def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# First we create one vulnerability in the KB
self.kb.cleanup()
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, 1, 'sqli')
self.kb.append('sqli', 'sqli', v)
self.assertEqual(len(self.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = self._from_xml_get_vulns(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in directory bruteforcing process.'
o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE)
ol.add(o)
d = 'Wordlist to use in file bruteforcing process.'
o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE)
ol.add(o)
d = 'If set to True, this plugin will bruteforce directories.'
o = opt_factory('bf_directories', self._bf_directories, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce files.'
o = opt_factory('bf_files', self._bf_files, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce all directories, not'\
' only the root directory.'
h = 'WARNING: Enabling this will make the plugin send tens of thousands'\
' of requests.'
o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field,
'string', 'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field,
'string', 'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using a POST'
' request'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Stream edition expressions'
h = ('Stream edition expressions are strings that tell the sed plugin'
' which transformations to apply to the HTTP requests and'
' responses. The sed plugin uses regular expressions, some'
' examples:\n'
'\n'
' - qh/User/NotLuser/\n'
' This will make sed search in the the re[q]uest [h]eader'
' for the string User and replace it with NotLuser.\n'
'\n'
' - sb/[fF]orm/form\n'
' This will make sed search in the re[s]ponse [b]ody for'\
' the strings form or Form and replace it with form.\n'
'\n'
'Multiple expressions can be specified separated by commas.')
o = opt_factory('expressions', self._expressions, d, 'list', help=h)
ol.add(o)
d = 'Fix the content length header after mangling'
o = opt_factory('fix_content_len', self._user_option_fix_content_len,
d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Fetch the first "result_limit" results from the bing search'
o = opt_factory("result_limit", self._result_limit, d, "integer")
ol.add(o)
return ol
def setMiscConfig(self,setting,value):
opt_list = OptionList()
opt_list.add( opt_factory(setting, value, "Misc Setting", "string") )
print "[*] Setting %s with value %s on MiscsSettings ..." %(setting,value)
if cf.cf.has_key(setting):
cf.cf.save(setting, value)
print "[*] Done!"
self.listMiscConfigs()
else:
print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Enables verbose output for the console'
o = opt_factory('verbose', self.verbose, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
d1 = 'Word list to use in the file name brute forcing process.'
o1 = opt_factory('wordlist', self._wordlist, d1, 'string')
ol = OptionList()
ol.add(o1)
return ol
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Target URL'
o1 = opt_factory('target', 'http://example.com', self._d1, 'url_list')
ol = OptionList()
ol.add(o1)
return ol
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Find other virtual hosts using MSN search'
o1 = opt_factory(self._d1, False, self._d1, 'boolean')
ol = OptionList()
ol.add(o1)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Path to file containing a list of trusted JavaScript domains'
o = opt_factory('secure_js_file', self._secure_js_file, d, INPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Skip symfony detection and search for the csrf (mis)protection.'
o = opt_factory('override', self._override, d, 'boolean')
ol.add(o)
return ol
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Is the target web application reachable from the Internet?'
o1 = opt_factory(self._d1, True, self._d1, 'boolean')
ol = OptionList()
ol.add(o1)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = "The name of the output file where the vulnerabilities are be saved"
o = opt_factory("output_file", self.output_file, d, OUTPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = "Only use the first wnResults (wordnet results) from each category."
o = opt_factory("wn_results", self._wordnet_results, d, "integer")
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'The name of the output file where the HTTP requests will be saved'
o = opt_factory('output_file', self.output_file, d, OUTPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._file_name, d, OUTPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Only search emails for domain of target'
o1 = opt_factory('only_target_domain', self._only_target_domain,
d1, 'boolean')
ol.add(o1)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'If two strings have a diff ratio less than diff_ratio, then they'\
' are really different.'
o = opt_factory('diff_ratio', self._diff_ratio, d, 'float')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
h = 'Don\'t change this unless you read the plugin code.'
o = opt_factory('fuzz_images', self._fuzz_images, d, 'boolean', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Maximum recursion depth for spidering process'
h = 'The plugin will spider the archive.org site related to the target'\
' site with the maximum depth specified in this parameter.'
o = opt_factory('max_depth', self._max_depth, d, 'integer', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Generate a fingerprint file.'
h = 'Define if we will generate a fingerprint file based on the'\
' findings made during this execution.'
o = opt_factory('gen_fingerprint', self._gen_fp, d, 'boolean', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'When comparing, also compare the content of files.'
o = opt_factory('content', self._content, d, BOOL)
ol.add(o)
d = 'The local directory used in the comparison.'
o = opt_factory('local_dir', self._local_dir, d, STRING)
ol.add(o)
d = 'The remote directory used in the comparison.'
o = opt_factory(
'remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE)
ol.add(o)
d = 'When comparing content of two files, ignore files with these'\
'extensions.'
o = opt_factory('banned_ext', self._ban_url, d, LIST)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Extensions that w3af will try to upload through the form.'
h = 'When finding a form with a file upload, this plugin will try to'\
' upload a set of files with the extensions specified here.'
o = opt_factory('extensions', self._extensions, d, 'list', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
desc = 'Origin HTTP header value'
_help = ("Define value used to specify the 'Origin' HTTP header for"
" HTTP request sent to test application behavior")
opt = opt_factory('origin_header_value', self.origin_header_value,
desc, 'string', help=_help)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
desc = 'String equal ratio (0.0 to 1.0)'
h = 'Two pages are considered equal if they match in more'\
' than eq_limit.'
opt = opt_factory('eq_limit', self._eq_limit, desc, 'float', help=h)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Destination http port number to analize'
o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2)
ol.add(o2)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE)
ol.add(o)
d = 'True if debug information will be appended to the report.'
o = opt_factory('verbose', self._verbose, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'ClamAV daemon socket path'
h = 'Communication with ClamAV is performed over an Unix socket, in'\
' order to be able to use this plugin please start a clamd daemon'\
' and provide the unix socket path.'
# TODO: Maybe I should change this STRING to INPUT_FILE?
o = opt_factory('clamd_socket', self._clamd_socket, d, STRING, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in the manifest file name bruteforcing process.'
o = opt_factory('wordlist', self._wordlist, d, 'string')
ol.add(o)
d = 'File extensions to use when brute forcing Gears Manifest files'
o = opt_factory('manifestExtensions', self._extensions, d, 'list')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Base64 input file from which to create the fuzzable requests'
h = 'The file format is described in output.export_requests'
o = opt_factory('input_base64',
self._input_base64,
d,
INPUT_FILE,
help=h)
ol.add(o)
d = 'Burp log file from which to create the fuzzable requests'
h = 'The input file needs to be in Burp format.'
o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Single regex to use in the grep process.'
o = opt_factory('single_regex', self._single_regex, d, REGEX)
ol.add(o)
d = 'Path to file with regular expressions to use in the grep process.'
h = 'Attention: The file will be loaded line by line into memory,'\
' because the regex will be pre-compiled in order to achieve '\
' better performance during the scan process. \n\n'\
'A list of example regular expressions can be found at '\
'"plugins/grep/user_defined_regex/".'
o = opt_factory('regex_file_path', self._regex_file_path, d,
INPUT_FILE, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
desc = 'Use time delay (sleep() technique)'
_help = 'If set to True, w3af will checks insecure eval() usage by' \
' analyzing of time delay result of script execution.'
opt = opt_factory('use_time_delay', self._use_time_delay,
desc, 'boolean', help=_help)
opt_list.add(opt)
desc = 'Use echo technique'
_help = 'If set to True, w3af will checks insecure eval() usage by' \
' grepping result of script execution for test strings.'
opt = opt_factory('use_echo', self._use_echo, desc,
'boolean', help=_help)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
h1 = 'Two pages are considered equal if they match in more'\
' than eq_limit.'
h2 = 'Timeout between fuzzing requests'
h3 = 'Perform a primary sql-injection check'
opt = opt_factory('eq_limit',
self._eq_limit,
'String equal ratio (0.0 to 1.0)',
'float',
help=h1)
opt_list.add(opt)
opt = opt_factory('timeout',
self._timeout,
'Requests timeout',
'float',
help=h2)
opt_list.add(opt)
opt = opt_factory('is_carefully',
self._is_carefully,
'Do a primary check?',
'boolean',
help=h3)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app' \
' when doing remote file inclusions. This setting configures on' \
' what IP address the webserver is going to listen.'
o = opt_factory('listen_address',
self._listen_address,
d,
'ip',
help=h)
ol.add(o)
d = 'Port that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app' \
' when doing remote file inclusions. This setting configures on' \
' what IP address the webserver is going to listen.'
o = opt_factory('listen_port', self._listen_port, d, 'port', help=h)
ol.add(o)
d = 'Instead of including a file in a local webserver; include the ' \
' result of exploiting a XSS bug within the same target site.'
o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
targets = ','.join(str(tar) for tar in cf.cf.get('targets'))
d = 'A comma separated list of URLs'
o = opt_factory('target', targets, d, 'url_list')
ol.add(o)
d = 'Target operating system (' + '/'.join(
self._operating_systems) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done because the default value is the one
# in the first position on the list
tmp_list = self._operating_systems[:]
tmp_list.remove(cf.cf.get('target_os'))
tmp_list.insert(0, cf.cf.get('target_os'))
o = opt_factory('target_os', tmp_list, d, 'combo', help=h)
ol.add(o)
d = 'Target programming framework (' + '/'.join(
self._programming_frameworks) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done because the default value is the one
# in the first position on the list
tmp_list = self._programming_frameworks[:]
tmp_list.remove(cf.cf.get('target_framework'))
tmp_list.insert(0, cf.cf.get('target_framework'))
o = opt_factory('target_framework', tmp_list, d, 'combo', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web'\
' application when doing remote file inclusions. This setting'\
' configures where the webserver is going to listen for requests.'
o = opt_factory('listen_address',
self._listen_address,
d,
STRING,
help=h)
ol.add(o)
d = 'TCP port that the webserver will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, PORT)
ol.add(o)
d = 'Use w3af site to test for remote file inclusion'
h = 'The plugin can use the w3af site to test for remote file'\
' inclusions, which is convenient when you are performing a test'\
' behind a NAT firewall.'
o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
"""
In this case we provide a sample implementation since most
vulnerabilities will have this template. If the specific vulnerability
needs other params then it should override this implementation.
"""
ol = OptionList()
d = 'Vulnerability name (eg. SQL Injection)'
o = opt_factory('name', self.name, d, 'string')
ol.add(o)
d = 'URL (without query string parameters)'
o = opt_factory('url', self.url, d, 'url')
ol.add(o)
d = 'Query string or postdata parameters in url-encoded form'
h = 'If the HTTP method is GET, the data will be sent in the ' \
'query-string otherwise it will be sent using the HTTP request\'s' \
' body. If the vulnerability requires the request to be sent using'\
' multipart-forms, the exploit will convert this url-encoded data' \
' into that format.\n\n'\
'Enter the original parameter value, not the one which triggers'\
' the vulnerability. Correct input looks like "id=2" not like'\
' "id=2;cat /etc/passwd".'
o = opt_factory('data', self.data, d, 'string', help=h)
ol.add(o)
d = 'HTTP method'
o = opt_factory('method', self.method, d, 'string')
ol.add(o)
d = 'Vulnerable parameter (needs to be one of the entered in the data'\
' field).'
o = opt_factory('vulnerable_parameter', self.vulnerable_parameter, d,
'string')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Execute plugin only one time'
h1 = 'Generally the methods allowed for a URL are configured system' \
' wide, so executing this plugin only once is the faster choice.' \
' The most accurate choice is to run it against every URL.'
o = opt_factory('execOneTime',
self._exec_one_time,
d1,
'boolean',
help=h1)
ol.add(o)
d2 = 'Only report findings if uncommon methods are found'
o = opt_factory('reportDavOnly', self._report_dav_only, d2, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
h = 'It\'s safe to leave this option as the default.'
o = opt_factory('fuzzImages', self._fuzz_images, d, 'boolean', help=h)
ol.add(o)
d = 'Set the top number of sections to fuzz'
h = 'It\'s safe to leave this option as the default. For example, with maxDigitSections'
h += ' = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd.'
o = opt_factory('maxDigitSections',
self._max_digit_sections,
d,
'integer',
help=h)
ol.add(o)
return ol
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Detect active filters (IPS, WAF, Layer 7 firewalls)'
o1 = opt_factory(self._d1, True, self._d1, 'boolean')
self._d2 = 'Detect (reverse) proxies'
o2 = opt_factory(self._d2, True, self._d2, 'boolean')
self._d3 = 'Fingerprint Web Application Firewalls'
o3 = opt_factory(self._d3, True, self._d3, 'boolean')
self._d4 = 'Identify HTTP load balancers'
o4 = opt_factory(self._d4, True, self._d4, 'boolean')
ol = OptionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
h1 = 'Two pages are considered equal if they match in more'\
' than eq_limit.'
h2 = 'Timeout between fuzzing requests'
opt = opt_factory('eq_limit',
self._eq_limit,
'String equal ratio (0.0 to 1.0)',
'float',
help=h1)
opt_list.add(opt)
opt = opt_factory('timeout',
self._timeout,
'Requests timeout',
'float',
help=h2)
opt_list.add(opt)
return opt_list
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
self._d1 = 'Identify Operating System'
o1 = opt_factory(self._d1, True, self._d1, 'boolean')
self._d2 = 'Fingerprint Web Server vendor and version'
o2 = opt_factory(self._d2, True, self._d2, 'boolean')
self._d3 = 'Fingerprint programming framework'
o3 = opt_factory(self._d3, True, self._d3, 'boolean')
self._d4 = 'Find virtual hosts'
o4 = opt_factory(self._d4, True, self._d4, 'boolean')
ol = OptionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Set minimal amount of days before expiration of the certificate'\
' for alerting'
h = 'If the certificate will expire in period of minExpireDays w3af'\
' will show an alert about it, which is useful for admins to'\
' remember to renew the certificate.'
o = opt_factory('minExpireDays',
self._min_expire_days,
d,
'integer',
help=h)
ol.add(o)
d = 'CA PEM file path'
o = opt_factory('caFileName', self._ca_file, d, INPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = ('Set minimal amount of days before expiration of the certificate'
' for alerting')
h = ('If the certificate will expire in period of minExpireDays w3af'
' will show an alert about it, which is useful for admins to'
' remember to renew the certificate.')
o = opt_factory('min_expire_days',
self._min_expire_days,
d,
'integer',
help=h)
ol.add(o)
d = 'Path to the ca.pem file containing all root certificates'
o = opt_factory('ca_file_name', self._ca_file, d, INPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field, 'string',
'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field, 'string',
'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using the'
' configured request method'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
('data_format', self.data_format, 'string',
'The format for the POST-data or query string. The following are'
' valid formatting values:\n'
' - %u for the username parameter name value\n'
' - %U for the username value\n'
' - %p for the password parameter name value\n'
' - %P for the password value\n'),
('method', self.method, 'string', 'The HTTP method to use'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field,
'string', 'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field,
'string', 'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using a POST'
' request'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def get_options(self):
ol = OptionList()
d = 'SMTP server ADDRESS to send notifications through, e.g. smtp.yourdomain.com'
o = opt_factory('smtpServer', self.smtpServer, d, 'string')
ol.add(o)
d = 'SMTP server PORT'
o = opt_factory('smtpPort', self.smtpPort, d, 'integer')
ol.add(o)
d = 'Recipient email address'
o = opt_factory('toAddrs', self.toAddrs, d, 'list')
ol.add(o)
d = '"From" email address'
o = opt_factory('fromAddr', self.fromAddr, d, 'string')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Only crawl links inside the target URL'
h = ('For example, when the target URL is set to http://abc/def/'
' and only_forward is set, http://abc/def/123 will be crawled'
' but http://abc/xyz/ will not. When only_forward is disabled'
' both links will be crawled.')
o = opt_factory('only_forward', self._only_forward, d, BOOL, help=h)
ol.add(o)
d = 'Only crawl links that match this regular expression'
h = 'The ignore_regex configuration parameter has precedence over follow_regex'
o = opt_factory('follow_regex', self._follow_regex, d, REGEX, help=h)
ol.add(o)
d = 'DO NOT crawl links that match this regular expression'
h = 'The ignore_regex configuration parameter has precedence over follow_regex'
o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX, help=h)
ol.add(o)
d = 'DO NOT crawl links that use these extensions.'
h = ('This configuration parameter is commonly used to ignore'
' static files such as zip, pdf, jpeg, etc. It is possible to'
' ignore these files using `ignore_regex`, but configuring'
' this parameter is easier and performs case insensitive'
' matching.')
o = opt_factory('ignore_extensions',
self._ignore_extensions,
d,
LIST,
help=h)
ol.add(o)
return ol
def create_target_option_list(*target):
opts = OptionList()
opt = opt_factory('target', '', '', URL_LIST)
opt.set_value(','.join([u.url_string for u in target]))
opts.add(opt)
opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo')
opts.add(opt)
opt = opt_factory('target_framework',
('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp',
'cfm', 'ruby', 'perl'), '', 'combo')
opts.add(opt)
return opts
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Enable if verbose output is needed'
o = opt_factory('verbose', self.verbose, d, 'boolean')
ol.add(o)
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE)
ol.add(o)
d = 'File name where this plugin will write HTTP requests and responses'
o = opt_factory('http_output_file', self._http_file_name, d, OUTPUT_FILE)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'The path to the HTML template used to render the report.'
o = opt_factory('template', self._template, d, INPUT_FILE)
ol.add(o)
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE)
ol.add(o)
d = 'True if debug information will be appended to the report.'
o = opt_factory('verbose', self._verbose, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'When crawling only follow links to paths inside the one given'\
' as target.'
o = opt_factory('only_forward', self._only_forward, d, BOOL)
ol.add(o)
d = 'When crawling only follow which that match this regular'\
' expression. Please note that ignore_regex has precedence over'\
' follow_regex.'
o = opt_factory('follow_regex', self._follow_regex, d, REGEX)
ol.add(o)
d = 'When crawling, DO NOT follow links that match this regular'\
' expression. Please note that ignore_regex has precedence over'\
' follow_regex.'
o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
######## Fuzzer parameters ########
d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter'
opt = opt_factory('fuzz_cookies',
cf.cf.get('fuzz_cookies'),
d,
'boolean',
tabid='Fuzzer parameters')
ol.add(opt)
d = 'Indicates if w3af plugins will send payloads in the content of'\
' multipart/post form files.'
h = 'If enabled, and multipart/post forms with files are found, w3af'\
'will fill those file inputs with pseudo-files containing the' \
'payloads required to identify vulnerabilities.'
opt = opt_factory('fuzz_form_files',
cf.cf.get('fuzz_form_files'),
d,
'boolean',
tabid='Fuzzer parameters',
help=h)
ol.add(opt)
d = 'Indicates if w3af plugins will send fuzzed file names in order to'\
' find vulnerabilities'
h = 'For example, if the discovered URL is http://test/filename.php,'\
' and fuzz_url_filenames is enabled, w3af will request among'\
' other things: http://test/file\'a\'a\'name.php in order to'\
' find SQL injections. This type of vulns are getting more '\
' common every day!'
opt = opt_factory('fuzz_url_filenames',
cf.cf.get('fuzz_url_filenames'),
d,
'boolean',
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'Indicates if w3af plugins will send fuzzed URL parts in order'\
' to find vulnerabilities'
h = 'For example, if the discovered URL is http://test/foo/bar/123,'\
' and fuzz_url_parts is enabled, w3af will request among other '\
' things: http://test/bar/<script>alert(document.cookie)</script>'\
' in order to find XSS.'
opt = opt_factory('fuzz_url_parts',
cf.cf.get('fuzz_url_parts'),
desc,
'boolean',
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'Indicates the extension to use when fuzzing file content'
opt = opt_factory('fuzzed_files_extension',
cf.cf.get('fuzzed_files_extension'),
desc,
'string',
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'A list with all fuzzable header names'
opt = opt_factory('fuzzable_headers',
cf.cf.get('fuzzable_headers'),
desc,
'list',
tabid='Fuzzer parameters')
ol.add(opt)
d = 'Indicates what HTML form combo values w3af plugins will use:'\
' all, tb, tmb, t, b'
h = 'Indicates what HTML form combo values, e.g. select options values,'\
' w3af plugins will use: all (All values), tb (only top and bottom '\
' values), tmb (top, middle and bottom values), t (top values), b'\
' (bottom values).'
options = ['tmb', 'all', 'tb', 't', 'b']
opt = opt_factory('form_fuzzing_mode',
options,
d,
COMBO,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
######## Core parameters ########
desc = 'Stop scan after first unhandled exception'
h = 'This feature is only useful for developers that want their scan'\
' to stop on the first exception that is raised by a plugin.'\
'Users should leave this as False in order to get better '\
'exception handling from w3af\'s core.'
opt = opt_factory('stop_on_first_exception',
cf.cf.get('stop_on_first_exception'),
desc,
'boolean',
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Maximum crawl time (minutes)'
h = 'Many users tend to enable numerous plugins without actually'\
' knowing what they are and the potential time they will take'\
' to run. By using this parameter, users will be able to set'\
' the maximum amount of time the crawl phase will run.'
opt = opt_factory('max_discovery_time',
cf.cf.get('max_discovery_time'),
desc,
'integer',
help=h,
tabid='Core settings')
ol.add(opt)
######## Network parameters ########
desc = 'Local interface name to use when sniffing, doing reverse'\
' connections, etc.'
opt = opt_factory('interface',
cf.cf.get('interface'),
desc,
'string',
tabid='Network settings')
ol.add(opt)
desc = 'Local IP address to use when doing reverse connections'
opt = opt_factory('local_ip_address',
cf.cf.get('local_ip_address'),
desc,
'string',
tabid='Network settings')
ol.add(opt)
######### Misc ###########
desc = 'A comma separated list of URLs that w3af should completely ignore'
h = 'Sometimes it\'s a good idea to ignore some URLs and test them'\
' manually'
opt = opt_factory('non_targets',
cf.cf.get('non_targets'),
desc,
URL_LIST,
help=h,
tabid='Misc settings')
ol.add(opt)
######### Metasploit ###########
desc = 'Full path of Metasploit framework binary directory (%s in '\
'most linux installs)' % cf.cf.get('msf_location')
opt = opt_factory('msf_location',
cf.cf.get('msf_location'),
desc,
'string',
tabid='Metasploit')
ol.add(opt)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Query string parameters to add in each API request'
h = ('Some REST APIs use query string parameters, such as `api_key`'
' for authentication. Set this parameter to configure one or more'
' query string parameters which will be added to each API HTTP'
' request. An example value for this field is: "api_key=0x12345"')
o = opt_factory('query_string_auth',
self._query_string_auth,
d,
QUERY_STRING,
help=h)
ol.add(o)
d = 'Headers to add in each API request'
h = (
'Some REST APIs use HTTP headers, such as `X-Authenticate` or `Basic`'
' for authentication. Set this parameter to configure one or more'
' HTTP headers which will be added to each API request.'
' An example value for this field is: "Basic: bearer 0x12345"')
o = opt_factory('header_auth', self._header_auth, d, HEADER, help=h)
ol.add(o)
d = 'Disable Open API spec validation'
h = 'By default, the plugin validates Open API specification before extracting endpoints.'
o = opt_factory('no_spec_validation',
self._no_spec_validation,
d,
BOOL,
help=h)
ol.add(o)
d = 'Path to Open API specification'
h = (
'By default, the plugin looks for the API specification on the target,'
' but sometimes applications do not provide an API specification.'
' Set this parameter to specify a local path to the API specification.'
' The file must have .json or .yaml extension.')
o = opt_factory('custom_spec_location',
self._custom_spec_location,
d,
INPUT_FILE,
help=h)
ol.add(o)
d = 'Automatic HTTP header discovery for further testing'
h = (
'By default, the plugin looks for parameters which are passed to endpoints via HTTP headers,'
' and enables them for further testing.'
' Set this options to False if you would like to disable this feature.'
' You can also set `misc-settings.fuzzable_headers` option to test only specific headers.'
)
o = opt_factory('discover_fuzzable_headers',
self._discover_fuzzable_headers,
d,
BOOL,
help=h)
ol.add(o)
d = 'Automatic path parameter discovery for further testing'
h = (
'By default, URLs discovered by this plugin allow other plugins'
' to inject content into the path only at locations declared as path'
' parameters in the Open API specification.'
'\n'
' For example, if the Open API specification declares an endpoint with the path'
' `/store/product-{productID}`, only the `{productID}` part of the URL will be'
' modified during fuzzing.'
'\n'
' Set this option to False if you would like to disable this feature,'
' and instead fuzz all path segments. If this option is set to False,'
' the plugin will automatically set `misc-settings.fuzz_url_parts`'
' and `misc-settings.fuzz_url_filenames` to True')
o = opt_factory('discover_fuzzable_url_parts',
self._discover_fuzzable_url_parts,
d,
BOOL,
help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'CGI-BIN dirs where to search for vulnerable scripts.'
h = ('Pykto will search for vulnerable scripts in many places, one of'
' them is inside cgi-bin directory. The cgi-bin directory can be'
' anything and change from install to install, so its a good idea'
' to make this a user setting. The directories should be supplied'
' comma separated and with a / at the beginning and one at the end.'
' Example: "/cgi/,/cgibin/,/bin/"')
o = opt_factory('cgi_dirs', self._cgi_dirs, d, LIST, help=h)
ol.add(o)
d = 'Admin directories where to search for vulnerable scripts.'
h = ('Pykto will search for vulnerable scripts in many places, one of'
' them is inside administration directories. The admin directory'
' can be anything and change from install to install, so its a'
' good idea to make this a user setting. The directories should'
' be supplied comma separated and with a / at the beginning and'
' one at the end. Example: "/admin/,/adm/"')
o = opt_factory('admin_dirs', self._admin_dirs, d, LIST, help=h)
ol.add(o)
d = 'PostNuke directories where to search for vulnerable scripts.'
h = ('The directories should be supplied comma separated and with a'
' forward slash at the beginning and one at the end. Example:'
' "/forum/,/nuke/"')
o = opt_factory('nuke_dirs', self._nuke, d, LIST, help=h)
ol.add(o)
d = 'The path to the nikto scan_databse.db file.'
h = 'The default scan database file is fine in most cases.'
o = opt_factory('db_file', self._db_file, d, INPUT_FILE, help=h)
ol.add(o)
d = 'The path to the w3af_scan_database.db file.'
h = ('This is a file which has some extra checks for files that are not'
' present in the nikto database.')
o = opt_factory('extra_db_file', self._extra_db_file, d,
INPUT_FILE, help=h)
ol.add(o)
d = 'Test all files with all root directories'
h = 'Define if we will test all files with all root directories.'
o = opt_factory('mutate_tests', self._mutate_tests, d, BOOL, help=h)
ol.add(o)
return ol
def _initFilterBox(self, mainvbox):
"""Init advanced search options."""
self._advSearchBox = gtk.HBox()
self._advSearchBox.set_spacing(self._padding)
self.pref = FilterOptions(self)
# Filter options
self._filterMethods = [
('GET', 'GET', False),
('POST', 'POST', False),
]
filterMethods = OptionList()
for method in self._filterMethods:
filterMethods.add(
opt_factory(method[0], method[2], method[1], "boolean"))
self.pref.add_section('methods', _('Request Method'), filterMethods)
filterId = OptionList()
filterId.add(opt_factory("min", "0", "Min ID", "string"))
filterId.add(opt_factory("max", "0", "Max ID", "string"))
self.pref.add_section('trans_id', _('Transaction ID'), filterId)
filterCodes = OptionList()
codes = [
("1xx", "1xx", False),
("2xx", "2xx", False),
("3xx", "3xx", False),
("4xx", "4xx", False),
("5xx", "5xx", False),
]
for code in codes:
filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean"))
self.pref.add_section('codes', _('Response Code'), filterCodes)
filterMisc = OptionList()
filterMisc.add(opt_factory("tag", False, "Tag", "boolean"))
filterMisc.add(
opt_factory("has_qs", False, "Request has Query String",
"boolean"))
self.pref.add_section('misc', _('Misc'), filterMisc)
filterTypes = OptionList()
self._filterTypes = [
('html', 'HTML', False),
('javascript', 'JavaScript', False),
('image', 'Images', False),
('flash', 'Flash', False),
('css', 'CSS', False),
('text', 'Text', False),
]
for filterType in self._filterTypes:
filterTypes.add(
opt_factory(filterType[0], filterType[2], filterType[1],
"boolean"))
self.pref.add_section('types', _('Response Content Type'), filterTypes)
filterSize = OptionList()
filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean"))
self.pref.add_section('sizes', _('Response Size'), filterSize)
self.pref.show()
self._advSearchBox.pack_start(self.pref, False, False)
self._advSearchBox.hide_all()
mainvbox.pack_start(self._advSearchBox, False, False)
def _init_options(self):
"""Init options."""
self.like_initial = True
self.pref = ConfigOptions(self.w3af, self, 'proxy_options')
# Proxy options
proxy_options = OptionList()
d = _('Proxy IP address and port number')
h = _(
'Local IP address where the proxy will listen for HTTP requests.')
o = opt_factory('ipport',
'127.0.0.1:8080',
d,
option_types.IPPORT,
help=h)
proxy_options.add(o)
d = _('Regular expression for URLs to intercept')
h = _('Regular expression to match against the URLs of HTTP requests'
' to decide if the request should be intercepted for analysis/'
'modifications or not.')
o = opt_factory('trap', ".*", d, option_types.REGEX, help=h)
proxy_options.add(o)
d = _("HTTP methods to intercept")
h = _('Comma separated list of HTTP methods to intercept')
o = opt_factory('methodtrap', "GET,POST", d, option_types.LIST, help=h)
proxy_options.add(o)
d = _("Ignored extensions")
h = _('Filename extensions that will NOT be intercepted')
default_value = ".*\.(gif|jpg|png|css|js|ico|swf|axd|tif)$"
o = opt_factory("notrap", default_value, d, option_types.REGEX, help=h)
proxy_options.add(o)
d = _("View mode for intercept tab")
views = ('Split', 'Tabbed')
o = opt_factory("trap_view", views, d, option_types.COMBO)
proxy_options.add(o)
d = _("Home tab")
homes = ['Intercept', 'History', 'Options']
o = opt_factory("home_tab", homes, d, option_types.COMBO)
proxy_options.add(o)
self.pref.add_section('proxy', _('Proxy options'), proxy_options)
# HTTP editor options
editor_options = OptionList()
o = opt_factory("wrap", True, _("Wrap long lines"), "boolean")
editor_options.add(o)
o = opt_factory("highlight_current_line", True,
_("Highlight current line"), "boolean")
editor_options.add(o)
o = opt_factory("highlight_syntax", True, _("Highlight syntax"),
"boolean")
editor_options.add(o)
o = opt_factory("display_line_num", True, _("Display line numbers"),
"boolean")
editor_options.add(o)
self.pref.add_section('editor', _('HTTP editor options'),
editor_options)
# Load values from configfile
self.pref.load_values()
self.pref.show()
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Users file to use in bruteforcing'
o = opt_factory('usersFile', self._users_file, d, INPUT_FILE)
ol.add(o)
d = 'Passwords file to use in bruteforcing'
o = opt_factory('passwdFile', self._passwd_file, d, INPUT_FILE)
ol.add(o)
d = 'This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce.'
o = opt_factory('useSvnUsers', self._use_SVN_users, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should stop after finding the first correct user and password.'
o = opt_factory('stopOnFirst', self._stop_on_first, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should try password equal user in logins.'
o = opt_factory('passEqUser', self._pass_eq_user, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should try l337 passwords'
o = opt_factory('useLeetPasswd', self._l337_p4sswd, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforcer should use emails collected by w3af plugins as users.'
o = opt_factory('useEmails', self._useMails, d, BOOL)
ol.add(o)
d = 'This indicates if the bruteforce should use password profiling to collect new passwords.'
o = opt_factory('useProfiling', self._use_profiling, d, BOOL)
ol.add(o)
d = 'This indicates how many passwords from profiling will be used.'
o = opt_factory('profilingNumber', self._profiling_number, d, INT)
ol.add(o)
d = 'Combo of username and passord, file to use in bruteforcing'
o = opt_factory('comboFile', self._combo_file, d, INPUT_FILE)
ol.add(o)
d = 'Separator string used in Combo file to split username and password'
o = opt_factory('comboSeparator', self._combo_separator, d, STRING)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
#
# Fuzzer parameters
#
d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter'
opt = opt_factory('fuzz_cookies',
cf.cf.get('fuzz_cookies'),
d,
BOOL,
tabid='Fuzzer parameters')
ol.add(opt)
d = ('Indicates if w3af plugins will send payloads in the content of'
' multipart/post form files.')
h = ('If enabled, and multipart/post forms with files are found, w3af'
'will fill those file inputs with pseudo-files containing the'
'payloads required to identify vulnerabilities.')
opt = opt_factory('fuzz_form_files',
cf.cf.get('fuzz_form_files'),
d,
BOOL,
tabid='Fuzzer parameters',
help=h)
ol.add(opt)
d = (
'Indicates if w3af plugins will send fuzzed file names in order to'
' find vulnerabilities')
h = ('For example, if the discovered URL is http://test/filename.php,'
' and fuzz_url_filenames is enabled, w3af will request among'
' other things: http://test/file\'a\'a\'name.php in order to'
' find SQL injections. This type of vulns are getting more '
' common every day!')
opt = opt_factory('fuzz_url_filenames',
cf.cf.get('fuzz_url_filenames'),
d,
BOOL,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
desc = ('Indicates if w3af plugins will send fuzzed URL parts in order'
' to find vulnerabilities')
h = ('For example, if the discovered URL is http://test/foo/bar/123,'
' and fuzz_url_parts is enabled, w3af will request among other '
' things: http://test/bar/<script>alert(document.cookie)</script>'
' in order to find XSS.')
opt = opt_factory('fuzz_url_parts',
cf.cf.get('fuzz_url_parts'),
desc,
BOOL,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'Indicates the extension to use when fuzzing file content'
opt = opt_factory('fuzzed_files_extension',
cf.cf.get('fuzzed_files_extension'),
desc,
STRING,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'A list with all fuzzable header names'
opt = opt_factory('fuzzable_headers',
cf.cf.get('fuzzable_headers'),
desc,
LIST,
tabid='Fuzzer parameters')
ol.add(opt)
d = ('Indicates what HTML form combo values w3af plugins will use:'
' all, tb, tmb, t, b')
h = (
'Indicates what HTML form combo values, e.g. select options values,'
' w3af plugins will use: all (All values), tb (only top and bottom'
' values), tmb (top, middle and bottom values), t (top values), b'
' (bottom values).')
options = ['tmb', 'all', 'tb', 't', 'b']
opt = opt_factory('form_fuzzing_mode',
options,
d,
COMBO,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
#
# Core parameters
#
desc = 'Stop scan after first unhandled exception'
h = ('This feature is only useful for developers that want their scan'
' to stop on the first exception that is raised by a plugin.'
' Users should leave this as False in order to get better'
' exception handling from w3af\'s core.')
opt = opt_factory('stop_on_first_exception',
cf.cf.get('stop_on_first_exception'),
desc,
BOOL,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Maximum crawl time (minutes)'
h = ('Many users tend to enable numerous plugins without actually'
' knowing what they are and the potential time they will take'
' to run. By using this parameter, users will be able to set'
' the maximum amount of time the crawl phase will run.')
opt = opt_factory('max_discovery_time',
cf.cf.get('max_discovery_time'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Maximum scan time (minutes)'
h = ('Sets the maximum number of minutes for the scan to run. Use'
' zero to remove the limit.')
opt = opt_factory('max_scan_time',
cf.cf.get('max_scan_time'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for each URL sub-path'
h = ('Limit how many requests are performed for each URL sub-path'
' during crawling. For example, if the application links to'
' three products: /product/1 /product/2 and /product/3, and'
' this variable is set to two, only the first two URLs:'
' /product/1 and /product/2 will be crawled.')
opt = opt_factory('path_max_variants',
cf.cf.get('path_max_variants'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for each URL and parameter set'
h = ('Limit how many requests are performed for each URL and parameter'
' set. For example, if the application links to three products:'
' /product?id=1 , /product?id=2 and /product?id=3, and this'
' variable is set to two, only the first two URLs:'
' /product?id=1 and /product?id=2 will crawled.')
opt = opt_factory('params_max_variants',
cf.cf.get('params_max_variants'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for similar forms'
h = ('Limit the number of HTTP requests to be sent to similar forms'
' during crawling. For example, if the application has multiple'
' HTML forms with the same parameters and different URLs set in'
' actions then only the configured number of forms are crawled.')
opt = opt_factory('max_equal_form_variants',
cf.cf.get('max_equal_form_variants'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
#
# Network parameters
#
desc = ('Local interface name to use when sniffing, doing reverse'
' connections, etc.')
opt = opt_factory('interface',
cf.cf.get('interface'),
desc,
STRING,
tabid='Network settings')
ol.add(opt)
desc = 'Local IP address to use when doing reverse connections'
opt = opt_factory('local_ip_address',
cf.cf.get('local_ip_address'),
desc,
STRING,
tabid='Network settings')
ol.add(opt)
#
# URL and form exclusions
#
desc = 'A comma separated list of URLs that w3af should ignore'
h = 'No HTTP requests will be sent to these URLs'
opt = opt_factory('non_targets',
cf.cf.get('non_targets'),
desc,
URL_LIST,
help=h,
tabid='Exclusions')
ol.add(opt)
desc = 'Filter forms to scan using form IDs'
h = ('Form IDs allow the user to specify which forms will be either'
' included of excluded in the scan. The form IDs identified by'
' w3af will be written to the log (when verbose is set to true)'
' and can be used to define this setting for new scans.\n\n'
'Find more about form IDs in the "Advanced use cases" section'
'of the w3af documentation.')
opt = opt_factory('form_id_list',
cf.cf.get('form_id_list'),
desc,
FORM_ID_LIST,
help=h,
tabid='Exclusions')
ol.add(opt)
desc = 'Define the form_id_list filter behaviour'
h = (
'Change this setting to "include" if only a very specific set of'
' forms needs to be scanned. If forms matching the form_id_list'
' parameters need to be excluded then set this value to "exclude".'
)
form_id_actions = [EXCLUDE, INCLUDE]
tmp_list = form_id_actions[:]
tmp_list.remove(cf.cf.get('form_id_action'))
tmp_list.insert(0, cf.cf.get('form_id_action'))
opt = opt_factory('form_id_action',
tmp_list,
desc,
COMBO,
help=h,
tabid='Exclusions')
ol.add(opt)
#
# Metasploit
#
desc = ('Full path of Metasploit framework binary directory (%s in '
'most linux installs)' % cf.cf.get('msf_location'))
opt = opt_factory('msf_location',
cf.cf.get('msf_location'),
desc,
STRING,
tabid='Metasploit')
ol.add(opt)
#
# Language options
#
d = 'Set the language to use when reading from the vulnerability database'
h = (
'The vulnerability database stores descriptions, fix guidance, tags,'
' references and much more about each vulnerability the scanner can'
' identify. The database supports translations, so this information'
' can be in many languages. Use this setting to choose the language'
' in which the information will be displayed and stored in reports.'
)
options = DBVuln.get_all_languages()
opt = opt_factory('vulndb_language',
options,
d,
COMBO,
help=h,
tabid='Language')
ol.add(opt)
return ol
