def get_options(self): """ :return: A list of option objects for this plugin. """ options = [ ('username', self.username, STRING, 'Username for the authentication process'), ('password', self.password, STRING, 'Password for the authentication process'), ('login_form_url', self.login_form_url, URL_OPT, 'The URL where the login form appears'), ('check_url', self.check_url, URL_OPT, 'URL used to verify if the session is active. The plugin sends' ' an HTTP GET request to this URL and asserts if `check_string`' ' is present.'), ('check_string', self.check_string, STRING, 'String to search in the `check_url` page to determine if the' ' session is active.'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3])) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ options = [ ('username', self.username, 'string', 'Username for using in the authentication process'), ('password', self.password, 'string', 'Password for using in the authentication process'), ('username_field', self.username_field, 'string', 'Username parameter name (ie. "uname" if the HTML looks' ' like <input type="text" name="uname">...)'), ('password_field', self.password_field, 'string', 'Password parameter name (ie. "pwd" if the HTML looks' ' like <input type="password" name="pwd">...)'), ('auth_url', self.auth_url, 'url', 'URL where the username and password will be sent using a POST' ' request'), ('check_url', self.check_url, 'url', 'URL used to verify if the session is still active by looking for' ' the check_string.'), ('check_string', self.check_string, 'string', 'String for searching on check_url page to determine if the' 'current session is active.'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3])) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Only crawl links to paths inside the URL given as target.' o = opt_factory('only_forward', self._only_forward, d, BOOL) ol.add(o) d = ('Only crawl links that match this regular expression.' ' Note that ignore_regex has precedence over follow_regex.') o = opt_factory('follow_regex', self._follow_regex, d, REGEX) ol.add(o) d = ('DO NOT crawl links that match this regular expression.' ' Note that ignore_regex has precedence over follow_regex.') o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX) ol.add(o) d = 'DO NOT crawl links that use these extensions.' h = ('This configuration parameter is commonly used to ignore' ' static files such as zip, pdf, jpeg, etc. It is possible to' ' ignore these files using `ignore_regex`, but configuring' ' this parameter is easier and performs case insensitive' ' matching.') o = opt_factory('ignore_extensions', self._ignore_extensions, d, LIST, help=h) ol.add(o) return ol
def test_no_duplicate_vuln_reports(self): # The xml_file plugin had a bug where vulnerabilities were written to # disk multiple times, this test makes sure I fixed that vulnerability # First we create one vulnerability in the KB self.kb.cleanup() desc = 'Just a test for the XML file output plugin.' v = Vuln('SQL injection', desc, severity.HIGH, 1, 'sqli') self.kb.append('sqli', 'sqli', v) self.assertEqual(len(self.kb.get_all_vulns()), 1) # Setup the plugin plugin_instance = xml_file() # Set the output file for the unittest ol = OptionList() d = 'Output file name where to write the XML data' o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE) ol.add(o) # Then we flush() twice to disk, this reproduced the issue plugin_instance.set_options(ol) plugin_instance.flush() plugin_instance.flush() plugin_instance.flush() # Now we parse the vulnerabilities from disk and confirm only one # is there file_vulns = self._from_xml_get_vulns(self.FILENAME) self.assertEqual(len(file_vulns), 1, file_vulns)
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'When comparing, also compare the content of files.' o = opt_factory('content', self._content, d, BOOL) ol.add(o) d = 'The local directory used in the comparison.' o = opt_factory('local_dir', self._local_dir, d, STRING) ol.add(o) d = 'The remote directory used in the comparison.' o = opt_factory('remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE) ol.add(o) d = 'When comparing content of two files, ignore files with these'\ 'extensions.' o = opt_factory('banned_ext', self._ban_url, d, LIST) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Fetch the first "result_limit" results from the bing search' o = opt_factory('result_limit', self._result_limit, d, 'integer') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Enables verbose output for the console' o = opt_factory('verbose', self.verbose, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ d1 = 'Word list to use in the file name brute forcing process.' o1 = opt_factory('wordlist', self._wordlist, d1, 'string') ol = OptionList() ol.add(o1) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Only use the first wnResults (wordnet results) from each category.' o = opt_factory('wn_results', self._wordnet_results, d, 'integer') ol.add(o) return ol
def setPluginOptions(self, pluginType, pluginName, pluginSettingType, pluginSetting, pluginSettingValue): opt_list = OptionList() opt_list.add( opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting", pluginSettingType)) print "[*] Setting %s with value %s on Plugin %s ..." % ( pluginSetting, pluginSettingValue, pluginName) self.w3afCorePlugin.plugins._plugins_options[pluginType][ pluginName] = opt_list print "[*] Done!"
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Skip symfony detection and search for the csrf (mis)protection.' o = opt_factory('override', self._override, d, 'boolean') ol.add(o) return ol
def _get_option_objects(self): """ :return: A list of options for this question. """ self._d1 = 'Is the target web application reachable from the Internet?' o1 = opt_factory(self._d1, True, self._d1, 'boolean') ol = OptionList() ol.add(o1) return ol
def _get_option_objects(self): """ :return: A list of options for this question. """ self._d1 = 'Find other virtual hosts using MSN search' o1 = opt_factory(self._d1, False, self._d1, 'boolean') ol = OptionList() ol.add(o1) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Path to file containing a list of trusted JavaScript domains' o = opt_factory('secure_js_file', self._secure_js_file, d, INPUT_FILE) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ opt_list = OptionList() h1 = 'DNS server of this zone must cache any dns-requests.' opt = opt_factory('dns_zone', self._dns_zone, 'caching wildcard domain zone for resolve detects', 'string', help=h1) opt_list.add(opt) return opt_list
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'URL to download the retirejs database from' o = opt_factory('retire_db_url', self._retire_db_url, d, URL_OPTION) ol.add(o) return ol
def _get_option_objects(self): """ :return: A list of options for this question. """ self._d1 = 'Target URL' o1 = opt_factory('target', 'http://example.com', self._d1, 'url_list') ol = OptionList() ol.add(o1) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'The name of the output file where the HTTP requests will be saved' o = opt_factory('output_file', self.output_file, d, OUTPUT_FILE) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Output file name where to write the XML data' o = opt_factory('output_file', self._file_name, d, OUTPUT_FILE) ol.add(o) return ol
def setMiscConfig(self, setting, value): opt_list = OptionList() opt_list.add(opt_factory(setting, value, "Misc Setting", "string")) print "[*] Setting %s with value %s on MiscsSettings ..." % (setting, value) if cf.cf.has_key(setting): cf.cf.save(setting, value) print "[*] Done!" self.listMiscConfigs() else: print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = ('Vulners API key for extended scanning rate limits.' ' Obtain an API key for free at https://vulners.com/') o = opt_factory('vulners_api_key', self._vulners_api_key, d, STRING) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.' h = 'Don\'t change this unless you read the plugin code.' o = opt_factory('fuzz_images', self._fuzz_images, d, 'boolean', help=h) ol.add(o) return ol
def __init__(self, parentwidg, w3af, plugin, save_btn, rvrt_btn, overwriter=None): super(OnlyOptions, self).__init__() if overwriter is None: overwriter = {} self.set_spacing(5) self.w3af = w3af self.parentwidg = parentwidg self.widgets_status = {} self.tab_widget = {} self.propagAnyWidgetChanged = helpers.PropagateBuffer( self._changedAnyWidget) self.propagLabels = {} self.saved_successfully = False # options self.options = OptionList() options = plugin.get_options() # let's use the info from the core coreopts = self.w3af.plugins.get_plugin_options( plugin.ptype, plugin.pname) if coreopts is None: coreopts = {} # let's get the real info for opt in options: if opt.get_name() in coreopts: opt.set_value(coreopts[opt.get_name()].get_value_str()) if opt.get_name() in overwriter: opt.set_value(overwriter[opt.get_name()]) self.options.append(opt) # buttons save_btn.connect("clicked", self._save_panel, plugin) save_btn.set_sensitive(False) rvrt_btn.set_sensitive(False) rvrt_btn.connect("clicked", self._revertPanel) self.save_btn = save_btn self.rvrt_btn = rvrt_btn # middle (the heart of the panel) if self.options: tabbox = gtk.HBox() heart = self._createNotebook() tabbox.pack_start(heart, expand=True) tabbox.show() self.pack_start(tabbox, expand=True, fill=False) self.show()
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d1 = 'Only search emails for domain of target' o1 = opt_factory('only_target_domain', self._only_target_domain, d1, 'boolean') ol.add(o1) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'If two strings have a diff ratio less than diff_ratio, then they'\ ' are really different.' o = opt_factory('diff_ratio', self._diff_ratio, d, 'float') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Generate a fingerprint file.' h = 'Define if we will generate a fingerprint file based on the'\ ' findings made during this execution.' o = opt_factory('gen_fingerprint', self._gen_fp, d, 'boolean', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Maximum recursion depth for spidering process' h = 'The plugin will spider the archive.org site related to the target' h += ' site with the maximum depth specified in this parameter.' o = opt_factory('max_depth', self._max_depth, d, 'integer', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app' \ ' when doing remote file inclusions. This setting configures on' \ ' what IP address the webserver is going to listen.' o = opt_factory('listen_address', self._listen_address, d, 'ip', help=h) ol.add(o) d = 'Port that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app' \ ' when doing remote file inclusions. This setting configures on' \ ' what IP address the webserver is going to listen.' o = opt_factory('listen_port', self._listen_port, d, 'port', help=h) ol.add(o) d = 'Instead of including a file in a local webserver; include the ' \ ' result of exploiting a XSS bug within the same target site.' o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() targets = ','.join(str(tar) for tar in cf.cf.get('targets')) d = 'A comma separated list of URLs' o = opt_factory('target', targets, d, 'url_list') ol.add(o) d = 'Target operating system (' + '/'.join( self._operating_systems) + ')' h = 'This setting is here to enhance w3af performance.' # This list "hack" has to be done because the default value is the one # in the first position on the list tmp_list = self._operating_systems[:] tmp_list.remove(cf.cf.get('target_os')) tmp_list.insert(0, cf.cf.get('target_os')) o = opt_factory('target_os', tmp_list, d, 'combo', help=h) ol.add(o) d = 'Target programming framework (' + '/'.join( self._programming_frameworks) + ')' h = 'This setting is here to enhance w3af performance.' # This list "hack" has to be done because the default value is the one # in the first position on the list tmp_list = self._programming_frameworks[:] tmp_list.remove(cf.cf.get('target_framework')) tmp_list.insert(0, cf.cf.get('target_framework')) o = opt_factory('target_framework', tmp_list, d, 'combo', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web'\ ' application when doing remote file inclusions. This setting'\ ' configures where the webserver is going to listen for requests.' o = opt_factory('listen_address', self._listen_address, d, STRING, help=h) ol.add(o) d = 'TCP port that the webserver will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, PORT) ol.add(o) d = 'Use w3af site to test for remote file inclusion' h = 'The plugin can use the w3af site to test for remote file'\ ' inclusions, which is convenient when you are performing a test'\ ' behind a NAT firewall.' o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h) ol.add(o) return ol