def _addOutputPlugin(self, OutputPluginName):
'''
Takes a string with the OutputPluginName, creates the object and
adds it to the OutputPluginName
@parameter OutputPluginName: The name of the plugin to add to the list.
@return: No value is returned.
'''
if OutputPluginName == 'all':
fileList = os.listdir(os.path.join('plugins', 'output'))
strReqPlugins = [os.path.splitext(f)[0] for f in fileList
if os.path.splitext(f)[1] == '.py']
strReqPlugins.remove ('__init__')
for pluginName in strReqPlugins:
plugin = factory('plugins.output.' + pluginName)
if pluginName in self._pluginsOptions.keys():
plugin.setOptions(self._pluginsOptions[pluginName])
# Append the plugin to the list
self._outputPluginList.append(plugin)
else:
plugin = factory('plugins.output.' + OutputPluginName)
if OutputPluginName in self._pluginsOptions.keys():
plugin.setOptions(self._pluginsOptions[OutputPluginName])
# Append the plugin to the list
self._outputPluginList.append(plugin)
def _add_output_plugin(self, OutputPluginName):
'''
Takes a string with the OutputPluginName, creates the object and
adds it to the OutputPluginName
:param OutputPluginName: The name of the plugin to add to the list.
:return: No value is returned.
'''
if OutputPluginName == 'all':
fileList = os.listdir(os.path.join('plugins', 'output'))
strReqPlugins = [
os.path.splitext(f)[0] for f in fileList
if os.path.splitext(f)[1] == '.py'
]
strReqPlugins.remove('__init__')
for plugin_name in strReqPlugins:
plugin = factory('plugins.output.' + plugin_name)
if plugin_name in self._plugin_options.keys():
plugin.set_options(self._plugin_options[plugin_name])
# Append the plugin to the list
self._output_plugin_instances.append(plugin)
else:
plugin = factory('plugins.output.' + OutputPluginName)
if OutputPluginName in self._plugin_options.keys():
plugin.set_options(self._plugin_options[OutputPluginName])
# Append the plugin to the list
self._output_plugin_instances.append(plugin)
def _run_plugins(self, response):
'''
Runs password profiling plugins to collect data from HTML, TXT,
PDF, etc files.
:param response: A HTTPResponse object
:return: A map with word:repetitions
'''
# Create plugin instances only once
if not self._plugins:
for plugin_name in self._plugins_names_dict:
plugin_klass = 'plugins.grep.password_profiling_plugins.%s'
plugin_instance = factory(plugin_klass % plugin_name)
self._plugins.append(plugin_instance)
res = {}
for plugin in self._plugins:
wordMap = plugin.get_words(response)
if wordMap is not None:
# If a plugin returned something thats not None, then we are done.
# this plugins only return a something different of None of they
# found something
res = wordMap
break
return res
def getPluginOptions( self, pluginType, pluginName ):
'''
@return: A dict with the options for a plugin. For example: { 'LICENSE_KEY':'AAAA' }
'''
# Get the plugin defaults with their types
pluginInstance = factory('plugins.' + pluginType + '.' + pluginName )
optionsMap = pluginInstance.getOptions()
for section in self._config.sections():
# Section is something like audit.xss or discovery.webSpider
try:
type, name = section.split('.')
except:
pass
else:
if type == pluginType and name == pluginName:
for option in self._config.options(section):
try:
value = self._config.get(section, option)
except KeyError,k:
# We should never get here...
msg = 'The option "%s" is unknown for the "%s" plugin.'
raise w3afException( msg % (option, pluginName) )
else:
optionsMap[option].setValue(value)
def get_plugin_options(self, plugin_type, plugin_name):
'''
:return: A dict with the options for a plugin. For example: { 'LICENSE_KEY':'AAAA' }
'''
# Get the plugin defaults with their types
plugin_instance = factory('plugins.' + plugin_type + '.' + plugin_name)
options_list = plugin_instance.get_options()
for section in self._config.sections():
# Section is something like audit.xss or crawl.web_spider
try:
type, name = section.split('.')
except:
pass
else:
if type == plugin_type and name == plugin_name:
for option in self._config.options(section):
try:
value = self._config.get(section, option)
except KeyError:
# We should never get here...
msg = 'The option "%s" is unknown for the "%s" plugin.'
raise w3afException(msg % (option, plugin_name))
else:
options_list[option].set_value(value)
return options_list
def _run_plugins(self, response):
'''
Runs password profiling plugins to collect data from HTML, TXT,
PDF, etc files.
:param response: A HTTPResponse object
:return: A map with word:repetitions
'''
# Create plugin instances only once
if not self._plugins:
for plugin_name in self._plugins_names_dict:
plugin_klass = 'plugins.grep.password_profiling_plugins.%s'
plugin_instance = factory(plugin_klass % plugin_name)
self._plugins.append(plugin_instance)
res = {}
for plugin in self._plugins:
wordMap = plugin.get_words(response)
if wordMap is not None:
# If a plugin returned something thats not None, then we are done.
# this plugins only return a something different of None of they
# found something
res = wordMap
break
return res
def test_all_wizards(self):
mod = 'core.controllers.wizard.wizards.%s'
w3af_core = w3afCore()
for filename in os.listdir('core/controllers/wizard/wizards/'):
wizard_id, ext = os.path.splitext(filename)
if wizard_id in ('__init__', '.git') or ext == '.pyc':
continue
klass = mod % wizard_id
wizard_inst = factory(klass, w3af_core)
yield self._test_wizard_correct, wizard_inst
wizard_inst = factory(klass, w3af_core)
yield self._test_wizard_fail, wizard_inst
def _get_instances( self, question_list ):
'''
@parameter question_list: A list of question ids
@return: A list of question objects
'''
res = []
for question_id in question_list:
question_instance = factory('core.controllers.wizard.questions.question_' + question_id)
question_instance.w3af_core = self.w3af_core
res.append( question_instance )
return res
def _get_instances(self, question_list, w3af_core):
'''
:param question_list: A list of question ids
:param w3af_core: The w3af core object to pass to the question id
:return: A list of question objects
'''
res = []
mod = 'core.controllers.wizard.questions.question_%s'
for question_id in question_list:
klass = mod % question_id
question_inst = factory(klass, w3af_core)
res.append(question_inst)
return res
def __init__(self):
# Instanciate the w3af plugins
print "loading w3af plugins"
print "--------------------"
for pluginName in plugins:
try:
print "Loading %s... " % pluginName,
plugin = factory('plugins.' + pluginName)
self.loadedPlugins.append(plugin)
print "%s%s" % (' ' * (30 - len(pluginName)), "Success")
except w3afException, e:
#print str(e) # This needs to be uncommented to see what is the exception
print "%s%s" % (' ' * (30 - len(pluginName)), "Failed")
def _get_instances(self, question_list, w3af_core):
'''
:param question_list: A list of question ids
:param w3af_core: The w3af core object to pass to the question id
:return: A list of question objects
'''
res = []
mod = 'core.controllers.wizard.questions.question_%s'
for question_id in question_list:
klass = mod % question_id
question_inst = factory(klass, w3af_core)
res.append(question_inst)
return res
def getPluginInstance(self, pluginName, pluginType):
'''
@return: An instance of a plugin.
'''
pluginInst = factory('plugins.' + pluginType + '.' + pluginName)
pluginInst.setUrlOpener(self._w3af_core.uriOpener)
if pluginName in self._plugins_options[ pluginType ].keys():
pluginInst.setOptions(self._plugins_options[pluginType ][pluginName])
# This will init some plugins like mangle and output
if pluginType == 'attack' and not self.initialized:
self.init_plugins()
return pluginInst
def __init__(self):
# Instanciate the w3af plugins
print "loading w3af plugins"
print "--------------------"
for pluginName in plugins:
try:
print "Loading %s... " % pluginName ,
plugin = factory('plugins.' + pluginName)
self.loadedPlugins.append(plugin)
print "%s%s" % (' '*(30-len(pluginName)), "Success")
except w3afException, e:
#print str(e) # This needs to be uncommented to see what is the exception
print "%s%s" % (' '*(30-len(pluginName)), "Failed")
def get_plugin_inst(self, plugin_type, plugin_name):
'''
:return: An instance of a plugin.
'''
plugin_inst = factory('plugins.' + plugin_type + '.' + plugin_name)
plugin_inst.set_url_opener(self._w3af_core.uri_opener)
plugin_inst.set_worker_pool(self._w3af_core.worker_pool)
if plugin_name in self._plugins_options[plugin_type].keys():
custom_options = self._plugins_options[plugin_type][plugin_name]
plugin_inst.set_options(custom_options)
# This will init some plugins like mangle and output
if plugin_type == 'attack' and not self.initialized:
self.init_plugins()
return plugin_inst
def test_all_questions(self):
'''
This is a very basic test where we perform the following:
* Create an instance
* Exercise all getters
* Exercise all setters
* Make sure "back" works
'''
mod = 'core.controllers.wizard.questions.%s'
w3af_core = w3afCore()
for filename in os.listdir('core/controllers/wizard/questions/'):
question_id, ext = os.path.splitext(filename)
if question_id in ('__init__', '.git') or ext == '.pyc':
continue
klass = mod % question_id
question_inst = factory(klass, w3af_core)
yield self._test_qid, question_inst
def _run_plugins( self, response ):
'''
Runs password profiling plugins to collect data from HTML, TXT, PDF, etc files.
@parameter response: A httpResponse object
@return: A map with word:repetitions
'''
# Create plugin instances only once
if not self._plugins:
for plugin_name in self._plugin_name_list:
plugin_instance = factory( 'plugins.grep.passwordProfilingPlugins.' + plugin_name )
self._plugins.append( plugin_instance )
res = {}
for plugin in self._plugins:
wordMap = plugin.getWords( response )
if wordMap is not None:
# If a plugin returned something thats not None, then we are done.
# this plugins only return a something different of None of they found something
res = wordMap
break
return res
def plugin_factory( self, strReqPlugins, pluginType ):
'''
This method creates the requested modules list.
@parameter strReqPlugins: A string list with the requested plugins to be executed.
@parameter pluginType: [audit|discovery|grep]
@return: A list with plugins to be executed, this list is ordered using the exec priority.
'''
requestedPluginsList = []
if 'all' in strReqPlugins:
fileList = [ f for f in os.listdir('plugins' + os.path.sep+ pluginType + os.path.sep ) ]
allPlugins = [ os.path.splitext(f)[0] for f in fileList if os.path.splitext(f)[1] == '.py' ]
allPlugins.remove ( '__init__' )
if len ( strReqPlugins ) != 1:
# [ 'all', '!sqli' ]
# I want to run all plugins except sqli
unwantedPlugins = [ x[1:] for x in strReqPlugins if x[0] =='!' ]
strReqPlugins = list( set(allPlugins) - set(unwantedPlugins) ) #bleh! v2
else:
strReqPlugins = allPlugins
# Update the plugin list
# This update is usefull for cases where the user selected "all" plugins,
# the self._plugin_name_list[pluginType] is useless if it says 'all'.
self._plugin_name_list[pluginType] = strReqPlugins
for pluginName in strReqPlugins:
plugin = factory( 'plugins.' + pluginType + '.' + pluginName )
# Now we are going to check if the plugin dependencies are met
for dep in plugin.getPluginDeps():
try:
depType, depPlugin = dep.split('.')
except:
msg = ('Plugin dependencies must be indicated using '
'pluginType.pluginName notation. This is an error in '
'%s.getPluginDeps().' % pluginName)
raise w3afException(msg)
if depType == pluginType:
if depPlugin not in strReqPlugins:
if cf.cf.getData('autoDependencies'):
strReqPlugins.append( depPlugin )
om.out.information('Auto-enabling plugin: ' + pluginType + '.' + depPlugin)
# nice recursive call, this solves the "dependency of dependency" problem =)
return self.plugin_factory( strReqPlugins, depType )
else:
msg = ('Plugin "%s" depends on plugin "%s" and '
'"%s" is not enabled.' % (pluginName, dep, dep))
raise w3afException(msg)
else:
if depPlugin not in self._plugin_name_list[depType]:
if cf.cf.getData('autoDependencies'):
dependObj = factory( 'plugins.' + depType + '.' + depPlugin )
dependObj.setUrlOpener( self._w3af_core.uriOpener )
if dependObj not in self.plugins[depType]:
self.plugins[depType].insert( 0, dependObj )
self._plugin_name_list[depType].append( depPlugin )
om.out.information('Auto-enabling plugin: ' + depType + '.' + depPlugin)
else:
msg = ('Plugin "%s" depends on plugin "%s" and '
'"%s" is not enabled.' % (pluginName, dep, dep))
raise w3afException(msg)
else:
# if someone in another planet depends on me... run first
self._plugin_name_list[depType].remove( depPlugin )
self._plugin_name_list[depType].insert( 0, depPlugin )
# Now we set the plugin options
if pluginName in self._plugins_options[ pluginType ]:
pOptions = self._plugins_options[ pluginType ][ pluginName ]
plugin.setOptions( pOptions )
# This sets the url opener for each module that is called inside the for loop
plugin.setUrlOpener( self._w3af_core.uriOpener )
# Append the plugin to the list
requestedPluginsList.append ( plugin )
# The plugins are all on the requestedPluginsList, now I need to order them
# based on the module dependencies. For example, if A depends on B , then
# B must be run first.
orderedPluginList = []
for plugin in requestedPluginsList:
deps = plugin.getPluginDeps()
if len( deps ) != 0:
# This plugin has dependencies, I should add the plugins in order
for plugin2 in requestedPluginsList:
if pluginType+'.'+plugin2.getName() in deps and plugin2 not in orderedPluginList:
orderedPluginList.insert( 1, plugin2)
# Check if I was added because of a dep, if I wasnt, add me.
if plugin not in orderedPluginList:
orderedPluginList.insert( 100, plugin )
# This should never happend.
if len(orderedPluginList) != len(requestedPluginsList):
error_msg = ('There is an error in the way w3afCore orders '
'plugins. The ordered plugin list length is not equal to the '
'requested plugin list.')
om.out.error( error_msg, newLine=False)
om.out.error('The error was found sorting plugins of type: '+ pluginType +'.')
error_msg = ('Please report this bug to the developers including a '
'complete list of commands that you run to get to this error.')
om.out.error(error_msg)
om.out.error('Ordered plugins:')
for plugin in orderedPluginList:
om.out.error('- ' + plugin.getName() )
om.out.error('\nRequested plugins:')
for plugin in requestedPluginsList:
om.out.error('- ' + plugin.getName() )
sys.exit(-1)
return orderedPluginList
def get_quick_instance(plugin_type, plugin_name):
plugin_module = '.'.join(['plugins', plugin_type, plugin_name])
return factory(plugin_module)
