2008/11/30 Viktor Gazdag <[EMAIL PROTECTED]>
> 2008/11/30 Andres Riancho <[EMAIL PROTECTED]>
>
>> Viktor,
>>
>> On Sat, Nov 22, 2008 at 1:18 PM, Andres Riancho
>> <[EMAIL PROTECTED]> wrote:
>> > Viktor,
>> >
>> > On Sat, Nov 22, 2008 at 12:47 PM, Viktor Gazdag <[EMAIL PROTECTED]>
>> wrote:
>> >> Hello! :)
>> >>
>> >>
>> >> I would like to be interested in create the frontpage version(151986)
>> and
>> >> the squid(148264) plugins. Can i make them? If yes, I will start to
>> code it,
>> >> but not finished so quickly. I will have more time for them after 2-3
>> weeks,
>> >> when i done with my school things.
>> >
>> > I'm really glad you want to contribute one more time =). Of course you
>> > can do it!
>> >
>> > Regarding the tasks:
>> >
>> > - 151986: discovery plugin to identify frontpage version
>> > It's a rather simple task, you just have to request the
>> > "/_vti_inf.html" page and use a regular expression to get the version.
>> > I think that nessus and metasploit do it, so maybe you can take some
>> > ideas from those plugins/modules.
>>
>> Have you been able to start with the 151986 task? Can I help you with
>> something?
>
>
> I have some problem with the "indent" things, but at Thursday i will make
> it. If i have still problem at Thursday, i will write.
>
>
I change my mind! Here is the plugin. :)
>
>>
>> > - 148264: Identify squid proxy
>> > Regarding this task, the issue is a little bit more complicated. I
>> > think that creating one plugin to address this vulnerability would be
>> > a waste of time, what we could do is create a grep plugin to fetch
>> > information from the headers, that can get the information about
>> > mod-choke[0], squid, and other appliances.
>> >
>> > For now, start with the task 151986, whenever you are done with that,
>> > we can move on to the next one =)
>> >
>> > Thanks!
>> >
>> > [0]
>> http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=150711&group_id=170274&group_project_id=50603
>> >
>> >>
>> -------------------------------------------------------------------------
>> >> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> >> Build the coolest Linux based applications with Moblin SDK & win great
>> >> prizes
>> >> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> >> _______________________________________________
>> >> W3af-develop mailing list
>> >> W3af-develop@lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Andres Riancho
>> > http://w3af.sourceforge.net/
>> > Web Application Attack and Audit Framework
>> >
>>
>>
>>
>> --
>> Andres Riancho
>> http://w3af.sourceforge.net/
>> Web Application Attack and Audit Framework
>>
>
>
'''
frontpage_ver.py
Copyright 2006 Andres Riancho
This file is part of w3af, w3af.sourceforge.net .
w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
import core.controllers.outputManager as om
# options
from core.data.options.option import option
from core.data.options.optionList import optionList
from core.controllers.basePlugin.baseDiscoveryPlugin import baseDiscoveryPlugin
import core.data.kb.knowledgeBase as kb
import core.data.parsers.urlParser as urlParser
import core.data.kb.vuln as vuln
import core.data.constants.severity as severity
from core.controllers.w3afException import w3afException
import re
class frontpage_ver(baseDiscoveryPlugin):
'''
Search PHP Info file and if it finds it will determine the version of PHP.
@author: Viktor Gazdag ( [EMAIL PROTECTED] )
'''
def __init__(self):
baseDiscoveryPlugin.__init__(self)
# Internal variables
self._analyzedDirs = []
def discover(self, fuzzableRequest ):
'''
For every directory, fetch a list of files and analyze the response.
@parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test.
'''
fuzzableRequestsToReturn = []
self.is404 = kb.kb.getData( 'error404page', '404' )
for domain_path in urlParser.getDirectories(fuzzableRequest.getURL() ):
if domain_path not in self._analyzedDirs:
# Save the domain_path so I know I'm not working in vane
self._analyzedDirs.append( domain_path )
# Work!
for FrontPageInfoFilename in self._getFrontPageInfoFile():
# Request the file
FrontPageInfoUrl = urlParser.urlJoin( domain_path , FrontPageInfoFilename )
try:
response = self._urlOpener.GET( FrontPageInfoUrl, useCache=True )
om.out.debug( '[frontpage_ver] Testing "' + FrontPageInfoUrl + '".' )
except w3afException, w3:
om.out.debug('Failed to GET FrontPage Server Info file: "' + phpInfoUrl + '".')
else:
# Check if it's a FrontPage Server Info file
if not self.is404( response ):
frontpageversion = re.search('FPVersion="(.*?)"',response.getBody(), re.IGNORECASE)
if frontpageversion:
v = vuln.vuln()
v.setId( response.id )
v.setName( 'FrontPage Server Info file' )
v.setSeverity(severity.MEDIUM)
v.setURL( response.getURL() )
desc = 'The FrontPage Server Info file was found at: ' + v.getURL()
desc += ' and the version of FrontPage Server Extensions is: "' + frontpageversion.group(1) + '".'
v.setDesc( desc )
kb.kb.append( self, 'frontpage_ver', v )
om.out.vulnerability( v.getDesc(), severity=v.getSeverity() )
return fuzzableRequestsToReturn
def _getFrontPageInfoFile( self ):
'''
@return: Filename of the Frontpage Server Info file.
'''
res = []
res.extend( ['/_vti_inf.html' ] )
return res
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
return ol
def setOptions( self, OptionList ):
'''
This method sets all the options that are configured using the user interface
generated by the framework using the result of getOptions().
@parameter OptionList: A dictionary with the options for the plugin.
@return: No value is returned.
'''
pass
def getPluginDeps( self ):
'''
@return: A list with the names of the plugins that should be runned before the
current one.
'''
return []
def getLongDesc( self ):
'''
@return: A DETAILED description of the plugin functions and features.
'''
return '''
This plugin searches for the FrontPage Server Info file and if it finds it will try to determine the version of the Frontpage Server Extensions.
- http://localhost/w3af/_vti_inf.html
'''
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
