def run(PluginInfo): title = "This plugin looks for server-side protection headers against Clickjacking" + \ "(TODO: Add rudimentary search for frame busting)<br/>" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName( 'HEADERS_FOR_CLICKJACKING_PROTECTION') return Content
def run(PluginInfo): title = "This plugin looks for cookie setting headers (TODO: Check vuln scanners' output!)<br />" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName( 'HEADERS_FOR_COOKIES') # TODO: Fix up return Content
def run(PluginInfo): # Background: http://jeremiahgrossman.blogspot.com/2010/01/to-disable-ie8s-xss-filter-or-not.html title = "This plugin looks for server-side protection headers against XSS (TODO: Check vuln scanners' output!)<br/>" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName( 'HEADERS_FOR_XSS_PROTECTION') return Content
def run(PluginInfo): urls = get_urls_to_visit() for url in urls: # This will return only unvisited urls requester.get_transaction(True, url) # Use cache if possible Content = "{} URLs were visited".format(str(len(urls))) logging.info(Content) return plugin_helper.HtmlString(Content)
def run(PluginInfo): title = "This plugin looks for server-side protection headers and tags against cache snooping<br />" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName( 'HEADERS_FOR_CACHE_PROTECTION') Content += plugin_helper.FindResponseBodyMatchesForRegexpName( 'RESPONSE_REGEXP_FOR_CACHE_PROTECTION') return Content
def run(PluginInfo): Content = plugin_helper.HtmlString("Intended to show helpful info in the future") return Content
def run(PluginInfo): title = "This plugin looks for HTML 5 Cross Origin Resource Sharing (CORS) headers<br/>" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_CORS') Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_REGEXP_FOR_CORS_METHODS') return Content
def run(PluginInfo): title = "This plugin looks for password and form tags to review the autocomplete attribute<br />" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseBodyMatchesForRegexpName( 'RESPONSE_REGEXP_FOR_AUTOCOMPLETE') return Content
def run(PluginInfo): title = "This plugin looks for server-side protection headers to enforce SSL<br />" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName( 'HEADERS_FOR_SSL_PROTECTION') return Content
def run(PluginInfo): title = "This plugin looks for Robots meta tag and X-Robots-Tag HTTP header<br />" Content = plugin_helper.HtmlString(title) Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_ROBOTS') Content += plugin_helper.FindResponseBodyMatchesForRegexpName('RESPONSE_REGEXP_FOR_ROBOTS_META_TAG') return Content