def test_from_file(self):
failed_json_files = []
processed_files = []
for language in DBVuln.get_all_languages():
json_path = os.path.join(DBVuln.DB_PATH, language)
for _fname in os.listdir(json_path):
_file_path = os.path.join(json_path, _fname)
if os.path.isdir(_file_path):
continue
try:
DBVuln.LANG = language
dbv = DBVuln.from_file(_file_path)
except:
failed_json_files.append(_fname)
continue
processed_files.append(_fname)
self.assertIsInstance(dbv.title, basestring)
self.assertIsInstance(dbv.description, basestring)
self.assertIsInstance(dbv.id, int)
self.assertIsInstance(dbv.severity, basestring)
self.assertIsInstance(dbv.wasc, (type(None), list))
self.assertIsInstance(dbv.tags, (type(None), list))
self.assertIsInstance(dbv.cwe, (type(None), list))
self.assertIsInstance(dbv.owasp_top_10, (type(None), dict))
self.assertIsInstance(dbv.fix_effort, int)
self.assertIsInstance(dbv.fix_guidance, basestring)
for ref in dbv.references:
self.assertIsInstance(ref, Reference)
self.assertEqual(failed_json_files, [])
self.assertGreater(len(processed_files), 20)
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
#
# Fuzzer parameters
#
d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter'
opt = opt_factory('fuzz_cookies',
cf.cf.get('fuzz_cookies'),
d,
BOOL,
tabid='Fuzzer parameters')
ol.add(opt)
d = ('Indicates if w3af plugins will send payloads in the content of'
' multipart/post form files.')
h = ('If enabled, and multipart/post forms with files are found, w3af'
'will fill those file inputs with pseudo-files containing the'
'payloads required to identify vulnerabilities.')
opt = opt_factory('fuzz_form_files',
cf.cf.get('fuzz_form_files'),
d,
BOOL,
tabid='Fuzzer parameters',
help=h)
ol.add(opt)
d = (
'Indicates if w3af plugins will send fuzzed file names in order to'
' find vulnerabilities')
h = ('For example, if the discovered URL is http://test/filename.php,'
' and fuzz_url_filenames is enabled, w3af will request among'
' other things: http://test/file\'a\'a\'name.php in order to'
' find SQL injections. This type of vulns are getting more '
' common every day!')
opt = opt_factory('fuzz_url_filenames',
cf.cf.get('fuzz_url_filenames'),
d,
BOOL,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
desc = ('Indicates if w3af plugins will send fuzzed URL parts in order'
' to find vulnerabilities')
h = ('For example, if the discovered URL is http://test/foo/bar/123,'
' and fuzz_url_parts is enabled, w3af will request among other '
' things: http://test/bar/<script>alert(document.cookie)</script>'
' in order to find XSS.')
opt = opt_factory('fuzz_url_parts',
cf.cf.get('fuzz_url_parts'),
desc,
BOOL,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'Indicates the extension to use when fuzzing file content'
opt = opt_factory('fuzzed_files_extension',
cf.cf.get('fuzzed_files_extension'),
desc,
STRING,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'A list with all fuzzable header names'
opt = opt_factory('fuzzable_headers',
cf.cf.get('fuzzable_headers'),
desc,
LIST,
tabid='Fuzzer parameters')
ol.add(opt)
d = ('Indicates what HTML form combo values w3af plugins will use:'
' all, tb, tmb, t, b')
h = (
'Indicates what HTML form combo values, e.g. select options values,'
' w3af plugins will use: all (All values), tb (only top and bottom'
' values), tmb (top, middle and bottom values), t (top values), b'
' (bottom values).')
options = ['tmb', 'all', 'tb', 't', 'b']
opt = opt_factory('form_fuzzing_mode',
options,
d,
COMBO,
help=h,
tabid='Fuzzer parameters')
ol.add(opt)
#
# Core parameters
#
desc = 'Stop scan after first unhandled exception'
h = ('This feature is only useful for developers that want their scan'
' to stop on the first exception that is raised by a plugin.'
' Users should leave this as False in order to get better'
' exception handling from w3af\'s core.')
opt = opt_factory('stop_on_first_exception',
cf.cf.get('stop_on_first_exception'),
desc,
BOOL,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Maximum crawl time (minutes)'
h = ('Many users tend to enable numerous plugins without actually'
' knowing what they are and the potential time they will take'
' to run. By using this parameter, users will be able to set'
' the maximum amount of time the crawl phase will run.')
opt = opt_factory('max_discovery_time',
cf.cf.get('max_discovery_time'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Maximum scan time (minutes)'
h = ('Sets the maximum number of minutes for the scan to run. Use'
' zero to remove the limit.')
opt = opt_factory('max_scan_time',
cf.cf.get('max_scan_time'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for each URL sub-path'
h = ('Limit how many requests are performed for each URL sub-path'
' during crawling. For example, if the application links to'
' three products: /product/1 /product/2 and /product/3, and'
' this variable is set to two, only the first two URLs:'
' /product/1 and /product/2 will be crawled.')
opt = opt_factory('path_max_variants',
cf.cf.get('path_max_variants'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for each URL and parameter set'
h = ('Limit how many requests are performed for each URL and parameter'
' set. For example, if the application links to three products:'
' /product?id=1 , /product?id=2 and /product?id=3, and this'
' variable is set to two, only the first two URLs:'
' /product?id=1 and /product?id=2 will crawled.')
opt = opt_factory('params_max_variants',
cf.cf.get('params_max_variants'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for similar forms'
h = ('Limit the number of HTTP requests to be sent to similar forms'
' during crawling. For example, if the application has multiple'
' HTML forms with the same parameters and different URLs set in'
' actions then only the configured number of forms are crawled.')
opt = opt_factory('max_equal_form_variants',
cf.cf.get('max_equal_form_variants'),
desc,
INT,
help=h,
tabid='Core settings')
ol.add(opt)
#
# Network parameters
#
desc = ('Local interface name to use when sniffing, doing reverse'
' connections, etc.')
opt = opt_factory('interface',
cf.cf.get('interface'),
desc,
STRING,
tabid='Network settings')
ol.add(opt)
desc = 'Local IP address to use when doing reverse connections'
opt = opt_factory('local_ip_address',
cf.cf.get('local_ip_address'),
desc,
STRING,
tabid='Network settings')
ol.add(opt)
#
# URL and form exclusions
#
desc = 'A comma separated list of URLs that w3af should ignore'
h = 'No HTTP requests will be sent to these URLs'
opt = opt_factory('non_targets',
cf.cf.get('non_targets'),
desc,
URL_LIST,
help=h,
tabid='Exclusions')
ol.add(opt)
desc = 'Filter forms to scan using form IDs'
h = ('Form IDs allow the user to specify which forms will be either'
' included of excluded in the scan. The form IDs identified by'
' w3af will be written to the log (when verbose is set to true)'
' and can be used to define this setting for new scans.\n\n'
'Find more about form IDs in the "Advanced use cases" section'
'of the w3af documentation.')
opt = opt_factory('form_id_list',
cf.cf.get('form_id_list'),
desc,
FORM_ID_LIST,
help=h,
tabid='Exclusions')
ol.add(opt)
desc = 'Define the form_id_list filter behaviour'
h = (
'Change this setting to "include" if only a very specific set of'
' forms needs to be scanned. If forms matching the form_id_list'
' parameters need to be excluded then set this value to "exclude".'
)
form_id_actions = [EXCLUDE, INCLUDE]
tmp_list = form_id_actions[:]
tmp_list.remove(cf.cf.get('form_id_action'))
tmp_list.insert(0, cf.cf.get('form_id_action'))
opt = opt_factory('form_id_action',
tmp_list,
desc,
COMBO,
help=h,
tabid='Exclusions')
ol.add(opt)
#
# Metasploit
#
desc = ('Full path of Metasploit framework binary directory (%s in '
'most linux installs)' % cf.cf.get('msf_location'))
opt = opt_factory('msf_location',
cf.cf.get('msf_location'),
desc,
STRING,
tabid='Metasploit')
ol.add(opt)
#
# Language options
#
d = 'Set the language to use when reading from the vulnerability database'
h = (
'The vulnerability database stores descriptions, fix guidance, tags,'
' references and much more about each vulnerability the scanner can'
' identify. The database supports translations, so this information'
' can be in many languages. Use this setting to choose the language'
' in which the information will be displayed and stored in reports.'
)
options = DBVuln.get_all_languages()
opt = opt_factory('vulndb_language',
options,
d,
COMBO,
help=h,
tabid='Language')
ol.add(opt)
return ol
def get_options(self):
"""
:return: A list of option objects for this plugin.
"""
ol = OptionList()
#
# Fuzzer parameters
#
d = 'Indicates if w3af plugins will use cookies as a fuzzable parameter'
opt = opt_factory('fuzz_cookies', cf.cf.get('fuzz_cookies'), d, BOOL,
tabid='Fuzzer parameters')
ol.add(opt)
d = ('Indicates if w3af plugins will send payloads in the content of'
' multipart/post form files.')
h = ('If enabled, and multipart/post forms with files are found, w3af'
'will fill those file inputs with pseudo-files containing the'
'payloads required to identify vulnerabilities.')
opt = opt_factory('fuzz_form_files', cf.cf.get('fuzz_form_files'), d,
BOOL, tabid='Fuzzer parameters', help=h)
ol.add(opt)
d = ('Indicates if w3af plugins will send fuzzed file names in order to'
' find vulnerabilities')
h = ('For example, if the discovered URL is http://test/filename.php,'
' and fuzz_url_filenames is enabled, w3af will request among'
' other things: http://test/file\'a\'a\'name.php in order to'
' find SQL injections. This type of vulns are getting more '
' common every day!')
opt = opt_factory('fuzz_url_filenames', cf.cf.get('fuzz_url_filenames'),
d, BOOL, help=h, tabid='Fuzzer parameters')
ol.add(opt)
desc = ('Indicates if w3af plugins will send fuzzed URL parts in order'
' to find vulnerabilities')
h = ('For example, if the discovered URL is http://test/foo/bar/123,'
' and fuzz_url_parts is enabled, w3af will request among other '
' things: http://test/bar/<script>alert(document.cookie)</script>'
' in order to find XSS.')
opt = opt_factory('fuzz_url_parts', cf.cf.get('fuzz_url_parts'), desc,
BOOL, help=h, tabid='Fuzzer parameters')
ol.add(opt)
desc = 'Indicates the extension to use when fuzzing file content'
opt = opt_factory('fuzzed_files_extension',
cf.cf.get('fuzzed_files_extension'), desc, STRING,
tabid='Fuzzer parameters')
ol.add(opt)
desc = 'A list with all fuzzable header names'
opt = opt_factory('fuzzable_headers', cf.cf.get('fuzzable_headers'),
desc, LIST, tabid='Fuzzer parameters')
ol.add(opt)
d = ('Indicates what HTML form combo values w3af plugins will use:'
' all, tb, tmb, t, b')
h = ('Indicates what HTML form combo values, e.g. select options values,'
' w3af plugins will use: all (All values), tb (only top and bottom'
' values), tmb (top, middle and bottom values), t (top values), b'
' (bottom values).')
options = ['tmb', 'all', 'tb', 't', 'b']
opt = opt_factory('form_fuzzing_mode', options, d, COMBO, help=h,
tabid='Fuzzer parameters')
ol.add(opt)
#
# Core parameters
#
desc = 'Stop scan after first unhandled exception'
h = ('This feature is only useful for developers that want their scan'
' to stop on the first exception that is raised by a plugin.'
' Users should leave this as False in order to get better'
' exception handling from w3af\'s core.')
opt = opt_factory('stop_on_first_exception',
cf.cf.get('stop_on_first_exception'),
desc, BOOL, help=h, tabid='Core settings')
ol.add(opt)
desc = 'Maximum crawl time (minutes)'
h = ('Many users tend to enable numerous plugins without actually'
' knowing what they are and the potential time they will take'
' to run. By using this parameter, users will be able to set'
' the maximum amount of time the crawl phase will run.')
opt = opt_factory('max_discovery_time', cf.cf.get('max_discovery_time'),
desc, INT, help=h, tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for each URL sub-path'
h = ('Limit how many requests are performed for each URL sub-path'
' during crawling. For example, if the application links to'
' three products: /product/1 /product/2 and /product/3, and'
' this variable is set to two, only the first two URLs:'
' /product/1 and /product/2 will be crawled.')
opt = opt_factory('path_max_variants',
cf.cf.get('path_max_variants'),
desc, INT, help=h, tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for each URL and parameter set'
h = ('Limit how many requests are performed for each URL and parameter'
' set. For example, if the application links to three products:'
' /product?id=1 , /product?id=2 and /product?id=3, and this'
' variable is set to two, only the first two URLs:'
' /product?id=1 and /product?id=2 will crawled.')
opt = opt_factory('params_max_variants',
cf.cf.get('params_max_variants'),
desc, INT, help=h, tabid='Core settings')
ol.add(opt)
desc = 'Limit requests for similar forms'
h = ('Limit the number of HTTP requests to be sent to similar forms'
' during crawling. For example, if the application has multiple'
' HTML forms with the same parameters and different URLs set in'
' actions then only the configured number of forms are crawled.')
opt = opt_factory('max_equal_form_variants',
cf.cf.get('max_equal_form_variants'),
desc, INT, help=h, tabid='Core settings')
ol.add(opt)
#
# Network parameters
#
desc = ('Local interface name to use when sniffing, doing reverse'
' connections, etc.')
opt = opt_factory('interface', cf.cf.get('interface'), desc,
STRING, tabid='Network settings')
ol.add(opt)
desc = 'Local IP address to use when doing reverse connections'
opt = opt_factory('local_ip_address', cf.cf.get('local_ip_address'),
desc, STRING, tabid='Network settings')
ol.add(opt)
#
# URL and form exclusions
#
desc = 'A comma separated list of URLs that w3af should ignore'
h = 'No HTTP requests will be sent to these URLs'
opt = opt_factory('non_targets', cf.cf.get('non_targets'), desc,
URL_LIST, help=h, tabid='Exclusions')
ol.add(opt)
desc = 'Filter forms to scan using form IDs'
h = ('Form IDs allow the user to specify which forms will be either'
' included of excluded in the scan. The form IDs identified by'
' w3af will be written to the log (when verbose is set to true)'
' and can be used to define this setting for new scans.\n\n'
'Find more about form IDs in the "Advanced use cases" section'
'of the w3af documentation.')
opt = opt_factory('form_id_list', cf.cf.get('form_id_list'), desc,
FORM_ID_LIST, help=h, tabid='Exclusions')
ol.add(opt)
desc = 'Define the form_id_list filter behaviour'
h = ('Change this setting to "include" if only a very specific set of'
' forms needs to be scanned. If forms matching the form_id_list'
' parameters need to be excluded then set this value to "exclude".')
form_id_actions = [EXCLUDE, INCLUDE]
tmp_list = form_id_actions[:]
tmp_list.remove(cf.cf.get('form_id_action'))
tmp_list.insert(0, cf.cf.get('form_id_action'))
opt = opt_factory('form_id_action', tmp_list, desc,
COMBO, help=h, tabid='Exclusions')
ol.add(opt)
#
# Metasploit
#
desc = ('Full path of Metasploit framework binary directory (%s in '
'most linux installs)' % cf.cf.get('msf_location'))
opt = opt_factory('msf_location', cf.cf.get('msf_location'),
desc, STRING, tabid='Metasploit')
ol.add(opt)
#
# Language options
#
d = 'Set the language to use when reading from the vulnerability database'
h = ('The vulnerability database stores descriptions, fix guidance, tags,'
' references and much more about each vulnerability the scanner can'
' identify. The database supports translations, so this information'
' can be in many languages. Use this setting to choose the language'
' in which the information will be displayed and stored in reports.')
options = DBVuln.get_all_languages()
opt = opt_factory('vulndb_language', options, d, COMBO, help=h,
tabid='Language')
ol.add(opt)
return ol
