def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._vuln_simple = [] self._vuln_complex = [] self._already_reported = False
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._file_compiled_regex = [] self._error_compiled_regex = [] self._open_basedir = False
def __init__(self): """ Some notes: On apache, when an overflow happends on a cgic script, this is written to the log: *** stack smashing detected ***: /var/www/w3af/bufferOverflow/buffOverflow.cgi terminated, referer: http://localhost/w3af/bufferOverflow/buffOverflow.cgi Premature end of script headers: buffOverflow.cgi, referer: http://localhost/w3af/bufferOverflow/buffOverflow.cgi On apache, when an overflow happends on a cgic script, this is returned to the user: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> <hr> <address>Apache/2.0.55 (Ubuntu) mod_python/3.2.8 Python/2.4.4c1 PHP/5.1.6 Server at localhost Port 80</address> </body></html> Note that this is an apache error 500, not the more common PHP error 500. """ baseAuditPlugin.__init__(self)
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._authURIs = [] self._bad_methods = [ http_constants.UNAUTHORIZED, http_constants.NOT_IMPLEMENTED, http_constants.METHOD_NOT_ALLOWED]
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._already_reported = [] # User configured variables self._diff_ratio = 0.30
def __init__(self): baseAuditPlugin.__init__(self) self._bsqli_response_diff = blind_sqli_response_diff() self._blind_sqli_time_delay = blind_sqli_time_delay() # User configured variables self._equalLimit = 0.9 self._equAlgorithm = 'setIntersection'
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._test_site = 'http://www.w3af.org/' self._script_re = re.compile('< *?script.*?>(.*?)< *?/ *?script *?>', re.IGNORECASE | re.DOTALL ) self._meta_url_re = re.compile('.*?;URL=(.*)', re.IGNORECASE | re.DOTALL)
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._listeType = [] self._compteur = 0 # The level used in the process of clustering self._level = 10
def __init__(self): baseAuditPlugin.__init__(self) # Internal vars self._template_dir = 'plugins' + os.path.sep + 'audit'+ os.path.sep + 'fileUpload' self._file_list = [] # User configured self._extensions = ['gif', 'html', 'bmp', 'jpg', 'png', 'txt']
def __init__(self): baseAuditPlugin.__init__(self) # Some internal variables # The wait time of the unfuzzed request self._original_wait_time = 0 # The wait time of the first test I'm going to perform self._wait_time = 1
def __init__(self): baseAuditPlugin.__init__(self) # Create some random strings, which the plugin will use. # for the fuzz_with_echo self._rnd = createRandAlpha(5) # User configured parameters self._use_time_delay = True self._use_echo = True
def __init__(self): ''' Plugin added just for completeness... I dont really expect to find one of this bugs in my life... but well.... if someone , somewhere in the planet ever finds a bug of using this plugin... THEN my job has been done :P ''' baseAuditPlugin.__init__(self) # Internal variables. self._errors = []
def __init__(self): baseAuditPlugin.__init__(self) # # Some internal variables # self._special_chars = ['', '&&', '|', ';'] # The wait time of the unfuzzed request self._original_wait_time = 0 self._file_compiled_regex = []
def __init__(self): baseAuditPlugin.__init__(self) # Some internal vars # I test this with different URL handlers because the developer may have # blacklisted http:// and https:// but missed ftp://. # I also use hTtp instead of http because I want to evade some (stupid) case sensitive # filters self._test_urls = ('hTtp://w3af.sf.net/', 'htTps://w3af.sf.net/', 'fTp://w3af.sf.net/')
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._error_reported = False # User configured parameters self._rfi_url = '' self._rfi_result = '' self._listen_port = w3afPorts.REMOTEFILEINCLUDE self._listen_address = get_local_ip() or '' self._use_w3af_site = True
def __init__(self): baseAuditPlugin.__init__(self) # Some internal vars self._tag_xpath = etree.XPath("//iframe | //frame") # I test this with different URL handlers because the developer may have # blacklisted http:// and https:// but missed ftp://. # # I also use hTtp instead of http because I want to evade some (stupid) # case sensitive filters self._test_urls = ("hTtp://w3af.sf.net/", "htTps://w3af.sf.net/", "fTp://w3af.sf.net/")
def __init__(self): baseAuditPlugin.__init__(self) # Some internal variables to keep track of remote web application sanitization self._fuzzableRequests = [] self._xssMutants = [] self._special_characters = ['<', '>', '"', "'", '(', ')'] # User configured parameters self._check_stored_xss = True self._number_of_stored_xss_checks = 3 # Used in the message self._xss_tests_length = len( self._get_xss_tests() )
def __init__(self): baseAuditPlugin.__init__(self) # # Some internal variables # self._special_chars = ["", "&&", "|", ";"] # The wait time of the unfuzzed request self._original_wait_time = 0 self._file_compiled_regex = [] # The wait time of the first test I'm going to perform self._wait_time = 4 # The wait time of the second test I'm going to perform (this one is just to be sure!) self._second_wait_time = 9
def __init__(self): baseAuditPlugin.__init__(self) #Create some random strings, which the plugin will use. # for the fuzz_with_echo self._rnd1 = createRandAlpha(5) self._rnd2 = createRandAlpha(5) self._rndn = self._rnd1 + self._rnd2 # And now for the fuzz_with_time_delay # The wait time of the unfuzzed request self._original_wait_time = 0 # The wait time of the first test I'm going to perform self._wait_time = 4 # The wait time of the second test I'm going to perform (this one is just to be sure!) self._second_wait_time = 9 # User configured parameters self._use_time_delay = True self._use_echo = True
def __init__(self): baseAuditPlugin.__init__(self) self._alreadyTested = [] # Config params self._usersFile = 'core'+os.path.sep+'controllers'+os.path.sep+'bruteforce'+os.path.sep+'users.txt' self._passwdFile = 'core'+os.path.sep+'controllers'+os.path.sep+'bruteforce'+os.path.sep+'passwords.txt' self._useMailUsers = True self._useSvnUsers = True self._stopOnFirst = True self._passEqUser = True self._l337_p4sswd = True self._useMails = True self._useProfiling = True self._profilingNumber = 50 # Internal vars self._found = False self._alreadyReported = [] self._bruteforcer = bruteforcer()
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._exec = True
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._already_tested_dirs = scalable_bloomfilter()
def __init__(self): baseAuditPlugin.__init__(self) # Internal vars self._file_list = []
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._already_tested = ScalableBloomFilter() self._stop_on_first = True
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._test_site = 'http://w3af.sourceforge.net/' self._scriptre = re.compile('< *script.*?>(.*)< */ *script *>', re.IGNORECASE | re.DOTALL )
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._errors = []
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._first_run = True self._ignore_next_calls = False
def __init__(self): baseAuditPlugin.__init__(self) # Internal variables self._fuzzable_requests = [] self._file_compiled_regex = []
def __init__(self): baseAuditPlugin.__init__(self)
def __init__(self): baseAuditPlugin.__init__(self) self._already_tested = scalable_bloomfilter() self._min_expire_days = 30 self._ca_file = os.path.join("plugins", "audit", "sslCertificate", "ca.pem")