def add_owtf_transaction(self, request_hash):
owtf_transaction = transaction.HTTP_Transaction(timer.Timer())
request = request_from_cache(request_hash, self.cache_dir)
response = response_from_cache(request_hash, self.cache_dir)
request.in_scope = self.Core.IsInScopeURL(request.url)
owtf_transaction.ImportProxyRequestResponse(request, response)
self.Core.DB.Transaction.LogTransaction(owtf_transaction)
def initialise_framework(self, Options):
self.ProxyMode = Options["ProxyMode"]
cprint("Loading framework please wait..")
self.Config.ProcessOptions(Options)
self.initlogger()
self.Timer = timer.Timer(self.Config.Get('DATE_TIME_FORMAT')) # Requires user config
self.Timer.StartTimer('core')
self.initialise_plugin_handler_and_params(Options)
if Options['ListPlugins']:
self.PluginHandler.ShowPluginList()
self.exitOutput()
return False # No processing required, just list available modules
self.DB = db.DB(self) # DB is initialised from some Config settings, must be hooked at this point
self.DB.Init()
self.messaging_admin.Init()
Command = self.GetCommand(Options['argv'])
self.DB.Run.StartRun(Command) # Log owtf run options, start time, etc
if self.Config.Get('SIMULATION'):
cprint("WARNING: In Simulation mode plugins are not executed only plugin sequence is simulated")
else: # Reporter process is not needed unless a real run
self.start_reporter()
self.StartProxy(Options) # Proxy mode is started in that function
self.Start_TOR_Mode(Options)# TOR mode will start only if the Options are set
# Proxy Check
ProxySuccess, Message = self.Requester.ProxyCheck()
cprint(Message)
if not ProxySuccess: # Regardless of interactivity settings if the proxy check fails = no point to move on
self.Error.FrameworkAbort(Message) # Abort if proxy check failed
# Each Plugin adds its own results to the report, the report is updated on the fly after each plugin completes (or before!)
self.Error.SetCommand(self.AnonymiseCommand(Command)) # Set anonymised invoking command for error dump info
return True
def __init__(self, root_dir, owtf_pid):
"""
[*] Tightly coupled, cohesive framework components
[*] Order is important
+ IO decorated so as to abort on any permission errors
+ Attach error handler and config
+ Required folders created
+ All other components are attached to core: shell, db etc...
+ Required booleans and attributes are initialised
+ If modules have Init calls, they are run
Init procedures can exist only if the component can do some
initialisation only after addition of all components
"""
# ------------------------ IO decoration ------------------------ #
self.decorate_io()
# ------------------------ Error & Config ------------------------ #
self.Error = error_handler.ErrorHandler(self)
self.Config = config.Config(root_dir, owtf_pid, self)
# ----------------------- Directory creation ----------------------- #
self.create_dirs()
self.pnh_log_file() # <-- This is not supposed to be here
# -------------------- Component attachment -------------------- #
# (Order is important, if there is a dependency on some other
# other component please mention in a comment)
# Shell might be needed in some places
self.Shell = blocking_shell.Shell(self)
# As soon as you have config create logger for MainProcess
self.enable_logging()
# Plugin Helper needs access to automate Plugin tasks
self.PluginHelper = plugin_helper.PluginHelper(self)
# Reporter needs access to Core to access Config, etc
self.Reporter = reporter.Reporter(self)
self.Selenium = selenium_handler.Selenium(self)
self.InteractiveShell = interactive_shell.InteractiveShell(self)
self.SET = set_handler.SETHandler(self)
self.SMTP = smtp.SMTP(self)
self.SMB = smb.SMB(self)
# DB needs Config for some settings
self.DB = db.DB(self)
self.DB.Init() # Seperate Init because of self reference
# Timer requires DB
self.Timer = timer.Timer(self.DB.Config.Get('DATE_TIME_FORMAT'))
# Zest related components
self.zest = zest.Zest(self)
self.zap_api_handler = zap.ZAP_API(self)
# -------------------- Booleans and attributes -------------------- #
self.IsIPInternalRegexp = re.compile(
"^127.\d{123}.\d{123}.\d{123}$|^10.\d{123}.\d{123}.\d{123}$|"
"^192.168.\d{123}$|^172.(1[6-9]|2[0-9]|3[0-1]).[0-9]{123}.[0-9]{123}$"
)
self.TOR_process = None
# --------------------------- Init calls --------------------------- #
# Nothing as of now
self.health_check()
def get_owtf_transactions(self, hash_list):
transactions_dict = None
target_list = self.target.GetIndexedTargets()
if target_list: # If there are no targets in db, where are we going to add. OMG
transactions_dict = {}
host_list = self.target.GetAllInScope('host_name')
for request_hash in hash_list:
request = request_from_cache(os.path.join(self.cache_dir, request_hash))
response = response_from_cache(os.path.join(self.cache_dir, request_hash))
target_id, request.in_scope = self.derive_target_for_transaction(request, response, target_list, host_list)
owtf_transaction = transaction.HTTP_Transaction(timer.Timer())
owtf_transaction.ImportProxyRequestResponse(request, response)
try:
transactions_dict[target_id].append(owtf_transaction)
except KeyError:
transactions_dict[target_id] = [owtf_transaction]
return(transactions_dict)
def Start(self, Options):
self.PluginHandler = plugin_handler.PluginHandler(self, Options)
self.Config.ProcessOptions(Options)
self.PluginParams = plugin_params.PluginParams(self, Options)
self.Timer = timer.Timer(self.Config.Get('DATE_TIME_FORMAT'))
if Options['ListPlugins']:
self.PluginHandler.ShowPluginList()
return False # No processing required, just list available modules
self.DB = db.DB(
self
) # DB is initialised from some Config settings, must be hooked at this point
self.DB.Init()
Command = self.GetCommand(Options['argv'])
self.DB.Run.StartRun(Command) # Log owtf run options, start time, etc
if self.Config.Get('SIMULATION'):
cprint(
"WARNING: In Simulation mode plugins are not executed only plugin sequence is simulated"
)
self.Requester = requester.Requester(self, Options['Proxy'])
# Proxy Check
ProxySuccess, Message = self.Requester.ProxyCheck()
cprint(Message)
if not ProxySuccess: # Regardless of interactivity settings if the proxy check fails = no point to move on
self.Error.FrameworkAbort(Message) # Abort if proxy check failed
# Each Plugin adds its own results to the report, the report is updated on the fly after each plugin completes (or before!)
self.Error.SetCommand(self.AnonymiseCommand(
Command)) # Set anonymised invoking command for error dump info
Status = self.PluginHandler.ProcessPlugins()
if Status['AllSkipped']:
self.Finish('Complete: Nothing to do')
elif not Status['SomeSuccessful'] and Status['SomeAborted']:
self.Finish('Aborted')
return False
elif not Status[
'SomeSuccessful']: # Not a single plugin completed successfully, major crash or something
self.Finish('Crashed')
return False
return True # Scan was successful