def bruteforce_wrapper( self, fuzzable_request ): self.audit_wrapper( fuzzable_request.copy() ) res = [] for v in kb.kb.getData( self.getName(), 'auth' ): if v.getURL() not in self._alreadyReported: self._alreadyReported.append( v.getURL() ) res.extend( createFuzzableRequests(v['response']) ) return res
def _pre_discovery(self): ''' Create the first fuzzableRequestList ''' # We only want to scan pages that in current scope get_curr_scope_pages = lambda fr: \ fr.getURL().getDomain() == url.getDomain() for url in cf.cf.getData('targets'): try: # # GET the initial target URLs in order to save them # in a list and use them as our bootstrap URLs # response = self._w3af_core.uriOpener.GET(url, cache=True) self._fuzzable_request_set.update( filter( get_curr_scope_pages, createFuzzableRequests(response)) ) # # NOTE: I need to perform this test here in order to avoid some weird # thread locking that happens when the webspider calls is_404, and # because I want to initialize the is_404 database in a controlled # try/except block. # from core.controllers.coreHelpers.fingerprint_404 import is_404 is_404(response) except KeyboardInterrupt: self._w3af_core._end() raise except (w3afMustStopOnUrlError, w3afException, w3afMustStopException), w3: om.out.error('The target URL: %s is unreachable.' % url) om.out.error('Error description: %s' % w3) except Exception, e: om.out.error('The target URL: %s is unreachable ' 'because of an unhandled exception.' % url) om.out.error('Error description: "%s". See debug ' 'output for more information.' % e) om.out.error('Traceback for this error: %s' % traceback.format_exc())
def _createFuzzableRequests( self, httpResponse, request=None, add_self=True ): return createFuzzableRequests( httpResponse, request, add_self )