(failed_json_files, []) self.assertGreater(len(processed_files), 20)
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() # # Fuzzer parameters # d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter' opt = opt_factory('fuzz_cookies', cf.cf.get('fuzz_cookies'), d, BOOL, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates if w3af plugins will send payloads in the content of' ' multipart/post form files.') h = ('If enabled, and multipart/post forms with files are found, w3af' 'will fill those file inputs with pseudo-files containing the' 'payloads required to identify vulnerabilities.') opt = opt_factory('fuzz_form_files', cf.cf.get('fuzz_form_files'), d, BOOL, tabid='Fuzzer parameters', help=h) ol.add(opt) d = ( 'Indicates if w3af plugins will send fuzzed file names in order to' ' find vulnerabilities') h = ('For example, if the discovered URL is http://test/filename.php,' ' and fuzz_url_filenames is enabled, w3af will request among' ' other things: http://test/file\'a\'a\'name.php in order to' ' find SQL injections. This type of vulns are getting more ' ' common every day!') opt = opt_factory('fuzz_url_filenames', cf.cf.get('fuzz_url_filenames'), d, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = ('Indicates if w3af plugins will send fuzzed URL parts in order' ' to find vulnerabilities') h = ('For example, if the discovered URL is http://test/foo/bar/123,' ' and fuzz_url_parts is enabled, w3af will request among other ' ' things: http://test/bar/<script>alert(document.cookie)</script>' ' in order to find XSS.') opt = opt_factory('fuzz_url_parts', cf.cf.get('fuzz_url_parts'), desc, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = 'Indicates the extension to use when fuzzing file content' opt = opt_factory('fuzzed_files_extension', cf.cf.get('fuzzed_files_extension'), desc, STRING, tabid='Fuzzer parameters') ol.add(opt) desc = 'A list with all fuzzable header names' opt = opt_factory('fuzzable_headers', cf.cf.get('fuzzable_headers'), desc, LIST, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates what HTML form combo values w3af plugins will use:' ' all, tb, tmb, t, b') h = ( 'Indicates what HTML form combo values, e.g. select options values,' ' w3af plugins will use: all (All values), tb (only top and bottom' ' values), tmb (top, middle and bottom values), t (top values), b' ' (bottom values).') options = ['tmb', 'all', 'tb', 't', 'b'] opt = opt_factory('form_fuzzing_mode', options, d, COMBO, help=h, tabid='Fuzzer parameters') ol.add(opt) # # Core parameters # desc = 'Stop scan after first unhandled exception' h = ('This feature is only useful for developers that want their scan' ' to stop on the first exception that is raised by a plugin.' ' Users should leave this as False in order to get better' ' exception handling from w3af\'s core.') opt = opt_factory('stop_on_first_exception', cf.cf.get('stop_on_first_exception'), desc, BOOL, help=h, tabid='Core settings') ol.add(opt) desc = 'Maximum crawl time (minutes)' h = ('Many users tend to enable numerous plugins without actually' ' knowing what they are and the potential time they will take' ' to run. By using this parameter, users will be able to set' ' the maximum amount of time the crawl phase will run.') opt = opt_factory('max_discovery_time', cf.cf.get('max_discovery_time'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Maximum scan time (minutes)' h = ('Sets the maximum number of minutes for the scan to run. Use' ' zero to remove the limit.') opt = opt_factory('max_scan_time', cf.cf.get('max_scan_time'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL sub-path' h = ('Limit how many requests are performed for each URL sub-path' ' during crawling. For example, if the application links to' ' three products: /product/1 /product/2 and /product/3, and' ' this variable is set to two, only the first two URLs:' ' /product/1 and /product/2 will be crawled.') opt = opt_factory('path_max_variants', cf.cf.get('path_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL and parameter set' h = ('Limit how many requests are performed for each URL and parameter' ' set. For example, if the application links to three products:' ' /product?id=1 , /product?id=2 and /product?id=3, and this' ' variable is set to two, only the first two URLs:' ' /product?id=1 and /product?id=2 will crawled.') opt = opt_factory('params_max_variants', cf.cf.get('params_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for similar forms' h = ('Limit the number of HTTP requests to be sent to similar forms' ' during crawling. For example, if the application has multiple' ' HTML forms with the same parameters and different URLs set in' ' actions then only the configured number of forms are crawled.') opt = opt_factory('max_equal_form_variants', cf.cf.get('max_equal_form_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) # # Network parameters # desc = ('Local interface name to use when sniffing, doing reverse' ' connections, etc.') opt = opt_factory('interface', cf.cf.get('interface'), desc, STRING, tabid='Network settings') ol.add(opt) desc = 'Local IP address to use when doing reverse connections' opt = opt_factory('local_ip_address', cf.cf.get('local_ip_address'), desc, STRING, tabid='Network settings') ol.add(opt) # # URL and form exclusions # desc = 'A comma separated list of URLs that w3af should ignore' h = 'No HTTP requests will be sent to these URLs' opt = opt_factory('non_targets', cf.cf.get('non_targets'), desc, URL_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Filter forms to scan using form IDs' h = ('Form IDs allow the user to specify which forms will be either' ' included of excluded in the scan. The form IDs identified by' ' w3af will be written to the log (when verbose is set to true)' ' and can be used to define this setting for new scans.\n\n' 'Find more about form IDs in the "Advanced use cases" section' 'of the w3af documentation.') opt = opt_factory('form_id_list', cf.cf.get('form_id_list'), desc, FORM_ID_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Define the form_id_list filter behaviour' h = ( 'Change this setting to "include" if only a very specific set of' ' forms needs to be scanned. If forms matching the form_id_list' ' parameters need to be excluded then set this value to "exclude".' ) form_id_actions = [EXCLUDE, INCLUDE] tmp_list = form_id_actions[:] tmp_list.remove(cf.cf.get('form_id_action')) tmp_list.insert(0, cf.cf.get('form_id_action')) opt = opt_factory('form_id_action', tmp_list, desc, COMBO, help=h, tabid='Exclusions') ol.add(opt) # # Metasploit # desc = ('Full path of Metasploit framework binary directory (%s in ' 'most linux installs)' % cf.cf.get('msf_location')) opt = opt_factory('msf_location', cf.cf.get('msf_location'), desc, STRING, tabid='Metasploit') ol.add(opt) # # Language options # d = 'Set the language to use when reading from the vulnerability database' h = ( 'The vulnerability database stores descriptions, fix guidance, tags,' ' references and much more about each vulnerability the scanner can' ' identify. The database supports translations, so this information' ' can be in many languages. Use this setting to choose the language' ' in which the information will be displayed and stored in reports.' ) options = DBVuln.get_all_languages() opt = opt_factory('vulndb_language', options, d, COMBO, help=h, tabid='Language') ol.add(opt) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() # # Fuzzer parameters # d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter' opt = opt_factory('fuzz_cookies', cf.cf.get('fuzz_cookies'), d, BOOL, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates if w3af plugins will send payloads in the content of' ' multipart/post form files.') h = ('If enabled, and multipart/post forms with files are found, w3af' 'will fill those file inputs with pseudo-files containing the' 'payloads required to identify vulnerabilities.') opt = opt_factory('fuzz_form_files', cf.cf.get('fuzz_form_files'), d, BOOL, tabid='Fuzzer parameters', help=h) ol.add(opt) d = ('Indicates if w3af plugins will send fuzzed file names in order to' ' find vulnerabilities') h = ('For example, if the discovered URL is http://test/filename.php,' ' and fuzz_url_filenames is enabled, w3af will request among' ' other things: http://test/file\'a\'a\'name.php in order to' ' find SQL injections. This type of vulns are getting more ' ' common every day!') opt = opt_factory('fuzz_url_filenames', cf.cf.get('fuzz_url_filenames'), d, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = ('Indicates if w3af plugins will send fuzzed URL parts in order' ' to find vulnerabilities') h = ('For example, if the discovered URL is http://test/foo/bar/123,' ' and fuzz_url_parts is enabled, w3af will request among other ' ' things: http://test/bar/<script>alert(document.cookie)</script>' ' in order to find XSS.') opt = opt_factory('fuzz_url_parts', cf.cf.get('fuzz_url_parts'), desc, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = 'Indicates the extension to use when fuzzing file content' opt = opt_factory('fuzzed_files_extension', cf.cf.get('fuzzed_files_extension'), desc, STRING, tabid='Fuzzer parameters') ol.add(opt) desc = 'A list with all fuzzable header names' opt = opt_factory('fuzzable_headers', cf.cf.get('fuzzable_headers'), desc, LIST, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates what HTML form combo values w3af plugins will use:' ' all, tb, tmb, t, b') h = ('Indicates what HTML form combo values, e.g. select options values,' ' w3af plugins will use: all (All values), tb (only top and bottom' ' values), tmb (top, middle and bottom values), t (top values), b' ' (bottom values).') options = ['tmb', 'all', 'tb', 't', 'b'] opt = opt_factory('form_fuzzing_mode', options, d, COMBO, help=h, tabid='Fuzzer parameters') ol.add(opt) # # Core parameters # desc = 'Stop scan after first unhandled exception' h = ('This feature is only useful for developers that want their scan' ' to stop on the first exception that is raised by a plugin.' ' Users should leave this as False in order to get better' ' exception handling from w3af\'s core.') opt = opt_factory('stop_on_first_exception', cf.cf.get('stop_on_first_exception'), desc, BOOL, help=h, tabid='Core settings') ol.add(opt) desc = 'Maximum crawl time (minutes)' h = ('Many users tend to enable numerous plugins without actually' ' knowing what they are and the potential time they will take' ' to run. By using this parameter, users will be able to set' ' the maximum amount of time the crawl phase will run.') opt = opt_factory('max_discovery_time', cf.cf.get('max_discovery_time'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL sub-path' h = ('Limit how many requests are performed for each URL sub-path' ' during crawling. For example, if the application links to' ' three products: /product/1 /product/2 and /product/3, and' ' this variable is set to two, only the first two URLs:' ' /product/1 and /product/2 will be crawled.') opt = opt_factory('path_max_variants', cf.cf.get('path_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL and parameter set' h = ('Limit how many requests are performed for each URL and parameter' ' set. For example, if the application links to three products:' ' /product?id=1 , /product?id=2 and /product?id=3, and this' ' variable is set to two, only the first two URLs:' ' /product?id=1 and /product?id=2 will crawled.') opt = opt_factory('params_max_variants', cf.cf.get('params_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for similar forms' h = ('Limit the number of HTTP requests to be sent to similar forms' ' during crawling. For example, if the application has multiple' ' HTML forms with the same parameters and different URLs set in' ' actions then only the configured number of forms are crawled.') opt = opt_factory('max_equal_form_variants', cf.cf.get('max_equal_form_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) # # Network parameters # desc = ('Local interface name to use when sniffing, doing reverse' ' connections, etc.') opt = opt_factory('interface', cf.cf.get('interface'), desc, STRING, tabid='Network settings') ol.add(opt) desc = 'Local IP address to use when doing reverse connections' opt = opt_factory('local_ip_address', cf.cf.get('local_ip_address'), desc, STRING, tabid='Network settings') ol.add(opt) # # URL and form exclusions # desc = 'A comma separated list of URLs that w3af should ignore' h = 'No HTTP requests will be sent to these URLs' opt = opt_factory('non_targets', cf.cf.get('non_targets'), desc, URL_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Filter forms to scan using form IDs' h = ('Form IDs allow the user to specify which forms will be either' ' included of excluded in the scan. The form IDs identified by' ' w3af will be written to the log (when verbose is set to true)' ' and can be used to define this setting for new scans.\n\n' 'Find more about form IDs in the "Advanced use cases" section' 'of the w3af documentation.') opt = opt_factory('form_id_list', cf.cf.get('form_id_list'), desc, FORM_ID_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Define the form_id_list filter behaviour' h = ('Change this setting to "include" if only a very specific set of' ' forms needs to be scanned. If forms matching the form_id_list' ' parameters need to be excluded then set this value to "exclude".') form_id_actions = [EXCLUDE, INCLUDE] tmp_list = form_id_actions[:] tmp_list.remove(cf.cf.get('form_id_action')) tmp_list.insert(0, cf.cf.get('form_id_action')) opt = opt_factory('form_id_action', tmp_list, desc, COMBO, help=h, tabid='Exclusions') ol.add(opt) # # Metasploit # desc = ('Full path of Metasploit framework binary directory (%s in ' 'most linux installs)' % cf.cf.get('msf_location')) opt = opt_factory('msf_location', cf.cf.get('msf_location'), desc, STRING, tabid='Metasploit') ol.add(opt) # # Language options # d = 'Set the language to use when reading from the vulnerability database' h = ('The vulnerability database stores descriptions, fix guidance, tags,' ' references and much more about each vulnerability the scanner can' ' identify. The database supports translations, so this information' ' can be in many languages. Use this setting to choose the language' ' in which the information will be displayed and stored in reports.') options = DBVuln.get_all_languages() opt = opt_factory('vulndb_language', options, d, COMBO, help=h, tabid='Language') ol.add(opt) return ol