def __init__(self, HTTP, reportGen):
self.HTTP = HTTP
self.logVuln = reportGen.logVulnerability
self.logAnom = reportGen.logAnomaly
self.auxText = AuxText()
self.attackedGET = []
self.attackedPOST = []
def __init__(self,HTTP,reportGen):
self.HTTP = HTTP
self.reportGen = reportGen
self.auxText = AuxText()
class Attack:
"""
This class represents an attack, it must be extended
for any class which implements a new type of attack
"""
verbose = 0
color = 0
name = "attack"
reportGen = None
HTTP = None
auxText = None
doGET = True
doPOST = True
# List of modules (strs) that must be launched before the current module
# Must be defined in the code of the module
require = []
# List of modules (objects) that must be launched before the current module
# Must be left empty in the code
deps = []
# List of attack's url already launched in the current module
attackedGET = []
attackedPOST = []
vulnerableGET = []
vulnerablePOST = []
CONFIG_DIR = ""
if os.path.isdir("/usr/local/share/doc/packages/wapiti"):
CONFIG_DIR = "/usr/local/share/doc/packages/wapiti/config/attacks"
else:
BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__),'../..'))
CONFIG_DIR = BASE_DIR + "/" + "config/attacks"
# Color codes
STD = "\033[0;0m"
RED = "\033[1;31m"
YELLOW = "\033[1;33m"
CYAN = "\033[1;36m"
GB = "\033[0;30m\033[47m"
allowed = ['php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm',
'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm',
'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm',
'cfml', 'py']
# The priority of the module, from 0 (first) to 10 (last). Default is 5
PRIORITY = 5
def __init__(self,HTTP,reportGen):
self.HTTP = HTTP
self.reportGen = reportGen
self.auxText = AuxText()
def setVerbose(self,verbose):
self.verbose = verbose
def setColor(self):
self.color = 1
def loadPayloads(self,fileName):
"""This method loads the payloads for an attack from the specified file"""
return self.auxText.readLines(fileName)
def attackGET(self, page, dict, headers = {}):
return
def attackPOST(self, form):
return
def loadRequire(self, obj = []):
self.deps = obj
def attack(self, urls, forms):
if self.doGET == True:
for url, headers in urls.items():
dictio = {}
params = []
page = url
if url.find("?") >= 0:
page = url.split('?')[0]
query = url.split('?')[1]
params = query.split('&')
if query.find("=") >= 0:
for param in params:
dictio[param.split('=')[0]] = param.split('=')[1]
if self.verbose == 1:
print "+ " + _("attackGET") + " "+url
if params != []:
print " ", params
try:
self.attackGET(page, dictio, headers)
except socket.error, se:
print 'error: %s while attacking %s' % (repr(str(se[1])), url)
if self.doPOST == True:
for form in forms:
if form[1] != {}:
self.attackPOST(form)
class Attack:
"""
This class represents an attack, it must be extended
for any class which implements a new type of attack
"""
verbose = 0
color = 0
name = "attack"
logVuln = None
logAnom = None
HTTP = None
auxText = None
doGET = True
doPOST = True
# List of modules (strs) that must be launched before the current module
# Must be defined in the code of the module
require = []
# List of modules (objects) that must be launched before the current module
# Must be left empty in the code
deps = []
# List of attack's url already launched in the current module
attackedGET = []
attackedPOST = []
vulnerableGET = []
vulnerablePOST = []
CONFIG_DIR = ""
if os.path.isdir("/usr/local/share/doc/packages/wapiti"):
CONFIG_DIR = "/usr/local/share/doc/packages/wapiti/config/attacks"
else:
BASE_DIR = os.path.normpath(
os.path.join(os.path.abspath(__file__), '../..'))
CONFIG_DIR = BASE_DIR + "/" + "config/attacks"
# Color codes
STD = "\033[0;0m"
RED = "\033[0;31m"
GREEN = "\033[0;32m"
ORANGE = "\033[0;33m"
YELLOW = "\033[1;33m"
BLUE = "\033[1;34m"
MAGENTA = "\033[0;35m"
CYAN = "\033[0;36m"
GB = "\033[0;30m\033[47m"
allowed = [
'php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx',
'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml',
'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py'
]
# The priority of the module, from 0 (first) to 10 (last). Default is 5
PRIORITY = 5
def __init__(self, HTTP, reportGen):
self.HTTP = HTTP
self.logVuln = reportGen.logVulnerability
self.logAnom = reportGen.logAnomaly
self.auxText = AuxText()
self.attackedGET = []
self.attackedPOST = []
def setVerbose(self, verbose):
self.verbose = verbose
def setColor(self):
self.color = 1
def loadPayloads(self, fileName):
"""Load the payloads from the specified file"""
return self.auxText.readLines(fileName)
def attackGET(self, page, params_list, headers={}):
return
def attackPOST(self, form):
return
def loadRequire(self, obj=[]):
self.deps = obj
def log(self, fmt_string, *args):
if len(args) == 0:
print(fmt_string)
else:
print(fmt_string.format(*args))
if self.color:
sys.stdout.write(self.STD)
def logR(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.RED)
self.log(fmt_string, *args)
def logG(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.GREEN)
self.log(fmt_string, *args)
def logY(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.YELLOW)
self.log(fmt_string, *args)
def logC(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.CYAN)
self.log(fmt_string, *args)
def logW(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.GB)
self.log(fmt_string, *args)
def logM(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.MAGENTA)
self.log(fmt_string, *args)
def logB(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.BLUE)
self.log(fmt_string, *args)
def logO(self, fmt_string, *args):
if self.color:
sys.stdout.write(self.ORANGE)
self.log(fmt_string, *args)
def attack(self, http_resources, forms):
if self.doGET is True:
for http_res in http_resources:
url = http_res.url
if self.verbose == 1:
self.log(_("+ attackGET {0}"), url)
try:
self.attackGET(http_res)
except socket.error, se:
self.log(_('error: {0} while attacking {1}'),
repr(str(se[0])), url)
except requests.exceptions.Timeout:
self.log(_('error: timeout while attacking {0}'), url)
def __init__(self, HTTP):
self.HTTP = HTTP
#self.reportGen = reportGen
self.auxText = AuxText()
class Attack_XSS(object):
"""
This class represents an attack, it must be extended
for any class which implements a new type of attack
"""
verbose = 0
color = 0
name = "attack"
reportGen = None
HTTP = None
auxText = None
doGET = True
doPOST = True
require = []
deps = []
attackedGET = []
attackedPOST = []
vulnerableGET = []
vulnerablePOST = []
CONFIG_DIR_NAME = "config/attacks"
BASE_DIR = os.path.normpath(
os.path.join(os.path.abspath(__file__), '../..'))
CONFIG_DIR = BASE_DIR + "/" + CONFIG_DIR_NAME
# Color codes
STD = "\033[0;0m"
RED = "\033[1;31m"
YELLOW = "\033[1;33m"
CYAN = "\033[1;36m"
GB = "\033[0;30m\033[47m"
allowed = [
'php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm', 'asp', 'aspx',
'php3', 'php4', 'php5', 'txt', 'shtm', 'shtml', 'phtm', 'phtml',
'jhtml', 'pl', 'jsp', 'cfm', 'cfml', 'py'
]
PRIORITY = 5
def __init__(self, HTTP):
self.HTTP = HTTP
#self.reportGen = reportGen
self.auxText = AuxText()
def setVerbose(self, verbose):
self.verbose = verbose
def setColor(self):
self.color = 1
def loadPayloads(self, fileName):
"""This method loads the payloads for an attack from the specified file"""
return self.auxText.readLines(fileName)
def attackGET(self, page, dict, headers={}):
return
def attackPOST(self, form):
return
def loadRequire(self, obj=[]):
self.deps = obj
def attack(self, urls, forms):
tmp = []
if self.doGET == True:
for url, headers in urls.items():
dictio = {}
params = []
page = url
if url.find("?") >= 0:
page = url.split('?')[0]
query = url.split('?')[1]
params = query.split('&')
if query.find("=") >= 0:
for param in params:
dictio[param.split('=')[0]] = param.split('=')[1]
if self.verbose == 1:
print "+ " + _("attackGET") + " " + url
if params != []:
print " ", params
#start
xss = mod_xss(self.HTTP)
xss.attackGET(page, dictio, headers)
tmp.append(xss.forPerXSSGET())
if self.doPOST == True:
for form in forms:
if form[1] != {}:
xss = mod_xss(self.HTTP)
xss.attackPOST(form)
tmp.append(xss.forPerXSSPOST())
#print tmp[0].keys()
return tmp
class Attack_permanentXSS(object):
"""
This class represents an attack, it must be extended
for any class which implements a new type of attack
"""
verbose = 0
color = 0
name = "attack"
reportGen = None
HTTP = None
auxText = None
doGET = True
doPOST = True
# List of modules (strs) that must be launched before the current module
# Must be defined in the code of the module
require = []
# List of modules (objects) that must be launched before the current module
# Must be left empty in the code
deps = []
# List of attack's url already launched in the current module
attackedGET = []
attackedPOST = []
vulnerableGET = []
vulnerablePOST = []
CONFIG_DIR_NAME = "config/attacks"
BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__), "../.."))
CONFIG_DIR = BASE_DIR + "/" + CONFIG_DIR_NAME
# Color codes
STD = "\033[0;0m"
RED = "\033[1;31m"
YELLOW = "\033[1;33m"
CYAN = "\033[1;36m"
GB = "\033[0;30m\033[47m"
allowed = [
"php",
"html",
"htm",
"xml",
"xhtml",
"xht",
"xhtm",
"asp",
"aspx",
"php3",
"php4",
"php5",
"txt",
"shtm",
"shtml",
"phtm",
"phtml",
"jhtml",
"pl",
"jsp",
"cfm",
"cfml",
"py",
]
# The priority of the module, from 0 (first) to 10 (last). Default is 5
PRIORITY = 5
def __init__(self, HTTP):
self.HTTP = HTTP
# self.reportGen = reportGen
self.auxText = AuxText()
def setVerbose(self, verbose):
self.verbose = verbose
def setColor(self):
self.color = 1
def loadPayloads(self, fileName):
"""This method loads the payloads for an attack from the specified file"""
return self.auxText.readLines(fileName)
def attackGET(self, page, dict, headers={}):
return
def attackPOST(self, form):
return
def loadRequire(self, obj=[]):
self.deps = obj
def attack_p(self, urls, forms, tmp):
p_xss = mod_permanentxss(self.HTTP)
p_xss.set_XSS(tmp)
p_xss.attack(urls, forms)
def attack(self, urls, forms):
if self.doGET == True:
for url, headers in urls.items():
dictio = {}
params = []
page = url
if url.find("?") >= 0:
page = url.split("?")[0]
query = url.split("?")[1]
params = query.split("&")
if query.find("=") >= 0:
for param in params:
dictio[param.split("=")[0]] = param.split("=")[1]
if self.verbose == 1:
print "+ " + _("attackGET") + " " + url
if params != []:
print " ", params
self.attackGET(page, dictio, headers)
if self.doPOST == True:
for form in forms:
if form[1] != {}:
self.attackPOST(form)
class Attack_permanentXSS(object):
verbose = 0
color = 0
name = "attack"
reportGen = None
HTTP = None
auxText = None
doGET = True
doPOST = True
require = []
deps = []
attackedGET = []
attackedPOST = []
vulnerableGET = []
vulnerablePOST = []
CONFIG_DIR_NAME = "config/attacks"
BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__),'../..'))
CONFIG_DIR = BASE_DIR+"/"+CONFIG_DIR_NAME
# Color codes
STD = "\033[0;0m"
RED = "\033[1;31m"
YELLOW = "\033[1;33m"
CYAN = "\033[1;36m"
GB = "\033[0;30m\033[47m"
allowed = ['php', 'html', 'htm', 'xml', 'xhtml', 'xht', 'xhtm',
'asp', 'aspx', 'php3', 'php4', 'php5', 'txt', 'shtm',
'shtml', 'phtm', 'phtml', 'jhtml', 'pl', 'jsp', 'cfm',
'cfml', 'py']
# The priority of the module, from 0 (first) to 10 (last). Default is 5
PRIORITY = 5
def __init__(self,HTTP):
self.HTTP = HTTP
#self.reportGen = reportGen
self.auxText = AuxText()
def setVerbose(self,verbose):
self.verbose = verbose
def setColor(self):
self.color = 1
def loadPayloads(self,fileName):
"""This method loads the payloads for an attack from the specified file"""
return self.auxText.readLines(fileName)
def attackGET(self, page, dict, headers = {}):
return
def attackPOST(self, form):
return
def loadRequire(self, obj = []):
self.deps = obj
def attack_p(self, urls, forms, tmp):
p_xss = mod_permanentxss(self.HTTP)
p_xss.set_XSS(tmp)
p_xss.attack(urls, forms)
def attack(self, urls, forms):
if self.doGET == True:
for url, headers in urls.items():
dictio = {}
params = []
page = url
if url.find("?") >= 0:
page = url.split('?')[0]
query = url.split('?')[1]
params = query.split('&')
if query.find("=") >= 0:
for param in params:
dictio[param.split('=')[0]] = param.split('=')[1]
if self.verbose == 1:
print "+ " + _("attackGET") + " "+url
if params != []:
print " ", params
self.attackGET(page, dictio, headers)
if self.doPOST == True:
for form in forms:
if form[1] != {}:
self.attackPOST(form)
class Attack_XSS(object):
"""
This class represents an attack, it must be extended
for any class which implements a new type of attack
"""
verbose = 0
color = 0
name = "attack"
reportGen = None
HTTP = None
auxText = None
doGET = True
doPOST = True
require = []
deps = []
attackedGET = []
attackedPOST = []
vulnerableGET = []
vulnerablePOST = []
CONFIG_DIR_NAME = "config/attacks"
BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__), "../.."))
CONFIG_DIR = BASE_DIR + "/" + CONFIG_DIR_NAME
# Color codes
STD = "\033[0;0m"
RED = "\033[1;31m"
YELLOW = "\033[1;33m"
CYAN = "\033[1;36m"
GB = "\033[0;30m\033[47m"
allowed = [
"php",
"html",
"htm",
"xml",
"xhtml",
"xht",
"xhtm",
"asp",
"aspx",
"php3",
"php4",
"php5",
"txt",
"shtm",
"shtml",
"phtm",
"phtml",
"jhtml",
"pl",
"jsp",
"cfm",
"cfml",
"py",
]
PRIORITY = 5
def __init__(self, HTTP):
self.HTTP = HTTP
# self.reportGen = reportGen
self.auxText = AuxText()
def setVerbose(self, verbose):
self.verbose = verbose
def setColor(self):
self.color = 1
def loadPayloads(self, fileName):
"""This method loads the payloads for an attack from the specified file"""
return self.auxText.readLines(fileName)
def attackGET(self, page, dict, headers={}):
return
def attackPOST(self, form):
return
def loadRequire(self, obj=[]):
self.deps = obj
def attack(self, urls, forms):
tmp = []
if self.doGET == True:
for url, headers in urls.items():
dictio = {}
params = []
page = url
if url.find("?") >= 0:
page = url.split("?")[0]
query = url.split("?")[1]
params = query.split("&")
if query.find("=") >= 0:
for param in params:
dictio[param.split("=")[0]] = param.split("=")[1]
if self.verbose == 1:
print "+ " + _("attackGET") + " " + url
if params != []:
print " ", params
# start
xss = mod_xss(self.HTTP)
xss.attackGET(page, dictio, headers)
tmp.append(xss.forPerXSSGET())
if self.doPOST == True:
for form in forms:
if form[1] != {}:
xss = mod_xss(self.HTTP)
xss.attackPOST(form)
tmp.append(xss.forPerXSSPOST())
# print tmp[0].keys()
return tmp