def discover(self, fuzzableRequest): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' if not self._run: # This will remove the plugin from the discovery plugins to be run. raise w3afRunOnce() # I will only run this one time. All calls to bing_spider return the same url's self._run = False bingSE = bing(self._uri_opener) domain = fuzzableRequest.getURL().getDomain() if is_private_site(domain): msg = 'There is no point in searching Bing for "site:'+ domain + '".' msg += ' Bing doesnt index private pages.' raise w3afException( msg ) results = bingSE.getNResults('site:'+ domain, self._resultLimit) for res in results: self._run_async(meth=self._genFuzzableRequests, args=(res.URL,)) self._join() return self._fuzzableRequests
def discover(self, fuzzableRequest): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' result = [] # This will remove the plugin from the discovery plugins to be run. if not self._run: raise w3afRunOnce() # This plugin will only run one time. self._run = False bingSE = bing(self._uri_opener) self._domain = fuzzableRequest.getURL().getDomain() self._domain_root = fuzzableRequest.getURL().getRootDomain() results = bingSE.getNResults('@'+self._domain_root, self._resultLimit) for result in results: self._run_async(meth=self._findAccounts, args=(result,)) self._join() self.printUniq(kb.kb.getData('fingerBing', 'mails'), None) return result
def discover(self, fuzzableRequest): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' result = [] # This will remove the plugin from the discovery plugins to be runned. if not self._run: raise w3afRunOnce() # This plugin will only run one time. self._run = False bingSE = bing(self._urlOpener) self._domain = domain = urlParser.getDomain(fuzzableRequest.getURL()) self._domainRoot = urlParser.getRootDomain(domain) results = bingSE.getNResults('@'+self._domainRoot, self._resultLimit) for result in results: targs = (result,) self._tm.startFunction(target=self._findAccounts, args=targs, ownerObj=self) self._tm.join(self) self.printUniq(kb.kb.getData('fingerBing', 'mails'), None) return result
def discover(self, fuzzableRequest ): ''' @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' if not self._run: # This will remove the plugin from the discovery plugins to be runned. raise w3afRunOnce() else: # I will only run this one time. All calls to sharedHosting return the same url's self._run = False bing_wrapper = bing( self._urlOpener ) domain = urlParser.getDomain( fuzzableRequest.getURL() ) if is_private_site( domain ): msg = 'sharedHosting plugin is not checking for subdomains for domain: ' msg += domain + ' because its a private address.' om.out.debug(msg) else: # Get the ip and do the search addrinfo = None try: addrinfo = socket.getaddrinfo(domain, 0) except: raise w3afException('Could not resolve hostname: ' + domain ) ip_address_list = [info[4][0] for info in addrinfo] ip_address_list = list( set(ip_address_list) ) # This is the best way to search, one by one! for ip_address in ip_address_list: results = bing_wrapper.getNResults('ip:'+ ip_address, self._result_limit ) results = [ urlParser.baseUrl( r.URL ) for r in results ] results = list( set( results ) ) # not vuln by default is_vulnerable = False if len(results) > 1: # We may have something... is_vulnerable = True if len(results) == 2: # Maybe we have this case: # [Mon 09 Jun 2008 01:08:26 PM ART] - http://216.244.147.14/ # [Mon 09 Jun 2008 01:08:26 PM ART] - http://www.business.com/ # Where www.business.com resolves to 216.244.147.14; so we don't really # have more than one domain in the same server. res0 = socket.gethostbyname( urlParser.getDomain( results[0] ) ) res1 = socket.gethostbyname( urlParser.getDomain( results[1] ) ) if res0 == res1: is_vulnerable = False if is_vulnerable: severityOfThisVuln = severity.MEDIUM v = vuln.vuln() v.setPluginName(self.getName()) v.setURL(fuzzableRequest.getURL()) v.setId(1) v['alsoInHosting'] = results msg = 'The web application under test seems to be in a shared hosting. ' msg += 'This list of domains, and the domain of the web application under ' msg += 'test, all point to the same IP address (%s):\n' % ip_address for url in results: domain = urlParser.getDomain(url) msg += '- %s\n' % url kb.kb.append( self, 'domains', domain) v.setDesc( msg ) v.setName( 'Shared hosting' ) v.setSeverity(severityOfThisVuln) om.out.vulnerability( msg, severity=severityOfThisVuln ) kb.kb.append( self, 'sharedHosting', v ) return []