def test_url_is_not_404(self): all_urls = set() invalid = [] for vuln_id in DBVuln.get_all_db_ids(): db_vuln = DBVuln.from_id(vuln_id) if db_vuln.wasc: for wasc_id in db_vuln.wasc: all_urls.add(db_vuln.get_wasc_url(wasc_id)) if db_vuln.cwe: for cwe_id in db_vuln.cwe: all_urls.add(db_vuln.get_cwe_url(cwe_id)) for _, _, link in db_vuln.get_owasp_top_10_references(): all_urls.add(link) for reference in db_vuln.references: all_urls.add(reference.url) session = requests.Session() for url in all_urls: if self.url_is_404(session, url): invalid.append(url) self.assertEqual(invalid, [])
def test_from_file(self): _file = os.path.join(DBVuln.DB_PATH, '123-spec-example.json') dbv_1 = DBVuln.from_file(_file) dbv_2 = DBVuln.from_id(123) self.assertEqual(dbv_1, dbv_2) self.assertEqual(dbv_1.db_file, _file)
def test_get_owasp_top_10_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.get_owasp_top_10_url(2010, 2), 'https://www.owasp.org/index.php/Top_10_2010-A2') self.assertEqual(dbv.get_owasp_top_10_url(2013, 2), 'https://www.owasp.org/index.php/Top_10_2013-A2') self.assertEqual(dbv.get_owasp_top_10_url(2033, 2), None)
def set_vulndb_id(self, vulndb_id): if vulndb_id is None: self._vulndb_id = None return if not DBVuln.is_valid_id(vulndb_id): all_db_ids = DBVuln.get_all_db_ids() msg = ('Invalid vulnerability DB id %s. There are %s entries in' ' the vulnerability database but none is the specified one.') args = (vulndb_id, len(all_db_ids)) raise ValueError(msg % args) self._vulndb_id = vulndb_id
def test_no_multiple_spaces(self): invalid = [] for vuln_id in DBVuln.get_all_db_ids(): db_vuln = DBVuln.from_id(vuln_id) if ' ' in db_vuln.fix_guidance: invalid.append((db_vuln.db_file, 'fix_guidance')) if ' ' in db_vuln.description: invalid.append((db_vuln.db_file, 'description')) self.assertEqual(invalid, [])
def test_id_match(self): invalid = [] for vuln_id in DBVuln.get_all_db_ids(): db_path_file = DBVuln.get_file_for_id(vuln_id) json_data = json.loads(file(db_path_file).read()) json_id = json_data['id'] db_file = os.path.split(db_path_file)[1] if not db_file.startswith('%s-' % json_id): invalid.append(db_file) self.assertEqual(invalid, [])
def test_url_is_not_404(self): all_urls = set() invalid = [] for language, db_path_file, db_data in self.get_all_json(): cwe_list = db_data.get('cwe', []) for cwe_id in cwe_list: all_urls.add(DBVuln.get_cwe_url(cwe_id)) reference_list = db_data.get('references', []) for reference in reference_list: all_urls.add(reference['url']) owasp_top_10 = db_data.get('owasp_top_10', {}) for version, risk_id_list in owasp_top_10.iteritems(): for risk_id in risk_id_list: owasp_url = self.get_owasp_url(version, risk_id) all_urls.add(owasp_url) session = requests.Session() for url in all_urls: if self.url_is_404(session, url): invalid.append(url) self.assertEqual(invalid, [])
def test_from_file(self): failed_json_files = [] for _fname in os.listdir(DBVuln.DB_PATH): _file_path = os.path.join(DBVuln.DB_PATH, _fname) try: dbv = DBVuln.from_file(_file_path) except: failed_json_files.append(_fname) continue self.assertIsInstance(dbv.title, basestring) self.assertIsInstance(dbv.description, basestring) self.assertIsInstance(dbv.id, int) self.assertIsInstance(dbv.severity, basestring) self.assertIsInstance(dbv.wasc, (types.NoneType, list)) self.assertIsInstance(dbv.tags, (types.NoneType, list)) self.assertIsInstance(dbv.cwe, (types.NoneType, list)) self.assertIsInstance(dbv.owasp_top_10, (types.NoneType, dict)) self.assertIsInstance(dbv.fix, dict) self.assertIsInstance(dbv.fix_effort, int) self.assertIsInstance(dbv.fix_guidance, basestring) for ref in dbv.references: self.assertIsInstance(ref, Reference) self.assertEqual(failed_json_files, [])
def test_from_id(self): dbv = DBVuln.from_id(123) _file = os.path.join(DBVuln.DB_PATH, DBVuln.DEFAULT_LANG, '123-spec-example.json') self.assertEqual(dbv.db_file, _file) expected_references = [ Reference("http://foo.com/xss", "First reference to XSS vulnerability"), Reference("http://asp.net/xss", "How to fix XSS vulns in ASP.NET") ] self.assertEqual(dbv.title, u'Cross-Site Scripting') self.assertEqual( dbv.description, u'A very long text explaining what a XSS' u' vulnerability is') self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, [u'0003']) self.assertEqual(dbv.tags, [u'xss', u'client side']) self.assertEqual(dbv.cwe, [u'0003', u'0007']) self.assertEqual( dbv.owasp_top_10, { "2010": [1], "2013": [2] }, ) self.assertEqual(dbv.references, expected_references) self.assertEqual(dbv.fix_effort, 50) self.assertEqual( dbv.fix_guidance, u'A very long text explaining how developers' u' should prevent\nXSS vulnerabilities.\n')
def test_from_id(self): dbv = DBVuln.from_id(123) _file = os.path.join(DBVuln.DB_PATH, '123-spec-example.json') self.assertEqual(dbv.db_file, _file) expected_references = [Reference("http://foo.com/xss", "First reference to XSS vulnerability"), Reference("http://asp.net/xss", "How to fix XSS vulns in ASP.NET")] self.assertEqual(dbv.title, u'Cross-Site Scripting') self.assertEqual(dbv.description, u'A very long description for' u' Cross-Site Scripting') self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, [u'0003']) self.assertEqual(dbv.tags, [u'xss', u'client side']) self.assertEqual(dbv.cwe, [u'0003', u'0007']) self.assertEqual(dbv.owasp_top_10, {"2010": [1], "2013": [2]},) self.assertEqual(dbv.fix, {u"guidance": u"A very long text explaining" u" how to fix XSS" u" vulnerabilities", u"effort": 50}) self.assertEqual(dbv.references, expected_references) self.assertEqual(dbv.fix_effort, 50) self.assertEqual(dbv.fix_guidance, u"A very long text explaining" u" how to fix XSS vulnerabilities")
def set_vulndb_id(self, vulndb_id): if vulndb_id is None: self._vulndb_id = None return if not DBVuln.is_valid_id(vulndb_id): raise ValueError('Invalid vulnerability DB id: %s' % vulndb_id) self._vulndb_id = vulndb_id
def test_vulns_dict_points_to_existing_vulndb_data_id(self): invalid = [] for vuln_name, _id in VULNS.iteritems(): if _id is None: continue if not DBVuln.is_valid_id(_id): invalid.append((vuln_name, _id)) self.assertEqual(invalid, [])
def get_vuln_info_from_db(self): """ Read the vulnerability information from the vulndb """ if self._vulndb is not None: return self._vulndb if self._vulndb_id is not None: self._vulndb = DBVuln.from_id(self._vulndb_id) return self._vulndb
def test_from_file(self): failed_json_files = [] processed_files = [] for language in DBVuln.get_all_languages(): json_path = os.path.join(DBVuln.DB_PATH, language) for _fname in os.listdir(json_path): _file_path = os.path.join(json_path, _fname) if os.path.isdir(_file_path): continue try: DBVuln.LANG = language dbv = DBVuln.from_file(_file_path) except: failed_json_files.append(_fname) continue processed_files.append(_fname) self.assertIsInstance(dbv.title, basestring) self.assertIsInstance(dbv.description, basestring) self.assertIsInstance(dbv.id, int) self.assertIsInstance(dbv.severity, basestring) self.assertIsInstance(dbv.wasc, (type(None), list)) self.assertIsInstance(dbv.tags, (type(None), list)) self.assertIsInstance(dbv.cwe, (type(None), list)) self.assertIsInstance(dbv.owasp_top_10, (type(None), dict)) self.assertIsInstance(dbv.fix_effort, int) self.assertIsInstance(dbv.fix_guidance, basestring) for ref in dbv.references: self.assertIsInstance(ref, Reference) self.assertEqual(failed_json_files, []) self.assertGreater(len(processed_files), 20)
def test_load_es_lang(self): language = 'es' _file = os.path.join(DBVuln.DB_PATH, language, '123-spec-example.json') dbv_1 = DBVuln.from_file(_file, language=language) dbv_2 = DBVuln.from_id(123, language=language) self.assertEqual(dbv_1, dbv_2) self.assertEqual(dbv_1.db_file, _file) dbv = dbv_1 expected_references = [ Reference("http://foo.es/xss", "Primera referencia a una vulnerabilidad de XSS"), Reference("http://asp.net/xss", "Como arreglar XSS en .NET") ] self.assertEqual(dbv.title, u'Cross-Site Scripting en ES') self.assertEqual(dbv.description, u'Un texto largo donde se explica que es un XSS') self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, [u'0003']) self.assertEqual(dbv.tags, [u'xss', u'client side']) self.assertEqual(dbv.cwe, [u'0003', u'0007']) self.assertEqual( dbv.owasp_top_10, { "2010": [1], "2013": [2] }, ) self.assertEqual(dbv.references, expected_references) self.assertEqual(dbv.fix_effort, 50) self.assertEqual( dbv.fix_guidance, u'Y otro texto largo donde se explica como' u' arreglar vulnerabilidades de XSS')
def test_basic(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.title, MOCK_TITLE) self.assertEqual(dbv.description, MOCK_DESC) self.assertEqual(dbv.id, MOCK_ID) self.assertEqual(dbv.severity, MOCK_SEVERITY) self.assertEqual(dbv.wasc, MOCK_WASC) self.assertEqual(dbv.tags, MOCK_TAGS) self.assertEqual(dbv.cwe, MOCK_CWE) self.assertEqual(dbv.owasp_top_10, MOCK_OWASP_TOP_10) self.assertEqual(dbv.fix, MOCK_FIX) self.assertEqual(dbv.references, MOCK_REFERENCES) self.assertEqual(dbv.db_file, MOCK_DB_FILE)
def get_cwe_urls(self): """ :note: Call has_db_details before calling this, or you'll get exceptions """ for cwe_id in self.get_cwe_ids(): yield DBVuln.get_cwe_url(cwe_id)
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() # # Fuzzer parameters # d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter' opt = opt_factory('fuzz_cookies', cf.cf.get('fuzz_cookies'), d, BOOL, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates if w3af plugins will send payloads in the content of' ' multipart/post form files.') h = ('If enabled, and multipart/post forms with files are found, w3af' 'will fill those file inputs with pseudo-files containing the' 'payloads required to identify vulnerabilities.') opt = opt_factory('fuzz_form_files', cf.cf.get('fuzz_form_files'), d, BOOL, tabid='Fuzzer parameters', help=h) ol.add(opt) d = ( 'Indicates if w3af plugins will send fuzzed file names in order to' ' find vulnerabilities') h = ('For example, if the discovered URL is http://test/filename.php,' ' and fuzz_url_filenames is enabled, w3af will request among' ' other things: http://test/file\'a\'a\'name.php in order to' ' find SQL injections. This type of vulns are getting more ' ' common every day!') opt = opt_factory('fuzz_url_filenames', cf.cf.get('fuzz_url_filenames'), d, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = ('Indicates if w3af plugins will send fuzzed URL parts in order' ' to find vulnerabilities') h = ('For example, if the discovered URL is http://test/foo/bar/123,' ' and fuzz_url_parts is enabled, w3af will request among other ' ' things: http://test/bar/<script>alert(document.cookie)</script>' ' in order to find XSS.') opt = opt_factory('fuzz_url_parts', cf.cf.get('fuzz_url_parts'), desc, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = 'Indicates the extension to use when fuzzing file content' opt = opt_factory('fuzzed_files_extension', cf.cf.get('fuzzed_files_extension'), desc, STRING, tabid='Fuzzer parameters') ol.add(opt) desc = 'A list with all fuzzable header names' opt = opt_factory('fuzzable_headers', cf.cf.get('fuzzable_headers'), desc, LIST, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates what HTML form combo values w3af plugins will use:' ' all, tb, tmb, t, b') h = ( 'Indicates what HTML form combo values, e.g. select options values,' ' w3af plugins will use: all (All values), tb (only top and bottom' ' values), tmb (top, middle and bottom values), t (top values), b' ' (bottom values).') options = ['tmb', 'all', 'tb', 't', 'b'] opt = opt_factory('form_fuzzing_mode', options, d, COMBO, help=h, tabid='Fuzzer parameters') ol.add(opt) # # Core parameters # desc = 'Stop scan after first unhandled exception' h = ('This feature is only useful for developers that want their scan' ' to stop on the first exception that is raised by a plugin.' ' Users should leave this as False in order to get better' ' exception handling from w3af\'s core.') opt = opt_factory('stop_on_first_exception', cf.cf.get('stop_on_first_exception'), desc, BOOL, help=h, tabid='Core settings') ol.add(opt) desc = 'Maximum crawl time (minutes)' h = ('Many users tend to enable numerous plugins without actually' ' knowing what they are and the potential time they will take' ' to run. By using this parameter, users will be able to set' ' the maximum amount of time the crawl phase will run.') opt = opt_factory('max_discovery_time', cf.cf.get('max_discovery_time'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Maximum scan time (minutes)' h = ('Sets the maximum number of minutes for the scan to run. Use' ' zero to remove the limit.') opt = opt_factory('max_scan_time', cf.cf.get('max_scan_time'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL sub-path' h = ('Limit how many requests are performed for each URL sub-path' ' during crawling. For example, if the application links to' ' three products: /product/1 /product/2 and /product/3, and' ' this variable is set to two, only the first two URLs:' ' /product/1 and /product/2 will be crawled.') opt = opt_factory('path_max_variants', cf.cf.get('path_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL and parameter set' h = ('Limit how many requests are performed for each URL and parameter' ' set. For example, if the application links to three products:' ' /product?id=1 , /product?id=2 and /product?id=3, and this' ' variable is set to two, only the first two URLs:' ' /product?id=1 and /product?id=2 will crawled.') opt = opt_factory('params_max_variants', cf.cf.get('params_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for similar forms' h = ('Limit the number of HTTP requests to be sent to similar forms' ' during crawling. For example, if the application has multiple' ' HTML forms with the same parameters and different URLs set in' ' actions then only the configured number of forms are crawled.') opt = opt_factory('max_equal_form_variants', cf.cf.get('max_equal_form_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) # # Network parameters # desc = ('Local interface name to use when sniffing, doing reverse' ' connections, etc.') opt = opt_factory('interface', cf.cf.get('interface'), desc, STRING, tabid='Network settings') ol.add(opt) desc = 'Local IP address to use when doing reverse connections' opt = opt_factory('local_ip_address', cf.cf.get('local_ip_address'), desc, STRING, tabid='Network settings') ol.add(opt) # # URL and form exclusions # desc = 'A comma separated list of URLs that w3af should ignore' h = 'No HTTP requests will be sent to these URLs' opt = opt_factory('non_targets', cf.cf.get('non_targets'), desc, URL_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Filter forms to scan using form IDs' h = ('Form IDs allow the user to specify which forms will be either' ' included of excluded in the scan. The form IDs identified by' ' w3af will be written to the log (when verbose is set to true)' ' and can be used to define this setting for new scans.\n\n' 'Find more about form IDs in the "Advanced use cases" section' 'of the w3af documentation.') opt = opt_factory('form_id_list', cf.cf.get('form_id_list'), desc, FORM_ID_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Define the form_id_list filter behaviour' h = ( 'Change this setting to "include" if only a very specific set of' ' forms needs to be scanned. If forms matching the form_id_list' ' parameters need to be excluded then set this value to "exclude".' ) form_id_actions = [EXCLUDE, INCLUDE] tmp_list = form_id_actions[:] tmp_list.remove(cf.cf.get('form_id_action')) tmp_list.insert(0, cf.cf.get('form_id_action')) opt = opt_factory('form_id_action', tmp_list, desc, COMBO, help=h, tabid='Exclusions') ol.add(opt) # # Metasploit # desc = ('Full path of Metasploit framework binary directory (%s in ' 'most linux installs)' % cf.cf.get('msf_location')) opt = opt_factory('msf_location', cf.cf.get('msf_location'), desc, STRING, tabid='Metasploit') ol.add(opt) # # Language options # d = 'Set the language to use when reading from the vulnerability database' h = ( 'The vulnerability database stores descriptions, fix guidance, tags,' ' references and much more about each vulnerability the scanner can' ' identify. The database supports translations, so this information' ' can be in many languages. Use this setting to choose the language' ' in which the information will be displayed and stored in reports.' ) options = DBVuln.get_all_languages() opt = opt_factory('vulndb_language', options, d, COMBO, help=h, tabid='Language') ol.add(opt) return ol
def get_options(self): """ :return: A list of option objects for this plugin. """ ol = OptionList() # # Fuzzer parameters # d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter' opt = opt_factory('fuzz_cookies', cf.cf.get('fuzz_cookies'), d, BOOL, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates if w3af plugins will send payloads in the content of' ' multipart/post form files.') h = ('If enabled, and multipart/post forms with files are found, w3af' 'will fill those file inputs with pseudo-files containing the' 'payloads required to identify vulnerabilities.') opt = opt_factory('fuzz_form_files', cf.cf.get('fuzz_form_files'), d, BOOL, tabid='Fuzzer parameters', help=h) ol.add(opt) d = ('Indicates if w3af plugins will send fuzzed file names in order to' ' find vulnerabilities') h = ('For example, if the discovered URL is http://test/filename.php,' ' and fuzz_url_filenames is enabled, w3af will request among' ' other things: http://test/file\'a\'a\'name.php in order to' ' find SQL injections. This type of vulns are getting more ' ' common every day!') opt = opt_factory('fuzz_url_filenames', cf.cf.get('fuzz_url_filenames'), d, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = ('Indicates if w3af plugins will send fuzzed URL parts in order' ' to find vulnerabilities') h = ('For example, if the discovered URL is http://test/foo/bar/123,' ' and fuzz_url_parts is enabled, w3af will request among other ' ' things: http://test/bar/<script>alert(document.cookie)</script>' ' in order to find XSS.') opt = opt_factory('fuzz_url_parts', cf.cf.get('fuzz_url_parts'), desc, BOOL, help=h, tabid='Fuzzer parameters') ol.add(opt) desc = 'Indicates the extension to use when fuzzing file content' opt = opt_factory('fuzzed_files_extension', cf.cf.get('fuzzed_files_extension'), desc, STRING, tabid='Fuzzer parameters') ol.add(opt) desc = 'A list with all fuzzable header names' opt = opt_factory('fuzzable_headers', cf.cf.get('fuzzable_headers'), desc, LIST, tabid='Fuzzer parameters') ol.add(opt) d = ('Indicates what HTML form combo values w3af plugins will use:' ' all, tb, tmb, t, b') h = ('Indicates what HTML form combo values, e.g. select options values,' ' w3af plugins will use: all (All values), tb (only top and bottom' ' values), tmb (top, middle and bottom values), t (top values), b' ' (bottom values).') options = ['tmb', 'all', 'tb', 't', 'b'] opt = opt_factory('form_fuzzing_mode', options, d, COMBO, help=h, tabid='Fuzzer parameters') ol.add(opt) # # Core parameters # desc = 'Stop scan after first unhandled exception' h = ('This feature is only useful for developers that want their scan' ' to stop on the first exception that is raised by a plugin.' ' Users should leave this as False in order to get better' ' exception handling from w3af\'s core.') opt = opt_factory('stop_on_first_exception', cf.cf.get('stop_on_first_exception'), desc, BOOL, help=h, tabid='Core settings') ol.add(opt) desc = 'Maximum crawl time (minutes)' h = ('Many users tend to enable numerous plugins without actually' ' knowing what they are and the potential time they will take' ' to run. By using this parameter, users will be able to set' ' the maximum amount of time the crawl phase will run.') opt = opt_factory('max_discovery_time', cf.cf.get('max_discovery_time'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL sub-path' h = ('Limit how many requests are performed for each URL sub-path' ' during crawling. For example, if the application links to' ' three products: /product/1 /product/2 and /product/3, and' ' this variable is set to two, only the first two URLs:' ' /product/1 and /product/2 will be crawled.') opt = opt_factory('path_max_variants', cf.cf.get('path_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for each URL and parameter set' h = ('Limit how many requests are performed for each URL and parameter' ' set. For example, if the application links to three products:' ' /product?id=1 , /product?id=2 and /product?id=3, and this' ' variable is set to two, only the first two URLs:' ' /product?id=1 and /product?id=2 will crawled.') opt = opt_factory('params_max_variants', cf.cf.get('params_max_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) desc = 'Limit requests for similar forms' h = ('Limit the number of HTTP requests to be sent to similar forms' ' during crawling. For example, if the application has multiple' ' HTML forms with the same parameters and different URLs set in' ' actions then only the configured number of forms are crawled.') opt = opt_factory('max_equal_form_variants', cf.cf.get('max_equal_form_variants'), desc, INT, help=h, tabid='Core settings') ol.add(opt) # # Network parameters # desc = ('Local interface name to use when sniffing, doing reverse' ' connections, etc.') opt = opt_factory('interface', cf.cf.get('interface'), desc, STRING, tabid='Network settings') ol.add(opt) desc = 'Local IP address to use when doing reverse connections' opt = opt_factory('local_ip_address', cf.cf.get('local_ip_address'), desc, STRING, tabid='Network settings') ol.add(opt) # # URL and form exclusions # desc = 'A comma separated list of URLs that w3af should ignore' h = 'No HTTP requests will be sent to these URLs' opt = opt_factory('non_targets', cf.cf.get('non_targets'), desc, URL_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Filter forms to scan using form IDs' h = ('Form IDs allow the user to specify which forms will be either' ' included of excluded in the scan. The form IDs identified by' ' w3af will be written to the log (when verbose is set to true)' ' and can be used to define this setting for new scans.\n\n' 'Find more about form IDs in the "Advanced use cases" section' 'of the w3af documentation.') opt = opt_factory('form_id_list', cf.cf.get('form_id_list'), desc, FORM_ID_LIST, help=h, tabid='Exclusions') ol.add(opt) desc = 'Define the form_id_list filter behaviour' h = ('Change this setting to "include" if only a very specific set of' ' forms needs to be scanned. If forms matching the form_id_list' ' parameters need to be excluded then set this value to "exclude".') form_id_actions = [EXCLUDE, INCLUDE] tmp_list = form_id_actions[:] tmp_list.remove(cf.cf.get('form_id_action')) tmp_list.insert(0, cf.cf.get('form_id_action')) opt = opt_factory('form_id_action', tmp_list, desc, COMBO, help=h, tabid='Exclusions') ol.add(opt) # # Metasploit # desc = ('Full path of Metasploit framework binary directory (%s in ' 'most linux installs)' % cf.cf.get('msf_location')) opt = opt_factory('msf_location', cf.cf.get('msf_location'), desc, STRING, tabid='Metasploit') ol.add(opt) # # Language options # d = 'Set the language to use when reading from the vulnerability database' h = ('The vulnerability database stores descriptions, fix guidance, tags,' ' references and much more about each vulnerability the scanner can' ' identify. The database supports translations, so this information' ' can be in many languages. Use this setting to choose the language' ' in which the information will be displayed and stored in reports.') options = DBVuln.get_all_languages() opt = opt_factory('vulndb_language', options, d, COMBO, help=h, tabid='Language') ol.add(opt) return ol
def test_get_cwe_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.get_cwe_url(89), 'https://cwe.mitre.org/data/definitions/89.html')
def test_get_wasc_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual(dbv.get_wasc_url(3), 'http://projects.webappsec.org/w/page/13246946/Integer%20Overflows')
def test_long_lines(self): dbv = DBVuln.from_id(124) self.assertEqual(dbv.description, u'A very long description for' u' Cross-Site Scripting')
print i['uuid'], "-", i['id'] url = "https://127.0.0.1:8834/scans/" + str(i['id']) sonuc = requests.get(url=url, headers=header, verify=False) print sonuc.json() print "zafiyetler" for i in sonuc.json()['vulnerabilities']: print i['plugin_name'] print i print "====" for i in sonuc.json()['vulnerabilities']: pluginName = i['plugin_name'] IPler = sonuc.json()['info']['targets'] if "SQL" in pluginName: from vulndb import DBVuln veritabaniID = DBVuln.from_id(42) rapor = "Tanim:" + str(veritabaniID.title) + "\n" rapor += "IP:" + str(IPler) + "\n" rapor += "Aciklama" + str(veritabaniID.description) + "\n" dosya = open("rapor.txt", "a") dosya.write(rapor) dosya.close() try: print "Taranan IPler:", sonuc.json()['info']['targets'] publicIP = sozluk[str(sonuc.json()['info']['targets'])] url = "https://api.shodan.io/shodan/host/" + str( publicIP) + "?key=SLs2hD4d6Si43BPpEclUdsmDbA6ZNV70" sonuc = requests.get(url=url, verify=False) except: pass
def test_long_lines_with_new_line(self): dbv = DBVuln.from_id(125) self.assertEqual(dbv.description, u'Start line 1\n' u' Start line 2\n')
### # Name: VulnDB_Json_serpico # Description: Script to Parse VulnDB to Serpico Vulnerability Findings # Author: SAINTz # Twitter: @__SAINTz__ # Version: 0.1 - 17 August 2018 # License: GNU/GPL ## import json from vulndb import DBVuln DB_IDs = DBVuln.get_all_db_ids() export_json = [] for x in DB_IDs: dbv = DBVuln.from_id(x) data_tmp = { "affected_hosts": "null", "affected_users": 10, "approved": "true", "damage": 10, "discoverability": 10, "dread_total": 0, "effort": "Planned", "exploitability": 10, "id": dbv.id, "overview": "<paragraph>" + dbv.description + "</paragraph>", "poc": "<paragraph></paragraph>", "references": dbv.references, "remediation": "<paragraph>" + dbv.fix_guidance + "</paragraph>",
def test_get_wasc_url(self): dbv = DBVuln(**self.DEFAULT_KWARGS) self.assertEqual( dbv.get_wasc_url(3), 'http://projects.webappsec.org/w/page/13246946/Integer%20Overflows' )