def _initOptions(self):
'''Init options.'''
self.like_initial = True
self.pref = ConfigOptions(self.w3af, self, 'proxy_options')
# Proxy options
proxyOptions = optionList()
proxyOptions.add(Option('ipport', "localhost:8080", "IP:port","ipport"))
proxyOptions.add(Option('trap', ".*", _("URLs to trap"), "regex"))
proxyOptions.add(Option('methodtrap', "GET,POST", _("Methods to trap"), "list"))
proxyOptions.add(Option("notrap",
".*\.(gif|jpg|png|css|js|ico|swf|axd|tif)$", _("URLs not to trap"), "regex"))
proxyOptions.add(Option("fixlength", True, _("Fix content length"), "boolean"))
proxyOptions.add(comboOption("trap_view", ['Splitted', 'Tabbed'], _("View of Intercept tab"), "combo"))
proxyOptions.add(comboOption("home_tab", ['Intercept', 'History', 'Options'], _("Home tab"), "combo"))
self.pref.addSection('proxy', _('Proxy Options'), proxyOptions)
# HTTP editor options
editorOptions = optionList()
editorOptions.add(Option("wrap", True, _("Wrap long lines"), "boolean"))
editorOptions.add(Option("highlight_current_line", True, _("Highlight current line"), "boolean"))
editorOptions.add(Option("highlight_syntax", True, _("Highlight syntax"), "boolean"))
editorOptions.add(Option("display_line_num", True, _("Display line numbers"), "boolean"))
self.pref.addSection('editor', _('HTTP Editor Options'), editorOptions)
# Load values from configfile
self.pref.loadValues()
self.pref.show()
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
d1 = 'When greping, only search mails for domain of target'
o1 = option('onlyTargetDomain', self._only_target_domain, d1, 'boolean')
ol = optionList()
ol.add(o1)
return ol
def _initFilterBox(self, mainvbox):
"""Init advanced search options."""
self._advSearchBox = gtk.HBox()
self._advSearchBox.set_spacing(self._padding)
self.pref = FilterOptions(self)
# Filter options
self._filterMethods = [
('GET', 'GET', False),
('POST', 'POST', False),
]
filterMethods = optionList()
for method in self._filterMethods:
filterMethods.add(Option(method[0], method[2], method[1], "boolean"))
self.pref.addSection('methods', _('Request Method'), filterMethods)
filterId = optionList()
filterId.add(Option("min", "0", "Min ID", "string"))
filterId.add(Option("max", "0", "Max ID", "string"))
self.pref.addSection('trans_id', _('Transaction ID'), filterId)
filterCodes = optionList()
codes = [
("1xx", "1xx", False),
("2xx", "2xx", False),
("3xx", "3xx", False),
("4xx", "4xx", False),
("5xx", "5xx", False),
]
for code in codes:
filterCodes.add(Option(code[0], code[2], code[1], "boolean"))
self.pref.addSection('codes', _('Response Code'), filterCodes)
filterTags = optionList()
filterTags.add(Option("tag", False, "Tag", "boolean"))
self.pref.addSection('commented', _('Commented'), filterTags)
filterTypes = optionList()
self._filterTypes = [
('html', 'HTML', False),
('javascript', 'JavaScript', False),
('image', 'Images', False),
('flash', 'Flash', False),
('css', 'CSS', False),
('text', 'Text', False),
]
for filterType in self._filterTypes:
filterTypes.add(Option(filterType[0], filterType[2], filterType[1], "boolean"))
self.pref.addSection('types', _('Response Content Type'), filterTypes)
self.pref.show()
self._advSearchBox.pack_start(self.pref, False, False)
self._advSearchBox.hide_all()
mainvbox.pack_start(self._advSearchBox, False, False)
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'A comma separated list of URLs'
o1 = option('target', ','.join(str(tar) for tar in
cf.cf.getData('targets')), d1, 'list')
d2 = 'Target operating system ('+ '/'.join(self._operatingSystems) +')'
h2 = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._operatingSystems[:]
tmpList.remove( cf.cf.getData('targetOS') )
tmpList.insert(0, cf.cf.getData('targetOS') )
o2 = comboOption('targetOS', tmpList, d2, 'combo', help=h2)
d3 = 'Target programming framework ('+ '/'.join(self._programmingFrameworks) +')'
h3 = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._programmingFrameworks[:]
tmpList.remove( cf.cf.getData('targetFramework') )
tmpList.insert(0, cf.cf.getData('targetFramework') )
o3 = comboOption('targetFramework', tmpList, d3, 'combo', help=h3)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'IP address that the webserver will use to receive requests'
h1 = 'w3af runs a webserver to serve the files to the target web app'
h1 += ' when doing remote file inclusions. This setting configures on what IP address the'
h1 += ' webserver is going to listen.'
o1 = option('listenAddress', self._listen_address, d1, 'string', help=h1)
d2 = 'Port that the webserver will use to receive requests'
h2 = 'w3af runs a webserver to serve the files to the target web app'
h2 += ' when doing remote file inclusions. This setting configures on what IP address'
h2 += ' the webserver is going to listen.'
o2 = option('listenPort', self._listen_port, d2, 'integer', help=h2)
d3 = 'Instead of including a file in a local webserver; include the result of'
d3 += ' exploiting a XSS bug.'
o3 = option('useXssBug', self._use_XSS_vuln, d3, 'boolean')
d4 = 'If true, this plugin will try to generate only one shell object.'
o4 = option('generateOnlyOne', self._generateOnlyOne, d4, 'boolean')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'URL to exploit with fastExploit()'
o1 = option('url', self._url, d1, 'string')
d2 = 'Method to use with fastExploit()'
o2 = option('method', self._method, d2, 'string')
d3 = 'Data to send with fastExploit()'
o3 = option('data', self._data, d3, 'string')
d4 = 'The variable in data that holds the file content. Only used in fastExploit()'
o4 = option('fileVars', self._fileVars, d4, 'string')
d5 = 'The URI of the uploaded file. Only used with fastExploit()'
o5 = option('fileDest', self._fileDest, d5, 'string')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d0 = 'If the vulnerability was found in a GET request, try to change the method to POST'
d0 += ' during exploitation.'
h0 = 'If the vulnerability was found in a GET request, try to change the method to POST'
h0 += ' during exploitation; this is usefull for not being logged in the webserver logs.'
o0 = option('changeToPost', self._changeToPost, d0, 'boolean', help=h0)
d1 = 'URL to exploit with fastExploit()'
o1 = option('url', self._url, d1, 'string')
d2 = 'Method to use with fastExploit()'
o2 = option('method', self._method, d2, 'string')
d3 = 'Data to send with fastExploit()'
o3 = option('data', self._data, d3, 'string')
d4 = 'Variable where to inject with fastExploit()'
o4 = option('injvar', self._inj_var, d4, 'string')
d5 = 'Exploit only one vulnerability.'
o5 = option('generateOnlyOne', self._generateOnlyOne, d5, 'boolean')
ol = optionList()
ol.add(o0)
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "A comma separated list of URLs"
o1 = option("target", ",".join(cf.cf.getData("targets")), d1, "list")
d2 = "Target operating system (" + "/".join(self._operatingSystems) + ")"
h2 = "This setting is here to enhance w3af performance."
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._operatingSystems[:]
tmpList.remove(cf.cf.getData("targetOS"))
tmpList.insert(0, cf.cf.getData("targetOS"))
o2 = comboOption("targetOS", tmpList, d2, "combo", help=h2)
d3 = "Target programming framework (" + "/".join(self._programmingFrameworks) + ")"
h3 = "This setting is here to enhance w3af performance."
# This list "hack" has to be done becase the default value is the one
# in the first position on the list
tmpList = self._programmingFrameworks[:]
tmpList.remove(cf.cf.getData("targetFramework"))
tmpList.insert(0, cf.cf.getData("targetFramework"))
o3 = comboOption("targetFramework", tmpList, d3, "combo", help=h3)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "URL to exploit with fastExploit()"
o1 = option("url", self._url, d1, "string")
d2 = "Method to use with fastExploit()"
o2 = option("method", self._method, d2, "string")
d3 = "Data to send with fastExploit()"
o3 = option("data", self._data, d3, "string")
d4 = "The variable in data that holds the file content. Only used in fastExploit()"
o4 = option("fileVars", self._fileVars, d4, "string")
d5 = "The URI of the uploaded file. Only used with fastExploit()"
o5 = option("fileDest", self._fileDest, d5, "string")
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o5)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Stream edition expressions'
h1 = 'Stream edition expressions are strings that tell the sed plugin what to change.'
h1 += ' Sed plugin uses regular expressions, some examples: \n - qh/User/NotLuser/ ;'
h1 += ' This will make sed search in the the re[q]uest [h]eader for the string User'
h1 += ' and replace it with NotLuser.\n - sb/[fF]orm/form ; This will make sed search'
h1 += ' in the re[s]ponse [b]ody for the strings form or Form and replace it with form.'
h1 += ' Multiple expressions can be specified separated by commas.'
o1 = option('expressions', self._expressions, d1, 'list', help=h1)
d2 = 'Fix the content length header after mangling'
o2 = option('fixContentLen', self._user_option_fix_content_len, d2, 'boolean')
d3 = 'Plugin execution priority'
h3 = 'Mangle plugins are ordered using the priority parameter'
o3 = option('priority', self._priority, d3, 'integer', help=h3)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'CGI-BIN dirs where to search for vulnerable scripts.'
h1 = 'Pykto will search for vulnerable scripts in many places, one of them is inside'
h1 += ' cgi-bin directory. The cgi-bin directory can be anything and change from install'
h1 += ' to install, so its a good idea to make this a user setting. The directories should'
h1 += ' be supplied comma separated and with a / at the beggining and one at the end.'
h1 += ' Example: "/cgi/,/cgibin/,/bin/"'
o1 = option('cgiDirs', self._cgi_dirs , d1, 'list', help=h1)
d2 = 'Admin directories where to search for vulnerable scripts.'
h2 = 'Pykto will search for vulnerable scripts in many places, one of them is inside'
h2 += ' administration directories. The admin directory can be anything and change'
h2 += ' from install to install, so its a good idea to make this a user setting. The'
h2 += ' directories should be supplied comma separated and with a / at the beggining and'
h2 += ' one at the end. Example: "/admin/,/adm/"'
o2 = option('adminDirs', self._admin_dirs, d2, 'list', help=h2)
d3 = 'PostNuke directories where to search for vulnerable scripts.'
h3 = 'The directories should be supplied comma separated and with a / at the'
h3 += ' beggining and one at the end. Example: "/forum/,/nuke/"'
o3 = option('nukeDirs', self._nuke, d3, 'list', help=h3)
d4 = 'The path to the nikto scan_databse.db file.'
h4 = 'The default scan database file is ok in most cases.'
o4 = option('dbFile', self._db_file, d4, 'string', help=h4)
d5 = 'Test all files with all root directories'
h5 = 'Define if we will test all files with all root directories.'
o5 = option('mutateTests', self._mutate_tests, d5, 'boolean', help=h5)
d6 = 'Verify that pykto is using the latest scan_database from cirt.net.'
o6 = option('updateScandb', self._update_scandb, d6, 'boolean')
d7 = 'If generic scan is enabled all tests are sent to the remote server without'
d7 += ' checking the server type.'
h7 = 'Pykto will send all tests to the server if generic Scan is enabled. For example,'
h7 += ' if a test in the database is marked as "apache" and the remote server reported'
h7 += ' "iis" then the test is sent anyway.'
o7 = option('genericScan', self._generic_scan, d7, 'boolean', help=h7)
d8 = 'The path to the w3af_scan_databse.db file.'
h8 = 'This is a file which has some extra checks for files that are not present in the'
h8 += ' nikto database.'
o8 = option('extra_db_file', self._extra_db_file, d8, 'string', help=h8)
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
ol.add(o4)
ol.add(o8) # Intentionally out of order
ol.add(o5)
ol.add(o6)
ol.add(o7)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d2 = 'Fetch the first "resultLimit" results from the Google search'
o2 = option('resultLimit', self._resultLimit, d2, 'integer')
ol = optionList()
ol.add(o2)
return ol
def _getOptionObjects(self):
"""
We get here when the user wants to complete this step of the
wizard, and he didn't pressed Previous.
@return: The option objects
"""
ol = optionList()
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Fetch the first "resultLimit" results from the Bing search'
o1 = option('resultLimit', self._resultLimit, d1, 'integer')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Only use the first wnResults (wordnet results) from each category.'
o1 = option('wnResults', self._wordnet_results, d1, 'integer')
ol = optionList()
ol.add(o1)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "File name where this plugin will write to"
o1 = option("fileName", self._file_name, d1, "string")
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'The name of the output file where the HTTP requests will be saved'
o1 = option('output_file', self.output_file, d1, 'string')
ol = optionList()
ol.add(o1)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "Enable if verbose output is needed"
o1 = option("verbose", self.verbose, d1, "boolean")
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'List the pages that don\'t have a MOTW'
o1 = option('withoutMOTW', self._withoutMOTW, d1, 'boolean')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Enable if verbose output is needed'
o1 = option('verbose', self.verbose, d1, 'boolean')
ol = optionList()
ol.add(o1)
return ol
def getOptions(self):
"""
@return: A list of option objects for this plugin.
"""
d1 = "Search for meta tags in 404 pages."
o1 = option("search404", self._search404, d1, "boolean")
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Skip symfony detection and search for the csrf (mis)protection.'
o1 = option('override', self._override, d1, 'boolean')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Search for HTML comments in 404 pages.'
o1 = option('search404', self._search404, d1, 'boolean')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Wordlist to use in the file name bruteforcing process.'
o1 = option('wordlist', self._wordlist , d1, 'string')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'File name where this plugin will write to'
o1 = option('fileName', self._file_name, d1, 'string')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'If two strings have a diff ratio less than diffRatio, then they are '
d1 += '*really* different'
o1 = option('diffRatio', self._diff_ratio, d1, 'float')
ol = optionList()
ol.add(o1)
return ol
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Users file to use in bruteforcing'
o1 = option('usersFile', self._usersFile, d1, 'string')
d2 = 'Passwords file to use in bruteforcing'
o2 = option('passwdFile', self._passwdFile, d2, 'string')
d3 = 'This indicates if we will use usernames from emails collected by w3af plugins in bruteforce.'
o3 = option('useMailUsers', self._useMailUsers, d3, 'boolean')
d4 = 'This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce.'
o4 = option('useSvnUsers', self._useSvnUsers, d4, 'boolean')
d5 = 'This indicates if the bruteforce should stop after finding the first correct user and password.'
o5 = option('stopOnFirst', self._stopOnFirst, d5, 'boolean')
d6 = 'This indicates if the bruteforce should try password equal user in logins.'
o6 = option('passEqUser', self._passEqUser, d6, 'boolean')
d7 = 'This indicates if the bruteforce should try l337 passwords'
o7 = option('useLeetPasswd', self._l337_p4sswd, d7, 'boolean')
d8 = 'This indicates if the bruteforcer should use emails collected by w3af plugins as users.'
o8 = option('useMails', self._useMails, d8, 'boolean')
d9 = 'This indicates if the bruteforce should use password profiling to collect new passwords.'
o9 = option('useProfiling', self._useProfiling, d9, 'boolean')
d10 = 'This indicates how many passwords from profiling will be used.'
o10 = option('profilingNumber', self._profilingNumber, d10, 'integer')
d11 = 'Combo of username and passord, file to use in bruteforcing'
o11 = option('comboFile', self._comboFile, d11, 'string')
d12 = 'Separator string used in Combo file to split username and password'
o12 = option('comboSeparator', self._comboSeparator, d12, 'string')
ol = optionList()
ol.add(o1)
ol.add(o2)
ol.add(o11)
ol.add(o12)
ol.add(o3)
ol.add(o4)
ol.add(o5)
ol.add(o6)
ol.add(o7)
ol.add(o8)
ol.add(o9)
ol.add(o10)
return ol
def getOptions(self):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
h1 = 'Don\'t change this unless you read the plugin code.'
o1 = option('fuzzImages', self._fuzzImages, d1, 'boolean', help=h1)
ol = optionList()
ol.add(o1)
return ol
def _getOptionObjects(self):
"""
@return: A list of options for this question.
"""
self._d1 = "Find other virtual hosts using MSN search"
o1 = option(self._d1, False, self._d1, "boolean")
ol = optionList()
ol.add(o1)
return ol
def getOptions(self):
'''
@return: A list of option objects for this plugin.
'''
d1 = 'The algorithm to use in the comparison of true and false response for blind sql.'
h1 = 'The options are: "stringEq" and "setIntersection". '
h1 += 'Read the long description for details.'
o1 = option('Hierarchical clustering level', self._level, d1, 'integer', help=h1)
ol = optionList()
ol.add(o1)
return ol