def __init__(self, torNodes):
BasePlugin.__init__(self, torNodes, 'w3afPlugin')
self.info("[*] w3afPlugin Initialized!")
self.w3afCorePlugin = w3afCore()
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.plugins.zero_enabled_plugins()
self.miscSettings = MiscSettings()
def save_current_to_profile(self,
profile_name,
prof_desc='',
prof_path='',
self_contained=False):
"""
Save the current configuration of the core to the profile called
profile_name.
:return: The new profile instance if the profile was successfully saved.
Otherwise raise a BaseFrameworkException.
"""
# Open the already existing profile
new_profile = profile(profile_name, workdir=os.path.dirname(prof_path))
# shortcut
w3af_plugins = self._w3af_core.plugins
# Save the enabled plugins
for plugin_type in w3af_plugins.get_plugin_types():
enabled_plugins = []
for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
enabled_plugins.append(plugin_name)
new_profile.set_enabled_plugins(plugin_type, enabled_plugins)
# Save the plugin options
for plugin_type in w3af_plugins.get_plugin_types():
for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
plugin_options = w3af_plugins.get_plugin_options(
plugin_type, plugin_name)
if plugin_options:
new_profile.set_plugin_options(
plugin_type,
plugin_name,
plugin_options,
self_contained=self_contained)
# Save the profile targets
targets = cf.cf.get('targets')
if targets:
new_profile.set_target(' , '.join(t.url_string for t in targets))
# Save the misc and http settings
misc_settings = MiscSettings()
new_profile.set_misc_settings(misc_settings.get_options())
new_profile.set_http_settings(
self._w3af_core.uri_opener.settings.get_options())
# Save the profile name and description
new_profile.set_desc(prof_desc)
new_profile.set_name(profile_name)
# Save the profile to the file
new_profile.save(profile_name)
return new_profile
def save_current_to_profile(self, profile_name, prof_desc='', prof_path='',
self_contained=False):
"""
Save the current configuration of the core to the profile called
profile_name.
:return: The new profile instance if the profile was successfully saved.
Otherwise raise a BaseFrameworkException.
"""
# Open the already existing profile
new_profile = profile(profile_name, workdir=os.path.dirname(prof_path))
# shortcut
w3af_plugins = self._w3af_core.plugins
# Save the enabled plugins
for plugin_type in w3af_plugins.get_plugin_types():
enabled_plugins = []
for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
enabled_plugins.append(plugin_name)
new_profile.set_enabled_plugins(plugin_type, enabled_plugins)
# Save the plugin options
for plugin_type in w3af_plugins.get_plugin_types():
for plugin_name in w3af_plugins.get_enabled_plugins(plugin_type):
plugin_options = w3af_plugins.get_plugin_options(plugin_type,
plugin_name)
if plugin_options:
new_profile.set_plugin_options(plugin_type,
plugin_name,
plugin_options,
self_contained=self_contained)
# Save the profile targets
targets = cf.cf.get('targets')
if targets:
new_profile.set_target(' , '.join(t.url_string for t in targets))
# Save the misc and http settings
misc_settings = MiscSettings()
new_profile.set_misc_settings(misc_settings.get_options())
new_profile.set_http_settings(
self._w3af_core.uri_opener.settings.get_options())
# Save the profile name and description
new_profile.set_desc(prof_desc)
new_profile.set_name(profile_name)
# Save the profile to the file
new_profile.save(profile_name)
return new_profile
def setUp(self):
self.kb.cleanup()
self.w3afcore = w3afCore()
self.misc_settings = MiscSettings()
self.request_callback_call_count = 0
self.request_callback_match = 0
if self.MOCK_RESPONSES:
httpretty.reset()
httpretty.enable()
try:
url = URL(self.target_url)
except ValueError, ve:
msg = ('When using MOCK_RESPONSES you need to set the'
' target_url attribute to a valid URL, exception was:'
' "%s".')
raise Exception(msg % ve)
domain = url.get_domain()
proto = url.get_protocol()
port = url.get_port()
self._register_httpretty_uri(proto, domain, port)
def get_misc_settings(self):
"""
Get the misc settings options.
:return: The misc settings in an OptionList
"""
from w3af.core.controllers.misc_settings import MiscSettings
misc_settings = MiscSettings()
return self._get_x_settings('misc-settings', misc_settings)
def __init__(self, torNodes=[]):
BasePlugin.__init__(self, torNodes, 'w3afPlugin')
self.setPluginDetails('w3afPlugin', 'Plugin to load the W3AF context in Tortazo. You can execute W3AF against the TOR deep web.', '1.0', 'Adastra: @jdaanial')
if len(torNodes) > 0:
self.info("[*] w3afPlugin Initialized!")
self.w3afCorePlugin = w3afCore()
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.plugins.zero_enabled_plugins()
self.miscSettings = MiscSettings()
def test_basic(self):
opt_lst = MiscSettings().get_options()
for opt in opt_lst:
self.assertIn(opt.get_type(), OPTION_TYPES)
self.assertTrue(opt.get_name())
self.assertEqual(opt, opt)
# Just verify that this doesn't crash and that the types
# are correct
self.assertIsInstance(opt.get_name(), basestring)
self.assertIsInstance(opt.get_desc(), basestring)
self.assertIsInstance(opt.get_type(), basestring)
self.assertIsInstance(opt.get_help(), basestring)
self.assertIsInstance(opt.get_value_str(), basestring)
def __init__(self, name, console, core, parent=None):
menu.__init__(self, name, console, core, parent)
self._load_help('root')
# At first, there is no scan thread
self._scan_thread = None
mapDict(self.addChild, {
'plugins': pluginsMenu,
'target': (ConfigMenu, self._w3af.target),
'misc-settings': (ConfigMenu, MiscSettings()),
'http-settings': (ConfigMenu, self._w3af.uri_opener.settings),
'profiles': ProfilesMenu,
'bug-report': bug_report_menu,
'exploit': exploit,
'kb': kbMenu
})
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
:raise BaseFrameworkException: if the profile to load has some type of
problem, or the plugins are incorrectly
configured.
"""
error_messages = []
# Clear all the current configuration before loading a new profile
self._w3af_core.plugins.zero_enabled_plugins()
MiscSettings().set_default_values()
self._w3af_core.uri_opener.settings.set_default_values()
if profile_name is None:
# If the profile name is None, I just clear the enabled plugins and
# return
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
if 'local_ip_address' in profile_inst.get_misc_settings():
local_ip = get_local_ip()
profile_misc_settings['local_ip_address'].set_value(local_ip)
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
try:
http_settings = profile_inst.get_http_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework http-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
self._w3af_core.uri_opener.settings.set_options(http_settings)
#
# Handle plugin options
#
error_fmt = ('The profile you are trying to load (%s) seems to be'
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
:raise BaseFrameworkException: if the profile to load has some type of
problem, or the plugins are incorrectly
configured.
"""
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if "local_ip_address" in profile_inst.get_misc_settings():
profile_misc_settings["local_ip_address"].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = (
"The profile you are trying to load (%s) seems to be"
" outdated, this is a common issue which happens when the"
" framework is updated and one of its plugins adds/removes"
" one of the configuration parameters referenced by a"
" profile, or the plugin is removed all together.\n\n"
"The profile was loaded but some of your settings might"
" have been lost. This is the list of issues that were"
" found:\n\n"
" - %s\n"
"\nWe recommend you review the specific plugin"
" configurations, apply the required changes and save"
" the profile in order to update it and avoid this"
" message. If this warning does not disappear you can"
" manually edit the profile file to fix it."
)
error_messages = []
core_set_plugins = self._w3af_core.plugins.set_plugins
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = core_set_plugins(plugin_names, plugin_type, raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is' " unknown to the w3af framework."
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is' " unknown in the current framework version."
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with
# "outdated" profiles that users could have in their ~/.w3af/
# directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(plugin_type, plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type, plugin_name, plugin_options)
except BaseFrameworkException, w3e:
msg = (
'Setting the options for plugin "%s.%s" raised an'
" exception due to unknown or invalid configuration"
" parameters. %s"
)
error_messages.append(msg % (plugin_type, plugin_name, w3e))
try:
profile_misc_settings = profile_inst.get_misc_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework misc-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
if 'local_ip_address' in profile_inst.get_misc_settings():
local_ip = get_local_ip()
profile_misc_settings['local_ip_address'].set_value(local_ip)
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
try:
http_settings = profile_inst.get_http_settings()
except BaseFrameworkException, e:
msg = ('Setting the framework http-settings raised an exception'
' due to unknown or invalid configuration parameters. %s')
error_messages.append(msg % e)
else:
self._w3af_core.uri_opener.settings.set_options(http_settings)
#
# Handle plugin options
#
error_fmt = (
def use_profile(self, profile_name, workdir=None):
"""
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise BaseFrameworkException: if the profile to load has some type of problem.
"""
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if 'local_ip_address' in profile_inst.get_misc_settings():
profile_misc_settings['local_ip_address'].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(
profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = ('The profile you are trying to load (%s) seems to be'
' outdated, this is a common issue which happens when the'
' framework is updated and one of its plugins adds/removes'
' one of the configuration parameters referenced by a profile'
', or the plugin is removed all together.\n\n'
'The profile was loaded but some of your settings might'
' have been lost. This is the list of issues that were found:\n\n'
' - %s\n'
'\nWe recommend you review the specific plugin configurations,'
' apply the required changes and save the profile in order'
' to update it and avoid this message. If this warning does not'
' disappear you can manually edit the profile file to fix it.')
error_messages = []
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names,
plugin_type,
raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is'\
' unknown to the w3af framework.'
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is unknown.'
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(
plugin_type,
plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type,
plugin_name,
plugin_options)
except BaseFrameworkException, w3e:
msg = 'Setting the options for plugin "%s.%s" raised an' \
' exception due to unknown or invalid configuration' \
' parameters.'
msg += ' ' + str(w3e)
error_messages.append(msg % (plugin_type, plugin_name))
class w3afPlugin(BasePlugin):
'''
Class to implement a simple plugin which prints the TOR Data structure.
'''
def __init__(self, torNodes=[]):
BasePlugin.__init__(self, torNodes, 'w3afPlugin')
self.setPluginDetails('w3afPlugin', 'Plugin to load the W3AF context in Tortazo. You can execute W3AF against the TOR deep web.', '1.0', 'Adastra: @jdaanial')
if len(torNodes) > 0:
self.info("[*] w3afPlugin Initialized!")
self.w3afCorePlugin = w3afCore()
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.plugins.zero_enabled_plugins()
self.miscSettings = MiscSettings()
def __del__(self):
if len(self.torNodes) > 0:
self.info("[*] w3afPlugin Destroyed!")
'''
PLUGIN MANAGEMENT FUNCTIONS.
'''
def showPluginsByType(self, type):
pluginByType = self.w3afCorePlugin.plugins.get_plugin_list(type)
tablePlugins = PrettyTable(["[*] Plugins for %s "%(type)])
for plugin in pluginByType:
tablePlugins.add_row([plugin])
print tablePlugins
def showPluginTypes(self):
types = self.w3afCorePlugin.plugins.get_plugin_types()
tableTypes = PrettyTable(["[*] Plugin Types"])
for plugin in types:
tableTypes.add_row([plugin])
print tableTypes
def getEnabledPluginsByType(self, type):
enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
tableTypes = PrettyTable(["[*] Enabled plugins by type %s" %(type)])
for plugin in enabled:
tableTypes.add_row([plugin])
print tableTypes
def getPluginTypeDescription(self, type):
tableTypes = PrettyTable(["[*] Type %s" %(type)])
tableTypes.add_row([self.w3afCorePlugin.plugins.get_plugin_type_desc(type)])
print tableTypes
def getAllEnabledPlugins(self):
enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
tableTypes = PrettyTable(["Type", "Plugins" ])
for type in enabledPlugins.keys():
tableTypes.add_row([type,enabledPlugins[type]])
print tableTypes
def enablePlugin(self, pluginName, type):
enabled = [pluginName, ]
enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
for plugin in enabledPlugins[type]:
enabled.append(plugin)
self.w3afCorePlugin.plugins.set_plugins(enabled, type)
self.getEnabledPluginsByType(type)
def disablePlugin(self,pluginName,type):
enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
if pluginName in enabled:
enabled.remove(pluginName)
print "[*] Plugin Disabled"
self.w3afCorePlugin.plugins.set_plugins(enabled, type)
self.getEnabledPluginsByType(type)
def enableAllPlugins(self, pluginType):
plugins = self.w3afCorePlugin.plugins.get_plugin_list(pluginType)
self.w3afCorePlugin.plugins.set_plugins(plugins, pluginType)
print "[*] All plugins of type %s has been enabled..." %(pluginType)
self.getAllEnabledPlugins()
def disableAllPlugins(self, pluginType):
self.w3afCorePlugin.plugins.set_plugins([], pluginType)
print "[*] All plugins of type %s has been disabled..." %(pluginType)
self.getAllEnabledPlugins()
def getPluginOptions(self, pluginType, pluginName):
optList = self.w3afCorePlugin.plugins.get_plugin_options(pluginType,pluginName)
print "[*] Plugin Options for %s " %(pluginName)
tablePluginOptions = PrettyTable(["Name","Value", "Type"])
for item in optList._internal_opt_list:
tablePluginOptions.add_row([item.get_name(),item.get_value(),item.get_type()])
print tablePluginOptions
def setPluginOptions(self, pluginType, pluginName, pluginSettingType, pluginSetting, pluginSettingValue):
opt_list = OptionList()
opt_list.add( opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting", pluginSettingType) )
print "[*] Setting %s with value %s on Plugin %s ..." %(pluginSetting,pluginSettingValue,pluginName)
self.w3afCorePlugin.plugins._plugins_options[pluginType][pluginName] = opt_list
print "[*] Done!"
def getPluginStatus(self, pluginType, pluginName):
enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
enabled = False
for type in enabledPlugins.keys():
if type in pluginType and pluginName in enabledPlugins[type]:
enabled = True
if enabled:
print "[*] The plugin %s status is: ENABLED" %(pluginName)
else:
print "[*] The plugin %s status is: DISABLED" %(pluginName)
'''
ATTACK MANAGEMENT FUNCTIONS.
'''
def setTarget(self, url):
if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
options = self.w3afCorePlugin.target.get_options()
options['target'].set_value(url)
self.w3afCorePlugin.target.set_options(options)
print "[*] Target %s configured." %(url)
def setTargetDeepWeb(self, url):
self.serviceConnector.setSocksProxy()
#if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
options = self.w3afCorePlugin.target.get_options()
options['target'].set_value(url)
self.w3afCorePlugin.target.set_options(options)
print "[*] Target %s configured." %(url)
def startAttack(self):
print "[*] W3AF Attack Starting..."
#print '[*] Starting Attack against: '+str(cf.cf['targets'])
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.verify_environment()
self.w3afCorePlugin.start()
#self.w3afCorePlugin.plugins.create_instances()
#self.w3afCorePlugin.start()
print "[*] W3AF Attack Finished! Check the results using the right functions in this plugin."
'''
MISC CONFIGURATION FUNCTIONS
'''
def listMiscConfigs(self):
optList = self.miscSettings.get_options()
print "[*] MiscSettings List"
tableMiscOptions = PrettyTable(["Name","Value", "Type"])
for item in optList._internal_opt_list:
tableMiscOptions.add_row([item.get_name(),item.get_value(),item.get_type()])
print tableMiscOptions
def setMiscConfig(self,setting,value):
opt_list = OptionList()
opt_list.add( opt_factory(setting, value, "Misc Setting", "string") )
print "[*] Setting %s with value %s on MiscsSettings ..." %(setting,value)
if cf.cf.has_key(setting):
cf.cf.save(setting, value)
print "[*] Done!"
self.listMiscConfigs()
else:
print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"
'''
PROFILE MANAGEMENT FUNCTIONS
'''
def listProfiles(self):
valid_profiles, invalid_profiles = self.w3afCorePlugin.profiles.get_profile_list()
print "[*] List of profiles."
print "\n"
tableProfiles = PrettyTable(["Description", "Profile File", "Name"])
for profile in valid_profiles:
tableProfiles.add_row([profile.get_desc(),
profile.get_profile_file(),
profile.get_name()])
print tableProfiles
def useProfile(self,profileName):
print "[*] Loading profile %s " %(profileName)
self.w3afCorePlugin.profiles.use_profile(profileName)
print "[*] Done!"
def createProfileWithCurrentConfig(self, profileName, profileDescription):
print "[*] Creating profile %s " %(profileName)
profile = self.w3afCorePlugin.profiles.save_current_to_new_profile(profileName, profileDescription)
tableProfiles = PrettyTable(["Description","Profile File", "Name"])
tableProfiles.add_row([profile.get_desc(),profile.get_profile_file(),profile.get_name()])
print tableProfiles
def modifyProfileWithCurrentConfig(self, profileName, profileDescription):
print "[*] Updating profile %s with the current configuration" %(profileName)
profile = self.w3afCorePlugin.profiles.save_current_to_profile(profileName,profileDescription)
tableProfile = PrettyTable(["Profile File", "Name", "Target", "Description"])
tableProfile.add_row([profile.get_profile_file(),
profile.get_name(),
profile.get_target(),
profile.get_desc()])
print tableProfile
def removeProfile(self,profileName):
removed = self.w3afCorePlugin.profiles.remove_profile(profileName)
if removed:
print "[*] Profile %s removed successfully." %(profileName)
else:
print "[-] Error removing the profile %s. The profile, already Exists?" %(profileName)
'''
SHELLS MANAGEMENT FUNCTIONS
'''
def listShells(self):
shells = kb.get_all_shells()
print "[*] List of shells."
tableShells = PrettyTable(["Id","OS","System","User","System Name"])
for shell in shells:
tableShells.add_row([shell.id,
shell.get_remote_os(),
shell.get_remote_system(),
shell.get_remote_user(),
shell.get_remote_system_name()])
print tableShells
def executeCommand(self,shellId, command,params):
shells = kb.get_all_shells()
response = None
for shell in shells:
if shell.id == shellId and command is not None:
response = shell.generic_user_input(command,params)
if response is not None:
print "[*] Response: %s" %(response)
else:
print "[-] No response received. Check the shell that you've entered. Exists?"
'''
VULNS AND INFO MANAGEMENT FUNCTIONS
'''
def listAttackPlugins(self):
self.showPluginsByType('attack')
def listInfos(self):
infos = kb.get_all_infos()
print "[*] List of Infos."
tableInfos = PrettyTable(["Id","Name","Method","Description","Plugin Name"])
for info in infos:
tableInfos.add_row([info.get_id(),
info.get_name(),
info.get_method(),
info.get_desc(),
info.get_plugin_name()])
print tableInfos
def listVulnerabilities(self):
vulns = kb.get_all_vulns()
print "[*] List of Vulns."
tableVulns = PrettyTable(["Severity","Description"])
for vuln in vulns:
tableVulns.add_row([vuln.get_severity(),vuln.get_desc()])
print tableVulns
def exploitAllVulns(self,pluginExploit):
print "[*] Checking the vulnerability and plugin to exploit..."
pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst('attack',pluginExploit)
for vuln in kb.get_all_vulns():
if vuln.get_id() is not None:
shells = pluginAttack.exploit(vuln.get_id())
for shell in shells:
print "Shell Generated %s " %(shell.id)
print "[*] Exploit vulnerability finished."
def exploitVuln(self,pluginExploit,vulnId):
print "[*] Checking the vulnerability and plugin to exploit..."
pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst('attack',pluginExploit)
for vuln in kb.get_all_vulns():
if vuln.get_id() is not None:
if int(vulnId) in vuln.get_id():
shells = pluginAttack.exploit(vuln.get_id())
for shell in shells:
print "Shell Generated %s " %(shell.id)
print "[*] Exploit vulnerability finished."
def help(self):
print "[*] Functions availaible in the Plugin..."
print "[*] Plugin Management Functions"
tableHelpPlugins = PrettyTable(["Function", "Description", "Example"])
tableHelpPlugins.padding_width = 1
tableHelpPlugins.add_row(['help', 'Help Banner', 'self.help()'])
tableHelpPlugins.add_row(['printRelaysFound', 'Table with the relays found.', 'self.printRelaysFound()'])
tableHelpPlugins.add_row(['showPluginsByType', 'List of available plugins filtered by type.', 'self.showPluginsByType("audit")'])
tableHelpPlugins.add_row(['showPluginTypes', 'List of available plugin types.', 'self.showPluginTypes()'])
tableHelpPlugins.add_row(['getEnabledPluginsByType', 'Enabled plugins by types.', 'self.getEnabledPluginsByType("audit")'])
tableHelpPlugins.add_row(['getPluginTypeDescription', 'Description for the plugin type specified.', 'self.getPluginTypeDescription("audit")'])
tableHelpPlugins.add_row(['getAllEnabledPlugins', 'List of enabled plugins.', 'self.getAllEnabledPlugins()'])
tableHelpPlugins.add_row(['enablePlugin', 'Enable a plugin.', 'self.enablePlugin("blind_sqli","audit")'])
tableHelpPlugins.add_row(['disablePlugin', 'Disable a plugin.', 'self.disablePlugin("blind_sqli","audit")'])
tableHelpPlugins.add_row(['enableAllPlugins', 'Enable all plugins.', 'self.enableAllPlugins("audit")'])
tableHelpPlugins.add_row(['disableAllPlugins', 'Disable all plugins.', 'self.disableAllPlugins("audit")'])
tableHelpPlugins.add_row(['getPluginOptions', 'Get Options for the plugin specified.', 'self.getPluginOptions("audit","blind_sqli")'])
tableHelpPlugins.add_row(['setPluginOptions', 'Set Options for the plugin specified.', 'self.setPluginOptions("audit","eval","boolean","use_time_delay","False")'])
tableHelpPlugins.add_row(['getPluginStatus', 'Check if the specified plugin is enabled.', 'self.getPluginStatus("audit","eval")'])
print tableHelpPlugins
print "\n"
print "[*] Attack Functions"
tableHelpAttack = PrettyTable(["Function", "Description", "Example"])
tableHelpAttack.add_row(['setTarget', 'Sets the target for the attack (clear web)', 'self.setTarget("http://www.target.com")'])
tableHelpAttack.add_row(['setTargetDeepWeb', 'Sets the target in the DeepWeb of TOR.', 'self.setTarget("http://torlongonionpath.onion")'])
tableHelpAttack.add_row(['startAttack', 'Starts the attack.', 'self.startAttack()'])
print tableHelpAttack
print "\n"
print "[*] Misc Settings Functions"
tableHelpMiscSettings = PrettyTable(["Function", "Description", "Example"])
tableHelpMiscSettings.add_row(['listMiscConfigs', 'List of Misc Settings', 'self.listMiscConfigs()'])
tableHelpMiscSettings.add_row(['setMiscConfig', 'Sets a Misc Settings', 'self.setMiscConfig("msf_location","/opt/msf")'])
print tableHelpMiscSettings
print "\n"
print "[*] Profile Management Functions"
tableHelpMiscSettings = PrettyTable(["Function", "Description", "Example"])
tableHelpMiscSettings.add_row(['listProfiles', 'List of Profiles', 'self.listProfiles()'])
tableHelpMiscSettings.add_row(['useProfile', 'Use a Profile', 'self.useProfile("profileName")'])
tableHelpMiscSettings.add_row(['createProfileWithCurrentConfig', 'Creates a new Profile with the current settings', 'self.createProfileWithCurrentConfig("profileName", "Profile Description")'])
tableHelpMiscSettings.add_row(['modifyProfileWithCurrentConfig', 'Modifies an existing profile with the current settings', 'self.modifyProfileWithCurrentConfig("profileName", "Profile Description")'])
tableHelpMiscSettings.add_row(['removeProfile', 'Removes an existing profile', 'self.removeProfile("profileName")'])
print tableHelpMiscSettings
print "\n"
print "[*] Shell Management Functions"
tableHelpShells = PrettyTable(["Function", "Description", "Example"])
tableHelpShells.add_row(['listShells', 'List of Shells', 'self.listShells()'])
tableHelpShells.add_row(['executeCommand', 'Executes a command in the specified shell', 'self.executeCommand(1,"lsp")'])
print tableHelpShells
print "\n"
print "[*] Vulns and Info Management Functions"
tableHelpShells = PrettyTable(["Function", "Description", "Example"])
tableHelpShells.add_row(['listAttackPlugins', 'List of attack plugins.', 'self.listAttackPlugins()'])
tableHelpShells.add_row(['listInfos', 'List of Infos in the Knowledge Base of W3AF', 'self.listInfos()'])
tableHelpShells.add_row(['listVulnerabilities', 'List of Vulns in the Knowledge Base of W3AF', 'self.listVulnerabilities()'])
tableHelpShells.add_row(['exploitAllVulns', 'Exploits all vulns in the Knowledge Base of W3AF', 'self.exploitVulns("sqli")'])
tableHelpShells.add_row(['exploitVuln', 'Exploits the specified Vuln in the Knowledge Base of W3AF', 'self.exploitVulns("sqli",18)'])
print tableHelpShells
def setUp(self):
MiscSettings().set_default_values()
create_temp_dir()
self.vdb = VariantDB()
class w3afPlugin(BasePlugin):
'''
Class to implement a simple plugin which prints the TOR Data structure.
'''
def __init__(self, torNodes):
BasePlugin.__init__(self, torNodes, 'w3afPlugin')
self.info("[*] w3afPlugin Initialized!")
self.w3afCorePlugin = w3afCore()
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.plugins.zero_enabled_plugins()
self.miscSettings = MiscSettings()
def __del__(self):
self.info("[*] w3afPlugin Destroyed!")
'''
PLUGIN MANAGEMENT FUNCTIONS.
'''
def showPluginsByType(self, type):
pluginByType = self.w3afCorePlugin.plugins.get_plugin_list(type)
tablePlugins = PrettyTable(["[*] Plugins for %s " % (type)])
for plugin in pluginByType:
tablePlugins.add_row([plugin])
print tablePlugins
def showPluginTypes(self):
types = self.w3afCorePlugin.plugins.get_plugin_types()
tableTypes = PrettyTable(["[*] Plugin Types"])
for plugin in types:
tableTypes.add_row([plugin])
print tableTypes
def getEnabledPluginsByType(self, type):
enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
tableTypes = PrettyTable(["[*] Enabled plugins by type %s" % (type)])
for plugin in enabled:
tableTypes.add_row([plugin])
print tableTypes
def getPluginTypeDescription(self, type):
tableTypes = PrettyTable(["[*] Type %s" % (type)])
tableTypes.add_row(
[self.w3afCorePlugin.plugins.get_plugin_type_desc(type)])
print tableTypes
def getAllEnabledPlugins(self):
enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
tableTypes = PrettyTable(["Type", "Plugins"])
for type in enabledPlugins.keys():
tableTypes.add_row([type, enabledPlugins[type]])
print tableTypes
def enablePlugin(self, pluginName, type):
enabled = [
pluginName,
]
enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
for plugin in enabledPlugins[type]:
enabled.append(plugin)
self.w3afCorePlugin.plugins.set_plugins(enabled, type)
self.getEnabledPluginsByType(type)
def disablePlugin(self, pluginName, type):
enabled = self.w3afCorePlugin.plugins.get_enabled_plugins(type)
if pluginName in enabled:
enabled.remove(pluginName)
print "[*] Plugin Disabled"
self.w3afCorePlugin.plugins.set_plugins(enabled, type)
self.getEnabledPluginsByType(type)
def enableAllPlugins(self, pluginType):
plugins = self.w3afCorePlugin.plugins.get_plugin_list(pluginType)
self.w3afCorePlugin.plugins.set_plugins(plugins, pluginType)
print "[*] All plugins of type %s has been enabled..." % (pluginType)
self.getAllEnabledPlugins()
def disableAllPlugins(self, pluginType):
self.w3afCorePlugin.plugins.set_plugins([], pluginType)
print "[*] All plugins of type %s has been disabled..." % (pluginType)
self.getAllEnabledPlugins()
def getPluginOptions(self, pluginType, pluginName):
optList = self.w3afCorePlugin.plugins.get_plugin_options(
pluginType, pluginName)
print "[*] Plugin Options for %s " % (pluginName)
tablePluginOptions = PrettyTable(["Name", "Value", "Type"])
for item in optList._internal_opt_list:
tablePluginOptions.add_row(
[item.get_name(),
item.get_value(),
item.get_type()])
print tablePluginOptions
def setPluginOptions(self, pluginType, pluginName, pluginSettingType,
pluginSetting, pluginSettingValue):
opt_list = OptionList()
opt_list.add(
opt_factory(pluginSetting, pluginSettingValue, "Plugin Setting",
pluginSettingType))
print "[*] Setting %s with value %s on Plugin %s ..." % (
pluginSetting, pluginSettingValue, pluginName)
self.w3afCorePlugin.plugins._plugins_options[pluginType][
pluginName] = opt_list
print "[*] Done!"
def getPluginStatus(self, pluginType, pluginName):
enabledPlugins = self.w3afCorePlugin.plugins.get_all_enabled_plugins()
enabled = False
for type in enabledPlugins.keys():
if type in pluginType and pluginName in enabledPlugins[type]:
enabled = True
if enabled:
print "[*] The plugin %s status is: ENABLED" % (pluginName)
else:
print "[*] The plugin %s status is: DISABLED" % (pluginName)
'''
ATTACK MANAGEMENT FUNCTIONS.
'''
def setTarget(self, url):
if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
options = self.w3afCorePlugin.target.get_options()
options['target'].set_value(url)
self.w3afCorePlugin.target.set_options(options)
print "[*] Target %s configured." % (url)
def setTargetDeepWeb(self, url):
self.setSocksProxy()
#if self.w3afCorePlugin.target._verify_url(URL_KLASS(url)):
options = self.w3afCorePlugin.target.get_options()
options['target'].set_value(url)
self.w3afCorePlugin.target.set_options(options)
print "[*] Target %s configured." % (url)
def startAttack(self):
print "[*] W3AF Attack Starting..."
#print '[*] Starting Attack against: '+str(cf.cf['targets'])
self.w3afCorePlugin.plugins.init_plugins()
self.w3afCorePlugin.verify_environment()
self.w3afCorePlugin.start()
#self.w3afCorePlugin.plugins.create_instances()
#self.w3afCorePlugin.start()
print "[*] W3AF Attack Finished! Check the results using the right functions in this plugin."
'''
MISC CONFIGURATION FUNCTIONS
'''
def listMiscConfigs(self):
optList = self.miscSettings.get_options()
print "[*] MiscSettings List"
tableMiscOptions = PrettyTable(["Name", "Value", "Type"])
for item in optList._internal_opt_list:
tableMiscOptions.add_row(
[item.get_name(),
item.get_value(),
item.get_type()])
print tableMiscOptions
def setMiscConfig(self, setting, value):
opt_list = OptionList()
opt_list.add(opt_factory(setting, value, "Misc Setting", "string"))
print "[*] Setting %s with value %s on MiscsSettings ..." % (setting,
value)
if cf.cf.has_key(setting):
cf.cf.save(setting, value)
print "[*] Done!"
self.listMiscConfigs()
else:
print "[-] Invalid setting. Check the available settings with the function self.listMiscConfigs()"
'''
PROFILE MANAGEMENT FUNCTIONS
'''
def listProfiles(self):
valid_profiles, invalid_profiles = self.w3afCorePlugin.profiles.get_profile_list(
)
print "[*] List of profiles."
print "\n"
tableProfiles = PrettyTable(["Description", "Profile File", "Name"])
for profile in valid_profiles:
tableProfiles.add_row([
profile.get_desc(),
profile.get_profile_file(),
profile.get_name()
])
print tableProfiles
def useProfile(self, profileName):
print "[*] Loading profile %s " % (profileName)
self.w3afCorePlugin.profiles.use_profile(profileName)
print "[*] Done!"
def createProfileWithCurrentConfig(self, profileName, profileDescription):
print "[*] Creating profile %s " % (profileName)
profile = self.w3afCorePlugin.profiles.save_current_to_new_profile(
profileName, profileDescription)
tableProfiles = PrettyTable(["Description", "Profile File", "Name"])
tableProfiles.add_row([
profile.get_desc(),
profile.get_profile_file(),
profile.get_name()
])
print tableProfiles
def modifyProfileWithCurrentConfig(self, profileName, profileDescription):
print "[*] Updating profile %s with the current configuration" % (
profileName)
profile = self.w3afCorePlugin.profiles.save_current_to_profile(
profileName, profileDescription)
tableProfile = PrettyTable(
["Profile File", "Name", "Target", "Description"])
tableProfile.add_row([
profile.get_profile_file(),
profile.get_name(),
profile.get_target(),
profile.get_desc()
])
print tableProfile
def removeProfile(self, profileName):
removed = self.w3afCorePlugin.profiles.remove_profile(profileName)
if removed:
print "[*] Profile %s removed successfully." % (profileName)
else:
print "[-] Error removing the profile %s. The profile, already Exists?" % (
profileName)
'''
SHELLS MANAGEMENT FUNCTIONS
'''
def listShells(self):
shells = kb.get_all_shells()
print "[*] List of shells."
tableShells = PrettyTable(
["Id", "OS", "System", "User", "System Name"])
for shell in shells:
tableShells.add_row([
shell.id,
shell.get_remote_os(),
shell.get_remote_system(),
shell.get_remote_user(),
shell.get_remote_system_name()
])
print tableShells
def executeCommand(self, shellId, command, params):
shells = kb.get_all_shells()
response = None
for shell in shells:
if shell.id == shellId and command is not None:
response = shell.generic_user_input(command, params)
if response is not None:
print "[*] Response: %s" % (response)
else:
print "[-] No response received. Check the shell that you've entered. Exists?"
'''
VULNS AND INFO MANAGEMENT FUNCTIONS
'''
def listAttackPlugins(self):
self.showPluginsByType('attack')
def listInfos(self):
infos = kb.get_all_infos()
print "[*] List of Infos."
tableInfos = PrettyTable(
["Id", "Name", "Method", "Description", "Plugin Name"])
for info in infos:
tableInfos.add_row([
info.get_id(),
info.get_name(),
info.get_method(),
info.get_desc(),
info.get_plugin_name()
])
print tableInfos
def listVulnerabilities(self):
vulns = kb.get_all_vulns()
print "[*] List of Vulns."
tableVulns = PrettyTable(["Severity", "Description"])
for vuln in vulns:
tableVulns.add_row([vuln.get_severity(), vuln.get_desc()])
print tableVulns
def exploitAllVulns(self, pluginExploit):
print "[*] Checking the vulnerability and plugin to exploit..."
pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst(
'attack', pluginExploit)
for vuln in kb.get_all_vulns():
if vuln.get_id() is not None:
shells = pluginAttack.exploit(vuln.get_id())
for shell in shells:
print "Shell Generated %s " % (shell.id)
print "[*] Exploit vulnerability finished."
def exploitVuln(self, pluginExploit, vulnId):
print "[*] Checking the vulnerability and plugin to exploit..."
pluginAttack = self.w3afCorePlugin.plugins.get_plugin_inst(
'attack', pluginExploit)
for vuln in kb.get_all_vulns():
if vuln.get_id() is not None:
if int(vulnId) in vuln.get_id():
shells = pluginAttack.exploit(vuln.get_id())
for shell in shells:
print "Shell Generated %s " % (shell.id)
print "[*] Exploit vulnerability finished."
def help(self):
print "[*] Functions availaible in the Plugin..."
print "[*] Plugin Management Functions"
tableHelpPlugins = PrettyTable(["Function", "Description", "Example"])
tableHelpPlugins.padding_width = 1
tableHelpPlugins.add_row(['help', 'Help Banner', 'self.help()'])
tableHelpPlugins.add_row([
'printRelaysFound', 'Table with the relays found.',
'self.printRelaysFound()'
])
tableHelpPlugins.add_row([
'showPluginsByType', 'List of available plugins filtered by type.',
'self.showPluginsByType("audit")'
])
tableHelpPlugins.add_row([
'showPluginTypes', 'List of available plugin types.',
'self.showPluginTypes()'
])
tableHelpPlugins.add_row([
'getEnabledPluginsByType', 'Enabled plugins by types.',
'self.getEnabledPluginsByType("audit")'
])
tableHelpPlugins.add_row([
'getPluginTypeDescription',
'Description for the plugin type specified.',
'self.getPluginTypeDescription("audit")'
])
tableHelpPlugins.add_row([
'getAllEnabledPlugins', 'List of enabled plugins.',
'self.getAllEnabledPlugins()'
])
tableHelpPlugins.add_row([
'enablePlugin', 'Enable a plugin.',
'self.enablePlugin("blind_sqli","audit")'
])
tableHelpPlugins.add_row([
'disablePlugin', 'Disable a plugin.',
'self.disablePlugin("blind_sqli","audit")'
])
tableHelpPlugins.add_row([
'enableAllPlugins', 'Enable all plugins.',
'self.enableAllPlugins("audit")'
])
tableHelpPlugins.add_row([
'disableAllPlugins', 'Disable all plugins.',
'self.disableAllPlugins("audit")'
])
tableHelpPlugins.add_row([
'getPluginOptions', 'Get Options for the plugin specified.',
'self.getPluginOptions("audit","blind_sqli")'
])
tableHelpPlugins.add_row([
'setPluginOptions', 'Set Options for the plugin specified.',
'self.setPluginOptions("audit","eval","boolean","use_time_delay","False")'
])
tableHelpPlugins.add_row([
'getPluginStatus', 'Check if the specified plugin is enabled.',
'self.getPluginStatus("audit","eval")'
])
print tableHelpPlugins
print "\n"
print "[*] Attack Functions"
tableHelpAttack = PrettyTable(["Function", "Description", "Example"])
tableHelpAttack.add_row([
'setTarget', 'Sets the target for the attack (clear web)',
'self.setTarget("http://www.target.com")'
])
tableHelpAttack.add_row([
'setTargetDeepWeb', 'Sets the target in the DeepWeb of TOR.',
'self.setTarget("http://torlongonionpath.onion")'
])
tableHelpAttack.add_row(
['startAttack', 'Starts the attack.', 'self.startAttack()'])
print tableHelpAttack
print "\n"
print "[*] Misc Settings Functions"
tableHelpMiscSettings = PrettyTable(
["Function", "Description", "Example"])
tableHelpMiscSettings.add_row([
'listMiscConfigs', 'List of Misc Settings',
'self.listMiscConfigs()'
])
tableHelpMiscSettings.add_row([
'setMiscConfig', 'Sets a Misc Settings',
'self.setMiscConfig("msf_location","/opt/msf")'
])
print tableHelpMiscSettings
print "\n"
print "[*] Profile Management Functions"
tableHelpMiscSettings = PrettyTable(
["Function", "Description", "Example"])
tableHelpMiscSettings.add_row(
['listProfiles', 'List of Profiles', 'self.listProfiles()'])
tableHelpMiscSettings.add_row(
['useProfile', 'Use a Profile', 'self.useProfile("profileName")'])
tableHelpMiscSettings.add_row([
'createProfileWithCurrentConfig',
'Creates a new Profile with the current settings',
'self.createProfileWithCurrentConfig("profileName", "Profile Description")'
])
tableHelpMiscSettings.add_row([
'modifyProfileWithCurrentConfig',
'Modifies an existing profile with the current settings',
'self.modifyProfileWithCurrentConfig("profileName", "Profile Description")'
])
tableHelpMiscSettings.add_row([
'removeProfile', 'Removes an existing profile',
'self.removeProfile("profileName")'
])
print tableHelpMiscSettings
print "\n"
print "[*] Shell Management Functions"
tableHelpShells = PrettyTable(["Function", "Description", "Example"])
tableHelpShells.add_row(
['listShells', 'List of Shells', 'self.listShells()'])
tableHelpShells.add_row([
'executeCommand', 'Executes a command in the specified shell',
'self.executeCommand(1,"lsp")'
])
print tableHelpShells
print "\n"
print "[*] Vulns and Info Management Functions"
tableHelpShells = PrettyTable(["Function", "Description", "Example"])
tableHelpShells.add_row([
'listAttackPlugins', 'List of attack plugins.',
'self.listAttackPlugins()'
])
tableHelpShells.add_row([
'listInfos', 'List of Infos in the Knowledge Base of W3AF',
'self.listInfos()'
])
tableHelpShells.add_row([
'listVulnerabilities',
'List of Vulns in the Knowledge Base of W3AF',
'self.listVulnerabilities()'
])
tableHelpShells.add_row([
'exploitAllVulns',
'Exploits all vulns in the Knowledge Base of W3AF',
'self.exploitVulns("sqli")'
])
tableHelpShells.add_row([
'exploitVuln',
'Exploits the specified Vuln in the Knowledge Base of W3AF',
'self.exploitVulns("sqli",18)'
])
print tableHelpShells
