本文整理汇总了Python中w3af.core.data.kb.vuln.Vuln.get_desc方法的典型用法代码示例。如果您正苦于以下问题:Python Vuln.get_desc方法的具体用法?Python Vuln.get_desc怎么用?Python Vuln.get_desc使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类w3af.core.data.kb.vuln.Vuln的用法示例。
在下文中一共展示了Vuln.get_desc方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _lowest_privilege_test
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _lowest_privilege_test(self, response):
regex_str = 'User/Group </td><td class="v">(.*?)\((\d.*?)\)/(\d.*?)</td>'
lowest_privilege_test = re.search(regex_str, response.get_body(), re.I)
if lowest_privilege_test:
lpt_uname = lowest_privilege_test.group(1)
lpt_uid = lowest_privilege_test.group(2)
lpt_uid = int(lpt_uid)
lpt_gid = lowest_privilege_test.group(3)
if lpt_uid < 99 or lpt_gid < 99 or \
re.match('root|apache|daemon|bin|operator|adm', lpt_uname, re.I):
desc = 'phpinfo()::PHP may be executing as a higher privileged'\
' group. Username: %s, UserID: %s, GroupID: %s.'
desc = desc % (lpt_uname, lpt_uid, lpt_gid)
v = Vuln('PHP lowest_privilege_test:fail', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
else:
lpt_name = 'privilege:' + lpt_uname
lpt_desc = 'phpinfo()::PHP is executing under '
lpt_desc += 'username: ' + lpt_uname + ', '
lpt_desc += 'userID: ' + str(lpt_uid) + ', '
lpt_desc += 'groupID: ' + lpt_gid
i = Info(lpt_name, lpt_desc, response.id, self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', i)
om.out.information(i.get_desc())示例2: _send_and_check
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _send_and_check(self, repo_url, repo_get_files, repo, domain_path):
"""
Check if a repository index exists in the domain_path.
:return: None, everything is saved to the self.out_queue.
"""
http_response = self.http_get_and_parse(repo_url)
if not is_404(http_response):
filenames = repo_get_files(http_response.get_body())
parsed_url_set = set()
for filename in self._clean_filenames(filenames):
test_url = domain_path.url_join(filename)
if test_url not in self._analyzed_filenames:
parsed_url_set.add(test_url)
self._analyzed_filenames.add(filename)
self.worker_pool.map(self.http_get_and_parse, parsed_url_set)
if parsed_url_set:
desc = 'A %s was found at: "%s"; this could indicate that'\
' a %s is accessible. You might be able to download'\
' the Web application source code.'
desc = desc % (repo, http_response.get_url(), repo)
v = Vuln('Source code repository', desc, severity.MEDIUM,
http_response.id, self.get_name())
v.set_url(http_response.get_url())
kb.kb.append(self, repo, v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())示例3: _classic_worker
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _classic_worker(self, gh, search_term):
"""
Perform the searches and store the results in the kb.
"""
google_list = self._google_se.get_n_results(search_term, 9)
for result in google_list:
# I found a vuln in the site!
response = self._uri_opener.GET(result.URL, cache=True)
if not is_404(response):
desc = 'ghdb plugin found a vulnerability at URL: "%s".' \
' According to GHDB the vulnerability description'\
' is "%s".'
desc = desc % (response.get_url(), gh.desc)
v = Vuln('Google hack database match', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
v.set_method('GET')
kb.kb.append(self, 'vuln', v)
om.out.vulnerability(v.get_desc(), severity=severity.LOW)
# Create the fuzzable requests
for fr in self._create_fuzzable_requests(response):
self.output_queue.put(fr)示例4: _check_if_exists
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _check_if_exists(self, web_shell_url):
"""
Check if the file exists.
:param web_shell_url: The URL to check
"""
try:
response = self._uri_opener.GET(web_shell_url, cache=True)
except BaseFrameworkException:
om.out.debug('Failed to GET webshell:' + web_shell_url)
else:
signature = self._match_signature(response)
if signature is None:
return
desc = (u'An HTTP response matching the web backdoor signature'
u' "%s" was found at: "%s"; this could indicate that the'
u' server has been compromised.')
desc %= (signature, response.get_url())
# It's probability is higher if we found a long signature
_severity = severity.HIGH if len(signature) > 8 else severity.MEDIUM
v = Vuln(u'Potential web backdoor', desc, _severity,
response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'backdoors', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
fr = FuzzableRequest.from_http_response(response)
self.output_queue.put(fr)示例5: _find_auth_uri
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _find_auth_uri(self, response):
"""
Analyze a 200 response and report any findings of http://user:[email protected]/
:return: None
"""
#
# Analyze the HTTP URL
#
if ('@' in response.get_uri() and
self._auth_uri_regex.match(response.get_uri().url_string)):
# An authentication URI was found!
desc = 'The resource: "%s" has a user and password in' \
' the URI.'
desc = desc % response.get_uri()
v = Vuln('Basic HTTP credentials', desc, severity.HIGH,
response.id, self.get_name())
v.set_url(response.get_url())
v.add_to_highlight(response.get_uri().url_string)
kb.kb.append(self, 'userPassUri', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
#
# Analyze the HTTP response body
#
url_list = []
try:
DocumentParser = parser_cache.dpc.get_document_parser_for(response)
except BaseFrameworkException, w3:
msg = 'Failed to find a suitable document parser. ' \
'Exception: ' + str(w3)
om.out.debug(msg)示例6: crawl
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def crawl(self, fuzzable_request):
"""
Plugin entry point, perform all the work.
"""
to_check = self._get_to_check(fuzzable_request.get_url())
# I found some URLs, create fuzzable requests
phishtank_matches = self._is_in_phishtank(to_check)
for ptm in phishtank_matches:
response = self._uri_opener.GET(ptm.url)
for fr in self._create_fuzzable_requests(response):
self.output_queue.put(fr)
# Only create the vuln object once
if phishtank_matches:
desc = 'The URL: "%s" seems to be involved in a phishing scam.' \
' Please see %s for more info.'
desc = desc % (ptm.url, ptm.more_info_URL)
v = Vuln('Phishing scam', desc, severity.MEDIUM, response.id,
self.get_name())
v.set_url(ptm.url)
kb.kb.append(self, 'phishtank', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())示例7: _check_if_exists
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _check_if_exists(self, web_shell_url):
"""
Check if the file exists.
:param web_shell_url: The URL to check
"""
try:
response = self._uri_opener.GET(web_shell_url, cache=True)
except BaseFrameworkException:
om.out.debug('Failed to GET webshell:' + web_shell_url)
else:
if self._is_possible_backdoor(response):
desc = 'A web backdoor was found at: "%s"; this could ' \
'indicate that the server has been compromised.'
desc = desc % response.get_url()
v = Vuln('Potential web backdoor', desc, severity.HIGH,
response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'backdoors', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())
fr = FuzzableRequest.from_http_response(response)
self.output_queue.put(fr)示例8: _analyze_crossdomain_clientaccesspolicy
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _analyze_crossdomain_clientaccesspolicy(self, url, response, file_name):
# https://github.com/andresriancho/w3af/issues/14491
if file_name not in self.FILE_TAG_ATTR:
return
try:
dom = xml.dom.minidom.parseString(response.get_body())
except Exception:
# Report this, it may be interesting for the final user
# not a vulnerability per-se... but... it's information after all
if 'allow-access-from' in response.get_body() or \
'cross-domain-policy' in response.get_body() or \
'cross-domain-access' in response.get_body():
desc = 'The "%s" file at: "%s" is not a valid XML.'
desc %= (file_name, response.get_url())
i = Info('Invalid RIA settings file', desc, response.id,
self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
return
tag, attribute = self.FILE_TAG_ATTR.get(file_name)
url_list = dom.getElementsByTagName(tag)
for url in url_list:
url = url.getAttribute(attribute)
if url == '*':
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from any site.'
desc %= (file_name, response.get_url())
v = Vuln('Insecure RIA settings', desc, severity.LOW,
response.id, self.get_name())
v.set_url(response.get_url())
v.set_method('GET')
kb.kb.append(self, 'vuln', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
else:
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from "%s".'
desc %= (file_name, response.get_url(), url)
i = Info('Cross-domain allow ACL', desc, response.id,
self.get_name())
i.set_url(response.get_url())
i.set_method('GET')
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())示例9: _parse_xssed_result
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _parse_xssed_result(self, response):
"""
Parse the result from the xssed site and create the corresponding info
objects.
:return: Fuzzable requests pointing to the XSS (if any)
"""
html_body = response.get_body()
if "<b>XSS:</b>" not in html_body:
# Nothing to see here...
om.out.debug('xssed_dot_com did not find any previously reported'
' XSS vulnerabilities.')
return
#
# Work!
#
regex_many_vulns = re.findall("<a href='(/mirror/\d*/)' target='_blank'>",
html_body)
for mirror_relative_link in regex_many_vulns:
mirror_url = self._xssed_url.url_join(mirror_relative_link)
xss_report_response = self._uri_opener.GET(mirror_url)
matches = re.findall("URL:.+", xss_report_response.get_body())
dxss = self._decode_xssed_url
xss_url = dxss(dxss(matches[0]))
if self._fixed in xss_report_response.get_body():
vuln_severity = severity.LOW
desc = 'According to xssed.com, this URL contained a XSS'\
' vulnerability: "%s".'
desc = desc % xss_url
else:
vuln_severity = severity.HIGH
desc = 'According to xssed.com, this URL contains a'\
' XSS vulnerability: "%s".'
desc = desc % xss_url
v = Vuln('Potential XSS vulnerability', desc,
vuln_severity, response.id, self.get_name())
v.set_url(mirror_url)
kb.kb.append(self, 'xss', v)
om.out.information(v.get_desc())
#
# Add the fuzzable request, this is useful if I have the
# XSS plugin enabled because it will re-test this and
# possibly confirm the vulnerability
#
fr = FuzzableRequest(URL(xss_url))
self.output_queue.put(fr)示例10: _analyze_crossdomain_clientaccesspolicy
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _analyze_crossdomain_clientaccesspolicy(self, url, response, file_name):
try:
dom = xml.dom.minidom.parseString(response.get_body())
except Exception:
# Report this, it may be interesting for the final user
# not a vulnerability per-se... but... it's information after all
if 'allow-access-from' in response.get_body() or \
'cross-domain-policy' in response.get_body() or \
'cross-domain-access' in response.get_body():
desc = 'The "%s" file at: "%s" is not a valid XML.'
desc = desc % (file_name, response.get_url())
i = Info('Invalid RIA settings file', desc, response.id,
self.get_name())
i.set_url(response.get_url())
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())
else:
if file_name == 'crossdomain.xml':
url_list = dom.getElementsByTagName("allow-access-from")
attribute = 'domain'
if file_name == 'clientaccesspolicy.xml':
url_list = dom.getElementsByTagName("domain")
attribute = 'uri'
for url in url_list:
url = url.getAttribute(attribute)
if url == '*':
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from any site.'
desc = desc % (file_name, response.get_url())
v = Vuln('Insecure RIA settings', desc, severity.LOW,
response.id, self.get_name())
v.set_url(response.get_url())
v.set_method('GET')
kb.kb.append(self, 'vuln', v)
om.out.vulnerability(v.get_desc(),
severity=v.get_severity())
else:
desc = 'The "%s" file at "%s" allows flash/silverlight'\
' access from "%s".'
desc = desc % (file_name, response.get_url(), url)
i = Info('Cross-domain allow ACL', desc, response.id,
self.get_name())
i.set_url(response.get_url())
i.set_method('GET')
kb.kb.append(self, 'info', i)
om.out.information(i.get_desc())示例11: _session_cookie_httponly
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _session_cookie_httponly(self, response):
regex_str = 'session\.cookie_httponly</td><td class="v">(Off|no|0)</td>'
session_cookie_httponly = re.search(regex_str, response.get_body(), re.I)
if session_cookie_httponly:
desc = 'The phpinfo()::session.cookie_httponly is off.'
v = Vuln('PHP session.cookie_httponly: Off', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())示例12: _expose_php
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _expose_php(self, response):
regex_str = 'expose_php</td><td class="v">(On|<i>no value</i>)</td>'
expose_php = re.search(regex_str, response.get_body(), re.I)
if expose_php:
desc = 'The phpinfo()::expose_php is enabled.'
v = Vuln('PHP expose_php: On', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())示例13: _display_errors
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _display_errors(self, response):
regex_str = 'display_errors</td><td class="v">(On|<i>no value</i>)</td>'
display_errors = re.search(regex_str, response.get_body(), re.I)
if display_errors:
desc = 'The phpinfo()::display_errors is enabled.'
v = Vuln('PHP display_errors: On', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())示例14: _allow_url_include
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _allow_url_include(self, response):
regex_str = 'allow_url_include</td><td class="v">(On|<i>no value</i>)</td>'
allow_url_include = re.search(regex_str, response.get_body(), re.I)
if allow_url_include:
desc = 'The phpinfo()::allow_url_include is enabled.'
v = Vuln('PHP allow_url_include: On', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())示例15: _session_use_trans
# 需要导入模块: from w3af.core.data.kb.vuln import Vuln [as 别名]
# 或者: from w3af.core.data.kb.vuln.Vuln import get_desc [as 别名]
def _session_use_trans(self, response):
regex_str = 'session\.use_trans</td><td class="v">(On)</td>'
session_use_trans = re.search(regex_str, response.get_body(), re.I)
if session_use_trans:
desc = 'The phpinfo()::session.use_trans is enabled. This makes'\
' session hijacking easier.'
v = Vuln('PHP session_use_trans: On', desc,
severity.MEDIUM, response.id, self.get_name())
v.set_url(response.get_url())
kb.kb.append(self, 'phpinfo', v)
om.out.vulnerability(v.get_desc(), severity=v.get_severity())