def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'When comparing, also compare the content of files.'
o = opt_factory('content', self._content, d, BOOL)
ol.add(o)
d = 'The local directory used in the comparison.'
o = opt_factory('local_dir', self._local_dir, d, STRING)
ol.add(o)
d = 'The remote directory used in the comparison.'
o = opt_factory('remote_url_path', self._remote_url_path, d,
URL_OPTION_TYPE)
ol.add(o)
d = 'When comparing content of two files, ignore files with these'\
'extensions.'
o = opt_factory('banned_ext', self._ban_url, d, LIST)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web'\
' application when doing remote file inclusions. This setting'\
' configures where the webserver is going to listen for requests.'
o = opt_factory('listen_address',
self._listen_address,
d,
STRING,
help=h)
ol.add(o)
d = 'TCP port that the webserver will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, PORT)
ol.add(o)
d = 'Use w3af site to test for remote file inclusion'
h = 'The plugin can use the w3af site to test for remote file'\
' inclusions, which is convenient when you are performing a test'\
' behind a NAT firewall.'
o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Stream edition expressions'
h = ('Stream edition expressions are strings that tell the sed plugin'
' which transformations to apply to the HTTP requests and'
' responses. The sed plugin uses regular expressions, some'
' examples:\n'
'\n'
' - qh/User/NotLuser/\n'
' This will make sed search in the the re[q]uest [h]eader'
' for the string User and replace it with NotLuser.\n'
'\n'
' - sb/[fF]orm/form\n'
' This will make sed search in the re[s]ponse [b]ody for'\
' the strings form or Form and replace it with form.\n'
'\n'
'Multiple expressions can be specified separated by commas.')
o = opt_factory('expressions', self._expressions, d, 'list', help=h)
ol.add(o)
d = 'Fix the content length header after mangling'
o = opt_factory('fix_content_len', self._user_option_fix_content_len,
d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'When crawling only follow links to paths inside the one given'\
' as target.'
o = opt_factory('only_forward', self._only_forward, d, BOOL)
ol.add(o)
d = 'When crawling only follow which that match this regular'\
' expression. Please note that ignore_regex has precedence over'\
' follow_regex.'
o = opt_factory('follow_regex', self._follow_regex, d, REGEX)
ol.add(o)
d = 'When crawling, DO NOT follow links that match this regular'\
' expression. Please note that ignore_regex has precedence over'\
' follow_regex.'
o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX)
ol.add(o)
d = 'fuzzy_ignore_factor 0-100 (100-minimal ignore, 0-maximum ignore)'
o = opt_factory('fuzzy_ignore_factor', self._ignore_factor, d, INT)
ol.add(o)
d = 'maximum allowed count of requests'
o = opt_factory('max_requests_count', self._max_requests_count, d, INT)
ol.add(o)
return ol
def test_invalid_data(self):
input_file = os.path.join(ROOT_PATH, 'core', 'data', 'foobar',
'does-not-exist.txt')
output_file = input_file
data = {BOOL: ['rucula'],
INT: ['0x32',],
FLOAT: ['1x2',],
URL: ['http://', '/', ''],
URL_LIST: ['http://moth/1 , http://moth:333333',],
IPPORT: ['127.0.0.1',],
IP: ['127.0.0.', '127.0.0', '3847398740'],
REGEX: ['.*(',],
INPUT_FILE: [input_file,],
OUTPUT_FILE: [output_file,],
PORT: ['65536',]
}
for _type in data:
for fake_value in data[_type]:
err = '%s for an option of type %s should raise an exception.'
try:
opt_factory('name', fake_value, 'desc', _type)
except BaseFrameworkException:
self.assertTrue(True)
else:
self.assertTrue(False, err % (fake_value, _type))
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Only crawl links to paths inside the URL given as target.'
o = opt_factory('only_forward', self._only_forward, d, BOOL)
ol.add(o)
d = ('Only crawl links that match this regular expression.'
' Note that ignore_regex has precedence over follow_regex.')
o = opt_factory('follow_regex', self._follow_regex, d, REGEX)
ol.add(o)
d = ('DO NOT crawl links that match this regular expression.'
' Note that ignore_regex has precedence over follow_regex.')
o = opt_factory('ignore_regex', self._ignore_regex, d, REGEX)
ol.add(o)
d = 'DO NOT crawl links that use these extensions.'
h = ('This configuration parameter is commonly used to ignore'
' static files such as zip, pdf, jpeg, etc. It is possible to'
' ignore these files using `ignore_regex`, but configuring'
' this parameter is easier and performs case insensitive'
' matching.')
o = opt_factory('ignore_extensions', self._ignore_extensions, d, LIST, help=h)
ol.add(o)
return ol
def test_invalid_data(self):
input_file = os.path.join(ROOT_PATH, "core", "data", "foobar", "does-not-exist.txt")
output_file = input_file
data = {
BOOL: ["rucula"],
INT: ["0x32"],
POSITIVE_INT: ["-1"],
FLOAT: ["1x2"],
URL: ["http://", "/", ""],
URL_LIST: ["http://moth/1 , http://moth:333333"],
IPPORT: ["127.0.0.1"],
IP: ["127.0.0.", "127.0.0", "3847398740"],
REGEX: [".*("],
INPUT_FILE: [input_file],
OUTPUT_FILE: [output_file],
PORT: ["65536"],
}
for _type in data:
for fake_value in data[_type]:
err = "%s for an option of type %s should raise an exception."
try:
opt_factory("name", fake_value, "desc", _type)
except BaseFrameworkException:
self.assertTrue(True)
else:
self.assertTrue(False, err % (fake_value, _type))
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
targets = ','.join(str(tar) for tar in cf.cf.get('targets'))
d = 'A comma separated list of URLs'
o = opt_factory('target', targets, d, 'url_list')
ol.add(o)
d = 'Target operating system (' + '/'.join(
self._operating_systems) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done because the default value is the one
# in the first position on the list
tmp_list = self._operating_systems[:]
tmp_list.remove(cf.cf.get('target_os'))
tmp_list.insert(0, cf.cf.get('target_os'))
o = opt_factory('target_os', tmp_list, d, 'combo', help=h)
ol.add(o)
d = 'Target programming framework (' + '/'.join(
self._programming_frameworks) + ')'
h = 'This setting is here to enhance w3af performance.'
# This list "hack" has to be done because the default value is the one
# in the first position on the list
tmp_list = self._programming_frameworks[:]
tmp_list.remove(cf.cf.get('target_framework'))
tmp_list.insert(0, cf.cf.get('target_framework'))
o = opt_factory('target_framework', tmp_list, d, 'combo', help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in directory bruteforcing process.'
o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE)
ol.add(o)
d = 'Wordlist to use in file bruteforcing process.'
o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE)
ol.add(o)
d = 'If set to True, this plugin will bruteforce directories.'
o = opt_factory('bf_directories', self._bf_directories, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce files.'
o = opt_factory('bf_files', self._bf_files, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce all directories, not' \
' only the root directory.'
h = 'WARNING: Enabling this will make the plugin send tens of thousands' \
' of requests.'
o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h)
ol.add(o)
return ol
def test_invalid_data(self):
input_file = os.path.join(ROOT_PATH, 'core', 'data', 'foobar',
'does-not-exist.txt')
output_file = input_file
data = {BOOL: ['rucula'],
INT: ['0x32'],
POSITIVE_INT: ['-1'],
FLOAT: ['1x2'],
URL: ['http://', '/', ''],
URL_LIST: ['http://moth/1 , http://moth:333333'],
IPPORT: ['127.0.0.1'],
IP: ['127.0.0.', '127.0.0', '3847398740'],
REGEX: ['.*('],
INPUT_FILE: [input_file, '/', 'base64://'],
OUTPUT_FILE: [output_file, '/'],
PORT: ['65536']
}
for _type in data:
for fake_value in data[_type]:
err = '%s for an option of type %s should raise an exception.'
try:
opt_factory('name', fake_value, 'desc', _type)
except BaseFrameworkException:
self.assertTrue(True)
else:
self.assertTrue(False, err % (fake_value, _type))
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app' \
' when doing remote file inclusions. This setting configures on' \
' what IP address the webserver is going to listen.'
o = opt_factory('listen_address',
self._listen_address,
d,
'ip',
help=h)
ol.add(o)
d = 'Port that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app' \
' when doing remote file inclusions. This setting configures on' \
' what IP address the webserver is going to listen.'
o = opt_factory('listen_port', self._listen_port, d, 'port', help=h)
ol.add(o)
d = 'Instead of including a file in a local webserver; include the ' \
' result of exploiting a XSS bug within the same target site.'
o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
h1 = 'Two pages are considered equal if they match in more'\
' than eq_limit.'
h2 = 'Timeout between fuzzing requests'
h3 = 'Perform a primary sql-injection check'
opt = opt_factory('eq_limit',
self._eq_limit,
'String equal ratio (0.0 to 1.0)',
'float',
help=h1)
opt_list.add(opt)
opt = opt_factory('timeout',
self._timeout,
'Requests timeout',
'float',
help=h2)
opt_list.add(opt)
opt = opt_factory('is_carefully',
self._is_carefully,
'Do a primary check?',
'boolean',
help=h3)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Stream edition expressions'
h = ('Stream edition expressions are strings that tell the sed plugin'
' which transformations to apply to the HTTP requests and'
' responses. The sed plugin uses regular expressions, some'
' examples:\n'
'\n'
' - qh/User/NotLuser/\n'
' This will make sed search in the the re[q]uest [h]eader'
' for the string User and replace it with NotLuser.\n'
'\n'
' - sb/[fF]orm/form\n'
' This will make sed search in the re[s]ponse [b]ody for'\
' the strings form or Form and replace it with form.\n'
'\n'
'Multiple expressions can be specified separated by commas.')
o = opt_factory('expressions', self._expressions, d, 'list', help=h)
ol.add(o)
d = 'Fix the content length header after mangling'
o = opt_factory('fix_content_len', self._user_option_fix_content_len,
d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web'\
' application when doing remote file inclusions. This setting'\
' configures where the webserver is going to listen for requests.'
o = opt_factory('listen_address', self._listen_address, d, STRING, help=h)
ol.add(o)
d = 'TCP port that the webserver will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, PORT)
ol.add(o)
d = 'Use w3af site to test for remote file inclusion'
h = 'The plugin can use the w3af site to test for remote file'\
' inclusions, which is convenient when you are performing a test'\
' behind a NAT firewall.'
o = opt_factory('use_w3af_site', self._use_w3af_site, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in directory bruteforcing process.'
o = opt_factory('dir_wordlist', self._dir_list, d, INPUT_FILE)
ol.add(o)
d = 'Wordlist to use in file bruteforcing process.'
o = opt_factory('file_wordlist', self._file_list, d, INPUT_FILE)
ol.add(o)
d = 'If set to True, this plugin will bruteforce directories.'
o = opt_factory('bf_directories', self._bf_directories, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce files.'
o = opt_factory('bf_files', self._bf_files, d, BOOL)
ol.add(o)
d = 'If set to True, this plugin will bruteforce all directories, not'\
' only the root directory.'
h = 'WARNING: Enabling this will make the plugin send tens of thousands'\
' of requests.'
o = opt_factory('be_recursive', self._be_recursive, d, BOOL, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'When comparing, also compare the content of files.'
o = opt_factory('content', self._content, d, BOOL)
ol.add(o)
d = 'The local directory used in the comparison.'
o = opt_factory('local_dir', self._local_dir, d, STRING)
ol.add(o)
d = 'The remote directory used in the comparison.'
o = opt_factory(
'remote_url_path', self._remote_url_path, d, URL_OPTION_TYPE)
ol.add(o)
d = 'When comparing content of two files, ignore files with these'\
'extensions.'
o = opt_factory('banned_ext', self._ban_url, d, LIST)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
opt_list = OptionList()
desc = 'Use time delay (sleep() technique)'
_help = 'If set to True, w3af will checks insecure eval() usage by' \
' analyzing of time delay result of script execution.'
opt = opt_factory('use_time_delay',
self._use_time_delay,
desc,
'boolean',
help=_help)
opt_list.add(opt)
desc = 'Use echo technique'
_help = 'If set to True, w3af will checks insecure eval() usage by' \
' grepping result of script execution for test strings.'
opt = opt_factory('use_echo',
self._use_echo,
desc,
'boolean',
help=_help)
opt_list.add(opt)
return opt_list
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app'\
' when doing remote file inclusions. This setting configures on'\
' what IP address the webserver is going to listen.'
o = opt_factory('listen_address', self._listen_address, d, 'ip', help=h)
ol.add(o)
d = 'Port that the webserver will use to receive requests'
h = 'w3af runs a webserver to serve the files to the target web app'\
' when doing remote file inclusions. This setting configures on'\
' what IP address the webserver is going to listen.'
o = opt_factory('listen_port', self._listen_port, d, 'port', help=h)
ol.add(o)
d = 'Instead of including a file in a local webserver; include the '\
' result of exploiting a XSS bug within the same target site.'
o = opt_factory('use_xss_bug', self._use_XSS_vuln, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
ol = super(LocalFileReadTemplate, self).get_options()
d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)'
o = opt_factory('payload', self.payload, d, 'string')
ol.add(o)
d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)'
o = opt_factory('file_pattern', self.file_pattern, d, 'string')
ol.add(o)
return ol
def get_options(self):
ol = super(LocalFileReadTemplate, self).get_options()
d = 'Payload used to detect the vulnerability (i.e. ../../etc/passwd)'
o = opt_factory('payload', self.payload, d, 'string')
ol.add(o)
d = 'File pattern used to detect the vulnerability (i.e. root:x:0:0:)'
o = opt_factory('file_pattern', self.file_pattern, d, 'string')
ol.add(o)
return ol
def get_options(self):
ol = super(OSCommandingTemplate, self).get_options()
d = 'Command separator used for injecting commands. Usually one of'\
'&, |, &&, || or ; .'
o = opt_factory('separator', self.separator, d, 'string')
ol.add(o)
d = 'Remote operating system (linux or windows).'
o = opt_factory('operating_system', self.operating_system, d, 'string')
ol.add(o)
return ol
def get_options(self):
opt_lst = super(FileUploadTemplate, self).get_options()
d = 'Comma separated list of variable names of type "file"'
o = opt_factory('file_vars', self.file_vars, d, 'list')
opt_lst.add(o)
d = 'URL for the directory where the file is stored on the remote'\
' server after the POST that uploads it.'
o = opt_factory('file_dest', self.file_dest, d, 'url')
opt_lst.add(o)
return opt_lst
def get_options(self):
opt_lst = super(FileUploadTemplate, self).get_options()
d = 'Comma separated list of variable names of type "file"'
o = opt_factory('file_vars', self.file_vars, d, 'list')
opt_lst.add(o)
d = 'URL for the directory where the file is stored on the remote'\
' server after the POST that uploads it.'
o = opt_factory('file_dest', self.file_dest, d, 'url')
opt_lst.add(o)
return opt_lst
def get_options(self):
ol = super(OSCommandingTemplate, self).get_options()
d = 'Command separator used for injecting commands. Usually one of'\
'&, |, &&, || or ; .'
o = opt_factory('separator', self.separator, d, 'string')
ol.add(o)
d = 'Remote operating system (linux or windows).'
o = opt_factory('operating_system', self.operating_system, d, 'string')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Destination http port number to analize'
o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2)
ol.add(o2)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d1 = 'Destination http port number to analize'
o1 = opt_factory('httpPort', self._http_port, d1, INT, help=d1)
ol.add(o1)
d2 = 'Destination httpS port number to analize'
o2 = opt_factory('httpsPort', self._https_port, d2, INT, help=d2)
ol.add(o2)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE)
ol.add(o)
d = 'True if debug information will be appended to the report.'
o = opt_factory('verbose', self._verbose, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'File name where this plugin will write to'
o = opt_factory('output_file', self._output_file_name, d, OUTPUT_FILE)
ol.add(o)
d = 'True if debug information will be appended to the report.'
o = opt_factory('verbose', self._verbose, d, 'boolean')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in the manifest file name bruteforcing process.'
o = opt_factory('wordlist', self._wordlist, d, 'string')
ol.add(o)
d = 'File extensions to use when brute forcing Gears Manifest files'
o = opt_factory('manifestExtensions', self._extensions, d, 'list')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Enables verbose output for the console'
o = opt_factory('verbose', self.verbose, d, BOOL)
ol.add(o)
d = 'Enable output coloring'
o = opt_factory('use_colors', self.use_colors, d, BOOL)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Enables verbose output for the console'
o = opt_factory('verbose', self.verbose, d, BOOL)
ol.add(o)
d = 'Enable output coloring'
o = opt_factory('use_colors', self.use_colors, d, BOOL)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the spider_man proxy will use to receive requests'
o = opt_factory('listen_address', self._listen_address, d, 'string')
ol.add(o)
d = 'Port that the spider_man HTTP proxy server will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, 'integer')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'IP address that the spider_man proxy will use to receive requests'
o = opt_factory('listen_address', self._listen_address, d, 'string')
ol.add(o)
d = 'Port that the spider_man HTTP proxy server will use to receive requests'
o = opt_factory('listen_port', self._listen_port, d, 'integer')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Wordlist to use in the manifest file name bruteforcing process.'
o = opt_factory('wordlist', self._wordlist, d, 'string')
ol.add(o)
d = 'File extensions to use when brute forcing Gears Manifest files'
o = opt_factory('manifestExtensions', self._extensions, d, 'list')
ol.add(o)
return ol
def test_root_path_variable_init(self):
opt = opt_factory('name', self.SHORT_INPUT_FILE, 'desc', INPUT_FILE,
'help', 'tab1')
self.assertEqual(opt.get_value_for_profile(), self.SHORT_INPUT_FILE)
self.assertEqual(opt.get_value_str(), self.INPUT_FILE)
self.assertEqual(opt._value, self.INPUT_FILE)
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field,
'string', 'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field,
'string', 'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using a POST'
' request'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Enable verbose output for syslog'
o = opt_factory('verbose', self.verbose, d, BOOL)
ol.add(o)
d = 'String to be included in all syslog messages'
h = 'Use this string to identify each individual scan in the log'
o = opt_factory('scan_id', self.scan_id, d, STRING, help=h)
ol.add(o)
return ol
def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# First we create one vulnerability in the KB
self.kb.cleanup()
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, 1, 'sqli')
self.kb.append('sqli', 'sqli', v)
self.assertEqual(len(self.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = self._from_xml_get_vulns(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def test_factory_already_converted_type(self):
data = {BOOL: (True, True),
INT: (1, 1),
FLOAT: (1.0, 1.0),
STRING: ('hello world', 'hello world'),
URL: (URL_KLASS('http://moth/'), URL_KLASS('http://moth/')),
URL_LIST: ([URL_KLASS('http://moth/1'),
URL_KLASS('http://moth/2')],
[URL_KLASS('http://moth/1'),
URL_KLASS('http://moth/2')]),
LIST: (['a', 'b', 'c'], ['a', 'b', 'c']),
PORT: (12345, 12345)
}
for _type, (user_value, parsed_value) in data.iteritems():
opt = opt_factory('name', user_value, 'desc', _type)
self.assertEqual(opt.get_name(), 'name')
self.assertEqual(opt.get_desc(), 'desc')
self.assertEqual(opt.get_type(), _type)
self.assertEqual(opt.get_default_value(), parsed_value)
self.assertEqual(opt.get_value(), parsed_value)
self.assertIsInstance(opt.get_name(), basestring)
self.assertIsInstance(opt.get_desc(), basestring)
self.assertIsInstance(opt.get_type(), basestring)
self.assertIsInstance(opt.get_help(), basestring)
def create_target_option_list(*target):
opts = OptionList()
opt = opt_factory('target', '', '', URL_LIST)
opt.set_value(','.join([u.url_string for u in target]))
opts.add(opt)
opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo')
opts.add(opt)
opt = opt_factory('target_framework',
('unknown', 'php', 'asp', 'asp.net', 'java', 'jsp',
'cfm', 'ruby', 'perl'), '', 'combo')
opts.add(opt)
return opts
def test_root_path_variable_init(self):
opt = opt_factory('name', self.SHORT_INPUT_FILE, 'desc', INPUT_FILE,
'help', 'tab1')
self.assertEqual(opt.get_value_for_profile(), self.SHORT_INPUT_FILE)
self.assertEqual(opt.get_value_str(), self.INPUT_FILE)
self.assertEqual(opt._value, self.INPUT_FILE)
def test_no_duplicate_vuln_reports(self):
# The xml_file plugin had a bug where vulnerabilities were written to
# disk multiple times, this test makes sure I fixed that vulnerability
# First we create one vulnerability in the KB
self.kb.cleanup()
desc = 'Just a test for the XML file output plugin.'
v = Vuln('SQL injection', desc, severity.HIGH, 1, 'sqli')
self.kb.append('sqli', 'sqli', v)
self.assertEqual(len(self.kb.get_all_vulns()), 1)
# Setup the plugin
plugin_instance = xml_file()
# Set the output file for the unittest
ol = OptionList()
d = 'Output file name where to write the XML data'
o = opt_factory('output_file', self.FILENAME, d, OUTPUT_FILE)
ol.add(o)
# Then we flush() twice to disk, this reproduced the issue
plugin_instance.set_options(ol)
plugin_instance.flush()
plugin_instance.flush()
plugin_instance.flush()
# Now we parse the vulnerabilities from disk and confirm only one
# is there
file_vulns = self._from_xml_get_vulns(self.FILENAME)
self.assertEqual(len(file_vulns), 1, file_vulns)
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
options = [
('username', self.username, STRING,
'Username for the authentication process'),
('password', self.password, STRING,
'Password for the authentication process'),
('login_form_url', self.login_form_url, URL_OPT,
'The URL where the login form appears'),
('check_url', self.check_url, URL_OPT,
'URL used to verify if the session is active. The plugin sends'
' an HTTP GET request to this URL and asserts if `check_string`'
' is present.'),
('check_string', self.check_string, STRING,
'String to search in the `check_url` page to determine if the'
' session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
options = [
('username', self.username, 'string',
'Username for using in the authentication process'),
('password', self.password, 'string',
'Password for using in the authentication process'),
('username_field', self.username_field, 'string',
'Username parameter name (ie. "uname" if the HTML looks'
' like <input type="text" name="uname">...)'),
('password_field', self.password_field, 'string',
'Password parameter name (ie. "pwd" if the HTML looks'
' like <input type="password" name="pwd">...)'),
('auth_url', self.auth_url, 'url',
'URL where the username and password will be sent using a POST'
' request'),
('check_url', self.check_url, 'url',
'URL used to verify if the session is still active by looking for'
' the check_string.'),
('check_string', self.check_string, 'string',
'String for searching on check_url page to determine if the'
'current session is active.'),
]
ol = OptionList()
for o in options:
ol.add(opt_factory(o[0], o[1], o[3], o[2], help=o[3]))
return ol
def test_factory_already_converted_type(self):
data = {
BOOL: (True, True),
INT: (1, 1),
FLOAT: (1.0, 1.0),
STRING: ("hello world", "hello world"),
URL: (URL_KLASS("http://moth/"), URL_KLASS("http://moth/")),
URL_LIST: (
[URL_KLASS("http://moth/1"), URL_KLASS("http://moth/2")],
[URL_KLASS("http://moth/1"), URL_KLASS("http://moth/2")],
),
LIST: (["a", "b", "c"], ["a", "b", "c"]),
PORT: (12345, 12345),
}
for _type, (user_value, parsed_value) in data.iteritems():
opt = opt_factory("name", user_value, "desc", _type)
self.assertEqual(opt.get_name(), "name")
self.assertEqual(opt.get_desc(), "desc")
self.assertEqual(opt.get_type(), _type)
self.assertEqual(opt.get_default_value(), parsed_value)
self.assertEqual(opt.get_value(), parsed_value)
self.assertIsInstance(opt.get_name(), basestring)
self.assertIsInstance(opt.get_desc(), basestring)
self.assertIsInstance(opt.get_type(), basestring)
self.assertIsInstance(opt.get_help(), basestring)
def test_factory_already_converted_type(self):
data = {BOOL: (True, True),
INT: (1, 1),
FLOAT: (1.0, 1.0),
STRING: ('hello world', 'hello world'),
URL: (URL_KLASS('http://moth/'), URL_KLASS('http://moth/')),
URL_LIST: ([URL_KLASS('http://moth/1'),
URL_KLASS('http://moth/2')],
[URL_KLASS('http://moth/1'),
URL_KLASS('http://moth/2')]),
LIST: (['a', 'b', 'c'], ['a', 'b', 'c']),
PORT: (12345, 12345)
}
for _type, (user_value, parsed_value) in data.iteritems():
opt = opt_factory('name', user_value, 'desc', _type)
self.assertEqual(opt.get_name(), 'name')
self.assertEqual(opt.get_desc(), 'desc')
self.assertEqual(opt.get_type(), _type)
self.assertEqual(opt.get_default_value(), parsed_value)
self.assertEqual(opt.get_value(), parsed_value)
self.assertIsInstance(opt.get_name(), basestring)
self.assertIsInstance(opt.get_desc(), basestring)
self.assertIsInstance(opt.get_type(), basestring)
self.assertIsInstance(opt.get_help(), basestring)
def _initFilterBox(self, mainvbox):
"""Init advanced search options."""
self._advSearchBox = gtk.HBox()
self._advSearchBox.set_spacing(self._padding)
self.pref = FilterOptions(self)
# Filter options
self._filterMethods = [
('GET', 'GET', False),
('POST', 'POST', False),
]
filterMethods = OptionList()
for method in self._filterMethods:
filterMethods.add(
opt_factory(method[0], method[2], method[1], "boolean"))
self.pref.add_section('methods', _('Request Method'), filterMethods)
filterId = OptionList()
filterId.add(opt_factory("min", "0", "Min ID", "string"))
filterId.add(opt_factory("max", "0", "Max ID", "string"))
self.pref.add_section('trans_id', _('Transaction ID'), filterId)
filterCodes = OptionList()
codes = [
("1xx", "1xx", False),
("2xx", "2xx", False),
("3xx", "3xx", False),
("4xx", "4xx", False),
("5xx", "5xx", False),
]
for code in codes:
filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean"))
self.pref.add_section('codes', _('Response Code'), filterCodes)
filterMisc = OptionList()
filterMisc.add(opt_factory("tag", False, "Tag", "boolean"))
filterMisc.add(
opt_factory("has_qs", False, "Request has Query String",
"boolean"))
self.pref.add_section('misc', _('Misc'), filterMisc)
filterTypes = OptionList()
self._filterTypes = [
('html', 'HTML', False),
('javascript', 'JavaScript', False),
('image', 'Images', False),
('flash', 'Flash', False),
('css', 'CSS', False),
('text', 'Text', False),
]
for filterType in self._filterTypes:
filterTypes.add(
opt_factory(filterType[0], filterType[2], filterType[1],
"boolean"))
self.pref.add_section('types', _('Response Content Type'), filterTypes)
filterSize = OptionList()
filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean"))
self.pref.add_section('sizes', _('Response Size'), filterSize)
self.pref.show()
self._advSearchBox.pack_start(self.pref, False, False)
self._advSearchBox.hide_all()
mainvbox.pack_start(self._advSearchBox, False, False)
def create_target_option_list(*target):
opts = OptionList()
opt = opt_factory('target', '', '', URL_LIST)
opt.set_value(','.join([u.url_string for u in target]))
opts.add(opt)
opt = opt_factory('target_os', ('unknown', 'unix', 'windows'), '', 'combo')
opts.add(opt)
opt = opt_factory('target_framework',
('unknown', 'php', 'asp', 'asp.net',
'java', 'jsp', 'cfm', 'ruby', 'perl'),
'', 'combo')
opts.add(opt)
return opts
def _get_option_objects(self):
"""
:return: A list of options for this question.
"""
d1 = 'Target URL'
o1 = opt_factory('target', '', d1, 'url_list')
o2 = opt_factory('target_os', 'unknown', d1, 'string')
o3 = opt_factory('target_framework', 'unknown', d1, 'string')
ol = OptionList()
ol.add(o1)
ol.add(o2)
ol.add(o3)
return ol
def test_empty_qs(self):
value = ''
opt = opt_factory('name', value, 'desc', QUERY_STRING, 'help', 'tab')
self.assertEqual(opt.get_value_for_profile(), value)
qs_instance = opt.get_value()
self.assertEqual(len(qs_instance), 0)
def test_empty_header(self):
value = ''
opt = opt_factory('name', value, 'desc', HEADER, 'help', 'tab')
self.assertEqual(opt.get_value_for_profile(), value)
header_instance = opt.get_value()
self.assertEqual(len(header_instance), 0)
def test_empty_qs(self):
value = ''
opt = opt_factory('name', value, 'desc', QUERY_STRING, 'help', 'tab')
self.assertEqual(opt.get_value_for_profile(), value)
qs_instance = opt.get_value()
self.assertEqual(len(qs_instance), 0)
def test_empty_header(self):
value = ''
opt = opt_factory('name', value, 'desc', HEADER, 'help', 'tab')
self.assertEqual(opt.get_value_for_profile(), value)
header_instance = opt.get_value()
self.assertEqual(len(header_instance), 0)
def test_root_path_variable_set(self):
opt = opt_factory("name", self.SHORT_INPUT_FILE, "desc", INPUT_FILE, "help", "tab1")
opt.set_value(self.SHORT_INPUT_FILE)
self.assertEqual(opt.get_value_for_profile(), self.SHORT_INPUT_FILE)
self.assertEqual(opt.get_value_str(), self.INPUT_FILE)
self.assertEqual(opt._value, self.INPUT_FILE)
def _initFilterBox(self, mainvbox):
"""Init advanced search options."""
self._advSearchBox = gtk.HBox()
self._advSearchBox.set_spacing(self._padding)
self.pref = FilterOptions(self)
# Filter options
self._filterMethods = [
('GET', 'GET', False),
('POST', 'POST', False),
]
filterMethods = OptionList()
for method in self._filterMethods:
filterMethods.add(
opt_factory(method[0], method[2], method[1], "boolean"))
self.pref.add_section('methods', _('Request Method'), filterMethods)
filterId = OptionList()
filterId.add(opt_factory("min", "0", "Min ID", "string"))
filterId.add(opt_factory("max", "0", "Max ID", "string"))
self.pref.add_section('trans_id', _('Transaction ID'), filterId)
filterCodes = OptionList()
codes = [
("1xx", "1xx", False),
("2xx", "2xx", False),
("3xx", "3xx", False),
("4xx", "4xx", False),
("5xx", "5xx", False),
]
for code in codes:
filterCodes.add(opt_factory(code[0], code[2], code[1], "boolean"))
self.pref.add_section('codes', _('Response Code'), filterCodes)
filterMisc = OptionList()
filterMisc.add(opt_factory("tag", False, "Tag", "boolean"))
filterMisc.add(opt_factory(
"has_qs", False, "Request has Query String", "boolean"))
self.pref.add_section('misc', _('Misc'), filterMisc)
filterTypes = OptionList()
self._filterTypes = [
('html', 'HTML', False),
('javascript', 'JavaScript', False),
('image', 'Images', False),
('flash', 'Flash', False),
('css', 'CSS', False),
('text', 'Text', False),
]
for filterType in self._filterTypes:
filterTypes.add(opt_factory(
filterType[0], filterType[2], filterType[1], "boolean"))
self.pref.add_section('types', _('Response Content Type'), filterTypes)
filterSize = OptionList()
filterSize.add(opt_factory("resp_size", False, "Not Null", "boolean"))
self.pref.add_section('sizes', _('Response Size'), filterSize)
self.pref.show()
self._advSearchBox.pack_start(self.pref, False, False)
self._advSearchBox.hide_all()
mainvbox.pack_start(self._advSearchBox, False, False)
def get_options(self):
"""
In this case we provide a sample implementation since most vulnerabilities
will have this template. If the specific vulnerability needs other params
then it should override this implementation.
"""
ol = OptionList()
d = 'Vulnerability name (eg. %s)' % self.get_vulnerability_name()
o = opt_factory('name', self.name, d, 'string')
ol.add(o)
d = 'URL pointing to the path that is vulnerable to file uploads via'\
' misconfigured DAV module (HTTP PUT method).'
o = opt_factory('url', self.url, d, 'url')
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Base64 input file from which to create the fuzzable requests'
h = 'The file format is described in output.export_requests'
o = opt_factory('input_base64', self._input_base64, d, INPUT_FILE,
help=h)
ol.add(o)
d = 'Burp log file from which to create the fuzzable requests'
h = 'The input file needs to be in Burp format.'
o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h)
ol.add(o)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
d = 'Define the CSV input file from which to create the fuzzable requests'
h = 'The input file is comma separated and holds the following data:'
h += ' "HTTP-METHOD","URI","POSTDATA"'
o = opt_factory('input_csv', self._input_csv, d, INPUT_FILE, help=h)
ol.add(o)
d = 'Define the Burp log file from which to create the fuzzable requests'
h = 'The input file needs to be in Burp format.'
o = opt_factory('input_burp', self._input_burp, d, INPUT_FILE, help=h)
ol.add(o)
return ol
