def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web application \ when doing remote file inclusions. This setting configures where the webserver\ is going to listen for requests.' o = opt_factory('listen_address', self._listen_address, d, STRING, help=h) ol.add(o) d = 'TCP port that the webserver will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, PORT) ol.add(o) d = 'Use w3af site to test for remote file inclusion' h = 'The plugin can use the w3af site to test for remote file inclusions, which is\ convenient when you are performing a test behind a NAT firewall.' o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app'\ ' when doing remote file inclusions. This setting configures on'\ ' what IP address the webserver is going to listen.' o = opt_factory('listen_address', self._listen_address, d, 'ip', help=h) ol.add(o) d = 'Port that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web app'\ ' when doing remote file inclusions. This setting configures on'\ ' what IP address the webserver is going to listen.' o = opt_factory('listen_port', self._listen_port, d, 'port', help=h) ol.add(o) d = 'Instead of including a file in a local webserver; include the '\ ' result of exploiting a XSS bug within the same target site.' o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean') ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() targets = ','.join(str(tar) for tar in cf.cf.get('targets')) d = 'A comma separated list of URLs' o = opt_factory('target', targets, d, 'url_list') ol.add(o) d = 'Target operating system (' + '/'.join( self._operating_systems) + ')' h = 'This setting is here to enhance w3af performance.' # This list "hack" has to be done becase the default value is the one # in the first position on the list tmp_list = self._operating_systems[:] tmp_list.remove(cf.cf.get('target_os')) tmp_list.insert(0, cf.cf.get('target_os')) o = opt_factory('target_os', tmp_list, d, 'combo', help=h) ol.add(o) d = 'Target programming framework (' + '/'.join( self._programming_frameworks) + ')' h = 'This setting is here to enhance w3af performance.' # This list "hack" has to be done because the default value is the one # in the first position on the list tmp_list = self._programming_frameworks[:] tmp_list.remove(cf.cf.get('target_framework')) tmp_list.insert(0, cf.cf.get('target_framework')) o = opt_factory('target_framework', tmp_list, d, 'combo', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = "IP address that the webserver will use to receive requests" h = ( "w3af runs a webserver to serve the files to the target web app" " when doing remote file inclusions. This setting configures on" " what IP address the webserver is going to listen." ) o = opt_factory("listen_address", self._listen_address, d, "ip", help=h) ol.add(o) d = "Port that the webserver will use to receive requests" h = ( "w3af runs a webserver to serve the files to the target web app" " when doing remote file inclusions. This setting configures on" " what IP address the webserver is going to listen." ) o = opt_factory("listen_port", self._listen_port, d, "port", help=h) ol.add(o) d = ( "Instead of including a file in a local webserver; include the " " result of exploiting a XSS bug within the same target site." ) o = opt_factory("use_xss_bug", self._use_XSS_vuln, d, "boolean") ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'When comparing, also compare the content of files.' o = opt_factory('content', self._content, d, BOOL) ol.add(o) d = 'The local directory used in the comparison.' o = opt_factory('local_dir', self._local_dir, d, STRING) ol.add(o) d = 'The remote directory used in the comparison.' o = opt_factory('remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE) ol.add(o) d = 'When comparing content of two files, ignore files with these'\ 'extensions.' o = opt_factory('banned_ext', self._ban_url, d, LIST) ol.add(o) return ol
def test_invalid_data(self): input_file = os.path.join( 'core', 'data', 'foobar', 'does-not-exist.txt') output_file = input_file data = {BOOL: ['rucula'], INT: ['0x32',], FLOAT: ['1x2',], URL: ['http://', '/', ''], URL_LIST: ['http://moth/1 , http://moth:333333',], IPPORT: ['127.0.0.1',], IP: ['127.0.0.', '127.0.0', '3847398740'], REGEX: ['.*(',], INPUT_FILE: [input_file,], OUTPUT_FILE: [output_file,], PORT: ['65536',] } for _type in data: for fake_value in data[_type]: err = '%s for an option of type %s should raise an exception.' try: opt_factory('name', fake_value, 'desc', _type) except w3afException: self.assertTrue(True) else: self.assertTrue(False, err % (fake_value, _type))
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Wordlist to use in directory bruteforcing process.' o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE) ol.add(o) d = 'Wordlist to use in file bruteforcing process.' o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE) ol.add(o) d = 'If set to True, this plugin will bruteforce directories.' o = opt_factory('bf_directories', self._bf_directories, d, BOOL) ol.add(o) d = 'If set to True, this plugin will bruteforce files.' o = opt_factory('bf_files', self._bf_files, d, BOOL) ol.add(o) d = 'If set to True, this plugin will bruteforce all directories, not'\ ' only the root directory.' h = 'WARNING: Enabling this will make the plugin send tens of thousands'\ ' of requests.' o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'IP address that the webserver will use to receive requests' h = 'w3af runs a webserver to serve the files to the target web application \ when doing remote file inclusions. This setting configures where the webserver\ is going to listen for requests.' o = opt_factory( 'listen_address', self._listen_address, d, STRING, help=h) ol.add(o) d = 'TCP port that the webserver will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, PORT) ol.add(o) d = 'Use w3af site to test for remote file inclusion' h = 'The plugin can use the w3af site to test for remote file inclusions, which is\ convenient when you are performing a test behind a NAT firewall.' o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' opt_list = OptionList() desc = 'Use time delay (sleep() technique)' _help = 'If set to True, w3af will checks insecure eval() usage by' \ ' analyzing of time delay result of script execution.' opt = opt_factory('use_time_delay', self._use_time_delay, desc, 'boolean', help=_help) opt_list.add(opt) desc = 'Use echo technique' _help = 'If set to True, w3af will checks insecure eval() usage by' \ ' grepping result of script execution for test strings.' opt = opt_factory('use_echo', self._use_echo, desc, 'boolean', help=_help) opt_list.add(opt) return opt_list
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'When comparing, also compare the content of files.' o = opt_factory('content', self._content, d, BOOL) ol.add(o) d = 'The local directory used in the comparison.' o = opt_factory('local_dir', self._local_dir, d, STRING) ol.add(o) d = 'The remote directory used in the comparison.' o = opt_factory( 'remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE) ol.add(o) d = 'When comparing content of two files, ignore files with these'\ 'extensions.' o = opt_factory('banned_ext', self._ban_url, d, LIST) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Stream edition expressions' h = ('Stream edition expressions are strings that tell the sed plugin' ' which transformations to apply to the HTTP requests and' ' responses. The sed plugin uses regular expressions, some' ' examples:\n' '\n' ' - qh/User/NotLuser/\n' ' This will make sed search in the the re[q]uest [h]eader' ' for the string User and replace it with NotLuser.\n' '\n' ' - sb/[fF]orm/form\n' ' This will make sed search in the re[s]ponse [b]ody for'\ ' the strings form or Form and replace it with form.\n' '\n' 'Multiple expressions can be specified separated by commas.') o = opt_factory('expressions', self._expressions, d, 'list', help=h) ol.add(o) d = 'Fix the content length header after mangling' o = opt_factory('fix_content_len', self._user_option_fix_content_len, d, 'boolean') ol.add(o) return ol
def get_options(self): ol = super(LocalFileReadTemplate, self).get_options() d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)' o = opt_factory('payload', self.payload, d, 'string') ol.add(o) d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)' o = opt_factory('file_pattern', self.file_pattern, d, 'string') ol.add(o) return ol
def get_options(self): opt_lst = super(FileUploadTemplate, self).get_options() d = 'Comma separated list of variable names of type "file"' o = opt_factory('file_vars', self.file_vars, d, 'list') opt_lst.add(o) d = 'URL for the directory where the file is stored on the remote'\ ' server after the POST that uploads it.' o = opt_factory('file_dest', self.file_dest, d, 'url') opt_lst.add(o) return opt_lst
def get_options(self): ol = super(OSCommandingTemplate, self).get_options() d = 'Command separator used for injecting commands. Usually one of'\ '&, |, &&, || or ; .' o = opt_factory('separator', self.separator, d, 'string') ol.add(o) d = 'Remote operating system (linux or windows).' o = opt_factory('operating_system', self.operating_system, d, 'string') ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d1 = 'Destination http port number to analize' o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1) ol.add(o1) d2 = 'Destination httpS port number to analize' o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2) ol.add(o2) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'IP address that the spider_man proxy will use to receive requests' o = opt_factory('listen_address', self._listen_address, d, 'string') ol.add(o) d = 'Port that the spider_man HTTP proxy server will use to receive requests' o = opt_factory('listen_port', self._listen_port, d, 'integer') ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' d1 = 'Try to identify the remote operating system based on the remote users' o1 = opt_factory('identify_os', self._identify_OS, d1, 'boolean') d2 = 'Try to identify applications installed remotely using the available users' o2 = opt_factory('identify_apps', self._identify_applications, d2, 'boolean') ol = OptionList() ol.add(o1) ol.add(o2) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Wordlist to use in the manifest file name bruteforcing process.' o = opt_factory('wordlist', self._wordlist, d, 'string') ol.add(o) d = 'File extensions to use when brute forcing Gears Manifest files' o = opt_factory('manifestExtensions', self._extensions, d, 'list') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = "IP address that the spider_man proxy will use to receive requests" o = opt_factory("listen_address", self._listen_address, d, "string") ol.add(o) d = "Port that the spider_man HTTP proxy server will use to receive requests" o = opt_factory("listen_port", self._listen_port, d, "integer") ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'File name where this plugin will write to' o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE) ol.add(o) d = 'True if debug information will be appended to the report.' o = opt_factory('verbose', self._verbose, d, 'boolean') ol.add(o) return ol
def create_target_option_list(*target): opts = OptionList() opt = opt_factory('target', '', '', URL_LIST) opt.set_value(','.join([u.url_string for u in target])) opts.add(opt) opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo') opts.add(opt) opt = opt_factory('target_framework', ('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp', 'cfm', 'ruby', 'perl'), '', 'combo') opts.add(opt) return opts
def get_options(self): ''' :return: A list of option objects for this plugin. ''' options = [ ('username', self.username, 'string', 'Username for using in the authentication process'), ('password', self.password, 'string', 'Password for using in the authentication process'), ('username_field', self.username_field, 'string', 'Username parameter name (ie. "uname" if the HTML looks' ' like <input type="text" name="uname">...)'), ('password_field', self.password_field, 'string', 'Password parameter name (ie. "pwd" if the HTML looks' ' like <input type="password" name="pwd">...)'), ('auth_url', self.auth_url, 'url', 'URL where the username and password will be sent using a POST' ' request'), ('check_url', self.check_url, 'url', 'URL used to verify if the session is still active by looking for' ' the check_string.'), ('check_string', self.check_string, 'string', 'String for searching on check_url page to determine if the' 'current session is active.'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3])) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' options = [ ('username', self.username, 'string', 'Username for using in the authentication'), ('password', self.password, 'string', 'Password for using in the authentication'), ('username_field', self.username_field, 'string', 'Username HTML field name'), ('password_field', self.password_field, 'string', 'Password HTML field name'), ('data_format', self.data_format, 'string', 'The format for the POST-data or query string'), ('auth_url', self.auth_url, 'url', 'Auth URL - URL for POSTing the authentication information'), ('method', self.method, 'string', 'The HTTP method to use'), ('check_url', self.check_url, 'url', 'Check session URL - URL in which response body check_string will be searched'), ('check_string', self.check_string, 'string', 'String for searching on check_url page to determine if user\ is logged in the web application'), ] ol = OptionList() for o in options: ol.add(opt_factory(o[0], o[1], o[3], o[2])) return ol
def test_factory_already_converted_type(self): data = {BOOL: (True, True), INT: (1, 1), FLOAT: (1.0, 1.0), STRING: ('hello world', 'hello world'), URL: (URL_KLASS('http://moth/'), URL_KLASS('http://moth/')), URL_LIST: ([URL_KLASS('http://moth/1'), URL_KLASS('http://moth/2')], [URL_KLASS('http://moth/1'), URL_KLASS('http://moth/2')]), LIST: (['a', 'b', 'c'], ['a', 'b', 'c']), PORT: (12345, 12345) } for _type, (user_value, parsed_value) in data.iteritems(): opt = opt_factory('name', user_value, 'desc', _type) self.assertEqual(opt.get_name(), 'name') self.assertEqual(opt.get_desc(), 'desc') self.assertEqual(opt.get_type(), _type) self.assertEqual(opt.get_default_value(), parsed_value) self.assertEqual(opt.get_value(), parsed_value) self.assertIsInstance(opt.get_name(), basestring) self.assertIsInstance(opt.get_desc(), basestring) self.assertIsInstance(opt.get_type(), basestring) self.assertIsInstance(opt.get_help(), basestring)
def _initFilterBox(self, mainvbox): """Init advanced search options.""" self._advSearchBox = gtk.HBox() self._advSearchBox.set_spacing(self._padding) self.pref = FilterOptions(self) # Filter options self._filterMethods = [ ('GET', 'GET', False), ('POST', 'POST', False), ] filterMethods = OptionList() for method in self._filterMethods: filterMethods.add( opt_factory(method[0], method[2], method[1], "boolean")) self.pref.add_section('methods', _('Request Method'), filterMethods) filterId = OptionList() filterId.add(opt_factory("min", "0", "Min ID", "string")) filterId.add(opt_factory("max", "0", "Max ID", "string")) self.pref.add_section('trans_id', _('Transaction ID'), filterId) filterCodes = OptionList() codes = [ ("1xx", "1xx", False), ("2xx", "2xx", False), ("3xx", "3xx", False), ("4xx", "4xx", False), ("5xx", "5xx", False), ] for code in codes: filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean")) self.pref.add_section('codes', _('Response Code'), filterCodes) filterMisc = OptionList() filterMisc.add(opt_factory("tag", False, "Tag", "boolean")) filterMisc.add( opt_factory("has_qs", False, "Request has Query String", "boolean")) self.pref.add_section('misc', _('Misc'), filterMisc) filterTypes = OptionList() self._filterTypes = [ ('html', 'HTML', False), ('javascript', 'JavaScript', False), ('image', 'Images', False), ('flash', 'Flash', False), ('css', 'CSS', False), ('text', 'Text', False), ] for filterType in self._filterTypes: filterTypes.add( opt_factory(filterType[0], filterType[2], filterType[1], "boolean")) self.pref.add_section('types', _('Response Content Type'), filterTypes) filterSize = OptionList() filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean")) self.pref.add_section('sizes', _('Response Size'), filterSize) self.pref.show() self._advSearchBox.pack_start(self.pref, False, False) self._advSearchBox.hide_all() mainvbox.pack_start(self._advSearchBox, False, False)
def _get_option_objects(self): ''' :return: A list of options for this question. ''' d1 = 'Target URL' o1 = opt_factory('target', '', d1, 'url_list') o2 = opt_factory('target_os', 'unknown', d1, 'string') o3 = opt_factory('target_framework', 'unknown', d1, 'string') ol = OptionList() ol.add(o1) ol.add(o2) ol.add(o3) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Fetch the first "result_limit" results from the bing search' o = opt_factory('result_limit', self._result_limit, d, 'integer') ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Define the CSV input file from which to create the fuzzable requests' h = 'The input file is comma separated and holds the following data:' h += ' HTTP-METHOD,URI,POSTDATA' o = opt_factory('input_csv', self._input_csv, d, INPUT_FILE, help=h) ol.add(o) d = 'Define the Burp log file from which to create the fuzzable requests' h = 'The input file needs to be in Burp format.' o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h) ol.add(o) return ol
def get_options(self): ''' In this case we provide a sample implementation since most vulnerabilities will have this template. If the specific vulnerability needs other params then it should override this implementation. ''' ol = OptionList() d = 'Vulnerability name (eg. %s)' % self.get_vulnerability_name() o = opt_factory('name', self.name, d, 'string') ol.add(o) d = 'URL pointing to the path that is vulnerable to file uploads via'\ ' misconfigured DAV module (HTTP PUT method).' o = opt_factory('url', self.url, d, 'url') ol.add(o) return ol
def create_target_option_list(*target): opts = OptionList() opt = opt_factory('target', '', '', URL_LIST) opt.set_value(','.join([u.url_string for u in target])) opts.add(opt) opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo') opts.add(opt) opt = opt_factory('target_framework', ('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp', 'cfm', 'ruby', 'perl'), '', 'combo' ) opts.add(opt) return opts
def test_invalid_data(self): input_file = os.path.join('core', 'data', 'foobar', 'does-not-exist.txt') output_file = input_file data = { BOOL: ['rucula'], INT: [ '0x32', ], FLOAT: [ '1x2', ], URL: ['http://', '/', ''], URL_LIST: [ 'http://moth/1 , http://moth:333333', ], IPPORT: [ '127.0.0.1', ], IP: ['127.0.0.', '127.0.0', '3847398740'], REGEX: [ '.*(', ], INPUT_FILE: [ input_file, ], OUTPUT_FILE: [ output_file, ], PORT: [ '65536', ] } for _type in data: for fake_value in data[_type]: err = '%s for an option of type %s should raise an exception.' try: opt_factory('name', fake_value, 'desc', _type) except w3afException: self.assertTrue(True) else: self.assertTrue(False, err % (fake_value, _type))
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Fetch the first "result_limit" results from the Google search' o = opt_factory('result_limit', self._result_limit, d, 'integer') ol.add(o) d = 'Do a fast search, when this feature is enabled, not all mail'\ ' addresses are found' h = 'This method is faster, because it only searches for emails in'\ ' the small page snippet that google shows to the user after'\ ' performing a common search.' o = opt_factory('fast_search', self._fast_search, d, 'boolean', help=h) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' d1 = 'Wordlist to use in the file name bruteforcing process.' o1 = opt_factory('wordlist', self._wordlist, d1, 'string') ol = OptionList() ol.add(o1) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.' h = 'It\'s safe to leave this option as the default.' o = opt_factory('fuzzImages', self._fuzz_images, d, 'boolean', help=h) ol.add(o) d = 'Set the top number of sections to fuzz' h = 'It\'s safe to leave this option as the default. For example, with maxDigitSections' h += ' = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd.' o = opt_factory('maxDigitSections', self._max_digit_sections, d, 'integer', help=h) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d1 = 'Execute plugin only one time' h1 = 'Generally the methods allowed for a URL are configured system'\ ' wide, so executing this plugin only once is the faster choice.'\ ' The most accurate choice is to run it against every URL.' o = opt_factory('execOneTime', self._exec_one_time, d1, 'boolean', help=h1) ol.add(o) d2 = 'Only report findings if uncommon methods are found' o = opt_factory('reportDavOnly', self._report_dav_only, d2, 'boolean') ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Enables verbose output for the console' o = opt_factory('verbose', self.verbose, d, 'boolean') ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'Set minimal amount of days before expiration of the certificate'\ ' for alerting' h = 'If the certificate will expire in period of minExpireDays w3af'\ ' will show an alert about it, which is useful for admins to'\ ' remember to renew the certificate.' o = opt_factory( 'minExpireDays', self._min_expire_days, d, 'integer', help=h) ol.add(o) d = 'CA PEM file path' o = opt_factory('caFileName', self._ca_file, d, INPUT_FILE) ol.add(o) return ol
def get_options(self): ''' :return: A list of option objects for this plugin. ''' ol = OptionList() d = 'File name where this plugin will write to' o = opt_factory('output_file', self._file_name, d, OUTPUT_FILE) ol.add(o) return ol