本文整理汇总了Python中w3af.core.data.kb.vuln.Vuln.from_mutant方法的典型用法代码示例。如果您正苦于以下问题:Python Vuln.from_mutant方法的具体用法?Python Vuln.from_mutant怎么用?Python Vuln.from_mutant使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.kb.vuln.Vuln的用法示例。
在下文中一共展示了Vuln.from_mutant方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze results of the send_mutant method.
"""
orig_resp_body = mutant.get_original_response_body()
body = response.get_body()
for pattern_match in self._find_patterns(body):
# Remove false positives
if pattern_match in orig_resp_body:
continue
# Only report vulnerabilities once
if self._has_bug(mutant):
return
# Create the vulnerability!
desc = 'An XML External Entity injection was found at: %s'
desc %= mutant.found_at()
v = Vuln.from_mutant('XML External Entity', desc, severity.HIGH,
response.id, self.get_name(), mutant)
v.add_to_highlight(pattern_match)
self.kb_append_uniq(self, 'xxe', v)
return
# We get here when there are no vulnerabilities in the response
# but we still want to flag any parsing errors which might be
# pointers to other (more complex to identify and exploit)
# vulnerabilities
for parser_error in self.parser_errors_multi_in.query(body):
# Do not report that we found an error when we already found
# something with higher priority in the same mutant
if self._has_bug(mutant):
return
# Do not report the same error twice
if self._has_bug(mutant, kb_varname='errors'):
return
desc = ('An XML library parsing error was found at: %s. These'
' errors usually indicate that an XML injection is'
' possible.')
desc %= mutant.found_at()
v = Vuln.from_mutant('XML Parsing Error', desc, severity.LOW,
response.id, self.get_name(), mutant)
v.add_to_highlight(parser_error)
self.kb_append_uniq(self, 'errors', v)
return示例2: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze the result of the previously sent request.
:return: None, save the vuln to the kb.
"""
# Store the mutants in order to be able to analyze the persistent case
# later
expected_results = self._get_expected_results(mutant)
for expected_result in expected_results:
self._expected_mutant_dict[expected_result] = mutant
# Now we analyze the "reflected" case
if self._has_bug(mutant):
return
for expected_result in expected_results:
if expected_result not in response:
continue
if expected_result in mutant.get_original_response_body():
continue
desc = "Server side include (SSI) was found at: %s"
desc %= mutant.found_at()
v = Vuln.from_mutant(
"Server side include vulnerability", desc, severity.HIGH, response.id, self.get_name(), mutant
)
v.add_to_highlight(expected_result)
self.kb_append_uniq(self, "ssi", v)示例3: _analyze_persistent
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_persistent(self, freq, response):
"""
Analyze the response of sending each fuzzable request found by the
framework, trying to identify any locations where we might have injected
a payload.
:param freq: The fuzzable request
:param response: The HTTP response
:return: None, vulns are stored in KB
"""
for matched_expected_result in self._persistent_multi_in.query(response.get_body()):
# We found one of the expected results, now we search the
# self._expected_mutant_dict to find which of the mutants sent it
# and create the vulnerability
mutant = self._expected_mutant_dict[matched_expected_result]
desc = ('Server side include (SSI) was found at: %s'
' The result of that injection is shown by browsing'
' to "%s".')
desc %= (mutant.found_at(), freq.get_url())
v = Vuln.from_mutant('Persistent server side include vulnerability',
desc, severity.HIGH, response.id,
self.get_name(), mutant)
v.add_to_highlight(matched_expected_result)
self.kb_append(self, 'ssi', v)示例4: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze results of the _send_mutant method.
"""
#
# I will only report the vulnerability once.
#
if self._has_no_bug(mutant):
for error in self.ERROR_STRINGS:
# Check if the error string is in the response
if error in response.body and \
error not in mutant.get_original_response_body():
desc = 'A possible (detection is really hard...) format'\
' string vulnerability was found at: %s'
desc = desc % mutant.found_at()
v = Vuln.from_mutant('Format string vulnerability', desc,
severity.MEDIUM, response.id,
self.get_name(), mutant)
v.add_to_highlight(error)
self.kb_append_uniq(self, 'format_string', v)
break示例5: _report_vuln
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _report_vuln(self, mutant, response, mod_value):
"""
Create a Vuln object and store it in the KB.
:return: None
"""
csp_protects = site_protected_against_xss_by_csp(response)
vuln_severity = severity.LOW if csp_protects else severity.MEDIUM
desc = 'A Cross Site Scripting vulnerability was found at: %s'
desc = desc % mutant.found_at()
if csp_protects:
desc += 'The risk associated with this vulnerability was lowered'\
' because the site correctly implements CSP. The'\
' vulnerability is still a risk for the application since'\
' only the latest versions of some browsers implement CSP'\
' checking.'
v = Vuln.from_mutant('Cross site scripting vulnerability', desc,
vuln_severity, response.id, self.get_name(),
mutant)
v.add_to_highlight(mod_value)
self.kb_append_uniq(self, 'xss', v)示例6: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze results of the _send_mutant method.
"""
if self._has_bug(mutant):
return
dom = response.get_dom()
if response.is_text_or_html() and dom is not None:
elem_list = self._tag_xpath(dom)
for element in elem_list:
if 'src' not in element.attrib:
return []
src_attr = element.attrib['src']
for url in self._test_urls:
if src_attr.startswith(url):
# Vuln vuln!
desc = 'A phishing vector was found at: %s'
desc = desc % mutant.found_at()
v = Vuln.from_mutant('Phishing vector', desc,
severity.LOW, response.id,
self.get_name(), mutant)
v.add_to_highlight(src_attr)
self.kb_append_uniq(self, 'phishing_vector', v)示例7: is_injectable
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def is_injectable(self, mutant):
"""
Check if this mutant is delay injectable or not.
@mutant: The mutant object that I have to inject to
:return: A vulnerability object or None if nothing is found
"""
for delay_obj in self._get_delays():
ed = ExactDelayController(mutant, delay_obj, self._uri_opener)
success, responses = ed.delay_is_controlled()
if success:
# Now I can be sure that I found a vuln, we control the response
# time with the delay
desc = 'Blind SQL injection using time delays was found at: %s'
desc = desc % mutant.found_at()
response_ids = [r.id for r in responses]
v = Vuln.from_mutant('Blind SQL injection vulnerability', desc,
severity.HIGH, response_ids, 'blind_sqli',
mutant)
om.out.debug(v.get_desc())
return v
return None示例8: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze results of the _send_mutant method.
"""
if not response.is_text_or_html():
return
if self._has_bug(mutant):
return
for tag in mp_doc_parser.get_tags_by_filter(response, self.TAGS):
src_attr = tag.attrib.get('src', None)
if src_attr is None:
continue
for url in self._test_urls:
if not src_attr.startswith(url):
continue
# Vuln vuln!
desc = 'A phishing vector was found at: %s'
desc %= mutant.found_at()
v = Vuln.from_mutant('Phishing vector', desc, severity.LOW,
response.id, self.get_name(), mutant)
v.add_to_highlight(src_attr)
self.kb_append_uniq(self, 'phishing_vector', v)
break示例9: batch_injection_test
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def batch_injection_test(self, freq, orig_response):
"""
Uses the batch injection technique to find memcache injections
"""
# shortcuts
send_clean = self._uri_opener.send_clean
orig_body = orig_response.get_body()
for mutant in create_mutants(freq, ['']):
# trying to break normal execution flow with ERROR_1 payload
mutant.set_token_value(self.ERROR_1)
error_1_response, body_error_1_response = send_clean(mutant)
if fuzzy_equal(orig_body, body_error_1_response, self._eq_limit):
#
# if we manage to break execution flow, there is a potential
# injection otherwise - no injection!
#
continue
# trying the correct injection request, to confirm that we've found
# it!
mutant.set_token_value(self.OK)
ok_response, body_ok_response = send_clean(mutant)
if fuzzy_equal(body_error_1_response, body_ok_response,
self._eq_limit):
#
# The "OK" and "ERROR_1" responses are equal, this means that
# we're not in a memcached injection
#
continue
# ERROR_2 request to just make sure that we're in a memcached case
mutant.set_token_value(self.ERROR_2)
error_2_response, body_error_2_response = send_clean(mutant)
if fuzzy_equal(orig_body, body_error_2_response, self._eq_limit):
#
# now requests should be different again, otherwise injection
# is not confirmed
#
continue
response_ids = [error_1_response.id,
ok_response.id,
error_2_response.id]
desc = ('Memcache injection was found at: "%s", using'
' HTTP method %s. The injectable parameter is: "%s"')
desc %= (mutant.get_url(),
mutant.get_method(),
mutant.get_token_name())
v = Vuln.from_mutant('Memcache injection vulnerability', desc,
severity.HIGH, response_ids, 'memcachei',
mutant)
self.kb_append_uniq(self, 'memcachei', v)示例10: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze results of the _send_mutant method.
"""
#
# I will only report the vulnerability once.
#
if self._has_no_bug(mutant):
if self._header_was_injected(mutant, response):
desc = 'Response splitting was found at: %s' % mutant.found_at()
v = Vuln.from_mutant('Response splitting vulnerability', desc,
severity.MEDIUM, response.id,
self.get_name(), mutant)
self.kb_append_uniq(self, 'response_splitting', v)
# When trying to send a response splitting to php 5.1.2 I get :
# Header may not contain more than a single header, new line detected
for error in self.HEADER_ERRORS:
if error in response:
desc = 'The variable "%s" at URL "%s" modifies the HTTP'\
' response headers, but this error was sent while'\
' testing for response splitting: "%s".'
desc = desc % (mutant.get_var(), mutant.get_url(), error)
i = Info.from_mutant('Parameter modifies response headers',
desc, response.id, self.get_name(),
mutant)
self.kb_append_uniq(self, 'response_splitting', i)
return示例11: analyze_persistent
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def analyze_persistent(freq, response):
for matched_expected_result in multi_in_inst.query(response.get_body()):
# We found one of the expected results, now we search the
# self._persistent_data to find which of the mutants sent it
# and create the vulnerability
mutant = self._expected_res_mutant[matched_expected_result]
desc = (
"Server side include (SSI) was found at: %s"
" The result of that injection is shown by browsing"
' to "%s".'
)
desc = desc % (mutant.found_at(), freq.get_url())
v = Vuln.from_mutant(
"Persistent server side include vulnerability",
desc,
severity.HIGH,
response.id,
self.get_name(),
mutant,
)
v.add_to_highlight(matched_expected_result)
self.kb_append(self, "ssi", v)示例12: _with_time_delay
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _with_time_delay(self, freq):
"""
Tests an URL for OS Commanding vulnerabilities using time delays.
:param freq: A FuzzableRequest
"""
fake_mutants = create_mutants(freq, ['', ])
for mutant in fake_mutants:
if self._has_bug(mutant):
continue
for delay_obj in self._get_wait_commands():
ed = ExactDelayController(mutant, delay_obj, self._uri_opener)
success, responses = ed.delay_is_controlled()
if success:
desc = 'OS Commanding was found at: %s' % mutant.found_at()
v = Vuln.from_mutant('OS commanding vulnerability', desc,
severity.HIGH, [r.id for r in responses],
self.get_name(), mutant)
v['os'] = delay_obj.get_OS()
v['separator'] = delay_obj.get_separator()
self.kb_append_uniq(self, 'os_commanding', v)
break示例13: _analyze_echo
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_echo(self, mutant, response):
"""
Analyze results of the _send_mutant method that was sent in the
_with_echo method.
"""
#
# I will only report the vulnerability once.
#
if self._has_bug(mutant):
return
for file_pattern_match in self._multi_in.query(response.get_body()):
if file_pattern_match not in mutant.get_original_response_body():
# Search for the correct command and separator
sentOs, sentSeparator = self._get_os_separator(mutant)
desc = 'OS Commanding was found at: %s' % mutant.found_at()
# Create the vuln obj
v = Vuln.from_mutant('OS commanding vulnerability', desc,
severity.HIGH, response.id,
self.get_name(), mutant)
v['os'] = sentOs
v['separator'] = sentSeparator
v.add_to_highlight(file_pattern_match)
self.kb_append_uniq(self, 'os_commanding', v)
break示例14: _analyze_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _analyze_result(self, mutant, response):
"""
Analyze results of the _send_mutant method.
"""
if self._has_bug(mutant):
return
if self._header_was_injected(mutant, response):
desc = "Response splitting was found at: %s" % mutant.found_at()
v = Vuln.from_mutant(
"Response splitting vulnerability", desc, severity.MEDIUM, response.id, self.get_name(), mutant
)
self.kb_append_uniq(self, "response_splitting", v)
# When trying to send a response splitting to php 5.1.2 I get :
# Header may not contain more than a single header, new line detected
for error in self.HEADER_ERRORS:
if error in response:
desc = (
'The variable "%s" at URL "%s" modifies the HTTP'
" response headers, but this error was sent while"
' testing for response splitting: "%s".'
)
args = (mutant.get_token_name(), mutant.get_url(), error)
desc = desc % args
i = Info.from_mutant("Parameter modifies response headers", desc, response.id, self.get_name(), mutant)
self.kb_append_uniq(self, "response_splitting", i)
return示例15: _confirm_file_upload
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import from_mutant [as 别名]
def _confirm_file_upload(self, path, mutant, http_response):
"""
Confirms if the file was uploaded to path
:param path: The URL where we suspect that a file was uploaded to.
:param mutant: The mutant that originated the file on the remote end
:param http_response: The HTTP response asociated with sending mutant
"""
get_response = self._uri_opener.GET(path, cache=False)
if not is_404(get_response) and self._has_no_bug(mutant):
# This is necessary, if I don't do this, the session
# saver will break cause REAL file objects can't
# be picked
mutant.set_mod_value('<file_object>')
desc = 'A file upload to a directory inside the webroot' \
' was found at: %s' % mutant.found_at()
v = Vuln.from_mutant('Insecure file upload', desc, severity.HIGH,
[http_response.id, get_response.id],
self.get_name(), mutant)
v['file_dest'] = get_response.get_url()
v['file_vars'] = mutant.get_file_vars()
self.kb_append_uniq(self, 'file_upload', v)