本文整理汇总了Python中w3af.core.data.kb.info.Info类的典型用法代码示例。如果您正苦于以下问题:Python Info类的具体用法?Python Info怎么用?Python Info使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Info类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: _check_user_dir
def _check_user_dir(self, mutated_url, user, user_desc, user_tag,
non_existent):
"""
Perform the request and compare with non_existent
:see _create_tests: For parameter description
:return: The HTTP response id if the mutated_url is a web user
directory, None otherwise.
"""
resp = self.http_get_and_parse(mutated_url)
path = mutated_url.get_path()
response_body = resp.get_body().replace(path, '')
if fuzzy_not_equal(response_body, non_existent, 0.7):
# Avoid duplicates
known_users = [u['user'] for u in kb.kb.get('user_dir', 'users')]
if user in known_users:
return
# Save the finding to the KB
desc = 'An operating system user directory was found at: "%s"'
desc = desc % resp.get_url()
i = Info('Web user home directory', desc, resp.id, self.get_name())
i.set_url(resp.get_url())
i['user'] = user
i['user_desc'] = user_desc
i['user_tag'] = user_tag
self.kb_append_uniq(self, 'users', i)
# Analyze if we can get more information from this finding
self._analyze_finding(i)
开发者ID:aricciard,项目名称:w3af,代码行数:35,代码来源:user_dir.py
示例2: grep
def grep(self, request, response):
"""
Check if HTTPS responses have the Strict-Transport-Security header set.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if self._reports > MAX_REPORTS:
return
if request.get_url().get_protocol() != 'https':
return
sts_header_value, _ = response.get_headers().iget(STS_HEADER, None)
if sts_header_value is not None:
return
self._reports += 1
desc = 'The web server uses HTTPS but does not set the '\
' Strict-Transport-Security header.'
i = Info('Missing Strict Transport Security header', desc,
response.id, self.get_name())
i.set_url(response.get_url())
i[STSInfoSet.ITAG] = response.get_url().get_domain()
self.kb_append_uniq_group(self, 'strict_transport_security', i,
group_klass=STSInfoSet)
开发者ID:0x554simon,项目名称:w3af,代码行数:29,代码来源:strict_transport_security.py
示例3: grep
def grep(self, request, response):
"""
Plugin entry point.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if not response.is_text_or_html():
return
if not self.symfony_detected(response):
return
if self.has_csrf_token(response):
return
desc = ('The URL: "%s" seems to be generated by the Symfony framework'
' and contains a form that has CSRF protection disabled.')
desc %= response.get_url()
i = Info('Symfony Framework with CSRF protection disabled',
desc, response.id, self.get_name())
i.set_url(response.get_url())
self.kb_append_uniq(self, 'symfony', i, 'URL')
开发者ID:0x554simon,项目名称:w3af,代码行数:25,代码来源:symfony.py
示例4: grep
def grep(self, request, response):
"""
Check if all responses have X-Content-Type-Options header set
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if self._reports > MAX_REPORTS:
return
ct_options_value, _ = response.get_headers().iget(CT_OPTIONS_HEADER, None)
if ct_options_value is not None:
if ct_options_value.strip().lower() == NOSNIFF:
return
self._reports += 1
desc = 'The URL "%s" returned an HTTP response without the' \
' recommended HTTP header X-Content-Type-Options'
desc %= response.get_url()
i = Info('Missing X-Content-Type-Options header', desc,
response.id, self.get_name())
i.set_url(response.get_url())
i[CTSniffingInfoSet.ITAG] = response.get_url().get_domain()
self.kb_append_uniq_group(self, 'content_sniffing', i,
group_klass=CTSniffingInfoSet)
开发者ID:0x554simon,项目名称:w3af,代码行数:29,代码来源:content_sniffing.py
示例5: grep
def grep(self, request, response):
"""
Plugin entry point, verify if the HTML has a form with file uploads.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
url = response.get_url()
for tag in mp_doc_parser.get_tags_by_filter(response, ('input',)):
input_type = tag.attrib.get('type', None)
if input_type is None:
continue
if input_type.lower() != 'file':
continue
msg = 'A form which allows file uploads was found at "%s"'
msg %= url
i = Info('File upload form', msg, response.id, self.get_name())
i.set_url(url)
self.kb_append_uniq(self, 'file_upload', i, 'URL')
开发者ID:0x554simon,项目名称:w3af,代码行数:29,代码来源:file_upload.py
示例6: _lowest_privilege_test
def _lowest_privilege_test(self, response):
regex_str = 'User/Group </td><td class="v">(.*?)\((\d.*?)\)/(\d.*?)</td>'
lowest_privilege_test = re.search(regex_str, response.get_body(), re.I)
if lowest_privilege_test:
lpt_uname = lowest_privilege_test.group(1)
lpt_uid = lowest_privilege_test.group(2)
lpt_uid = int(lpt_uid)
lpt_gid = lowest_privilege_test.group(3)
if lpt_uid < 99 or lpt_gid < 99 or \
re.match('root|apache|daemon|bin|operator|adm', lpt_uname, re.I):
desc = 'phpinfo()::PHP may be executing as a higher privileged'\
' group. Username: %s, UserID: %s, GroupID: %s.'
desc = desc % (lpt_uname, lpt_uid, lpt_gid)
v = Vuln('PHP lowest_privilege_test:fail', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
else:
lpt_name = 'privilege:' + lpt_uname
lpt_desc = 'phpinfo()::PHP is executing under '
lpt_desc += 'username: ' + lpt_uname + ', '
lpt_desc += 'userID: ' + str(lpt_uid) + ', '
lpt_desc += 'groupID: ' + lpt_gid
i = Info(lpt_name, lpt_desc, response.id, self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', i)
om.out.information(i.get_desc())
开发者ID:everping,项目名称:w3af,代码行数:32,代码来源:phpinfo.py
示例7: _fingerprint_data
def _fingerprint_data(self, domain_path, wp_unique_url, response):
"""
Find wordpress version from data
"""
for wp_fingerprint in self._get_wp_fingerprints():
# The URL in the XML is relative AND it has two different variables
# that we need to replace:
# $wp-content$ -> wp-content/
# $wp-plugins$ -> wp-content/plugins/
path = wp_fingerprint.filepath
path = path.replace('$wp-content$', 'wp-content/')
path = path.replace('$wp-plugins$', 'wp-content/plugins/')
test_url = domain_path.url_join(path)
response = self._uri_opener.GET(test_url, cache=True)
response_hash = hashlib.md5(response.get_body()).hexdigest()
if response_hash == wp_fingerprint.hash:
version = wp_fingerprint.version
# Save it to the kb!
desc = 'WordPress version "%s" fingerprinted by matching known md5'\
' hashes to HTTP responses of static resources available at'\
' the remote WordPress install.'
desc = desc % version
i = Info('Fingerprinted Wordpress version', desc, response.id,
self.get_name())
i.set_url(test_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
break
开发者ID:3rdDegree,项目名称:w3af,代码行数:35,代码来源:wordpress_fingerprint.py
示例8: grep
def grep(self, request, response):
"""
Analyze if the HTTP response reason messages are strange.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
response_code = response.get_code()
msg_list = W3C_REASONS.get(response_code, None)
if msg_list is None:
return
response_reason = response.get_msg().lower()
if response_reason in msg_list:
# It's common, nothing to do here.
return
# Create a new info object from scratch and save it to the kb:
desc = "The remote Web server sent a strange HTTP reason" 'message "%s", manual inspection is recommended.'
desc = desc % response.get_msg()
i = Info("Strange HTTP Reason message", desc, response.id, self.get_name())
i.set_url(response.get_url())
i.add_to_highlight(response.get_msg())
i[StrangeHeaderInfoSet.ITAG] = response.get_msg()
self.kb_append_uniq_group(self, "strange_reason", i, group_klass=StrangeHeaderInfoSet)
开发者ID:delta24,项目名称:w3af,代码行数:30,代码来源:strange_reason.py
示例9: grep
def grep(self, request, response):
"""
Plugin entry point, find feeds.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
dom = response.get_dom()
uri = response.get_uri()
# In some strange cases, we fail to normalize the document
if dom is None:
return
# Find all feed tags
element_list = self._tag_xpath(dom)
for element in element_list:
feed_tag = element.tag
feed_type = self._feed_types[feed_tag.lower()]
version = element.attrib.get('version', 'unknown')
fmt = 'The URL "%s" is a %s version %s feed.'
desc = fmt % (uri, feed_type, version)
i = Info('Content feed resource', desc, response.id,
self.get_name())
i.set_uri(uri)
i.add_to_highlight(feed_type)
self.kb_append_uniq(self, 'feeds', i, 'URL')
开发者ID:3rdDegree,项目名称:w3af,代码行数:32,代码来源:feeds.py
示例10: grep
def grep(self, request, response):
"""
Plugin entry point, verify if the HTML has a form with file uploads.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
dom = response.get_dom()
url = response.get_url()
# In some strange cases, we fail to normalize the document
if dom is not None:
# Loop through file inputs tags
for input_file in self._file_input_xpath(dom):
msg = 'The URL: "%s" has form with file upload capabilities.'
msg = msg % url
i = Info('File upload form', msg, response.id,
self.get_name())
i.set_url(url)
to_highlight = etree.tostring(input_file)
i.add_to_highlight(to_highlight)
self.kb_append_uniq(self, 'file_upload', i, 'URL')
开发者ID:3rdDegree,项目名称:w3af,代码行数:29,代码来源:file_upload.py
示例11: _analyze_author
def _analyze_author(self, response, frontpage_author):
"""
Analyze the author URL.
:param response: The http response object for the _vti_inf file.
:param frontpage_author: A regex match object.
:return: None. All the info is saved to the kb.
"""
author_location = response.get_url().get_domain_path().url_join(
frontpage_author.group(1))
# Check for anomalies in the location of author.exe
if frontpage_author.group(1) != '_vti_bin/_vti_aut/author.exe':
name = 'Customized frontpage configuration'
desc = 'The FPAuthorScriptUrl is at: "%s" instead of the default'\
' location: "/_vti_bin/_vti_adm/author.exe". This is very'\
' uncommon.'
desc = desc % author_location
else:
name = 'FrontPage FPAuthorScriptUrl'
desc = 'The FPAuthorScriptUrl is at: "%s".'
desc = desc % author_location
i = Info(name, desc, response.id, self.get_name())
i.set_url(author_location)
i['FPAuthorScriptUrl'] = author_location
kb.kb.append(self, 'frontpage_version', i)
om.out.information(i.get_desc())
开发者ID:0x554simon,项目名称:w3af,代码行数:31,代码来源:frontpage_version.py
示例12: _do_request
def _do_request(self, url, mutant):
"""
Perform a simple GET to see if the result is an error or not, and then
run the actual fuzzing.
"""
response = self._uri_opener.GET(
mutant, cache=True, headers=self._headers)
if not (is_404(response) or
response.get_code() in (403, 401) or
self._return_without_eval(mutant)):
# Create the fuzzable request and send it to the core
fr = FuzzableRequest.from_http_response(response)
self.output_queue.put(fr)
#
# Save it to the kb (if new)!
#
if response.get_url() not in self._seen and response.get_url().get_file_name():
desc = 'A potentially interesting file was found at: "%s".'
desc = desc % response.get_url()
i = Info('Potentially interesting file', desc, response.id,
self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'files', i)
om.out.information(i.get_desc())
# Report only once
self._seen.add(response.get_url())
开发者ID:andresriancho,项目名称:w3af-kali,代码行数:32,代码来源:url_fuzzer.py
示例13: _fingerprint_meta
def _fingerprint_meta(self, domain_path, wp_unique_url, response):
"""
Check if the wp version is in index header
"""
# Main scan URL passed from w3af + wp index page
wp_index_url = domain_path.url_join('index.php')
response = self._uri_opener.GET(wp_index_url, cache=True)
# Find the string in the response html
find = '<meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" />'
m = re.search(find, response.get_body())
# If string found, group version
if m:
version = m.group(1)
# Save it to the kb!
desc = 'WordPress version "%s" found in the index header.'
desc = desc % version
i = Info('Fingerprinted Wordpress version', desc, response.id,
self.get_name())
i.set_url(wp_index_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
开发者ID:3rdDegree,项目名称:w3af,代码行数:26,代码来源:wordpress_fingerprint.py
示例14: discover
def discover(self, fuzzable_request):
"""
Checks if JBoss Interesting Directories exist in the target server.
Also verifies some vulnerabilities.
"""
base_url = fuzzable_request.get_url().base_url()
args_iter = izip(repeat(base_url), self.JBOSS_VULNS)
otm_send_request = one_to_many(self.send_request)
response_pool = self.worker_pool.imap_unordered(otm_send_request,
args_iter)
for vuln_db_instance, response in response_pool:
if is_404(response):
continue
vuln_url = base_url.url_join(vuln_db_instance['url'])
name = vuln_db_instance['name']
desc = vuln_db_instance['desc']
if vuln_db_instance['type'] == 'info':
o = Info(name, desc, response.id, self.get_name())
else:
o = Vuln(name, desc, severity.LOW, response.id, self.get_name())
o.set_url(vuln_url)
kb.kb.append(self, 'find_jboss', o)
for fr in self._create_fuzzable_requests(response):
self.output_queue.put(fr)
开发者ID:3rdDegree,项目名称:w3af,代码行数:31,代码来源:find_jboss.py
示例15: test_to_json
def test_to_json(self):
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
i['test'] = 'foo'
i.add_to_highlight('abc', 'def')
iset = InfoSet([i])
jd = iset.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd['name'], iset.get_name())
self.assertEqual(jd['url'], str(iset.get_url()))
self.assertEqual(jd['var'], iset.get_token_name())
self.assertEqual(jd['response_ids'], iset.get_id())
self.assertEqual(jd['vulndb_id'], iset.get_vulndb_id())
self.assertEqual(jd['desc'], iset.get_desc(with_id=False))
self.assertEqual(jd['long_description'], iset.get_long_description())
self.assertEqual(jd['fix_guidance'], iset.get_fix_guidance())
self.assertEqual(jd['fix_effort'], iset.get_fix_effort())
self.assertEqual(jd['tags'], iset.get_tags())
self.assertEqual(jd['wasc_ids'], iset.get_wasc_ids())
self.assertEqual(jd['wasc_urls'], list(iset.get_wasc_urls()))
self.assertEqual(jd['cwe_urls'], list(iset.get_cwe_urls()))
self.assertEqual(jd['references'], BLIND_SQLI_REFS)
self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd['plugin_name'], iset.get_plugin_name())
self.assertEqual(jd['severity'], iset.get_severity())
self.assertEqual(jd['attributes'], iset.first_info.copy())
self.assertEqual(jd['highlight'], list(iset.get_to_highlight()))
开发者ID:BioSoundSystems,项目名称:w3af,代码行数:32,代码来源:test_info_set.py
示例16: grep
def grep(self, request, response):
"""
Check if the header names are common or not
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
# Check for protocol anomalies
self._content_location_not_300(request, response)
# Check header names
for header_name in response.get_headers().keys():
if header_name.upper() in self.COMMON_HEADERS:
continue
# Create a new info object and save it to the KB
hvalue = response.get_headers()[header_name]
desc = 'The remote web server sent the HTTP header: "%s"'\
' with value: "%s", which is quite uncommon and'\
' requires manual analysis.'
desc = desc % (header_name, hvalue)
i = Info('Strange header', desc, response.id, self.get_name())
i.add_to_highlight(hvalue, header_name)
i.set_url(response.get_url())
i[StrangeHeaderInfoSet.ITAG] = header_name
i['header_value'] = hvalue
self.kb_append_uniq_group(self, 'strange_headers', i,
group_klass=StrangeHeaderInfoSet)
开发者ID:0x554simon,项目名称:w3af,代码行数:32,代码来源:strange_headers.py
示例17: end
def end(self):
"""
This method is called when the plugin wont be used anymore.
"""
all_findings = kb.kb.get_all_findings()
for title, desc, _id, url, highlight in self._potential_vulns:
for info in all_findings:
# This makes sure that if the sqli plugin found a vulnerability
# in the same URL as we found a detailed error, we won't report
# the detailed error.
#
# If the user fixes the sqli vulnerability and runs the scan again
# most likely the detailed error will disappear too. If the sqli
# vulnerability disappears and this one remains, it will appear
# as a new vulnerability in the second scan.
if info.get_url() == url:
break
else:
i = Info(title, desc, _id, self.get_name())
i.set_url(url)
i.add_to_highlight(highlight)
self.kb_append_uniq(self, 'error_page', i)
self._potential_vulns.cleanup()
开发者ID:everping,项目名称:w3af,代码行数:26,代码来源:error_pages.py
示例18: _force_disclosures
def _force_disclosures(self, domain_path, potentially_vulnerable_paths):
"""
:param domain_path: The path to wordpress' root directory
:param potentially_vulnerable_paths: A list with the paths I'll URL-join
with @domain_path, GET and parse.
"""
for pvuln_path in potentially_vulnerable_paths:
pvuln_url = domain_path.url_join(pvuln_path)
response = self._uri_opener.GET(pvuln_url, cache=True)
if is_404(response):
continue
response_body = response.get_body()
if 'Fatal error: ' in response_body:
desc = 'Analyze the HTTP response body to find the full path'\
' where wordpress was installed.'
i = Info('WordPress path disclosure', desc, response.id,
self.get_name())
i.set_url(pvuln_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
break
开发者ID:foobarmonk,项目名称:w3af,代码行数:25,代码来源:wordpress_fullpathdisclosure.py
示例19: grep
def grep(self, request, response):
"""
Plugin entry point. Analyze if the HTTP response codes are strange.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if response.get_code() in self.COMMON_HTTP_CODES:
return
# Create a new info object from scratch and save it to the kb
desc = ('The remote Web server sent a strange HTTP response code:'
' "%s" with the message: "%s", manual inspection is'
' recommended.')
desc %= (response.get_code(), response.get_msg())
i = Info('Strange HTTP response code',
desc, response.id, self.get_name())
i.add_to_highlight(str(response.get_code()), response.get_msg())
i.set_url(response.get_url())
i[StrangeCodesInfoSet.ITAG] = response.get_code()
i['message'] = response.get_msg()
self.kb_append_uniq_group(self, 'strange_http_codes', i,
group_klass=StrangeCodesInfoSet)
开发者ID:0x554simon,项目名称:w3af,代码行数:26,代码来源:strange_http_codes.py
示例20: verify_found
def verify_found(self, vulnerability_names):
"""
Runs the scan and verifies that the vulnerability with the specified
name was found.
:param vulnerability_names: The names of the vulnerabilities to be found
:return: None. Will raise assertion if fails
"""
# Setup requirements
desc = 'The URL: "%s" uses HTML5 websocket "%s"'
desc %= (self.target_url, self.target_url)
i = Info('HTML5 WebSocket detected', desc, 1, 'websockets_links')
i.set_url(URL(self.target_url))
i[WebSocketInfoSet.ITAG] = self.target_url
# Store found links
info_set = WebSocketInfoSet([i])
self.kb.append('websockets_links', 'websockets_links', i, info_set)
# Run the plugin
cfg = RUN_CONFIG['cfg']
self._scan(self.target_url, cfg['plugins'])
# Assert
vulns = self.kb.get('websocket_hijacking', 'websocket_hijacking')
self.assertEqual(vulnerability_names, [v.get_name() for v in vulns])
开发者ID:0x554simon,项目名称:w3af,代码行数:27,代码来源:test_websocket_hijacking.py
注:本文中的w3af.core.data.kb.info.Info类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论