def __init__(self, torNodes): BasePlugin.__init__(self, torNodes, 'w3afPlugin') self.info("[*] w3afPlugin Initialized!") self.w3afCorePlugin = w3afCore() self.w3afCorePlugin.plugins.init_plugins() self.w3afCorePlugin.plugins.zero_enabled_plugins() self.miscSettings = MiscSettings()
def save_current_to_profile(self, profile_name, prof_desc='', prof_path='', self_contained=False): """ Save the current configuration of the core to the profile called profile_name. :return: The new profile instance if the profile was successfully saved. Otherwise raise a BaseFrameworkException. """ # Open the already existing profile new_profile = profile(profile_name, workdir=os.path.dirname(prof_path)) # shortcut w3af_plugins = self._w3af_core.plugins # Save the enabled plugins for plugin_type in w3af_plugins.get_plugin_types(): enabled_plugins = [] for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type): enabled_plugins.append(plugin_name) new_profile.set_enabled_plugins(plugin_type, enabled_plugins) # Save the plugin options for plugin_type in w3af_plugins.get_plugin_types(): for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type): plugin_options = w3af_plugins.get_plugin_options( plugin_type, plugin_name) if plugin_options: new_profile.set_plugin_options( plugin_type, plugin_name, plugin_options, self_contained=self_contained) # Save the profile targets targets = cf.cf.get('targets') if targets: new_profile.set_target(' , '.join(t.url_string for t in targets)) # Save the misc and http settings misc_settings = MiscSettings() new_profile.set_misc_settings(misc_settings.get_options()) new_profile.set_http_settings( self._w3af_core.uri_opener.settings.get_options()) # Save the profile name and description new_profile.set_desc(prof_desc) new_profile.set_name(profile_name) # Save the profile to the file new_profile.save(profile_name) return new_profile
def save_current_to_profile(self, profile_name, prof_desc='', prof_path='', self_contained=False): """ Save the current configuration of the core to the profile called profile_name. :return: The new profile instance if the profile was successfully saved. Otherwise raise a BaseFrameworkException. """ # Open the already existing profile new_profile = profile(profile_name, workdir=os.path.dirname(prof_path)) # shortcut w3af_plugins = self._w3af_core.plugins # Save the enabled plugins for plugin_type in w3af_plugins.get_plugin_types(): enabled_plugins = [] for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type): enabled_plugins.append(plugin_name) new_profile.set_enabled_plugins(plugin_type, enabled_plugins) # Save the plugin options for plugin_type in w3af_plugins.get_plugin_types(): for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type): plugin_options = w3af_plugins.get_plugin_options(plugin_type, plugin_name) if plugin_options: new_profile.set_plugin_options(plugin_type, plugin_name, plugin_options, self_contained=self_contained) # Save the profile targets targets = cf.cf.get('targets') if targets: new_profile.set_target(' , '.join(t.url_string for t in targets)) # Save the misc and http settings misc_settings = MiscSettings() new_profile.set_misc_settings(misc_settings.get_options()) new_profile.set_http_settings( self._w3af_core.uri_opener.settings.get_options()) # Save the profile name and description new_profile.set_desc(prof_desc) new_profile.set_name(profile_name) # Save the profile to the file new_profile.save(profile_name) return new_profile
def setUp(self): self.kb.cleanup() self.w3afcore = w3afCore() self.misc_settings = MiscSettings() self.request_callback_call_count = 0 self.request_callback_match = 0 if self.MOCK_RESPONSES: httpretty.reset() httpretty.enable() try: url = URL(self.target_url) except ValueError, ve: msg = ('When using MOCK_RESPONSES you need to set the' ' target_url attribute to a valid URL, exception was:' ' "%s".') raise Exception(msg % ve) domain = url.get_domain() proto = url.get_protocol() port = url.get_port() self._register_httpretty_uri(proto, domain, port)
def get_misc_settings(self): """ Get the misc settings options. :return: The misc settings in an OptionList """ from w3af.core.controllers.misc_settings import MiscSettings misc_settings = MiscSettings() return self._get_x_settings('misc-settings', misc_settings)
def __init__(self, torNodes=[]): BasePlugin.__init__(self, torNodes, 'w3afPlugin') self.setPluginDetails('w3afPlugin', 'Plugin to load the W3AF context in Tortazo. You can execute W3AF against the TOR deep web.', '1.0', 'Adastra: @jdaanial') if len(torNodes) > 0: self.info("[*] w3afPlugin Initialized!") self.w3afCorePlugin = w3afCore() self.w3afCorePlugin.plugins.init_plugins() self.w3afCorePlugin.plugins.zero_enabled_plugins() self.miscSettings = MiscSettings()
def test_basic(self): opt_lst = MiscSettings().get_options() for opt in opt_lst: self.assertIn(opt.get_type(), OPTION_TYPES) self.assertTrue(opt.get_name()) self.assertEqual(opt, opt) # Just verify that this doesn't crash and that the types # are correct self.assertIsInstance(opt.get_name(), basestring) self.assertIsInstance(opt.get_desc(), basestring) self.assertIsInstance(opt.get_type(), basestring) self.assertIsInstance(opt.get_help(), basestring) self.assertIsInstance(opt.get_value_str(), basestring)
def __init__(self, name, console, core, parent=None): menu.__init__(self, name, console, core, parent) self._load_help('root') # At first, there is no scan thread self._scan_thread = None mapDict(self.addChild, { 'plugins': pluginsMenu, 'target': (ConfigMenu, self._w3af.target), 'misc-settings': (ConfigMenu, MiscSettings()), 'http-settings': (ConfigMenu, self._w3af.uri_opener.settings), 'profiles': ProfilesMenu, 'bug-report': bug_report_menu, 'exploit': exploit, 'kb': kbMenu })
def use_profile(self, profile_name, workdir=None): """ Gets all the information from the profile and stores it in the w3af core plugins / target attributes for later use. :raise BaseFrameworkException: if the profile to load has some type of problem, or the plugins are incorrectly configured. """ error_messages = [] # Clear all the current configuration before loading a new profile self._w3af_core.plugins.zero_enabled_plugins() MiscSettings().set_default_values() self._w3af_core.uri_opener.settings.set_default_values() if profile_name is None: # If the profile name is None, I just clear the enabled plugins and # return return # This might raise an exception (which we don't want to handle) when # the profile does not exist profile_inst = profile(profile_name, workdir) # It exists, work with it! # Set the target settings of the profile to the core self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings try: profile_misc_settings = profile_inst.get_misc_settings() except BaseFrameworkException, e: msg = ('Setting the framework misc-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e)
try: profile_misc_settings = profile_inst.get_misc_settings() except BaseFrameworkException, e: msg = ('Setting the framework misc-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # if 'local_ip_address' in profile_inst.get_misc_settings(): local_ip = get_local_ip() profile_misc_settings['local_ip_address'].set_value(local_ip) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) try: http_settings = profile_inst.get_http_settings() except BaseFrameworkException, e: msg = ('Setting the framework http-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: self._w3af_core.uri_opener.settings.set_options(http_settings) # # Handle plugin options # error_fmt = ('The profile you are trying to load (%s) seems to be'
def use_profile(self, profile_name, workdir=None): """ Gets all the information from the profile and stores it in the w3af core plugins / target attributes for later use. :raise BaseFrameworkException: if the profile to load has some type of problem, or the plugins are incorrectly configured. """ # Clear all enabled plugins if profile_name is None if profile_name is None: self._w3af_core.plugins.zero_enabled_plugins() return # This might raise an exception (which we don't want to handle) when # the profile does not exist profile_inst = profile(profile_name, workdir) # It exists, work with it! # Set the target settings of the profile to the core self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # profile_misc_settings = profile_inst.get_misc_settings() if "local_ip_address" in profile_inst.get_misc_settings(): profile_misc_settings["local_ip_address"].set_value(get_local_ip()) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) self._w3af_core.uri_opener.settings.set_options(profile_inst.get_http_settings()) # # Handle plugin options # error_fmt = ( "The profile you are trying to load (%s) seems to be" " outdated, this is a common issue which happens when the" " framework is updated and one of its plugins adds/removes" " one of the configuration parameters referenced by a" " profile, or the plugin is removed all together.\n\n" "The profile was loaded but some of your settings might" " have been lost. This is the list of issues that were" " found:\n\n" " - %s\n" "\nWe recommend you review the specific plugin" " configurations, apply the required changes and save" " the profile in order to update it and avoid this" " message. If this warning does not disappear you can" " manually edit the profile file to fix it." ) error_messages = [] core_set_plugins = self._w3af_core.plugins.set_plugins for plugin_type in self._w3af_core.plugins.get_plugin_types(): plugin_names = profile_inst.get_enabled_plugins(plugin_type) # Handle errors that might have been triggered from a possibly # invalid profile try: unknown_plugins = core_set_plugins(plugin_names, plugin_type, raise_on_error=False) except KeyError: msg = 'The profile references the "%s" plugin type which is' " unknown to the w3af framework." error_messages.append(msg % plugin_type) continue for unknown_plugin in unknown_plugins: msg = 'The profile references the "%s.%s" plugin which is' " unknown in the current framework version." error_messages.append(msg % (plugin_type, unknown_plugin)) # Now we set the plugin options, which can also trigger errors with # "outdated" profiles that users could have in their ~/.w3af/ # directory. for plugin_name in set(plugin_names) - set(unknown_plugins): try: plugin_options = profile_inst.get_plugin_options(plugin_type, plugin_name) self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options) except BaseFrameworkException, w3e: msg = ( 'Setting the options for plugin "%s.%s" raised an' " exception due to unknown or invalid configuration" " parameters. %s" ) error_messages.append(msg % (plugin_type, plugin_name, w3e))
try: profile_misc_settings = profile_inst.get_misc_settings() except BaseFrameworkException, e: msg = ('Setting the framework misc-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # if 'local_ip_address' in profile_inst.get_misc_settings(): local_ip = get_local_ip() profile_misc_settings['local_ip_address'].set_value(local_ip) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) try: http_settings = profile_inst.get_http_settings() except BaseFrameworkException, e: msg = ('Setting the framework http-settings raised an exception' ' due to unknown or invalid configuration parameters. %s') error_messages.append(msg % e) else: self._w3af_core.uri_opener.settings.set_options(http_settings) # # Handle plugin options # error_fmt = (
def use_profile(self, profile_name, workdir=None): """ Gets all the information from the profile and stores it in the w3af core plugins / target attributes for later use. @raise BaseFrameworkException: if the profile to load has some type of problem. """ # Clear all enabled plugins if profile_name is None if profile_name is None: self._w3af_core.plugins.zero_enabled_plugins() return # This might raise an exception (which we don't want to handle) when # the profile does not exist profile_inst = profile(profile_name, workdir) # It exists, work with it! # Set the target settings of the profile to the core self._w3af_core.target.set_options(profile_inst.get_target()) # Set the misc and http settings # # IGNORE the following parameters from the profile: # - misc_settings.local_ip_address # profile_misc_settings = profile_inst.get_misc_settings() if 'local_ip_address' in profile_inst.get_misc_settings(): profile_misc_settings['local_ip_address'].set_value(get_local_ip()) misc_settings = MiscSettings() misc_settings.set_options(profile_misc_settings) self._w3af_core.uri_opener.settings.set_options( profile_inst.get_http_settings()) # # Handle plugin options # error_fmt = ('The profile you are trying to load (%s) seems to be' ' outdated, this is a common issue which happens when the' ' framework is updated and one of its plugins adds/removes' ' one of the configuration parameters referenced by a profile' ', or the plugin is removed all together.\n\n' 'The profile was loaded but some of your settings might' ' have been lost. This is the list of issues that were found:\n\n' ' - %s\n' '\nWe recommend you review the specific plugin configurations,' ' apply the required changes and save the profile in order' ' to update it and avoid this message. If this warning does not' ' disappear you can manually edit the profile file to fix it.') error_messages = [] for plugin_type in self._w3af_core.plugins.get_plugin_types(): plugin_names = profile_inst.get_enabled_plugins(plugin_type) # Handle errors that might have been triggered from a possibly # invalid profile try: unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names, plugin_type, raise_on_error=False) except KeyError: msg = 'The profile references the "%s" plugin type which is'\ ' unknown to the w3af framework.' error_messages.append(msg % plugin_type) continue for unknown_plugin in unknown_plugins: msg = 'The profile references the "%s.%s" plugin which is unknown.' error_messages.append(msg % (plugin_type, unknown_plugin)) # Now we set the plugin options, which can also trigger errors with "outdated" # profiles that users could have in their ~/.w3af/ directory. for plugin_name in set(plugin_names) - set(unknown_plugins): try: plugin_options = profile_inst.get_plugin_options( plugin_type, plugin_name) self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options) except BaseFrameworkException, w3e: msg = 'Setting the options for plugin "%s.%s" raised an' \ ' exception due to unknown or invalid configuration' \ ' parameters.' msg += ' ' + str(w3e) error_messages.append(msg % (plugin_type, plugin_name))
class w3afPlugin(BasePlugin): ''' Class to implement a simple plugin which prints the TOR Data structure. ''' def __init__(self, torNodes=[]): BasePlugin.__init__(self, torNodes, 'w3afPlugin') self.setPluginDetails('w3afPlugin', 'Plugin to load the W3AF context in Tortazo. You can execute W3AF against the TOR deep web.', '1.0', 'Adastra: @jdaanial') if len(torNodes) > 0: self.info("[*] w3afPlugin Initialized!") self.w3afCorePlugin = w3afCore() self.w3afCorePlugin.plugins.init_plugins() self.w3afCorePlugin.plugins.zero_enabled_plugins() self.miscSettings = MiscSettings() def __del__(self): if len(self.torNodes) > 0: self.info("[*] w3afPlugin Destroyed!") ''' PLUGIN MANAGEMENT FUNCTIONS. ''' def showPluginsByType(self, type): pluginByType = self.w3afCorePlugin.plugins.get_plugin_list(type) tablePlugins = PrettyTable(["[*] Plugins for %s "%(type)]) for plugin in pluginByType: tablePlugins.add_row([plugin]) print tablePlugins def showPluginTypes(self): types = self.w3afCorePlugin.plugins.get_plugin_types() tableTypes = PrettyTable(["[*] Plugin Types"]) for plugin in types: tableTypes.add_row([plugin]) print tableTypes def getEnabledPluginsByType(self, type): enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type) tableTypes = PrettyTable(["[*] Enabled plugins by type %s" %(type)]) for plugin in enabled: tableTypes.add_row([plugin]) print tableTypes def getPluginTypeDescription(self, type): tableTypes = PrettyTable(["[*] Type %s" %(type)]) tableTypes.add_row([self.w3afCorePlugin.plugins.get_plugin_type_desc(type)]) print tableTypes def getAllEnabledPlugins(self): enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins() tableTypes = PrettyTable(["Type", "Plugins" ]) for type in enabledPlugins.keys(): tableTypes.add_row([type,enabledPlugins[type]]) print tableTypes def enablePlugin(self, pluginName, type): enabled = [pluginName, ] enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins() for plugin in enabledPlugins[type]: enabled.append(plugin) self.w3afCorePlugin.plugins.set_plugins(enabled, type) self.getEnabledPluginsByType(type) def disablePlugin(self,pluginName,type): enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type) if pluginName in enabled: enabled.remove(pluginName) print "[*] Plugin Disabled" self.w3afCorePlugin.plugins.set_plugins(enabled, type) self.getEnabledPluginsByType(type) def enableAllPlugins(self, pluginType): plugins = self.w3afCorePlugin.plugins.get_plugin_list(pluginType) self.w3afCorePlugin.plugins.set_plugins(plugins, pluginType) print "[*] All plugins of type %s has been enabled..." %(pluginType) self.getAllEnabledPlugins() def disableAllPlugins(self, pluginType): self.w3afCorePlugin.plugins.set_plugins([], pluginType) print "[*] All plugins of type %s has been disabled..." %(pluginType) self.getAllEnabledPlugins() def getPluginOptions(self, pluginType, pluginName): optList = self.w3afCorePlugin.plugins.get_plugin_options(pluginType,pluginName) print "[*] Plugin Options for %s " %(pluginName) tablePluginOptions = PrettyTable(["Name","Value", "Type"]) for item in optList._internal_opt_list: tablePluginOptions.add_row([item.get_name(),item.get_value(),item.get_type()]) print tablePluginOptions def setPluginOptions(self, pluginType, pluginName, pluginSettingType, pluginSetting, pluginSettingValue): opt_list = OptionList() opt_list.add( opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting", pluginSettingType) ) print "[*] Setting %s with value %s on Plugin %s ..." %(pluginSetting,pluginSettingValue,pluginName) self.w3afCorePlugin.plugins._plugins_options[pluginType][pluginName] = opt_list print "[*] Done!" def getPluginStatus(self, pluginType, pluginName): enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins() enabled = False for type in enabledPlugins.keys(): if type in pluginType and pluginName in enabledPlugins[type]: enabled = True if enabled: print "[*] The plugin %s status is: ENABLED" %(pluginName) else: print "[*] The plugin %s status is: DISABLED" %(pluginName) ''' ATTACK MANAGEMENT FUNCTIONS. ''' def setTarget(self, url): if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)): options = self.w3afCorePlugin.target.get_options() options['target'].set_value(url) self.w3afCorePlugin.target.set_options(options) print "[*] Target %s configured." %(url) def setTargetDeepWeb(self, url): self.serviceConnector.setSocksProxy() #if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)): options = self.w3afCorePlugin.target.get_options() options['target'].set_value(url) self.w3afCorePlugin.target.set_options(options) print "[*] Target %s configured." %(url) def startAttack(self): print "[*] W3AF Attack Starting..." #print '[*] Starting Attack against: '+str(cf.cf['targets']) self.w3afCorePlugin.plugins.init_plugins() self.w3afCorePlugin.verify_environment() self.w3afCorePlugin.start() #self.w3afCorePlugin.plugins.create_instances() #self.w3afCorePlugin.start() print "[*] W3AF Attack Finished! Check the results using the right functions in this plugin." ''' MISC CONFIGURATION FUNCTIONS ''' def listMiscConfigs(self): optList = self.miscSettings.get_options() print "[*] MiscSettings List" tableMiscOptions = PrettyTable(["Name","Value", "Type"]) for item in optList._internal_opt_list: tableMiscOptions.add_row([item.get_name(),item.get_value(),item.get_type()]) print tableMiscOptions def setMiscConfig(self,setting,value): opt_list = OptionList() opt_list.add( opt_factory(setting, value, "Misc Setting", "string") ) print "[*] Setting %s with value %s on MiscsSettings ..." %(setting,value) if cf.cf.has_key(setting): cf.cf.save(setting, value) print "[*] Done!" self.listMiscConfigs() else: print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()" ''' PROFILE MANAGEMENT FUNCTIONS ''' def listProfiles(self): valid_profiles, invalid_profiles = self.w3afCorePlugin.profiles.get_profile_list() print "[*] List of profiles." print "\n" tableProfiles = PrettyTable(["Description", "Profile File", "Name"]) for profile in valid_profiles: tableProfiles.add_row([profile.get_desc(), profile.get_profile_file(), profile.get_name()]) print tableProfiles def useProfile(self,profileName): print "[*] Loading profile %s " %(profileName) self.w3afCorePlugin.profiles.use_profile(profileName) print "[*] Done!" def createProfileWithCurrentConfig(self, profileName, profileDescription): print "[*] Creating profile %s " %(profileName) profile = self.w3afCorePlugin.profiles.save_current_to_new_profile(profileName, profileDescription) tableProfiles = PrettyTable(["Description","Profile File", "Name"]) tableProfiles.add_row([profile.get_desc(),profile.get_profile_file(),profile.get_name()]) print tableProfiles def modifyProfileWithCurrentConfig(self, profileName, profileDescription): print "[*] Updating profile %s with the current configuration" %(profileName) profile = self.w3afCorePlugin.profiles.save_current_to_profile(profileName,profileDescription) tableProfile = PrettyTable(["Profile File", "Name", "Target", "Description"]) tableProfile.add_row([profile.get_profile_file(), profile.get_name(), profile.get_target(), profile.get_desc()]) print tableProfile def removeProfile(self,profileName): removed = self.w3afCorePlugin.profiles.remove_profile(profileName) if removed: print "[*] Profile %s removed successfully." %(profileName) else: print "[-] Error removing the profile %s. The profile, already Exists?" %(profileName) ''' SHELLS MANAGEMENT FUNCTIONS ''' def listShells(self): shells = kb.get_all_shells() print "[*] List of shells." tableShells = PrettyTable(["Id","OS","System","User","System Name"]) for shell in shells: tableShells.add_row([shell.id, shell.get_remote_os(), shell.get_remote_system(), shell.get_remote_user(), shell.get_remote_system_name()]) print tableShells def executeCommand(self,shellId, command,params): shells = kb.get_all_shells() response = None for shell in shells: if shell.id == shellId and command is not None: response = shell.generic_user_input(command,params) if response is not None: print "[*] Response: %s" %(response) else: print "[-] No response received. Check the shell that you've entered. Exists?" ''' VULNS AND INFO MANAGEMENT FUNCTIONS ''' def listAttackPlugins(self): self.showPluginsByType('attack') def listInfos(self): infos = kb.get_all_infos() print "[*] List of Infos." tableInfos = PrettyTable(["Id","Name","Method","Description","Plugin Name"]) for info in infos: tableInfos.add_row([info.get_id(), info.get_name(), info.get_method(), info.get_desc(), info.get_plugin_name()]) print tableInfos def listVulnerabilities(self): vulns = kb.get_all_vulns() print "[*] List of Vulns." tableVulns = PrettyTable(["Severity","Description"]) for vuln in vulns: tableVulns.add_row([vuln.get_severity(),vuln.get_desc()]) print tableVulns def exploitAllVulns(self,pluginExploit): print "[*] Checking the vulnerability and plugin to exploit..." pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst('attack',pluginExploit) for vuln in kb.get_all_vulns(): if vuln.get_id() is not None: shells = pluginAttack.exploit(vuln.get_id()) for shell in shells: print "Shell Generated %s " %(shell.id) print "[*] Exploit vulnerability finished." def exploitVuln(self,pluginExploit,vulnId): print "[*] Checking the vulnerability and plugin to exploit..." pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst('attack',pluginExploit) for vuln in kb.get_all_vulns(): if vuln.get_id() is not None: if int(vulnId) in vuln.get_id(): shells = pluginAttack.exploit(vuln.get_id()) for shell in shells: print "Shell Generated %s " %(shell.id) print "[*] Exploit vulnerability finished." def help(self): print "[*] Functions availaible in the Plugin..." print "[*] Plugin Management Functions" tableHelpPlugins = PrettyTable(["Function", "Description", "Example"]) tableHelpPlugins.padding_width = 1 tableHelpPlugins.add_row(['help', 'Help Banner', 'self.help()']) tableHelpPlugins.add_row(['printRelaysFound', 'Table with the relays found.', 'self.printRelaysFound()']) tableHelpPlugins.add_row(['showPluginsByType', 'List of available plugins filtered by type.', 'self.showPluginsByType("audit")']) tableHelpPlugins.add_row(['showPluginTypes', 'List of available plugin types.', 'self.showPluginTypes()']) tableHelpPlugins.add_row(['getEnabledPluginsByType', 'Enabled plugins by types.', 'self.getEnabledPluginsByType("audit")']) tableHelpPlugins.add_row(['getPluginTypeDescription', 'Description for the plugin type specified.', 'self.getPluginTypeDescription("audit")']) tableHelpPlugins.add_row(['getAllEnabledPlugins', 'List of enabled plugins.', 'self.getAllEnabledPlugins()']) tableHelpPlugins.add_row(['enablePlugin', 'Enable a plugin.', 'self.enablePlugin("blind_sqli","audit")']) tableHelpPlugins.add_row(['disablePlugin', 'Disable a plugin.', 'self.disablePlugin("blind_sqli","audit")']) tableHelpPlugins.add_row(['enableAllPlugins', 'Enable all plugins.', 'self.enableAllPlugins("audit")']) tableHelpPlugins.add_row(['disableAllPlugins', 'Disable all plugins.', 'self.disableAllPlugins("audit")']) tableHelpPlugins.add_row(['getPluginOptions', 'Get Options for the plugin specified.', 'self.getPluginOptions("audit","blind_sqli")']) tableHelpPlugins.add_row(['setPluginOptions', 'Set Options for the plugin specified.', 'self.setPluginOptions("audit","eval","boolean","use_time_delay","False")']) tableHelpPlugins.add_row(['getPluginStatus', 'Check if the specified plugin is enabled.', 'self.getPluginStatus("audit","eval")']) print tableHelpPlugins print "\n" print "[*] Attack Functions" tableHelpAttack = PrettyTable(["Function", "Description", "Example"]) tableHelpAttack.add_row(['setTarget', 'Sets the target for the attack (clear web)', 'self.setTarget("http://www.target.com")']) tableHelpAttack.add_row(['setTargetDeepWeb', 'Sets the target in the DeepWeb of TOR.', 'self.setTarget("http://torlongonionpath.onion")']) tableHelpAttack.add_row(['startAttack', 'Starts the attack.', 'self.startAttack()']) print tableHelpAttack print "\n" print "[*] Misc Settings Functions" tableHelpMiscSettings = PrettyTable(["Function", "Description", "Example"]) tableHelpMiscSettings.add_row(['listMiscConfigs', 'List of Misc Settings', 'self.listMiscConfigs()']) tableHelpMiscSettings.add_row(['setMiscConfig', 'Sets a Misc Settings', 'self.setMiscConfig("msf_location","/opt/msf")']) print tableHelpMiscSettings print "\n" print "[*] Profile Management Functions" tableHelpMiscSettings = PrettyTable(["Function", "Description", "Example"]) tableHelpMiscSettings.add_row(['listProfiles', 'List of Profiles', 'self.listProfiles()']) tableHelpMiscSettings.add_row(['useProfile', 'Use a Profile', 'self.useProfile("profileName")']) tableHelpMiscSettings.add_row(['createProfileWithCurrentConfig', 'Creates a new Profile with the current settings', 'self.createProfileWithCurrentConfig("profileName", "Profile Description")']) tableHelpMiscSettings.add_row(['modifyProfileWithCurrentConfig', 'Modifies an existing profile with the current settings', 'self.modifyProfileWithCurrentConfig("profileName", "Profile Description")']) tableHelpMiscSettings.add_row(['removeProfile', 'Removes an existing profile', 'self.removeProfile("profileName")']) print tableHelpMiscSettings print "\n" print "[*] Shell Management Functions" tableHelpShells = PrettyTable(["Function", "Description", "Example"]) tableHelpShells.add_row(['listShells', 'List of Shells', 'self.listShells()']) tableHelpShells.add_row(['executeCommand', 'Executes a command in the specified shell', 'self.executeCommand(1,"lsp")']) print tableHelpShells print "\n" print "[*] Vulns and Info Management Functions" tableHelpShells = PrettyTable(["Function", "Description", "Example"]) tableHelpShells.add_row(['listAttackPlugins', 'List of attack plugins.', 'self.listAttackPlugins()']) tableHelpShells.add_row(['listInfos', 'List of Infos in the Knowledge Base of W3AF', 'self.listInfos()']) tableHelpShells.add_row(['listVulnerabilities', 'List of Vulns in the Knowledge Base of W3AF', 'self.listVulnerabilities()']) tableHelpShells.add_row(['exploitAllVulns', 'Exploits all vulns in the Knowledge Base of W3AF', 'self.exploitVulns("sqli")']) tableHelpShells.add_row(['exploitVuln', 'Exploits the specified Vuln in the Knowledge Base of W3AF', 'self.exploitVulns("sqli",18)']) print tableHelpShells
def setUp(self): MiscSettings().set_default_values() create_temp_dir() self.vdb = VariantDB()
class w3afPlugin(BasePlugin): ''' Class to implement a simple plugin which prints the TOR Data structure. ''' def __init__(self, torNodes): BasePlugin.__init__(self, torNodes, 'w3afPlugin') self.info("[*] w3afPlugin Initialized!") self.w3afCorePlugin = w3afCore() self.w3afCorePlugin.plugins.init_plugins() self.w3afCorePlugin.plugins.zero_enabled_plugins() self.miscSettings = MiscSettings() def __del__(self): self.info("[*] w3afPlugin Destroyed!") ''' PLUGIN MANAGEMENT FUNCTIONS. ''' def showPluginsByType(self, type): pluginByType = self.w3afCorePlugin.plugins.get_plugin_list(type) tablePlugins = PrettyTable(["[*] Plugins for %s " % (type)]) for plugin in pluginByType: tablePlugins.add_row([plugin]) print tablePlugins def showPluginTypes(self): types = self.w3afCorePlugin.plugins.get_plugin_types() tableTypes = PrettyTable(["[*] Plugin Types"]) for plugin in types: tableTypes.add_row([plugin]) print tableTypes def getEnabledPluginsByType(self, type): enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type) tableTypes = PrettyTable(["[*] Enabled plugins by type %s" % (type)]) for plugin in enabled: tableTypes.add_row([plugin]) print tableTypes def getPluginTypeDescription(self, type): tableTypes = PrettyTable(["[*] Type %s" % (type)]) tableTypes.add_row( [self.w3afCorePlugin.plugins.get_plugin_type_desc(type)]) print tableTypes def getAllEnabledPlugins(self): enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins() tableTypes = PrettyTable(["Type", "Plugins"]) for type in enabledPlugins.keys(): tableTypes.add_row([type, enabledPlugins[type]]) print tableTypes def enablePlugin(self, pluginName, type): enabled = [ pluginName, ] enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins() for plugin in enabledPlugins[type]: enabled.append(plugin) self.w3afCorePlugin.plugins.set_plugins(enabled, type) self.getEnabledPluginsByType(type) def disablePlugin(self, pluginName, type): enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type) if pluginName in enabled: enabled.remove(pluginName) print "[*] Plugin Disabled" self.w3afCorePlugin.plugins.set_plugins(enabled, type) self.getEnabledPluginsByType(type) def enableAllPlugins(self, pluginType): plugins = self.w3afCorePlugin.plugins.get_plugin_list(pluginType) self.w3afCorePlugin.plugins.set_plugins(plugins, pluginType) print "[*] All plugins of type %s has been enabled..." % (pluginType) self.getAllEnabledPlugins() def disableAllPlugins(self, pluginType): self.w3afCorePlugin.plugins.set_plugins([], pluginType) print "[*] All plugins of type %s has been disabled..." % (pluginType) self.getAllEnabledPlugins() def getPluginOptions(self, pluginType, pluginName): optList = self.w3afCorePlugin.plugins.get_plugin_options( pluginType, pluginName) print "[*] Plugin Options for %s " % (pluginName) tablePluginOptions = PrettyTable(["Name", "Value", "Type"]) for item in optList._internal_opt_list: tablePluginOptions.add_row( [item.get_name(), item.get_value(), item.get_type()]) print tablePluginOptions def setPluginOptions(self, pluginType, pluginName, pluginSettingType, pluginSetting, pluginSettingValue): opt_list = OptionList() opt_list.add( opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting", pluginSettingType)) print "[*] Setting %s with value %s on Plugin %s ..." % ( pluginSetting, pluginSettingValue, pluginName) self.w3afCorePlugin.plugins._plugins_options[pluginType][ pluginName] = opt_list print "[*] Done!" def getPluginStatus(self, pluginType, pluginName): enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins() enabled = False for type in enabledPlugins.keys(): if type in pluginType and pluginName in enabledPlugins[type]: enabled = True if enabled: print "[*] The plugin %s status is: ENABLED" % (pluginName) else: print "[*] The plugin %s status is: DISABLED" % (pluginName) ''' ATTACK MANAGEMENT FUNCTIONS. ''' def setTarget(self, url): if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)): options = self.w3afCorePlugin.target.get_options() options['target'].set_value(url) self.w3afCorePlugin.target.set_options(options) print "[*] Target %s configured." % (url) def setTargetDeepWeb(self, url): self.setSocksProxy() #if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)): options = self.w3afCorePlugin.target.get_options() options['target'].set_value(url) self.w3afCorePlugin.target.set_options(options) print "[*] Target %s configured." % (url) def startAttack(self): print "[*] W3AF Attack Starting..." #print '[*] Starting Attack against: '+str(cf.cf['targets']) self.w3afCorePlugin.plugins.init_plugins() self.w3afCorePlugin.verify_environment() self.w3afCorePlugin.start() #self.w3afCorePlugin.plugins.create_instances() #self.w3afCorePlugin.start() print "[*] W3AF Attack Finished! Check the results using the right functions in this plugin." ''' MISC CONFIGURATION FUNCTIONS ''' def listMiscConfigs(self): optList = self.miscSettings.get_options() print "[*] MiscSettings List" tableMiscOptions = PrettyTable(["Name", "Value", "Type"]) for item in optList._internal_opt_list: tableMiscOptions.add_row( [item.get_name(), item.get_value(), item.get_type()]) print tableMiscOptions def setMiscConfig(self, setting, value): opt_list = OptionList() opt_list.add(opt_factory(setting, value, "Misc Setting", "string")) print "[*] Setting %s with value %s on MiscsSettings ..." % (setting, value) if cf.cf.has_key(setting): cf.cf.save(setting, value) print "[*] Done!" self.listMiscConfigs() else: print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()" ''' PROFILE MANAGEMENT FUNCTIONS ''' def listProfiles(self): valid_profiles, invalid_profiles = self.w3afCorePlugin.profiles.get_profile_list( ) print "[*] List of profiles." print "\n" tableProfiles = PrettyTable(["Description", "Profile File", "Name"]) for profile in valid_profiles: tableProfiles.add_row([ profile.get_desc(), profile.get_profile_file(), profile.get_name() ]) print tableProfiles def useProfile(self, profileName): print "[*] Loading profile %s " % (profileName) self.w3afCorePlugin.profiles.use_profile(profileName) print "[*] Done!" def createProfileWithCurrentConfig(self, profileName, profileDescription): print "[*] Creating profile %s " % (profileName) profile = self.w3afCorePlugin.profiles.save_current_to_new_profile( profileName, profileDescription) tableProfiles = PrettyTable(["Description", "Profile File", "Name"]) tableProfiles.add_row([ profile.get_desc(), profile.get_profile_file(), profile.get_name() ]) print tableProfiles def modifyProfileWithCurrentConfig(self, profileName, profileDescription): print "[*] Updating profile %s with the current configuration" % ( profileName) profile = self.w3afCorePlugin.profiles.save_current_to_profile( profileName, profileDescription) tableProfile = PrettyTable( ["Profile File", "Name", "Target", "Description"]) tableProfile.add_row([ profile.get_profile_file(), profile.get_name(), profile.get_target(), profile.get_desc() ]) print tableProfile def removeProfile(self, profileName): removed = self.w3afCorePlugin.profiles.remove_profile(profileName) if removed: print "[*] Profile %s removed successfully." % (profileName) else: print "[-] Error removing the profile %s. The profile, already Exists?" % ( profileName) ''' SHELLS MANAGEMENT FUNCTIONS ''' def listShells(self): shells = kb.get_all_shells() print "[*] List of shells." tableShells = PrettyTable( ["Id", "OS", "System", "User", "System Name"]) for shell in shells: tableShells.add_row([ shell.id, shell.get_remote_os(), shell.get_remote_system(), shell.get_remote_user(), shell.get_remote_system_name() ]) print tableShells def executeCommand(self, shellId, command, params): shells = kb.get_all_shells() response = None for shell in shells: if shell.id == shellId and command is not None: response = shell.generic_user_input(command, params) if response is not None: print "[*] Response: %s" % (response) else: print "[-] No response received. Check the shell that you've entered. Exists?" ''' VULNS AND INFO MANAGEMENT FUNCTIONS ''' def listAttackPlugins(self): self.showPluginsByType('attack') def listInfos(self): infos = kb.get_all_infos() print "[*] List of Infos." tableInfos = PrettyTable( ["Id", "Name", "Method", "Description", "Plugin Name"]) for info in infos: tableInfos.add_row([ info.get_id(), info.get_name(), info.get_method(), info.get_desc(), info.get_plugin_name() ]) print tableInfos def listVulnerabilities(self): vulns = kb.get_all_vulns() print "[*] List of Vulns." tableVulns = PrettyTable(["Severity", "Description"]) for vuln in vulns: tableVulns.add_row([vuln.get_severity(), vuln.get_desc()]) print tableVulns def exploitAllVulns(self, pluginExploit): print "[*] Checking the vulnerability and plugin to exploit..." pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst( 'attack', pluginExploit) for vuln in kb.get_all_vulns(): if vuln.get_id() is not None: shells = pluginAttack.exploit(vuln.get_id()) for shell in shells: print "Shell Generated %s " % (shell.id) print "[*] Exploit vulnerability finished." def exploitVuln(self, pluginExploit, vulnId): print "[*] Checking the vulnerability and plugin to exploit..." pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst( 'attack', pluginExploit) for vuln in kb.get_all_vulns(): if vuln.get_id() is not None: if int(vulnId) in vuln.get_id(): shells = pluginAttack.exploit(vuln.get_id()) for shell in shells: print "Shell Generated %s " % (shell.id) print "[*] Exploit vulnerability finished." def help(self): print "[*] Functions availaible in the Plugin..." print "[*] Plugin Management Functions" tableHelpPlugins = PrettyTable(["Function", "Description", "Example"]) tableHelpPlugins.padding_width = 1 tableHelpPlugins.add_row(['help', 'Help Banner', 'self.help()']) tableHelpPlugins.add_row([ 'printRelaysFound', 'Table with the relays found.', 'self.printRelaysFound()' ]) tableHelpPlugins.add_row([ 'showPluginsByType', 'List of available plugins filtered by type.', 'self.showPluginsByType("audit")' ]) tableHelpPlugins.add_row([ 'showPluginTypes', 'List of available plugin types.', 'self.showPluginTypes()' ]) tableHelpPlugins.add_row([ 'getEnabledPluginsByType', 'Enabled plugins by types.', 'self.getEnabledPluginsByType("audit")' ]) tableHelpPlugins.add_row([ 'getPluginTypeDescription', 'Description for the plugin type specified.', 'self.getPluginTypeDescription("audit")' ]) tableHelpPlugins.add_row([ 'getAllEnabledPlugins', 'List of enabled plugins.', 'self.getAllEnabledPlugins()' ]) tableHelpPlugins.add_row([ 'enablePlugin', 'Enable a plugin.', 'self.enablePlugin("blind_sqli","audit")' ]) tableHelpPlugins.add_row([ 'disablePlugin', 'Disable a plugin.', 'self.disablePlugin("blind_sqli","audit")' ]) tableHelpPlugins.add_row([ 'enableAllPlugins', 'Enable all plugins.', 'self.enableAllPlugins("audit")' ]) tableHelpPlugins.add_row([ 'disableAllPlugins', 'Disable all plugins.', 'self.disableAllPlugins("audit")' ]) tableHelpPlugins.add_row([ 'getPluginOptions', 'Get Options for the plugin specified.', 'self.getPluginOptions("audit","blind_sqli")' ]) tableHelpPlugins.add_row([ 'setPluginOptions', 'Set Options for the plugin specified.', 'self.setPluginOptions("audit","eval","boolean","use_time_delay","False")' ]) tableHelpPlugins.add_row([ 'getPluginStatus', 'Check if the specified plugin is enabled.', 'self.getPluginStatus("audit","eval")' ]) print tableHelpPlugins print "\n" print "[*] Attack Functions" tableHelpAttack = PrettyTable(["Function", "Description", "Example"]) tableHelpAttack.add_row([ 'setTarget', 'Sets the target for the attack (clear web)', 'self.setTarget("http://www.target.com")' ]) tableHelpAttack.add_row([ 'setTargetDeepWeb', 'Sets the target in the DeepWeb of TOR.', 'self.setTarget("http://torlongonionpath.onion")' ]) tableHelpAttack.add_row( ['startAttack', 'Starts the attack.', 'self.startAttack()']) print tableHelpAttack print "\n" print "[*] Misc Settings Functions" tableHelpMiscSettings = PrettyTable( ["Function", "Description", "Example"]) tableHelpMiscSettings.add_row([ 'listMiscConfigs', 'List of Misc Settings', 'self.listMiscConfigs()' ]) tableHelpMiscSettings.add_row([ 'setMiscConfig', 'Sets a Misc Settings', 'self.setMiscConfig("msf_location","/opt/msf")' ]) print tableHelpMiscSettings print "\n" print "[*] Profile Management Functions" tableHelpMiscSettings = PrettyTable( ["Function", "Description", "Example"]) tableHelpMiscSettings.add_row( ['listProfiles', 'List of Profiles', 'self.listProfiles()']) tableHelpMiscSettings.add_row( ['useProfile', 'Use a Profile', 'self.useProfile("profileName")']) tableHelpMiscSettings.add_row([ 'createProfileWithCurrentConfig', 'Creates a new Profile with the current settings', 'self.createProfileWithCurrentConfig("profileName", "Profile Description")' ]) tableHelpMiscSettings.add_row([ 'modifyProfileWithCurrentConfig', 'Modifies an existing profile with the current settings', 'self.modifyProfileWithCurrentConfig("profileName", "Profile Description")' ]) tableHelpMiscSettings.add_row([ 'removeProfile', 'Removes an existing profile', 'self.removeProfile("profileName")' ]) print tableHelpMiscSettings print "\n" print "[*] Shell Management Functions" tableHelpShells = PrettyTable(["Function", "Description", "Example"]) tableHelpShells.add_row( ['listShells', 'List of Shells', 'self.listShells()']) tableHelpShells.add_row([ 'executeCommand', 'Executes a command in the specified shell', 'self.executeCommand(1,"lsp")' ]) print tableHelpShells print "\n" print "[*] Vulns and Info Management Functions" tableHelpShells = PrettyTable(["Function", "Description", "Example"]) tableHelpShells.add_row([ 'listAttackPlugins', 'List of attack plugins.', 'self.listAttackPlugins()' ]) tableHelpShells.add_row([ 'listInfos', 'List of Infos in the Knowledge Base of W3AF', 'self.listInfos()' ]) tableHelpShells.add_row([ 'listVulnerabilities', 'List of Vulns in the Knowledge Base of W3AF', 'self.listVulnerabilities()' ]) tableHelpShells.add_row([ 'exploitAllVulns', 'Exploits all vulns in the Knowledge Base of W3AF', 'self.exploitVulns("sqli")' ]) tableHelpShells.add_row([ 'exploitVuln', 'Exploits the specified Vuln in the Knowledge Base of W3AF', 'self.exploitVulns("sqli",18)' ]) print tableHelpShells