本文整理汇总了Python中w3af.core.data.db.disk_set.DiskSet.add方法的典型用法代码示例。如果您正苦于以下问题:Python DiskSet.add方法的具体用法?Python DiskSet.add怎么用?Python DiskSet.add使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.db.disk_set.DiskSet的用法示例。
在下文中一共展示了DiskSet.add方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: dot_ds_store
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
class dot_ds_store(CrawlPlugin):
"""
Search .DS_Store file and checks for files containing.
:author: Tomas Velazquez ( [email protected] )
:author: Andres Riancho ( [email protected] )
:credits: This code was based in cpan Mac::Finder::DSStore by Wim Lewis ( [email protected] )
"""
DS_STORE = '.DS_Store'
def __init__(self):
CrawlPlugin.__init__(self)
# Internal variables
self._analyzed_dirs = DiskSet()
def crawl(self, fuzzable_request):
"""
For every directory, fetch a list of files and analyze the response.
:parameter fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
directories_to_check = []
for domain_path in fuzzable_request.get_url().get_directories():
if domain_path not in self._analyzed_dirs:
self._analyzed_dirs.add(domain_path)
directories_to_check.append(domain_path)
# Send the requests using threads
self.worker_pool.map(self._check_and_analyze, directories_to_check)
def _check_and_analyze(self, domain_path):
"""
Check if a .DS_Store filename exists in the domain_path.
:return: None, everything is saved to the self.out_queue.
"""
# Request the file
url = domain_path.url_join(self.DS_STORE)
try:
response = self.http_get_and_parse(url, binary_response=True)
except BaseFrameworkException, w3:
msg = 'Failed to GET .DS_Store file: %s. Exception: %s.'
om.out.debug(msg, (url, w3))
return
# Check if it's a .DS_Store file
if is_404(response):
return
try:
store = DsStore(response.get_raw_body())
entries = store.get_file_entries()
except Exception, e:
om.out.debug('Unexpected error while parsing DS_Store file: "%s"' % e)
return示例2: test_add_QsRequest
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_add_QsRequest(self):
ds = DiskSet()
uri = URL('http://w3af.org/?id=2')
hdr = Headers([('Referer', 'http://w3af.org/')])
qsr1 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=3')
qsr2 = FuzzableRequest(uri, method='GET', headers=hdr)
uri = URL('http://w3af.org/?id=7')
qsr3 = FuzzableRequest(uri, method='FOO', headers=hdr)
ds.add(qsr1)
ds.add(qsr2)
ds.add(qsr2)
ds.add(qsr1)
self.assertEqual(ds[0], qsr1)
self.assertEqual(ds[1], qsr2)
self.assertFalse(qsr3 in ds)
self.assertTrue(qsr2 in ds)
self.assertEqual(len(ds), 2)
# This forces an internal change in the URL object
qsr2.get_url().url_string
self.assertIn(qsr2, ds)示例3: test_add_HTTPPostDataRequest
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_add_HTTPPostDataRequest(self):
ds = DiskSet()
uri = URL("http://w3af.org/?id=2")
hdr = Headers([("Referer", "http://w3af.org/")])
pdr1 = HTTPPostDataRequest(uri, method="GET", headers=hdr)
uri = URL("http://w3af.org/?id=3")
pdr2 = HTTPPostDataRequest(uri, method="GET", headers=hdr)
uri = URL("http://w3af.org/?id=7")
pdr3 = HTTPPostDataRequest(uri, method="FOO", headers=hdr)
ds.add(pdr1)
ds.add(pdr2)
ds.add(pdr2)
ds.add(pdr1)
self.assertEqual(ds[0], pdr1)
self.assertEqual(ds[1], pdr2)
self.assertFalse(pdr3 in ds)
self.assertTrue(pdr2 in ds)
self.assertEqual(len(ds), 2)
# This forces an internal change in the URL object
pdr2.get_url().url_string
self.assertTrue(pdr2 in ds)示例4: dwsync_xml
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
class dwsync_xml(CrawlPlugin):
"""
Search Dream Waver Sync file (dwsync.xml) and extract referenced files.
:author: Tomas Velazquez ([email protected])
"""
DWSYNC = '_notes/dwsync.xml'
def __init__(self):
CrawlPlugin.__init__(self)
# Internal variables
self._analyzed_dirs = DiskSet()
def crawl(self, fuzzable_request):
"""
For every directory, fetch a list of files and analyze the response.
:parameter fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
for domain_path in fuzzable_request.get_url().get_directories():
if domain_path not in self._analyzed_dirs:
self._analyzed_dirs.add(domain_path)
self._find_dwsync(domain_path)
def _find_dwsync(self, domain_path):
dwsync_url = domain_path.url_join(self.DWSYNC)
response = self.http_get_and_parse(dwsync_url)
if is_404(response):
return
if '</dwsync>' not in response.get_body():
return
om.out.debug('Parsing dwsync.xml file at %s' % dwsync_url)
try:
dom = xml.dom.minidom.parseString(response.get_body())
except Exception, e:
msg = 'Exception while parsing dwsync.xml file at %s : "%s"'
om.out.debug(msg % (dwsync_url, e))
return
parsed_url_list = set()
for file_entry in dom.getElementsByTagName('file'):
try:
_file = file_entry.getAttribute('name')
url = domain_path.url_join(_file)
parsed_url_list.add(url)
except ValueError, ve:
msg = 'dwsync file had an invalid URL: "%s"'
om.out.debug(msg % ve)
except Exception, e:
msg = 'Sitemap file had an invalid format: "%s"'
om.out.debug(msg % e)示例5: test_disk_set
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_disk_set(self):
ds = DiskSet()
for i in xrange(20000):
data = (i, i)
ds.add(data)
for i in xrange(20000):
data = (i, i)
data in ds示例6: test_add
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_add(self):
ds = DiskSet()
ds.add(1)
ds.add(2)
ds.add(3)
ds.add(1)
self.assertEqual(list(ds), [1, 2, 3])
self.assertEqual(len(ds), 3)
self.assertEqual(unicode(ds), u'<DiskSet [1, 2, 3]>')示例7: test_add_urlobject
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_add_urlobject(self):
ds = DiskSet()
ds.add(URL('http://w3af.org/?id=2'))
ds.add(URL('http://w3af.org/?id=3'))
ds.add(URL('http://w3af.org/?id=3'))
self.assertEqual(ds[0], URL('http://w3af.org/?id=2'))
self.assertEqual(ds[1], URL('http://w3af.org/?id=3'))
self.assertEqual(len(ds), 2)
self.assertFalse(URL('http://w3af.org/?id=4') in ds)
self.assertTrue(URL('http://w3af.org/?id=2') in ds)示例8: test_remove_table
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_remove_table(self):
disk_set = DiskSet()
disk_set.add(1)
disk_set.add(2)
table_name = disk_set.table_name
db = get_default_temp_db_instance()
self.assertTrue(db.table_exists(table_name))
disk_set.cleanup()
self.assertFalse(db.table_exists(table_name))示例9: phpinfo
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
class phpinfo(CrawlPlugin):
"""
Search PHP Info file and if it finds it will determine the version of PHP.
:author: Viktor Gazdag ( [email protected] )
"""
"""
CHANGELOG:
Feb/17/2009- Added PHP Settings Audit Checks by Aung Khant (aungkhant[at]yehg.net)
"""
def __init__(self):
CrawlPlugin.__init__(self)
# Internal variables
self._analyzed_dirs = DiskSet()
self._has_audited = 0
def crawl(self, fuzzable_request):
"""
For every directory, fetch a list of files and analyze the response.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
for domain_path in fuzzable_request.get_url().get_directories():
if domain_path in self._analyzed_dirs:
continue
self._analyzed_dirs.add(domain_path)
url_repeater = repeat(domain_path)
args = izip(url_repeater, self._get_potential_phpinfos())
self.worker_pool.map_multi_args(self._check_and_analyze, args)
def _check_and_analyze(self, domain_path, php_info_filename):
"""
Check if a php_info_filename exists in the domain_path.
:return: None, everything is put() into the self.output_queue.
"""
# Request the file
php_info_url = domain_path.url_join(php_info_filename)
try:
response = self._uri_opener.GET(php_info_url, cache=True)
except BaseFrameworkException, w3:
msg = 'Failed to GET phpinfo file: "%s". Exception: "%s".'
om.out.debug(msg % (php_info_url, w3))
else:示例10: test_store_fuzzable_request
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_store_fuzzable_request(self):
form_params = FormParameters()
form_params.add_input([("name", "username"), ("value", "abc")])
form_params.add_input([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
ds = DiskSet()
ds.add(fr)
stored_fr = ds[0]
self.assertEqual(stored_fr, fr)
self.assertIsNot(stored_fr, fr)示例11: test_multipart_fuzzable_request_store
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_multipart_fuzzable_request_store(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
post_data = str(dc)
fr = FuzzableRequest.from_parts(URL('http://www.w3af.com/'),
method='POST', post_data=post_data,
headers=headers)
disk_set = DiskSet()
disk_set.add(fr)
fr_read = disk_set[0]
self.assertIsInstance(fr_read.get_raw_data(), MultipartContainer)
self.assertIn('a', fr_read.get_raw_data())示例12: test_store_fuzzable_request_two
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_store_fuzzable_request_two(self):
ds = DiskSet()
# Add a simple fr, without post-data
fr = FuzzableRequest(URL('http://example.com/?id=1'))
ds.add(fr)
# Add a fr with post-data
form_params = FormParameters()
form_params.add_field_by_attr_items([("name", "username"), ("value", "abc")])
form_params.add_field_by_attr_items([("name", "address"), ("value", "")])
form_params.set_action(URL('http://example.com/?id=1'))
form_params.set_method('post')
form = dc_from_form_params(form_params)
fr = FuzzableRequest.from_form(form)
ds.add(fr)
# Compare
stored_fr = ds[1]
self.assertEqual(stored_fr, fr)
self.assertIsNot(stored_fr, fr)示例13: test_store_in_disk_set
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
def test_store_in_disk_set(self):
boundary, post_data = multipart_encode([('a', 'bcd'), ], [])
multipart_boundary = MultipartContainer.MULTIPART_HEADER
headers = Headers([('content-length', str(len(post_data))),
('content-type', multipart_boundary % boundary)])
dc = MultipartContainer.from_postdata(headers, post_data)
dc.set_token(('a', 0))
disk_set = DiskSet()
disk_set.add(dc)
dc_read = disk_set[0]
# These are different objects
self.assertIsNot(dc_read, dc)
# But they hold the same data
self.assertEqual(dc.get_token(), dc_read.get_token())
self.assertIsNotNone(dc.get_token())
self.assertIsNotNone(dc_read.get_token())
self.assertEqual(dc_read.get_token().get_name(), 'a')示例14: DBKnowledgeBase
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
class DBKnowledgeBase(BasicKnowledgeBase):
"""
This class saves the data that is sent to it by plugins. It is the only way
in which plugins can exchange information.
Data is stored in a DB.
:author: Andres Riancho ([email protected])
"""
COLUMNS = [('location_a', 'TEXT'),
('location_b', 'TEXT'),
('uniq_id', 'TEXT'),
('pickle', 'BLOB')]
def __init__(self):
super(DBKnowledgeBase, self).__init__()
self.initialized = False
# TODO: Why doesn't this work with a WeakValueDictionary?
self.observers = {} #WeakValueDictionary()
self._observer_id = 0
def setup(self):
"""
Setup all the required backend stores. This was mostly created to avoid
starting any threads during __init__() which is called during python's
import phase and dead-locks in some cases.
:return: None
"""
with self._kb_lock:
if self.initialized:
return
self.urls = DiskSet(table_prefix='kb_urls')
self.fuzzable_requests = DiskSet(table_prefix='kb_fuzzable_requests')
self.db = get_default_persistent_db_instance()
self.table_name = 'knowledge_base_' + rand_alpha(30)
self.db.create_table(self.table_name, self.COLUMNS)
self.db.create_index(self.table_name, ['location_a', 'location_b'])
self.db.create_index(self.table_name, ['uniq_id'])
self.db.commit()
# Only initialize once
self.initialized = True
@requires_setup
def clear(self, location_a, location_b):
location_a = self._get_real_name(location_a)
query = "DELETE FROM %s WHERE location_a = ? and location_b = ?"
params = (location_a, location_b)
self.db.execute(query % self.table_name, params)
@requires_setup
def raw_write(self, location_a, location_b, value):
"""
This method saves value to (location_a,location_b) but previously
clears any pre-existing values.
"""
if isinstance(value, Info):
raise TypeError('Use append or append_uniq to store vulnerabilities')
location_a = self._get_real_name(location_a)
self.clear(location_a, location_b)
self.append(location_a, location_b, value, ignore_type=True)
@requires_setup
def raw_read(self, location_a, location_b):
"""
This method reads the value from (location_a, location_b)
"""
location_a = self._get_real_name(location_a)
result = self.get(location_a, location_b, check_types=False)
if len(result) > 1:
msg = 'Incorrect use of raw_write/raw_read, found %s results.'
raise RuntimeError(msg % len(result))
elif len(result) == 0:
return []
else:
return result[0]
@requires_setup
def get_one(self, location_a, location_b):
"""
This method reads the value from (location_a, location_b), checking it's
type and making sure only one is stored at that address.
Similar to raw_read, but checking types.
:see: https://github.com/andresriancho/w3af/issues/3955
"""
location_a = self._get_real_name(location_a)
result = self.get(location_a, location_b, check_types=True)
if len(result) > 1:
#.........这里部分代码省略.........
示例15: dir_file_bruter
# 需要导入模块: from w3af.core.data.db.disk_set import DiskSet [as 别名]
# 或者: from w3af.core.data.db.disk_set.DiskSet import add [as 别名]
class dir_file_bruter(CrawlPlugin):
"""
Finds Web server directories and files by bruteforcing.
:author: Jon Rose ( [email protected] )
:author: Andres Riancho ( [email protected]c.com )
:author: Tomas Velazquez
"""
BASE_PATH = os.path.join(ROOT_PATH, 'plugins', 'crawl', 'dir_file_bruter')
def __init__(self):
CrawlPlugin.__init__(self)
# User configured parameters
self._dir_list = os.path.join(self.BASE_PATH, 'common_dirs_small.db')
self._file_list = os.path.join(self.BASE_PATH, 'common_files_small.db')
self._bf_directories = True
self._bf_files = False
self._be_recursive = False
# Internal variables
self._exec = True
self._already_tested = DiskSet(table_prefix='dir_file_bruter')
def crawl(self, fuzzable_request):
"""
Get the file and parse it.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
if not self._exec:
raise RunOnce()
else:
domain_path = fuzzable_request.get_url().get_domain_path()
# Should I run more than once?
if not self._be_recursive:
self._exec = False
if domain_path not in self._already_tested:
self._already_tested.add(domain_path)
self._bruteforce_directories(domain_path)
def _dir_name_generator(self, base_path):
"""
Simple generator that returns the names of the directories and files to
test. It extracts the information from the user configured wordlist
parameter.
@yields: (A string with the directory or file name,
a URL object with the dir or file name)
"""
if self._bf_directories:
for directory_name in file(self._dir_list):
directory_name = directory_name.strip()
# ignore comments and empty lines
if directory_name and not directory_name.startswith('#'):
try:
dir_url = base_path.url_join(directory_name + '/')
except ValueError, ve:
msg = 'The "%s" line at "%s" generated an ' \
'invalid URL: %s'
om.out.debug(msg % (directory_name, self._dir_list, ve))
else:
yield directory_name, dir_url
if self._bf_files:
for file_name in file(self._file_list):
file_name = file_name.strip()
# ignore comments and empty lines
if file_name and not file_name.startswith('#'):
try:
dir_url = base_path.url_join(file_name)
except ValueError, ve:
msg = 'The "%s" line at "%s" generated an ' \
'invalid URL: %s'
om.out.debug(msg % (file_name, self._file_list, ve))
else:
yield file_name, dir_url