def run(PluginInfo):
title = "This plugin looks for server-side protection headers against Clickjacking" + \
"(TODO: Add rudimentary search for frame busting)<br/>"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_CLICKJACKING_PROTECTION')
return Content
def run(PluginInfo):
title = "This plugin looks for cookie setting headers (TODO: Check vuln scanners' output!)<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_COOKIES')
# TODO: Fix up
return Content
def run(PluginInfo):
# Background: http://jeremiahgrossman.blogspot.com/2010/01/to-disable-ie8s-xss-filter-or-not.html
title = "This plugin looks for server-side protection headers against XSS (TODO: Check vuln scanners' output!)<br/>"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_XSS_PROTECTION')
return Content
def run(PluginInfo):
urls = get_urls_to_visit()
for url in urls: # This will return only unvisited urls
requester.get_transaction(True, url) # Use cache if possible
Content = "{} URLs were visited".format(str(len(urls)))
logging.info(Content)
return plugin_helper.HtmlString(Content)
def run(PluginInfo):
title = "This plugin looks for server-side protection headers and tags against cache snooping<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_CACHE_PROTECTION')
Content += plugin_helper.FindResponseBodyMatchesForRegexpName(
'RESPONSE_REGEXP_FOR_CACHE_PROTECTION')
return Content
def run(PluginInfo):
Content = plugin_helper.HtmlString("Intended to show helpful info in the future")
return Content
def run(PluginInfo):
title = "This plugin looks for HTML 5 Cross Origin Resource Sharing (CORS) headers<br/>"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_CORS')
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_REGEXP_FOR_CORS_METHODS')
return Content
def run(PluginInfo):
title = "This plugin looks for password and form tags to review the autocomplete attribute<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseBodyMatchesForRegexpName(
'RESPONSE_REGEXP_FOR_AUTOCOMPLETE')
return Content
def run(PluginInfo):
title = "This plugin looks for server-side protection headers to enforce SSL<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName(
'HEADERS_FOR_SSL_PROTECTION')
return Content
def run(PluginInfo):
title = "This plugin looks for Robots meta tag and X-Robots-Tag HTTP header<br />"
Content = plugin_helper.HtmlString(title)
Content += plugin_helper.FindResponseHeaderMatchesForRegexpName('HEADERS_FOR_ROBOTS')
Content += plugin_helper.FindResponseBodyMatchesForRegexpName('RESPONSE_REGEXP_FOR_ROBOTS_META_TAG')
return Content
