[W3af-develop] Wordpress version discovery plugin
Hello, I have developed a python script that can detect the version of a wordpress installation. I think it would fit well within w3af, the only problem being is that I have been unable to find a plugin development manual to be able to implement my script. Is there a dev manual out there? Does any one have some tips/advice on writting a plugin? Does any one want me to send them the script for them to develop the plugin? Thank you, Ryan -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] Wordpress version discovery plugin
Hello, Im new to mailing lists so im not sure if this will be sent there. I'll have a look into intergrating the script into w3af over the next couple of days and hopefully have a working version by the weekend. The script is quite simple once you have the gathered the nesesary data. I went through versions 2.2 to 2.7.1 and manually found client side differences in most of them, I also used the official changelogs to help identify them. The client side differences are in files such as CSS, javascript and HTML. Some versions did not have any differences apart from having extra files, which can easliy be identified with HTTP response codes. It works as such... Starting from version 2.7.1 (latest), the script tries to find something that 2.7 doesnt have, if it finds that something then the script stops and echos the version number. If the script doesnt find the difference it moves onto identifying the next version, i.e. does 2.7 have something the earlier version doesnt have. and so on and so forth. Ryan 2009/5/28 Andres Riancho : > Ryan, > > On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst wrote: >> Hello, >> I have developed a python script that can detect the version of a >> wordpress installation. I think it would fit well within w3af, > > Yes, it seems that it's something good to have in the framework. > > I have like a ton of questions about how it works, could you please > send the script (as it is) to this mailing list for us to read it? > >> the >> only problem being is that I have been unable to find a plugin >> development manual to be able to implement my script. > > There is no development manual :( > > For the type of feature that you want to add, the correct thing is to > use a discovery plugin. discovery plugins are simple, they follow > these rules: > > - the entry point is the discover method > > - the discover method takes a fuzzable request object as a parameter, > and returns a list of fuzzable requests > (fuzzable requests are representations of GET/POST requests, which > represent links, and forms) > > - the discover method is called several times in the same scan, with > the different links that (for example) the webSpider finds. > > I think that the best thing you can do is to read one or two discovery > plugins (my recommendations are discovery.crossDomain and > discovery.userDir), and start building your own plugin based on one of > those. > >> Is there a dev manual out there? > > No > >> Does any one have some tips/advice on writting a plugin? > > Yes, see above, > >> Does any one want me to send them the script for them to develop the plugin? > > You should develop the plugin yourself, is fun and good for the project =) > > Cheers, > >> Thank you, >> Ryan >> >> -- >> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >> is a gathering of tech-side developers & brand creativity professionals. Meet >> the minds behind Google Creative Lab, Visual Complexity, Processing, & >> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian >> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >> ___ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > #!usr/bin/python import httplib, urllib2, socket, sys #wpurl = raw_input("Enter the WP URL you want to find the version of: ") wpurl = sys.argv[1].replace("http://","";) wpurl = wpurl.replace("www.","") errors = '404' def wp271(): url = wpurl + '/wp-includes/js/thickbox/thickbox.css' # Get page HTML try: Request = urllib2.urlopen('http://' + url) difference = '-ms-filter:' if difference in Request.read(): return 'true' except urllib2.HTTPError: return 'false' def wp27(): url = wpurl + '/wp-admin/css/farbtastic.css' # Get page HTML try: Request = urllib2.urlopen('http://' + url) difference = 'farbtastic' if difference in Request.read(): return 'true' except urllib2.HTTPError: return 'false' def wp26(): try: url = wpurl + '/wp-includes/js/tinymce/wordpress.css' # Get page HTML Request = urllib2.urlopen('http://' + url) difference = '-khtml-border-radius:' if difference in Request.read(): return 'true&
Re: [W3af-develop] Wordpress version discovery plugin
Yes, I dont see why not. Should be easy enough tro implement. You mentioned during our email conversation that wordpress echos its version number in the page head. I managed to find an example of it. Your right I do have a security plugin installed which must have removed it from my blog. Here is an example: 2009/5/28 Andres Riancho : > Ryan, > > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho > wrote: >> Ryan, >> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >> wrote: >>> Hello, >>> Im new to mailing lists so im not sure if this will be sent there. >> >> It depends on the mailing list. This one is configured to accept attachments, >> >>> I'll have a look into intergrating the script into w3af over the next >>> couple of days and hopefully have a working version by the weekend. >> >> Excellent, if you need ANY help, just let us know. >> >>> The script is quite simple once you have the gathered the nesesary >>> data. I went through versions 2.2 to 2.7.1 and manually found client >>> side differences in most of them, I also used the official changelogs >>> to help identify them. >> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of >> different wordpress release packages? >> >>> The client side differences are in files such as CSS, javascript and >>> HTML. Some versions did not have any differences apart from having >>> extra files, which can easliy be identified with HTTP response codes. >>> >>> It works as such... >>> >>> Starting from version 2.7.1 (latest), the script tries to find >>> something that 2.7 doesnt have, if it finds that something then the >>> script stops and echos the version number. >>> >>> If the script doesnt find the difference it moves onto identifying the >>> next version, i.e. does 2.7 have something the earlier version doesnt >>> have. and so on and so forth. >> >> Ok, makes sense. >> >> Some comments regarding your code: >> >> - w3af uses PEP-8, with among other things says 4-spaces for >> indentations. Your code has 1-space (?) indentations. Please correct >> that. >> >> - The code is pretty simple, but i think it could be done in a better >> way. Having that many functions (wp22 to wp271) doesn't seem to be a >> good option. Do you think that the code could be changed a little bit, >> and create a database (which can be easily updated) and then use that >> database to store the information? Example of the databse >> >> self._wp_fingerprint = >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >> 'farbtastic')] >> >> - Also, by default wordpress publishes the version number in every >> page head. Maybe it would be a good idea to parse that, and compare it >> with the result of the fingerprinting. What do you think? > > A good idea would be to have a first step, before all the version > specific checks, that verifies something that's true for all wordpress > installations (some X file has to be present) before even starting the > fingerprinting. Could this be done? > >> Cheers, >> >>> Ryan >>> >>> >>> 2009/5/28 Andres Riancho : >>>> Ryan, >>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>> wrote: >>>>> Hello, >>>>> I have developed a python script that can detect the version of a >>>>> wordpress installation. I think it would fit well within w3af, >>>> >>>> Yes, it seems that it's something good to have in the framework. >>>> >>>> I have like a ton of questions about how it works, could you please >>>> send the script (as it is) to this mailing list for us to read it? >>>> >>>>> the >>>>> only problem being is that I have been unable to find a plugin >>>>> development manual to be able to implement my script. >>>> >>>> There is no development manual :( >>>> >>>> For the type of feature that you want to add, the correct thing is to >>>> use a discovery plugin. discovery plugins are simple, they follow >>>> these rules: >>>> >>>> - the entry point is the discover method >>>> >>>> - the discover method takes a fuzzable request object as a parameter, >>>> and ret
Re: [W3af-develop] Wordpress version discovery plugin
Im loooking into searching the response html of the index page for the following string: Ive tried with regular expressions and am unable to get it to work, Ive read that re is bad for parsing HTML and that BeautifulSoup should be used. Does w3af already have BeautifulSoup in its dependency list? Ryan P.S. Thanks for the advice backbone46, I'll have a look into that once Ive sorted this out. 2009/5/28 : > Sorry to bump in just like that in the discussion, about the meta tag that > displays > the WordPress version. > > Only since version 2.7 the generator function is in the core of WordPress, > on > earlier versions it was only in the theme. > > Just wanted to mention that. :) > > --- > http://insanesecurity.info > > > On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst > wrote: >> >> Yes, I dont see why not. Should be easy enough tro implement. >> >> You mentioned during our email conversation that wordpress echos its >> version number in the page head. I managed to find an example of it. >> Your right I do have a security plugin installed which must have >> removed it from my blog. >> >> Here is an example: >> >> >> >> 2009/5/28 Andres Riancho : >> > Ryan, >> > >> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >> > wrote: >> >> Ryan, >> >> >> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >> >> wrote: >> >>> Hello, >> >>> Im new to mailing lists so im not sure if this will be sent there. >> >> >> >> It depends on the mailing list. This one is configured to accept >> >> attachments, >> >> >> >>> I'll have a look into intergrating the script into w3af over the next >> >>> couple of days and hopefully have a working version by the weekend. >> >> >> >> Excellent, if you need ANY help, just let us know. >> >> >> >>> The script is quite simple once you have the gathered the nesesary >> >>> data. I went through versions 2.2 to 2.7.1 and manually found client >> >>> side differences in most of them, I also used the official changelogs >> >>> to help identify them. >> >> >> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of >> >> different wordpress release packages? >> >> >> >>> The client side differences are in files such as CSS, javascript and >> >>> HTML. Some versions did not have any differences apart from having >> >>> extra files, which can easliy be identified with HTTP response codes. >> >>> >> >>> It works as such... >> >>> >> >>> Starting from version 2.7.1 (latest), the script tries to find >> >>> something that 2.7 doesnt have, if it finds that something then the >> >>> script stops and echos the version number. >> >>> >> >>> If the script doesnt find the difference it moves onto identifying the >> >>> next version, i.e. does 2.7 have something the earlier version doesnt >> >>> have. and so on and so forth. >> >> >> >> Ok, makes sense. >> >> >> >> Some comments regarding your code: >> >> >> >> - w3af uses PEP-8, with among other things says 4-spaces for >> >> indentations. Your code has 1-space (?) indentations. Please correct >> >> that. >> >> >> >> - The code is pretty simple, but i think it could be done in a better >> >> way. Having that many functions (wp22 to wp271) doesn't seem to be a >> >> good option. Do you think that the code could be changed a little bit, >> >> and create a database (which can be easily updated) and then use that >> >> database to store the information? Example of the databse >> >> >> >> self._wp_fingerprint = >> >> >> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >> >> 'farbtastic')] >> >> >> >> - Also, by default wordpress publishes the version number in every >> >> page head. Maybe it would be a good idea to parse that, and compare it >> >> with the result of the fingerprinting. What do you think? >> > >> > A good idea would be to have a first step, before all the version >> > specific checks, that verifies something that's true for all wordpress >> > installation
Re: [W3af-develop] Wordpress version discovery plugin
Just to let everyone know where I am with the plugin. I'm a complete n00b at re and couldnt get backbone's code to work, so I read a couple of manuals and finally got it working with: An explanation of what the plugin will do: --- It will first check to see if the server has the following file "/wp-admin/index.php". If it does It will check to see whether or not the version is in the index header. If it finds the version it will store it in a variable. It will then run through the checks from my original code to try and guess the version. The output will be as follows: -- If the version is not in the index and not found with the data = "version under 2.2" If the version is in the index and in the data are the same = "whatever version was found" If the version is in the index and in the data are different = ""Version shows as $version in index header however the data shows $version" I still need to implement the data checks however my girlfriend has fallen ill and has been admitted to hospital for an emergency operation. I don't think I will be able to finish the plugin this weekend as promised earlier however will still be working on it next week. I was also thinking on listing the vulnerabilitys for each version (if any) on the output. Ryan 2009/5/29 Andres Riancho : > Ryan, > > On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst > wrote: >> Im loooking into searching the response html of the index page for the >> following string: >> >> >> Ive tried with regular expressions and am unable to get it to work, > > backbone sent you a solution, > >> Ive read that re is bad for parsing HTML and that BeautifulSoup >> should be used. >> >> Does w3af already have BeautifulSoup in its dependency list? > > Yes, it's in the dependency list, but we aren't using it "for that". > Long story short, please use the re =) > >> Ryan >> >> P.S. Thanks for the advice backbone46, I'll have a look into that once >> Ive sorted this out. >> >> >> 2009/5/28 : >>> Sorry to bump in just like that in the discussion, about the meta tag that >>> displays >>> the WordPress version. >>> >>> Only since version 2.7 the generator function is in the core of WordPress, >>> on >>> earlier versions it was only in the theme. >>> >>> Just wanted to mention that. :) >>> >>> --- >>> http://insanesecurity.info >>> >>> >>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst >>> wrote: >>>> >>>> Yes, I dont see why not. Should be easy enough tro implement. >>>> >>>> You mentioned during our email conversation that wordpress echos its >>>> version number in the page head. I managed to find an example of it. >>>> Your right I do have a security plugin installed which must have >>>> removed it from my blog. >>>> >>>> Here is an example: >>>> >>>> >>>> >>>> 2009/5/28 Andres Riancho : >>>> > Ryan, >>>> > >>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>> > wrote: >>>> >> Ryan, >>>> >> >>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>>> >> wrote: >>>> >>> Hello, >>>> >>> Im new to mailing lists so im not sure if this will be sent there. >>>> >> >>>> >> It depends on the mailing list. This one is configured to accept >>>> >> attachments, >>>> >> >>>> >>> I'll have a look into intergrating the script into w3af over the next >>>> >>> couple of days and hopefully have a working version by the weekend. >>>> >> >>>> >> Excellent, if you need ANY help, just let us know. >>>> >> >>>> >>> The script is quite simple once you have the gathered the nesesary >>>> >>> data. I went through versions 2.2 to 2.7.1 and manually found client >>>> >>> side differences in most of them, I also used the official changelogs >>>> >>> to help identify them. >>>> >> >>>> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of >>>> >> different wordpress release packages? >>>> >> >>>> >>> The client side differe
Re: [W3af-develop] Wordpress version discovery plugin
Hello, Sorry its been so long with the wrodpress version checker plugin, had some life problems. Anyway... I have come to a logic problem which I cannot seem to solve and was wondering if any one could give me some pointers... Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a file/image being present i.e status 200 I cannot figure out how to check for this while using the self._wp_fingerprint array. Here is the code so far, I have not yet tested it out, but should give you a basic idea of how it will run. I was also thinking of implementing a plugin version checker as there are many plugins with vulns. Thank you, Ryan P.S. To test it through w3af, do I just pop the py file into the plugin folder or is there any other code to be changed? 2009/5/31 Ryan Dewhurst : > Just to let everyone know where I am with the plugin. > > I'm a complete n00b at re and couldnt get backbone's code to work, so > I read a couple of manuals and finally got it working with: > > > An explanation of what the plugin will do: > --- > > It will first check to see if the server has the following file > "/wp-admin/index.php". > > If it does > > It will check to see whether or not the version is in the index header. > > If it finds the version it will store it in a variable. > > It will then run through the checks from my original code to try and > guess the version. > > > The output will be as follows: > -- > > If the version is not in the index and not found with the data = > "version under 2.2" > If the version is in the index and in the data are the same = > "whatever version was found" > If the version is in the index and in the data are different = > ""Version shows as $version in index header however the data shows > $version" > > I still need to implement the data checks however my girlfriend has > fallen ill and has been admitted to hospital for an emergency > operation. I don't think I will be able to finish the plugin this > weekend as promised earlier however will still be working on it next > week. > > I was also thinking on listing the vulnerabilitys for each version (if > any) on the output. > > Ryan > > > 2009/5/29 Andres Riancho : >> Ryan, >> >> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst >> wrote: >>> Im loooking into searching the response html of the index page for the >>> following string: >>> >>> >>> Ive tried with regular expressions and am unable to get it to work, >> >> backbone sent you a solution, >> >>> Ive read that re is bad for parsing HTML and that BeautifulSoup >>> should be used. >>> >>> Does w3af already have BeautifulSoup in its dependency list? >> >> Yes, it's in the dependency list, but we aren't using it "for that". >> Long story short, please use the re =) >> >>> Ryan >>> >>> P.S. Thanks for the advice backbone46, I'll have a look into that once >>> Ive sorted this out. >>> >>> >>> 2009/5/28 : >>>> Sorry to bump in just like that in the discussion, about the meta tag that >>>> displays >>>> the WordPress version. >>>> >>>> Only since version 2.7 the generator function is in the core of WordPress, >>>> on >>>> earlier versions it was only in the theme. >>>> >>>> Just wanted to mention that. :) >>>> >>>> --- >>>> http://insanesecurity.info >>>> >>>> >>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst >>>> wrote: >>>>> >>>>> Yes, I dont see why not. Should be easy enough tro implement. >>>>> >>>>> You mentioned during our email conversation that wordpress echos its >>>>> version number in the page head. I managed to find an example of it. >>>>> Your right I do have a security plugin installed which must have >>>>> removed it from my blog. >>>>> >>>>> Here is an example: >>>>> >>>>> >>>>> >>>>> 2009/5/28 Andres Riancho : >>>>> > Ryan, >>>>> > >>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>>> > wrote: >>>>> >> Ryan, >>>>> >> >>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>
Re: [W3af-develop] Wordpress version discovery plugin
>Also delete the .pyc file, and no reinstall is needed. There was none. > Yes, many. > You are missing some required methods, like setOptions, getOptions, > getLongDescription, etc. Please see other plugins for a complete list, They are already in the code: # W3af options and output def getOptions( self ): ''' @return: A list of option objects for this plugin. ''' ol = optionList() return ol def setOptions( self, OptionList ): ''' This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions(). @parameter OptionList: A dictionary with the options for the plugin. @return: No value is returned. ''' pass def getPluginDeps( self ): ''' @return: A list with the names of the plugins that should be runned before the current one. ''' return [] def getLongDesc( self ): ''' @return: A DETAILED description of the plugin functions and features. ''' return ''' This plugin searches for client side differences between different versions of WordPress. ''' 2009/6/6 Andres Riancho : > Ryan, > > On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst wrote: >> I moved the wpvchecker.py file into the /plugin/discovery folder. When >> I try to launch w3af I get an error (screenshot attached), the prompt >> only lasts a few seconds so could not copy/paste the full error >> output. >> >> When I remove the wpvchecker.py file out of the dir the error persists >> and I have to un/re install w3af to get it working again. > > Also delete the .pyc file, and no reinstall is needed. > >> Any ideas? > > Yes, many. > You are missing some required methods, like setOptions, getOptions, > getLongDescription, etc. Please see other plugins for a complete list, > >> Thanks again, >> Ryan >> >> 2009/6/6 Andres Riancho : >>> Ryan, >>> >>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst >>> wrote: >>>> Hello, >>>> Sorry its been so long with the wrodpress version checker plugin, had >>>> some life problems. >>> >>> No problem man, I hope things are going better now. >>> >>>> Anyway... >>>> >>>> I have come to a logic problem which I cannot seem to solve and was >>>> wondering if any one could give me some pointers... >>>> >>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a >>>> file/image being present i.e status 200 >>>> >>>> I cannot figure out how to check for this while using the >>>> self._wp_fingerprint array. >>> >>> The for loop that works with the array looks like this: >>> >>> for data in self._wp_fingerprint: >>> >>> # Complete URL to test, url+file >>> test_URL = urlParser.urlJoin( base_url, >>> self._wp_fingerprint[0] ) >>> >>> if self._wp_fingerprint[1] in response: >>> version = self._wp_fingerprint[2] >>> break >>> else: >>> version = 'Version lower than 2.2' >>> >>> But there are some parts missing, like actually requesting to the >>> server the test_URL. On the other part, the "200" logic could be >>> easily done like this: >>> >>> if self._wp_fingerprint[1] == 200 and not >>> is_404(response): >>> # it was found! >>> elif self._wp_fingerprint[1] in response: >>> version = self._wp_fingerprint[2] >>> break >>> else: >>> version = 'Version lower than 2.2' >>> >>> To make this work, you should change the '' in the fingerprint array >>> by a 200, and it should all work. >>> >>>> Here is the code so far, I have not yet tested it out, but should give >>>> you a basic idea of how it will run. >>> >>> Yes, and it makes much more sense to me this way. The older version >>> was "ugly" :) >>> >>>> I was also thinking of >>>> i
Re: [W3af-develop] Wordpress version discovery plugin
I decided to move over to my Linux box for the development of the plugin. One of the reasons I could not get the plugin to run through w3af was that the plugin file name was not the same as the class name. It now runs through w3af with out any errors. The only thing is that the info output is not showing in kb. Im using this which I found in another plugin: # Save it to the kb! i = info.info() i.setName('WordPress version') i.setURL( wp_index_url ) i.setId( http_response.id ) i.setDesc( 'WordPress version "'+ self._version +'" found in the index header.' ) kb.kb.append( self, 'WordPress version', i ) om.out.information( i.getDesc() ) Attached is the latest version. Ryan 2009/6/6 Andres Riancho : > Ryan, > > On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst wrote: >>>Also delete the .pyc file, and no reinstall is needed. >> >> There was none. >> >>> Yes, many. >>> You are missing some required methods, like setOptions, getOptions, >>> getLongDescription, etc. Please see other plugins for a complete list, >> >> They are already in the code: >> >> # W3af options and output >> def getOptions( self ): >> ''' >> �...@return: A list of option objects for this plugin. >> ''' >> ol = optionList() >> return ol >> >> def setOptions( self, OptionList ): >> ''' >> This method sets all the options that are configured using the >> user interface >> generated by the framework using the result of getOptions(). >> >> �...@parameter OptionList: A dictionary with the options for the >> plugin. >> �...@return: No value is returned. >> ''' >> pass >> >> def getPluginDeps( self ): >> ''' >> �...@return: A list with the names of the plugins that should be >> runned before the >> current one. >> ''' >> return [] >> >> def getLongDesc( self ): >> ''' >> �...@return: A DETAILED description of the plugin functions and >> features. >> ''' >> return ''' >> This plugin searches for client side differences between >> different versions of WordPress. >> ''' > > Then try to run w3af from a console: > > in cmd.exe run python w3af_console.py > >> >> 2009/6/6 Andres Riancho : >>> Ryan, >>> >>> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst >>> wrote: >>>> I moved the wpvchecker.py file into the /plugin/discovery folder. When >>>> I try to launch w3af I get an error (screenshot attached), the prompt >>>> only lasts a few seconds so could not copy/paste the full error >>>> output. >>>> >>>> When I remove the wpvchecker.py file out of the dir the error persists >>>> and I have to un/re install w3af to get it working again. >>> >>> Also delete the .pyc file, and no reinstall is needed. >>> >>>> Any ideas? >>> >>> Yes, many. >>> You are missing some required methods, like setOptions, getOptions, >>> getLongDescription, etc. Please see other plugins for a complete list, >>> >>>> Thanks again, >>>> Ryan >>>> >>>> 2009/6/6 Andres Riancho : >>>>> Ryan, >>>>> >>>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst >>>>> wrote: >>>>>> Hello, >>>>>> Sorry its been so long with the wrodpress version checker plugin, had >>>>>> some life problems. >>>>> >>>>> No problem man, I hope things are going better now. >>>>> >>>>>> Anyway... >>>>>> >>>>>> I have come to a logic problem which I cannot seem to solve and was >>>>>> wondering if any one could give me some pointers... >>>>>> >>>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a >>>>>> file/image being present i.e status 200 >>>>>> >>>>>> I cannot figure out how to check for this while using the >>>>>> self._wp_fingerprint array. >>>>> >>>>> The for loop that works with the array looks like this: >>>>> >>>>>
Re: [W3af-develop] Wordpress version discovery plugin
Managed to work it out and now making good progress. :) 2009/6/7 Ryan Dewhurst : > I decided to move over to my Linux box for the development of the > plugin. One of the reasons I could not get the plugin to run through > w3af was that the plugin file name was not the same as the class name. > > It now runs through w3af with out any errors. The only thing is that > the info output is not showing in kb. > > Im using this which I found in another plugin: > > # Save it to the kb! > i = info.info() > i.setName('WordPress version') > i.setURL( wp_index_url ) > i.setId( http_response.id ) > i.setDesc( 'WordPress version "'+ self._version +'" found in the > index header.' ) > kb.kb.append( self, 'WordPress version', i ) > om.out.information( i.getDesc() ) > > Attached is the latest version. > > Ryan > > 2009/6/6 Andres Riancho : >> Ryan, >> >> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst wrote: >>>>Also delete the .pyc file, and no reinstall is needed. >>> >>> There was none. >>> >>>> Yes, many. >>>> You are missing some required methods, like setOptions, getOptions, >>>> getLongDescription, etc. Please see other plugins for a complete list, >>> >>> They are already in the code: >>> >>> # W3af options and output >>> def getOptions( self ): >>> ''' >>> �...@return: A list of option objects for this plugin. >>> ''' >>> ol = optionList() >>> return ol >>> >>> def setOptions( self, OptionList ): >>> ''' >>> This method sets all the options that are configured using the >>> user interface >>> generated by the framework using the result of getOptions(). >>> >>> �...@parameter OptionList: A dictionary with the options for the >>> plugin. >>> �...@return: No value is returned. >>> ''' >>> pass >>> >>> def getPluginDeps( self ): >>> ''' >>> �...@return: A list with the names of the plugins that should be >>> runned before the >>> current one. >>> ''' >>> return [] >>> >>> def getLongDesc( self ): >>> ''' >>> �...@return: A DETAILED description of the plugin functions and >>> features. >>> ''' >>> return ''' >>> This plugin searches for client side differences between >>> different versions of WordPress. >>> ''' >> >> Then try to run w3af from a console: >> >> in cmd.exe run python w3af_console.py >> >>> >>> 2009/6/6 Andres Riancho : >>>> Ryan, >>>> >>>> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst >>>> wrote: >>>>> I moved the wpvchecker.py file into the /plugin/discovery folder. When >>>>> I try to launch w3af I get an error (screenshot attached), the prompt >>>>> only lasts a few seconds so could not copy/paste the full error >>>>> output. >>>>> >>>>> When I remove the wpvchecker.py file out of the dir the error persists >>>>> and I have to un/re install w3af to get it working again. >>>> >>>> Also delete the .pyc file, and no reinstall is needed. >>>> >>>>> Any ideas? >>>> >>>> Yes, many. >>>> You are missing some required methods, like setOptions, getOptions, >>>> getLongDescription, etc. Please see other plugins for a complete list, >>>> >>>>> Thanks again, >>>>> Ryan >>>>> >>>>> 2009/6/6 Andres Riancho : >>>>>> Ryan, >>>>>> >>>>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst >>>>>> wrote: >>>>>>> Hello, >>>>>>> Sorry its been so long with the wrodpress version checker plugin, had >>>>>>> some life problems. >>>>>> >>>>>> No problem man, I hope things are going better now. >>>>>> >>>>>>> Anyway... >>>>>>> >>>>>>> I have come to a logic problem which I cannot seem to solve and was >>>>&
Re: [W3af-develop] Wordpress version discovery plugin
w00t w00t! All tested and working! Thanks to everyone for their help especially Andres for putting up with my noobness. I will look into implementing the vulns for each version and then eventually a wp plugin version finder. Feedback and suggestions welcome! :-) 2009/6/7 Andres Riancho : > Ryan, > > On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst wrote: >> I decided to move over to my Linux box for the development of the >> plugin. One of the reasons I could not get the plugin to run through >> w3af was that the plugin file name was not the same as the class name. > > Ok, makes sense, > >> It now runs through w3af with out any errors. The only thing is that >> the info output is not showing in kb. > > Are you saving it to the kb? > >> Im using this which I found in another plugin: >> >> # Save it to the kb! >> i = info.info() >> i.setName('WordPress version') >> i.setURL( wp_index_url ) >> i.setId( http_response.id ) >> i.setDesc( 'WordPress version "'+ self._version +'" found in the >> index header.' ) >> kb.kb.append( self, 'WordPress version', i ) >> om.out.information( i.getDesc() ) > > That seems to be enough to save the version to the kb, > >> Attached is the latest version. > > I applied some minor changes: > > - Changed the name of the plugin to wordpress_plugin, because > wpvChecker is cryptic to users. > - The code has some serious errors, that are possibly the reason you > don't see anything: > > ...@brick:~/w3af/w3af/trunk$ pylint > --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e > * Module wordpress_version > E: 98:wordpress_version.discover: Undefined variable 're' > E:109:wordpress_version.discover: Undefined variable 'http_response' > E:150:wordpress_version.discover: Undefined variable 'http_response' > > Have you tested the plugin? Do you get a big traceback when running it? > > - This line in the fingerprint DB: > > ('/wp-admin/async-upload.php','200','2.5'), > > Doesn't match this line: > > if self._wp_fingerprint[1] == 200 and not is_404(response): > > '200' and 200 aren't equal in python: > > >>> '200' == 200 > False > > You should change your database to 200, instead of '200' where necessary. > > - One more detail, is that it would be nice to compare the version in > the HTML header, with the fingerprinted version, and report if they > differ. > > You're on the right path, I think that with these recommendations > you'll be able to complete the development of your first w3af plugin > =) > > PS: You should answer inline. > >> Ryan >> >> 2009/6/6 Andres Riancho : >>> Ryan, >>> >>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst wrote: >>>>>Also delete the .pyc file, and no reinstall is needed. >>>> >>>> There was none. >>>> >>>>> Yes, many. >>>>> You are missing some required methods, like setOptions, getOptions, >>>>> getLongDescription, etc. Please see other plugins for a complete list, >>>> >>>> They are already in the code: >>>> >>>> # W3af options and output >>>> def getOptions( self ): >>>> ''' >>>> �...@return: A list of option objects for this plugin. >>>> ''' >>>> ol = optionList() >>>> return ol >>>> >>>> def setOptions( self, OptionList ): >>>> ''' >>>> This method sets all the options that are configured using the >>>> user interface >>>> generated by the framework using the result of getOptions(). >>>> >>>> �...@parameter OptionList: A dictionary with the options for the >>>> plugin. >>>> �...@return: No value is returned. >>>> ''' >>>> pass >>>> >>>> def getPluginDeps( self ): >>>> ''' >>>> �...@return: A list with the names of the plugins that should be >>>> runned before the >>>> current one. >>>> ''' >>>> return [] >>>> >>>> def getLongDesc( self ): >>>> ''
Re: [W3af-develop] Wordpress version discovery plugin
Found a bug that I am working on now. 2009/6/7 Ryan Dewhurst : > w00t w00t! > > All tested and working! > > Thanks to everyone for their help especially Andres for putting up > with my noobness. I will look into implementing the vulns for each > version and then eventually a wp plugin version finder. > > Feedback and suggestions welcome! :-) > > 2009/6/7 Andres Riancho : >> Ryan, >> >> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst wrote: >>> I decided to move over to my Linux box for the development of the >>> plugin. One of the reasons I could not get the plugin to run through >>> w3af was that the plugin file name was not the same as the class name. >> >> Ok, makes sense, >> >>> It now runs through w3af with out any errors. The only thing is that >>> the info output is not showing in kb. >> >> Are you saving it to the kb? >> >>> Im using this which I found in another plugin: >>> >>> # Save it to the kb! >>> i = info.info() >>> i.setName('WordPress version') >>> i.setURL( wp_index_url ) >>> i.setId( http_response.id ) >>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>> index header.' ) >>> kb.kb.append( self, 'WordPress version', i ) >>> om.out.information( i.getDesc() ) >> >> That seems to be enough to save the version to the kb, >> >>> Attached is the latest version. >> >> I applied some minor changes: >> >> - Changed the name of the plugin to wordpress_plugin, because >> wpvChecker is cryptic to users. >> - The code has some serious errors, that are possibly the reason you >> don't see anything: >> >> ...@brick:~/w3af/w3af/trunk$ pylint >> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >> * Module wordpress_version >> E: 98:wordpress_version.discover: Undefined variable 're' >> E:109:wordpress_version.discover: Undefined variable 'http_response' >> E:150:wordpress_version.discover: Undefined variable 'http_response' >> >> Have you tested the plugin? Do you get a big traceback when running it? >> >> - This line in the fingerprint DB: >> >> ('/wp-admin/async-upload.php','200','2.5'), >> >> Doesn't match this line: >> >> if self._wp_fingerprint[1] == 200 and not >> is_404(response): >> >> '200' and 200 aren't equal in python: >> >> >>> '200' == 200 >> False >> >> You should change your database to 200, instead of '200' where necessary. >> >> - One more detail, is that it would be nice to compare the version in >> the HTML header, with the fingerprinted version, and report if they >> differ. >> >> You're on the right path, I think that with these recommendations >> you'll be able to complete the development of your first w3af plugin >> =) >> >> PS: You should answer inline. >> >>> Ryan >>> >>> 2009/6/6 Andres Riancho : >>>> Ryan, >>>> >>>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst >>>> wrote: >>>>>>Also delete the .pyc file, and no reinstall is needed. >>>>> >>>>> There was none. >>>>> >>>>>> Yes, many. >>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>> getLongDescription, etc. Please see other plugins for a complete list, >>>>> >>>>> They are already in the code: >>>>> >>>>> # W3af options and output >>>>> def getOptions( self ): >>>>> ''' >>>>> �...@return: A list of option objects for this plugin. >>>>> ''' >>>>> ol = optionList() >>>>> return ol >>>>> >>>>> def setOptions( self, OptionList ): >>>>> ''' >>>>> This method sets all the options that are configured using the >>>>> user interface >>>>> generated by the framework using the result of getOptions(). >>>>> >>>>> �...@parameter OptionList: A dictionary with the options for the >>>>> plugin. >>>>
Re: [W3af-develop] Wordpress version discovery plugin
Here is the final version. (I hope) 2009/6/7 Ryan Dewhurst : > Found a bug that I am working on now. > > 2009/6/7 Ryan Dewhurst : >> w00t w00t! >> >> All tested and working! >> >> Thanks to everyone for their help especially Andres for putting up >> with my noobness. I will look into implementing the vulns for each >> version and then eventually a wp plugin version finder. >> >> Feedback and suggestions welcome! :-) >> >> 2009/6/7 Andres Riancho : >>> Ryan, >>> >>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst >>> wrote: >>>> I decided to move over to my Linux box for the development of the >>>> plugin. One of the reasons I could not get the plugin to run through >>>> w3af was that the plugin file name was not the same as the class name. >>> >>> Ok, makes sense, >>> >>>> It now runs through w3af with out any errors. The only thing is that >>>> the info output is not showing in kb. >>> >>> Are you saving it to the kb? >>> >>>> Im using this which I found in another plugin: >>>> >>>> # Save it to the kb! >>>> i = info.info() >>>> i.setName('WordPress version') >>>> i.setURL( wp_index_url ) >>>> i.setId( http_response.id ) >>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>> index header.' ) >>>> kb.kb.append( self, 'WordPress version', i ) >>>> om.out.information( i.getDesc() ) >>> >>> That seems to be enough to save the version to the kb, >>> >>>> Attached is the latest version. >>> >>> I applied some minor changes: >>> >>> - Changed the name of the plugin to wordpress_plugin, because >>> wpvChecker is cryptic to users. >>> - The code has some serious errors, that are possibly the reason you >>> don't see anything: >>> >>> ...@brick:~/w3af/w3af/trunk$ pylint >>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >>> * Module wordpress_version >>> E: 98:wordpress_version.discover: Undefined variable 're' >>> E:109:wordpress_version.discover: Undefined variable 'http_response' >>> E:150:wordpress_version.discover: Undefined variable 'http_response' >>> >>> Have you tested the plugin? Do you get a big traceback when running it? >>> >>> - This line in the fingerprint DB: >>> >>> ('/wp-admin/async-upload.php','200','2.5'), >>> >>> Doesn't match this line: >>> >>> if self._wp_fingerprint[1] == 200 and not >>> is_404(response): >>> >>> '200' and 200 aren't equal in python: >>> >>> >>> '200' == 200 >>> False >>> >>> You should change your database to 200, instead of '200' where necessary. >>> >>> - One more detail, is that it would be nice to compare the version in >>> the HTML header, with the fingerprinted version, and report if they >>> differ. >>> >>> You're on the right path, I think that with these recommendations >>> you'll be able to complete the development of your first w3af plugin >>> =) >>> >>> PS: You should answer inline. >>> >>>> Ryan >>>> >>>> 2009/6/6 Andres Riancho : >>>>> Ryan, >>>>> >>>>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst >>>>> wrote: >>>>>>>Also delete the .pyc file, and no reinstall is needed. >>>>>> >>>>>> There was none. >>>>>> >>>>>>> Yes, many. >>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>> getLongDescription, etc. Please see other plugins for a complete list, >>>>>> >>>>>> They are already in the code: >>>>>> >>>>>> # W3af options and output >>>>>> def getOptions( self ): >>>>>> ''' >>>>>> �...@return: A list of option objects for this plugin. >>>>>> ''' >>>>>> ol = optionList() >>>>>&g
Re: [W3af-develop] Wordpress version discovery plugin
2009/6/7 Andres Riancho : > Ryan, > > On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst wrote: >> Here is the final version. (I hope) > > I just tried your plugin with http://www.bonsai-sec.com/blog/ as a > target, and it's failing to find anything. I think that the problem is > in: > > base_url = urlParser.baseUrl( fuzzableRequest.getURL() ) > wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' ) > > Which will always return http://host.tld/wp-login.php , no matter what > the fuzzableRequest.getURL() was: in my case it was > http://www.bonsai-sec.com/blog/ . > Fixed this with: wp_unique_url = fuzzableRequest.getURL() + '/wp-login.php' response = self._urlOpener.GET( wp_unique_url, useCache=True ) > And also on the way that self._exec is ALWAYS set to false. I think > that self._exec should be set to false only after actually finding a > wordpress installation and fingerprinting it. > Implemented this. > Please test the plugin a little more with different wordpress > installs, and then let us know how it worked out =) > Tested on about 5 different installations so far, all working. > PS: Please use inline for answering emails, top posting sucks. > Sorry, always forget about this, lol. Any other changes/feedback let me know. Attached is the latest version. :) >> 2009/6/7 Ryan Dewhurst : >>> Found a bug that I am working on now. >>> >>> 2009/6/7 Ryan Dewhurst : >>>> w00t w00t! >>>> >>>> All tested and working! >>>> >>>> Thanks to everyone for their help especially Andres for putting up >>>> with my noobness. I will look into implementing the vulns for each >>>> version and then eventually a wp plugin version finder. >>>> >>>> Feedback and suggestions welcome! :-) >>>> >>>> 2009/6/7 Andres Riancho : >>>>> Ryan, >>>>> >>>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst >>>>> wrote: >>>>>> I decided to move over to my Linux box for the development of the >>>>>> plugin. One of the reasons I could not get the plugin to run through >>>>>> w3af was that the plugin file name was not the same as the class name. >>>>> >>>>> Ok, makes sense, >>>>> >>>>>> It now runs through w3af with out any errors. The only thing is that >>>>>> the info output is not showing in kb. >>>>> >>>>> Are you saving it to the kb? >>>>> >>>>>> Im using this which I found in another plugin: >>>>>> >>>>>> # Save it to the kb! >>>>>> i = info.info() >>>>>> i.setName('WordPress version') >>>>>> i.setURL( wp_index_url ) >>>>>> i.setId( http_response.id ) >>>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>>>> index header.' ) >>>>>> kb.kb.append( self, 'WordPress version', i ) >>>>>> om.out.information( i.getDesc() ) >>>>> >>>>> That seems to be enough to save the version to the kb, >>>>> >>>>>> Attached is the latest version. >>>>> >>>>> I applied some minor changes: >>>>> >>>>> - Changed the name of the plugin to wordpress_plugin, because >>>>> wpvChecker is cryptic to users. >>>>> - The code has some serious errors, that are possibly the reason you >>>>> don't see anything: >>>>> >>>>> ...@brick:~/w3af/w3af/trunk$ pylint >>>>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >>>>> * Module wordpress_version >>>>> E: 98:wordpress_version.discover: Undefined variable 're' >>>>> E:109:wordpress_version.discover: Undefined variable 'http_response' >>>>> E:150:wordpress_version.discover: Undefined variable 'http_response' >>>>> >>>>> Have you tested the plugin? Do you get a big traceback when running it? >>>>> >>>>> - This line in the fingerprint DB: >>>>> >>>>> ('/wp-admin/async-upload.php','200','2.5'), >>>>> >>>>> Doesn't match this line: >>>>> >>
Re: [W3af-develop] Wordpress version discovery plugin
Sorry, I left some debug code in the last one and forgot to change some variables. 2009/6/8 Ryan Dewhurst : > 2009/6/7 Andres Riancho : >> Ryan, >> >> On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst wrote: >>> Here is the final version. (I hope) >> >> I just tried your plugin with http://www.bonsai-sec.com/blog/ as a >> target, and it's failing to find anything. I think that the problem is >> in: >> >> base_url = urlParser.baseUrl( fuzzableRequest.getURL() ) >> wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' ) >> >> Which will always return http://host.tld/wp-login.php , no matter what >> the fuzzableRequest.getURL() was: in my case it was >> http://www.bonsai-sec.com/blog/ . >> > > Fixed this with: > > wp_unique_url = fuzzableRequest.getURL() + '/wp-login.php' > response = self._urlOpener.GET( wp_unique_url, useCache=True ) > >> And also on the way that self._exec is ALWAYS set to false. I think >> that self._exec should be set to false only after actually finding a >> wordpress installation and fingerprinting it. >> > > Implemented this. > >> Please test the plugin a little more with different wordpress >> installs, and then let us know how it worked out =) >> > > Tested on about 5 different installations so far, all working. > >> PS: Please use inline for answering emails, top posting sucks. >> > > Sorry, always forget about this, lol. > > Any other changes/feedback let me know. Attached is the latest version. :) > >>> 2009/6/7 Ryan Dewhurst : >>>> Found a bug that I am working on now. >>>> >>>> 2009/6/7 Ryan Dewhurst : >>>>> w00t w00t! >>>>> >>>>> All tested and working! >>>>> >>>>> Thanks to everyone for their help especially Andres for putting up >>>>> with my noobness. I will look into implementing the vulns for each >>>>> version and then eventually a wp plugin version finder. >>>>> >>>>> Feedback and suggestions welcome! :-) >>>>> >>>>> 2009/6/7 Andres Riancho : >>>>>> Ryan, >>>>>> >>>>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst >>>>>> wrote: >>>>>>> I decided to move over to my Linux box for the development of the >>>>>>> plugin. One of the reasons I could not get the plugin to run through >>>>>>> w3af was that the plugin file name was not the same as the class name. >>>>>> >>>>>> Ok, makes sense, >>>>>> >>>>>>> It now runs through w3af with out any errors. The only thing is that >>>>>>> the info output is not showing in kb. >>>>>> >>>>>> Are you saving it to the kb? >>>>>> >>>>>>> Im using this which I found in another plugin: >>>>>>> >>>>>>> # Save it to the kb! >>>>>>> i = info.info() >>>>>>> i.setName('WordPress version') >>>>>>> i.setURL( wp_index_url ) >>>>>>> i.setId( http_response.id ) >>>>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>>>>> index header.' ) >>>>>>> kb.kb.append( self, 'WordPress version', i ) >>>>>>> om.out.information( i.getDesc() ) >>>>>> >>>>>> That seems to be enough to save the version to the kb, >>>>>> >>>>>>> Attached is the latest version. >>>>>> >>>>>> I applied some minor changes: >>>>>> >>>>>> - Changed the name of the plugin to wordpress_plugin, because >>>>>> wpvChecker is cryptic to users. >>>>>> - The code has some serious errors, that are possibly the reason you >>>>>> don't see anything: >>>>>> >>>>>> ...@brick:~/w3af/w3af/trunk$ pylint >>>>>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >>>>>> * Module wordpress_version >>>>>> E: 98:wordpress_version.discover: Undefined variable 're' >>>>>> E:109:wordpress_version.discover: Undefined variable 'http_response' >>>>>> E:150:wordpress_version
Re: [W3af-develop] Wordpress version discovery plugin
2009/6/8 Andres Riancho : > Ryan, > > On Mon, Jun 8, 2009 at 10:18 AM, Ryan Dewhurst wrote: >> 2009/6/7 Andres Riancho : >>> Ryan, >>> >>> On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst >>> wrote: >>>> Here is the final version. (I hope) >>> >>> I just tried your plugin with http://www.bonsai-sec.com/blog/ as a >>> target, and it's failing to find anything. I think that the problem is >>> in: >>> >>> base_url = urlParser.baseUrl( fuzzableRequest.getURL() ) >>> wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' ) >>> >>> Which will always return http://host.tld/wp-login.php , no matter what >>> the fuzzableRequest.getURL() was: in my case it was >>> http://www.bonsai-sec.com/blog/ . >>> >> >> Fixed this with: >> >> wp_unique_url = fuzzableRequest.getURL() + '/wp-login.php' >> response = self._urlOpener.GET( wp_unique_url, useCache=True ) > > If the URL is http://www.bonsai-sec.com/blog/ and you perform that, > you end up with http://www.bonsai-sec.com/blog//wp-login.php , which > is not what you want. I think that the solution was this one: > > base_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) > wp_unique_url = urlParser.urlJoin( base_url , 'wp-login.php' ) > > But I'm not sure, you should test it. I tried this yesterday and had no luck however I will give it another go as I did not spend too much time on it. > >>> And also on the way that self._exec is ALWAYS set to false. I think >>> that self._exec should be set to false only after actually finding a >>> wordpress installation and fingerprinting it. >>> >> >> Implemented this. > > Cool, > >>> Please test the plugin a little more with different wordpress >>> installs, and then let us know how it worked out =) >>> >> >> Tested on about 5 different installations so far, all working. > > Cool, > >>> PS: Please use inline for answering emails, top posting sucks. >>> >> >> Sorry, always forget about this, lol. >> >> Any other changes/feedback let me know. Attached is the latest version. :) > > I think we're almost ready to put it in the trunk, what do you think? > Yup! :-) As soon as I have fixed the URL issue I dont see why not. One thing I would like you to look at is the output, is it accurately worded to the w3af style? Does it have too little or too much output? >>>> 2009/6/7 Ryan Dewhurst : >>>>> Found a bug that I am working on now. >>>>> >>>>> 2009/6/7 Ryan Dewhurst : >>>>>> w00t w00t! >>>>>> >>>>>> All tested and working! >>>>>> >>>>>> Thanks to everyone for their help especially Andres for putting up >>>>>> with my noobness. I will look into implementing the vulns for each >>>>>> version and then eventually a wp plugin version finder. >>>>>> >>>>>> Feedback and suggestions welcome! :-) >>>>>> >>>>>> 2009/6/7 Andres Riancho : >>>>>>> Ryan, >>>>>>> >>>>>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst >>>>>>> wrote: >>>>>>>> I decided to move over to my Linux box for the development of the >>>>>>>> plugin. One of the reasons I could not get the plugin to run through >>>>>>>> w3af was that the plugin file name was not the same as the class name. >>>>>>> >>>>>>> Ok, makes sense, >>>>>>> >>>>>>>> It now runs through w3af with out any errors. The only thing is that >>>>>>>> the info output is not showing in kb. >>>>>>> >>>>>>> Are you saving it to the kb? >>>>>>> >>>>>>>> Im using this which I found in another plugin: >>>>>>>> >>>>>>>> # Save it to the kb! >>>>>>>> i = info.info() >>>>>>>> i.setName('WordPress version') >>>>>>>> i.setURL( wp_index_url ) >>>>>>>> i.setId( http_response.id ) >>>>>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>>>>>> index header.' ) >>>>>>>&
Re: [W3af-develop] Enhancements to wordpress_fingerprint.py
2009/6/8 Andres Riancho : > Ryan, > > On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola wrote: >> Guys, >> Sorry for getting into the middle of this thread without knocking... > > hehehe > >> Inline since I hate bottom posting :) > > ok, > >> Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >>> Ryan, >>> >>> First of all, I would like to congratulate you for a job well >>> done. The wordpress_fingerprint plugin is now part of w3af. >>> >>> I just commited it [0] to the trunk with a couple of changes >>> (please review those changes, they are important). >>> >>> On the other hand, we still need to work a little more on this >>> plugin. One of the features that I think should be implemented is the >>> comparison between the fingerprinted version, and the version that's >>> retrieved with the regular expression, could you do that? >> I'll do this over the next few days. >> I know is a bit out of scope with the actual implementation of the >> wordpress_fingerprint plugin, but I just finished reading this >> interesting post: >> >> Web App Version detection using fingerprinting >> http://sucuri.net/?page=docs&title=webapp-version-detection >> >> in particular: >> 2- Wordpress Version Detection >> 3- Wordpress version fingerprinting - Comparing files > > Ahhh! This is the blog post that I was talking about with Ryan! I > failed to find it after reading it a couple of weeks ago! Thanks > Stefano! > Aye, this was more or less the same way as I got the fingerprinting data. Wish I had seen that blog post before I started as I did all my research manually. lol >> which I think is on topic at least to some extent. >> It should not be too difficult to add a txt file and check for the >> existence of those files to get a double check confirmation of the WP >> version. > > I think that we could add this information to the plugin fingerprint > "database" pretty easily. Thanks! > Yup, now the code is working it will be easy to extend on it. Will also be easy to use the same template for other popular web apps. I'll read the post in more detail tonight. > Cheers, > >> >>> Also related, I just twitted about this [1] >>> >>> [0] >>> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >>> [1] http://twitter.com/w3af >>> >>> Cheers, >> >> Cheers, >> >> > > Thank you and cheers! Blogged about w3af/plugin: http://www.ethicalhack3r.co.uk/ > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] Enhancements to wordpress_fingerprint.py
I have implemented the re and data checker, to compare them both and output as appropriate. Seems to be working however in KB the request/response windows are incorrect. Ryan ''' wordpress_fingerprint.py Copyright 2006 Andres Riancho This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' import core.controllers.outputManager as om # Import options import re from core.data.options.option import option from core.data.options.optionList import optionList from core.controllers.basePlugin.baseDiscoveryPlugin import baseDiscoveryPlugin import core.data.kb.knowledgeBase as kb import core.data.kb.vuln as vuln import core.data.kb.info as info import core.data.constants.severity as severity import core.data.parsers.urlParser as urlParser from core.controllers.w3afException import w3afException, w3afRunOnce # Main class class wordpress_fingerprint(baseDiscoveryPlugin): ''' Finds the version of a WordPress installation. @author: Ryan Dewhurst ( ryandewhu...@gmail.com ) www.ethicalhack3r.co.uk ''' def __init__(self): baseDiscoveryPlugin.__init__(self) # Internal variables self._exec = True self._data_version = 'None' self._re_version = 'None' def discover(self, fuzzableRequest ): ''' Finds the version of a WordPress installation. @parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test. ''' dirs = [] if not self._exec : # This will remove the plugin from the discovery plugins to be runned. raise w3afRunOnce() else: # ## Check if the server is running wp ## # # 404 error messages is_404 = kb.kb.getData( 'error404page', '404' ) self._fuzzableRequests = [] # Main scan URL passed from w3af + unique wp file wp_unique_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) + '/wp-login.php' response = self._urlOpener.GET( wp_unique_url, useCache=True ) # If wp_unique_url is not 404, wordpress = true if not is_404( response ): dirs.extend( self._createFuzzableRequests( response ) ) ## ## Check if the wp version is in index header ## ## # Main scan URL passed from w3af + wp index page wp_index_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) + '/index.php' response = self._urlOpener.GET( wp_index_url, useCache=True ) # Find the string in the response html find = '' m = re.search(find, response.getBody()) # If string found, group version if m: m = m.group(1) self._re_version = m # ## Find wordpress version from data ## # # Wordpress version unique data, file/data/version self._wp_fingerprint = [['/wp-includes/js/thickbox/thickbox.css','-ms-filter:','2.7.1'], ['/wp-admin/css/farbtastic.css','.farbtastic','2.7'], ['/wp-includes/js/tinymce/wordpress.css','-khtml-border-radius:','2.6.1, 2.6.2, 2.6.3 or 2.6.5'], ['/wp-includes/js/tinymce/tiny_mce.js','0.7','2.5.1'], ['/wp-admin/async-upload.php','200','2.5'], ['/wp-includes/images/rss.png','200','2.3.1, 2.3.2 or 2.3.3'], ['/readme.html','2.3','2.3'], ['/wp-includes/rtl.css','#adminmenu a','2.2.3'], ['/wp-includes/js/wp-ajax.js','var a = $H();','2.2.1'], ['/wp-app.php','200','2.2']
Re: [W3af-develop] Enhancements to wordpress_fingerprint.py
2009/6/8 Andres Riancho : > Ryan, > > On Mon, Jun 8, 2009 at 4:50 PM, Ryan Dewhurst wrote: >> I have implemented the re and data checker, to compare them both and >> output as appropriate. > > That part seems to be ok, > >> Seems to be working however in KB the request/response windows are incorrect. > > Could you elaborate more on this? > If you look at the kb info the request/response windows after the plugin has run it shows inacurate HTTP request/responses. i.e. the version was found from the regular expression in the index.php header, the request/response window will show the http request/response for one of the files in the database rather than the correct index.php. Im finding the above hard to explain, ill take a screenshot to elaborate more. > Related: > - You didn't used the version in the SVN to create the new > version, they are some inconsistencies. Please use the SVN version to > build from it. I did use the SVN version. > - It doesn't make sense to check for index.php instead of > wp-login.php , the index.php would be a match for almost every web > application running PHP. The idea is to check for wp-login.php to be > able to be more performant and don't request all files in the > fingerprint database for every directory in the web application. > > Cheers, > It does check for wp-login.php rather than index.php. # Main scan URL passed from w3af + unique wp file wp_unique_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) + '/wp-login.php' response = self._urlOpener.GET( wp_unique_url, useCache=True ) # If wp_unique_url is not 404, wordpress = true if not is_404( response ): Am I missing the point? Ryan >> Ryan >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] Enhancements to wordpress_fingerprint.py
2009/6/10 Andres Riancho : > Stefano, All, > > On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola wrote: >> Guys, >> Sorry for getting into the middle of this thread without knocking... >> Inline since I hate bottom posting :) >> >> Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >>> Ryan, >>> >>> First of all, I would like to congratulate you for a job well >>> done. The wordpress_fingerprint plugin is now part of w3af. >>> >>> I just commited it [0] to the trunk with a couple of changes >>> (please review those changes, they are important). >>> >>> On the other hand, we still need to work a little more on this >>> plugin. One of the features that I think should be implemented is the >>> comparison between the fingerprinted version, and the version that's >>> retrieved with the regular expression, could you do that? >> >> I know is a bit out of scope with the actual implementation of the >> wordpress_fingerprint plugin, but I just finished reading this >> interesting post: >> >> Web App Version detection using fingerprinting >> http://sucuri.net/?page=docs&title=webapp-version-detection > > Also related, and from the same guys: > http://sucuri.net/index.php?page=docs&title=state-wordpress-security > Here he says that the readme.html bears the wordpress version, however this is not always true. http://sucuri.net/?page=docs&title=wordpress-hardening Here is what I found: 2.7.1 shows 2.7 2.7 shows 2.7 2.6.5 shows 2.6.1 2.6.3 shows 2.6.1 2.6.2 shows 2.6.1 2.6.1 shows 2.6.1 2.6 shows 2.6 2.5.1 shows 2.5 2.5 shows 2.5 2.3.3 shows 2.3 2.3.2 shows 2.3 2.3.1 shows 2.3 2.3 shows 2.3 2.2.3 shows 2.2 As you can see it is not a reliable source for fingerprinting the wordpress version. >> in particular: >> 2- Wordpress Version Detection >> 3- Wordpress version fingerprinting - Comparing files >> >> which I think is on topic at least to some extent. >> It should not be too difficult to add a txt file and check for the >> existence of those files to get a double check confirmation of the WP >> version. >> >> >>> Also related, I just twitted about this [1] >>> >>> [0] >>> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >>> [1] http://twitter.com/w3af >>> >>> Cheers, >> >> Cheers, >> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] Enhancements to wordpress_fingerprint.py
2009/6/10 Andres Riancho : > Ryan, > > On Tue, Jun 9, 2009 at 9:39 PM, Ryan Dewhurst wrote: >> 2009/6/10 Andres Riancho : >>> Stefano, All, >>> >>> On Mon, Jun 8, 2009 at 12:36 PM, Stefano Di Paola wrote: >>>> Guys, >>>> Sorry for getting into the middle of this thread without knocking... >>>> Inline since I hate bottom posting :) >>>> >>>> Il giorno lun, 08/06/2009 alle 12.05 -0300, Andres Riancho ha scritto: >>>>> Ryan, >>>>> >>>>> First of all, I would like to congratulate you for a job well >>>>> done. The wordpress_fingerprint plugin is now part of w3af. >>>>> >>>>> I just commited it [0] to the trunk with a couple of changes >>>>> (please review those changes, they are important). >>>>> >>>>> On the other hand, we still need to work a little more on this >>>>> plugin. One of the features that I think should be implemented is the >>>>> comparison between the fingerprinted version, and the version that's >>>>> retrieved with the regular expression, could you do that? >>>> >>>> I know is a bit out of scope with the actual implementation of the >>>> wordpress_fingerprint plugin, but I just finished reading this >>>> interesting post: >>>> >>>> Web App Version detection using fingerprinting >>>> http://sucuri.net/?page=docs&title=webapp-version-detection >>> >>> Also related, and from the same guys: >>> http://sucuri.net/index.php?page=docs&title=state-wordpress-security >>> >> >> Here he says that the readme.html bears the wordpress version, however >> this is not always true. >> >> http://sucuri.net/?page=docs&title=wordpress-hardening >> >> Here is what I found: >> >> 2.7.1 shows 2.7 >> 2.7 shows 2.7 >> 2.6.5 shows 2.6.1 >> 2.6.3 shows 2.6.1 >> 2.6.2 shows 2.6.1 >> 2.6.1 shows 2.6.1 >> 2.6 shows 2.6 >> 2.5.1 shows 2.5 >> 2.5 shows 2.5 >> 2.3.3 shows 2.3 >> 2.3.2 shows 2.3 >> 2.3.1 shows 2.3 >> 2.3 shows 2.3 >> 2.2.3 shows 2.2 >> >> As you can see it is not a reliable source for fingerprinting the >> wordpress version. > > But it's one more source of "version information", I think it should > be added and properly documented in the same way that you explain in > this email. In the best case scenario, the user would have three > information objects in the kb: > > - One with the fingerprinted version that says "2.7.1" > - One with the readme.html version that says "2.7" > - One with the index.php header information that says "2.7.1" > > If in one case we see something like readme.html=="2.6" and > fingerprinted version=="2.7.1", maybe we can report to the user that > this is a 2.6 version that was upgraded to 2.7.1? Just ideas that > should be researched a little more and maybe implemented into code. > > Cheers, > Aye, I see what you mean. I'll have a look into it over the weekend. I like the way sucuri's information gathering tool finds the wordpress installation path from server errors also. >>>> in particular: >>>> 2- Wordpress Version Detection >>>> 3- Wordpress version fingerprinting - Comparing files >>>> >>>> which I think is on topic at least to some extent. >>>> It should not be too difficult to add a txt file and check for the >>>> existence of those files to get a double check confirmation of the WP >>>> version. >>>> >>>> >>>>> Also related, I just twitted about this [1] >>>>> >>>>> [0] >>>>> http://w3af.svn.sourceforge.net/viewvc/w3af/trunk/plugins/discovery/wordpress_fingerprint.py?view=markup >>>>> [1] http://twitter.com/w3af >>>>> >>>>> Cheers, >>>> >>>> Cheers, >>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
[W3af-develop] HTML OUTPUT
Hello all, If HTML output is chosen the "w3af target URL's" part is never populated when the report.html file is generated. -- Ryan Dewhurst http://www.ethicalhack3r.co.uk http://www.dvwa.co.uk http://www.twitter.com/ethicalhack3r -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] HTML OUTPUT
Hi, I was using a script to run w3af. The script set a profile and named the output file. Apart from that I don't think anything was different. I will set up w3af on my new system and see if I get the same results on there. Thank you, Ryan 2009/12/2 Andres Riancho : > Ryan, > > On Mon, Nov 30, 2009 at 6:55 PM, Ryan Dewhurst wrote: >> Hello all, >> If HTML output is chosen the "w3af target URL's" part is never populated >> when the report.html file is generated. > > Works for me. How're you running w3af? Could you send me step by step > procedure to reproduce this issue? Thanks! > > Cheers, > >> -- >> Ryan Dewhurst >> >> http://www.ethicalhack3r.co.uk >> http://www.dvwa.co.uk >> http://www.twitter.com/ethicalhack3r >> >> -- >> Join us December 9, 2009 for the Red Hat Virtual Experience, >> a free event focused on virtualization and cloud computing. >> Attend in-depth sessions from your desk. Your couch. Anywhere. >> http://p.sf.net/sfu/redhat-sfdev2dev >> ___ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Ryan Dewhurst http://www.ethicalhack3r.co.uk http://www.dvwa.co.uk http://www.twitter.com/ethicalhack3r -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] HTML OUTPUT
Hi Andres, I have changed machines (Ubuntu Karmic) and am using a fresh install of w3af. 1. "sudo apt-get install w3af" - (Version 1.0-rc2 from Debian Package 1.0-rc2svn2845-1ubuntu2) 2. $ w3af 3. Select OWASP Top10 profile. 4. Enable output/htmlFile 5. Set fileName option to to "/home/ryan/Desktop/report.html" 6. Enter target URL 7. Press start. All above done via /w3af_gui. No changes made at all to w3af apart from the above. If you need any more info let me know. Ryan 2009/12/2 Andres Riancho : > Ryan, > > On Wed, Dec 2, 2009 at 5:23 PM, Ryan Dewhurst wrote: >> Hi, >> I was using a script to run w3af. The script set a profile and named >> the output file. Apart from that I don't think anything was different. >> I will set up w3af on my new system and see if I get the same results >> on there. > > Ok, please try to send me the step-by-step instructions to reproduce it. > > Thanks! > >> Thank you, >> Ryan >> >> 2009/12/2 Andres Riancho : >>> Ryan, >>> >>> On Mon, Nov 30, 2009 at 6:55 PM, Ryan Dewhurst >>> wrote: >>>> Hello all, >>>> If HTML output is chosen the "w3af target URL's" part is never populated >>>> when the report.html file is generated. >>> >>> Works for me. How're you running w3af? Could you send me step by step >>> procedure to reproduce this issue? Thanks! >>> >>> Cheers, >>> >>>> -- >>>> Ryan Dewhurst >>>> >>>> http://www.ethicalhack3r.co.uk >>>> http://www.dvwa.co.uk >>>> http://www.twitter.com/ethicalhack3r >>>> >>>> -- >>>> Join us December 9, 2009 for the Red Hat Virtual Experience, >>>> a free event focused on virtualization and cloud computing. >>>> Attend in-depth sessions from your desk. Your couch. Anywhere. >>>> http://p.sf.net/sfu/redhat-sfdev2dev >>>> ___ >>>> W3af-develop mailing list >>>> W3af-develop@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >> >> >> >> -- >> Ryan Dewhurst >> >> http://www.ethicalhack3r.co.uk >> http://www.dvwa.co.uk >> http://www.twitter.com/ethicalhack3r >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > -- Ryan Dewhurst http://www.ethicalhack3r.co.uk http://www.dvwa.co.uk http://www.twitter.com/ethicalhack3r -- Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
[W3af-develop] You have to install nltk.
When I first run the latest SVN revision (3956) of w3af_gui on BackTrack4 RC2, I got the following error: You have to install nltk. - On Debian based distributions: apt-get install python-nltk As far as I'm aware BT4 RC2 is based off of Ubuntu which is a Debian system. When running 'apt-get install python-nltk' (as root) it cannot find the package. To get it working I took the following steps: wget http://pyyaml.org/download/pyyaml/PyYAML-3.09.tar.gz tar -xzvf PyYAML-3.09.tar.gz cd PyYAML-3.09 python setup.py install cd .. wget http://nltk.googlecode.com/files/nltk-2.0b9.tar.gz tar -xzvf nltk-2.0b9.tar.gz cd nltk-2.0b9 python setup.py install After that w3af_gui would run. Just thought I would put it here in case anyone else came across the same situation. Ryan Ryan Dewhurst blog www.ethicalhack3r.co.uk projects www.dvwa.co.uk | www.webwordcount.com twitter www.twitter.com/ethicalhack3r -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop