예제 #1
0
파일: ssi.py 프로젝트: foobarmonk/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._persistent_multi_in = None
        self._expected_mutant_dict = DiskDict(table_prefix='ssi')
        self._extract_expected_re = re.compile('[1-9]{5}')
예제 #2
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._persistent_multi_in = None
        self._expected_mutant_dict = DiskDict(table_prefix='ssi')
        self._extract_expected_re = re.compile('[1-9]{5}')
예제 #3
0
 def __init__(self):
     AuditPlugin.__init__(self)
     self.mci = MemcacheInjection(u'key1 0 30 1\r\n1\r\n'
                                  u'set injected 0 10 10\r\n1234567890\r\n',
                                  u'key1 0 f 1\r\n1\r\n',
                                  u'key1 0 30 0\r\n1\r\n')
     self._eq_limit = 0.97
예제 #4
0
파일: xss.py 프로젝트: batmanWjw/w3af
    def __init__(self):
        AuditPlugin.__init__(self)
        
        self._xss_mutants = DiskList(table_prefix='xss')

        # User configured parameters
        self._check_persistent_xss = False
예제 #5
0
파일: lfi.py 프로젝트: cathartic/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._file_compiled_regex = []
        self._error_compiled_regex = []
        self._open_basedir = False
예제 #6
0
파일: blind_sqli.py 프로젝트: s0i37/__w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # User configured variables
        self._eq_limit = 0.9
        self._timeout = 0
        self._is_carefully = True
예제 #7
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._plugin_xml_result = {}
        self._plugin_name = self.get_name()
        self._response_id = None
예제 #8
0
    def __init__(self):
        """
        Some notes:
            On Apache, when an overflow happends on a cgic script, this is written
            to the log:
                *** stack smashing detected ***: /var/www/.../buffer_overflow.cgi terminated,
                referer: http://localhost/w3af/bufferOverflow/buffer_overflow.cgi
                Premature end of script headers: buffer_overflow.cgi, referer: ...

            On Apache, when an overflow happends on a cgic script, this is
            returned to the user:
                <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
                <html><head>
                <title>500 Internal Server Error</title>
                </head><body>
                <h1>Internal Server Error</h1>
                <p>The server encountered an internal error or
                misconfiguration and was unable to complete
                your request.</p>
                <p>Please contact the server administrator,
                 webmaster@localhost and inform them of the time the error occurred,
                and anything you might have done that may have
                caused the error.</p>
                <p>More information about this error may be available
                in the server error log.</p>
                <hr>
                <address>Apache/2.0.55 (Ubuntu) mod_python/3.2.8 Python/2.4.4c1
                PHP/5.1.6 Server at localhost Port 80</address>
                </body></html>

            Note that this is an Apache error 500, not the more common PHP error 500.
        """
        AuditPlugin.__init__(self)
예제 #9
0
    def __init__(self):
        AuditPlugin.__init__(self)

        self._already_tested = set()
        self._min_expire_days = 30
        self._ca_file = os.path.join(ROOT_PATH, 'plugins', 'audit',
                                     'ssl_certificate', 'ca.pem')
예제 #10
0
파일: lfi.py 프로젝트: webvul/webfuzzer
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._file_compiled_regex = []
        self._error_compiled_regex = []
        self._open_basedir = False
예제 #11
0
    def __init__(self):
        """
        Some notes:
            On Apache, when an overflow happends on a cgic script, this is written
            to the log:
                *** stack smashing detected ***: /var/www/.../buffer_overflow.cgi terminated,
                referer: http://localhost/w3af/bufferOverflow/buffer_overflow.cgi
                Premature end of script headers: buffer_overflow.cgi, referer: ...

            On Apache, when an overflow happends on a cgic script, this is
            returned to the user:
                <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
                <html><head>
                <title>500 Internal Server Error</title>
                </head><body>
                <h1>Internal Server Error</h1>
                <p>The server encountered an internal error or
                misconfiguration and was unable to complete
                your request.</p>
                <p>Please contact the server administrator,
                 webmaster@localhost and inform them of the time the error occurred,
                and anything you might have done that may have
                caused the error.</p>
                <p>More information about this error may be available
                in the server error log.</p>
                <hr>
                <address>Apache/2.0.55 (Ubuntu) mod_python/3.2.8 Python/2.4.4c1
                PHP/5.1.6 Server at localhost Port 80</address>
                </body></html>

            Note that this is an Apache error 500, not the more common PHP error 500.
        """
        AuditPlugin.__init__(self)
예제 #12
0
파일: xss.py 프로젝트: aricciard/w3af
    def __init__(self):
        AuditPlugin.__init__(self)
        
        self._xss_mutants = DiskList()

        # User configured parameters
        self._check_persistent_xss = True
예제 #13
0
 def __init__(self):
     AuditPlugin.__init__(self)
     self.mci = MemcacheInjection(
         u'key1 0 30 1\r\n1\r\n'
         u'set injected 0 10 10\r\n1234567890\r\n', u'key1 0 f 1\r\n1\r\n',
         u'key1 0 30 0\r\n1\r\n')
     self._eq_limit = 0.97
예제 #14
0
    def __init__(self):
        AuditPlugin.__init__(self)

        self._already_tested = set()
        self._min_expire_days = 30
        self._ca_file = os.path.join(ROOT_PATH, 'plugins', 'audit',
                                     'ssl_certificate', 'ca.pem')
예제 #15
0
파일: xss.py 프로젝트: chenbremer/w3af-1
    def __init__(self):
        AuditPlugin.__init__(self)

        self._xss_mutants = DiskList(table_prefix='xss')

        # User configured parameters
        self._check_persistent_xss = True
예제 #16
0
 def __init__(self):
     AuditPlugin.__init__(self)
     MemcacheInjection = namedtuple('MemcacheInjection', ['ok', 'error_1', 'error_2'])
     self.mci = MemcacheInjection(u"key1 0 30 1\r\n1\r\nset injected 0 10 10\r\n1234567890\r\n",
                                  u"key1 0 f 1\r\n1\r\n",
                                  u"key1 0 30 0\r\n1\r\n")
     self._eq_limit = 0.97
예제 #17
0
 def __init__(self):
     """
     Plugin added just for completeness... I dont really expect to find one
     of this bugs in my life... but well.... if someone , somewhere in the
     planet ever finds a bug of using this plugin... THEN my job has been
     done :P
     """
     AuditPlugin.__init__(self)
예제 #18
0
    def __init__(self):
        AuditPlugin.__init__(self)

        #   Internal variables
        self._potential_vulns = DiskList(table_prefix='generic')

        #   User configured variables
        self._diff_ratio = 0.30
예제 #19
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._script_re = re.compile('< *?script.*?>(.*?)< *?/ *?script *?>',
                                     re.IGNORECASE | re.DOTALL)
        self._meta_url_re = re.compile('.*?;URL=(.*)',
                                       re.IGNORECASE | re.DOTALL)
예제 #20
0
    def __init__(self):
        AuditPlugin.__init__(self)

        #
        #   Some internal variables
        #
        self._special_chars = ['', '&&', '|', ';']
        self._file_compiled_regex = []
예제 #21
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._script_re = re.compile('< *?script.*?>(.*?)< *?/ *?script *?>',
                                     re.IGNORECASE | re.DOTALL)
        self._meta_url_re = re.compile('.*?;URL=(.*)',
                                       re.IGNORECASE | re.DOTALL)
예제 #22
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal attributes
        self._urls_recently_tested = deque(maxlen=30)

        # User configured
        self._extensions = ['gif', 'html', 'bmp', 'jpg', 'png', 'txt']
예제 #23
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Define plugin options configuration variables
        self.origin_header_value = "http://w3af.org/"

        # Internal variables
        self._reported_global = set()
예제 #24
0
파일: cors_origin.py 프로젝트: RON313/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Define plugin options configuration variables
        self.origin_header_value = "http://w3af.org/"

        # Internal variables
        self._reported_global = set()
예제 #25
0
파일: generic.py 프로젝트: 3rdDegree/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        #   Internal variables
        self._potential_vulns = DiskList()

        #   User configured variables
        self._diff_ratio = 0.30
예제 #26
0
    def __init__(self):
        AuditPlugin.__init__(self)

        #
        #   Some internal variables
        #
        self._special_chars = ['', '&&', '|', ';']
        self._file_compiled_regex = []
예제 #27
0
 def __init__(self):
     """
     Plugin added just for completeness... I dont really expect to find one
     of this bugs in my life... but well.... if someone , somewhere in the
     planet ever finds a bug of using this plugin... THEN my job has been
     done :P
     """
     AuditPlugin.__init__(self)
예제 #28
0
파일: ssi.py 프로젝트: ElAleyo/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._expected_res_mutant = DiskDict()
        self._freq_list = DiskList()
        
        re_str = '<!--#exec cmd="echo -n (.*?);echo -n (.*?)" -->'
        self._extract_results_re = re.compile(re_str) 
예제 #29
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # User configured parameters
        self._base_path = path.join(ROOT_PATH, 'plugins', self.get_type(), self.__class__.__name__)
        self._wordlist_file = path.join(self._base_path, 'common_filenames.db')

        # This is a list of common file extensions for google gears manifest:
        self._extensions = ['', '.php', '.json', '.txt', '.gears']
예제 #30
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._expected_res_mutant = DiskDict()
        self._freq_list = DiskList()

        re_str = '<!--#exec cmd="echo -n (.*?);echo -n (.*?)" -->'
        self._extract_results_re = re.compile(re_str)
예제 #31
0
파일: generic.py 프로젝트: foobarmonk/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        #   Internal variables
        self._potential_vulns = DiskList(table_prefix='generic')

        #   User configured variables
        self._diff_ratio = 0.30
        self._extensive = False
예제 #32
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # I test this with different URL handlers because the developer may have
        # blacklisted http:// and https:// but missed ftp://.
        #
        # I also use hTtp instead of http because I want to evade some (stupid)
        # case sensitive filters
        self._test_urls = ('hTtp://w3af.org/', 'htTps://w3af.org/',
                           'fTp://w3af.org/', '//w3af.org')
예제 #33
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Methods
        self._supported_methods = self.DAV_METHODS | self.COMMON_METHODS | self.UNCOMMON_METHODS \
                                  | self.PROPOSED_METHODS | self.EXTRA_METHODS | self.VERSION_CONTROL

        # User configured variables
        self._exec_one_time = True
        self._report_dav_only = True
        self._plugin_name = self.get_name()
예제 #34
0
파일: rfi.py 프로젝트: foobarmonk/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._error_reported = False
        self._vulns = []

        # User configured parameters
        self._listen_port = ports.REMOTEFILEINCLUDE
        self._listen_address = get_local_ip() or ''
        self._use_w3af_site = True
예제 #35
0
파일: rfi.py 프로젝트: vasubesimple/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._error_reported = False
        self._vulns = []

        # User configured parameters
        self._listen_port = ports.REMOTEFILEINCLUDE
        self._listen_address = get_local_ip() or ''
        self._use_w3af_site = True
예제 #36
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Define plugin options configuration variables
        self.origin_header_value = "http://w3af.org/"

        # Internal variables
        self._reported_global = set()
        self._universal_allow_counter = 0
        self._origin_echo_counter = 0
        self._universal_origin_allow_creds_counter = 0
        self._allow_methods_counter = 0
예제 #37
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Create some random strings, which the plugin will use.
        # for the fuzz_with_echo
        self._rnd = rand_alpha(5)
        self._rnd = self._rnd.lower()
        self._expected_result = self._rnd * self.PRINT_REPEATS

        # User configured parameters
        self._use_time_delay = True
        self._use_echo = True
예제 #38
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # I test this with different URL handlers because the developer may have
        # blacklisted http:// and https:// but missed ftp://.
        #
        # I also use hTtp instead of http because I want to evade some (stupid)
        # case sensitive filters
        self._test_urls = ('hTtp://w3af.org/',
                           'htTps://w3af.org/',
                           'fTp://w3af.org/',
                           '//w3af.org')
    def __init__(self):
        AuditPlugin.__init__(self)

        # Define plugin options configuration variables
        self.origin_header_value = "http://w3af.org/"

        # Internal variables
        self._reported_global = set()
        self._universal_allow_counter = 0
        self._origin_echo_counter = 0
        self._universal_origin_allow_creds_counter = 0
        self._allow_methods_counter = 0
예제 #40
0
    def __init__(self):
        AuditPlugin.__init__(self)

        self._base_path = path.join(ROOT_PATH, 'plugins', self.get_type(), self.__class__.__name__)
        self._dirs_list_file = path.join(self._base_path, 'common_dirs_small.db')
        self._files_list_file = path.join(self._base_path, 'common_files_small.db')
        self._mix_list_file = path.join(self._base_path, 'bo0om.db')

        # User configured parameters
        self._bf_directories = False
        self._bf_files = False
        self._bf_mix = True
예제 #41
0
파일: eval.py 프로젝트: 3rdDegree/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Create some random strings, which the plugin will use.
        # for the fuzz_with_echo
        self._rnd = rand_alpha(5)
        self._rnd = self._rnd.lower()
        self._expected_result = self._rnd * self.PRINT_REPEATS

        # User configured parameters
        self._use_time_delay = True
        self._use_echo = True
예제 #42
0
    def __init__(self):
        AuditPlugin.__init__(self)

        self._already_tested = set()
        self._min_expire_days = 30
        """
        It is possible to update this file by downloading the latest
        cacert.pem from curl:
        
            wget https://curl.haxx.se/ca/cacert.pem -O w3af/plugins/audit/ssl_certificate/ca.pem
            git commit w3af/plugins/audit/ssl_certificate/ca.pem -m "Update ca.pem"
        
        """
        self._ca_file = os.path.join(ROOT_PATH, 'plugins', 'audit',
                                     'ssl_certificate', 'ca.pem')
예제 #43
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Config params
        self._users_file = os.path.join(self.BASE_CFG_PATH, 'users.txt')
        self._passwd_file = os.path.join(self.BASE_CFG_PATH, 'passwords.txt')
        self._combo_file = os.path.join(self.BASE_CFG_PATH, 'combo.txt')
        self._combo_separator = ":"
        self._use_emails = True
        self._use_SVN_users = True
        self._pass_eq_user = True
        self._l337_p4sswd = True
        self._useMails = True
        self._use_profiling = True
        self._profiling_number = 50
        self._stop_on_first = True

        # Internal vars
        self._found = False
        self._already_reported = []
        self._already_tested = []
예제 #44
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Config params
        self._users_file = os.path.join(self.BASE_CFG_PATH, 'users.txt')
        self._passwd_file = os.path.join(self.BASE_CFG_PATH, 'passwords.txt')
        self._combo_file = os.path.join(self.BASE_CFG_PATH, 'combo.txt')
        self._combo_separator = ":"
        self._use_emails = True
        self._use_SVN_users = True
        self._pass_eq_user = True
        self._l337_p4sswd = True
        self._useMails = True
        self._use_profiling = True
        self._profiling_number = 50
        self._stop_on_first = True

        # Internal vars
        self._found = False
        self._already_reported = []
        self._already_tested = []
예제 #45
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # User configured
        self._extensions = ['gif', 'html', 'bmp', 'jpg', 'png', 'txt']
예제 #46
0
파일: xst.py 프로젝트: binarever/tools
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._exec = True
예제 #47
0
파일: csrf.py 프로젝트: llcoolj1/w3af-kali
    def __init__(self):
        AuditPlugin.__init__(self)

        self._strict_mode = False
        self._equal_limit = 0.90
예제 #48
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # User configured
        self._extensions = ['gif', 'html', 'bmp', 'jpg', 'png', 'txt']
예제 #49
0
 def __init__(self):
     AuditPlugin.__init__(self)
     self._eq_limit = 0.97
예제 #50
0
파일: blind_sqli.py 프로젝트: zsdlove/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # User configured variables
        self._eq_limit = 0.9
예제 #51
0
파일: dav.py 프로젝트: foobarmonk/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._already_tested_dirs = ScalableBloomFilter()
예제 #52
0
 def __init__(self):
     AuditPlugin.__init__(self)
예제 #53
0
파일: un_ssl.py 프로젝트: RON313/w3af
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._should_run = True
예제 #54
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._already_tested_dirs = ScalableBloomFilter()
예제 #55
0
 def __init__(self):
     AuditPlugin.__init__(self)
예제 #56
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._should_run = True
예제 #57
0
    def __init__(self):
        AuditPlugin.__init__(self)

        # Internal variables
        self._already_tested = ScalableBloomFilter()
        self._author_url = None
예제 #58
0
 def __init__(self):
     AuditPlugin.__init__(self)
     self._already_tested = ScalableBloomFilter()