Пример #1
0
    def crawl(self, fuzzable_request):
        '''
        Does a search in archive.org and searches for links on the html. Then
        searches those URLs in the target site. This is a time machine !

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        domain = fuzzable_request.get_url().get_domain()

        if is_private_site(domain):
            msg = 'There is no point in searching archive.org for "%s"'\
                  ' because it is a private site that will never be indexed.'
            om.out.information(msg % domain)
            raise w3afRunOnce(msg)

        # Initial check to verify if domain in archive
        start_url = self.ARCHIVE_START_URL % fuzzable_request.get_url()
        start_url = URL(start_url)
        http_response = self._uri_opener.GET(start_url, cache=True)

        if self.NOT_IN_ARCHIVE in http_response.body:
            msg = 'There is no point in searching archive.org for "%s"'
            msg += ' because they are not indexing this site.'
            om.out.information(msg % domain)
            raise w3afRunOnce(msg)

        references = self._spider_archive([
            start_url,
        ], self._max_depth, domain)
        self._analyze_urls(references)
Пример #2
0
    def crawl(self, fuzzable_request):
        '''
        Does a search in archive.org and searches for links on the html. Then
        searches those URLs in the target site. This is a time machine !

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        domain = fuzzable_request.get_url().get_domain()

        if is_private_site(domain):
            msg = 'There is no point in searching archive.org for "%s"'\
                  ' because it is a private site that will never be indexed.'
            om.out.information(msg % domain)
            raise w3afRunOnce(msg)

        # Initial check to verify if domain in archive
        start_url = self.ARCHIVE_START_URL % fuzzable_request.get_url()
        start_url = URL(start_url)
        http_response = self._uri_opener.GET(start_url, cache=True)

        if self.NOT_IN_ARCHIVE in http_response.body:
            msg = 'There is no point in searching archive.org for "%s"'
            msg += ' because they are not indexing this site.'
            om.out.information(msg % domain)
            raise w3afRunOnce(msg)

        references = self._spider_archive(
            [start_url, ], self._max_depth, domain)
        self._analyze_urls(references)
Пример #3
0
    def crawl(self, fuzzable_request):
        '''
        Finds the version of a WordPress installation.
        :param fuzzable_request: A fuzzable_request instance that contains
        (among other things) the URL to test.
        '''
        if not self._exec:
            # This will remove the plugin from the crawl plugins to be run.
            raise w3afRunOnce()

        #
        # Check if the server is running wp
        #
        domain_path = fuzzable_request.get_url().get_domain_path()

        # Main scan URL passed from w3af + unique wp file
        wp_unique_url = domain_path.url_join('wp-login.php')
        response = self._uri_opener.GET(wp_unique_url, cache=True)

        # If wp_unique_url is not 404, wordpress = true
        if not is_404(response):
            # It was possible to analyze wp-login.php, don't run again
            self._exec = False

            # Analyze the identified wordpress installation
            self._fingerprint_wordpress(domain_path, wp_unique_url, response)

            # Extract the links
            for fr in self._create_fuzzable_requests(response):
                self.output_queue.put(fr)
Пример #4
0
    def crawl(self, fuzzable_request):
        '''
        Runs pykto to the site.

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec and not self._mutate_tests:
            # dont run anymore
            raise w3afRunOnce()

        else:
            # Run the basic scan (only once)
            url = fuzzable_request.get_url().base_url()
            if url not in self._already_analyzed:
                self._already_analyzed.add(url)
                self._run(url)
                self._exec = False

            # And now mutate if the user configured it...
            if self._mutate_tests:

                # Tests need to be mutated
                url = fuzzable_request.get_url().get_domain_path()
                if url not in self._already_analyzed:
                    # Save the directories I already have tested in order to avoid
                    # testing them more than once...
                    self._already_analyzed.add(url)
                    self._run(url)
Пример #5
0
    def crawl(self, fuzzable_request):
        '''
        Runs pykto to the site.

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec and not self._mutate_tests:
            # dont run anymore
            raise w3afRunOnce()

        else:
            # Run the basic scan (only once)
            url = fuzzable_request.get_url().base_url()
            if url not in self._already_analyzed:
                self._already_analyzed.add(url)
                self._run(url)
                self._exec = False

            # And now mutate if the user configured it...
            if self._mutate_tests:

                # Tests need to be mutated
                url = fuzzable_request.get_url().get_domain_path()
                if url not in self._already_analyzed:
                    # Save the directories I already have tested in order to avoid
                    # testing them more than once...
                    self._already_analyzed.add(url)
                    self._run(url)
Пример #6
0
    def crawl(self, fuzzable_request):
        '''
        Finds the version of a WordPress installation.
        :param fuzzable_request: A fuzzable_request instance that contains
        (among other things) the URL to test.
        '''
        if not self._exec:
            # This will remove the plugin from the crawl plugins to be run.
            raise w3afRunOnce()

        #
        # Check if the server is running wp
        #
        domain_path = fuzzable_request.get_url().get_domain_path()

        # Main scan URL passed from w3af + unique wp file
        wp_unique_url = domain_path.url_join('wp-login.php')
        response = self._uri_opener.GET(wp_unique_url, cache=True)

        # If wp_unique_url is not 404, wordpress = true
        if not is_404(response):
            # It was possible to analyze wp-login.php, don't run again
            self._exec = False

            # Analyze the identified wordpress installation
            self._fingerprint_wordpress(domain_path, wp_unique_url,
                                        response)

            # Extract the links
            for fr in self._create_fuzzable_requests(response):
                self.output_queue.put(fr)
Пример #7
0
    def discover(self, fuzzable_request):
        '''
        It calls the "main" and writes the results to the kb.

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()

        self._exec = not self._find_OS(fuzzable_request)
Пример #8
0
    def discover(self, fuzzable_request):
        '''
        It calls the "main" and writes the results to the kb.

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()

        self._exec = not self._find_OS(fuzzable_request)
Пример #9
0
 def _do_complete_search(self, domain):
     '''
     Performs a complete search for email addresses.
     '''
     search_string = '@' + self._domain_root
     try:
         result_page_objects = self._google.get_n_result_pages(
             search_string, self._result_limit)
     except w3afException, w3:
         om.out.error(str(w3))
         # If I found an error, I don't want to be run again
         raise w3afRunOnce()
Пример #10
0
 def _do_complete_search(self, domain):
     '''
     Performs a complete search for email addresses.
     '''
     search_string = '@' + self._domain_root
     try:
         result_page_objects = self._google.get_n_result_pages(
             search_string,
             self._result_limit
         )
     except w3afException, w3:
         om.out.error(str(w3))
         # If I found an error, I don't want to be run again
         raise w3afRunOnce()
Пример #11
0
    def crawl(self, fuzzable_request):
        '''
        Find users in a WordPress installation
        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()
        else:
            # Check if there is a wordpress installation in this directory
            domain_path = fuzzable_request.get_url().get_domain_path()
            wp_unique_url = domain_path.url_join('wp-login.php')
            response = self._uri_opener.GET(wp_unique_url, cache=True)

            # If wp_unique_url is not 404, wordpress = true
            if not is_404(response):
                self._enum_users(fuzzable_request)
Пример #12
0
    def crawl(self, fuzzable_request):
        '''
        Find users in a WordPress installation
        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()
        else:
            # Check if there is a wordpress installation in this directory
            domain_path = fuzzable_request.get_url().get_domain_path()
            wp_unique_url = domain_path.url_join('wp-login.php')
            response = self._uri_opener.GET(wp_unique_url, cache=True)

            # If wp_unique_url is not 404, wordpress = true
            if not is_404(response):
                self._enum_users(fuzzable_request)
Пример #13
0
    def crawl(self, fuzzable_request):
        '''
        Get the file and parse it.

        :param fuzzable_request: A fuzzable_request instance that contains
                               (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()
        else:
            domain_path = fuzzable_request.get_url().get_domain_path()

            # Should I run more than once?
            if not self._be_recursive:
                self._exec = False

            if domain_path not in self._already_tested:
                self._already_tested.add(domain_path)
                self._bruteforce_directories(domain_path)
Пример #14
0
    def crawl(self, fuzzable_request):
        '''
        :param fuzzable_request: A fuzzable_request instance that contains
                                     (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()
        else:
            # Check if there is a wordpress installation in this directory
            domain_path = fuzzable_request.get_url().get_domain_path()
            wp_unique_url = domain_path.url_join('wp-login.php')
            response = self._uri_opener.GET(wp_unique_url, cache=True)

            # If wp_unique_url is not 404, wordpress = true
            if not is_404(response):
                # Only run once
                self._exec = False

                extracted_paths = self._extract_paths(domain_path)
                self._force_disclosures(domain_path,
                                        self.CHECK_PATHS + extracted_paths)
    def crawl(self, fuzzable_request):
        '''
        :param fuzzable_request: A fuzzable_request instance that contains
                                     (among other things) the URL to test.
        '''
        if not self._exec:
            raise w3afRunOnce()
        else:
            # Check if there is a wordpress installation in this directory
            domain_path = fuzzable_request.get_url().get_domain_path()
            wp_unique_url = domain_path.url_join('wp-login.php')
            response = self._uri_opener.GET(wp_unique_url, cache=True)

            # If wp_unique_url is not 404, wordpress = true
            if not is_404(response):
                # Only run once
                self._exec = False

                extracted_paths = self._extract_paths(domain_path)
                self._force_disclosures(domain_path,
                                        self.CHECK_PATHS + extracted_paths)
Пример #16
0
    def discover(self, fuzzable_request):
        '''
        Uses several techniques to try to find out what methods are allowed for
        an URL.

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec:
            # This will remove the plugin from the infrastructure
            # plugins to be run.
            raise w3afRunOnce()

        # Run the plugin.
        if self._exec_one_time:
            self._exec = False

        domain_path = fuzzable_request.get_url().get_domain_path()
        if domain_path not in self._already_tested:
            self._already_tested.add(domain_path)
            allowed_methods, id_list = self._identify_allowed_methods(domain_path)
            self._analyze_methods(domain_path, allowed_methods, id_list)
Пример #17
0
    def discover(self, fuzzable_request):
        '''
        Uses several techniques to try to find out what methods are allowed for
        an URL.

        :param fuzzable_request: A fuzzable_request instance that contains
                                    (among other things) the URL to test.
        '''
        if not self._exec:
            # This will remove the plugin from the infrastructure
            # plugins to be run.
            raise w3afRunOnce()

        # Run the plugin.
        if self._exec_one_time:
            self._exec = False

        domain_path = fuzzable_request.get_url().get_domain_path()
        if domain_path not in self._already_tested:
            self._already_tested.add(domain_path)
            allowed_methods, id_list = self._identify_allowed_methods(
                domain_path)
            self._analyze_methods(domain_path, allowed_methods, id_list)