本文整理汇总了Python中w3af.core.data.fuzzer.fuzzer.create_mutants函数的典型用法代码示例。如果您正苦于以下问题:Python create_mutants函数的具体用法?Python create_mutants怎么用?Python create_mutants使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了create_mutants函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: _with_echo
def _with_echo(self, freq, orig_response, debugging_id):
"""
Tests an URL for OS Commanding vulnerabilities using cat/type to write
the content of a known file (i.e. /etc/passwd) to the HTML.
:param freq: A FuzzableRequest
"""
# Prepare the strings to create the mutants
command_list = self._get_echo_commands()
only_command_strings = [v.get_command() for v in command_list]
# Create the mutants, notice that we use append=False (default) and
# True to have better coverage.
mutants = create_mutants(freq,
only_command_strings,
orig_resp=orig_response)
mutants.extend(create_mutants(freq,
only_command_strings,
orig_resp=orig_response,
append=True))
self._send_mutants_in_threads(self._uri_opener.send_mutant,
mutants,
self._analyze_echo,
debugging_id=debugging_id)
开发者ID:foobarmonk,项目名称:w3af,代码行数:25,代码来源:os_commanding.py
示例2: _generate_delay_tests
def _generate_delay_tests(self, freq, debugging_id):
fake_mutants = create_mutants(freq, ['', ])
fake_mutants.extend(create_mutants(freq, ['', ], append=True))
for mutant in fake_mutants:
#
# Don't try to find an OS commanding using a time delay method
# if we already found it via echo
#
if self._has_bug(mutant):
return
for delay_obj in self._get_wait_commands():
yield mutant, delay_obj, debugging_id
开发者ID:foobarmonk,项目名称:w3af,代码行数:14,代码来源:os_commanding.py
示例3: test_urlparts_filename_path_qs
def test_urlparts_filename_path_qs(self):
cf_singleton.save('fuzzable_headers', [])
cf_singleton.save('fuzz_cookies', False)
cf_singleton.save('fuzz_url_filenames', True) # This one changed
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', False)
cf_singleton.save('fuzz_url_parts', True) # This one changed
url = URL('http://moth/foo/bar.htm?id=1')
freq = FuzzableRequest(url)
generated_mutants = create_mutants(freq, self.payloads)
generated_uris = [m.get_uri().url_string for m in generated_mutants]
expected_uris = [
'http://moth/foo/bar.htm?id=abc',
'http://moth/foo/bar.htm?id=def',
'http://moth/foo/abc.htm',
'http://moth/foo/def.htm',
'http://moth/foo/bar.abc',
'http://moth/foo/bar.def',
'http://moth/abc/bar.htm',
'http://moth/def/bar.htm',
'http://moth/foo/abc',
'http://moth/foo/def',
]
self.assertEqual(generated_uris, expected_uris)
开发者ID:0x554simon,项目名称:w3af,代码行数:26,代码来源:test_fuzzer.py
示例4: test_fuzz_headers_no_headers
def test_fuzz_headers_no_headers(self):
cf_singleton.save('fuzzable_headers', ['Referer']) # This one changed
cf_singleton.save('fuzz_cookies', False)
cf_singleton.save('fuzz_url_filenames', False)
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', False)
cf_singleton.save('fuzz_url_parts', False)
url = URL('http://moth/?id=1')
# No headers in the original request
#headers = Headers([('Referer', 'http://moth/foo/bar/')])
freq = HTTPQSRequest(url)
generated_mutants = create_mutants(freq, self.payloads)
expected_urls = ['http://moth/?id=abc',
'http://moth/?id=def',
'http://moth/?id=1',
'http://moth/?id=1', ]
generated_urls = [m.get_uri().url_string for m in generated_mutants]
self.assertEqual(generated_urls, expected_urls)
expected_headers = [Headers(),
Headers(),
Headers([('Referer', 'abc')]),
Headers([('Referer', 'def')]), ]
generated_headers = [m.get_headers() for m in generated_mutants]
self.assertEqual(expected_headers, generated_headers)
self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, HeadersMutant)
for m in generated_mutants))
开发者ID:3rdDegree,项目名称:w3af,代码行数:33,代码来源:test_fuzzer.py
示例5: test_qs_and_cookie
def test_qs_and_cookie(self):
cf_singleton.save('fuzzable_headers', [])
cf_singleton.save('fuzz_cookies', True) # This one changed
cf_singleton.save('fuzz_url_filenames', False)
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', False)
cf_singleton.save('fuzz_url_parts', False)
url = URL('http://moth/?id=1')
# And now there is a cookie
cookie = Cookie('foo=bar')
freq = HTTPQSRequest(url, cookie=cookie)
generated_mutants = create_mutants(freq, self.payloads)
expected_urls = [u'http://moth/?id=abc',
u'http://moth/?id=def',
u'http://moth/?id=1',
u'http://moth/?id=1']
generated_urls = [m.get_uri().url_string for m in generated_mutants]
self.assertEqual(generated_urls, expected_urls)
expected_cookies = ['foo=bar;',
'foo=bar;',
'foo=abc;',
'foo=def;']
generated_cookies = [str(m.get_cookie()) for m in generated_mutants]
self.assertEqual(expected_cookies, generated_cookies)
self.assertTrue(all(isinstance(m, QSMutant) or isinstance(m, CookieMutant)
for m in generated_mutants))
开发者ID:3rdDegree,项目名称:w3af,代码行数:34,代码来源:test_fuzzer.py
示例6: batch_injection_test
def batch_injection_test(self, freq, orig_response):
"""
Uses the batch injection technique to find memcache injections
"""
# shortcuts
send_clean = self._uri_opener.send_clean
orig_body = orig_response.get_body()
for mutant in create_mutants(freq, ['']):
# trying to break normal execution flow with ERROR_1 payload
mutant.set_token_value(self.ERROR_1)
error_1_response, body_error_1_response = send_clean(mutant)
if fuzzy_equal(orig_body, body_error_1_response, self._eq_limit):
#
# if we manage to break execution flow, there is a potential
# injection otherwise - no injection!
#
continue
# trying the correct injection request, to confirm that we've found
# it!
mutant.set_token_value(self.OK)
ok_response, body_ok_response = send_clean(mutant)
if fuzzy_equal(body_error_1_response, body_ok_response,
self._eq_limit):
#
# The "OK" and "ERROR_1" responses are equal, this means that
# we're not in a memcached injection
#
continue
# ERROR_2 request to just make sure that we're in a memcached case
mutant.set_token_value(self.ERROR_2)
error_2_response, body_error_2_response = send_clean(mutant)
if fuzzy_equal(orig_body, body_error_2_response, self._eq_limit):
#
# now requests should be different again, otherwise injection
# is not confirmed
#
continue
response_ids = [error_1_response.id,
ok_response.id,
error_2_response.id]
desc = ('Memcache injection was found at: "%s", using'
' HTTP method %s. The injectable parameter is: "%s"')
desc %= (mutant.get_url(),
mutant.get_method(),
mutant.get_token_name())
v = Vuln.from_mutant('Memcache injection vulnerability', desc,
severity.HIGH, response_ids, 'memcachei',
mutant)
self.kb_append_uniq(self, 'memcachei', v)
开发者ID:batmanWjw,项目名称:w3af,代码行数:60,代码来源:memcachei.py
示例7: _fuzz_with_time_delay
def _fuzz_with_time_delay(self, freq):
"""
Tests an URL for eval() usage vulnerabilities using time delays.
:param freq: A FuzzableRequest
"""
fake_mutants = create_mutants(freq, ['', ])
self.worker_pool.map(self._test_delay, fake_mutants)
开发者ID:3rdDegree,项目名称:w3af,代码行数:7,代码来源:eval.py
示例8: test_fuzz_headers
def test_fuzz_headers(self):
cf_singleton.save('fuzzable_headers', ['Referer']) # This one changed
cf_singleton.save('fuzz_cookies', False)
cf_singleton.save('fuzz_url_filenames', False)
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', False)
cf_singleton.save('fuzz_url_parts', False)
url = URL('http://moth/?id=1')
# With headers
headers = Headers([('Referer', 'http://moths/'),
('Foo', 'Bar')])
freq = FuzzableRequest(url, headers=headers)
generated_mutants = create_mutants(freq, self.payloads)
expected_urls = ['http://moth/?id=abc',
'http://moth/?id=def',
'http://moth/?id=1',
'http://moth/?id=1', ]
generated_urls = [m.get_uri().url_string for m in generated_mutants]
self.assertEqual(generated_urls, expected_urls)
expected_headers = [
headers,
headers,
Headers([('Referer', 'abc'), ('Foo', 'Bar')]),
Headers([('Referer', 'def'), ('Foo', 'Bar')]),]
generated_headers = [m.get_headers() for m in generated_mutants]
self.assertEqual(expected_headers, generated_headers)
self.assertAllInstance(generated_mutants[:2], QSMutant)
self.assertAllInstance(generated_mutants[2:], HeadersMutant)
self.assertAllHaveTokens(generated_mutants)
开发者ID:0x554simon,项目名称:w3af,代码行数:34,代码来源:test_fuzzer.py
示例9: audit
def audit(self, freq, orig_response):
"""
Tests an URL for ReDoS vulnerabilities using time delays.
:param freq: A FuzzableRequest
"""
if self.ignore_this_request(freq):
return
fake_mutants = create_mutants(freq, ['', ])
for mutant in fake_mutants:
for delay_obj in self.get_delays():
adc = AproxDelayController(mutant, delay_obj, self._uri_opener,
delay_setting=EXPONENTIALLY)
success, responses = adc.delay_is_controlled()
if not success:
continue
# Now I can be sure that I found a vuln, we control the
# response time with the delay
desc = 'ReDoS was found at: %s' % mutant.found_at()
response_ids = [r.id for r in responses]
v = Vuln.from_mutant('ReDoS vulnerability', desc,
severity.MEDIUM, response_ids,
self.get_name(), mutant)
self.kb_append_uniq(self, 'redos', v)
# Only test regular expressions until we find a delay
break
开发者ID:everping,项目名称:w3af,代码行数:34,代码来源:redos.py
示例10: test_fuzz_headers
def test_fuzz_headers(self):
cf_singleton.save("fuzzable_headers", ["Referer"]) # This one changed
cf_singleton.save("fuzz_cookies", False)
cf_singleton.save("fuzz_url_filenames", False)
cf_singleton.save("fuzzed_files_extension", "gif")
cf_singleton.save("fuzz_form_files", False)
cf_singleton.save("fuzz_url_parts", False)
url = URL("http://moth/?id=1")
# With headers
headers = Headers([("Referer", "http://moths/"), ("Foo", "Bar")])
freq = FuzzableRequest(url, headers=headers)
generated_mutants = create_mutants(freq, self.payloads)
expected_urls = ["http://moth/?id=abc", "http://moth/?id=def", "http://moth/?id=1", "http://moth/?id=1"]
generated_urls = [m.get_uri().url_string for m in generated_mutants]
self.assertEqual(generated_urls, expected_urls)
expected_headers = [
headers,
headers,
Headers([("Referer", "abc"), ("Foo", "Bar")]),
Headers([("Referer", "def"), ("Foo", "Bar")]),
]
generated_headers = [m.get_headers() for m in generated_mutants]
self.assertEqual(expected_headers, generated_headers)
self.assertAllInstance(generated_mutants[:2], QSMutant)
self.assertAllInstance(generated_mutants[2:], HeadersMutant)
self.assertAllHaveTokens(generated_mutants)
开发者ID:cathartic,项目名称:w3af,代码行数:31,代码来源:test_fuzzer.py
示例11: _is_token_checked
def _is_token_checked(self, freq, token, orig_response):
"""
Please note that this method generates lots of false positives and
negatives. Read the github issue for more information.
:see: https://github.com/andresriancho/w3af/issues/120
:return: True if the CSRF token is NOT verified by the web application
"""
token_pname_lst = token.keys()
token_value = token[token_pname_lst[0]]
# This will generate mutants for the original fuzzable request using
# the reversed token value as a CSRF-token (this is a feature: we want
# to make sure it has the same length as the original token and that
# it has the same type: digits, hash, etc. in order to pass the first
# trivial validations)
#
# Only create mutants that modify the token parameter name
mutants = create_mutants(freq, [token_value[::-1]], False, token_pname_lst)
for mutant in mutants:
mutant_response = self._uri_opener.send_mutant(mutant)
if not self._is_resp_equal(orig_response, mutant_response):
return True
return False
开发者ID:RON313,项目名称:w3af,代码行数:26,代码来源:csrf.py
示例12: _with_time_delay
def _with_time_delay(self, freq):
"""
Tests an URL for OS Commanding vulnerabilities using time delays.
:param freq: A FuzzableRequest
"""
fake_mutants = create_mutants(freq, ['', ])
for mutant in fake_mutants:
if self._has_bug(mutant):
continue
for delay_obj in self._get_wait_commands():
ed = ExactDelayController(mutant, delay_obj, self._uri_opener)
success, responses = ed.delay_is_controlled()
if success:
desc = 'OS Commanding was found at: %s' % mutant.found_at()
v = Vuln.from_mutant('OS commanding vulnerability', desc,
severity.HIGH, [r.id for r in responses],
self.get_name(), mutant)
v['os'] = delay_obj.get_OS()
v['separator'] = delay_obj.get_separator()
self.kb_append_uniq(self, 'os_commanding', v)
break
开发者ID:3rdDegree,项目名称:w3af,代码行数:30,代码来源:os_commanding.py
示例13: test_filename_fname_qs
def test_filename_fname_qs(self):
cf_singleton.save('fuzzable_headers', [])
cf_singleton.save('fuzz_cookies', False)
cf_singleton.save('fuzz_url_filenames', True) # This one changed
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', False)
cf_singleton.save('fuzz_url_parts', False)
url = URL('http://moth/foo.htm?id=1')
freq = FuzzableRequest(url)
generated_mutants = create_mutants(freq, self.payloads)
expected_urls = [u'http://moth/foo.htm?id=abc',
u'http://moth/foo.htm?id=def',
u'http://moth/abc.htm',
u'http://moth/def.htm',
u'http://moth/foo.abc',
u'http://moth/foo.def',
]
generated_urls = [m.get_uri().url_string for m in generated_mutants]
self.assertEqual(generated_urls, expected_urls)
self.assertAllInstance(generated_mutants[:2], QSMutant)
self.assertAllInstance(generated_mutants[2:], FileNameMutant)
self.assertAllHaveTokens(generated_mutants)
开发者ID:0x554simon,项目名称:w3af,代码行数:27,代码来源:test_fuzzer.py
示例14: test_qs_and_cookie
def test_qs_and_cookie(self):
"""
Even when fuzz_cookies is True, we won't create HeaderMutants based
on a FuzzableRequest. This is one of the ugly things related with
https://github.com/andresriancho/w3af/issues/3149
Which we fixed!
"""
cf_singleton.save('fuzzable_headers', [])
cf_singleton.save('fuzz_cookies', True) # This one changed
cf_singleton.save('fuzz_url_filenames', False)
cf_singleton.save('fuzzed_files_extension', 'gif')
cf_singleton.save('fuzz_form_files', False)
cf_singleton.save('fuzz_url_parts', False)
url = URL('http://moth/?id=1')
# And now there is a cookie
cookie = Cookie('foo=bar')
freq = FuzzableRequest(url, cookie=cookie)
mutants = create_mutants(freq, self.payloads)
expected_urls = [u'http://moth/?id=abc',
u'http://moth/?id=def',
u'http://moth/?id=1',
u'http://moth/?id=1']
generated_urls = [m.get_uri().url_string for m in mutants]
self.assertEqual(generated_urls, expected_urls)
self.assertAllInstance(mutants[:2], QSMutant)
self.assertAllInstance(mutants[2:], CookieMutant)
self.assertAllHaveTokens(mutants)
开发者ID:0x554simon,项目名称:w3af,代码行数:33,代码来源:test_fuzzer.py
示例15: audit
def audit(self, freq, orig_response):
"""
Tests a URL for rosetta flash vulnerabilities
https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
http://quaxio.com/jsonp_handcrafted_flash_files/
https://molnarg.github.io/ascii-flash/#/24
:param freq: A FuzzableRequest
"""
content_type, _ = orig_response.get_headers().iget('Content-Type')
if not content_type:
return
# Only check JSONP endpoints, other "reflections" like XSS are checked
# in xss.py , have different severity, exploits, etc.
if 'javascript' not in content_type or 'text/plain' not in content_type:
return
# Note that we're only creating QS mutants, since that's a requirement
# to be able to "host" the reflected Flash in the vulnerable site
mutants = create_mutants(freq, [self.FLASH], orig_resp=orig_response,
mutant_tuple=[QSMutant])
self._send_mutants_in_threads(self._uri_opener.send_mutant,
mutants,
self._analyze_result)
开发者ID:everping,项目名称:w3af,代码行数:28,代码来源:rosetta_flash.py
示例16: audit
def audit(self, freq, orig_response):
"""
Tests an URL for buffer overflow vulnerabilities.
:param freq: A FuzzableRequest
"""
mutants = create_mutants(freq, self.BUFFER_TESTS, orig_resp=orig_response)
self.worker_pool.map(self._send_request, mutants)
开发者ID:cathartic,项目名称:w3af,代码行数:9,代码来源:buffer_overflow.py
示例17: audit
def audit(self, freq, orig_response):
"""
Tests an URL for response splitting vulnerabilities.
:param freq: A fuzzable_request
"""
mutants = create_mutants(freq, self.HEADER_INJECTION_TESTS)
self._send_mutants_in_threads(self._uri_opener.send_mutant, mutants, self._analyze_result)
开发者ID:breakthesec,项目名称:w3af,代码行数:9,代码来源:response_splitting.py
示例18: audit
def audit(self, freq, orig_response):
"""
Tests an URL for xpath injection vulnerabilities.
:param freq: A FuzzableRequest
"""
mutants = create_mutants(freq, self.XPATH_TEST_PAYLOADS, orig_resp=orig_response)
self._send_mutants_in_threads(self._uri_opener.send_mutant, mutants, self._analyze_result)
开发者ID:ZionOps,项目名称:w3af,代码行数:9,代码来源:xpath.py
示例19: audit
def audit(self, freq, orig_response):
"""
Tests an URL for SQL injection vulnerabilities.
:param freq: A FuzzableRequest
"""
mutants = create_mutants(freq, self.SQLI_STRINGS, orig_resp=orig_response)
self._send_mutants_in_threads(self._uri_opener.send_mutant, mutants, self._analyze_result)
开发者ID:ZionOps,项目名称:w3af,代码行数:9,代码来源:sqli.py
示例20: test_xmlrpc_mutant
def test_xmlrpc_mutant(self):
url = URL('http://moth/?id=1')
post_data = XML_WITH_FUZZABLE
headers = Headers()
freq = FuzzableRequest.from_parts(url, 'POST', post_data, headers)
mutants = create_mutants(freq, self.payloads)
self.assertAllInstance(mutants[:2], QSMutant)
self.assertAllInstance(mutants[4:], XmlRpcMutant)
self.assertAllHaveTokens(mutants)
开发者ID:0x554simon,项目名称:w3af,代码行数:10,代码来源:test_fuzzer.py
注:本文中的w3af.core.data.fuzzer.fuzzer.create_mutants函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论