本文整理汇总了Python中w3af.core.data.kb.vuln.Vuln.add_to_highlight方法的典型用法代码示例。如果您正苦于以下问题:Python Vuln.add_to_highlight方法的具体用法?Python Vuln.add_to_highlight怎么用?Python Vuln.add_to_highlight使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.kb.vuln.Vuln的用法示例。
在下文中一共展示了Vuln.add_to_highlight方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _find_auth_uri
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _find_auth_uri(self, response):
"""
Analyze a 200 response and report any findings of http://user:[email protected]/
:return: None
"""
#
# Analyze the HTTP URL
#
if ('@' in response.get_uri() and
self._auth_uri_regex.match(response.get_uri().url_string)):
# An authentication URI was found!
desc = 'The resource: "%s" has a user and password in' \
' the URI.'
desc = desc % response.get_uri()
v = Vuln('Basic HTTP credentials', desc, severity.HIGH,
response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(response.get_uri().url_string)
kb.kb.append(self, 'userPassUri', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
#
# Analyze the HTTP response body
#
url_list = []
try:
DocumentParser = parser_cache.dpc.get_document_parser_for(response)
except BaseFrameworkException, w3:
msg = 'Failed to find a suitable document parser. ' \
'Exception: ' + str(w3)
om.out.debug(msg)示例2: _analyze_SQL
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _analyze_SQL(self, request, response, ref, token_name, token_value):
"""
To find this kind of vulns
http://thedailywtf.com/Articles/Oklahoma-
Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-
Sensitive-Data.aspx
:return: True if the parameter value contains SQL sentences
"""
for match in SQL_RE.findall(token_value):
if request.sent(match):
continue
desc = ('The URI: "%s" has a parameter named: "%s" with value:'
' "%s", which is a SQL query.')
desc %= (response.get_uri(), token_name, token_value)
v = Vuln('Parameter has SQL sentence', desc, severity.LOW,
response.id, self.get_name())
v['parameter_value'] = token_value
v.add_to_highlight(token_value)
v.set_uri(ref)
self.kb_append(self, 'strange_parameters', v)
return True
return False示例3: grep
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None, all results are saved in the kb.
"""
if not response.is_text_or_html():
return
uri = response.get_uri()
for regex in self.RE_LIST:
for m in regex.findall(response.get_body()):
user = m[0]
desc = 'The URL: "%s" contains a SVN versioning signature'\
' with the username "%s".'
desc = desc % (uri, user)
v = Vuln('SVN user disclosure vulnerability', desc,
severity.LOW, response.id, self.get_name())
v.add_to_highlight(user)
v.set_uri(uri)
v[SVNUserInfoSet.ITAG] = user
self.kb_append_uniq_group(self, 'users', v,
group_klass=SVNUserInfoSet)示例4: _analyze_html
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _analyze_html(self, request, response):
"""
Search for IP addresses in the HTML
"""
if not response.is_text_or_html():
return
# Performance improvement!
if not (('10.' in response) or ('172.' in response) or
('192.168.' in response) or ('169.254.' in response)):
return
for regex in self._regex_list:
for match in regex.findall(response.get_body()):
match = match.strip()
# Some proxy servers will return errors that include headers in the body
# along with the client IP which we want to ignore
if re.search("^.*X-Forwarded-For: .*%s" % match, response.get_body(), re.M):
continue
# If i'm requesting 192.168.2.111 then I don't want to be alerted about it
if match not in self._ignore_if_match and \
not request.sent(match):
desc = 'The URL: "%s" returned an HTML document'\
' with a private IP address: "%s".'
desc = desc % (response.get_url(), match)
v = Vuln('Private IP disclosure vulnerability', desc,
severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v['IP'] = match
v.add_to_highlight(match)
self.kb_append(self, 'HTML', v)示例5: _analyze_headers
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _analyze_headers(self, request, response):
"""
Search for IP addresses in HTTP headers
"""
# Get the headers string
headers_string = response.dump_headers()
# Match the regular expressions
for regex in self._regex_list:
for match in regex.findall(headers_string):
# If i'm requesting 192.168.2.111 then I don't want to be
# alerted about it
if match not in self._ignore_if_match:
desc = 'The URL: "%s" returned an HTTP header with a'\
' private IP address: "%s".'
desc = desc % (response.get_url(), match)
v = Vuln('Private IP disclosure vulnerability', desc,
severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v['IP'] = match
v.add_to_highlight(match)
self.kb_append(self, 'header', v)示例6: grep
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, find the SSN numbers.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None.
"""
if not response.is_text_or_html() or response.get_code() != 200 \
or response.get_clear_text_body() is None:
return
found_ssn, validated_ssn = self._find_SSN(response.get_clear_text_body())
if validated_ssn:
uri = response.get_uri()
desc = 'The URL: "%s" possibly discloses a US Social Security'\
' Number: "%s".'
desc = desc % (uri, validated_ssn)
v = Vuln('US Social Security Number disclosure', desc,
severity.LOW, response.id, self.get_name())
v.set_uri(uri)
v.add_to_highlight(found_ssn)
self.kb_append_uniq(self, 'ssn', v, 'URL')示例7: _analyze_match
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _analyze_match(self, match, request, response):
# This if is to avoid false positives
if request.sent(match):
return False
if self._is_attr_value(match, response):
return False
# Decode the URL, this will transform things like
# http://host.tld/?id=%2Fhome
# into,
# http://host.tld/?id=/home
realurl = response.get_url().url_decode()
# Check for dups
if (realurl, match) in self._already_added:
return False
# There is a rare bug also, which is triggered in cases like this one:
#
# >>> import re
# >>> re.findall('/var/www/.*','/var/www/foobar/htdocs/article.php')
# ['/var/www/foobar/htdocs/article.php']
# >>> re.findall('/htdocs/.*','/var/www/foobar/htdocs/article.php')
# ['/htdocs/article.php']
# >>>
#
# What I need to do here, is to keep the longest match.
for realurl_added, match_added in self._already_added:
if match_added.endswith(match):
break
else:
# Note to self: I get here when "break" is NOT executed.
# It's a new one, report!
self._already_added.append((realurl, match))
desc = 'The URL: "%s" has a path disclosure'\
' vulnerability which discloses "%s".'
desc = desc % (response.get_url(), match)
v = Vuln('Path disclosure vulnerability', desc, severity.LOW,
response.id, self.get_name())
v.set_url(realurl)
v['path'] = match
v.add_to_highlight(match)
self.kb_append(self, 'path_disclosure', v)
return True
return False示例8: _analyze_html
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _analyze_html(self, request, response):
"""
Search for IP addresses in the HTML
"""
if not response.is_text_or_html():
return
# Performance improvement!
if not (('10.' in response) or ('172.' in response) or
('192.168.' in response) or ('169.254.' in response)):
return
for regex in self.RE_LIST:
for ip_address in regex.findall(response.get_body()):
ip_address = ip_address.strip()
# Some proxy servers will return errors that include headers
# in the body along with the client IP which we want to ignore
if re.search("^.*X-Forwarded-For: .*%s" % ip_address,
response.get_body(), re.M):
continue
# If i'm requesting 192.168.2.111 then I don't want to be
# alerted about it
if ip_address in self._ignore_if_match:
continue
# Don't match things I've sent
if request.sent(ip_address):
continue
desc = 'The URL: "%s" returned an HTML document which' \
' contains the private IP address: "%s".'
desc = desc % (response.get_url(), ip_address)
v = Vuln('Private IP disclosure vulnerability', desc,
severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(ip_address)
v[HTMLPrivateIPInfoSet.ITAG] = ip_address
self.kb_append_uniq_group(self, 'HTML', v,
group_klass=HTMLPrivateIPInfoSet)示例9: grep
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, search for the code disclosures.
Unit tests are available at plugins/grep/tests.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
match, lang = is_source_file(response.get_body())
if match:
# Check also for 404
if not is_404(response):
desc = 'The URL: "%s" has a %s code disclosure vulnerability.'
desc = desc % (response.get_url(), lang)
v = Vuln('Code disclosure vulnerability', desc,
severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(match.group())
self.kb_append_uniq(self, 'code_disclosure', v, 'URL')
else:
self._first_404 = False
desc = 'The URL: "%s" has a %s code disclosure'\
' vulnerability in the customized 404 script.'
desc = desc % (response.get_url(), lang)
v = Vuln('Code disclosure vulnerability in 404 page', desc,
severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(match.group())
self.kb_append_uniq(self, 'code_disclosure', v, 'URL')示例10: grep
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, search for the code disclosures.
Unit tests are available at plugins/grep/tests.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
# https://github.com/andresriancho/w3af/issues/5379
# Avoid some (rather common) false positives that appear in JS files
if 'javascript' in response.content_type:
return
match, lang = is_source_file(response.get_body())
if not match:
return
# Only report 404 findings once
if is_404(response) and self._report_404_match:
self._report_404_match = False
desc = u'The URL: "%s" has a %s code disclosure' \
u' vulnerability in the customized 404 script.'
name = u'Code disclosure vulnerability in 404 page'
else:
desc = u'The URL: "%s" has a %s code disclosure vulnerability.'
name = u'Code disclosure vulnerability'
# Report the vulnerability
desc %= (response.get_url(), lang)
v = Vuln(name, desc, severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(match.group())
self.kb_append_uniq(self, 'code_disclosure', v, 'URL')示例11: _analyze_401
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def _analyze_401(self, response):
"""
Analyze a 401 response and report it.
:return: None
"""
realm = self._get_realm(response)
if realm is None:
self._report_no_realm(response)
return
insecure = response.get_url().get_protocol() == 'http'
vuln_severity = severity.HIGH if insecure else severity.LOW
desc = 'The resource: "%s" requires HTTP authentication'
if insecure:
desc += ' over a non-encrypted channel, which allows'\
' potential intruders to sniff traffic and capture'\
' valid credentials.'
else:
desc += '.'
desc += ' The received authentication realm is: "%s".'
desc = desc % (response.get_url(), realm)
# Report the common case, were a realm is set.
if 'ntlm' in realm.lower():
v = Vuln('NTLM authentication', desc,
vuln_severity, response.id, self.get_name())
else:
v = Vuln('HTTP Basic authentication', desc,
vuln_severity, response.id, self.get_name())
v.set_url(response.get_url())
v['message'] = realm
v.add_to_highlight(realm)
kb.kb.append(self, 'auth', v)
om.out.information(v.get_desc())示例12: grep
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, search for the credit cards.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if response.is_text_or_html() and response.get_code() == 200 and response.get_clear_text_body() is not None:
found_cards = self._find_card(response.get_clear_text_body())
for card in found_cards:
desc = 'The URL: "%s" discloses the credit card number: "%s"'
desc = desc % (response.get_url(), card)
v = Vuln("Credit card number disclosure", desc, severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(card)
self.kb_append_uniq(self, "credit_cards", v, "URL")示例13: grep
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def grep(self, request, response):
"""
Plugin entry point, search for the DOM XSS vulns.
:param request: The HTTP request object.
:param response: The HTTP response object
:return: None
"""
if not response.is_text_or_html():
return
for vuln_code in self._smart_grep(response):
desc = 'The URL: "%s" has a DOM XSS (insecure javascript code)'\
' bug using: "%s".'
desc = desc % (response.get_url(), vuln_code)
v = Vuln('DOM Cross site scripting', desc,
severity.LOW, response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(vuln_code)
self.kb_append_uniq(self, 'dom_xss', v, filter_by='URL')示例14: find_path_disclosure
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def find_path_disclosure(self, request, response):
"""
Actually find the path disclosure vulnerabilities
"""
body_text = response.get_body()
match_list = []
for match, _, _ in self._signature_re.query(body_text):
match_list.append(match.group(1))
# Sort by the longest match, this is needed for filtering out
# some false positives please read the note below.
match_list.sort(longest_cmp)
real_url = response.get_url().url_decode()
for match in match_list:
# Avoid duplicated reports
if (real_url, match) in self._reported:
continue
# Remove false positives
if self._is_false_positive(match, request, response):
continue
# Found!
self._reported.append((real_url, match))
desc = ('The URL: "%s" has a path disclosure vulnerability which'
' discloses "%s".')
desc %= (response.get_url(), match)
v = Vuln('Path disclosure vulnerability', desc, severity.LOW,
response.id, self.get_name())
v.add_to_highlight(match)
v.set_url(real_url)
v['path'] = match
self.kb_append(self, 'path_disclosure', v)
return v示例15: find_path_disclosure
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import add_to_highlight [as 别名]
def find_path_disclosure(self, request, response):
"""
Actually find the path disclosure vulnerabilities
"""
html_string = response.get_body()
for potential_disclosure in self._potential_disclosures(html_string):
path_disc_regex = self._compiled_regexes[potential_disclosure]
match_list = path_disc_regex.findall(html_string)
# Sort by the longest match, this is needed for filtering out
# some false positives please read the note below.
match_list.sort(longest_cmp)
real_url = response.get_url().url_decode()
for match in match_list:
# Avoid duplicated reports
if (real_url, match) in self._reported:
continue
# Remove false positives
if not self._is_false_positive(match, request, response):
self._reported.append((real_url, match))
desc = 'The URL: "%s" has a path disclosure'\
' vulnerability which discloses "%s".'
desc = desc % (response.get_url(), match)
v = Vuln('Path disclosure vulnerability', desc,
severity.LOW, response.id, self.get_name())
v.set_url(real_url)
v['path'] = match
v.add_to_highlight(match)
self.kb_append(self, 'path_disclosure', v)
return v