# Show the plugin information. try: to_print = [] plugin_infos = [] for plugin_id in P.targets: m_found = manager.search_plugins_by_mask(plugin_id) plugin_infos.extend( m_found.values() ) if not plugin_infos: raise KeyError() for m_plugin_info in plugin_infos: Config._context = PluginContext( orchestrator_pid = getpid(), orchestrator_tid = get_ident(), plugin_info = m_plugin_info, msg_queue = None ) m_plugin_obj = manager.load_plugin_by_id(m_plugin_info.plugin_id) m_root = cmdParams.plugins_folder m_root = path.abspath(m_root) if not m_root.endswith(path.sep): m_root += path.sep m_location = m_plugin_info.descriptor_file[len(m_root):] a, b = path.split(m_location) b = colorize(b, "cyan") m_location = path.join(a, b) m_src = m_plugin_info.plugin_module[len(m_root):] a, b = path.split(m_src) b = colorize(b, "cyan") m_src = path.join(a, b) m_name = m_plugin_info.plugin_id p = m_name.rfind("/") + 1 m_name = m_name[:p] + colorize(m_name[p:], "cyan")
def command_run(parser, P, cmdParams, auditParams): # For the SCAN command, assume targets are URLs whenever feasible. if P.command == "SCAN": guessed_urls = [] for target in auditParams.targets: if not "://" in target: guessed_urls.append("http://" + target) auditParams.targets.extend(guessed_urls) # For all other commands, disable the testing plugins. else: auditParams.plugin_load_overrides.append((False, "testing")) # For the IMPORT command, targets are import files. if P.command == "IMPORT": auditParams.imports = auditParams.targets # magic del auditParams.targets # magic # For the REPORT command, targets are report files. elif P.command == "REPORT": auditParams.reports = auditParams.targets # magic del auditParams.targets # magic # If we reached this point, we have an internal error! else: raise RuntimeError("Unsupported command: %s" % P.command) # Expand wildcards for filenames on Windows. # On other platforms this is not needed, # as the shell already does it for us. if os.path.sep == "\\": auditParams._imports = expand_wildcards(auditParams._imports) auditParams._reports = expand_wildcards(auditParams._reports) try: # Load the plugins. manager = PluginManager() manager.find_plugins(cmdParams) # Sanitize the plugin arguments. try: if P.raw_plugin_args: P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args) except KeyError, e: ##raise # XXX DEBUG parser.error("error parsing plugin arguments: %s" % str(e)) # Prompt for passwords. for plugin_id in P.plugin_args.keys(): plugin_info = manager.get_plugin_by_id(plugin_id) target_args = P.plugin_args[plugin_id] for key, value in target_args.items(): if not value and key in plugin_info.plugin_passwd_args: if len(plugin_info.plugin_passwd_args) > 1: msg = "Enter password for %s (%s): " msg %= (plugin_info.display_name, key) else: msg = "Enter password for %s: " msg %= plugin_info.display_name target_args[key] = getpass(msg) # Save the plugin arguments for the Orchestrator and the Audit. cmdParams.plugin_args = P.plugin_args auditParams.plugin_args = P.plugin_args # Check the parameters. cmdParams.check_params() auditParams.check_params() # Set the plugin arguments before loading the UI plugin. for plugin_id, plugin_args in cmdParams.plugin_args.iteritems(): status = manager.set_plugin_args(plugin_id, plugin_args) if status != 0: # should never happen, but just in case... if status == 1: msg = "Unknown plugin: %s" elif status == 2: msg = "Invalid arguments for plugin: %s" else: msg = "Error setting arguments for plugin: %s" parser.error(msg % plugin_id) # Load the UI plugin. ui_plugin_id = "ui/" + cmdParams.ui_mode ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
def command_run(parser, P, cmdParams, auditParams): # For the SCAN command, assume targets are URLs whenever feasible. if P.command == "SCAN": guessed_urls = [] for target in auditParams.targets: if not "://" in target: guessed_urls.append("http://" + target) auditParams.targets.extend(guessed_urls) # For all other commands, disable the testing plugins. else: auditParams.plugin_load_overrides.append( (False, "testing") ) # For the IMPORT command, targets are import files. if P.command == "IMPORT": auditParams.imports = auditParams.targets # magic del auditParams.targets # magic # For the REPORT command, targets are report files. elif P.command == "REPORT": auditParams.reports = auditParams.targets # magic del auditParams.targets # magic # If we reached this point, we have an internal error! else: raise RuntimeError("Unsupported command: %s" % P.command) # Expand wildcards for filenames on Windows. # On other platforms this is not needed, # as the shell already does it for us. if os.path.sep == "\\": auditParams._imports = expand_wildcards(auditParams._imports) auditParams._reports = expand_wildcards(auditParams._reports) try: # Load the plugins. manager = PluginManager() manager.find_plugins(cmdParams) # Sanitize the plugin arguments. try: if P.raw_plugin_args: P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args) except KeyError, e: ##raise # XXX DEBUG parser.error("error parsing plugin arguments: %s" % str(e)) # Prompt for passwords. for plugin_id in P.plugin_args.keys(): plugin_info = manager.get_plugin_by_id(plugin_id) target_args = P.plugin_args[plugin_id] for key, value in target_args.items(): if not value and key in plugin_info.plugin_passwd_args: if len(plugin_info.plugin_passwd_args) > 1: msg = "Enter password for %s (%s): " msg %= (plugin_info.display_name, key) else: msg = "Enter password for %s: " msg %= plugin_info.display_name target_args[key] = getpass(msg) # Save the plugin arguments for the Orchestrator and the Audit. cmdParams.plugin_args = P.plugin_args auditParams.plugin_args = P.plugin_args # Check the parameters. cmdParams.check_params() auditParams.check_params() # Set the plugin arguments before loading the UI plugin. for plugin_id, plugin_args in cmdParams.plugin_args.iteritems(): status = manager.set_plugin_args(plugin_id, plugin_args) if status != 0: # should never happen, but just in case... if status == 1: msg = "Unknown plugin: %s" elif status == 2: msg = "Invalid arguments for plugin: %s" else: msg = "Error setting arguments for plugin: %s" parser.error(msg % plugin_id) # Load the UI plugin. ui_plugin_id = "ui/" + cmdParams.ui_mode ui_plugin = manager.load_plugin_by_id(ui_plugin_id)