def _add_output_plugin(self, output_plugin_name):
"""
Takes a string with the OutputPluginName, creates the object and
adds it to the OutputPluginName
:param output_plugin_name: The name of the plugin to add to the list.
:return: No value is returned.
"""
if output_plugin_name == 'all':
file_list = os.listdir(os.path.join(ROOT_PATH, 'plugins', 'output'))
str_req_plugins = [os.path.splitext(f)[0] for f in file_list
if os.path.splitext(f)[1] == '.py']
str_req_plugins.remove('__init__')
for plugin_name in str_req_plugins:
plugin = factory('w3af.plugins.output.' + plugin_name)
if plugin_name in self._plugin_options.keys():
plugin.set_options(self._plugin_options[plugin_name])
# Append the plugin to the list
self._output_plugin_instances.append(plugin)
else:
plugin = factory('w3af.plugins.output.' + output_plugin_name)
if output_plugin_name in self._plugin_options.keys():
plugin.set_options(self._plugin_options[output_plugin_name])
# Append the plugin to the list
self._output_plugin_instances.append(plugin)
def get_plugin_options(self, plugin_type, plugin_name):
"""
:return: A dict with the options for a plugin. For example:
{ 'LICENSE_KEY':'AAAA' }
"""
# Get the plugin defaults with their types
plugin = 'w3af.plugins.%s.%s' % (plugin_type, plugin_name)
plugin_instance = factory(plugin)
options_list = plugin_instance.get_options()
for section in self._config.sections():
# Section is something like audit.xss or crawl.web_spider
try:
_type, name = section.split('.')
except:
pass
else:
if _type == plugin_type and name == plugin_name:
for option in self._config.options(section):
try:
value = self._config.get(section, option)
except KeyError:
# We should never get here...
msg = ('The option "%s" is unknown for the'
' "%s" plugin.')
args = (option, plugin_name)
raise BaseFrameworkException(msg % args)
else:
options_list[option].set_value(value)
return options_list
def _run_plugins(self, response):
"""
Runs password profiling plugins to collect data from HTML, TXT,
PDF, etc files.
:param response: A HTTPResponse object
:return: A map with word:repetitions
"""
# Create plugin instances only once
if not self._plugins:
for plugin_name in self._plugins_names_dict:
plugin_klass = 'w3af.plugins.grep.password_profiling_plugins.%s'
plugin_instance = factory(plugin_klass % plugin_name)
self._plugins.append(plugin_instance)
res = {}
for plugin in self._plugins:
wordMap = plugin.get_words(response)
if wordMap is not None:
# If a plugin returned something thats not None, then we are done.
# this plugins only return a something different of None of they
# found something
res = wordMap
break
return res
def _get_plugin_instance(self, plugin_name):
plugin = factory('w3af.plugins.output.%s' % plugin_name)
plugin.set_w3af_core(self._w3af_core)
if plugin_name in self._plugin_options.keys():
plugin.set_options(self._plugin_options[plugin_name])
return plugin
def test_all_wizards(self):
mod = 'w3af.core.controllers.wizard.wizards.%s'
w3af_core = w3afCore()
for filename in os.listdir('w3af/core/controllers/wizard/wizards/'):
wizard_id, ext = os.path.splitext(filename)
if wizard_id in ('__init__', '.git') or ext == '.pyc':
continue
klass = mod % wizard_id
wizard_inst = factory(klass, w3af_core)
yield self._test_wizard_correct, wizard_inst
wizard_inst = factory(klass, w3af_core)
yield self._test_wizard_fail, wizard_inst
def _get_instances(self, question_list, w3af_core):
"""
:param question_list: A list of question ids
:param w3af_core: The w3af core object to pass to the question id
:return: A list of question objects
"""
res = []
mod = 'w3af.core.controllers.wizard.questions.question_%s'
for question_id in question_list:
klass = mod % question_id
question_inst = factory(klass, w3af_core)
res.append(question_inst)
return res
def get_plugin_inst(self, plugin_type, plugin_name):
"""
:return: An instance of a plugin.
"""
plugin_inst = factory('w3af.plugins.%s.%s' % (plugin_type, plugin_name))
plugin_inst.set_url_opener(self._w3af_core.uri_opener)
plugin_inst.set_worker_pool(self._w3af_core.worker_pool)
if plugin_name in self._plugins_options[plugin_type].keys():
custom_options = self._plugins_options[plugin_type][plugin_name]
plugin_inst.set_options(custom_options)
# This will init some plugins like mangle and output
if plugin_type == 'attack' and not self.initialized:
self.init_plugins()
return plugin_inst
def get_plugin_inst(self, plugin_type, plugin_name):
"""
:return: An instance of a plugin.
"""
plugin_inst = factory('w3af.plugins.%s.%s' %
(plugin_type, plugin_name))
plugin_inst.set_url_opener(self._w3af_core.uri_opener)
plugin_inst.set_worker_pool(self._w3af_core.worker_pool)
if plugin_name in self._plugins_options[plugin_type].keys():
custom_options = self._plugins_options[plugin_type][plugin_name]
plugin_inst.set_options(custom_options)
# This will init some plugins like mangle and output
if plugin_type == 'attack' and not self.initialized:
self.init_plugins()
return plugin_inst
def test_all_questions(self):
"""
This is a very basic test where we perform the following:
* Create an instance
* Exercise all getters
* Exercise all setters
* Make sure "back" works
"""
mod = 'w3af.core.controllers.wizard.questions.%s'
w3af_core = w3afCore()
for filename in os.listdir('w3af/core/controllers/wizard/questions/'):
question_id, ext = os.path.splitext(filename)
if question_id in ('__init__', '.git') or ext == '.pyc':
continue
klass = mod % question_id
question_inst = factory(klass, w3af_core)
yield self._test_qid, question_inst
def setUp(self):
"""
This is a rather complex setUp since I need to create an instance of
the count.py plugin in memory, without copying it to any plugins
directory since that would generate issues with other tests.
"""
self.w3afcore = w3afCore()
target_opts = create_target_option_list(URL(get_moth_http()))
self.w3afcore.target.set_options(target_opts)
plugin_inst = factory(self.PLUGIN)
plugin_inst.set_url_opener(self.w3afcore.uri_opener)
plugin_inst.set_worker_pool(self.w3afcore.worker_pool)
self.w3afcore.plugins.plugins['crawl'] = [plugin_inst]
self.w3afcore.plugins._plugins_names_dict['crawl'] = ['count']
self.count_plugin = plugin_inst
# Verify env and start the scan
self.w3afcore.plugins.initialized = True
self.w3afcore.verify_environment()
def setUp(self):
"""
This is a rather complex setUp since I need to create an instance of
the count.py plugin in memory, without copying it to any plugins
directory since that would generate issues with other tests.
"""
self.w3afcore = w3afCore()
target_opts = create_target_option_list(URL(get_moth_http()))
self.w3afcore.target.set_options(target_opts)
plugin_inst = factory(self.PLUGIN)
plugin_inst.set_url_opener(self.w3afcore.uri_opener)
plugin_inst.set_worker_pool(self.w3afcore.worker_pool)
self.w3afcore.plugins.plugins['crawl'] = [plugin_inst]
self.w3afcore.plugins._plugins_names_dict['crawl'] = ['count']
self.count_plugin = plugin_inst
# Verify env and start the scan
self.w3afcore.plugins.initialized = True
self.w3afcore.verify_environment()
def setUp(self):
"""
This is a rather complex setUp since I need to move the
exception_raise.py plugin to the plugin directory in order to be able
to run it afterwards.
In the tearDown method, I'll remove the file.
"""
self.w3afcore = w3afCore()
target_opts = create_target_option_list(URL(get_moth_http()))
self.w3afcore.target.set_options(target_opts)
plugin_inst = factory(self.PLUGIN)
plugin_inst.set_url_opener(self.w3afcore.uri_opener)
plugin_inst.set_worker_pool(self.w3afcore.worker_pool)
self.w3afcore.plugins.plugins['crawl'] = [plugin_inst,]
self.w3afcore.plugins._plugins_names_dict['crawl'] = ['exception_raise',]
self.exception_plugin = plugin_inst
# Verify env and start the scan
self.w3afcore.plugins.initialized = True
self.w3afcore.verify_environment()
def get_quick_instance(self, plugin_type, plugin_name):
plugin_module = '.'.join(['w3af', 'plugins', plugin_type, plugin_name])
return factory(plugin_module)
def get_quick_instance(self, plugin_type, plugin_name):
plugin_module = '.'.join(['w3af', 'plugins', plugin_type, plugin_name])
return factory(plugin_module)