def _generate_ignores(self, response):
'''
Generate the list of strings we want to ignore as private IP addresses
'''
self._ignore_if_match = []
requested_domain = response.getURL().getDomain()
self._ignore_if_match.append( requested_domain )
self._ignore_if_match.append( get_local_ip(requested_domain) )
self._ignore_if_match.append( get_local_ip() )
try:
ip_address = socket.gethostbyname(requested_domain)
except:
pass
else:
self._ignore_if_match.append( ip_address )
def _generate_ignores(self, response):
'''
Generate the list of strings we want to ignore as private IP addresses
'''
if self._ignore_if_match is None:
self._ignore_if_match = set()
requested_domain = response.get_url().get_domain()
self._ignore_if_match.add(requested_domain)
self._ignore_if_match.add(get_local_ip(requested_domain))
self._ignore_if_match.add(get_local_ip())
try:
ip_address = socket.gethostbyname(requested_domain)
except:
pass
else:
self._ignore_if_match.add(ip_address)
def __init__(self):
AttackPlugin.__init__(self)
# Internal variables
self._xss_vuln = None
self._exploit_dc = None
# User configured variables
self._listen_port = ports.RFI_SHELL
self._listen_address = get_local_ip()
self._use_XSS_vuln = True
def __init__(self):
AttackPlugin.__init__(self)
# Internal variables
self._xss_vuln = None
self._exploit_dc = None
# User configured variables
self._listen_port = ports.RFI_SHELL
self._listen_address = get_local_ip()
self._use_XSS_vuln = True
def __init__(self):
baseAuditPlugin.__init__(self)
# Internal variables
self._error_reported = False
# User configured parameters
self._rfi_url = ''
self._rfi_result = ''
self._listen_port = w3afPorts.REMOTEFILEINCLUDE
self._listen_address = get_local_ip() or ''
self._use_w3af_site = True
def __init__(self):
AuditPlugin.__init__(self)
# Internal variables
self._error_reported = False
# FIXME: self._vulns and self._report_vulns are not thread-safe
self._vulns = []
# User configured parameters
self._listen_port = ports.REMOTEFILEINCLUDE
self._listen_address = get_local_ip() or ''
self._use_w3af_site = True
def __init__(self):
AuditPlugin.__init__(self)
# Internal variables
self._error_reported = False
# FIXME: self._vulns and self._report_vulns are not thread-safe
self._vulns = []
# User configured parameters
self._listen_port = ports.REMOTEFILEINCLUDE
self._listen_address = get_local_ip() or ''
self._use_w3af_site = True
def __init__(self):
baseAttackPlugin.__init__(self)
# Internal variables
self._shell = None
self._xss_vuln = None
self._exploit_dc = None
# User configured variables
self._listen_port = w3afPorts.REMOTEFILEINCLUDE_SHELL
self._listen_address = get_local_ip()
self._use_XSS_vuln = True
self._generateOnlyOne = True
def get_net_iface():
'''
This function is very OS dependant.
:return: The interface name that is being used to connect to the net.
'''
# Get the IP address thats used to go to the Internet
internet_ip = get_local_ip()
#
# I need to have a default in case everything else fails!
#
ifname = 'eth0'
if os.name == "nt":
#
# TODO: Find out how to do this in Windows!
#
pass
else:
#
# Linux
#
import fcntl
import struct
interfaces = [
"eth0", "eth1", "eth2", "wlan0", "wlan1", "wifi0", "ath0", "ath1",
"ppp0"
]
for ifname in interfaces:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
interface_ip = socket.inet_ntoa(
fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15]))[20:24])
except IOError:
pass
else:
if internet_ip == interface_ip:
break
return ifname
def get_net_iface():
'''
This function is very OS dependant.
@return: The interface name that is being used to connect to the net.
'''
# Get the IP address thats used to go to the Internet
internet_ip = get_local_ip()
#
# I need to have a default in case everything else fails!
#
ifname = 'eth0'
if os.name == "nt":
#
# TODO: Find out how to do this in Windows!
#
pass
else:
#
# Linux
#
import fcntl
import struct
interfaces = ["eth0","eth1","eth2","wlan0","wlan1","wifi0","ath0","ath1","ppp0"]
for ifname in interfaces:
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
interface_ip = socket.inet_ntoa(fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15])
)[20:24])
except IOError:
pass
else:
if internet_ip == interface_ip:
break
return ifname
def __init__( self ):
'''
Set the defaults and save them to the config dict.
'''
#
# User configured variables
#
if cf.cf.getData('autoDependencies') is None:
# It's the first time I'm run
cf.cf.save('fuzzableCookie', False )
cf.cf.save('fuzzFileContent', True )
cf.cf.save('fuzzFileName', False )
cf.cf.save('fuzzURLParts', False )
cf.cf.save('fuzzFCExt', 'txt' )
cf.cf.save('fuzzFormComboValues', 'tmb')
cf.cf.save('fuzzRepeatedParameters', 'tmb')
cf.cf.save('autoDependencies', True )
cf.cf.save('maxDiscoveryTime', 120 )
cf.cf.save('maxThreads', 15 )
cf.cf.save('fuzzableHeaders', [] )
cf.cf.save('msf_location', '/opt/metasploit3/bin/' )
#
#
#
ifname = get_net_iface()
cf.cf.save('interface', ifname )
#
# This doesn't send any packets, and gives you a nice default setting.
# In most cases, it is the "public" IP address, which will work perfectly
# in all plugins that need a reverse connection (rfiProxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' #do'h!
cf.cf.save('localAddress', local_address)
cf.cf.save('demo', False )
cf.cf.save('nonTargets', [] )
cf.cf.save('stop_on_first_exception', False )
def __init__(self):
'''
Set the defaults and save them to the config dict.
'''
#
# User configured variables
#
if cf.cf.get('fuzz_cookies') is None:
# It's the first time I'm run
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
#
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default setting.
# In most cases, it is the "public" IP address, which will work perfectly
# in all plugins that need a reverse connection (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
def __init__(self):
'''
Set the defaults and save them to the config dict.
'''
#
# User configured variables
#
if cf.cf.get('fuzz_cookies') is None:
# It's the first time I'm run
cf.cf.save('fuzz_cookies', False)
cf.cf.save('fuzz_form_files', True)
cf.cf.save('fuzzed_files_extension', 'gif')
cf.cf.save('fuzz_url_filenames', False)
cf.cf.save('fuzz_url_parts', False)
cf.cf.save('fuzzable_headers', [])
cf.cf.save('form_fuzzing_mode', 'tmb')
cf.cf.save('max_discovery_time', 120)
cf.cf.save('msf_location', '/opt/metasploit3/bin/')
#
#
#
ifname = get_net_iface()
cf.cf.save('interface', ifname)
#
# This doesn't send any packets, and gives you a nice default setting.
# In most cases, it is the "public" IP address, which will work perfectly
# in all plugins that need a reverse connection (rfi_proxy)
#
local_address = get_local_ip()
if not local_address:
local_address = '127.0.0.1' # do'h!
cf.cf.save('local_ip_address', local_address)
cf.cf.save('non_targets', [])
cf.cf.save('stop_on_first_exception', False)
def use_profile(self, profile_name, workdir=None):
'''
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise w3afException: if the profile to load has some type of problem.
'''
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
# This might raise an exception (which we don't want to handle) when
# the profile does not exist
profile_inst = profile(profile_name, workdir)
# It exists, work with it!
# Set the target settings of the profile to the core
self._w3af_core.target.set_options(profile_inst.get_target())
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - misc_settings.local_ip_address
#
profile_misc_settings = profile_inst.get_misc_settings()
if 'local_ip_address' in profile_inst.get_misc_settings():
profile_misc_settings['local_ip_address'].set_value(get_local_ip())
misc_settings = MiscSettings()
misc_settings.set_options(profile_misc_settings)
self._w3af_core.uri_opener.settings.set_options(
profile_inst.get_http_settings())
#
# Handle plugin options
#
error_fmt = ('The profile you are trying to load (%s) seems to be'
' outdated, this is a common issue which happens when the'
' framework is updated and one of its plugins adds/removes'
' one of the configuration parameters referenced by a profile'
', or the plugin is removed all together.\n\n'
'The profile was loaded but some of your settings might'
' have been lost. This is the list of issues that were found:\n\n'
' - %s\n'
'\nWe recommend you review the specific plugin configurations,'
' apply the required changes and save the profile in order'
' to update it and avoid this message. If this warning does not'
' disappear you can manually edit the profile file to fix it.')
error_messages = []
for plugin_type in self._w3af_core.plugins.get_plugin_types():
plugin_names = profile_inst.get_enabled_plugins(plugin_type)
# Handle errors that might have been triggered from a possibly
# invalid profile
try:
unknown_plugins = self._w3af_core.plugins.set_plugins(plugin_names,
plugin_type,
raise_on_error=False)
except KeyError:
msg = 'The profile references the "%s" plugin type which is'\
' unknown to the w3af framework.'
error_messages.append(msg % plugin_type)
continue
for unknown_plugin in unknown_plugins:
msg = 'The profile references the "%s.%s" plugin which is unknown.'
error_messages.append(msg % (plugin_type, unknown_plugin))
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for plugin_name in set(plugin_names) - set(unknown_plugins):
try:
plugin_options = profile_inst.get_plugin_options(
plugin_type,
plugin_name)
self._w3af_core.plugins.set_plugin_options(plugin_type,
plugin_name,
plugin_options)
except w3afException, w3e:
msg = 'Setting the options for plugin "%s.%s" raised an' \
' exception due to unknown or invalid configuration' \
' parameters.'
msg += ' ' + str(w3e)
error_messages.append(msg % (plugin_type, plugin_name))
def test_w3af_agent(self):
result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),),
use_api=True)
self.assertEquals('Successfully started the w3afAgent.', result)
def useProfile(self, profile_name, workdir=None):
'''
Gets all the information from the profile and stores it in the
w3af core plugins / target attributes for later use.
@raise w3afException: if the profile to load has some type of problem.
'''
# Clear all enabled plugins if profile_name is None
if profile_name is None:
self._w3af_core.plugins.zero_enabled_plugins()
return
try:
profileInstance = profile(profile_name, workdir)
except w3afException:
# The profile doesn't exist!
raise
else:
# It exists, work with it!
for pluginType in self._w3af_core.plugins.getPluginTypes():
pluginNames = profileInstance.getEnabledPlugins( pluginType )
# Handle errors that might have been triggered from a possibly invalid profile
unknown_plugins = self._w3af_core.plugins.setPlugins( pluginNames, pluginType )
if unknown_plugins:
om.out.error('The profile references the following missing plugins:')
for unknown_plugin_name in unknown_plugins:
om.out.error('- ' + unknown_plugin_name)
# Now we set the plugin options, which can also trigger errors with "outdated"
# profiles that users could have in their ~/.w3af/ directory.
for pluginName in profileInstance.getEnabledPlugins( pluginType ):
pluginOptions = profileInstance.getPluginOptions( pluginType, pluginName )
try:
# FIXME: Does this work with output plugin options?
# What about target, http-settings, etc?
self._w3af_core.plugins.setPluginOptions( pluginType,
pluginName,
pluginOptions )
except Exception, e:
# This is because of an invalid plugin, or something like that...
# Added as a part of the fix of bug #1937272
msg = ('The profile you are trying to load seems to be'
' outdated, one of the enabled plugins has a bug or an'
' plugin option that was valid when you created the '
'profile was now removed from the framework. The plugin'
' that triggered this exception is "%s", and the '
'original exception is: "%s"' % (pluginName, e))
om.out.error(msg)
# Set the target settings of the profile to the core
self._w3af_core.target.setOptions( profileInstance.getTarget() )
# Set the misc and http settings
#
# IGNORE the following parameters from the profile:
# - miscSettings.localAddress
#
profile_misc_settings = profileInstance.getMiscSettings()
if 'localAddress' in profileInstance.getMiscSettings():
profile_misc_settings['localAddress'].setValue(get_local_ip())
misc_settings = miscSettings.miscSettings()
misc_settings.setOptions( profile_misc_settings )
self._w3af_core.uriOpener.settings.setOptions( profileInstance.getHttpSettings() )
