def _generate_ignores(self, response): """ Generate the list of strings we want to ignore as private IP addresses """ if self._ignore_if_match is None: self._ignore_if_match = set() requested_domain = response.get_url().get_domain() self._ignore_if_match.add(requested_domain) self._ignore_if_match.add(get_local_ip(requested_domain)) self._ignore_if_match.add(get_local_ip()) try: ip_address = socket.gethostbyname(requested_domain) except: pass else: self._ignore_if_match.add(ip_address)
def _generate_ignores(self, response): """ Generate the list of strings we want to ignore as private IP addresses """ if self._ignore_if_match is None: self._ignore_if_match = set() requested_domain = response.get_url().get_domain() self._ignore_if_match.add(requested_domain) self._ignore_if_match.add(get_local_ip(requested_domain)) self._ignore_if_match.add(get_local_ip()) try: ip_address = socket.gethostbyname(requested_domain) except: pass else: self._ignore_if_match.add(ip_address)
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._error_reported = False self._vulns = [] # User configured parameters self._listen_port = ports.REMOTEFILEINCLUDE self._listen_address = get_local_ip() or '' self._use_w3af_site = True
def __init__(self): AttackPlugin.__init__(self) # Internal variables self._xss_vuln = None self._exploit_mutant = None # User configured variables self._listen_port = ports.RFI_SHELL self._listen_address = get_local_ip() self._use_XSS_vuln = True
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._error_reported = False self._vulns = [] # User configured parameters self._listen_port = ports.REMOTEFILEINCLUDE self._listen_address = get_local_ip() or '' self._use_w3af_site = True
def __init__(self): AttackPlugin.__init__(self) # Internal variables self._xss_vuln = None self._exploit_mutant = None # User configured variables self._listen_port = ports.RFI_SHELL self._listen_address = get_local_ip() self._use_XSS_vuln = True
def set_default_values(self): """ Load all the default settings :return: None """ cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('path_max_variants', PATH_MAX_VARIANTS) cf.cf.save('params_max_variants', PARAMS_MAX_VARIANTS) cf.cf.save('max_equal_form_variants', MAX_EQUAL_FORM_VARIANTS) cf.cf.save('max_discovery_time', 120) cf.cf.save('max_scan_time', 240) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # The network interface configuration (for advanced exploits) # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('stop_on_first_exception', False) # Blacklists cf.cf.save('blacklist_http_request', []) cf.cf.save('blacklist_audit', []) # Form exclusion via IDs cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE) # Language to use when reading from vulndb cf.cf.save('vulndb_language', DBVuln.DEFAULT_LANG)
def set_default_values(self): """ Load all the default settings :return: None """ cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('path_max_variants', PATH_MAX_VARIANTS) cf.cf.save('params_max_variants', PARAMS_MAX_VARIANTS) cf.cf.save('max_equal_form_variants', MAX_EQUAL_FORM_VARIANTS) cf.cf.save('max_discovery_time', 120) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # The network interface configuration (for advanced exploits) # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('non_targets', []) cf.cf.save('stop_on_first_exception', False) # Form exclusion via IDs cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE) # Language to use when reading from vulndb cf.cf.save('vulndb_language', DBVuln.DEFAULT_LANG)
def get_net_iface(): """ This function is very OS dependant. :return: The interface name that is being used to connect to the net. """ # Get the IP address thats used to go to the Internet internet_ip = get_local_ip() # # I need to have a default in case everything else fails! # ifname = 'eth0' if os.name == "nt": # # TODO: Find out how to do this in Windows! # pass else: # # Linux # import fcntl import struct interfaces = [ "eth0", "eth1", "eth2", "wlan0", "wlan1", "wifi0", "ath0", "ath1", "ppp0" ] for ifname in interfaces: try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) interface_ip = socket.inet_ntoa( fcntl.ioctl( s.fileno(), 0x8915, # SIOCGIFADDR struct.pack('256s', ifname[:15]))[20:24]) except IOError: pass else: if internet_ip == interface_ip: break return ifname
def get_net_iface(): """ This function is very OS dependant. :return: The interface name that is being used to connect to the net. """ # Get the IP address thats used to go to the Internet internet_ip = get_local_ip() # # I need to have a default in case everything else fails! # ifname = 'eth0' if os.name == "nt": # # TODO: Find out how to do this in Windows! # pass else: # # Linux # import fcntl import struct interfaces = ["eth0", "eth1", "eth2", "wlan0", "wlan1", "wifi0", "ath0", "ath1", "ppp0"] for ifname in interfaces: try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) interface_ip = socket.inet_ntoa(fcntl.ioctl( s.fileno(), 0x8915, # SIOCGIFADDR struct.pack('256s', ifname[:15]) )[20:24]) except IOError: pass else: if internet_ip == interface_ip: break return ifname
def __init__(self): """ Set the defaults and save them to the config dict. """ # # User configured variables # if cf.cf.get('fuzz_cookies') is None: # It's the first time I'm run cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('max_discovery_time', 120) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('non_targets', []) cf.cf.save('stop_on_first_exception', False)
def __init__(self): """ Set the defaults and save them to the config dict. """ # # User configured variables # if cf.cf.get('fuzz_cookies') is None: # It's the first time I'm run cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('max_discovery_time', 120) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('non_targets', []) cf.cf.save('stop_on_first_exception', False)
def set_default_values(self): """ Load all the default settings :return: None """ cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('max_discovery_time', 120) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # The network interface configuration (for advanced exploits) # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('non_targets', []) cf.cf.save('stop_on_first_exception', False) # Form exclusion via IDs cf.cf.save('form_id_list', FormIDMatcherList('[]')) cf.cf.save('form_id_action', EXCLUDE)
def set_default_values(self): """ Load all the default settings :return: None """ cf.cf.save('fuzz_cookies', False) cf.cf.save('fuzz_form_files', True) cf.cf.save('fuzzed_files_extension', 'gif') cf.cf.save('fuzz_url_filenames', False) cf.cf.save('fuzz_url_parts', False) cf.cf.save('fuzzable_headers', []) cf.cf.save('form_fuzzing_mode', 'tmb') cf.cf.save('max_discovery_time', 120) cf.cf.save('msf_location', '/opt/metasploit3/bin/') # # The network interface configuration (for advanced exploits) # ifname = get_net_iface() cf.cf.save('interface', ifname) # # This doesn't send any packets, and gives you a nice default # setting. In most cases, it is the "public" IP address, which will # work perfectly in all plugins that need a reverse connection # (rfi_proxy) # local_address = get_local_ip() if not local_address: local_address = '127.0.0.1' # do'h! cf.cf.save('local_ip_address', local_address) cf.cf.save('non_targets', []) cf.cf.save('stop_on_first_exception', False) cf.cf.save('params_max_variants', 10) cf.cf.save('path_max_variants', 50)
self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings try: profile_misc_settings = profile_inst.get_misc_settings() except BaseFrameworkException, e: msg = ('Setting the framework misc-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # if 'local_ip_address' in profile_inst.get_misc_settings(): local_ip = get_local_ip() profile_misc_settings['local_ip_address'].set_value(local_ip) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) try: http_settings = profile_inst.get_http_settings() except BaseFrameworkException, e: msg = ('Setting the framework http-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: self._w3af_core.uri_opener.settings.set_options(http_settings) #
def use_profile(self, profile_name, workdir=None): """ Gets all the information from the profile and stores it in the w3af core plugins / target attributes for later use. :raise BaseFrameworkException: if the profile to load has some type of problem, or the plugins are incorrectly configured. """ # Clear all enabled plugins if profile_name is None if profile_name is None: self._w3af_core.plugins.zero_enabled_plugins() return # This might raise an exception (which we don't want to handle) when # the profile does not exist profile_inst = profile(profile_name, workdir) # It exists, work with it! # Set the target settings of the profile to the core self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # profile_misc_settings = profile_inst.get_misc_settings() if "local_ip_address" in profile_inst.get_misc_settings(): profile_misc_settings["local_ip_address"].set_value(get_local_ip()) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) self._w3af_core.uri_opener.settings.set_options(profile_inst.get_http_settings()) # # Handle plugin options # error_fmt = ( "The profile you are trying to load (%s) seems to be" " outdated, this is a common issue which happens when the" " framework is updated and one of its plugins adds/removes" " one of the configuration parameters referenced by a" " profile, or the plugin is removed all together.\n\n" "The profile was loaded but some of your settings might" " have been lost. This is the list of issues that were" " found:\n\n" " - %s\n" "\nWe recommend you review the specific plugin" " configurations, apply the required changes and save" " the profile in order to update it and avoid this" " message. If this warning does not disappear you can" " manually edit the profile file to fix it." ) error_messages = [] core_set_plugins = self._w3af_core.plugins.set_plugins for plugin_type in self._w3af_core.plugins.get_plugin_types(): plugin_names = profile_inst.get_enabled_plugins(plugin_type) # Handle errors that might have been triggered from a possibly # invalid profile try: unknown_plugins = core_set_plugins(plugin_names, plugin_type, raise_on_error=False) except KeyError: msg = 'The profile references the "%s" plugin type which is' " unknown to the w3af framework." error_messages.append(msg % plugin_type) continue for unknown_plugin in unknown_plugins: msg = 'The profile references the "%s.%s" plugin which is' " unknown in the current framework version." error_messages.append(msg % (plugin_type, unknown_plugin)) # Now we set the plugin options, which can also trigger errors with # "outdated" profiles that users could have in their ~/.w3af/ # directory. for plugin_name in set(plugin_names) - set(unknown_plugins): try: plugin_options = profile_inst.get_plugin_options(plugin_type, plugin_name) self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options) except BaseFrameworkException, w3e: msg = ( 'Setting the options for plugin "%s.%s" raised an' " exception due to unknown or invalid configuration" " parameters. %s" ) error_messages.append(msg % (plugin_type, plugin_name, w3e))
self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings try: profile_misc_settings = profile_inst.get_misc_settings() except BaseFrameworkException, e: msg = ('Setting the framework misc-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # if 'local_ip_address' in profile_inst.get_misc_settings(): local_ip = get_local_ip() profile_misc_settings['local_ip_address'].set_value(local_ip) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) try: http_settings = profile_inst.get_http_settings() except BaseFrameworkException, e: msg = ('Setting the framework http-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: self._w3af_core.uri_opener.settings.set_options(http_settings) #
def test_w3af_agent(self): result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),), use_api=True) self.assertEquals('Successfully started the w3afAgent.', result)
def use_profile(self, profile_name, workdir=None): """ Gets all the information from the profile and stores it in the w3af core plugins / target attributes for later use. @raise BaseFrameworkException: if the profile to load has some type of problem. """ # Clear all enabled plugins if profile_name is None if profile_name is None: self._w3af_core.plugins.zero_enabled_plugins() return # This might raise an exception (which we don't want to handle) when # the profile does not exist profile_inst = profile(profile_name, workdir) # It exists, work with it! # Set the target settings of the profile to the core self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # profile_misc_settings = profile_inst.get_misc_settings() if 'local_ip_address' in profile_inst.get_misc_settings(): profile_misc_settings['local_ip_address'].set_value(get_local_ip()) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) self._w3af_core.uri_opener.settings.set_options( profile_inst.get_http_settings()) # # Handle plugin options # error_fmt = ('The profile you are trying to load (%s) seems to be' ' outdated, this is a common issue which happens when the' ' framework is updated and one of its plugins adds/removes' ' one of the configuration parameters referenced by a profile' ', or the plugin is removed all together.\n\n' 'The profile was loaded but some of your settings might' ' have been lost. This is the list of issues that were found:\n\n' ' - %s\n' '\nWe recommend you review the specific plugin configurations,' ' apply the required changes and save the profile in order' ' to update it and avoid this message. If this warning does not' ' disappear you can manually edit the profile file to fix it.') error_messages = [] for plugin_type in self._w3af_core.plugins.get_plugin_types(): plugin_names = profile_inst.get_enabled_plugins(plugin_type) # Handle errors that might have been triggered from a possibly # invalid profile try: unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names, plugin_type, raise_on_error=False) except KeyError: msg = 'The profile references the "%s" plugin type which is'\ ' unknown to the w3af framework.' error_messages.append(msg % plugin_type) continue for unknown_plugin in unknown_plugins: msg = 'The profile references the "%s.%s" plugin which is unknown.' error_messages.append(msg % (plugin_type, unknown_plugin)) # Now we set the plugin options, which can also trigger errors with "outdated" # profiles that users could have in their ~/.w3af/ directory. for plugin_name in set(plugin_names) - set(unknown_plugins): try: plugin_options = profile_inst.get_plugin_options( plugin_type, plugin_name) self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options) except BaseFrameworkException, w3e: msg = 'Setting the options for plugin "%s.%s" raised an' \ ' exception due to unknown or invalid configuration' \ ' parameters.' msg += ' ' + str(w3e) error_messages.append(msg % (plugin_type, plugin_name))