def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'When comparing, also compare the content of files.' o = opt_factory('content', self._content, d, BOOL) ol.add(o) d = 'The local directory used in the comparison.' o = opt_factory('local_dir', self._local_dir, d, STRING) ol.add(o) d = 'The remote directory used in the comparison.' o = opt_factory('remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE) ol.add(o) d = 'When comparing content of two files, ignore files with these'\ 'extensions.' o = opt_factory('banned_ext', self._ban_url, d, LIST) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web'\ ' application when doing remote file inclusions. This setting'\ ' configures where the webserver is going to listen for requests.' o = opt_factory('listen_address', self._listen_address, d, STRING, help=h) ol.add(o) d = 'TCP port that the webserver will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, PORT) ol.add(o) d = 'Use w3af site to test for remote file inclusion' h = 'The plugin can use the w3af site to test for remote file'\ ' inclusions, which is convenient when you are performing a test'\ ' behind a NAT firewall.' o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Stream edition expressions' h = ('Stream edition expressions are strings that tell the sed plugin' ' which transformations to apply to the HTTP requests and' ' responses. The sed plugin uses regular expressions, some' ' examples:\n' '\n' ' - qh/User/NotLuser/\n' ' This will make sed search in the the re[q]uest [h]eader' ' for the string User and replace it with NotLuser.\n' '\n' ' - sb/[fF]orm/form\n' ' This will make sed search in the re[s]ponse [b]ody for'\ ' the strings form or Form and replace it with form.\n' '\n' 'Multiple expressions can be specified separated by commas.') o = opt_factory('expressions', self._expressions, d, 'list', help=h) ol.add(o) d = 'Fix the content length header after mangling' o = opt_factory('fix_content_len', self._user_option_fix_content_len, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'When crawling only follow links to paths inside the one given'\ ' as target.' o = opt_factory('only_forward', self._only_forward, d, BOOL) ol.add(o) d = 'When crawling only follow which that match this regular'\ ' expression. Please note that ignore_regex has precedence over'\ ' follow_regex.' o = opt_factory('follow_regex', self._follow_regex, d, REGEX) ol.add(o) d = 'When crawling, DO NOT follow links that match this regular'\ ' expression. Please note that ignore_regex has precedence over'\ ' follow_regex.' o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX) ol.add(o) d = 'fuzzy_ignore_factor 0-100 (100-minimal ignore, 0-maximum ignore)' o = opt_factory('fuzzy_ignore_factor', self._ignore_factor, d, INT) ol.add(o) d = 'maximum allowed count of requests' o = opt_factory('max_requests_count', self._max_requests_count, d, INT) ol.add(o) return ol
def test_invalid_data(self): input_file = os.path.join(ROOT_PATH, 'core', 'data', 'foobar', 'does-not-exist.txt') output_file = input_file data = {BOOL: ['rucula'], INT: ['0x32',], FLOAT: ['1x2',], URL: ['http://', '/', ''], URL_LIST: ['http://moth/1 , http://moth:333333',], IPPORT: ['127.0.0.1',], IP: ['127.0.0.', '127.0.0', '3847398740'], REGEX: ['.*(',], INPUT_FILE: [input_file,], OUTPUT_FILE: [output_file,], PORT: ['65536',] } for _type in data: for fake_value in data[_type]: err = '%s for an option of type %s should raise an exception.' try: opt_factory('name', fake_value, 'desc', _type) except BaseFrameworkException: self.assertTrue(True) else: self.assertTrue(False, err % (fake_value, _type))
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Only crawl links to paths inside the URL given as target.' o = opt_factory('only_forward', self._only_forward, d, BOOL) ol.add(o) d = ('Only crawl links that match this regular expression.' ' Note that ignore_regex has precedence over follow_regex.') o = opt_factory('follow_regex', self._follow_regex, d, REGEX) ol.add(o) d = ('DO NOT crawl links that match this regular expression.' ' Note that ignore_regex has precedence over follow_regex.') o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX) ol.add(o) d = 'DO NOT crawl links that use these extensions.' h = ('This configuration parameter is commonly used to ignore' ' static files such as zip, pdf, jpeg, etc. It is possible to' ' ignore these files using `ignore_regex`, but configuring' ' this parameter is easier and performs case insensitive' ' matching.') o = opt_factory('ignore_extensions', self._ignore_extensions, d, LIST, help=h) ol.add(o) return ol
def test_invalid_data(self): input_file = os.path.join(ROOT_PATH, "core", "data", "foobar", "does-not-exist.txt") output_file = input_file data = { BOOL: ["rucula"], INT: ["0x32"], POSITIVE_INT: ["-1"], FLOAT: ["1x2"], URL: ["http://", "/", ""], URL_LIST: ["http://moth/1 , http://moth:333333"], IPPORT: ["127.0.0.1"], IP: ["127.0.0.", "127.0.0", "3847398740"], REGEX: [".*("], INPUT_FILE: [input_file], OUTPUT_FILE: [output_file], PORT: ["65536"], } for _type in data: for fake_value in data[_type]: err = "%s for an option of type %s should raise an exception." try: opt_factory("name", fake_value, "desc", _type) except BaseFrameworkException: self.assertTrue(True) else: self.assertTrue(False, err % (fake_value, _type))
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() targets = ','.join(str(tar) for tar in cf.cf.get('targets')) d = 'A comma separated list of URLs' o = opt_factory('target', targets, d, 'url_list') ol.add(o) d = 'Target operating system (' + '/'.join( self._operating_systems) + ')' h = 'This setting is here to enhance w3af performance.' # This list "hack" has to be done because the default value is the one # in the first position on the list tmp_list = self._operating_systems[:] tmp_list.remove(cf.cf.get('target_os')) tmp_list.insert(0, cf.cf.get('target_os')) o = opt_factory('target_os', tmp_list, d, 'combo', help=h) ol.add(o) d = 'Target programming framework (' + '/'.join( self._programming_frameworks) + ')' h = 'This setting is here to enhance w3af performance.' # This list "hack" has to be done because the default value is the one # in the first position on the list tmp_list = self._programming_frameworks[:] tmp_list.remove(cf.cf.get('target_framework')) tmp_list.insert(0, cf.cf.get('target_framework')) o = opt_factory('target_framework', tmp_list, d, 'combo', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Wordlist to use in directory bruteforcing process.' o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE) ol.add(o) d = 'Wordlist to use in file bruteforcing process.' o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE) ol.add(o) d = 'If set to True, this plugin will bruteforce directories.' o = opt_factory('bf_directories', self._bf_directories, d, BOOL) ol.add(o) d = 'If set to True, this plugin will bruteforce files.' o = opt_factory('bf_files', self._bf_files, d, BOOL) ol.add(o) d = 'If set to True, this plugin will bruteforce all directories, not' \ ' only the root directory.' h = 'WARNING: Enabling this will make the plugin send tens of thousands' \ ' of requests.' o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h) ol.add(o) return ol
def test_invalid_data(self): input_file = os.path.join(ROOT_PATH, 'core', 'data', 'foobar', 'does-not-exist.txt') output_file = input_file data = {BOOL: ['rucula'], INT: ['0x32'], POSITIVE_INT: ['-1'], FLOAT: ['1x2'], URL: ['http://', '/', ''], URL_LIST: ['http://moth/1 , http://moth:333333'], IPPORT: ['127.0.0.1'], IP: ['127.0.0.', '127.0.0', '3847398740'], REGEX: ['.*('], INPUT_FILE: [input_file, '/', 'base64://'], OUTPUT_FILE: [output_file, '/'], PORT: ['65536'] } for _type in data: for fake_value in data[_type]: err = '%s for an option of type %s should raise an exception.' try: opt_factory('name', fake_value, 'desc', _type) except BaseFrameworkException: self.assertTrue(True) else: self.assertTrue(False, err % (fake_value, _type))
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app' \ ' when doing remote file inclusions. This setting configures on' \ ' what IP address the webserver is going to listen.' o = opt_factory('listen_address', self._listen_address, d, 'ip', help=h) ol.add(o) d = 'Port that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app' \ ' when doing remote file inclusions. This setting configures on' \ ' what IP address the webserver is going to listen.' o = opt_factory('listen_port', self._listen_port, d, 'port', help=h) ol.add(o) d = 'Instead of including a file in a local webserver; include the ' \ ' result of exploiting a XSS bug within the same target site.' o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ opt_list = OptionList() h1 = 'Two pages are considered equal if they match in more'\ ' than eq_limit.' h2 = 'Timeout between fuzzing requests' h3 = 'Perform a primary sql-injection check' opt = opt_factory('eq_limit', self._eq_limit, 'String equal ratio (0.0 to 1.0)', 'float', help=h1) opt_list.add(opt) opt = opt_factory('timeout', self._timeout, 'Requests timeout', 'float', help=h2) opt_list.add(opt) opt = opt_factory('is_carefully', self._is_carefully, 'Do a primary check?', 'boolean', help=h3) opt_list.add(opt) return opt_list
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Stream edition expressions' h = ('Stream edition expressions are strings that tell the sed plugin' ' which transformations to apply to the HTTP requests and' ' responses. The sed plugin uses regular expressions, some' ' examples:\n' '\n' ' - qh/User/NotLuser/\n' ' This will make sed search in the the re[q]uest [h]eader' ' for the string User and replace it with NotLuser.\n' '\n' ' - sb/[fF]orm/form\n' ' This will make sed search in the re[s]ponse [b]ody for'\ ' the strings form or Form and replace it with form.\n' '\n' 'Multiple expressions can be specified separated by commas.') o = opt_factory('expressions', self._expressions, d, 'list', help=h) ol.add(o) d = 'Fix the content length header after mangling' o = opt_factory('fix_content_len', self._user_option_fix_content_len, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web'\ ' application when doing remote file inclusions. This setting'\ ' configures where the webserver is going to listen for requests.' o = opt_factory('listen_address', self._listen_address, d, STRING, help=h) ol.add(o) d = 'TCP port that the webserver will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, PORT) ol.add(o) d = 'Use w3af site to test for remote file inclusion' h = 'The plugin can use the w3af site to test for remote file'\ ' inclusions, which is convenient when you are performing a test'\ ' behind a NAT firewall.' o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Wordlist to use in directory bruteforcing process.' o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE) ol.add(o) d = 'Wordlist to use in file bruteforcing process.' o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE) ol.add(o) d = 'If set to True, this plugin will bruteforce directories.' o = opt_factory('bf_directories', self._bf_directories, d, BOOL) ol.add(o) d = 'If set to True, this plugin will bruteforce files.' o = opt_factory('bf_files', self._bf_files, d, BOOL) ol.add(o) d = 'If set to True, this plugin will bruteforce all directories, not'\ ' only the root directory.' h = 'WARNING: Enabling this will make the plugin send tens of thousands'\ ' of requests.' o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'When comparing, also compare the content of files.' o = opt_factory('content', self._content, d, BOOL) ol.add(o) d = 'The local directory used in the comparison.' o = opt_factory('local_dir', self._local_dir, d, STRING) ol.add(o) d = 'The remote directory used in the comparison.' o = opt_factory( 'remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE) ol.add(o) d = 'When comparing content of two files, ignore files with these'\ 'extensions.' o = opt_factory('banned_ext', self._ban_url, d, LIST) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ opt_list = OptionList() desc = 'Use time delay (sleep() technique)' _help = 'If set to True, w3af will checks insecure eval() usage by' \ ' analyzing of time delay result of script execution.' opt = opt_factory('use_time_delay', self._use_time_delay, desc, 'boolean', help=_help) opt_list.add(opt) desc = 'Use echo technique' _help = 'If set to True, w3af will checks insecure eval() usage by' \ ' grepping result of script execution for test strings.' opt = opt_factory('use_echo', self._use_echo, desc, 'boolean', help=_help) opt_list.add(opt) return opt_list
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app'\ ' when doing remote file inclusions. This setting configures on'\ ' what IP address the webserver is going to listen.' o = opt_factory('listen_address', self._listen_address, d, 'ip', help=h) ol.add(o) d = 'Port that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app'\ ' when doing remote file inclusions. This setting configures on'\ ' what IP address the webserver is going to listen.' o = opt_factory('listen_port', self._listen_port, d, 'port', help=h) ol.add(o) d = 'Instead of including a file in a local webserver; include the '\ ' result of exploiting a XSS bug within the same target site.' o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean') ol.add(o) return ol
def get_options(self): ol = super(LocalFileReadTemplate, self).get_options() d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)' o = opt_factory('payload', self.payload, d, 'string') ol.add(o) d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)' o = opt_factory('file_pattern', self.file_pattern, d, 'string') ol.add(o) return ol
def get_options(self): ol = super(LocalFileReadTemplate, self).get_options() d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)' o = opt_factory('payload', self.payload, d, 'string') ol.add(o) d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)' o = opt_factory('file_pattern', self.file_pattern, d, 'string') ol.add(o) return ol
def get_options(self): ol = super(OSCommandingTemplate, self).get_options() d = 'Command separator used for injecting commands. Usually one of'\ '&, |, &&, || or ; .' o = opt_factory('separator', self.separator, d, 'string') ol.add(o) d = 'Remote operating system (linux or windows).' o = opt_factory('operating_system', self.operating_system, d, 'string') ol.add(o) return ol
def get_options(self): opt_lst = super(FileUploadTemplate, self).get_options() d = 'Comma separated list of variable names of type "file"' o = opt_factory('file_vars', self.file_vars, d, 'list') opt_lst.add(o) d = 'URL for the directory where the file is stored on the remote'\ ' server after the POST that uploads it.' o = opt_factory('file_dest', self.file_dest, d, 'url') opt_lst.add(o) return opt_lst
def get_options(self): opt_lst = super(FileUploadTemplate, self).get_options() d = 'Comma separated list of variable names of type "file"' o = opt_factory('file_vars', self.file_vars, d, 'list') opt_lst.add(o) d = 'URL for the directory where the file is stored on the remote'\ ' server after the POST that uploads it.' o = opt_factory('file_dest', self.file_dest, d, 'url') opt_lst.add(o) return opt_lst
def get_options(self): ol = super(OSCommandingTemplate, self).get_options() d = 'Command separator used for injecting commands. Usually one of'\ '&, |, &&, || or ; .' o = opt_factory('separator', self.separator, d, 'string') ol.add(o) d = 'Remote operating system (linux or windows).' o = opt_factory('operating_system', self.operating_system, d, 'string') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d1 = 'Destination http port number to analize' o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1) ol.add(o1) d2 = 'Destination httpS port number to analize' o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2) ol.add(o2) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d1 = 'Destination http port number to analize' o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1) ol.add(o1) d2 = 'Destination httpS port number to analize' o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2) ol.add(o2) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'File name where this plugin will write to' o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE) ol.add(o) d = 'True if debug information will be appended to the report.' o = opt_factory('verbose', self._verbose, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'File name where this plugin will write to' o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE) ol.add(o) d = 'True if debug information will be appended to the report.' o = opt_factory('verbose', self._verbose, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Wordlist to use in the manifest file name bruteforcing process.' o = opt_factory('wordlist', self._wordlist, d, 'string') ol.add(o) d = 'File extensions to use when brute forcing Gears Manifest files' o = opt_factory('manifestExtensions', self._extensions, d, 'list') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Enables verbose output for the console' o = opt_factory('verbose', self.verbose, d, BOOL) ol.add(o) d = 'Enable output coloring' o = opt_factory('use_colors', self.use_colors, d, BOOL) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Enables verbose output for the console' o = opt_factory('verbose', self.verbose, d, BOOL) ol.add(o) d = 'Enable output coloring' o = opt_factory('use_colors', self.use_colors, d, BOOL) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the spider_man proxy will use to receive requests' o = opt_factory('listen_address', self._listen_address, d, 'string') ol.add(o) d = 'Port that the spider_man HTTP proxy server will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, 'integer') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the spider_man proxy will use to receive requests' o = opt_factory('listen_address', self._listen_address, d, 'string') ol.add(o) d = 'Port that the spider_man HTTP proxy server will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, 'integer') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Wordlist to use in the manifest file name bruteforcing process.' o = opt_factory('wordlist', self._wordlist, d, 'string') ol.add(o) d = 'File extensions to use when brute forcing Gears Manifest files' o = opt_factory('manifestExtensions', self._extensions, d, 'list') ol.add(o) return ol
def test_root_path_variable_init(self): opt = opt_factory('name', self.SHORT_INPUT_FILE, 'desc', INPUT_FILE, 'help', 'tab1') self.assertEqual(opt.get_value_for_profile(), self.SHORT_INPUT_FILE) self.assertEqual(opt.get_value_str(), self.INPUT_FILE) self.assertEqual(opt._value, self.INPUT_FILE)
def get_options(self): """ :return: A list of option objects for this plugin. """ options = [ ('username', self.username, 'string', 'Username for using in the authentication process'), ('password', self.password, 'string', 'Password for using in the authentication process'), ('username_field', self.username_field, 'string', 'Username parameter name (ie. "uname" if the HTML looks' ' like <input type="text" name="uname">...)'), ('password_field', self.password_field, 'string', 'Password parameter name (ie. "pwd" if the HTML looks' ' like <input type="password" name="pwd">...)'), ('auth_url', self.auth_url, 'url', 'URL where the username and password will be sent using a POST' ' request'), ('check_url', self.check_url, 'url', 'URL used to verify if the session is still active by looking for' ' the check_string.'), ('check_string', self.check_string, 'string', 'String for searching on check_url page to determine if the' 'current session is active.'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3])) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Enable verbose output for syslog' o = opt_factory('verbose', self.verbose, d, BOOL) ol.add(o) d = 'String to be included in all syslog messages' h = 'Use this string to identify each individual scan in the log' o = opt_factory('scan_id', self.scan_id, d, STRING, help=h) ol.add(o) return ol
def test_no_duplicate_vuln_reports(self): # The xml_file plugin had a bug where vulnerabilities were written to # disk multiple times, this test makes sure I fixed that vulnerability # First we create one vulnerability in the KB self.kb.cleanup() desc = 'Just a test for the XML file output plugin.' v = Vuln('SQL injection', desc, severity.HIGH, 1, 'sqli') self.kb.append('sqli', 'sqli', v) self.assertEqual(len(self.kb.get_all_vulns()), 1) # Setup the plugin plugin_instance = xml_file() # Set the output file for the unittest ol = OptionList() d = 'Output file name where to write the XML data' o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE) ol.add(o) # Then we flush() twice to disk, this reproduced the issue plugin_instance.set_options(ol) plugin_instance.flush() plugin_instance.flush() plugin_instance.flush() # Now we parse the vulnerabilities from disk and confirm only one # is there file_vulns = self._from_xml_get_vulns(self.FILENAME) self.assertEqual(len(file_vulns), 1, file_vulns)
def test_factory_already_converted_type(self): data = {BOOL: (True, True), INT: (1, 1), FLOAT: (1.0, 1.0), STRING: ('hello world', 'hello world'), URL: (URL_KLASS('http://moth/'), URL_KLASS('http://moth/')), URL_LIST: ([URL_KLASS('http://moth/1'), URL_KLASS('http://moth/2')], [URL_KLASS('http://moth/1'), URL_KLASS('http://moth/2')]), LIST: (['a', 'b', 'c'], ['a', 'b', 'c']), PORT: (12345, 12345) } for _type, (user_value, parsed_value) in data.iteritems(): opt = opt_factory('name', user_value, 'desc', _type) self.assertEqual(opt.get_name(), 'name') self.assertEqual(opt.get_desc(), 'desc') self.assertEqual(opt.get_type(), _type) self.assertEqual(opt.get_default_value(), parsed_value) self.assertEqual(opt.get_value(), parsed_value) self.assertIsInstance(opt.get_name(), basestring) self.assertIsInstance(opt.get_desc(), basestring) self.assertIsInstance(opt.get_type(), basestring) self.assertIsInstance(opt.get_help(), basestring)
def create_target_option_list(*target): opts = OptionList() opt = opt_factory('target', '', '', URL_LIST) opt.set_value(','.join([u.url_string for u in target])) opts.add(opt) opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo') opts.add(opt) opt = opt_factory('target_framework', ('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp', 'cfm', 'ruby', 'perl'), '', 'combo') opts.add(opt) return opts
def test_root_path_variable_init(self): opt = opt_factory('name', self.SHORT_INPUT_FILE, 'desc', INPUT_FILE, 'help', 'tab1') self.assertEqual(opt.get_value_for_profile(), self.SHORT_INPUT_FILE) self.assertEqual(opt.get_value_str(), self.INPUT_FILE) self.assertEqual(opt._value, self.INPUT_FILE)
def test_no_duplicate_vuln_reports(self): # The xml_file plugin had a bug where vulnerabilities were written to # disk multiple times, this test makes sure I fixed that vulnerability # First we create one vulnerability in the KB self.kb.cleanup() desc = 'Just a test for the XML file output plugin.' v = Vuln('SQL injection', desc, severity.HIGH, 1, 'sqli') self.kb.append('sqli', 'sqli', v) self.assertEqual(len(self.kb.get_all_vulns()), 1) # Setup the plugin plugin_instance = xml_file() # Set the output file for the unittest ol = OptionList() d = 'Output file name where to write the XML data' o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE) ol.add(o) # Then we flush() twice to disk, this reproduced the issue plugin_instance.set_options(ol) plugin_instance.flush() plugin_instance.flush() plugin_instance.flush() # Now we parse the vulnerabilities from disk and confirm only one # is there file_vulns = self._from_xml_get_vulns(self.FILENAME) self.assertEqual(len(file_vulns), 1, file_vulns)
def get_options(self): """ :return: A list of option objects for this plugin. """ options = [ ('username', self.username, STRING, 'Username for the authentication process'), ('password', self.password, STRING, 'Password for the authentication process'), ('login_form_url', self.login_form_url, URL_OPT, 'The URL where the login form appears'), ('check_url', self.check_url, URL_OPT, 'URL used to verify if the session is active. The plugin sends' ' an HTTP GET request to this URL and asserts if `check_string`' ' is present.'), ('check_string', self.check_string, STRING, 'String to search in the `check_url` page to determine if the' ' session is active.'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3])) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ options = [ ('username', self.username, 'string', 'Username for using in the authentication process'), ('password', self.password, 'string', 'Password for using in the authentication process'), ('username_field', self.username_field, 'string', 'Username parameter name (ie. "uname" if the HTML looks' ' like <input type="text" name="uname">...)'), ('password_field', self.password_field, 'string', 'Password parameter name (ie. "pwd" if the HTML looks' ' like <input type="password" name="pwd">...)'), ('auth_url', self.auth_url, 'url', 'URL where the username and password will be sent using a POST' ' request'), ('check_url', self.check_url, 'url', 'URL used to verify if the session is still active by looking for' ' the check_string.'), ('check_string', self.check_string, 'string', 'String for searching on check_url page to determine if the' 'current session is active.'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3])) return ol
def test_factory_already_converted_type(self): data = { BOOL: (True, True), INT: (1, 1), FLOAT: (1.0, 1.0), STRING: ("hello world", "hello world"), URL: (URL_KLASS("http://moth/"), URL_KLASS("http://moth/")), URL_LIST: ( [URL_KLASS("http://moth/1"), URL_KLASS("http://moth/2")], [URL_KLASS("http://moth/1"), URL_KLASS("http://moth/2")], ), LIST: (["a", "b", "c"], ["a", "b", "c"]), PORT: (12345, 12345), } for _type, (user_value, parsed_value) in data.iteritems(): opt = opt_factory("name", user_value, "desc", _type) self.assertEqual(opt.get_name(), "name") self.assertEqual(opt.get_desc(), "desc") self.assertEqual(opt.get_type(), _type) self.assertEqual(opt.get_default_value(), parsed_value) self.assertEqual(opt.get_value(), parsed_value) self.assertIsInstance(opt.get_name(), basestring) self.assertIsInstance(opt.get_desc(), basestring) self.assertIsInstance(opt.get_type(), basestring) self.assertIsInstance(opt.get_help(), basestring)
def test_factory_already_converted_type(self): data = {BOOL: (True, True), INT: (1, 1), FLOAT: (1.0, 1.0), STRING: ('hello world', 'hello world'), URL: (URL_KLASS('http://moth/'), URL_KLASS('http://moth/')), URL_LIST: ([URL_KLASS('http://moth/1'), URL_KLASS('http://moth/2')], [URL_KLASS('http://moth/1'), URL_KLASS('http://moth/2')]), LIST: (['a', 'b', 'c'], ['a', 'b', 'c']), PORT: (12345, 12345) } for _type, (user_value, parsed_value) in data.iteritems(): opt = opt_factory('name', user_value, 'desc', _type) self.assertEqual(opt.get_name(), 'name') self.assertEqual(opt.get_desc(), 'desc') self.assertEqual(opt.get_type(), _type) self.assertEqual(opt.get_default_value(), parsed_value) self.assertEqual(opt.get_value(), parsed_value) self.assertIsInstance(opt.get_name(), basestring) self.assertIsInstance(opt.get_desc(), basestring) self.assertIsInstance(opt.get_type(), basestring) self.assertIsInstance(opt.get_help(), basestring)
def _initFilterBox(self, mainvbox): """Init advanced search options.""" self._advSearchBox = gtk.HBox() self._advSearchBox.set_spacing(self._padding) self.pref = FilterOptions(self) # Filter options self._filterMethods = [ ('GET', 'GET', False), ('POST', 'POST', False), ] filterMethods = OptionList() for method in self._filterMethods: filterMethods.add( opt_factory(method[0], method[2], method[1], "boolean")) self.pref.add_section('methods', _('Request Method'), filterMethods) filterId = OptionList() filterId.add(opt_factory("min", "0", "Min ID", "string")) filterId.add(opt_factory("max", "0", "Max ID", "string")) self.pref.add_section('trans_id', _('Transaction ID'), filterId) filterCodes = OptionList() codes = [ ("1xx", "1xx", False), ("2xx", "2xx", False), ("3xx", "3xx", False), ("4xx", "4xx", False), ("5xx", "5xx", False), ] for code in codes: filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean")) self.pref.add_section('codes', _('Response Code'), filterCodes) filterMisc = OptionList() filterMisc.add(opt_factory("tag", False, "Tag", "boolean")) filterMisc.add( opt_factory("has_qs", False, "Request has Query String", "boolean")) self.pref.add_section('misc', _('Misc'), filterMisc) filterTypes = OptionList() self._filterTypes = [ ('html', 'HTML', False), ('javascript', 'JavaScript', False), ('image', 'Images', False), ('flash', 'Flash', False), ('css', 'CSS', False), ('text', 'Text', False), ] for filterType in self._filterTypes: filterTypes.add( opt_factory(filterType[0], filterType[2], filterType[1], "boolean")) self.pref.add_section('types', _('Response Content Type'), filterTypes) filterSize = OptionList() filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean")) self.pref.add_section('sizes', _('Response Size'), filterSize) self.pref.show() self._advSearchBox.pack_start(self.pref, False, False) self._advSearchBox.hide_all() mainvbox.pack_start(self._advSearchBox, False, False)
def create_target_option_list(*target): opts = OptionList() opt = opt_factory('target', '', '', URL_LIST) opt.set_value(','.join([u.url_string for u in target])) opts.add(opt) opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo') opts.add(opt) opt = opt_factory('target_framework', ('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp', 'cfm', 'ruby', 'perl'), '', 'combo') opts.add(opt) return opts
def _get_option_objects(self): """ :return: A list of options for this question. """ d1 = 'Target URL' o1 = opt_factory('target', '', d1, 'url_list') o2 = opt_factory('target_os', 'unknown', d1, 'string') o3 = opt_factory('target_framework', 'unknown', d1, 'string') ol = OptionList() ol.add(o1) ol.add(o2) ol.add(o3) return ol
def test_empty_qs(self): value = '' opt = opt_factory('name', value, 'desc', QUERY_STRING, 'help', 'tab') self.assertEqual(opt.get_value_for_profile(), value) qs_instance = opt.get_value() self.assertEqual(len(qs_instance), 0)
def test_empty_header(self): value = '' opt = opt_factory('name', value, 'desc', HEADER, 'help', 'tab') self.assertEqual(opt.get_value_for_profile(), value) header_instance = opt.get_value() self.assertEqual(len(header_instance), 0)
def test_empty_qs(self): value = '' opt = opt_factory('name', value, 'desc', QUERY_STRING, 'help', 'tab') self.assertEqual(opt.get_value_for_profile(), value) qs_instance = opt.get_value() self.assertEqual(len(qs_instance), 0)
def test_empty_header(self): value = '' opt = opt_factory('name', value, 'desc', HEADER, 'help', 'tab') self.assertEqual(opt.get_value_for_profile(), value) header_instance = opt.get_value() self.assertEqual(len(header_instance), 0)
def test_root_path_variable_set(self): opt = opt_factory("name", self.SHORT_INPUT_FILE, "desc", INPUT_FILE, "help", "tab1") opt.set_value(self.SHORT_INPUT_FILE) self.assertEqual(opt.get_value_for_profile(), self.SHORT_INPUT_FILE) self.assertEqual(opt.get_value_str(), self.INPUT_FILE) self.assertEqual(opt._value, self.INPUT_FILE)
def _initFilterBox(self, mainvbox): """Init advanced search options.""" self._advSearchBox = gtk.HBox() self._advSearchBox.set_spacing(self._padding) self.pref = FilterOptions(self) # Filter options self._filterMethods = [ ('GET', 'GET', False), ('POST', 'POST', False), ] filterMethods = OptionList() for method in self._filterMethods: filterMethods.add( opt_factory(method[0], method[2], method[1], "boolean")) self.pref.add_section('methods', _('Request Method'), filterMethods) filterId = OptionList() filterId.add(opt_factory("min", "0", "Min ID", "string")) filterId.add(opt_factory("max", "0", "Max ID", "string")) self.pref.add_section('trans_id', _('Transaction ID'), filterId) filterCodes = OptionList() codes = [ ("1xx", "1xx", False), ("2xx", "2xx", False), ("3xx", "3xx", False), ("4xx", "4xx", False), ("5xx", "5xx", False), ] for code in codes: filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean")) self.pref.add_section('codes', _('Response Code'), filterCodes) filterMisc = OptionList() filterMisc.add(opt_factory("tag", False, "Tag", "boolean")) filterMisc.add(opt_factory( "has_qs", False, "Request has Query String", "boolean")) self.pref.add_section('misc', _('Misc'), filterMisc) filterTypes = OptionList() self._filterTypes = [ ('html', 'HTML', False), ('javascript', 'JavaScript', False), ('image', 'Images', False), ('flash', 'Flash', False), ('css', 'CSS', False), ('text', 'Text', False), ] for filterType in self._filterTypes: filterTypes.add(opt_factory( filterType[0], filterType[2], filterType[1], "boolean")) self.pref.add_section('types', _('Response Content Type'), filterTypes) filterSize = OptionList() filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean")) self.pref.add_section('sizes', _('Response Size'), filterSize) self.pref.show() self._advSearchBox.pack_start(self.pref, False, False) self._advSearchBox.hide_all() mainvbox.pack_start(self._advSearchBox, False, False)
def get_options(self): """ In this case we provide a sample implementation since most vulnerabilities will have this template. If the specific vulnerability needs other params then it should override this implementation. """ ol = OptionList() d = 'Vulnerability name (eg. %s)' % self.get_vulnerability_name() o = opt_factory('name', self.name, d, 'string') ol.add(o) d = 'URL pointing to the path that is vulnerable to file uploads via'\ ' misconfigured DAV module (HTTP PUT method).' o = opt_factory('url', self.url, d, 'url') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Base64 input file from which to create the fuzzable requests' h = 'The file format is described in output.export_requests' o = opt_factory('input_base64', self._input_base64, d, INPUT_FILE, help=h) ol.add(o) d = 'Burp log file from which to create the fuzzable requests' h = 'The input file needs to be in Burp format.' o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Define the CSV input file from which to create the fuzzable requests' h = 'The input file is comma separated and holds the following data:' h += ' "HTTP-METHOD","URI","POSTDATA"' o = opt_factory('input_csv', self._input_csv, d, INPUT_FILE, help=h) ol.add(o) d = 'Define the Burp log file from which to create the fuzzable requests' h = 'The input file needs to be in Burp format.' o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h) ol.add(o) return ol