def crawl(self, fuzzable_request):
'''
Does a search in archive.org and searches for links on the html. Then
searches those URLs in the target site. This is a time machine !
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
domain = fuzzable_request.get_url().get_domain()
if is_private_site(domain):
msg = 'There is no point in searching archive.org for "%s"'\
' because it is a private site that will never be indexed.'
om.out.information(msg % domain)
raise w3afRunOnce(msg)
# Initial check to verify if domain in archive
start_url = self.ARCHIVE_START_URL % fuzzable_request.get_url()
start_url = URL(start_url)
http_response = self._uri_opener.GET(start_url, cache=True)
if self.NOT_IN_ARCHIVE in http_response.body:
msg = 'There is no point in searching archive.org for "%s"'
msg += ' because they are not indexing this site.'
om.out.information(msg % domain)
raise w3afRunOnce(msg)
references = self._spider_archive([
start_url,
], self._max_depth, domain)
self._analyze_urls(references)
def crawl(self, fuzzable_request):
'''
Does a search in archive.org and searches for links on the html. Then
searches those URLs in the target site. This is a time machine !
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
domain = fuzzable_request.get_url().get_domain()
if is_private_site(domain):
msg = 'There is no point in searching archive.org for "%s"'\
' because it is a private site that will never be indexed.'
om.out.information(msg % domain)
raise w3afRunOnce(msg)
# Initial check to verify if domain in archive
start_url = self.ARCHIVE_START_URL % fuzzable_request.get_url()
start_url = URL(start_url)
http_response = self._uri_opener.GET(start_url, cache=True)
if self.NOT_IN_ARCHIVE in http_response.body:
msg = 'There is no point in searching archive.org for "%s"'
msg += ' because they are not indexing this site.'
om.out.information(msg % domain)
raise w3afRunOnce(msg)
references = self._spider_archive(
[start_url, ], self._max_depth, domain)
self._analyze_urls(references)
def crawl(self, fuzzable_request):
'''
Finds the version of a WordPress installation.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
# This will remove the plugin from the crawl plugins to be run.
raise w3afRunOnce()
#
# Check if the server is running wp
#
domain_path = fuzzable_request.get_url().get_domain_path()
# Main scan URL passed from w3af + unique wp file
wp_unique_url = domain_path.url_join('wp-login.php')
response = self._uri_opener.GET(wp_unique_url, cache=True)
# If wp_unique_url is not 404, wordpress = true
if not is_404(response):
# It was possible to analyze wp-login.php, don't run again
self._exec = False
# Analyze the identified wordpress installation
self._fingerprint_wordpress(domain_path, wp_unique_url, response)
# Extract the links
for fr in self._create_fuzzable_requests(response):
self.output_queue.put(fr)
def crawl(self, fuzzable_request):
'''
Runs pykto to the site.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec and not self._mutate_tests:
# dont run anymore
raise w3afRunOnce()
else:
# Run the basic scan (only once)
url = fuzzable_request.get_url().base_url()
if url not in self._already_analyzed:
self._already_analyzed.add(url)
self._run(url)
self._exec = False
# And now mutate if the user configured it...
if self._mutate_tests:
# Tests need to be mutated
url = fuzzable_request.get_url().get_domain_path()
if url not in self._already_analyzed:
# Save the directories I already have tested in order to avoid
# testing them more than once...
self._already_analyzed.add(url)
self._run(url)
def crawl(self, fuzzable_request):
'''
Runs pykto to the site.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec and not self._mutate_tests:
# dont run anymore
raise w3afRunOnce()
else:
# Run the basic scan (only once)
url = fuzzable_request.get_url().base_url()
if url not in self._already_analyzed:
self._already_analyzed.add(url)
self._run(url)
self._exec = False
# And now mutate if the user configured it...
if self._mutate_tests:
# Tests need to be mutated
url = fuzzable_request.get_url().get_domain_path()
if url not in self._already_analyzed:
# Save the directories I already have tested in order to avoid
# testing them more than once...
self._already_analyzed.add(url)
self._run(url)
def crawl(self, fuzzable_request):
'''
Finds the version of a WordPress installation.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
# This will remove the plugin from the crawl plugins to be run.
raise w3afRunOnce()
#
# Check if the server is running wp
#
domain_path = fuzzable_request.get_url().get_domain_path()
# Main scan URL passed from w3af + unique wp file
wp_unique_url = domain_path.url_join('wp-login.php')
response = self._uri_opener.GET(wp_unique_url, cache=True)
# If wp_unique_url is not 404, wordpress = true
if not is_404(response):
# It was possible to analyze wp-login.php, don't run again
self._exec = False
# Analyze the identified wordpress installation
self._fingerprint_wordpress(domain_path, wp_unique_url,
response)
# Extract the links
for fr in self._create_fuzzable_requests(response):
self.output_queue.put(fr)
def discover(self, fuzzable_request):
'''
It calls the "main" and writes the results to the kb.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
self._exec = not self._find_OS(fuzzable_request)
def discover(self, fuzzable_request):
'''
It calls the "main" and writes the results to the kb.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
self._exec = not self._find_OS(fuzzable_request)
def _do_complete_search(self, domain):
'''
Performs a complete search for email addresses.
'''
search_string = '@' + self._domain_root
try:
result_page_objects = self._google.get_n_result_pages(
search_string, self._result_limit)
except w3afException, w3:
om.out.error(str(w3))
# If I found an error, I don't want to be run again
raise w3afRunOnce()
def _do_complete_search(self, domain):
'''
Performs a complete search for email addresses.
'''
search_string = '@' + self._domain_root
try:
result_page_objects = self._google.get_n_result_pages(
search_string,
self._result_limit
)
except w3afException, w3:
om.out.error(str(w3))
# If I found an error, I don't want to be run again
raise w3afRunOnce()
def crawl(self, fuzzable_request):
'''
Find users in a WordPress installation
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
else:
# Check if there is a wordpress installation in this directory
domain_path = fuzzable_request.get_url().get_domain_path()
wp_unique_url = domain_path.url_join('wp-login.php')
response = self._uri_opener.GET(wp_unique_url, cache=True)
# If wp_unique_url is not 404, wordpress = true
if not is_404(response):
self._enum_users(fuzzable_request)
def crawl(self, fuzzable_request):
'''
Find users in a WordPress installation
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
else:
# Check if there is a wordpress installation in this directory
domain_path = fuzzable_request.get_url().get_domain_path()
wp_unique_url = domain_path.url_join('wp-login.php')
response = self._uri_opener.GET(wp_unique_url, cache=True)
# If wp_unique_url is not 404, wordpress = true
if not is_404(response):
self._enum_users(fuzzable_request)
def crawl(self, fuzzable_request):
'''
Get the file and parse it.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
else:
domain_path = fuzzable_request.get_url().get_domain_path()
# Should I run more than once?
if not self._be_recursive:
self._exec = False
if domain_path not in self._already_tested:
self._already_tested.add(domain_path)
self._bruteforce_directories(domain_path)
def crawl(self, fuzzable_request):
'''
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
else:
# Check if there is a wordpress installation in this directory
domain_path = fuzzable_request.get_url().get_domain_path()
wp_unique_url = domain_path.url_join('wp-login.php')
response = self._uri_opener.GET(wp_unique_url, cache=True)
# If wp_unique_url is not 404, wordpress = true
if not is_404(response):
# Only run once
self._exec = False
extracted_paths = self._extract_paths(domain_path)
self._force_disclosures(domain_path,
self.CHECK_PATHS + extracted_paths)
def crawl(self, fuzzable_request):
'''
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
raise w3afRunOnce()
else:
# Check if there is a wordpress installation in this directory
domain_path = fuzzable_request.get_url().get_domain_path()
wp_unique_url = domain_path.url_join('wp-login.php')
response = self._uri_opener.GET(wp_unique_url, cache=True)
# If wp_unique_url is not 404, wordpress = true
if not is_404(response):
# Only run once
self._exec = False
extracted_paths = self._extract_paths(domain_path)
self._force_disclosures(domain_path,
self.CHECK_PATHS + extracted_paths)
def discover(self, fuzzable_request):
'''
Uses several techniques to try to find out what methods are allowed for
an URL.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
# This will remove the plugin from the infrastructure
# plugins to be run.
raise w3afRunOnce()
# Run the plugin.
if self._exec_one_time:
self._exec = False
domain_path = fuzzable_request.get_url().get_domain_path()
if domain_path not in self._already_tested:
self._already_tested.add(domain_path)
allowed_methods, id_list = self._identify_allowed_methods(domain_path)
self._analyze_methods(domain_path, allowed_methods, id_list)
def discover(self, fuzzable_request):
'''
Uses several techniques to try to find out what methods are allowed for
an URL.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
'''
if not self._exec:
# This will remove the plugin from the infrastructure
# plugins to be run.
raise w3afRunOnce()
# Run the plugin.
if self._exec_one_time:
self._exec = False
domain_path = fuzzable_request.get_url().get_domain_path()
if domain_path not in self._already_tested:
self._already_tested.add(domain_path)
allowed_methods, id_list = self._identify_allowed_methods(
domain_path)
self._analyze_methods(domain_path, allowed_methods, id_list)
