def _launch_exploit_all(dlg, w3af, enabled_plugins, stopOnFirst):
"""
A generator that will perform the exploitation of all the vulnerabilities.
:param dlg: The dialog where I'm going to write the messages
:param w3af: the core
:param enabled_plugins: Which plugins are to be used.
:param stopOnFirst: if the exploit should stop in the first exploited vuln.
"""
for exploit_name in enabled_plugins:
dlg.add_message(_("\nExploiting %r...\n") % exploit_name)
exploit = w3af.plugins.get_plugin_inst("attack", exploit_name)
vulns = get_exploitable_vulns(exploit)
dlg.add_message(_(" %d vulnerabilities to exploit\n") % len(vulns))
yield True
for vuln in vulns:
# Let GTK handle events, I want a responsive GUI!
yield True
# check if o
msg = _("Checking suitability for vuln %r...\n")
dlg.add_message(msg % vuln.get_name())
can_exploit = False
try:
can_exploit = exploit.can_exploit(vuln.get_id())
except BaseFrameworkException, e:
dlg.add_message(_("\nERROR: "))
dlg.add_message(str(e) + '\n')
dlg.done()
dlg.dialog_run()
yield False
except ScanMustStopException, wmse:
dlg.add_message(_("\nERROR: "))
dlg.add_message(str(wmse) + '\n')
dlg.done()
dlg.dialog_run()
yield False
if not can_exploit:
dlg.add_message(_(" nop\n"))
yield True
continue
dlg.add_message(_(" ok\n"))
# exploitable, go for it!
dlg.add_message(_("Exploiting...\n"))
try:
exploit.exploit()
except BaseFrameworkException, e:
dlg.add_message(str(e) + '\n')
yield True
continue
def set_filter(self, vuln):
new_liststore = gtk.ListStore(str, str)
for pname in sorted(self.w3af.plugins.get_plugin_list("attack")):
exploit = self.w3af.plugins.get_plugin_inst("attack", pname)
thisvulns = get_exploitable_vulns(exploit)
markedname = ("<b>%s</b>" % pname) if vuln in thisvulns else pname
new_liststore.append([markedname, pname])
self.set_model(new_liststore)
self.liststore = new_liststore
def _launch_exploit_all(dlg, w3af, enabled_plugins, stopOnFirst):
"""
A generator that will perform the exploitation of all the vulnerabilities.
:param dlg: The dialog where I'm going to write the messages
:param w3af: the core
:param enabled_plugins: Which plugins are to be used.
:param stopOnFirst: if the exploit should stop in the first exploited vuln.
"""
for exploit_name in enabled_plugins:
dlg.add_message(_("\nExploiting %r...\n") % exploit_name)
exploit = w3af.plugins.get_plugin_inst("attack", exploit_name)
vulns = get_exploitable_vulns(exploit)
dlg.add_message(_(" %d vulnerabilities to exploit\n") % len(vulns))
yield True
for vuln in vulns:
# Let GTK handle events, I want a responsive GUI!
yield True
# check if o
msg = _("Checking suitability for vuln %r...\n")
dlg.add_message(msg % vuln.get_name())
can_exploit = False
try:
can_exploit = exploit.can_exploit(vuln.get_id())
except BaseFrameworkException, e:
dlg.add_message(_("\nERROR: "))
dlg.add_message(str(e) + "\n")
dlg.done()
dlg.dialog_run()
yield False
except ScanMustStopException, wmse:
dlg.add_message(_("\nERROR: "))
dlg.add_message(str(wmse) + "\n")
dlg.done()
dlg.dialog_run()
yield False
if not can_exploit:
dlg.add_message(_(" nop\n"))
yield True
continue
dlg.add_message(_(" ok\n"))
# exploitable, go for it!
dlg.add_message(_("Exploiting...\n"))
try:
exploit.exploit()
except BaseFrameworkException, e:
dlg.add_message(str(e) + "\n")
yield True
continue
def set_filter(self, vuln):
new_liststore = gtk.ListStore(str, str)
for pname in sorted(self.w3af.plugins.get_plugin_list("attack")):
exploit = self.w3af.plugins.get_plugin_inst("attack", pname)
thisvulns = get_exploitable_vulns(exploit)
markedname = ("<b>%s</b>" % pname) if vuln in thisvulns else pname
new_liststore.append([markedname, pname])
self.set_model(new_liststore)
self.liststore = new_liststore
def set_filter(self, exploit):
"""Sets a new filter and update the list.
:param exploit: which exploit is selected/filtered
"""
vulns = get_exploitable_vulns(exploit)
# Store the vulnerability ids for later
self.applicable = [v.get_uniq_id() for v in vulns]
# Make bold all the vulnerabilities in the list store which are in
# self.applicable . In other words, bold the ones which can be
# exploited (identified by uniq_id
for row in self.liststore:
show, name, uniq_id, icon = row
if uniq_id in self.applicable:
row[0] = make_bold(name)
else:
row[0] = name
