def command_run(parser, P, cmdParams, auditParams):
# For the SCAN command, assume targets are URLs whenever feasible.
if P.command == "SCAN":
guessed_urls = []
for target in auditParams.targets:
if not "://" in target:
guessed_urls.append("http://" + target)
auditParams.targets.extend(guessed_urls)
# For all other commands, disable the testing plugins.
else:
auditParams.plugin_load_overrides.append((False, "testing"))
# For the IMPORT command, targets are import files.
if P.command == "IMPORT":
auditParams.imports = auditParams.targets # magic
del auditParams.targets # magic
# For the REPORT command, targets are report files.
elif P.command == "REPORT":
auditParams.reports = auditParams.targets # magic
del auditParams.targets # magic
# If we reached this point, we have an internal error!
else:
raise RuntimeError("Unsupported command: %s" % P.command)
# Expand wildcards for filenames on Windows.
# On other platforms this is not needed,
# as the shell already does it for us.
if os.path.sep == "\\":
auditParams._imports = expand_wildcards(auditParams._imports)
auditParams._reports = expand_wildcards(auditParams._reports)
try:
# Load the plugins.
manager = PluginManager()
manager.find_plugins(cmdParams)
# Sanitize the plugin arguments.
try:
if P.raw_plugin_args:
P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args)
except KeyError, e:
##raise # XXX DEBUG
parser.error("error parsing plugin arguments: %s" % str(e))
# Prompt for passwords.
for plugin_id in P.plugin_args.keys():
plugin_info = manager.get_plugin_by_id(plugin_id)
target_args = P.plugin_args[plugin_id]
for key, value in target_args.items():
if not value and key in plugin_info.plugin_passwd_args:
if len(plugin_info.plugin_passwd_args) > 1:
msg = "Enter password for %s (%s): "
msg %= (plugin_info.display_name, key)
else:
msg = "Enter password for %s: "
msg %= plugin_info.display_name
target_args[key] = getpass(msg)
# Save the plugin arguments for the Orchestrator and the Audit.
cmdParams.plugin_args = P.plugin_args
auditParams.plugin_args = P.plugin_args
# Check the parameters.
cmdParams.check_params()
auditParams.check_params()
# Set the plugin arguments before loading the UI plugin.
for plugin_id, plugin_args in cmdParams.plugin_args.iteritems():
status = manager.set_plugin_args(plugin_id, plugin_args)
if status != 0: # should never happen, but just in case...
if status == 1:
msg = "Unknown plugin: %s"
elif status == 2:
msg = "Invalid arguments for plugin: %s"
else:
msg = "Error setting arguments for plugin: %s"
parser.error(msg % plugin_id)
# Load the UI plugin.
ui_plugin_id = "ui/" + cmdParams.ui_mode
ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
def command_run(parser, P, cmdParams, auditParams):
# For the SCAN command, assume targets are URLs whenever feasible.
if P.command == "SCAN":
guessed_urls = []
for target in auditParams.targets:
if not "://" in target:
guessed_urls.append("http://" + target)
auditParams.targets.extend(guessed_urls)
# For all other commands, disable the testing plugins.
else:
auditParams.plugin_load_overrides.append( (False, "testing") )
# For the IMPORT command, targets are import files.
if P.command == "IMPORT":
auditParams.imports = auditParams.targets # magic
del auditParams.targets # magic
# For the REPORT command, targets are report files.
elif P.command == "REPORT":
auditParams.reports = auditParams.targets # magic
del auditParams.targets # magic
# If we reached this point, we have an internal error!
else:
raise RuntimeError("Unsupported command: %s" % P.command)
# Expand wildcards for filenames on Windows.
# On other platforms this is not needed,
# as the shell already does it for us.
if os.path.sep == "\\":
auditParams._imports = expand_wildcards(auditParams._imports)
auditParams._reports = expand_wildcards(auditParams._reports)
try:
# Load the plugins.
manager = PluginManager()
manager.find_plugins(cmdParams)
# Sanitize the plugin arguments.
try:
if P.raw_plugin_args:
P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args)
except KeyError, e:
##raise # XXX DEBUG
parser.error("error parsing plugin arguments: %s" % str(e))
# Prompt for passwords.
for plugin_id in P.plugin_args.keys():
plugin_info = manager.get_plugin_by_id(plugin_id)
target_args = P.plugin_args[plugin_id]
for key, value in target_args.items():
if not value and key in plugin_info.plugin_passwd_args:
if len(plugin_info.plugin_passwd_args) > 1:
msg = "Enter password for %s (%s): "
msg %= (plugin_info.display_name, key)
else:
msg = "Enter password for %s: "
msg %= plugin_info.display_name
target_args[key] = getpass(msg)
# Save the plugin arguments for the Orchestrator and the Audit.
cmdParams.plugin_args = P.plugin_args
auditParams.plugin_args = P.plugin_args
# Check the parameters.
cmdParams.check_params()
auditParams.check_params()
# Set the plugin arguments before loading the UI plugin.
for plugin_id, plugin_args in cmdParams.plugin_args.iteritems():
status = manager.set_plugin_args(plugin_id, plugin_args)
if status != 0: # should never happen, but just in case...
if status == 1:
msg = "Unknown plugin: %s"
elif status == 2:
msg = "Invalid arguments for plugin: %s"
else:
msg = "Error setting arguments for plugin: %s"
parser.error(msg % plugin_id)
# Load the UI plugin.
ui_plugin_id = "ui/" + cmdParams.ui_mode
ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
if not value and key in plugin_info.plugin_passwd_args:
if len(plugin_info.plugin_passwd_args) > 1:
msg = "Enter password for %s (%s): "
msg %= (plugin_info.display_name, key)
else:
msg = "Enter password for %s: "
msg %= plugin_info.display_name
target_args[key] = getpass(msg)
# Save the plugin arguments for the Orchestrator and the Audit.
cmdParams.plugin_args = plugin_args
auditParams.plugin_args = plugin_args
# Set the plugin arguments before loading the UI plugin.
for plugin_id, plugin_args in cmdParams.plugin_args.iteritems():
status = manager.set_plugin_args(plugin_id, plugin_args)
if status != 0: # should never happen, but just in case...
if status == 1:
msg = "Unknown plugin: %s"
elif status == 2:
msg = "Invalid arguments for plugin: %s"
else:
msg = "Error setting arguments for plugin: %s"
parser.error(msg % plugin_id)
# Load the UI plugin.
ui_plugin_id = "ui/" + cmdParams.ui_mode
ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
# Show an error message if something goes wrong.
except Exception, e:
if len(plugin_info.plugin_passwd_args) > 1:
msg = "Enter password for %s (%s): "
msg %= (plugin_info.display_name, key)
else:
msg = "Enter password for %s: "
msg %= plugin_info.display_name
target_args[key] = getpass(msg)
# Save the plugin arguments for the Orchestrator and the Audit.
cmdParams.plugin_args = plugin_args
if auditParams.targets:
auditParams.plugin_args = plugin_args
# Set the plugin arguments before loading the UI plugin.
for plugin_name, plugin_args in cmdParams.plugin_args.iteritems():
status = manager.set_plugin_args(plugin_name, plugin_args)
if status != 0: # should never happen, but just in case...
if status == 1:
msg = "Unknown plugin: %s"
elif status == 2:
msg = "Invalid arguments for plugin: %s"
else:
msg = "Error setting arguments for plugin: %s"
parser.error(msg % plugin_name)
# Load the UI plugin.
ui_plugin_name = "ui/" + cmdParams.ui_mode
ui_plugin = manager.load_plugin_by_name(ui_plugin_name)
# Show an error message if something goes wrong.
except Exception, e:
