def parseAllConfFiles(self, files): """ Parse all *.conf files into the config directory @Args files: list of config files to parse @Returns None """ # ---- # Parse INSTALL_STATUS_CONF_FILE if INSTALL_STATUS_CONF_FILE + CONF_EXT not in files: self.output.printError( 'Install status file ({0}/{1}.{2}) is missing'.format( SETTINGS_DIR, INSTALL_STATUS_CONF_FILE, CONF_EXT)) sys.exit(0) self.config_parsers[INSTALL_STATUS_CONF_FILE] = DefaultConfigParser() self.config_parsers[INSTALL_STATUS_CONF_FILE].read( FileUtils.concat_path(self.settings_dir, INSTALL_STATUS_CONF_FILE + CONF_EXT)) files.remove(INSTALL_STATUS_CONF_FILE + CONF_EXT) # ---- # Parse MULTI_SERVICES_CONF_FILE support_multi_services_tools = MULTI_SERVICES_CONF_FILE + CONF_EXT in files self.parseToolsConfFile(MULTI_SERVICES_CONF_FILE + CONF_EXT) files.remove(MULTI_SERVICES_CONF_FILE + CONF_EXT) # ---- # Parse services *.conf files for f in files: self.parseToolsConfFile(f)
def parseConfFiles(self, files): """ Parse all *.conf files into the config directory @Args files: list of config files to parse @Returns None """ # Process *.conf files for f in files: self.output.printInfo( 'Parsing configuration file "{0}" ...'.format(f)) full_path = FileUtils.concat_path(self.settings_dir, f) service_name = f[:f.rfind(CONF_EXT)].lower().strip() self.config_parsers[service_name] = DefaultConfigParser() self.config_parsers[service_name].read(full_path) #config_parser = DefaultConfigParser() #config_parser.read(full_path) # Add the entry into general settings for the service self.general_settings[service_name] = {} # General settings - [general] in .conf file self.general_settings[service_name]['tools_categories'] = [ e.lower() for e in self.config_parsers[service_name].safeGetList( 'general', 'tools_categories', ',', []) ] # General settings - Optional/Specific settings (depends on the targeted servicee) if service_name in SPECIFIC_TOOL_OPTIONS.keys(): for option in SPECIFIC_TOOL_OPTIONS[service_name]: if SPECIFIC_TOOL_OPTIONS[service_name][option]: setting_name = SPECIFIC_TOOL_OPTIONS[service_name][ option] self.general_settings[service_name][setting_name] = \ [ e.lower() for e in self.config_parsers[service_name].safeGetList('general', setting_name, ',', []) ] # Check general settings for the current service self.checkGeneralSettings(service_name) # Add service as new toolbox section self.toolbox.addService(service_name) # Add tools in current config file into the toolbox, under the correct service section for section in self.config_parsers[service_name].sections(): if section.startswith('tool_'): newtool = self.createToolFromConfiguration( section, service_name) if newtool: if not self.toolbox.addTool(newtool, service_name): self.output.printWarning( 'Unable to add tool "{0}" into the toolbox'. format(newtool.name)) else: #self.output.printSettings('Tool "{0}" added into the toolbox (category "{1}")'.format(newtool.name, # newtool.category)) pass
def __parse_conf_file(self): parser = DefaultConfigParser() # Utf-8 to avoid encoding issues parser.read(EXPLOITS_CONF, 'utf8') for section in parser.sections(): type_ = parser.safe_get(section, 'type', '', None) if type_ not in SUPPORTED_TYPES: raise SettingsException('Unsupported exploit type for [{}]'.format(type_)) rawcmd = parser.safe_get(section, 'command', '', None) if not rawcmd: raise SettingsException('No command specified for [{}]'.format(rawcmd)) description = parser.safe_get(section, 'description', '', None) success = parser.safe_get(section, 'success', '', None) exploit = Exploit(section, description, type_, rawcmd, success) self.exploits.append(exploit)
def __parse_all_conf_files(self, files): """ Parse all *.conf files into the settings directory. Initialize ServicesConfig object with list of supported services :param files: List of files in settings directory :return: None """ list_services = list() for f in files: name = FileUtils.remove_ext(f).lower().strip() if name not in (INSTALL_STATUS_CONF_FILE, TOOLBOX_CONF_FILE): list_services.append(name) full_path = FileUtils.concat_path(SETTINGS_DIR, f) self.config_parsers[name] = DefaultConfigParser() self.config_parsers[name].read(full_path, 'utf8') # utf8 to avoid encoding issues list_services.append('multi') # Add support for special "multi" service self.services = ServicesConfig(list_services)
def parseConfig(self): config = DefaultConfigParser() configPath = FileUtils.buildPath(self.script_path, "default.conf") config.read(configPath) # General self.threadsCount = config.safe_getint("general", "threads", 10, list(range(1, 50))) self.excludeStatusCodes = config.safe_get("general", "exclude-status", None) self.redirect = config.safe_getboolean("general", "follow-redirects", False) self.recursive = config.safe_getboolean("general", "recursive", False) self.recursive_level_max = config.safe_getint("general", "recursive-level-max", 1) self.suppressEmpty = config.safe_getboolean("general", "suppress-empty", False) self.testFailPath = config.safe_get("general", "scanner-fail-path", "").strip() self.saveHome = config.safe_getboolean("general", "save-logs-home", False) # Reports self.autoSave = config.safe_getboolean("reports", "autosave-report", False) self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"]) # Dictionary self.wordlist = config.safe_get("dictionary", "wordlist", FileUtils.buildPath(self.script_path, "db", "dicc.txt")) self.lowercase = config.safe_getboolean("dictionary", "lowercase", False) self.forceExtensions = config.safe_get("dictionary", "force-extensions", False) # Connection self.useRandomAgents = config.safe_get("connection", "random-user-agents", False) self.useragent = config.safe_get("connection", "user-agent", None) self.delay = config.safe_get("connection", "delay", 0) self.timeout = config.safe_getint("connection", "timeout", 30) self.maxRetries = config.safe_getint("connection", "max-retries", 5) self.proxy = config.safe_get("connection", "http-proxy", None) self.httpmethod = config.safe_get("connection", "httpmethod", "get", ["get", "head", "post"]) self.requestByHostname = config.safe_get("connection", "request-by-hostname", False)
def parseConfig(self): config = DefaultConfigParser() configPath = FileUtils.buildPath(self.script_path, "default.conf") config.read(configPath) # General self.threadsCount = config.safe_getint("general", "threads", 10, list(range(1, 50))) self.excludeStatusCodes = config.safe_get("general", "exclude-status", None) self.redirect = config.safe_getboolean("general", "follow-redirects", False) self.recursive = config.safe_getboolean("general", "recursive", False) self.suppressEmpty = config.safe_getboolean("general", "suppress-empty", False) self.testFailPath = config.safe_get("general", "scanner-fail-path", "").strip() self.saveHome = config.safe_getboolean("general", "save-logs-home", False) # Reports self.autoSave = config.safe_getboolean("reports", "autosave-report", False) self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"]) # Dictionary self.wordlist = config.safe_get( "dictionary", "wordlist", FileUtils.buildPath(self.script_path, "db", "dicc.txt")) self.lowercase = config.safe_getboolean("dictionary", "lowercase", False) self.forceExtensions = config.safe_get("dictionary", "force-extensions", False) # Connection self.useRandomAgents = config.safe_get("connection", "random-user-agents", False) self.useragent = config.safe_get("connection", "user-agent", None) self.delay = config.safe_get("connection", "delay", 0) self.timeout = config.safe_getint("connection", "timeout", 30) self.maxRetries = config.safe_getint("connection", "max-retries", 5) self.proxy = config.safe_get("connection", "http-proxy", None) self.requestByHostname = config.safe_get("connection", "request-by-hostname", False)
def parseConfig(self): config = DefaultConfigParser() configPath = FileUtils.buildPath(self.script_path, "default.conf") config.read(configPath) # General self.threadsCount = config.safe_getint( "general", "threads", 20, list(range(1, 200)) ) self.includeStatusCodes = config.safe_get("general", "include-status", None) self.excludeStatusCodes = config.safe_get("general", "exclude-status", None) self.excludeTexts = config.safe_get("general", "exclude-texts", None) self.redirect = config.safe_getboolean("general", "follow-redirects", False) self.recursive = config.safe_getboolean("general", "recursive", False) self.recursive_level_max = config.safe_getint( "general", "recursive-level-max", 1 ) self.suppressEmpty = config.safe_getboolean("general", "suppress-empty", False) self.testFailPath = config.safe_get("general", "scanner-fail-path", "").strip() self.saveHome = config.safe_getboolean("general", "save-logs-home", False) self.defaultExtensions = config.safe_get("general", "default-extensions", "php,asp,aspx,jsp,jspx,html,htm,js,txt") # Reports self.quietMode = config.safe_get("reports", "quiet-mode", False) self.autoSave = config.safe_getboolean("reports", "autosave-report", False) self.autoSaveFormat = config.safe_get( "reports", "autosave-report-format", "plain", ["plain", "json", "simple"] ) # Dictionary self.wordlist = config.safe_get( "dictionary", "wordlist", FileUtils.buildPath(self.script_path, "db", "dicc.txt"), ) self.lowercase = config.safe_getboolean("dictionary", "lowercase", False) self.uppercase = config.safe_getboolean("dictionary", "uppercase", False) self.forceExtensions = config.safe_get("dictionary", "force-extensions", False) self.noDotExtensions = config.safe_get("dictionary", "no-dot-extensions", False) # Connection self.useRandomAgents = config.safe_get( "connection", "random-user-agents", False ) self.useragent = config.safe_get("connection", "user-agent", None) self.delay = config.safe_get("connection", "delay", 0) self.timeout = config.safe_getint("connection", "timeout", 20) self.maxRetries = config.safe_getint("connection", "max-retries", 5) self.proxy = config.safe_get("connection", "http-proxy", None) self.proxylist = config.safe_get("connection", "http-proxy-list", None) self.httpmethod = config.safe_get( "connection", "httpmethod", "get", ["get", "head", "post", "put", "delete", "trace", "options"] ) self.requestByHostname = config.safe_get( "connection", "request-by-hostname", False )
def parseConfig(self): config = DefaultConfigParser() configPath = FileUtils.buildPath(self.script_path, "default.conf") config.read(configPath) # General self.threadsCount = config.safe_getint("general", "threads", 10, list(range(1, 50))) self.excludeStatusCodes = config.safe_get("general", "exclude-status", None) self.redirect = config.safe_getboolean("general", "follow-redirects", False) self.recursive = config.safe_getboolean("general", "recursive", False) self.testFailPath = config.safe_get("general", "test-fail-path", "youCannotBeHere7331").strip() # Reports self.autoSave = config.safe_getboolean("reports", "autosave-report", False) self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"]) # Dictionary self.wordlist = config.safe_get( "dictionary", "wordlist", FileUtils.buildPath(self.script_path, "db", "dicc.txt")) self.lowercase = config.safe_getboolean("dictionary", "lowercase", False) # Connection self.useragent = config.safe_get("connection", "user-agent", None) self.timeout = config.safe_getint("connection", "timeout", 30) self.maxRetries = config.safe_getint("connection", "max-retries", 5) self.proxy = config.safe_get("connection", "http-proxy", None)
def __parse_conf_file(self): parser = DefaultConfigParser() # Utf-8 to avoid encoding issues parser.read(EXPLOITS_CONF, 'utf8') for section in parser.sections(): # Vulnerable product name product = parser.safe_get(section, 'product', '', None) if not product: raise SettingsException('No vulnerable product name specified for ' \ '[{}]'.format(section)) # Vulnerability description description = parser.safe_get(section, 'description', '', None) if not description: raise SettingsException('Missing vulnerability description for ' \ '[{}]'.format(section)) # Vulnerability type type_ = parser.safe_get(section, 'type', '', None) if type_ not in SUPPORTED_TYPES: raise SettingsException( 'Unsupported vulnerability type for [{}]'.format(section)) # Detection command detection_rawcmd = parser.safe_get(section, 'detection_cmd', '', None) # Detection command output success detection_success = parser.safe_get(section, 'detection_success', '', None) if detection_rawcmd and len( detection_rawcmd) > 0 and not detection_success: raise SettingsException('Missing "detection_success" for [{}] since ' \ '"detection_cmd" is defined'.format(section)) # Exploit command exploit_rawcmd = parser.safe_get(section, 'exploit_cmd', '', None) # Exploit RCE output exploit_rce_output = parser.safe_get_boolean( section, 'exploit_rce_output', True) # Exploit command output success (for auto test when exploit_rce_output == True) exploit_success = parser.safe_get(section, 'exploit_success', '', None) if exploit_rawcmd and \ len(exploit_rawcmd) > 0 and \ exploit_rce_output and \ not exploit_success: raise SettingsException( 'Missing "exploit_success" for [{}] since ' '"exploit_cmd" is defined and "exploit_rce_output=true"'. format(section)) exploit = Exploit(section, product, description, type_, detection_rawcmd, detection_success, exploit_rawcmd, exploit_rce_output, exploit_success) self.exploits.append(exploit)
def parseConfig(self): config = DefaultConfigParser() configPath = FileUtils.buildPath(self.script_path, "default.conf") config.read(configPath) # General self.threadsCount = config.safe_getint("general", "threads", 10, range(1, 50)) self.excludeStatusCodes = config.safe_get("general", "exclude-status", None) self.redirect = config.safe_getboolean("general", "follow-redirects", False) self.recursive = config.safe_getboolean("general", "recursive", False) self.testFailPath = config.safe_get("general", "test-fail-path", "youCannotBeHere7331").strip() # Reports self.autoSave = config.safe_getboolean("reports", "autosave-report", False) self.autoSaveFormat = config.safe_get("reports", "autosave-report-format", "plain", ["plain", "json", "simple"]) # Dictionary self.wordlist = config.safe_get("dictionary", "wordlist", FileUtils.buildPath(self.script_path, "db", "dicc.txt")) self.lowercase = config.safe_getboolean("dictionary", "lowercase", False) # Connection self.useragent = config.safe_get("connection", "user-agent", None) self.timeout = config.safe_getint("connection", "timeout", 30) self.maxRetries = config.safe_getint("connection", "max-retries", 5) self.proxy = config.safe_get("connection", "http-proxy", None)
def parse_config(self): config = DefaultConfigParser() config_path = FileUtils.build_path(self.script_path, "default.conf") config.read(config_path) # General self.threads_count = config.safe_getint("general", "threads", 10, list(range(1, 50))) self.redirect = config.safe_getboolean("general", "follow-redirects", False) # Credentials self.wordlist = config.safe_get( "credentials", "userpass-wordlist", FileUtils.build_path(self.script_path, "db", "default.txt")) # Connection self.use_random_agents = config.safe_get("connection", "random-user-agents", False) self.useragent = config.safe_get("connection", "user-agent", None) self.delay = config.safe_get("connection", "delay", 0) self.timeout = config.safe_getint("connection", "timeout", 30) self.max_retries = config.safe_getint("connection", "max-retries", 5) self.proxy = config.safe_get("connection", "http-proxy", None) self.dns_cache = config.safe_get("connection", "dns-cache", False)
def parseToolsConfFile(self, file): """ Parse a given settings file """ #self.output.printInfo('Parsing configuration file "{0}" ...'.format(file)) full_path = FileUtils.concat_path(self.settings_dir, file) conf_filename = FileUtils.remove_ext(file).lower().strip() self.config_parsers[conf_filename] = DefaultConfigParser() self.config_parsers[conf_filename].read(full_path) # Add the entry into general settings for the service self.general_settings[conf_filename] = {} if conf_filename == MULTI_SERVICES_CONF_FILE: self.general_settings[conf_filename]['tools_categories'] = ['all'] else: # General settings - [general] in .conf file tools_cats = self.config_parsers[conf_filename].safeGetList( 'general', 'tools_categories', ',', []) self.general_settings[conf_filename]['tools_categories'] = [ StringUtils.cleanSpecialChars(e).lower() for e in tools_cats ] # General settings - Optional/Specific settings (depends on the targeted service) if conf_filename in SPECIFIC_TOOL_OPTIONS.keys(): for option in SPECIFIC_TOOL_OPTIONS[conf_filename]: setting_name = SPECIFIC_TOOL_OPTIONS[conf_filename][option] if setting_name: self.general_settings[conf_filename][setting_name] = \ [ e.lower() for e in self.config_parsers[conf_filename].safeGetList('general', setting_name, ',', []) ] # Check general settings for the current service self.checkGeneralSettings(conf_filename) # Add service as new toolbox section self.toolbox.addService(conf_filename) # Add tools in current config file into the toolbox, under the correct service section for section in self.config_parsers[conf_filename].sections(): if section.startswith(PREFIX_TOOL_SECTIONNAME): if conf_filename != MULTI_SERVICES_CONF_FILE: newtool = self.createToolFromConfiguration( section, conf_filename, tooltype=ToolType.STANDARD) else: newtool = self.createToolFromConfiguration( section, conf_filename, tooltype=ToolType.MULTI_SERVICES) elif section.startswith(PREFIX_TOOL_USEMULTI_SECTIONNAME): newtool = self.createToolFromConfiguration( section, conf_filename, tooltype=ToolType.USE_MULTI) else: continue if newtool: if not self.toolbox.addTool(newtool, conf_filename): self.output.printWarning( 'Unable to add tool "{0}" into the toolbox'.format( newtool.name)) else: #self.output.printSettings('Tool "{0}" added into the toolbox (category "{1}")'.format(newtool.name, # newtool.category)) pass
def parseConfig(self): config = DefaultConfigParser()