def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self._file_name, d, OUTPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'The name of the output file where the vulnerabilities are be saved'
o = opt_factory('output_file', self.output_file, d, OUTPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Only use the first wnResults (wordnet results) from each category.'
o = opt_factory('wn_results', self._wordnet_results, d, 'integer')
ol.add(o)
return ol
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Target URL'
o1 = opt_factory('target', 'http://example.com', self._d1, 'url_list')
ol = OptionList()
ol.add(o1)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Path to file containing a list of trusted JavaScript domains'
o = opt_factory('secure_js_file', self._secure_js_file, d, INPUT_FILE)
ol.add(o)
return ol
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Find other virtual hosts using MSN search'
o1 = opt_factory(self._d1, False, self._d1, 'boolean')
ol = OptionList()
ol.add(o1)
return ol
def setMiscConfig(self, setting, value):
opt_list = OptionList()
opt_list.add(opt_factory(setting, value, "Misc Setting", "string"))
print "[*] Setting %s with value %s on MiscsSettings ..." % (setting,
value)
if cf.cf.has_key(setting):
cf.cf.save(setting, value)
print "[*] Done!"
self.listMiscConfigs()
else:
print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'CGI-BIN dirs where to search for vulnerable scripts.'
h = 'Pykto will search for vulnerable scripts in many places, one of'\
' them is inside cgi-bin directory. The cgi-bin directory can be'\
' anything and change from install to install, so its a good idea'\
' to make this a user setting. The directories should be supplied'\
' comma separated and with a / at the beggining and one at the end.'\
' Example: "/cgi/,/cgibin/,/bin/"'
o = opt_factory('cgi_dirs', self._cgi_dirs, d, LIST, help=h)
ol.add(o)
d = 'Admin directories where to search for vulnerable scripts.'
h = 'Pykto will search for vulnerable scripts in many places, one of'\
' them is inside administration directories. The admin directory'\
' can be anything and change from install to install, so its a'\
' good idea to make this a user setting. The directories should'\
' be supplied comma separated and with a / at the beggining and'\
' one at the end. Example: "/admin/,/adm/"'
o = opt_factory('admin_dirs', self._admin_dirs, d, LIST, help=h)
ol.add(o)
d = 'PostNuke directories where to search for vulnerable scripts.'
h = 'The directories should be supplied comma separated and with a'\
'forward slash at the beginning and one at the end. Example:'\
'"/forum/,/nuke/"'
o = opt_factory('nuke_dirs', self._nuke, d, LIST, help=h)
ol.add(o)
d = 'The path to the nikto scan_databse.db file.'
h = 'The default scan database file is fine in most cases.'
o = opt_factory('db_file', self._db_file, d, INPUT_FILE, help=h)
ol.add(o)
d = 'The path to the w3af_scan_databse.db file.'
h = 'This is a file which has some extra checks for files that are not'\
' present in the nikto database.'
o = opt_factory('extra_db_file',
self._extra_db_file,
d,
INPUT_FILE,
help=h)
ol.add(o)
d = 'Test all files with all root directories'
h = 'Define if we will test all files with all root directories.'
o = opt_factory('mutate_tests', self._mutate_tests, d, BOOL, help=h)
ol.add(o)
return ol
def setPluginOptions(self, pluginType, pluginName, pluginSettingType,
pluginSetting, pluginSettingValue):
opt_list = OptionList()
opt_list.add(
opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting",
pluginSettingType))
print "[*] Setting %s with value %s on Plugin %s ..." % (
pluginSetting, pluginSettingValue, pluginName)
self.w3afCorePlugin.plugins._plugins_options[pluginType][
pluginName] = opt_list
print "[*] Done!"
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Fetch the first "result_limit" results from the Google search'
o = opt_factory('result_limit', self._result_limit, d, 'integer')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Skip symfony detection and search for the csrf (mis)protection.'
o = opt_factory('override', self._override, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'URL to download the retirejs database from'
o = opt_factory('retire_db_url', self._retire_db_url, d, URL_OPTION)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = ('Vulners API key for extended scanning rate limits.'
' Obtain an API key for free at https://vulners.com/')
o = opt_factory('vulners_api_key', self._vulners_api_key, d, STRING)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
h = 'Don\'t change this unless you read the plugin code.'
o = opt_factory('fuzz_images', self._fuzz_images, d, 'boolean', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'If two strings have a diff ratio less than diff_ratio, then they'\
' are really different.'
o = opt_factory('diff_ratio', self._diff_ratio, d, 'float')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Only search emails for domain of target'
o1 = opt_factory('only_target_domain', self._only_target_domain,
d1, 'boolean')
ol.add(o1)
return ol
def __init__(self,
parentwidg,
w3af,
plugin,
save_btn,
rvrt_btn,
overwriter=None):
super(OnlyOptions, self).__init__()
if overwriter is None:
overwriter = {}
self.set_spacing(5)
self.w3af = w3af
self.parentwidg = parentwidg
self.widgets_status = {}
self.tab_widget = {}
self.propagAnyWidgetChanged = helpers.PropagateBuffer(
self._changedAnyWidget)
self.propagLabels = {}
self.saved_successfully = False
# options
self.options = OptionList()
options = plugin.get_options()
# let's use the info from the core
coreopts = self.w3af.plugins.get_plugin_options(
plugin.ptype, plugin.pname)
if coreopts is None:
coreopts = {}
# let's get the real info
for opt in options:
if opt.get_name() in coreopts:
opt.set_value(coreopts[opt.get_name()].get_value_str())
if opt.get_name() in overwriter:
opt.set_value(overwriter[opt.get_name()])
self.options.append(opt)
# buttons
save_btn.connect("clicked", self._save_panel, plugin)
save_btn.set_sensitive(False)
rvrt_btn.set_sensitive(False)
rvrt_btn.connect("clicked", self._revertPanel)
self.save_btn = save_btn
self.rvrt_btn = rvrt_btn
# middle (the heart of the panel)
if self.options:
tabbox = gtk.HBox()
heart = self._createNotebook()
tabbox.pack_start(heart, expand=True)
tabbox.show()
self.pack_start(tabbox, expand=True, fill=False)
self.show()
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
d1 = 'Is the target web application reachable from the Internet?'
o1 = opt_factory('internet', True, d1, 'boolean')
ol = OptionList()
ol.add(o1)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Maximum recursion depth for spidering process'
h = 'The plugin will spider the archive.org site related to the target'
h += ' site with the maximum depth specified in this parameter.'
o = opt_factory('max_depth', self._max_depth, d, 'integer', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Generate a fingerprint file.'
h = 'Define if we will generate a fingerprint file based on the'\
' findings made during this execution.'
o = opt_factory('gen_fingerprint', self._gen_fp, d, 'boolean', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Users file to use in bruteforcing'
o = opt_factory('usersFile', self._users_file, d, INPUT_FILE)
ol.add(o)
d = 'Passwords file to use in bruteforcing'
o = opt_factory('passwdFile', self._passwd_file, d, INPUT_FILE)
ol.add(o)
d = 'This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce.'
o = opt_factory('useSvnUsers', self._use_SVN_users, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should stop after finding the first correct user and password.'
o = opt_factory('stopOnFirst', self._stop_on_first, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should try password equal user in logins.'
o = opt_factory('passEqUser', self._pass_eq_user, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should try l337 passwords'
o = opt_factory('useLeetPasswd', self._l337_p4sswd, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforcer should use emails collected by w3af plugins as users.'
o = opt_factory('useEmails', self._useMails, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should use password profiling to collect new passwords.'
o = opt_factory('useProfiling', self._use_profiling, d, BOOL)
ol.add(o)
d = 'This indicates how many passwords from profiling will be used.'
o = opt_factory('profilingNumber', self._profiling_number, d, INT)
ol.add(o)
d = 'Combo of username and passord, file to use in bruteforcing'
o = opt_factory('comboFile', self._combo_file, d, INPUT_FILE)
ol.add(o)
d = 'Separator string used in Combo file to split username and password'
o = opt_factory('comboSeparator', self._combo_separator, d, STRING)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Destination http port number to analize'
o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2)
ol.add(o2)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
desc = 'String equal ratio (0.0 to 1.0)'
h = ('Two pages are considered equal if they match in more'
' than eq_limit.')
opt = opt_factory('eq_limit', self._eq_limit, desc, 'float', help=h)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Extensions that w3af will try to upload through the form.'
h = ('When finding a form with a file upload, this plugin will try to'
' upload a set of files with the extensions specified here.')
o = opt_factory('extensions', self._extensions, d, 'list', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
desc = 'Origin HTTP header value'
_help = ("Define value used to specify the 'Origin' HTTP header for"
" HTTP request sent to test application behavior")
opt = opt_factory('origin_header_value', self.origin_header_value,
desc, 'string', help=_help)
opt_list.add(opt)
return opt_list
def _initFilterBox(self, mainvbox):
"""Init advanced search options."""
self._advSearchBox = gtk.HBox()
self._advSearchBox.set_spacing(self._padding)
self.pref = FilterOptions(self)
# Filter options
self._filterMethods = [
('GET', 'GET', False),
('POST', 'POST', False),
]
filterMethods = OptionList()
for method in self._filterMethods:
filterMethods.add(
opt_factory(method[0], method[2], method[1], "boolean"))
self.pref.add_section('methods', _('Request Method'), filterMethods)
filterId = OptionList()
filterId.add(opt_factory("min", "0", "Min ID", "string"))
filterId.add(opt_factory("max", "0", "Max ID", "string"))
self.pref.add_section('trans_id', _('Transaction ID'), filterId)
filterCodes = OptionList()
codes = [
("1xx", "1xx", False),
("2xx", "2xx", False),
("3xx", "3xx", False),
("4xx", "4xx", False),
("5xx", "5xx", False),
]
for code in codes:
filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean"))
self.pref.add_section('codes', _('Response Code'), filterCodes)
filterMisc = OptionList()
filterMisc.add(opt_factory("tag", False, "Tag", "boolean"))
filterMisc.add(
opt_factory("has_qs", False, "Request has Query String",
"boolean"))
self.pref.add_section('misc', _('Misc'), filterMisc)
filterTypes = OptionList()
self._filterTypes = [
('html', 'HTML', False),
('javascript', 'JavaScript', False),
('image', 'Images', False),
('flash', 'Flash', False),
('css', 'CSS', False),
('text', 'Text', False),
]
for filterType in self._filterTypes:
filterTypes.add(
opt_factory(filterType[0], filterType[2], filterType[1],
"boolean"))
self.pref.add_section('types', _('Response Content Type'), filterTypes)
filterSize = OptionList()
filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean"))
self.pref.add_section('sizes', _('Response Size'), filterSize)
self.pref.show()
self._advSearchBox.pack_start(self.pref, False, False)
self._advSearchBox.hide_all()
mainvbox.pack_start(self._advSearchBox, False, False)
def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# Write the HTTP request / response to the DB
url = URL('http://w3af.com/a/b/c.php')
hdr = Headers([('User-Agent', 'w3af')])
request = HTTPRequest(url, data='a=1')
request.set_headers(hdr)
hdr = Headers([('Content-Type', 'text/html')])
res = HTTPResponse(200, '<html>syntax error near', hdr, url, url)
_id = 1
h1 = HistoryItem()
h1.request = request
res.set_id(_id)
h1.response = res
h1.save()
# Create one vulnerability in the KB pointing to the request-
# response we just created
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli')
kb.kb.append('sqli', 'sqli', v)
self.assertEqual(len(kb.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
plugin_instance.set_w3af_core(self.w3af_core)
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = get_vulns_from_xml(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in the manifest file name bruteforcing process.'
o = opt_factory('wordlist', self._wordlist, d, 'string')
ol.add(o)
d = 'File extensions to use when brute forcing Gears Manifest files'
o = opt_factory('manifestExtensions', self._extensions, d, 'list')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'ClamAV daemon socket path'
h = 'Communication with ClamAV is performed over an Unix socket, in'\
' order to be able to use this plugin please start a clamd daemon'\
' and provide the unix socket path.'
# TODO: Maybe I should change this STRING to INPUT_FILE?
o = opt_factory('clamd_socket', self._clamd_socket, d, STRING, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Identify persistent cross site scripting vulnerabilities'
h1 = 'If set to True, w3af will navigate all pages of the target one'\
' more time, searching for persistent cross site scripting'\
' vulnerabilities.'
o1 = opt_factory('persistent_xss', self._check_persistent_xss, d1,
'boolean', help=h1)
ol.add(o1)
return ol
