def __init__(self): AuditPlugin.__init__(self) # Internal variables self._file_compiled_regex = [] self._error_compiled_regex = [] self._open_basedir = False
def __init__(self): AuditPlugin.__init__(self) self._already_tested = set() self._min_expire_days = 30 self._ca_file = os.path.join('plugins', 'audit', 'ssl_certificate', 'ca.pem')
def __init__(self): ''' Some notes: On Apache, when an overflow happends on a cgic script, this is written to the log: *** stack smashing detected ***: /var/www/.../buffer_overflow.cgi terminated, referer: http://localhost/w3af/bufferOverflow/buffer_overflow.cgi Premature end of script headers: buffer_overflow.cgi, referer: ... On Apache, when an overflow happends on a cgic script, this is returned to the user: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> <hr> <address>Apache/2.0.55 (Ubuntu) mod_python/3.2.8 Python/2.4.4c1 PHP/5.1.6 Server at localhost Port 80</address> </body></html> Note that this is an Apache error 500, not the more common PHP error 500. ''' AuditPlugin.__init__(self)
def __init__(self): AuditPlugin.__init__(self) self._xss_mutants = DiskList() # User configured parameters self._check_persistent_xss = True
def __init__(self): ''' Plugin added just for completeness... I dont really expect to find one of this bugs in my life... but well.... if someone , somewhere in the planet ever finds a bug of using this plugin... THEN my job has been done :P ''' AuditPlugin.__init__(self)
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._potential_vulns = DiskList() # User configured variables self._diff_ratio = 0.30
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._script_re = re.compile('< *?script.*?>(.*?)< *?/ *?script *?>', re.IGNORECASE | re.DOTALL) self._meta_url_re = re.compile( '.*?;URL=(.*)', re.IGNORECASE | re.DOTALL)
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._script_re = re.compile('< *?script.*?>(.*?)< *?/ *?script *?>', re.IGNORECASE | re.DOTALL) self._meta_url_re = re.compile('.*?;URL=(.*)', re.IGNORECASE | re.DOTALL)
def __init__(self): AuditPlugin.__init__(self) # # Some internal variables # self._special_chars = ['', '&&', '|', ';'] self._file_compiled_regex = []
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._expected_res_mutant = DiskDict() self._freq_list = DiskList() re_str = '<!--#exec cmd="echo -n (.*?);echo -n (.*?)" -->' self._extract_results_re = re.compile(re_str)
def __init__(self): AuditPlugin.__init__(self) # Create some random strings, which the plugin will use. # for the fuzz_with_echo self._rnd = rand_alpha(5) self._expected_result = self._rnd * self.PRINT_REPEATS # User configured parameters self._use_time_delay = True self._use_echo = True
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._error_reported = False # FIXME: self._vulns and self._report_vulns are not thread-safe self._vulns = [] # User configured parameters self._listen_port = ports.REMOTEFILEINCLUDE self._listen_address = get_local_ip() or '' self._use_w3af_site = True
def __init__(self): AuditPlugin.__init__(self) # Define plugin options configuration variables self.origin_header_value = "http://w3af.org/" # Internal variables self._reported_global = set() self._universal_allow_counter = 0 self._origin_echo_counter = 0 self._universal_origin_allow_creds_counter = 0 self._allow_methods_counter = 0
def __init__(self): AuditPlugin.__init__(self) # Some internal vars self._tag_xpath = etree.XPath('//iframe | //frame') # I test this with different URL handlers because the developer may have # blacklisted http:// and https:// but missed ftp://. # # I also use hTtp instead of http because I want to evade some (stupid) # case sensitive filters self._test_urls = ('hTtp://w3af.org/', 'htTps://w3af.org/', 'fTp://w3af.org/')
def __init__(self): AuditPlugin.__init__(self) # Config params self._users_file = os.path.join("core", "controllers", "bruteforce", "users.txt") self._passwd_file = os.path.join("core", "controllers", "bruteforce", "passwords.txt") self._combo_file = os.path.join("core", "controllers", "bruteforce", "combo.txt") self._combo_separator = ":" self._use_emails = True self._use_SVN_users = True self._pass_eq_user = True self._l337_p4sswd = True self._useMails = True self._use_profiling = True self._profiling_number = 50 self._stop_on_first = True # Internal vars self._found = False self._already_reported = [] self._already_tested = []
def __init__(self): AuditPlugin.__init__(self) # Config params self._users_file = os.path.join('core', 'controllers', 'bruteforce', 'users.txt') self._passwd_file = os.path.join('core', 'controllers', 'bruteforce', 'passwords.txt') self._combo_file = os.path.join('core', 'controllers', 'bruteforce', 'combo.txt') self._combo_separator = ":" self._use_emails = True self._use_SVN_users = True self._pass_eq_user = True self._l337_p4sswd = True self._useMails = True self._use_profiling = True self._profiling_number = 50 self._stop_on_first = True # Internal vars self._found = False self._already_reported = [] self._already_tested = []
def __init__(self): AuditPlugin.__init__(self) # User configured variables self._eq_limit = 0.9
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._already_tested_dirs = ScalableBloomFilter()
def __init__(self): AuditPlugin.__init__(self)
def __init__(self): AuditPlugin.__init__(self) self._strict_mode = False self._equal_limit = 0.90
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._already_tested = ScalableBloomFilter()
def __init__(self): AuditPlugin.__init__(self) # Internal variables self._exec = True
def __init__(self): AuditPlugin.__init__(self) # User configured self._extensions = ["gif", "html", "bmp", "jpg", "png", "txt"]
def __init__(self): AuditPlugin.__init__(self) self._already_tested = ScalableBloomFilter()
def __init__(self): AuditPlugin.__init__(self) # User configured self._extensions = ['gif', 'html', 'bmp', 'jpg', 'png', 'txt']