def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = '~/report.xml'
self._timeFormat = '%a %b %d %H:%M:%S %Y'
self._longTimestampString = str(
time.strftime(self._timeFormat, time.localtime()))
self._timestampString = str(int(time.time()))
# List with additional xml elements
self._errorXML = []
# xml
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement("w3afrun")
self._topElement.setAttribute("start", self._timestampString)
self._topElement.setAttribute("startstr", self._longTimestampString)
self._topElement.setAttribute("xmloutputversion", "2.0")
# Add in the version details
version_element = self._xmldoc.createElement("w3af-version")
version_data = self._xmldoc.createTextNode(
str(get_w3af_version.get_w3af_version()))
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scanInfo = self._xmldoc.createElement("scaninfo")
# HistoryItem to get requests/responses
self._history = HistoryItem()
def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = '~/report.xml'
self._timestamp = str(int(time.time()))
self._long_timestamp = str(time.strftime(TIME_FORMAT, time.localtime()))
# List with additional xml elements
self._errorXML = []
# xml root
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement('w3af-run')
self._topElement.setAttribute('start', self._timestamp)
self._topElement.setAttribute('start-long', self._long_timestamp)
self._topElement.setAttribute('version', self.XML_OUTPUT_VERSION)
# Add in the version details
version_element = self._xmldoc.createElement('w3af-version')
version = xml_str(get_w3af_version.get_w3af_version())
version_data = self._xmldoc.createTextNode(version)
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scaninfo = self._xmldoc.createElement('scan-info')
# HistoryItem to get requests/responses
self._history = HistoryItem()
def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = '~/report.xml'
self._timeFormat = '%a %b %d %H:%M:%S %Y'
self._longTimestampString = str(
time.strftime(self._timeFormat, time.localtime()))
self._timestampString = str(int(time.time()))
# List with additional xml elements
self._errorXML = []
# xml
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement("w3afrun")
self._topElement.setAttribute("start", self._timestampString)
self._topElement.setAttribute("startstr", self._longTimestampString)
self._topElement.setAttribute("xmloutputversion", "2.0")
# Add in the version details
version_element = self._xmldoc.createElement("w3af-version")
version_data = self._xmldoc.createTextNode(
str(get_w3af_version.get_w3af_version()))
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scanInfo = self._xmldoc.createElement("scaninfo")
# HistoryItem to get requests/responses
self._history = HistoryItem()
def __init__(self):
OutputPlugin.__init__(self)
# These attributes hold the file pointers
self._file = None
# User configured parameters
self._file_name = '~/report.xml'
self._timestamp = str(int(time.time()))
self._long_timestamp = str(time.strftime(TIME_FORMAT,
time.localtime()))
# List with additional xml elements
self._errorXML = []
# xml root
self._xmldoc = xml.dom.minidom.Document()
self._topElement = self._xmldoc.createElement('w3af-run')
self._topElement.setAttribute('start', self._timestamp)
self._topElement.setAttribute('start-long', self._long_timestamp)
self._topElement.setAttribute('version', self.XML_OUTPUT_VERSION)
# Add in the version details
version_element = self._xmldoc.createElement('w3af-version')
version = xml_str(get_w3af_version.get_w3af_version())
version_data = self._xmldoc.createTextNode(version)
version_element.appendChild(version_data)
self._topElement.appendChild(version_element)
self._scaninfo = self._xmldoc.createElement('scan-info')
# HistoryItem to get requests/responses
self._history = HistoryItem()
def get_versions():
try:
import gtk
except ImportError:
gtk_version = 'No GTK module installed'
pygtk_version = 'No GTK module installed'
else:
gtk_version = '.'.join(str(x) for x in gtk.gtk_version)
pygtk_version = '.'.join(str(x) for x in gtk.pygtk_version)
# String containing the versions for python, gtk and pygtk
versions = (' Python version: %s\n'
' Platform: %s\n'
' GTK version: %s\n'
' PyGTK version: %s\n'
' w3af version:\n %s')
w3af_version = '\n '.join(get_w3af_version().split('\n'))
versions = versions % (sys.version.replace('\n', ''),
get_platform_dist(),
gtk_version,
pygtk_version,
w3af_version)
return versions
def get_versions():
try:
import gtk
except ImportError:
gtk_version = 'No GTK module installed'
pygtk_version = 'No GTK module installed'
else:
gtk_version = '.'.join(str(x) for x in gtk.gtk_version)
pygtk_version = '.'.join(str(x) for x in gtk.pygtk_version)
# String containing the versions for python, gtk and pygtk
versions = (' Python version: %s\n'
' Platform: %s\n'
' GTK version: %s\n'
' PyGTK version: %s\n'
' w3af version:\n %s')
w3af_version = '\n '.join(get_w3af_version().split('\n'))
versions = versions % (sys.version.replace('\n', ''),
get_platform_dist(),
gtk_version,
pygtk_version,
w3af_version)
return versions
def _create_root_xml_elems(self):
# XML root
self._xml = xml.dom.minidom.Document()
# The scan tag, with all vulnerabilities as child
self._top_elem = self._xml.createElement('w3af-run')
self._top_elem.setAttribute('start', self._timestamp)
self._top_elem.setAttribute('start-long', self._long_timestamp)
self._top_elem.setAttribute('version', self.XML_OUTPUT_VERSION)
# Add in the version details
version_element = self._xml.createElement('w3af-version')
version = xml_str(get_w3af_version.get_w3af_version())
version_data = self._xml.createTextNode(version)
version_element.appendChild(version_data)
self._top_elem.appendChild(version_element)
def _create_root_xml_elems(self):
# XML root
self._xml = xml.dom.minidom.Document()
# The scan tag, with all vulnerabilities as child
self._top_elem = self._xml.createElement('w3af-run')
self._top_elem.setAttribute('start', self._timestamp)
self._top_elem.setAttribute('start-long', self._long_timestamp)
self._top_elem.setAttribute('version', self.XML_OUTPUT_VERSION)
# Add in the version details
version_element = self._xml.createElement('w3af-version')
version = xml_str(get_w3af_version.get_w3af_version())
version_data = self._xml.createTextNode(version)
version_element.appendChild(version_data)
self._top_elem.appendChild(version_element)
def get_versions():
try:
import gtk
except ImportError:
gtk_version = "No GTK module installed"
pygtk_version = "No GTK module installed"
else:
gtk_version = ".".join(str(x) for x in gtk.gtk_version)
pygtk_version = ".".join(str(x) for x in gtk.pygtk_version)
# String containing the versions for python, gtk and pygtk
versions = " Python version: %s\n" " GTK version: %s\n" " PyGTK version: %s\n" " w3af version:\n %s"
w3af_version = "\n ".join(get_w3af_version().split("\n"))
versions = versions % (sys.version.replace("\n", ""), gtk_version, pygtk_version, w3af_version)
return versions
def _cmd_version(self, params):
"""
Show the w3af version and exit
"""
om.out.console(get_w3af_version())
def _add_root_info_to_context(self, context):
context.start_timestamp = self._timestamp
context.start_time_long = self._long_timestamp
context.xml_version = self.XML_OUTPUT_VERSION
context.w3af_version = get_w3af_version.get_w3af_version()
def _cmd_version(self, params):
"""
Show the w3af version and exit
"""
om.out.console(get_w3af_version())
def test_trivial(self):
self.assertIn(get_minimalistic_version(), get_w3af_version())
"POST data": base64.b64encode(info.get_mutant().get_data()),
"Vulnerability IDs": info.get_id(),
"CWE IDs": getattr(info, "cwe_ids", []),
"WASC IDs": getattr(info, "wasc_ids", []),
"Tags": getattr(info, "tags", []),
"VulnDB ID": info.get_vulndb_id(),
"Description": info.get_desc()}
items.append(item)
except Exception, e:
msg = ('An exception was raised while trying to write the '
' vulnerabilities to the output file. Exception: "%s"')
om.out.error(msg % e)
output_handler.close()
return
res = {'w3af-version': get_w3af_version.get_w3af_version(),
'scan-info': {'target_urls': target_urls,
'target_domain': target_domain,
'enabled_plugins': enabled_plugins,
'findings': findings,
'known_urls': known_urls},
'start': self._timestamp,
'start-long': self._long_timestamp,
'items': items}
json.dump(res, output_handler, indent=4)
output_handler.close()
def get_long_desc(self):
"""
class json_file(OutputPlugin):
"""
Export identified vulnerabilities to a JSON file.
:author: jose nazario ([email protected])
"""
def __init__(self):
OutputPlugin.__init__(self)
self.output_file = '~/output-w3af.json'
self._timestamp = str(int(time.time()))
self._long_timestamp = str(time.strftime(TIME_FORMAT,
time.localtime()))
# Set defaults for scan metadata
self._plugins_dict = {}
self._options_dict = {}
self._enabled_plugins = {}
def do_nothing(self, *args, **kwargs):
pass
debug = log_http = vulnerability = do_nothing
information = error = console = do_nothing
def end(self):
self.flush()
def log_enabled_plugins(self, plugins_dict, options_dict):
"""
This method is called from the output manager object. This method
should take an action for the enabled plugins and their configuration.
Usually, write the info to a file or print it somewhere.
:param plugins_dict: A dict with all the plugin types and the
enabled plugins for that type of plugin.
:param options_dict: A dict with the options for every plugin.
"""
# TODO: Improve so it contains the plugin configuration too
for plugin_type, enabled in plugins_dict.iteritems():
self._enabled_plugins[plugin_type] = enabled
def flush(self):
"""
Exports the vulnerabilities and information to the user configured
file.
"""
self.output_file = os.path.expanduser(self.output_file)
try:
output_handler = file(self.output_file, 'wb')
except IOError, ioe:
msg = 'Failed to open the output file for writing: "%s"'
om.out.error(msg % ioe)
return
target_urls = [t.url_string for t in cf.cf.get('targets')]
target_domain = 'unknown'
if cf.cf.get('target_domains'):
target_domain = cf.cf.get('target_domains')[0]
enabled_plugins = self._enabled_plugins
def _get_desc(x):
try:
return x._desc
except AttributeError:
return None
findings = filter(
None, [_get_desc(x) for x in kb.kb.get_all_findings_iter()])
known_urls = [str(x) for x in kb.kb.get_all_known_urls()]
items = []
for info in kb.kb.get_all_findings_iter():
try:
item = {
"Severity": info.get_severity(),
"Name": info.get_name(),
"HTTP method": info.get_method(),
"URL": str(info.get_url()),
"Vulnerable parameter": info.get_token_name(),
"POST data":
base64.b64encode(info.get_mutant().get_data()),
"Vulnerability IDs": info.get_id(),
"CWE IDs": getattr(info, "cwe_ids", []),
"WASC IDs": getattr(info, "wasc_ids", []),
"Tags": getattr(info, "tags", []),
"VulnDB ID": info.get_vulndb_id(),
"Description": info.get_desc()
}
items.append(item)
except Exception as e:
msg = ('An exception was raised while trying to write the '
' vulnerabilities to the output file. Exception: "%s"')
om.out.error(msg % e)
output_handler.close()
return
res = {
'w3af-version': get_w3af_version.get_w3af_version(),
'scan-info': {
'target_urls': target_urls,
'target_domain': target_domain,
'enabled_plugins': enabled_plugins,
'findings': findings,
'known_urls': known_urls
},
'start': self._timestamp,
'start-long': self._long_timestamp,
'items': items
}
json.dump(res, output_handler, indent=4)
output_handler.close()
def _add_root_info_to_context(self, context):
context.start_timestamp = self._timestamp
context.start_time_long = self._long_timestamp
context.xml_version = self.XML_OUTPUT_VERSION
context.w3af_version = get_w3af_version.get_w3af_version()
"POST data": base64.b64encode(info.get_mutant().get_data()),
"Vulnerability IDs": info.get_id(),
"CWE IDs": getattr(info, "cwe_ids", []),
"WASC IDs": getattr(info, "wasc_ids", []),
"Tags": getattr(info, "tags", []),
"VulnDB ID": info.get_vulndb_id(),
"Description": info.get_desc()}
items.append(item)
except Exception, e:
msg = ('An exception was raised while trying to write the '
' vulnerabilities to the output file. Exception: "%s"')
om.out.error(msg % e)
output_handler.close()
return
res = {'w3af-version': get_w3af_version.get_w3af_version(),
'scan-info': {'target_urls': target_urls,
'target_domain': target_domain,
'enabled_plugins': enabled_plugins,
'findings': findings,
'known_urls': known_urls},
'start': self._timestamp,
'start-long': self._long_timestamp,
'items': items}
json.dump(res, output_handler, indent=4)
output_handler.close()
def get_long_desc(self):
"""