Python Vuln.set_uri示例

示例#1

    def grep(self, request, response):
        '''
        Plugin entry point.

        :param request: The HTTP request object.
        :param response: The HTTP response object
        :return: None, all results are saved in the kb.
        '''
        uri = response.get_uri()
        if response.is_text_or_html() and uri not in self._already_inspected:

            # Don't repeat URLs
            self._already_inspected.add(uri)

            for regex in self._regex_list:
                for m in regex.findall(response.get_body()):
                    user = m[0]

                    desc = 'The URL: "%s" contains a SVN versioning signature'\
                           ' with the username "%s".'
                    desc = desc % (uri, user)

                    v = Vuln('SVN user disclosure vulnerability', desc,
                             severity.LOW, response.id, self.get_name())

                    v.set_uri(uri)
                    v['user'] = user
                    v.add_to_highlight(user)

                    self.kb_append_uniq(self, 'users', v, 'URL')

示例#2

文件： error_500.py 项目： Adastra-thw/w3af

    def end(self):
        '''
        This method is called when the plugin wont be used anymore.

        The real job of this plugin is done here, where I will try to see if
        one of the error_500 responses were not identified as a vuln by some
        of my audit plugins
        '''
        all_vulns = kb.kb.get_all_vulns()
        all_vulns_tuples = [(v.get_uri(), v.get_dc()) for v in all_vulns]

        for request, error_500_response_id in self._error_500_responses:
            if (request.get_uri(), request.get_dc()) not in all_vulns_tuples:
                # Found a err 500 that wasnt identified !!!
                desc = 'An unidentified web application error (HTTP response'\
                       ' code 500) was found at: "%s". Enable all plugins and'\
                       ' try again, if the vulnerability still is not identified'\
                       ', please verify manually and report it to the w3af'\
                       ' developers.'
                desc = desc % request.get_url()
                
                v = Vuln('Unhandled error in web application', desc,
                         severity.MEDIUM, error_500_response_id,
                         self.get_name())
                
                v.set_uri(request.get_uri())
                
                self.kb_append_uniq(self, 'error_500', v, 'VAR')
        
        self._error_500_responses.cleanup()

示例#3

文件： php_sca.py 项目： Adastra-thw/w3af

        def write_vuln_to_kb(vulnty, url, funcs):
            vulndata = php_sca.KB_DATA[vulnty]
            for f in funcs:
                vuln_sev = vulndata['severity']
                desc = name = vulndata['name']
                
                v = Vuln(name, desc, vuln_sev, 1, 'PHP Static Code Analyzer')
                v.set_uri(url)
                v.set_var(f.vulnsources[0])

                args = list(vulndata['kb_key']) + [v]

                # TODO: Extract the method from the PHP code
                #     $_GET == GET
                #     $_POST == POST
                #     $_REQUEST == GET
                v.set_method('GET')

                # TODO: Extract all the other variables that are
                # present in the PHP file using the SCA
                v.set_dc(DataContainer())

                #
                # TODO: This needs to be checked! OS Commanding specific
                #       attributes.
                v['os'] = 'unix'
                v['separator'] = ''

                kb.kb.append(*args)

示例#4

文件： ssn.py 项目： zhuyue1314/w3af

    def grep(self, request, response):
        """
        Plugin entry point, find the SSN numbers.

        :param request: The HTTP request object.
        :param response: The HTTP response object
        :return: None.
        """
        uri = response.get_uri()

        if (
            response.is_text_or_html()
            and response.get_code() == 200
            and response.get_clear_text_body() is not None
            and uri not in self._already_inspected
        ):

            # Don't repeat URLs
            self._already_inspected.add(uri)

            found_ssn, validated_ssn = self._find_SSN(response.get_clear_text_body())
            if validated_ssn:
                desc = 'The URL: "%s" possibly discloses a US Social Security' ' Number: "%s".'
                desc = desc % (uri, validated_ssn)
                v = Vuln("US Social Security Number disclosure", desc, severity.LOW, response.id, self.get_name())
                v.set_uri(uri)

                v.add_to_highlight(found_ssn)
                self.kb_append_uniq(self, "ssn", v, "URL")

示例#5

        def write_vuln_to_kb(vulnty, url, funcs):
            vulndata = php_sca.KB_DATA[vulnty]
            for f in funcs:
                vuln_sev = vulndata['severity']
                desc = name = vulndata['name']

                v = Vuln(name, desc, vuln_sev, 1, 'PHP Static Code Analyzer')
                v.set_uri(url)
                v.set_var(f.vulnsources[0])

                args = list(vulndata['kb_key']) + [v]

                # TODO: Extract the method from the PHP code
                #     $_GET == GET
                #     $_POST == POST
                #     $_REQUEST == GET
                v.set_method('GET')

                # TODO: Extract all the other variables that are
                # present in the PHP file using the SCA
                v.set_dc(DataContainer())

                #
                # TODO: This needs to be checked! OS Commanding specific
                #       attributes.
                v['os'] = 'unix'
                v['separator'] = ''

                kb.kb.append(*args)

示例#6

    def end(self):
        '''
        This method is called when the plugin wont be used anymore.

        The real job of this plugin is done here, where I will try to see if
        one of the error_500 responses were not identified as a vuln by some
        of my audit plugins
        '''
        all_vulns = kb.kb.get_all_vulns()
        all_vulns_tuples = [(v.get_uri(), v.get_dc()) for v in all_vulns]

        for request, error_500_response_id in self._error_500_responses:
            if (request.get_uri(), request.get_dc()) not in all_vulns_tuples:
                # Found a err 500 that wasnt identified !!!
                desc = 'An unidentified web application error (HTTP response'\
                       ' code 500) was found at: "%s". Enable all plugins and'\
                       ' try again, if the vulnerability still is not identified'\
                       ', please verify manually and report it to the w3af'\
                       ' developers.'
                desc = desc % request.get_url()

                v = Vuln('Unhandled error in web application',
                         desc, severity.MEDIUM, error_500_response_id,
                         self.get_name())

                v.set_uri(request.get_uri())

                self.kb_append_uniq(self, 'error_500', v, 'VAR')

        self._error_500_responses.cleanup()

示例#7

文件： ssn.py 项目： weisst/w3af

    def grep(self, request, response):
        '''
        Plugin entry point, find the SSN numbers.

        :param request: The HTTP request object.
        :param response: The HTTP response object
        :return: None.
        '''
        uri = response.get_uri()

        if response.is_text_or_html() and response.get_code() == 200 \
        and response.get_clear_text_body() is not None \
        and uri not in self._already_inspected:

            # Don't repeat URLs
            self._already_inspected.add(uri)

            found_ssn, validated_ssn = self._find_SSN(
                response.get_clear_text_body())
            if validated_ssn:
                desc = 'The URL: "%s" possibly discloses a US Social Security'\
                       ' Number: "%s".'
                desc = desc % (uri, validated_ssn)
                v = Vuln('US Social Security Number disclosure', desc,
                         severity.LOW, response.id, self.get_name())
                v.set_uri(uri)

                v.add_to_highlight(found_ssn)
                self.kb_append_uniq(self, 'ssn', v, 'URL')

示例#8

文件： svn_users.py 项目： Adastra-thw/w3af

    def grep(self, request, response):
        '''
        Plugin entry point.

        :param request: The HTTP request object.
        :param response: The HTTP response object
        :return: None, all results are saved in the kb.
        '''
        uri = response.get_uri()
        if response.is_text_or_html() and uri not in self._already_inspected:

            # Don't repeat URLs
            self._already_inspected.add(uri)

            for regex in self._regex_list:
                for m in regex.findall(response.get_body()):
                    user = m[0]
                    
                    desc = 'The URL: "%s" contains a SVN versioning signature'\
                           ' with the username "%s".'
                    desc = desc % (uri, user)
                    
                    v = Vuln('SVN user disclosure vulnerability', desc,
                             severity.LOW, response.id, self.get_name())

                    v.set_uri(uri)
                    v['user'] = user
                    v.add_to_highlight(user)
                    
                    self.kb_append_uniq(self, 'users', v, 'URL')

示例#9

文件： test_csv_file.py 项目： Adastra-thw/w3af

    def _from_csv_get_vulns(self):
        file_vulns = []

        vuln_reader = csv.reader(open(self.OUTPUT_FILE, 'rb'), delimiter=',',
                                 quotechar='|', quoting=csv.QUOTE_MINIMAL)

        for name, method, uri, var, dc, _id, desc in vuln_reader:
            v = Vuln(name, desc, 'High', json.loads(_id), 'TestCase')
            v.set_method(method)
            v.set_uri(URL(uri))
            v.set_var(var)
            v.set_dc(dc)

            file_vulns.append(v)

        return file_vulns

示例#10

    def _from_csv_get_vulns(self):
        file_vulns = []

        vuln_reader = csv.reader(open(self.OUTPUT_FILE, 'rb'),
                                 delimiter=',',
                                 quotechar='|',
                                 quoting=csv.QUOTE_MINIMAL)

        for name, method, uri, var, dc, _id, desc in vuln_reader:
            v = Vuln(name, desc, 'High', json.loads(_id), 'TestCase')
            v.set_method(method)
            v.set_uri(URL(uri))
            v.set_var(var)
            v.set_dc(dc)

            file_vulns.append(v)

        return file_vulns

示例#11

    def grep(self, request, response):
        '''
        Plugin entry point.

        :param request: The HTTP request object.
        :param response: The HTTP response object
        :return: None, all results are saved in the kb.
        '''
        try:
            dp = parser_cache.dpc.get_document_parser_for(response)
        except w3afException:
            return

        # Note:
        # - With parsed_references I'm 100% that it's really something in the
        #   HTML that the developer intended to add.
        #
        # - The re_references are the result of regular expressions, which in
        #   some cases are just false positives.
        #
        parsed_references, _ = dp.get_references()

        for ref in parsed_references:

            qs = ref.querystring

            for param_name in qs:
                # This for loop is to address the repeated parameter name issue
                for element_index in xrange(len(qs[param_name])):
                    if self._is_strange(request, param_name, qs[param_name][element_index])\
                    and (ref.uri2url(), param_name) not in self._already_reported:
                        # Don't repeat findings
                        self._already_reported.add((ref.uri2url(), param_name))

                        desc = 'The URI: "%s" has a parameter named: "%s"'\
                               ' with value: "%s", which is very uncommon.'\
                               ' and requires manual verification.'
                        desc = desc % (response.get_uri(), param_name,
                                       qs[param_name][element_index])

                        i = Info('Uncommon query string parameter', desc,
                                 response.id, self.get_name())
                        i.set_uri(ref)
                        i.set_var(param_name)
                        i['parameter_value'] = qs[param_name][element_index]
                        i.add_to_highlight(qs[param_name][element_index])

                        self.kb_append(self, 'strange_parameters', i)

                    # To find this kind of vulns
                    # http://thedailywtf.com/Articles/Oklahoma-
                    # Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-
                    # Sensitive-Data.aspx
                    if self._is_SQL(request, param_name, qs[param_name][element_index])\
                    and ref not in self._already_reported:

                        # Don't repeat findings
                        self._already_reported.add(ref)
                        desc = 'The URI: "%s" has a parameter named: "%s"'\
                               ' with value: "%s", which is a SQL query.'
                        desc = desc % (response.get_uri(), param_name,
                                       qs[param_name][element_index])
                        v = Vuln('Parameter has SQL sentence', desc,
                                 severity.LOW, response.id, self.get_name())
                        v.set_uri(ref)
                        v.set_var(param_name)
                        v['parameter_value'] = qs[param_name][element_index]

                        v.add_to_highlight(qs[param_name][element_index])
                        self.kb_append(self, 'strange_parameters', v)

示例#12

文件： strange_parameters.py 项目： Adastra-thw/w3af

    def grep(self, request, response):
        '''
        Plugin entry point.

        :param request: The HTTP request object.
        :param response: The HTTP response object
        :return: None, all results are saved in the kb.
        '''
        try:
            dp = parser_cache.dpc.get_document_parser_for(response)
        except w3afException:
            return

        # Note:
        # - With parsed_references I'm 100% that it's really something in the
        #   HTML that the developer intended to add.
        #
        # - The re_references are the result of regular expressions, which in
        #   some cases are just false positives.
        #
        parsed_references, _ = dp.get_references()

        for ref in parsed_references:

            qs = ref.querystring

            for param_name in qs:
                # This for loop is to address the repeated parameter name issue
                for element_index in xrange(len(qs[param_name])):
                    if self._is_strange(request, param_name, qs[param_name][element_index])\
                    and (ref.uri2url(), param_name) not in self._already_reported:
                        # Don't repeat findings
                        self._already_reported.add((ref.uri2url(), param_name))

                        desc = 'The URI: "%s" has a parameter named: "%s"'\
                               ' with value: "%s", which is very uncommon.'\
                               ' and requires manual verification.'
                        desc = desc % (response.get_uri(), param_name,
                                       qs[param_name][element_index])

                        i = Info('Uncommon query string parameter', desc,
                                 response.id, self.get_name())
                        i.set_uri(ref)
                        i.set_var(param_name)
                        i['parameter_value'] = qs[param_name][element_index]
                        i.add_to_highlight(qs[param_name][element_index])

                        self.kb_append(self, 'strange_parameters', i)

                    # To find this kind of vulns
                    # http://thedailywtf.com/Articles/Oklahoma-
                    # Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-
                    # Sensitive-Data.aspx
                    if self._is_SQL(request, param_name, qs[param_name][element_index])\
                    and ref not in self._already_reported:

                        # Don't repeat findings
                        self._already_reported.add(ref)
                        desc = 'The URI: "%s" has a parameter named: "%s"'\
                               ' with value: "%s", which is a SQL query.'
                        desc = desc % (response.get_uri(), param_name,
                                       qs[param_name][element_index])
                        v = Vuln('Parameter has SQL sentence', desc,
                                 severity.LOW, response.id, self.get_name())
                        v.set_uri(ref)
                        v.set_var(param_name)
                        v['parameter_value'] = qs[param_name][element_index]
                        
                        v.add_to_highlight(qs[param_name][element_index])
                        self.kb_append(self, 'strange_parameters', v)