def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web application \
when doing remote file inclusions. This setting configures where the webserver\
is going to listen for requests.'
o = opt_factory('listen_address',
self._listen_address,
d,
STRING,
help=h)
ol.add(o)
d = 'TCP port that the webserver will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, PORT)
ol.add(o)
d = 'Use w3af site to test for remote file inclusion'
h = 'The plugin can use the w3af site to test for remote file inclusions, which is\
convenient when you are performing a test behind a NAT firewall.'
o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app'\
' when doing remote file inclusions. This setting configures on'\
' what IP address the webserver is going to listen.'
o = opt_factory('listen_address',
self._listen_address,
d,
'ip',
help=h)
ol.add(o)
d = 'Port that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app'\
' when doing remote file inclusions. This setting configures on'\
' what IP address the webserver is going to listen.'
o = opt_factory('listen_port', self._listen_port, d, 'port', help=h)
ol.add(o)
d = 'Instead of including a file in a local webserver; include the '\
' result of exploiting a XSS bug within the same target site.'
o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
targets = ','.join(str(tar) for tar in cf.cf.get('targets'))
d = 'A comma separated list of URLs'
o = opt_factory('target', targets, d, 'url_list')
ol.add(o)
d = 'Target operating system (' + '/'.join(
self._operating_systems) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmp_list = self._operating_systems[:]
tmp_list.remove(cf.cf.get('target_os'))
tmp_list.insert(0, cf.cf.get('target_os'))
o = opt_factory('target_os', tmp_list, d, 'combo', help=h)
ol.add(o)
d = 'Target programming framework (' + '/'.join(
self._programming_frameworks) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done because the default value is the one
# in the first position on the list
tmp_list = self._programming_frameworks[:]
tmp_list.remove(cf.cf.get('target_framework'))
tmp_list.insert(0, cf.cf.get('target_framework'))
o = opt_factory('target_framework', tmp_list, d, 'combo', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = "IP address that the webserver will use to receive requests"
h = (
"w3af runs a webserver to serve the files to the target web app"
" when doing remote file inclusions. This setting configures on"
" what IP address the webserver is going to listen."
)
o = opt_factory("listen_address", self._listen_address, d, "ip", help=h)
ol.add(o)
d = "Port that the webserver will use to receive requests"
h = (
"w3af runs a webserver to serve the files to the target web app"
" when doing remote file inclusions. This setting configures on"
" what IP address the webserver is going to listen."
)
o = opt_factory("listen_port", self._listen_port, d, "port", help=h)
ol.add(o)
d = (
"Instead of including a file in a local webserver; include the "
" result of exploiting a XSS bug within the same target site."
)
o = opt_factory("use_xss_bug", self._use_XSS_vuln, d, "boolean")
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'When comparing, also compare the content of files.'
o = opt_factory('content', self._content, d, BOOL)
ol.add(o)
d = 'The local directory used in the comparison.'
o = opt_factory('local_dir', self._local_dir, d, STRING)
ol.add(o)
d = 'The remote directory used in the comparison.'
o = opt_factory('remote_url_path', self._remote_url_path, d,
URL_OPTION_TYPE)
ol.add(o)
d = 'When comparing content of two files, ignore files with these'\
'extensions.'
o = opt_factory('banned_ext', self._ban_url, d, LIST)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
targets = ','.join(str(tar) for tar in cf.cf.get('targets'))
d = 'A comma separated list of URLs'
o = opt_factory('target', targets, d, 'url_list')
ol.add(o)
d = 'Target operating system (' + '/'.join(
self._operating_systems) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmp_list = self._operating_systems[:]
tmp_list.remove(cf.cf.get('target_os'))
tmp_list.insert(0, cf.cf.get('target_os'))
o = opt_factory('target_os', tmp_list, d, 'combo', help=h)
ol.add(o)
d = 'Target programming framework (' + '/'.join(
self._programming_frameworks) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done because the default value is the one
# in the first position on the list
tmp_list = self._programming_frameworks[:]
tmp_list.remove(cf.cf.get('target_framework'))
tmp_list.insert(0, cf.cf.get('target_framework'))
o = opt_factory('target_framework', tmp_list, d, 'combo', help=h)
ol.add(o)
return ol
def test_invalid_data(self):
input_file = os.path.join(
'core', 'data', 'foobar', 'does-not-exist.txt')
output_file = input_file
data = {BOOL: ['rucula'],
INT: ['0x32',],
FLOAT: ['1x2',],
URL: ['http://', '/', ''],
URL_LIST: ['http://moth/1 , http://moth:333333',],
IPPORT: ['127.0.0.1',],
IP: ['127.0.0.', '127.0.0', '3847398740'],
REGEX: ['.*(',],
INPUT_FILE: [input_file,],
OUTPUT_FILE: [output_file,],
PORT: ['65536',]
}
for _type in data:
for fake_value in data[_type]:
err = '%s for an option of type %s should raise an exception.'
try:
opt_factory('name', fake_value, 'desc', _type)
except w3afException:
self.assertTrue(True)
else:
self.assertTrue(False, err % (fake_value, _type))
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app'\
' when doing remote file inclusions. This setting configures on'\
' what IP address the webserver is going to listen.'
o = opt_factory('listen_address', self._listen_address, d, 'ip', help=h)
ol.add(o)
d = 'Port that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app'\
' when doing remote file inclusions. This setting configures on'\
' what IP address the webserver is going to listen.'
o = opt_factory('listen_port', self._listen_port, d, 'port', help=h)
ol.add(o)
d = 'Instead of including a file in a local webserver; include the '\
' result of exploiting a XSS bug within the same target site.'
o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Wordlist to use in directory bruteforcing process.'
o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE)
ol.add(o)
d = 'Wordlist to use in file bruteforcing process.'
o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE)
ol.add(o)
d = 'If set to True, this plugin will bruteforce directories.'
o = opt_factory('bf_directories', self._bf_directories, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce files.'
o = opt_factory('bf_files', self._bf_files, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce all directories, not'\
' only the root directory.'
h = 'WARNING: Enabling this will make the plugin send tens of thousands'\
' of requests.'
o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web application \
when doing remote file inclusions. This setting configures where the webserver\
is going to listen for requests.'
o = opt_factory(
'listen_address', self._listen_address, d, STRING, help=h)
ol.add(o)
d = 'TCP port that the webserver will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, PORT)
ol.add(o)
d = 'Use w3af site to test for remote file inclusion'
h = 'The plugin can use the w3af site to test for remote file inclusions, which is\
convenient when you are performing a test behind a NAT firewall.'
o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
opt_list = OptionList()
desc = 'Use time delay (sleep() technique)'
_help = 'If set to True, w3af will checks insecure eval() usage by' \
' analyzing of time delay result of script execution.'
opt = opt_factory('use_time_delay',
self._use_time_delay,
desc,
'boolean',
help=_help)
opt_list.add(opt)
desc = 'Use echo technique'
_help = 'If set to True, w3af will checks insecure eval() usage by' \
' grepping result of script execution for test strings.'
opt = opt_factory('use_echo',
self._use_echo,
desc,
'boolean',
help=_help)
opt_list.add(opt)
return opt_list
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'When comparing, also compare the content of files.'
o = opt_factory('content', self._content, d, BOOL)
ol.add(o)
d = 'The local directory used in the comparison.'
o = opt_factory('local_dir', self._local_dir, d, STRING)
ol.add(o)
d = 'The remote directory used in the comparison.'
o = opt_factory(
'remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE)
ol.add(o)
d = 'When comparing content of two files, ignore files with these'\
'extensions.'
o = opt_factory('banned_ext', self._ban_url, d, LIST)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Stream edition expressions'
h = ('Stream edition expressions are strings that tell the sed plugin'
' which transformations to apply to the HTTP requests and'
' responses. The sed plugin uses regular expressions, some'
' examples:\n'
'\n'
' - qh/User/NotLuser/\n'
' This will make sed search in the the re[q]uest [h]eader'
' for the string User and replace it with NotLuser.\n'
'\n'
' - sb/[fF]orm/form\n'
' This will make sed search in the re[s]ponse [b]ody for'\
' the strings form or Form and replace it with form.\n'
'\n'
'Multiple expressions can be specified separated by commas.')
o = opt_factory('expressions', self._expressions, d, 'list', help=h)
ol.add(o)
d = 'Fix the content length header after mangling'
o = opt_factory('fix_content_len', self._user_option_fix_content_len,
d, 'boolean')
ol.add(o)
return ol
def get_options(self):
ol = super(LocalFileReadTemplate, self).get_options()
d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)'
o = opt_factory('payload', self.payload, d, 'string')
ol.add(o)
d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)'
o = opt_factory('file_pattern', self.file_pattern, d, 'string')
ol.add(o)
return ol
def get_options(self):
ol = super(LocalFileReadTemplate, self).get_options()
d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)'
o = opt_factory('payload', self.payload, d, 'string')
ol.add(o)
d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)'
o = opt_factory('file_pattern', self.file_pattern, d, 'string')
ol.add(o)
return ol
def get_options(self):
opt_lst = super(FileUploadTemplate, self).get_options()
d = 'Comma separated list of variable names of type "file"'
o = opt_factory('file_vars', self.file_vars, d, 'list')
opt_lst.add(o)
d = 'URL for the directory where the file is stored on the remote'\
' server after the POST that uploads it.'
o = opt_factory('file_dest', self.file_dest, d, 'url')
opt_lst.add(o)
return opt_lst
def get_options(self):
opt_lst = super(FileUploadTemplate, self).get_options()
d = 'Comma separated list of variable names of type "file"'
o = opt_factory('file_vars', self.file_vars, d, 'list')
opt_lst.add(o)
d = 'URL for the directory where the file is stored on the remote'\
' server after the POST that uploads it.'
o = opt_factory('file_dest', self.file_dest, d, 'url')
opt_lst.add(o)
return opt_lst
def get_options(self):
ol = super(OSCommandingTemplate, self).get_options()
d = 'Command separator used for injecting commands. Usually one of'\
'&, |, &&, || or ; .'
o = opt_factory('separator', self.separator, d, 'string')
ol.add(o)
d = 'Remote operating system (linux or windows).'
o = opt_factory('operating_system', self.operating_system, d, 'string')
ol.add(o)
return ol
def get_options(self):
ol = super(OSCommandingTemplate, self).get_options()
d = 'Command separator used for injecting commands. Usually one of'\
'&, |, &&, || or ; .'
o = opt_factory('separator', self.separator, d, 'string')
ol.add(o)
d = 'Remote operating system (linux or windows).'
o = opt_factory('operating_system', self.operating_system, d, 'string')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d1 = 'Destination http port number to analize'
o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2)
ol.add(o2)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d1 = 'Destination http port number to analize'
o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2)
ol.add(o2)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'IP address that the spider_man proxy will use to receive requests'
o = opt_factory('listen_address', self._listen_address, d, 'string')
ol.add(o)
d = 'Port that the spider_man HTTP proxy server will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, 'integer')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
d1 = 'Try to identify the remote operating system based on the remote users'
o1 = opt_factory('identify_os', self._identify_OS, d1, 'boolean')
d2 = 'Try to identify applications installed remotely using the available users'
o2 = opt_factory('identify_apps',
self._identify_applications, d2, 'boolean')
ol = OptionList()
ol.add(o1)
ol.add(o2)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Wordlist to use in the manifest file name bruteforcing process.'
o = opt_factory('wordlist', self._wordlist, d, 'string')
ol.add(o)
d = 'File extensions to use when brute forcing Gears Manifest files'
o = opt_factory('manifestExtensions', self._extensions, d, 'list')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Wordlist to use in the manifest file name bruteforcing process.'
o = opt_factory('wordlist', self._wordlist, d, 'string')
ol.add(o)
d = 'File extensions to use when brute forcing Gears Manifest files'
o = opt_factory('manifestExtensions', self._extensions, d, 'list')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = "IP address that the spider_man proxy will use to receive requests"
o = opt_factory("listen_address", self._listen_address, d, "string")
ol.add(o)
d = "Port that the spider_man HTTP proxy server will use to receive requests"
o = opt_factory("listen_port", self._listen_port, d, "integer")
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE)
ol.add(o)
d = 'True if debug information will be appended to the report.'
o = opt_factory('verbose', self._verbose, d, 'boolean')
ol.add(o)
return ol
def create_target_option_list(*target):
opts = OptionList()
opt = opt_factory('target', '', '', URL_LIST)
opt.set_value(','.join([u.url_string for u in target]))
opts.add(opt)
opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo')
opts.add(opt)
opt = opt_factory('target_framework',
('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp',
'cfm', 'ruby', 'perl'), '', 'combo')
opts.add(opt)
return opts
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field, 'string',
'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field, 'string',
'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using a POST'
' request'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
options = [
('username', self.username, 'string',
'Username for using in the authentication'),
('password', self.password, 'string',
'Password for using in the authentication'),
('username_field', self.username_field,
'string', 'Username HTML field name'),
('password_field', self.password_field,
'string', 'Password HTML field name'),
('data_format', self.data_format, 'string',
'The format for the POST-data or query string'),
('auth_url', self.auth_url, 'url',
'Auth URL - URL for POSTing the authentication information'),
('method', self.method, 'string', 'The HTTP method to use'),
('check_url', self.check_url, 'url',
'Check session URL - URL in which response body check_string will be searched'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if user\
is logged in the web application'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2]))
return ol
def test_factory_already_converted_type(self):
data = {BOOL: (True, True),
INT: (1, 1),
FLOAT: (1.0, 1.0),
STRING: ('hello world', 'hello world'),
URL: (URL_KLASS('http://moth/'), URL_KLASS('http://moth/')),
URL_LIST: ([URL_KLASS('http://moth/1'),
URL_KLASS('http://moth/2')],
[URL_KLASS('http://moth/1'),
URL_KLASS('http://moth/2')]),
LIST: (['a', 'b', 'c'], ['a', 'b', 'c']),
PORT: (12345, 12345)
}
for _type, (user_value, parsed_value) in data.iteritems():
opt = opt_factory('name', user_value, 'desc', _type)
self.assertEqual(opt.get_name(), 'name')
self.assertEqual(opt.get_desc(), 'desc')
self.assertEqual(opt.get_type(), _type)
self.assertEqual(opt.get_default_value(), parsed_value)
self.assertEqual(opt.get_value(), parsed_value)
self.assertIsInstance(opt.get_name(), basestring)
self.assertIsInstance(opt.get_desc(), basestring)
self.assertIsInstance(opt.get_type(), basestring)
self.assertIsInstance(opt.get_help(), basestring)
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field,
'string', 'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field,
'string', 'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using a POST'
' request'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def _initFilterBox(self, mainvbox):
"""Init advanced search options."""
self._advSearchBox = gtk.HBox()
self._advSearchBox.set_spacing(self._padding)
self.pref = FilterOptions(self)
# Filter options
self._filterMethods = [
('GET', 'GET', False),
('POST', 'POST', False),
]
filterMethods = OptionList()
for method in self._filterMethods:
filterMethods.add(
opt_factory(method[0], method[2], method[1], "boolean"))
self.pref.add_section('methods', _('Request Method'), filterMethods)
filterId = OptionList()
filterId.add(opt_factory("min", "0", "Min ID", "string"))
filterId.add(opt_factory("max", "0", "Max ID", "string"))
self.pref.add_section('trans_id', _('Transaction ID'), filterId)
filterCodes = OptionList()
codes = [
("1xx", "1xx", False),
("2xx", "2xx", False),
("3xx", "3xx", False),
("4xx", "4xx", False),
("5xx", "5xx", False),
]
for code in codes:
filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean"))
self.pref.add_section('codes', _('Response Code'), filterCodes)
filterMisc = OptionList()
filterMisc.add(opt_factory("tag", False, "Tag", "boolean"))
filterMisc.add(
opt_factory("has_qs", False, "Request has Query String",
"boolean"))
self.pref.add_section('misc', _('Misc'), filterMisc)
filterTypes = OptionList()
self._filterTypes = [
('html', 'HTML', False),
('javascript', 'JavaScript', False),
('image', 'Images', False),
('flash', 'Flash', False),
('css', 'CSS', False),
('text', 'Text', False),
]
for filterType in self._filterTypes:
filterTypes.add(
opt_factory(filterType[0], filterType[2], filterType[1],
"boolean"))
self.pref.add_section('types', _('Response Content Type'), filterTypes)
filterSize = OptionList()
filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean"))
self.pref.add_section('sizes', _('Response Size'), filterSize)
self.pref.show()
self._advSearchBox.pack_start(self.pref, False, False)
self._advSearchBox.hide_all()
mainvbox.pack_start(self._advSearchBox, False, False)
def _get_option_objects(self):
'''
:return: A list of options for this question.
'''
d1 = 'Target URL'
o1 = opt_factory('target', '', d1, 'url_list')
o2 = opt_factory('target_os', 'unknown', d1, 'string')
o3 = opt_factory('target_framework', 'unknown', d1, 'string')
ol = OptionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Fetch the first "result_limit" results from the bing search'
o = opt_factory('result_limit', self._result_limit, d, 'integer')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Define the CSV input file from which to create the fuzzable requests'
h = 'The input file is comma separated and holds the following data:'
h += ' HTTP-METHOD,URI,POSTDATA'
o = opt_factory('input_csv', self._input_csv, d, INPUT_FILE, help=h)
ol.add(o)
d = 'Define the Burp log file from which to create the fuzzable requests'
h = 'The input file needs to be in Burp format.'
o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h)
ol.add(o)
return ol
def get_options(self):
'''
In this case we provide a sample implementation since most vulnerabilities
will have this template. If the specific vulnerability needs other params
then it should override this implementation.
'''
ol = OptionList()
d = 'Vulnerability name (eg. %s)' % self.get_vulnerability_name()
o = opt_factory('name', self.name, d, 'string')
ol.add(o)
d = 'URL pointing to the path that is vulnerable to file uploads via'\
' misconfigured DAV module (HTTP PUT method).'
o = opt_factory('url', self.url, d, 'url')
ol.add(o)
return ol
def get_options(self):
'''
In this case we provide a sample implementation since most vulnerabilities
will have this template. If the specific vulnerability needs other params
then it should override this implementation.
'''
ol = OptionList()
d = 'Vulnerability name (eg. %s)' % self.get_vulnerability_name()
o = opt_factory('name', self.name, d, 'string')
ol.add(o)
d = 'URL pointing to the path that is vulnerable to file uploads via'\
' misconfigured DAV module (HTTP PUT method).'
o = opt_factory('url', self.url, d, 'url')
ol.add(o)
return ol
def create_target_option_list(*target):
opts = OptionList()
opt = opt_factory('target', '', '', URL_LIST)
opt.set_value(','.join([u.url_string for u in target]))
opts.add(opt)
opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo')
opts.add(opt)
opt = opt_factory('target_framework',
('unknown', 'php', 'asp', 'asp.net',
'java', 'jsp', 'cfm', 'ruby', 'perl'),
'', 'combo'
)
opts.add(opt)
return opts
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Fetch the first "result_limit" results from the bing search'
o = opt_factory('result_limit', self._result_limit, d, 'integer')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Define the CSV input file from which to create the fuzzable requests'
h = 'The input file is comma separated and holds the following data:'
h += ' HTTP-METHOD,URI,POSTDATA'
o = opt_factory('input_csv', self._input_csv, d, INPUT_FILE, help=h)
ol.add(o)
d = 'Define the Burp log file from which to create the fuzzable requests'
h = 'The input file needs to be in Burp format.'
o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h)
ol.add(o)
return ol
def test_invalid_data(self):
input_file = os.path.join('core', 'data', 'foobar',
'does-not-exist.txt')
output_file = input_file
data = {
BOOL: ['rucula'],
INT: [
'0x32',
],
FLOAT: [
'1x2',
],
URL: ['http://', '/', ''],
URL_LIST: [
'http://moth/1 , http://moth:333333',
],
IPPORT: [
'127.0.0.1',
],
IP: ['127.0.0.', '127.0.0', '3847398740'],
REGEX: [
'.*(',
],
INPUT_FILE: [
input_file,
],
OUTPUT_FILE: [
output_file,
],
PORT: [
'65536',
]
}
for _type in data:
for fake_value in data[_type]:
err = '%s for an option of type %s should raise an exception.'
try:
opt_factory('name', fake_value, 'desc', _type)
except w3afException:
self.assertTrue(True)
else:
self.assertTrue(False, err % (fake_value, _type))
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Fetch the first "result_limit" results from the Google search'
o = opt_factory('result_limit', self._result_limit, d, 'integer')
ol.add(o)
d = 'Do a fast search, when this feature is enabled, not all mail'\
' addresses are found'
h = 'This method is faster, because it only searches for emails in'\
' the small page snippet that google shows to the user after'\
' performing a common search.'
o = opt_factory('fast_search', self._fast_search, d, 'boolean', help=h)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
d1 = 'Wordlist to use in the file name bruteforcing process.'
o1 = opt_factory('wordlist', self._wordlist, d1, 'string')
ol = OptionList()
ol.add(o1)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Fetch the first "result_limit" results from the Google search'
o = opt_factory('result_limit', self._result_limit, d, 'integer')
ol.add(o)
d = 'Do a fast search, when this feature is enabled, not all mail'\
' addresses are found'
h = 'This method is faster, because it only searches for emails in'\
' the small page snippet that google shows to the user after'\
' performing a common search.'
o = opt_factory('fast_search', self._fast_search, d, 'boolean', help=h)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
h = 'It\'s safe to leave this option as the default.'
o = opt_factory('fuzzImages', self._fuzz_images, d, 'boolean', help=h)
ol.add(o)
d = 'Set the top number of sections to fuzz'
h = 'It\'s safe to leave this option as the default. For example, with maxDigitSections'
h += ' = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd.'
o = opt_factory('maxDigitSections',
self._max_digit_sections, d, 'integer', help=h)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d1 = 'Execute plugin only one time'
h1 = 'Generally the methods allowed for a URL are configured system'\
' wide, so executing this plugin only once is the faster choice.'\
' The most accurate choice is to run it against every URL.'
o = opt_factory('execOneTime', self._exec_one_time, d1,
'boolean', help=h1)
ol.add(o)
d2 = 'Only report findings if uncommon methods are found'
o = opt_factory('reportDavOnly', self._report_dav_only, d2, 'boolean')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
d1 = 'Wordlist to use in the file name bruteforcing process.'
o1 = opt_factory('wordlist', self._wordlist, d1, 'string')
ol = OptionList()
ol.add(o1)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Enables verbose output for the console'
o = opt_factory('verbose', self.verbose, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'Set minimal amount of days before expiration of the certificate'\
' for alerting'
h = 'If the certificate will expire in period of minExpireDays w3af'\
' will show an alert about it, which is useful for admins to'\
' remember to renew the certificate.'
o = opt_factory(
'minExpireDays', self._min_expire_days, d, 'integer', help=h)
ol.add(o)
d = 'CA PEM file path'
o = opt_factory('caFileName', self._ca_file, d, INPUT_FILE)
ol.add(o)
return ol
def get_options(self):
'''
:return: A list of option objects for this plugin.
'''
ol = OptionList()
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._file_name, d, OUTPUT_FILE)
ol.add(o)
return ol
