本文整理汇总了Python中w3af.core.data.kb.info.Info.get_desc方法的典型用法代码示例。如果您正苦于以下问题:Python Info.get_desc方法的具体用法?Python Info.get_desc怎么用?Python Info.get_desc使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.kb.info.Info的用法示例。
在下文中一共展示了Info.get_desc方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _test_DNS
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _test_DNS(self, original_response, dns_wildcard_url):
"""
Check if http://www.domain.tld/ == http://domain.tld/
"""
headers = Headers([("Host", dns_wildcard_url.get_domain())])
try:
modified_response = self._uri_opener.GET(original_response.get_url(), cache=True, headers=headers)
except BaseFrameworkException:
return
else:
if relative_distance_lt(modified_response.get_body(), original_response.get_body(), 0.35):
desc = (
"The target site has NO DNS wildcard, and the contents" ' of "%s" differ from the contents of "%s".'
)
desc = desc % (dns_wildcard_url, original_response.get_url())
i = Info("No DNS wildcard", desc, modified_response.id, self.get_name())
i.set_url(dns_wildcard_url)
kb.kb.append(self, "dns_wildcard", i)
om.out.information(i.get_desc())
else:
desc = (
"The target site has a DNS wildcard configuration, the"
' contents of "%s" are equal to the ones of "%s".'
)
desc = desc % (dns_wildcard_url, original_response.get_url())
i = Info("DNS wildcard", desc, modified_response.id, self.get_name())
i.set_url(original_response.get_url())
kb.kb.append(self, "dns_wildcard", i)
om.out.information(i.get_desc())示例2: _analyze_crossdomain_clientaccesspolicy
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _analyze_crossdomain_clientaccesspolicy(self, url, response, file_name):
# https://github.com/andresriancho/w3af/issues/14491
if file_name not in self.FILE_TAG_ATTR:
return
try:
dom = xml.dom.minidom.parseString(response.get_body())
except Exception:
# Report this, it may be interesting for the final user
# not a vulnerability per-se... but... it's information after all
if 'allow-access-from' in response.get_body() or \
'cross-domain-policy' in response.get_body() or \
'cross-domain-access' in response.get_body():
desc = 'The "%s" file at: "%s" is not a valid XML.'
desc %= (file_name, response.get_url())
i = Info('Invalid RIA settings file', desc, response.id,
self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
return
tag, attribute = self.FILE_TAG_ATTR.get(file_name)
url_list = dom.getElementsByTagName(tag)
for url in url_list:
url = url.getAttribute(attribute)
if url == '*':
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from any site.'
desc %= (file_name, response.get_url())
v = Vuln('Insecure RIA settings', desc, severity.LOW,
response.id, self.get_name())
v.set_url(response.get_url())
v.set_method('GET')
kb.kb.append(self, 'vuln', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
else:
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from "%s".'
desc %= (file_name, response.get_url(), url)
i = Info('Cross-domain allow ACL', desc, response.id,
self.get_name())
i.set_url(response.get_url())
i.set_method('GET')
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())示例3: _analyze_crossdomain_clientaccesspolicy
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _analyze_crossdomain_clientaccesspolicy(self, url, response, file_name):
try:
dom = xml.dom.minidom.parseString(response.get_body())
except Exception:
# Report this, it may be interesting for the final user
# not a vulnerability per-se... but... it's information after all
if 'allow-access-from' in response.get_body() or \
'cross-domain-policy' in response.get_body() or \
'cross-domain-access' in response.get_body():
desc = 'The "%s" file at: "%s" is not a valid XML.'
desc = desc % (file_name, response.get_url())
i = Info('Invalid RIA settings file', desc, response.id,
self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
else:
if file_name == 'crossdomain.xml':
url_list = dom.getElementsByTagName("allow-access-from")
attribute = 'domain'
if file_name == 'clientaccesspolicy.xml':
url_list = dom.getElementsByTagName("domain")
attribute = 'uri'
for url in url_list:
url = url.getAttribute(attribute)
if url == '*':
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from any site.'
desc = desc % (file_name, response.get_url())
v = Vuln('Insecure RIA settings', desc, severity.LOW,
response.id, self.get_name())
v.set_url(response.get_url())
v.set_method('GET')
kb.kb.append(self, 'vuln', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
else:
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from "%s".'
desc = desc % (file_name, response.get_url(), url)
i = Info('Cross-domain allow ACL', desc, response.id,
self.get_name())
i.set_url(response.get_url())
i.set_method('GET')
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())示例4: _fingerprint_meta
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _fingerprint_meta(self, domain_path, wp_unique_url, response):
"""
Check if the wp version is in index header
"""
# Main scan URL passed from w3af + wp index page
wp_index_url = domain_path.url_join('index.php')
response = self._uri_opener.GET(wp_index_url, cache=True)
# Find the string in the response html
find = '<meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" />'
m = re.search(find, response.get_body())
# If string found, group version
if m:
version = m.group(1)
# Save it to the kb!
desc = 'WordPress version "%s" found in the index header.'
desc = desc % version
i = Info('Fingerprinted Wordpress version', desc, response.id,
self.get_name())
i.set_url(wp_index_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())示例5: _fingerprint_data
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _fingerprint_data(self, domain_path, wp_unique_url, response):
"""
Find wordpress version from data
"""
for wp_fingerprint in self._get_wp_fingerprints():
# The URL in the XML is relative AND it has two different variables
# that we need to replace:
# $wp-content$ -> wp-content/
# $wp-plugins$ -> wp-content/plugins/
path = wp_fingerprint.filepath
path = path.replace('$wp-content$', 'wp-content/')
path = path.replace('$wp-plugins$', 'wp-content/plugins/')
test_url = domain_path.url_join(path)
response = self._uri_opener.GET(test_url, cache=True)
response_hash = hashlib.md5(response.get_body()).hexdigest()
if response_hash == wp_fingerprint.hash:
version = wp_fingerprint.version
# Save it to the kb!
desc = 'WordPress version "%s" fingerprinted by matching known md5'\
' hashes to HTTP responses of static resources available at'\
' the remote WordPress install.'
desc = desc % version
i = Info('Fingerprinted Wordpress version', desc, response.id,
self.get_name())
i.set_url(test_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
break示例6: test_to_json
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def test_to_json(self):
i = Info("Blind SQL injection vulnerability", MockInfo.LONG_DESC, 1, "plugin_name")
i["test"] = "foo"
i.add_to_highlight("abc", "def")
jd = i.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd["name"], i.get_name())
self.assertEqual(jd["url"], str(i.get_url()))
self.assertEqual(jd["var"], i.get_token_name())
self.assertEqual(jd["response_ids"], i.get_id())
self.assertEqual(jd["vulndb_id"], i.get_vulndb_id())
self.assertEqual(jd["desc"], i.get_desc(with_id=False))
self.assertEqual(jd["long_description"], i.get_long_description())
self.assertEqual(jd["fix_guidance"], i.get_fix_guidance())
self.assertEqual(jd["fix_effort"], i.get_fix_effort())
self.assertEqual(jd["tags"], i.get_tags())
self.assertEqual(jd["wasc_ids"], i.get_wasc_ids())
self.assertEqual(jd["wasc_urls"], list(i.get_wasc_urls()))
self.assertEqual(jd["cwe_urls"], list(i.get_cwe_urls()))
self.assertEqual(jd["references"], BLIND_SQLI_REFS)
self.assertEqual(jd["owasp_top_10_references"], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd["plugin_name"], i.get_plugin_name())
self.assertEqual(jd["severity"], i.get_severity())
self.assertEqual(jd["attributes"], i.copy())
self.assertEqual(jd["highlight"], list(i.get_to_highlight()))示例7: _lowest_privilege_test
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _lowest_privilege_test(self, response):
regex_str = 'User/Group </td><td class="v">(.*?)\((\d.*?)\)/(\d.*?)</td>'
lowest_privilege_test = re.search(regex_str, response.get_body(), re.I)
if lowest_privilege_test:
lpt_uname = lowest_privilege_test.group(1)
lpt_uid = lowest_privilege_test.group(2)
lpt_uid = int(lpt_uid)
lpt_gid = lowest_privilege_test.group(3)
if lpt_uid < 99 or lpt_gid < 99 or \
re.match('root|apache|daemon|bin|operator|adm', lpt_uname, re.I):
desc = 'phpinfo()::PHP may be executing as a higher privileged'\
' group. Username: %s, UserID: %s, GroupID: %s.'
desc = desc % (lpt_uname, lpt_uid, lpt_gid)
v = Vuln('PHP lowest_privilege_test:fail', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
else:
lpt_name = 'privilege:' + lpt_uname
lpt_desc = 'phpinfo()::PHP is executing under '
lpt_desc += 'username: ' + lpt_uname + ', '
lpt_desc += 'userID: ' + str(lpt_uid) + ', '
lpt_desc += 'groupID: ' + lpt_gid
i = Info(lpt_name, lpt_desc, response.id, self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', i)
om.out.information(i.get_desc())示例8: _html_in_comment
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _html_in_comment(self, comment, request, response):
"""
Find HTML code in HTML comments
"""
html_in_comment = self.HTML_RE.search(comment)
if html_in_comment and \
(comment, response.get_url()) not in self._already_reported_interesting:
# There is HTML code in the comment.
comment = comment.strip()
comment = comment.replace('\n', '')
comment = comment.replace('\r', '')
comment = comment[:40]
desc = 'A comment with the string "%s" was found in: "%s".'\
' This could be interesting.'
desc = desc % (comment, response.get_url())
i = Info('HTML comment contains HTML code', desc,
response.id, self.get_name())
i.set_dc(request.get_dc())
i.set_uri(response.get_uri())
i.add_to_highlight(html_in_comment.group(0))
kb.kb.append(self, 'html_comment_hides_html', i)
om.out.information(i.get_desc())
self._already_reported_interesting.add(
(comment, response.get_url()))示例9: _analyze_author
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _analyze_author(self, response, frontpage_author):
"""
Analyze the author URL.
:param response: The http response object for the _vti_inf file.
:param frontpage_author: A regex match object.
:return: None. All the info is saved to the kb.
"""
author_location = response.get_url().get_domain_path().url_join(
frontpage_author.group(1))
# Check for anomalies in the location of author.exe
if frontpage_author.group(1) != '_vti_bin/_vti_aut/author.exe':
name = 'Customized frontpage configuration'
desc = 'The FPAuthorScriptUrl is at: "%s" instead of the default'\
' location: "/_vti_bin/_vti_adm/author.exe". This is very'\
' uncommon.'
desc = desc % author_location
else:
name = 'FrontPage FPAuthorScriptUrl'
desc = 'The FPAuthorScriptUrl is at: "%s".'
desc = desc % author_location
i = Info(name, desc, response.id, self.get_name())
i.set_url(author_location)
i['FPAuthorScriptUrl'] = author_location
kb.kb.append(self, 'frontpage_version', i)
om.out.information(i.get_desc())示例10: _do_request
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _do_request(self, url, mutant):
"""
Perform a simple GET to see if the result is an error or not, and then
run the actual fuzzing.
"""
response = self._uri_opener.GET(
mutant, cache=True, headers=self._headers)
if not (is_404(response) or
response.get_code() in (403, 401) or
self._return_without_eval(mutant)):
# Create the fuzzable request and send it to the core
fr = FuzzableRequest.from_http_response(response)
self.output_queue.put(fr)
#
# Save it to the kb (if new)!
#
if response.get_url() not in self._seen and response.get_url().get_file_name():
desc = 'A potentially interesting file was found at: "%s".'
desc = desc % response.get_url()
i = Info('Potentially interesting file', desc, response.id,
self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'files', i)
om.out.information(i.get_desc())
# Report only once
self._seen.add(response.get_url())示例11: _analyze_results
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _analyze_results(self, filtered, not_filtered):
"""
Analyze the test results and save the conclusion to the kb.
"""
if len(filtered) >= len(self._get_offending_strings()) / 5.0:
desc = 'The remote network has an active filter. IMPORTANT: The'\
' result of all the other plugins will be inaccurate, web'\
' applications could be vulnerable but "protected" by the'\
' active filter.'
i = Info('Active filter detected', desc, 1, self.get_name())
i['filtered'] = filtered
kb.kb.append(self, 'afd', i)
om.out.information(i.get_desc())
om.out.information('The following URLs were filtered:')
for i in filtered:
om.out.information('- ' + i)
if not_filtered:
om.out.information(
'The following URLs passed undetected by the filter:')
for i in not_filtered:
om.out.information('- ' + i)示例12: _force_disclosures
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def _force_disclosures(self, domain_path, potentially_vulnerable_paths):
"""
:param domain_path: The path to wordpress' root directory
:param potentially_vulnerable_paths: A list with the paths I'll URL-join
with @domain_path, GET and parse.
"""
for pvuln_path in potentially_vulnerable_paths:
pvuln_url = domain_path.url_join(pvuln_path)
response = self._uri_opener.GET(pvuln_url, cache=True)
if is_404(response):
continue
response_body = response.get_body()
if 'Fatal error: ' in response_body:
desc = 'Analyze the HTTP response body to find the full path'\
' where wordpress was installed.'
i = Info('WordPress path disclosure', desc, response.id,
self.get_name())
i.set_url(pvuln_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
break示例13: test_to_json
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def test_to_json(self):
i = Info('Blind SQL injection vulnerability', MockInfo.LONG_DESC, 1,
'plugin_name')
i['test'] = 'foo'
i.add_to_highlight('abc', 'def')
jd = i.to_json()
json_string = json.dumps(jd)
jd = json.loads(json_string)
self.assertEqual(jd['name'], i.get_name())
self.assertEqual(jd['url'], str(i.get_url()))
self.assertEqual(jd['var'], i.get_token_name())
self.assertEqual(jd['response_ids'], i.get_id())
self.assertEqual(jd['vulndb_id'], i.get_vulndb_id())
self.assertEqual(jd['desc'], i.get_desc(with_id=False))
self.assertEqual(jd['long_description'], i.get_long_description())
self.assertEqual(jd['fix_guidance'], i.get_fix_guidance())
self.assertEqual(jd['fix_effort'], i.get_fix_effort())
self.assertEqual(jd['tags'], i.get_tags())
self.assertEqual(jd['wasc_ids'], i.get_wasc_ids())
self.assertEqual(jd['wasc_urls'], list(i.get_wasc_urls()))
self.assertEqual(jd['cwe_urls'], list(i.get_cwe_urls()))
self.assertEqual(jd['references'], BLIND_SQLI_REFS)
self.assertEqual(jd['owasp_top_10_references'], BLIND_SQLI_TOP10_REFS)
self.assertEqual(jd['plugin_name'], i.get_plugin_name())
self.assertEqual(jd['severity'], i.get_severity())
self.assertEqual(jd['attributes'], i.copy())
self.assertEqual(jd['highlight'], list(i.get_to_highlight()))示例14: discover
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def discover(self, fuzzable_request):
"""
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
root_domain = fuzzable_request.get_url().get_root_domain()
pks_se = pks(self._uri_opener)
results = pks_se.search(root_domain)
pks_url = 'http://pgp.mit.edu:11371/'
for result in results:
mail = result.username + '@' + root_domain
desc = 'The mail account: "%s" was found at: "%s".'
desc = desc % (mail, pks_url)
i = Info('Email account', desc, result.id, self.get_name())
i.set_url(URL(pks_url))
i['mail'] = mail
i['user'] = result.username
i['name'] = result.name
i['url_list'] = {URL(pks_url)}
kb.kb.append('emails', 'emails', i)
om.out.information(i.get_desc())示例15: discover
# 需要导入模块: from w3af.core.data.kb.info import Info [as 别名]
# 或者: from w3af.core.data.kb.info.Info import get_desc [as 别名]
def discover(self, fuzzable_request):
"""
Identify server software using favicon.
:param fuzzable_request: A fuzzable_request instance that contains
(among other things) the URL to test.
"""
domain_path = fuzzable_request.get_url().get_domain_path()
# TODO: Maybe I should also parse the html to extract the favicon location?
favicon_url = domain_path.url_join('favicon.ico')
response = self._uri_opener.GET(favicon_url, cache=True)
remote_fav_md5 = hashlib.md5(response.get_body()).hexdigest()
if not is_404(response):
# check if MD5 is matched in database/list
for md5part, favicon_desc in self._read_favicon_db():
if md5part == remote_fav_md5:
desc = 'Favicon.ico file was identified as "%s".' % favicon_desc
i = Info('Favicon identification', desc, response.id,
self.get_name())
i.set_url(favicon_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
break
else:
#
# Report to the kb that we failed to ID this favicon.ico
# and that the md5 should be sent to the developers.
#
desc = 'Favicon identification failed. If the remote site is' \
' using framework that is being exposed by its favicon,'\
' please send an email to [email protected]'\
' including this md5 hash "%s" and the' \
' name of the server or Web application it represents.' \
' New fingerprints make this plugin more powerful and ' \
' accurate.'
desc = desc % remote_fav_md5
i = Info('Favicon identification failed', desc, response.id,
self.get_name())
i.set_url(favicon_url)
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())