def __init__(self):
baseGrepPlugin.__init__(self)
# Compile the XPATH
self._tag_xpath = etree.XPath('//object | //applet')
self._tag_names = ('object', 'applet')
self._already_analyzed = scalable_bloomfilter()
def __init__(self):
baseGrepPlugin.__init__(self)
# This is nicer, but htmlParser inherits from SGMLParser that IS NOT
# thread safe, So i have to create an instance of htmlParser for every
# call to testResponse
#self._htmlParser = htmlParser.htmlParser()
kb.kb.save( self, 'passwordProfiling', {} )
# names of plugins to run
### TODO: develop more plugins, there is a nice ( all python ) metadata reader named hachoir-metadata
### it will be usefull for doing A LOT of plugins
self._plugin_name_list = ['html', 'pdf']
# plugin instances, they are created in the first call to self._run_plugins
self._plugins = []
# This are common words I dont want to use as passwords
self._commonWords = {}
self._commonWords['en'] = [ 'type', 'that', 'from', 'this', 'been', 'there', 'which',
'line', 'error', 'warning', 'file', 'fatal', 'failed', 'open', 'such', 'required',
'directory', 'valid', 'result', 'argument', 'there', 'some']
self._commonWords['es'] = [ 'otro', 'otra', 'para', 'pero', 'hacia', 'algo', 'poder',
'error']
self._commonWords['unknown'] = self._commonWords['en']
# Some words that are banned
self._banned_words = [ 'forbidden', 'browsing', 'index' ]
def __init__(self):
baseGrepPlugin.__init__(self)
self._rss_tag_attr = [('rss', 'version', 'RSS'),# <rss version="...">
('feed', 'version', 'OPML'),# <feed version="..."
('opml', 'version', 'OPML') # <opml version="...">
]
self._already_inspected = scalable_bloomfilter()
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._exec = True
# Some constants
self._prepositions = {}
self._prepositions[ 'en' ] = ['aboard', 'about', 'above', 'absent', 'across', 'after',
'against', 'along', 'alongside', 'amid', 'amidst', 'among', 'amongst', 'around', 'as',
'astride', 'at', 'atop', 'before', 'behind', 'below', 'beneath', 'beside', 'besides',
'between', 'beyond', 'but', 'by', 'despite', 'down', 'during', 'except', 'following',
'for', 'from', 'in', 'inside', 'into', 'like', 'mid', 'minus', 'near', 'nearest',
'notwithstanding', 'of', 'off', 'on', 'onto', 'opposite', 'out', 'outside', 'over',
'past', 're', 'round', 'save', 'since', 'than', 'through', 'throughout', 'till', 'to',
'toward', 'towards', 'under', 'underneath', 'unlike', 'until', 'up', 'upon', 'via',
'with', 'within', 'without']
# The 'a' preposition was removed, cause its also used in english
self._prepositions[ 'es' ] = ['ante', 'bajo', 'cabe', 'con' , 'contra' , 'de',
'desde', 'en', 'entre', 'hacia', 'hasta', 'para', 'por' , 'segun', 'si', 'so',
'sobre', 'tras']
# Turkish
# Sertan Kolat <*****@*****.**>
self._prepositions[ 'tr' ] = ['ancak', 'burada', 'duyuru', 'evet', 'fakat',
'gibi', 'haber', 'kadar', 'karar', 'kaynak', 'olarak', 'sayfa', 'siteye',
'sorumlu', 'tamam', 'yasak', 'zorunlu']
def __init__(self):
baseGrepPlugin.__init__(self)
self._already_reported = scalable_bloomfilter()
# regex to split between words
self._split_re = re.compile('[^\w]')
def __init__(self):
baseGrepPlugin.__init__(self)
self._tag_names = []
self._tag_names.append('object')
self._tag_names.append('applet')
self._already_analyzed = ScalableBloomFilter()
def __init__(self):
baseGrepPlugin.__init__(self)
# Only generate the lists once.
# Adding 0,001% performance ;)
self._already_inspected = scalable_bloomfilter()
self._wsdl_strings = self._get_WSDL_strings()
self._disco_strings = ['disco:discovery ']
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._already_inspected = scalable_bloomfilter()
self._autocomplete_forms_xpath = etree.XPath( AUTOCOMPLETE_FORMS_XPATH )
self._pwd_input_xpath = etree.XPath( PWD_INPUT_XPATH )
self._text_input_xpath = etree.XPath( TEXT_INPUT_XPATH )
def __init__(self):
baseGrepPlugin.__init__(self)
# User configured parameters
self._useSmartGrep = True
self._useSimpleGrep = False
# Compile the regular expressions
self._scriptRe = re.compile('< *script *>(.*?)</ *script *>', re.IGNORECASE | re.DOTALL)
# Function regular expressions
self._functionNamesRe = [ re.compile(i, re.IGNORECASE) for i in self._getFunctionNames(True) ]
def __init__(self):
baseGrepPlugin.__init__(self)
self._already_visited = ScalableBloomFilter()
# Added performance by compiling all the regular expressions
# before using them. The setup time of the whole plugin raises,
# but the execution time is lowered *a lot*.
self._compiled_regex_list = [ re.compile(regex, re.IGNORECASE | re.DOTALL) for regex in self._get_indexing_regex() ]
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._already_added = []
# Compile all regular expressions now
self._compiled_regexes = {}
self._compile_regex()
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._comments = {}
self._already_reported_interesting = []
# User configurations
self._search404 = False
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._already_inspected = ScalableBloomFilter()
# Create the regular expression to search for AJAX
ajax_regex_string = '(XMLHttpRequest|eval\(|ActiveXObject|Msxml2\.XMLHTTP|'
ajax_regex_string += 'ActiveXObject|Microsoft\.XMLHTTP)'
self._ajax_regex_re = re.compile( ajax_regex_string, re.IGNORECASE )
def __init__(self):
baseGrepPlugin.__init__(self)
self._feed_types = {'rss': 'RSS', # <rss version="...">
'feed': 'OPML',# <feed version="..."
'opml': 'OPML' # <opml version="...">
}
self._already_inspected = scalable_bloomfilter()
# Compile the XPATH
self._tag_xpath = etree.XPath('//rss | //feed | //opml')
def __init__(self):
baseGrepPlugin.__init__(self)
# For more info regarding this regular expression, please see:
# https://sourceforge.net/mailarchive/forum.php?thread_name=1955593874.20090122023644%40
#mlists.olympos.org&forum_name=w3af-develop
regex_str = '(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.'
regex_str += '254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-'
regex_str += '9]?)){2}(?!\d)(?!\.)'
self._private_ip_address = re.compile(regex_str)
self._regex_list = [self._private_ip_address ]
def __init__(self):
baseGrepPlugin.__init__(self)
self._already_inspected = ScalableBloomFilter()
# Add the regex to match something like this:
#
# $Id: lzio.c,v 1.24 2003/03/20 16:00:56 roberto Exp $
# $Id: file name, version, timestamp, creator Exp $
#
regex = '\$.{1,12}: .*? .*? \d{4}[-/]\d{1,2}[-/]\d{1,2}'
regex += ' \d{1,2}:\d{1,2}:\d{1,2}.*? (.*?) (Exp )?\$'
self._regex_list = [ re.compile(regex) ]
def __init__(self):
baseGrepPlugin.__init__(self)
# User defined options
self._single_regex = ""
self._regex_file_path = ""
# Internal variables
# Improved performance by compiling all the regular expressions
# before using them (see setOptions method)
self._regexlist_compiled = []
self._all_in_one = None
def __init__(self):
baseGrepPlugin.__init__(self)
# The following regex matches a valid url as well as the text about:internet.
# Also it validates the number in the parenthesis. It should be a 4 digit number
# and must tell about the length of the url that follows
regex = r"""<!--\s*saved from url=\(([\d]{4})\)(https?://([-\w\.]+)"""
regex += r"""+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?|about:internet)\s{1}\-\->"""
self._motw_re = re.compile(regex)
# User configured parameter
self._withoutMOTW = False
def __init__(self):
baseGrepPlugin.__init__(self)
self._comments = {}
self._search404 = False
self._interesting_words = {'user':None, 'pass':None, 'microsoft':None,
'visual':None, 'linux':None, 'source':None, 'author':None, 'release':None,
'version':None, 'verify-v1':'Google Sitemap' }
self._already_inspected = ScalableBloomFilter()
'''
def __init__(self):
baseGrepPlugin.__init__(self)
self._already_inspected = ScalableBloomFilter()
# re that searches for
#GET / HTTP/1.0
self._re_request = re.compile('[a-zA-Z]{3,6} .*? HTTP/1.[01]')
# re that searches for
#HTTP/1.1 200 OK
self._re_response = re.compile('HTTP/1.[01] [0-9][0-9][0-9] [a-zA-Z]*')
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._already_inspected = scalable_bloomfilter()
# Create the regular expression to search for AJAX
ajax_regex_string = '(XMLHttpRequest|eval\(|ActiveXObject|Msxml2\.XMLHTTP|'
ajax_regex_string += 'ActiveXObject|Microsoft\.XMLHTTP)'
self._ajax_regex_re = re.compile( ajax_regex_string, re.IGNORECASE )
# Compile the XPATH
self._script_xpath = etree.XPath('.//script')
def __init__(self):
baseGrepPlugin.__init__(self)
self._w3c_reasons = {
100: ['continue',],
101: ['switching protocols',],
200: ['ok',],
201: ['created',],
202: ['accepted',],
203: ['non-authoritative information',],
204: ['no content',],
205: ['reset content',],
206: ['partial content',],
300: ['multiple choices',],
301: ['moved permanently',],
302: ['found',],
303: ['see other',],
304: ['not modified',],
305: ['use proxy',],
306: ['(unused)',],
307: ['temporary redirect',],
400: ['bad request',],
401: ['unauthorized', 'authorization required'],
402: ['payment required',],
403: ['forbidden',],
404: ['not found',],
405: ['method not allowed','not allowed'],
406: ['not acceptable',],
407: ['proxy authentication required',],
408: ['request timeout',],
409: ['conflict',],
410: ['gone',],
411: ['length required',],
412: ['precondition failed',],
413: ['request entity too large',],
414: ['request-uri too long',],
415: ['unsupported media type',],
416: ['requested range not satisfiable',],
417: ['expectation failed',],
500: ['internal server error',],
501: ['not implemented',],
502: ['bad gateway',],
503: ['service unavailable',],
504: ['gateway timeout',],
505: ['http version not supported',],
}
def __init__(self):
baseGrepPlugin.__init__(self)
self._cardResponses = []
cc_regex = '((^|[^\d])\d{4}[- ]?(\d{4}[- ]?\d{4}|\d{6})[- ]?(\d{5}|\d{4})($|[^\d]))'
# (^|[^\d]) Match the start of the string, or something that's NOT a digit
# \d{4}[- ]? Match four digits, and then (optionally) a "-" or a space
# (\d{4}[- ]?\d{4}|\d{6}) Match one of the following:
# - Four digits, and then (optionally) a "-" or a space and then four digits again (VISA cards)
# - Six digits (AMEX cards)
# [- ]? Match a "-" or a space (optionally)
# (\d{5}|\d{4}) Match the final digits, five or four digits
# ($|[^\d]) Match the end of the string, or something that's NOT a digit
self._cc_regex = re.compile(cc_regex, re.M)
def __init__(self):
baseGrepPlugin.__init__(self)
vsRegex = r'<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value=".*?" />'
self._viewstate = re.compile( vsRegex, re.IGNORECASE|re.DOTALL)
evRegex = r'<input type="hidden" name="__EVENTVALIDATION" '
evRegex += 'id="__EVENTVALIDATION" value=".*?" />'
self._eventvalidation = re.compile( evRegex, re.IGNORECASE|re.DOTALL)
encryptedVsRegex = r'<input type="hidden" name="__VIEWSTATEENCRYPTED" '
encryptedVsRegex += 'id="__VIEWSTATEENCRYPTED" value=".*?" />'
self._encryptedVs = re.compile( encryptedVsRegex, re.IGNORECASE|re.DOTALL)
self._already_reported = scalable_bloomfilter()
def __init__(self):
baseGrepPlugin.__init__(self)
# Internal variables
self._comments = {}
self._interestingWords = ['user', 'pass', 'xxx', 'fix', 'bug', 'broken', 'oops', 'hack',
'caution', 'todo', 'note', 'warning', '!!!', '???', 'shit','stupid', 'tonto', 'porqueria',
'ciudado', 'usuario', 'contrase', 'puta',
'secret','@', 'email','security','captcha',
# some in Portuguese
'banco', 'bradesco', 'itau', 'visa', 'bancoreal', 'transfêrencia', 'depósito', 'cartão', 'crédito', 'dados pessoais'
]
self._already_reported_interesting = []
# User configurations
self._search404 = False
def __init__(self):
baseGrepPlugin.__init__(self)
self._comments = {}
self._search404 = False
self._interesting_words = {
"user": None,
"pass": None,
"microsoft": None,
"visual": None,
"linux": None,
"source": None,
"author": None,
"release": None,
"version": None,
"verify-v1": "Google Sitemap",
}
self._already_inspected = scalable_bloomfilter()
"""
def __init__(self):
baseGrepPlugin.__init__(self)
# User configured variables
self._only_target_domain = True
self._already_inspected = ScalableBloomFilter()
def __init__(self):
baseGrepPlugin.__init__(self)
self._auth_uri_regex = re.compile('.*://[\w%]*?:[\w%]*?@[\w\.]{3,40}')
def __init__(self):
baseGrepPlugin.__init__(self)
self._error_500_responses = set()
def __init__(self):
baseGrepPlugin.__init__(self)
self._already_reported = ScalableBloomFilter()
