コード例 #1
0
ファイル: base_payload.py プロジェクト: EnDe/w3af 
    def exec_payload(self, payload_name, args=()):
        """
        Execute ANOTHER payload, by providing the other payload name.

        :param payload_name: The name of the payload I want to run.
        :return: The payload result.
        """
        try:
            return payload_handler.exec_payload(self.shell, payload_name,
                                                args, use_api=True)
        except:
            #
            #    Run the payload name with any shell that has the capabilities
            #    we need, not the one we're already using (that failed because
            #    it doesn't have the capabilities).
            #
            try:
                return payload_handler.exec_payload(None, payload_name, args,
                                                    use_api=True)
            except:
                msg = 'The payload you are trying to run ("%s") can not be' \
                      ' run because it is trying to call another payload'\
                      ' ("%s") which is failing because there are no shells'\
                      ' that support the required system calls.'
                om.out.console(msg)

                # TODO: Should I raise an exception here?
                return msg % (self, payload_name)
コード例 #2
0
ファイル: base_payload.py プロジェクト: webvul/webfuzzer 
    def exec_payload(self, payload_name, args=()):
        """
        Execute ANOTHER payload, by providing the other payload name.

        :param payload_name: The name of the payload I want to run.
        :return: The payload result.
        """
        try:
            return payload_handler.exec_payload(self.shell,
                                                payload_name,
                                                args,
                                                use_api=True)
        except:
            #
            #    Run the payload name with any shell that has the capabilities
            #    we need, not the one we're already using (that failed because
            #    it doesn't have the capabilities).
            #
            try:
                return payload_handler.exec_payload(None,
                                                    payload_name,
                                                    args,
                                                    use_api=True)
            except:
                msg = 'The payload you are trying to run ("%s") can not be' \
                      ' run because it is trying to call another payload' \
                      ' ("%s") which is failing because there are no shells' \
                      ' that support the required system calls.'
                om.out.console(msg)

                # TODO: Should I raise an exception here?
                return msg % (self, payload_name)
コード例 #3
0
ファイル: test_portscan.py プロジェクト: 0x554simon/w3af 
    def test_portscan(self):
        result = exec_payload(self.shell, 'portscan',
                              args=('localhost', '22'),
                              use_api=True)
        self.assertEquals(self.RESULT_22, result)

        result = exec_payload(self.shell, 'portscan',
                              args=('localhost', '23'),
                              use_api=True)
        self.assertEquals(self.RESULT_23, result)
コード例 #4
0
ファイル: test_portscan.py プロジェクト: webvul/webfuzzer 
    def test_portscan(self):
        result = exec_payload(self.shell,
                              'portscan',
                              args=('localhost', '22'),
                              use_api=True)
        self.assertEquals(self.RESULT_22, result)

        result = exec_payload(self.shell,
                              'portscan',
                              args=('localhost', '23'),
                              use_api=True)
        self.assertEquals(self.RESULT_23, result)
コード例 #5
0
ファイル: shell.py プロジェクト: webvul/webfuzzer 
    def _payload(self, parameters):
        """
        Handle the payload command:
            - payload desc list_processes -> return payload description
            - payload list_processes      -> run payload

        :param payload_name: The name of the payload I want to run.
        :param parameters: The parameters as sent by the user.
        """
        #
        #    Handle payload desc xyz
        #
        if len(parameters) == 2:
            if parameters[0] == 'desc':
                payload_name = parameters[1]

                if payload_name not in payload_handler.get_payload_list():
                    return 'Unknown payload name: "%s"' % payload_name

                return payload_handler.get_payload_desc(payload_name)

        #
        #    Handle payload xyz
        #
        payload_name = parameters[0]
        parameters = parameters[1:]

        if payload_name not in payload_handler.get_payload_list():
            return 'Unknown payload name: "%s"' % payload_name

        if payload_name in payload_handler.runnable_payloads(self):
            om.out.debug('Payload %s can be run. Starting execution.' %
                         payload_name)

            # Note: The payloads are actually writing to om.out.console
            # so there is no need to get the result. If someone wants to
            # get the results in a programatic way they should execute the
            # payload with use_api=True.
            try:
                payload_handler.exec_payload(self, payload_name, parameters)
                result = None
            except TypeError:
                # We get here when the user calls the payload with an incorrect
                # number of parameters:
                payload = payload_handler.get_payload_instance(
                    payload_name, self)
                result = payload.get_desc()
            except ValueError, ve:
                # We get here when one of the parameters provided by the user is
                # not of the correct type, or something like that.
                result = str(ve)
コード例 #6
0
ファイル: shell.py プロジェクト: 3rdDegree/w3af 
    def _payload(self, parameters):
        """
        Handle the payload command:
            - payload desc list_processes -> return payload description
            - payload list_processes      -> run payload

        :param payload_name: The name of the payload I want to run.
        :param parameters: The parameters as sent by the user.
        """
        #
        #    Handle payload desc xyz
        #
        if len(parameters) == 2:
            if parameters[0] == 'desc':
                payload_name = parameters[1]

                if payload_name not in payload_handler.get_payload_list():
                    return 'Unknown payload name: "%s"' % payload_name

                return payload_handler.get_payload_desc(payload_name)

        #
        #    Handle payload xyz
        #
        payload_name = parameters[0]
        parameters = parameters[1:]

        if payload_name not in payload_handler.get_payload_list():
            return 'Unknown payload name: "%s"' % payload_name

        if payload_name in payload_handler.runnable_payloads(self):
            om.out.debug(
                'Payload %s can be run. Starting execution.' % payload_name)

            # Note: The payloads are actually writing to om.out.console
            # so there is no need to get the result. If someone wants to
            # get the results in a programatic way they should execute the
            # payload with use_api=True.
            try:
                payload_handler.exec_payload(self, payload_name, parameters)
                result = None
            except TypeError:
                # We get here when the user calls the payload with an incorrect
                # number of parameters:
                payload = payload_handler.get_payload_instance(
                    payload_name, self)
                result = payload.get_desc()
            except ValueError, ve:
                # We get here when one of the parameters provided by the user is
                # not of the correct type, or something like that.
                result = str(ve)
コード例 #7
0
    def test_exec_payload_read(self):
        shell = FakeReadShell()
        result = exec_payload(shell, 'os_fingerprint', use_api=True)
        self.assertEquals({'os': 'Linux'}, result)

        result = exec_payload(shell, 'cpu_info', use_api=True)
        # On my box the result is:
        #
        # {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'}
        #
        # But because others will also run this, I don't want to make it so
        # strict
        self.assertTrue('cpu_info' in result)
        self.assertTrue('cpu_cores' in result)
        self.assertGreater(int(result['cpu_cores']), 0)
        self.assertLess(int(result['cpu_cores']), 12)
コード例 #8
0
ファイル: test_pixy.py プロジェクト: binarever/tools 
 def test_pixy(self):
     temp_dir = tempfile.mkdtemp()
     result = exec_payload(self.shell,
                           'pixy',
                           args=(temp_dir, temp_dir),
                           use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #9
0
ファイル: test_uptime.py プロジェクト: 0x554simon/w3af 
    def test_uptime(self):
        result = exec_payload(self.shell, 'uptime', use_api=True)

        for key in self.EXPECTED_RESULT:
            for time_unit in self.EXPECTED_RESULT[key]:
                self.assertTrue(
                    self.EXPECTED_RESULT[key][time_unit].isdigit())
コード例 #10
0
    def test_exec_payload_read(self):
        shell = FakeReadShell()
        result = exec_payload(shell, 'os_fingerprint', use_api=True)
        self.assertEquals({'os': 'Linux'}, result)

        result = exec_payload(shell, 'cpu_info', use_api=True)
        # On my box the result is:
        #
        # {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'}
        #
        # But because others will also run this, I don't want to make it so
        # strict
        self.assertTrue('cpu_info' in result)
        self.assertTrue('cpu_cores' in result)
        self.assertGreater(int(result['cpu_cores']), 0)
        self.assertLess(int(result['cpu_cores']), 12)
コード例 #11
0
 def test_apache_mod_security(self):
     result = exec_payload(self.shell, 'apache_mod_security', use_api=True)
     
     self.assertEquals(self.EXPECTED_RESULT['version'], result['version'])
     self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file'])
     
     file_content = result['file']['/etc/apache2/mods-available/mod-security.conf']
     self.assertIn('<IfModule security2_module>', file_content)
コード例 #12
0
ファイル: test_udp.py プロジェクト: chenbremer/w3af-1 
    def test_udp(self):
        result = exec_payload(self.shell, 'udp', use_api=True)

        local_addresses = []
        for key, conn_data in result.iteritems():
            local_addresses.append(conn_data['local_address'])

        self.assertEqual(self.EXPECTED_RESULT, set(local_addresses))
コード例 #13
0
ファイル: test_udp.py プロジェクト: 3rdDegree/w3af 
    def test_udp(self):
        result = exec_payload(self.shell, 'udp', use_api=True)

        local_addresses = []
        for key, conn_data in result.iteritems():
            local_addresses.append(conn_data['local_address'])

        self.assertTrue(set(local_addresses).issuperset(self.EXPECTED_RESULT))
コード例 #14
0
    def test_current_user(self):
        result = exec_payload(self.shell, "current_user", use_api=True)

        user = result["current"]["user"]
        self.assertEquals(self.EXPECTED_RESULT["current"]["user"], user)

        home = result["current"]["home"]
        self.assertTrue(home.startswith(self.EXPECTED_RESULT["current"]["home"]), home)
コード例 #15
0
ファイル: test_tcp.py プロジェクト: z0r1nga/w3af 
    def test_tcp(self):
        result = exec_payload(self.shell, 'tcp', use_api=True)

        local_addresses = []
        for key, conn_data in result.iteritems():
            local_addresses.append(conn_data['local_address'])

        self.assertTrue(set(local_addresses).issuperset(self.EXPECTED_RESULT))
コード例 #16
0
    def test_apache_mod_security(self):
        result = exec_payload(self.shell, 'apache_mod_security', use_api=True)

        self.assertEquals(self.EXPECTED_RESULT['version'], result['version'])
        self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file'])

        file_content = result['file']['/etc/apache2/mods-available/mod-security.conf']
        self.assertIn('<IfModule security2_module>', file_content)
コード例 #17
0
    def test_tcp(self):
        result = exec_payload(self.shell, 'tcp', use_api=True)

        local_addresses = []
        for key, conn_data in result.iteritems():
            local_addresses.append(conn_data['local_address'])

        for expected_local_address in self.EXPECTED_RESULT:
            self.assertIn(expected_local_address, local_addresses)
コード例 #18
0
ファイル: test_current_user.py プロジェクト: z0r1nga/w3af 
    def test_current_user(self):
        result = exec_payload(self.shell, 'current_user', use_api=True)

        user = result['current']['user']
        self.assertEquals(self.EXPECTED_RESULT['current']['user'], user)

        home = result['current']['home']
        self.assertTrue(
            home.startswith(self.EXPECTED_RESULT['current']['home']), home)
コード例 #19
0
    def test_list_processes(self):
        result = exec_payload(
            self.shell, 'list_processes', args=(2000,), use_api=True)

        cmds = []
        for _, pid_data in result.iteritems():
            cmds.append(pid_data['cmd'])

        for expected in self.EXPECTED_RESULT:
            self.assertIn(expected, cmds)
コード例 #20
0
    def test_list_processes(self):
        result = exec_payload(self.shell,
                              'list_processes',
                              args=(2000, ),
                              use_api=True)

        cmds = []
        for _, pid_data in result.iteritems():
            cmds.append(pid_data['cmd'])

        for expected in self.EXPECTED_RESULT:
            self.assertIn(expected, cmds)
コード例 #21
0
    def test_get_source_code(self):
        temp_dir = tempfile.mkdtemp()
        result = exec_payload(self.shell, 'get_source_code', args=(temp_dir,),
                              use_api=True)

        self.assertEqual(len(self.EXPECTED_RESULT.keys()), 1)

        expected_url = self.EXPECTED_RESULT.keys()[0]
        downloaded_url = result.items()[0][0].url_string
        self.assertEquals(expected_url, downloaded_url)

        downloaded_file_path = result.items()[0][1][1]
        downloaded_file_content = file(downloaded_file_path).read()
        self.assertTrue(self.CONTENT in downloaded_file_content)

        shutil.rmtree(temp_dir)
コード例 #22
0
ファイル: test_route.py プロジェクト: webvul/webfuzzer 
    def test_route(self):
        result = exec_payload(self.shell, 'route', use_api=True)
        routes = result['route']

        for route_info in routes:
            dest = route_info['Destination']
            gw = route_info['Gateway']
            iface = route_info['Iface']
            mask = route_info['Mask']

            self.assertEqual(dest.count('.'), 3)
            self.assertEqual(gw.count('.'), 3)
            self.assertEqual(mask.count('.'), 3)

            self.assertTrue(
                iface.startswith('eth') or iface.startswith('wlan')
                or iface.startswith('ppp') or iface.startswith('vbox')
                or iface.startswith('lxcbr') or iface.startswith('docker')
                or iface.startswith('lo'), iface)
コード例 #23
0
ファイル: test_route.py プロジェクト: 3rdDegree/w3af 
    def test_route(self):
        result = exec_payload(self.shell, 'route', use_api=True)
        routes = result['route']

        for route_info in routes:
            dest = route_info['Destination']
            gw = route_info['Gateway']
            iface = route_info['Iface']
            mask = route_info['Mask']

            self.assertEqual(dest.count('.'), 3)
            self.assertEqual(gw.count('.'), 3)
            self.assertEqual(mask.count('.'), 3)
            
            self.assertTrue(iface.startswith('eth') or
                            iface.startswith('wlan') or
                            iface.startswith('ppp') or
                            iface.startswith('vbox') or
                            iface.startswith('lxcbr') or
                            iface.startswith('lo'), iface)
コード例 #24
0
ファイル: test_route.py プロジェクト: ZionOps/w3af 
    def test_route(self):
        result = exec_payload(self.shell, "route", use_api=True)
        routes = result["route"]

        for route_info in routes:
            dest = route_info["Destination"]
            gw = route_info["Gateway"]
            iface = route_info["Iface"]
            mask = route_info["Mask"]

            self.assertEqual(dest.count("."), 3)
            self.assertEqual(gw.count("."), 3)
            self.assertEqual(mask.count("."), 3)

            self.assertTrue(
                iface.startswith("eth")
                or iface.startswith("wlan")
                or iface.startswith("ppp")
                or iface.startswith("vbox")
                or iface.startswith("lxcbr")
                or iface.startswith("docker")
                or iface.startswith("lo"),
                iface,
            )
コード例 #25
0
 def test_root_login_allowed(self):
     result = exec_payload(self.shell, 'root_login_allowed', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #26
0
 def test_apache_htaccess(self):
     result = exec_payload(self.shell, 'apache_htaccess', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #27
0
ファイル: test_w3af_agent.py プロジェクト: 0x554simon/w3af 
 def test_w3af_agent(self):
     result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),),
                           use_api=True)
     self.assertEquals('Successfully started the w3afAgent.', result)
コード例 #28
0
 def test_running_vm(self):
     result = exec_payload(self.shell, 'running_vm', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #29
0
 def test_apache_config_directory(self):
     result = exec_payload(self.shell,
                           'apache_config_directory',
                           use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #30
0
ファイル: test_php_sca.py プロジェクト: binarever/tools 
 def test_php_sca(self):
     result = exec_payload(self.shell, 'php_sca', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result.keys()[0])
コード例 #31
0
 def test_iis_root_directory(self):
     result = exec_payload(self.shell, 'iis_root_directory', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #32
0
 def test_dhcp_config_files(self):
     result = exec_payload(self.shell, 'dhcp_config_files', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #33
0
ファイル: test_get_hashes.py プロジェクト: webvul/webfuzzer 
 def test_get_hashes(self):
     result = exec_payload(self.shell, 'get_hashes', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #34
0
 def test_exec_payload_exec(self):
     shell = FakeExecShell()
     result = exec_payload(shell, 'os_fingerprint', use_api=True)
     self.assertEquals({'os': 'Linux'}, result)
コード例 #35
0
ファイル: test_filesystem.py プロジェクト: webvul/webfuzzer 
 def test_filesystem(self):
     result = exec_payload(self.shell, 'filesystem', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result.keys())
コード例 #36
0
    def test_kernel_version(self):
        result = exec_payload(self.shell, 'kernel_version', use_api=True)

        self.assertTrue(result['kernel_version'].startswith('3.2.'))
        self.assertTrue('buildd' in result['kernel_version'])
コード例 #37
0
 def test_os_fingerprint(self):
     result = exec_payload(self.shell, 'os_fingerprint', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #38
0
 def test_root_login_allowed(self):
     result = exec_payload(self.shell, 'root_login_allowed', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #39
0
ファイル: test_ssh_version.py プロジェクト: binarever/tools 
 def test_ssh_version(self):
     result = exec_payload(self.shell, 'ssh_version', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #40
0
ファイル: test_log_reader.py プロジェクト: 0x554simon/w3af 
 def test_log_reader(self):
     result = exec_payload(self.shell, 'log_reader', use_api=True)
     logs = set(result.keys())
     self.assertTrue(self.EXPECTED_RESULT.issubset(logs), logs)
コード例 #41
0
ファイル: test_log_reader.py プロジェクト: webvul/webfuzzer 
 def test_log_reader(self):
     result = exec_payload(self.shell, 'log_reader', use_api=True)
     logs = set(result.keys())
     self.assertTrue(self.EXPECTED_RESULT.issubset(logs), logs)
コード例 #42
0
 def test_list_kernel_modules(self):
     result = exec_payload(self.shell, 'list_kernel_modules', use_api=True)
     self.assertTrue(
         set(result.keys()).issuperset(self.EXPECTED_RESULT), result.keys())
コード例 #43
0
 def test_netcat_installed(self):
     result = exec_payload(self.shell, 'netcat_installed', use_api=True)
     
     self.assertIn(result, [self.EXISTS_EXPECTED_RESULT,
                            self.NOTEXISTS_EXPECTED_RESULT])
コード例 #44
0
 def test_dhcp_config_files(self):
     result = exec_payload(self.shell, 'dhcp_config_files', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #45
0
 def test_firefox_stealer(self):
     result = exec_payload(self.shell, 'firefox_stealer', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #46
0
ファイル: test_hostname.py プロジェクト: ZionOps/w3af 
 def test_hostname(self):
     result = exec_payload(self.shell, "hostname", use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #47
0
ファイル: test_is_root.py プロジェクト: webvul/webfuzzer 
 def test_is_root(self):
     result = exec_payload(self.shell, 'is_root', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #48
0
ファイル: test_arp_cache.py プロジェクト: ZionOps/w3af 
 def test_arp_cache(self):
     result = exec_payload(self.shell, "arp_cache", use_api=True)
     for ip_address, (mac, iface) in result.iteritems():
         self.assertEquals(ip_address.count("."), 3)
         self.assertEquals(mac.count(":"), 5)
         self.assertTrue(iface.startswith("eth"))
コード例 #49
0
 def test_apache_run_group(self):
     result = exec_payload(self.shell, 'apache_run_group', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #50
0
 def test_rootkit_hunter(self):
     result = exec_payload(self.shell, 'rootkit_hunter', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #51
0
ファイル: test_rootkit_hunter.py プロジェクト: ZionOps/w3af 
 def test_rootkit_hunter(self):
     result = exec_payload(self.shell, "rootkit_hunter", use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result)
コード例 #52
0
ファイル: test_spider.py プロジェクト: ZionOps/w3af 
 def test_spider(self):
     result = exec_payload(self.shell, "spider", args=(2,), use_api=True)
     self.assertTrue("/home/moth/keys.txt" in result)
     self.assertTrue(result["/home/moth/keys.txt"])
コード例 #53
0
 def test_ssh_config_files(self):
     result = exec_payload(self.shell, 'ssh_config_files', use_api=True)
     self.assertTrue('/etc/ssh/sshd_config' in result)
     self.assertTrue('PermitRootLogin' in result['/etc/ssh/sshd_config'])
コード例 #54
0
ファイル: test_hosts.py プロジェクト: 0x554simon/w3af 
 def test_hosts(self):
     result = exec_payload(self.shell, 'hosts', use_api=True)
     self.assertEquals(self.EXPECTED_RESULT, result.keys())