コード例 #1
0
ファイル: proxywin.py プロジェクト: 1d3df9903ad/w3af
 def _initOptions(self):
     '''Init options.'''
     self.like_initial = True
     self.pref = ConfigOptions(self.w3af, self, 'proxy_options')
     # Proxy options
     proxyOptions = optionList()
     proxyOptions.add(Option('ipport', "localhost:8080", "IP:port","ipport"))
     proxyOptions.add(Option('trap', ".*", _("URLs to trap"), "regex"))
     proxyOptions.add(Option('methodtrap', "GET,POST", _("Methods to trap"), "list"))
     proxyOptions.add(Option("notrap",
         ".*\.(gif|jpg|png|css|js|ico|swf|axd|tif)$", _("URLs not to trap"), "regex"))
     proxyOptions.add(Option("fixlength", True, _("Fix content length"), "boolean"))
     proxyOptions.add(comboOption("trap_view", ['Splitted', 'Tabbed'], _("View of Intercept tab"), "combo"))
     proxyOptions.add(comboOption("home_tab", ['Intercept', 'History', 'Options'], _("Home tab"), "combo"))
     self.pref.addSection('proxy', _('Proxy Options'), proxyOptions)
     # HTTP editor options
     editorOptions = optionList()
     editorOptions.add(Option("wrap", True, _("Wrap long lines"), "boolean"))
     editorOptions.add(Option("highlight_current_line", True, _("Highlight current line"), "boolean"))
     editorOptions.add(Option("highlight_syntax", True, _("Highlight syntax"), "boolean"))
     editorOptions.add(Option("display_line_num", True, _("Display line numbers"), "boolean"))
     self.pref.addSection('editor', _('HTTP Editor Options'), editorOptions)
     # Load values from configfile
     self.pref.loadValues()
     self.pref.show()
コード例 #2
0
ファイル: getMails.py プロジェクト: DavisHevin/sqli_benchmark
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''    
     ol = optionList()
     d1 = 'When greping, only search mails for domain of target'
     o1 = option('onlyTargetDomain', self._only_target_domain, d1, 'boolean')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #3
0
 def _initFilterBox(self, mainvbox):
     """Init advanced search options."""
     self._advSearchBox = gtk.HBox()
     self._advSearchBox.set_spacing(self._padding)
     self.pref = FilterOptions(self)
     # Filter options
     self._filterMethods = [
             ('GET', 'GET', False),
             ('POST', 'POST', False),
             ]
     filterMethods = optionList()
     for method in self._filterMethods:
         filterMethods.add(Option(method[0], method[2], method[1], "boolean"))
     self.pref.addSection('methods', _('Request Method'), filterMethods)
     filterId = optionList()
     filterId.add(Option("min", "0", "Min ID", "string"))
     filterId.add(Option("max", "0", "Max ID", "string"))
     self.pref.addSection('trans_id', _('Transaction ID'), filterId)
     filterCodes = optionList()
     codes = [
             ("1xx", "1xx", False),
             ("2xx", "2xx", False),
             ("3xx", "3xx", False),
             ("4xx", "4xx", False),
             ("5xx", "5xx", False),
             ]
     for code in codes:
         filterCodes.add(Option(code[0], code[2], code[1], "boolean"))
     self.pref.addSection('codes', _('Response Code'), filterCodes)
     filterTags = optionList()
     filterTags.add(Option("tag", False, "Tag", "boolean"))
     self.pref.addSection('commented', _('Commented'), filterTags)
     filterTypes = optionList()
     self._filterTypes = [
             ('html', 'HTML', False),
             ('javascript', 'JavaScript', False),
             ('image', 'Images', False),
             ('flash', 'Flash', False),
             ('css', 'CSS', False),
             ('text', 'Text', False),
             ]
     for filterType in self._filterTypes:
         filterTypes.add(Option(filterType[0], filterType[2], filterType[1], "boolean"))
     self.pref.addSection('types', _('Response Content Type'), filterTypes)
     self.pref.show()
     self._advSearchBox.pack_start(self.pref, False, False)
     self._advSearchBox.hide_all()
     mainvbox.pack_start(self._advSearchBox, False, False)
コード例 #4
0
ファイル: targetSettings.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''        
        d1 = 'A comma separated list of URLs'
        o1 = option('target', ','.join(str(tar) for tar in 
                                       cf.cf.getData('targets')), d1, 'list')
        
        d2 = 'Target operating system ('+ '/'.join(self._operatingSystems) +')'
        h2 = 'This setting is here to enhance w3af performance.'
        # This list "hack" has to be done becase the default value is the one
        # in the first position on the list
        tmpList = self._operatingSystems[:]
        tmpList.remove( cf.cf.getData('targetOS') )
        tmpList.insert(0, cf.cf.getData('targetOS') )
        o2 = comboOption('targetOS', tmpList, d2, 'combo', help=h2)

        d3 = 'Target programming framework ('+ '/'.join(self._programmingFrameworks) +')'
        h3 = 'This setting is here to enhance w3af performance.'
        # This list "hack" has to be done becase the default value is the one
        # in the first position on the list
        tmpList = self._programmingFrameworks[:]
        tmpList.remove( cf.cf.getData('targetFramework') )
        tmpList.insert(0, cf.cf.getData('targetFramework') )
        o3 = comboOption('targetFramework', tmpList, d3, 'combo', help=h3)
        
        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        return ol
コード例 #5
0
ファイル: findDVCS.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''    

        ol = optionList()
        return ol
コード例 #6
0
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d1 = 'IP address that the webserver will use to receive requests'
        h1 = 'w3af runs a webserver to serve the files to the target web app'
        h1 += ' when doing remote file inclusions. This setting configures on what IP address the'
        h1 += ' webserver is going to listen.'
        o1 = option('listenAddress', self._listen_address, d1, 'string', help=h1)

        d2 = 'Port that the webserver will use to receive requests'
        h2 = 'w3af runs a webserver to serve the files to the target web app'
        h2 += ' when doing remote file inclusions. This setting configures on what IP address'
        h2 += ' the webserver is going to listen.'
        o2 = option('listenPort', self._listen_port, d2, 'integer', help=h2)
        
        d3 = 'Instead of including a file in a local webserver; include the result of'
        d3 += ' exploiting a XSS bug.'
        o3 = option('useXssBug', self._use_XSS_vuln, d3, 'boolean')
        
        d4 = 'If true, this plugin will try to generate only one shell object.'
        o4 = option('generateOnlyOne', self._generateOnlyOne, d4, 'boolean')
        
        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        ol.add(o4)
        return ol
コード例 #7
0
ファイル: fileUploadShell.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d1 = 'URL to exploit with fastExploit()'
        o1 = option('url', self._url, d1, 'string')
        
        d2 = 'Method to use with fastExploit()'
        o2 = option('method', self._method, d2, 'string')

        d3 = 'Data to send with fastExploit()'
        o3 = option('data', self._data, d3, 'string')

        d4 = 'The variable in data that holds the file content. Only used in fastExploit()'
        o4 = option('fileVars', self._fileVars, d4, 'string')

        d5 = 'The URI of the uploaded file. Only used with fastExploit()'
        o5 = option('fileDest', self._fileDest, d5, 'string')
        
        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        ol.add(o4)
        ol.add(o5)
        return ol
コード例 #8
0
ファイル: eval.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d0 = 'If the vulnerability was found in a GET request, try to change the method to POST'
        d0 += ' during exploitation.'
        h0 = 'If the vulnerability was found in a GET request, try to change the method to POST'
        h0 += ' during exploitation; this is usefull for not being logged in the webserver logs.'
        o0 = option('changeToPost', self._changeToPost, d0, 'boolean', help=h0)
        
        d1 = 'URL to exploit with fastExploit()'
        o1 = option('url', self._url, d1, 'string')
        
        d2 = 'Method to use with fastExploit()'
        o2 = option('method', self._method, d2, 'string')

        d3 = 'Data to send with fastExploit()'
        o3 = option('data', self._data, d3, 'string')

        d4 = 'Variable where to inject with fastExploit()'
        o4 = option('injvar', self._inj_var, d4, 'string')

        d5 = 'Exploit only one vulnerability.'
        o5 = option('generateOnlyOne', self._generateOnlyOne, d5, 'boolean')
        
        ol = optionList()
        ol.add(o0)
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        ol.add(o4)
        ol.add(o5)
        return ol
コード例 #9
0
    def getOptions(self):
        """
        @return: A list of option objects for this plugin.
        """
        d1 = "A comma separated list of URLs"
        o1 = option("target", ",".join(cf.cf.getData("targets")), d1, "list")

        d2 = "Target operating system (" + "/".join(self._operatingSystems) + ")"
        h2 = "This setting is here to enhance w3af performance."
        # This list "hack" has to be done becase the default value is the one
        # in the first position on the list
        tmpList = self._operatingSystems[:]
        tmpList.remove(cf.cf.getData("targetOS"))
        tmpList.insert(0, cf.cf.getData("targetOS"))
        o2 = comboOption("targetOS", tmpList, d2, "combo", help=h2)

        d3 = "Target programming framework (" + "/".join(self._programmingFrameworks) + ")"
        h3 = "This setting is here to enhance w3af performance."
        # This list "hack" has to be done becase the default value is the one
        # in the first position on the list
        tmpList = self._programmingFrameworks[:]
        tmpList.remove(cf.cf.getData("targetFramework"))
        tmpList.insert(0, cf.cf.getData("targetFramework"))
        o3 = comboOption("targetFramework", tmpList, d3, "combo", help=h3)

        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        return ol
コード例 #10
0
    def getOptions(self):
        """
        @return: A list of option objects for this plugin.
        """
        d1 = "URL to exploit with fastExploit()"
        o1 = option("url", self._url, d1, "string")

        d2 = "Method to use with fastExploit()"
        o2 = option("method", self._method, d2, "string")

        d3 = "Data to send with fastExploit()"
        o3 = option("data", self._data, d3, "string")

        d4 = "The variable in data that holds the file content. Only used in fastExploit()"
        o4 = option("fileVars", self._fileVars, d4, "string")

        d5 = "The URI of the uploaded file. Only used with fastExploit()"
        o5 = option("fileDest", self._fileDest, d5, "string")

        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        ol.add(o4)
        ol.add(o5)
        return ol
コード例 #11
0
ファイル: sed.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d1 = 'Stream edition expressions'
        h1 = 'Stream edition expressions are strings that tell the sed plugin what to change.'
        h1 += ' Sed plugin uses regular expressions, some examples: \n - qh/User/NotLuser/ ;'
        h1 += ' This will make sed search in the the re[q]uest [h]eader for the string User'
        h1 += ' and replace it with NotLuser.\n - sb/[fF]orm/form ; This will make sed search'
        h1 += ' in the re[s]ponse [b]ody for the strings form or Form and replace it with form.'
        h1 += ' Multiple expressions can be specified separated by commas.'
        o1 = option('expressions', self._expressions, d1, 'list', help=h1)
        
        d2 = 'Fix the content length header after mangling'
        o2 = option('fixContentLen', self._user_option_fix_content_len, d2, 'boolean')

        d3 = 'Plugin execution priority'
        h3 = 'Mangle plugins are ordered using the priority parameter'
        o3 = option('priority', self._priority, d3, 'integer', help=h3)
        
        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        return ol
コード例 #12
0
ファイル: pykto.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d1 = 'CGI-BIN dirs where to search for vulnerable scripts.'
        h1 = 'Pykto will search for vulnerable scripts in many places, one of them is inside'
        h1 += ' cgi-bin directory. The cgi-bin directory can be anything and change from install'
        h1 += ' to install, so its a good idea to make this a user setting. The directories should'
        h1 += ' be supplied comma separated and with a / at the beggining and one at the end.'
        h1 += ' Example: "/cgi/,/cgibin/,/bin/"'
        o1 = option('cgiDirs', self._cgi_dirs , d1, 'list', help=h1)
        
        d2 = 'Admin directories where to search for vulnerable scripts.'
        h2 = 'Pykto will search for vulnerable scripts in many places, one of them is inside'
        h2 += ' administration directories. The admin directory can be anything and change'
        h2 += ' from install to install, so its a good idea to make this a user setting. The'
        h2 += ' directories should be supplied comma separated and with a / at the beggining and'
        h2 += ' one at the end. Example: "/admin/,/adm/"'
        o2 = option('adminDirs', self._admin_dirs, d2, 'list', help=h2)
        
        d3 = 'PostNuke directories where to search for vulnerable scripts.'
        h3 = 'The directories should be supplied comma separated and with a / at the'
        h3 += ' beggining and one at the end. Example: "/forum/,/nuke/"'
        o3 = option('nukeDirs', self._nuke, d3, 'list', help=h3)

        d4 = 'The path to the nikto scan_databse.db file.'
        h4 = 'The default scan database file is ok in most cases.'
        o4 = option('dbFile', self._db_file, d4, 'string', help=h4)

        d5 = 'Test all files with all root directories'
        h5 = 'Define if we will test all files with all root directories.'
        o5 = option('mutateTests', self._mutate_tests, d5, 'boolean', help=h5)        

        d6 = 'Verify that pykto is using the latest scan_database from cirt.net.'
        o6 = option('updateScandb', self._update_scandb, d6, 'boolean')

        d7 = 'If generic scan is enabled all tests are sent to the remote server without'
        d7 += ' checking the server type.'
        h7 = 'Pykto will send all tests to the server if generic Scan is enabled. For example,'
        h7 += ' if a test in the database is marked as "apache" and the remote server reported'
        h7 += ' "iis" then the test is sent anyway.'
        o7 = option('genericScan', self._generic_scan, d7, 'boolean', help=h7)        

        d8 = 'The path to the w3af_scan_databse.db file.'
        h8 = 'This is a file which has some extra checks for files that are not present in the'
        h8 += ' nikto database.'
        o8 = option('extra_db_file', self._extra_db_file, d8, 'string', help=h8)

        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o3)
        ol.add(o4)
        ol.add(o8)  # Intentionally out of order
        ol.add(o5)
        ol.add(o6)
        ol.add(o7)
        return ol
コード例 #13
0
ファイル: bing_spider.py プロジェクト: 1d3df9903ad/w3af
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d2 = 'Fetch the first "resultLimit" results from the Google search'
     o2 = option('resultLimit', self._resultLimit, d2, 'integer')
     ol = optionList()
     ol.add(o2)
     return ol
コード例 #14
0
ファイル: question.py プロジェクト: ro-belyaev/sqli_benchmark
    def _getOptionObjects(self):
        """
        We get here when the user wants to complete this step of the
        wizard, and he didn't pressed Previous.

        @return: The option objects
        """
        ol = optionList()
        return ol
コード例 #15
0
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Fetch the first "resultLimit" results from the Bing search'
     o1 = option('resultLimit', self._resultLimit, d1, 'integer')
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #16
0
ファイル: wordnet.py プロジェクト: DavisHevin/sqli_benchmark
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Only use the first wnResults (wordnet results) from each category.'
     o1 = option('wnResults', self._wordnet_results, d1, 'integer')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #17
0
ファイル: xmlFile.py プロジェクト: ro-belyaev/sqli_benchmark
    def getOptions(self):
        """
        @return: A list of option objects for this plugin.
        """
        d1 = "File name where this plugin will write to"
        o1 = option("fileName", self._file_name, d1, "string")

        ol = optionList()
        ol.add(o1)
        return ol
コード例 #18
0
ファイル: export_requests.py プロジェクト: 1d3df9903ad/w3af
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'The name of the output file where the HTTP requests will be saved'
     o1 = option('output_file', self.output_file, d1, 'string')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #19
0
ファイル: console.py プロジェクト: ro-belyaev/sqli_benchmark
    def getOptions(self):
        """
        @return: A list of option objects for this plugin.
        """
        d1 = "Enable if verbose output is needed"
        o1 = option("verbose", self.verbose, d1, "boolean")

        ol = optionList()
        ol.add(o1)
        return ol
コード例 #20
0
ファイル: motw.py プロジェクト: DavisHevin/sqli_benchmark
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'List the pages that don\'t have a MOTW'
     o1 = option('withoutMOTW', self._withoutMOTW, d1, 'boolean')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #21
0
ファイル: console.py プロジェクト: adambaldwin2/test
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Enable if verbose output is needed'
     o1 = option('verbose', self.verbose, d1, 'boolean')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #22
0
ファイル: metaTags.py プロジェクト: sanzomaldini/w3af
    def getOptions(self):
        """
        @return: A list of option objects for this plugin.
        """
        d1 = "Search for meta tags in 404 pages."
        o1 = option("search404", self._search404, d1, "boolean")

        ol = optionList()
        ol.add(o1)
        return ol
コード例 #23
0
ファイル: symfony.py プロジェクト: 1d3df9903ad/w3af
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Skip symfony detection and search for the csrf (mis)protection.'
     o1 = option('override', self._override, d1, 'boolean')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #24
0
ファイル: findComments.py プロジェクト: 1d3df9903ad/w3af
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Search for HTML comments in 404 pages.'
     o1 = option('search404', self._search404, d1, 'boolean')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #25
0
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Wordlist to use in the file name bruteforcing process.'
     o1 = option('wordlist', self._wordlist , d1, 'string')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #26
0
ファイル: xmlFile.py プロジェクト: adambaldwin2/test
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d1 = 'File name where this plugin will write to'
        o1 = option('fileName', self._file_name, d1, 'string')

        ol = optionList()
        ol.add(o1)

        return ol
コード例 #27
0
ファイル: generic.py プロジェクト: DavisHevin/sqli_benchmark
 def getOptions( self ):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'If two strings have a diff ratio less than diffRatio, then they are '
     d1 += '*really* different'
     o1 = option('diffRatio', self._diff_ratio, d1, 'float')
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #28
0
    def getOptions( self ):
        '''
        @return: A list of option objects for this plugin.
        '''
        d1 = 'Users file to use in bruteforcing'
        o1 = option('usersFile', self._usersFile, d1, 'string')
        
        d2 = 'Passwords file to use in bruteforcing'
        o2 = option('passwdFile', self._passwdFile, d2, 'string')
        
        d3 = 'This indicates if we will use usernames from emails collected by w3af plugins in bruteforce.'
        o3 = option('useMailUsers', self._useMailUsers, d3, 'boolean')
        
        d4 = 'This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce.'
        o4 = option('useSvnUsers', self._useSvnUsers, d4, 'boolean')
        
        d5 = 'This indicates if the bruteforce should stop after finding the first correct user and password.'
        o5 = option('stopOnFirst', self._stopOnFirst, d5, 'boolean')
        
        d6 = 'This indicates if the bruteforce should try password equal user in logins.'
        o6 = option('passEqUser', self._passEqUser, d6, 'boolean')
        
        d7 = 'This indicates if the bruteforce should try l337 passwords'
        o7 = option('useLeetPasswd', self._l337_p4sswd, d7, 'boolean')
        
        d8 = 'This indicates if the bruteforcer should use emails collected by w3af plugins as users.'
        o8 = option('useMails', self._useMails, d8, 'boolean')
        
        d9 = 'This indicates if the bruteforce should use password profiling to collect new passwords.'
        o9 = option('useProfiling', self._useProfiling, d9, 'boolean')
        
        d10 = 'This indicates how many passwords from profiling will be used.'
        o10 = option('profilingNumber', self._profilingNumber, d10, 'integer')

        d11 = 'Combo of username and passord, file to use in bruteforcing'
        o11 = option('comboFile', self._comboFile, d11, 'string')

        d12 = 'Separator string used in Combo file to split username and password'
        o12 = option('comboSeparator', self._comboSeparator, d12, 'string')
        
        ol = optionList()
        ol.add(o1)
        ol.add(o2)
        ol.add(o11)
        ol.add(o12)
        ol.add(o3)
        ol.add(o4)
        ol.add(o5)
        ol.add(o6)
        ol.add(o7)
        ol.add(o8)
        ol.add(o9)
        ol.add(o10)
        return ol
コード例 #29
0
ファイル: urlFuzzer.py プロジェクト: 1d3df9903ad/w3af
 def getOptions(self):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.'
     h1 = 'Don\'t change this unless you read the plugin code.'
     o1 = option('fuzzImages', self._fuzzImages, d1, 'boolean', help=h1)
     
     ol = optionList()
     ol.add(o1)
     return ol
コード例 #30
0
    def _getOptionObjects(self):
        """
        @return: A list of options for this question.
        """
        self._d1 = "Find other virtual hosts using MSN search"
        o1 = option(self._d1, False, self._d1, "boolean")

        ol = optionList()
        ol.add(o1)

        return ol
コード例 #31
0
 def getOptions(self):
     '''
     @return: A list of option objects for this plugin.
     '''
     d1 = 'The algorithm to use in the comparison of true and false response for blind sql.'
     h1 = 'The options are: "stringEq" and "setIntersection". '
     h1 += 'Read the long description for details.'
     o1 = option('Hierarchical clustering level', self._level, d1, 'integer', help=h1)
     
     ol = optionList()
     ol.add(o1)
     return ol