def __init__(self): OutputPlugin.__init__(self) # These attributes hold the file pointers self._file = None # User configured parameters self._file_name = '~/report.xml' self._timeFormat = '%a %b %d %H:%M:%S %Y' self._longTimestampString = str( time.strftime(self._timeFormat, time.localtime())) self._timestampString = str(int(time.time())) # List with additional xml elements self._errorXML = [] # xml self._xmldoc = xml.dom.minidom.Document() self._topElement = self._xmldoc.createElement("w3afrun") self._topElement.setAttribute("start", self._timestampString) self._topElement.setAttribute("startstr", self._longTimestampString) self._topElement.setAttribute("xmloutputversion", "2.0") # Add in the version details version_element = self._xmldoc.createElement("w3af-version") version_data = self._xmldoc.createTextNode( str(get_w3af_version.get_w3af_version())) version_element.appendChild(version_data) self._topElement.appendChild(version_element) self._scanInfo = self._xmldoc.createElement("scaninfo") # HistoryItem to get requests/responses self._history = HistoryItem()
def __init__(self): OutputPlugin.__init__(self) # These attributes hold the file pointers self._file = None # User configured parameters self._file_name = '~/report.xml' self._timestamp = str(int(time.time())) self._long_timestamp = str(time.strftime(TIME_FORMAT, time.localtime())) # List with additional xml elements self._errorXML = [] # xml root self._xmldoc = xml.dom.minidom.Document() self._topElement = self._xmldoc.createElement('w3af-run') self._topElement.setAttribute('start', self._timestamp) self._topElement.setAttribute('start-long', self._long_timestamp) self._topElement.setAttribute('version', self.XML_OUTPUT_VERSION) # Add in the version details version_element = self._xmldoc.createElement('w3af-version') version = xml_str(get_w3af_version.get_w3af_version()) version_data = self._xmldoc.createTextNode(version) version_element.appendChild(version_data) self._topElement.appendChild(version_element) self._scaninfo = self._xmldoc.createElement('scan-info') # HistoryItem to get requests/responses self._history = HistoryItem()
def __init__(self): OutputPlugin.__init__(self) # These attributes hold the file pointers self._file = None # User configured parameters self._file_name = '~/report.xml' self._timeFormat = '%a %b %d %H:%M:%S %Y' self._longTimestampString = str( time.strftime(self._timeFormat, time.localtime())) self._timestampString = str(int(time.time())) # List with additional xml elements self._errorXML = [] # xml self._xmldoc = xml.dom.minidom.Document() self._topElement = self._xmldoc.createElement("w3afrun") self._topElement.setAttribute("start", self._timestampString) self._topElement.setAttribute("startstr", self._longTimestampString) self._topElement.setAttribute("xmloutputversion", "2.0") # Add in the version details version_element = self._xmldoc.createElement("w3af-version") version_data = self._xmldoc.createTextNode( str(get_w3af_version.get_w3af_version())) version_element.appendChild(version_data) self._topElement.appendChild(version_element) self._scanInfo = self._xmldoc.createElement("scaninfo") # HistoryItem to get requests/responses self._history = HistoryItem()
def __init__(self): OutputPlugin.__init__(self) # These attributes hold the file pointers self._file = None # User configured parameters self._file_name = '~/report.xml' self._timestamp = str(int(time.time())) self._long_timestamp = str(time.strftime(TIME_FORMAT, time.localtime())) # List with additional xml elements self._errorXML = [] # xml root self._xmldoc = xml.dom.minidom.Document() self._topElement = self._xmldoc.createElement('w3af-run') self._topElement.setAttribute('start', self._timestamp) self._topElement.setAttribute('start-long', self._long_timestamp) self._topElement.setAttribute('version', self.XML_OUTPUT_VERSION) # Add in the version details version_element = self._xmldoc.createElement('w3af-version') version = xml_str(get_w3af_version.get_w3af_version()) version_data = self._xmldoc.createTextNode(version) version_element.appendChild(version_data) self._topElement.appendChild(version_element) self._scaninfo = self._xmldoc.createElement('scan-info') # HistoryItem to get requests/responses self._history = HistoryItem()
def get_versions(): try: import gtk except ImportError: gtk_version = 'No GTK module installed' pygtk_version = 'No GTK module installed' else: gtk_version = '.'.join(str(x) for x in gtk.gtk_version) pygtk_version = '.'.join(str(x) for x in gtk.pygtk_version) # String containing the versions for python, gtk and pygtk versions = (' Python version: %s\n' ' Platform: %s\n' ' GTK version: %s\n' ' PyGTK version: %s\n' ' w3af version:\n %s') w3af_version = '\n '.join(get_w3af_version().split('\n')) versions = versions % (sys.version.replace('\n', ''), get_platform_dist(), gtk_version, pygtk_version, w3af_version) return versions
def get_versions(): try: import gtk except ImportError: gtk_version = 'No GTK module installed' pygtk_version = 'No GTK module installed' else: gtk_version = '.'.join(str(x) for x in gtk.gtk_version) pygtk_version = '.'.join(str(x) for x in gtk.pygtk_version) # String containing the versions for python, gtk and pygtk versions = (' Python version: %s\n' ' Platform: %s\n' ' GTK version: %s\n' ' PyGTK version: %s\n' ' w3af version:\n %s') w3af_version = '\n '.join(get_w3af_version().split('\n')) versions = versions % (sys.version.replace('\n', ''), get_platform_dist(), gtk_version, pygtk_version, w3af_version) return versions
def _create_root_xml_elems(self): # XML root self._xml = xml.dom.minidom.Document() # The scan tag, with all vulnerabilities as child self._top_elem = self._xml.createElement('w3af-run') self._top_elem.setAttribute('start', self._timestamp) self._top_elem.setAttribute('start-long', self._long_timestamp) self._top_elem.setAttribute('version', self.XML_OUTPUT_VERSION) # Add in the version details version_element = self._xml.createElement('w3af-version') version = xml_str(get_w3af_version.get_w3af_version()) version_data = self._xml.createTextNode(version) version_element.appendChild(version_data) self._top_elem.appendChild(version_element)
def _create_root_xml_elems(self): # XML root self._xml = xml.dom.minidom.Document() # The scan tag, with all vulnerabilities as child self._top_elem = self._xml.createElement('w3af-run') self._top_elem.setAttribute('start', self._timestamp) self._top_elem.setAttribute('start-long', self._long_timestamp) self._top_elem.setAttribute('version', self.XML_OUTPUT_VERSION) # Add in the version details version_element = self._xml.createElement('w3af-version') version = xml_str(get_w3af_version.get_w3af_version()) version_data = self._xml.createTextNode(version) version_element.appendChild(version_data) self._top_elem.appendChild(version_element)
def get_versions(): try: import gtk except ImportError: gtk_version = "No GTK module installed" pygtk_version = "No GTK module installed" else: gtk_version = ".".join(str(x) for x in gtk.gtk_version) pygtk_version = ".".join(str(x) for x in gtk.pygtk_version) # String containing the versions for python, gtk and pygtk versions = " Python version: %s\n" " GTK version: %s\n" " PyGTK version: %s\n" " w3af version:\n %s" w3af_version = "\n ".join(get_w3af_version().split("\n")) versions = versions % (sys.version.replace("\n", ""), gtk_version, pygtk_version, w3af_version) return versions
def _cmd_version(self, params): """ Show the w3af version and exit """ om.out.console(get_w3af_version())
def _add_root_info_to_context(self, context): context.start_timestamp = self._timestamp context.start_time_long = self._long_timestamp context.xml_version = self.XML_OUTPUT_VERSION context.w3af_version = get_w3af_version.get_w3af_version()
def _cmd_version(self, params): """ Show the w3af version and exit """ om.out.console(get_w3af_version())
def test_trivial(self): self.assertIn(get_minimalistic_version(), get_w3af_version())
"POST data": base64.b64encode(info.get_mutant().get_data()), "Vulnerability IDs": info.get_id(), "CWE IDs": getattr(info, "cwe_ids", []), "WASC IDs": getattr(info, "wasc_ids", []), "Tags": getattr(info, "tags", []), "VulnDB ID": info.get_vulndb_id(), "Description": info.get_desc()} items.append(item) except Exception, e: msg = ('An exception was raised while trying to write the ' ' vulnerabilities to the output file. Exception: "%s"') om.out.error(msg % e) output_handler.close() return res = {'w3af-version': get_w3af_version.get_w3af_version(), 'scan-info': {'target_urls': target_urls, 'target_domain': target_domain, 'enabled_plugins': enabled_plugins, 'findings': findings, 'known_urls': known_urls}, 'start': self._timestamp, 'start-long': self._long_timestamp, 'items': items} json.dump(res, output_handler, indent=4) output_handler.close() def get_long_desc(self): """
class json_file(OutputPlugin): """ Export identified vulnerabilities to a JSON file. :author: jose nazario ([email protected]) """ def __init__(self): OutputPlugin.__init__(self) self.output_file = '~/output-w3af.json' self._timestamp = str(int(time.time())) self._long_timestamp = str(time.strftime(TIME_FORMAT, time.localtime())) # Set defaults for scan metadata self._plugins_dict = {} self._options_dict = {} self._enabled_plugins = {} def do_nothing(self, *args, **kwargs): pass debug = log_http = vulnerability = do_nothing information = error = console = do_nothing def end(self): self.flush() def log_enabled_plugins(self, plugins_dict, options_dict): """ This method is called from the output manager object. This method should take an action for the enabled plugins and their configuration. Usually, write the info to a file or print it somewhere. :param plugins_dict: A dict with all the plugin types and the enabled plugins for that type of plugin. :param options_dict: A dict with the options for every plugin. """ # TODO: Improve so it contains the plugin configuration too for plugin_type, enabled in plugins_dict.iteritems(): self._enabled_plugins[plugin_type] = enabled def flush(self): """ Exports the vulnerabilities and information to the user configured file. """ self.output_file = os.path.expanduser(self.output_file) try: output_handler = file(self.output_file, 'wb') except IOError, ioe: msg = 'Failed to open the output file for writing: "%s"' om.out.error(msg % ioe) return target_urls = [t.url_string for t in cf.cf.get('targets')] target_domain = 'unknown' if cf.cf.get('target_domains'): target_domain = cf.cf.get('target_domains')[0] enabled_plugins = self._enabled_plugins def _get_desc(x): try: return x._desc except AttributeError: return None findings = filter( None, [_get_desc(x) for x in kb.kb.get_all_findings_iter()]) known_urls = [str(x) for x in kb.kb.get_all_known_urls()] items = [] for info in kb.kb.get_all_findings_iter(): try: item = { "Severity": info.get_severity(), "Name": info.get_name(), "HTTP method": info.get_method(), "URL": str(info.get_url()), "Vulnerable parameter": info.get_token_name(), "POST data": base64.b64encode(info.get_mutant().get_data()), "Vulnerability IDs": info.get_id(), "CWE IDs": getattr(info, "cwe_ids", []), "WASC IDs": getattr(info, "wasc_ids", []), "Tags": getattr(info, "tags", []), "VulnDB ID": info.get_vulndb_id(), "Description": info.get_desc() } items.append(item) except Exception as e: msg = ('An exception was raised while trying to write the ' ' vulnerabilities to the output file. Exception: "%s"') om.out.error(msg % e) output_handler.close() return res = { 'w3af-version': get_w3af_version.get_w3af_version(), 'scan-info': { 'target_urls': target_urls, 'target_domain': target_domain, 'enabled_plugins': enabled_plugins, 'findings': findings, 'known_urls': known_urls }, 'start': self._timestamp, 'start-long': self._long_timestamp, 'items': items } json.dump(res, output_handler, indent=4) output_handler.close()
def _add_root_info_to_context(self, context): context.start_timestamp = self._timestamp context.start_time_long = self._long_timestamp context.xml_version = self.XML_OUTPUT_VERSION context.w3af_version = get_w3af_version.get_w3af_version()
"POST data": base64.b64encode(info.get_mutant().get_data()), "Vulnerability IDs": info.get_id(), "CWE IDs": getattr(info, "cwe_ids", []), "WASC IDs": getattr(info, "wasc_ids", []), "Tags": getattr(info, "tags", []), "VulnDB ID": info.get_vulndb_id(), "Description": info.get_desc()} items.append(item) except Exception, e: msg = ('An exception was raised while trying to write the ' ' vulnerabilities to the output file. Exception: "%s"') om.out.error(msg % e) output_handler.close() return res = {'w3af-version': get_w3af_version.get_w3af_version(), 'scan-info': {'target_urls': target_urls, 'target_domain': target_domain, 'enabled_plugins': enabled_plugins, 'findings': findings, 'known_urls': known_urls}, 'start': self._timestamp, 'start-long': self._long_timestamp, 'items': items} json.dump(res, output_handler, indent=4) output_handler.close() def get_long_desc(self): """