def _launch_exploit_all(dlg, w3af, enabled_plugins, stopOnFirst): """ A generator that will perform the exploitation of all the vulnerabilities. :param dlg: The dialog where I'm going to write the messages :param w3af: the core :param enabled_plugins: Which plugins are to be used. :param stopOnFirst: if the exploit should stop in the first exploited vuln. """ for exploit_name in enabled_plugins: dlg.add_message(_("\nExploiting %r...\n") % exploit_name) exploit = w3af.plugins.get_plugin_inst("attack", exploit_name) vulns = get_exploitable_vulns(exploit) dlg.add_message(_(" %d vulnerabilities to exploit\n") % len(vulns)) yield True for vuln in vulns: # Let GTK handle events, I want a responsive GUI! yield True # check if o msg = _("Checking suitability for vuln %r...\n") dlg.add_message(msg % vuln.get_name()) can_exploit = False try: can_exploit = exploit.can_exploit(vuln.get_id()) except BaseFrameworkException, e: dlg.add_message(_("\nERROR: ")) dlg.add_message(str(e) + '\n') dlg.done() dlg.dialog_run() yield False except ScanMustStopException, wmse: dlg.add_message(_("\nERROR: ")) dlg.add_message(str(wmse) + '\n') dlg.done() dlg.dialog_run() yield False if not can_exploit: dlg.add_message(_(" nop\n")) yield True continue dlg.add_message(_(" ok\n")) # exploitable, go for it! dlg.add_message(_("Exploiting...\n")) try: exploit.exploit() except BaseFrameworkException, e: dlg.add_message(str(e) + '\n') yield True continue
def set_filter(self, vuln): new_liststore = gtk.ListStore(str, str) for pname in sorted(self.w3af.plugins.get_plugin_list("attack")): exploit = self.w3af.plugins.get_plugin_inst("attack", pname) thisvulns = get_exploitable_vulns(exploit) markedname = ("<b>%s</b>" % pname) if vuln in thisvulns else pname new_liststore.append([markedname, pname]) self.set_model(new_liststore) self.liststore = new_liststore
def _launch_exploit_all(dlg, w3af, enabled_plugins, stopOnFirst): """ A generator that will perform the exploitation of all the vulnerabilities. :param dlg: The dialog where I'm going to write the messages :param w3af: the core :param enabled_plugins: Which plugins are to be used. :param stopOnFirst: if the exploit should stop in the first exploited vuln. """ for exploit_name in enabled_plugins: dlg.add_message(_("\nExploiting %r...\n") % exploit_name) exploit = w3af.plugins.get_plugin_inst("attack", exploit_name) vulns = get_exploitable_vulns(exploit) dlg.add_message(_(" %d vulnerabilities to exploit\n") % len(vulns)) yield True for vuln in vulns: # Let GTK handle events, I want a responsive GUI! yield True # check if o msg = _("Checking suitability for vuln %r...\n") dlg.add_message(msg % vuln.get_name()) can_exploit = False try: can_exploit = exploit.can_exploit(vuln.get_id()) except BaseFrameworkException, e: dlg.add_message(_("\nERROR: ")) dlg.add_message(str(e) + "\n") dlg.done() dlg.dialog_run() yield False except ScanMustStopException, wmse: dlg.add_message(_("\nERROR: ")) dlg.add_message(str(wmse) + "\n") dlg.done() dlg.dialog_run() yield False if not can_exploit: dlg.add_message(_(" nop\n")) yield True continue dlg.add_message(_(" ok\n")) # exploitable, go for it! dlg.add_message(_("Exploiting...\n")) try: exploit.exploit() except BaseFrameworkException, e: dlg.add_message(str(e) + "\n") yield True continue
def set_filter(self, exploit): """Sets a new filter and update the list. :param exploit: which exploit is selected/filtered """ vulns = get_exploitable_vulns(exploit) # Store the vulnerability ids for later self.applicable = [v.get_uniq_id() for v in vulns] # Make bold all the vulnerabilities in the list store which are in # self.applicable . In other words, bold the ones which can be # exploited (identified by uniq_id for row in self.liststore: show, name, uniq_id, icon = row if uniq_id in self.applicable: row[0] = make_bold(name) else: row[0] = name