def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Output file name where to write the XML data' o = opt_factory('output_file', self._file_name, d, OUTPUT_FILE) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'The name of the output file where the vulnerabilities are be saved' o = opt_factory('output_file', self.output_file, d, OUTPUT_FILE) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Only use the first wnResults (wordnet results) from each category.' o = opt_factory('wn_results', self._wordnet_results, d, 'integer') ol.add(o) return ol
def _get_option_objects(self): """ :return: A list of options for this question. """ self._d1 = 'Target URL' o1 = opt_factory('target', 'http://example.com', self._d1, 'url_list') ol = OptionList() ol.add(o1) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Path to file containing a list of trusted JavaScript domains' o = opt_factory('secure_js_file', self._secure_js_file, d, INPUT_FILE) ol.add(o) return ol
def _get_option_objects(self): """ :return: A list of options for this question. """ self._d1 = 'Find other virtual hosts using MSN search' o1 = opt_factory(self._d1, False, self._d1, 'boolean') ol = OptionList() ol.add(o1) return ol
def setMiscConfig(self, setting, value): opt_list = OptionList() opt_list.add(opt_factory(setting, value, "Misc Setting", "string")) print "[*] Setting %s with value %s on MiscsSettings ..." % (setting, value) if cf.cf.has_key(setting): cf.cf.save(setting, value) print "[*] Done!" self.listMiscConfigs() else: print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'CGI-BIN dirs where to search for vulnerable scripts.' h = 'Pykto will search for vulnerable scripts in many places, one of'\ ' them is inside cgi-bin directory. The cgi-bin directory can be'\ ' anything and change from install to install, so its a good idea'\ ' to make this a user setting. The directories should be supplied'\ ' comma separated and with a / at the beggining and one at the end.'\ ' Example: "/cgi/,/cgibin/,/bin/"' o = opt_factory('cgi_dirs', self._cgi_dirs, d, LIST, help=h) ol.add(o) d = 'Admin directories where to search for vulnerable scripts.' h = 'Pykto will search for vulnerable scripts in many places, one of'\ ' them is inside administration directories. The admin directory'\ ' can be anything and change from install to install, so its a'\ ' good idea to make this a user setting. The directories should'\ ' be supplied comma separated and with a / at the beggining and'\ ' one at the end. Example: "/admin/,/adm/"' o = opt_factory('admin_dirs', self._admin_dirs, d, LIST, help=h) ol.add(o) d = 'PostNuke directories where to search for vulnerable scripts.' h = 'The directories should be supplied comma separated and with a'\ 'forward slash at the beginning and one at the end. Example:'\ '"/forum/,/nuke/"' o = opt_factory('nuke_dirs', self._nuke, d, LIST, help=h) ol.add(o) d = 'The path to the nikto scan_databse.db file.' h = 'The default scan database file is fine in most cases.' o = opt_factory('db_file', self._db_file, d, INPUT_FILE, help=h) ol.add(o) d = 'The path to the w3af_scan_databse.db file.' h = 'This is a file which has some extra checks for files that are not'\ ' present in the nikto database.' o = opt_factory('extra_db_file', self._extra_db_file, d, INPUT_FILE, help=h) ol.add(o) d = 'Test all files with all root directories' h = 'Define if we will test all files with all root directories.' o = opt_factory('mutate_tests', self._mutate_tests, d, BOOL, help=h) ol.add(o) return ol
def setPluginOptions(self, pluginType, pluginName, pluginSettingType, pluginSetting, pluginSettingValue): opt_list = OptionList() opt_list.add( opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting", pluginSettingType)) print "[*] Setting %s with value %s on Plugin %s ..." % ( pluginSetting, pluginSettingValue, pluginName) self.w3afCorePlugin.plugins._plugins_options[pluginType][ pluginName] = opt_list print "[*] Done!"
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Fetch the first "result_limit" results from the Google search' o = opt_factory('result_limit', self._result_limit, d, 'integer') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Skip symfony detection and search for the csrf (mis)protection.' o = opt_factory('override', self._override, d, 'boolean') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'URL to download the retirejs database from' o = opt_factory('retire_db_url', self._retire_db_url, d, URL_OPTION) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = ('Vulners API key for extended scanning rate limits.' ' Obtain an API key for free at https://vulners.com/') o = opt_factory('vulners_api_key', self._vulners_api_key, d, STRING) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Apply URL fuzzing to all URLs, including images, videos, zip, etc.' h = 'Don\'t change this unless you read the plugin code.' o = opt_factory('fuzz_images', self._fuzz_images, d, 'boolean', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'If two strings have a diff ratio less than diff_ratio, then they'\ ' are really different.' o = opt_factory('diff_ratio', self._diff_ratio, d, 'float') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d1 = 'Only search emails for domain of target' o1 = opt_factory('only_target_domain', self._only_target_domain, d1, 'boolean') ol.add(o1) return ol
def __init__(self, parentwidg, w3af, plugin, save_btn, rvrt_btn, overwriter=None): super(OnlyOptions, self).__init__() if overwriter is None: overwriter = {} self.set_spacing(5) self.w3af = w3af self.parentwidg = parentwidg self.widgets_status = {} self.tab_widget = {} self.propagAnyWidgetChanged = helpers.PropagateBuffer( self._changedAnyWidget) self.propagLabels = {} self.saved_successfully = False # options self.options = OptionList() options = plugin.get_options() # let's use the info from the core coreopts = self.w3af.plugins.get_plugin_options( plugin.ptype, plugin.pname) if coreopts is None: coreopts = {} # let's get the real info for opt in options: if opt.get_name() in coreopts: opt.set_value(coreopts[opt.get_name()].get_value_str()) if opt.get_name() in overwriter: opt.set_value(overwriter[opt.get_name()]) self.options.append(opt) # buttons save_btn.connect("clicked", self._save_panel, plugin) save_btn.set_sensitive(False) rvrt_btn.set_sensitive(False) rvrt_btn.connect("clicked", self._revertPanel) self.save_btn = save_btn self.rvrt_btn = rvrt_btn # middle (the heart of the panel) if self.options: tabbox = gtk.HBox() heart = self._createNotebook() tabbox.pack_start(heart, expand=True) tabbox.show() self.pack_start(tabbox, expand=True, fill=False) self.show()
def _get_option_objects(self): """ :return: A list of options for this question. """ d1 = 'Is the target web application reachable from the Internet?' o1 = opt_factory('internet', True, d1, 'boolean') ol = OptionList() ol.add(o1) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Maximum recursion depth for spidering process' h = 'The plugin will spider the archive.org site related to the target' h += ' site with the maximum depth specified in this parameter.' o = opt_factory('max_depth', self._max_depth, d, 'integer', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Generate a fingerprint file.' h = 'Define if we will generate a fingerprint file based on the'\ ' findings made during this execution.' o = opt_factory('gen_fingerprint', self._gen_fp, d, 'boolean', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Users file to use in bruteforcing' o = opt_factory('usersFile', self._users_file, d, INPUT_FILE) ol.add(o) d = 'Passwords file to use in bruteforcing' o = opt_factory('passwdFile', self._passwd_file, d, INPUT_FILE) ol.add(o) d = 'This indicates if we will use usernames from SVN headers collected by w3af plugins in bruteforce.' o = opt_factory('useSvnUsers', self._use_SVN_users, d, BOOL) ol.add(o) d = 'This indicates if the bruteforce should stop after finding the first correct user and password.' o = opt_factory('stopOnFirst', self._stop_on_first, d, BOOL) ol.add(o) d = 'This indicates if the bruteforce should try password equal user in logins.' o = opt_factory('passEqUser', self._pass_eq_user, d, BOOL) ol.add(o) d = 'This indicates if the bruteforce should try l337 passwords' o = opt_factory('useLeetPasswd', self._l337_p4sswd, d, BOOL) ol.add(o) d = 'This indicates if the bruteforcer should use emails collected by w3af plugins as users.' o = opt_factory('useEmails', self._useMails, d, BOOL) ol.add(o) d = 'This indicates if the bruteforce should use password profiling to collect new passwords.' o = opt_factory('useProfiling', self._use_profiling, d, BOOL) ol.add(o) d = 'This indicates how many passwords from profiling will be used.' o = opt_factory('profilingNumber', self._profiling_number, d, INT) ol.add(o) d = 'Combo of username and passord, file to use in bruteforcing' o = opt_factory('comboFile', self._combo_file, d, INPUT_FILE) ol.add(o) d = 'Separator string used in Combo file to split username and password' o = opt_factory('comboSeparator', self._combo_separator, d, STRING) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d1 = 'Destination http port number to analize' o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1) ol.add(o1) d2 = 'Destination httpS port number to analize' o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2) ol.add(o2) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ opt_list = OptionList() desc = 'String equal ratio (0.0 to 1.0)' h = ('Two pages are considered equal if they match in more' ' than eq_limit.') opt = opt_factory('eq_limit', self._eq_limit, desc, 'float', help=h) opt_list.add(opt) return opt_list
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Extensions that w3af will try to upload through the form.' h = ('When finding a form with a file upload, this plugin will try to' ' upload a set of files with the extensions specified here.') o = opt_factory('extensions', self._extensions, d, 'list', help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ opt_list = OptionList() desc = 'Origin HTTP header value' _help = ("Define value used to specify the 'Origin' HTTP header for" " HTTP request sent to test application behavior") opt = opt_factory('origin_header_value', self.origin_header_value, desc, 'string', help=_help) opt_list.add(opt) return opt_list
def _initFilterBox(self, mainvbox): """Init advanced search options.""" self._advSearchBox = gtk.HBox() self._advSearchBox.set_spacing(self._padding) self.pref = FilterOptions(self) # Filter options self._filterMethods = [ ('GET', 'GET', False), ('POST', 'POST', False), ] filterMethods = OptionList() for method in self._filterMethods: filterMethods.add( opt_factory(method[0], method[2], method[1], "boolean")) self.pref.add_section('methods', _('Request Method'), filterMethods) filterId = OptionList() filterId.add(opt_factory("min", "0", "Min ID", "string")) filterId.add(opt_factory("max", "0", "Max ID", "string")) self.pref.add_section('trans_id', _('Transaction ID'), filterId) filterCodes = OptionList() codes = [ ("1xx", "1xx", False), ("2xx", "2xx", False), ("3xx", "3xx", False), ("4xx", "4xx", False), ("5xx", "5xx", False), ] for code in codes: filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean")) self.pref.add_section('codes', _('Response Code'), filterCodes) filterMisc = OptionList() filterMisc.add(opt_factory("tag", False, "Tag", "boolean")) filterMisc.add( opt_factory("has_qs", False, "Request has Query String", "boolean")) self.pref.add_section('misc', _('Misc'), filterMisc) filterTypes = OptionList() self._filterTypes = [ ('html', 'HTML', False), ('javascript', 'JavaScript', False), ('image', 'Images', False), ('flash', 'Flash', False), ('css', 'CSS', False), ('text', 'Text', False), ] for filterType in self._filterTypes: filterTypes.add( opt_factory(filterType[0], filterType[2], filterType[1], "boolean")) self.pref.add_section('types', _('Response Content Type'), filterTypes) filterSize = OptionList() filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean")) self.pref.add_section('sizes', _('Response Size'), filterSize) self.pref.show() self._advSearchBox.pack_start(self.pref, False, False) self._advSearchBox.hide_all() mainvbox.pack_start(self._advSearchBox, False, False)
def test_no_duplicate_vuln_reports(self): # The xml_file plugin had a bug where vulnerabilities were written to # disk multiple times, this test makes sure I fixed that vulnerability # Write the HTTP request / response to the DB url = URL('http://w3af.com/a/b/c.php') hdr = Headers([('User-Agent', 'w3af')]) request = HTTPRequest(url, data='a=1') request.set_headers(hdr) hdr = Headers([('Content-Type', 'text/html')]) res = HTTPResponse(200, '<html>syntax error near', hdr, url, url) _id = 1 h1 = HistoryItem() h1.request = request res.set_id(_id) h1.response = res h1.save() # Create one vulnerability in the KB pointing to the request- # response we just created desc = 'Just a test for the XML file output plugin.' v = Vuln('SQL injection', desc, severity.HIGH, _id, 'sqli') kb.kb.append('sqli', 'sqli', v) self.assertEqual(len(kb.kb.get_all_vulns()), 1) # Setup the plugin plugin_instance = xml_file() plugin_instance.set_w3af_core(self.w3af_core) # Set the output file for the unittest ol = OptionList() d = 'Output file name where to write the XML data' o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE) ol.add(o) # Then we flush() twice to disk, this reproduced the issue plugin_instance.set_options(ol) plugin_instance.flush() plugin_instance.flush() plugin_instance.flush() # Now we parse the vulnerabilities from disk and confirm only one # is there file_vulns = get_vulns_from_xml(self.FILENAME) self.assertEqual(len(file_vulns), 1, file_vulns)
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'Wordlist to use in the manifest file name bruteforcing process.' o = opt_factory('wordlist', self._wordlist, d, 'string') ol.add(o) d = 'File extensions to use when brute forcing Gears Manifest files' o = opt_factory('manifestExtensions', self._extensions, d, 'list') ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d = 'ClamAV daemon socket path' h = 'Communication with ClamAV is performed over an Unix socket, in'\ ' order to be able to use this plugin please start a clamd daemon'\ ' and provide the unix socket path.' # TODO: Maybe I should change this STRING to INPUT_FILE? o = opt_factory('clamd_socket', self._clamd_socket, d, STRING, help=h) ol.add(o) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() d1 = 'Identify persistent cross site scripting vulnerabilities' h1 = 'If set to True, w3af will navigate all pages of the target one'\ ' more time, searching for persistent cross site scripting'\ ' vulnerabilities.' o1 = opt_factory('persistent_xss', self._check_persistent_xss, d1, 'boolean', help=h1) ol.add(o1) return ol