2008/12/23 Andres Riancho <andres.rian...@gmail.com>
> Viktor,
>
> On Mon, Dec 22, 2008 at 6:29 PM, Viktor Gazdag <woodsp...@gmail.com>
> wrote:
> > Hello Andres!
> >
> >
> > I hope this will be the latest version of the frontpage_version plugin.
> :)
> > Check it when you have time and tell me if something is missing.
> >
>
> You are getting better, and your code looks nice in every new
> contribution you make, but... the plugin is still a little messy in
> some places, some examples:
>
> - You define "_exec_one_time" inside "__init__" and you read it's
> value inside "discover", but you never change the value, so... why is
> it there? I think that "self._exec_one_time" should be removed, and
> "self._exec" should be set to False only after finding "_vti_inf.html"
> inside any of the directories that are passed as a parameter.
>
> - If I run pylint against your code, it shields hundreds of warnings
> about bad indentation! The command I'm running is:
> d...@brick:~/w3af/w3af/trunk$ pylint --rcfile=../extras/misc/pylint.rc
> plugins/discovery/frontpage_version.py
>
> - In the cases in which the "_vti_inf.html" page exists, I think that
> we should have some code that looks something like this:
>
> for match in [frontpage_version, frontpage_admin, frontpage_author]:
> if not match:
> # This is wierd... we found a _vti_inf file, but there is no
> frontpage
> # information in it... IPS? WAF? honeypot?
> i = info.info()
> i.setId( response.id )
> i.setName( 'Fake FrontPage Configuration Information' )
> i.setURL( response.getURL() )
> desc = 'A fake FrontPage Configuration Information file was found
> at: "'
> desc += i.getURL()
> desc += '". This may be an indication of a honeypot, a WAF or an
> IPS.'
> i.setDesc( desc )
> kb.kb.append( self, 'fake_frontpage', i )
> om.out.information( i.getDesc() )
>
> I think that w3af should also warn about anomalies, and this would be
> one of those =) What do you think?
I hate that indentation thing! :) I fixed the warnings and the self._exec,
but maybe not the right place. I wrote the three if in one, but that match
thing won't work.
>
>
> Cheers,
> --
> Andres Riancho
> http://w3af.sourceforge.net/
> Web Application Attack and Audit Framework
>
'''
frontpage_version.py
Copyright 2006 Andres Riancho
This file is part of w3af, w3af.sourceforge.net .
w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
#w3af moduls
import core.controllers.outputManager as om
from core.data.options.optionList import optionList
from core.controllers.basePlugin.baseDiscoveryPlugin import baseDiscoveryPlugin
import core.data.parsers.urlParser as urlParser
from core.controllers.w3afException import w3afException
import core.data.kb.knowledgeBase as kb
import core.data.kb.info as info
#python moduls
import re
class frontpage_version(baseDiscoveryPlugin):
'''
Search FrontPage Server Info file and if it finds it will determine its version.
@author: Viktor Gazdag ( woodsp...@gmail.com )
'''
def __init__(self):
baseDiscoveryPlugin.__init__(self)
# Internal variables
self._analyzed_dirs = []
self._exec = True
def discover(self, fuzzableRequest ):
'''
For every directory, fetch a list of files and analyze the response.
@parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test.
'''
fuzzableRequestsToReturn = []
if not self._exec:
# This will remove the plugin from the discovery plugins to be runned.
raise w3afRunOnce()
else:
# Run the plugin.
self._exec = False
is_404 = kb.kb.getData( 'error404page', '404' )
for domain_path in urlParser.getDirectories(fuzzableRequest.getURL() ):
if domain_path not in self._analyzed_dirs:
# Save the domain_path so I know I'm not working in vane
self._analyzed_dirs.append( domain_path )
# Request the file
frontpage_info_url = urlParser.urlJoin( domain_path , "_vti_inf.html" )
try:
response = self._urlOpener.GET( frontpage_info_url, useCache=True )
om.out.debug( '[frontpage_version] Testing "' + frontpage_info_url + '".' )
except w3afException, w3:
msg = 'Failed to GET Frontpage Server _vti_inf.html file: "' + frontpage_info_url + '".'
msg += 'Exception: "' + str(w3) + '".'
om.out.debug( msg )
else:
# Check if it's a Fronpage Info file
if not is_404( response ):
regex_str = 'FPVersion="(.*?)"'
regex_admin = 'FPAdminScriptUrl="(.*?)"'
regex_author = 'FPAuthorScriptUrl="(.*?)"'
#Get the Frontpage version
frontpages_version = re.search(regex_str, response.getBody(), re.IGNORECASE)
#Get the FPAdminScript url
frontpage_admin = re.findall(regex_admin, response.getBody(), re.IGNORECASE)[0][:-9]
#Get the FPAuthorScript url
frontpage_author = re.findall(regex_author, response.getBody(), re.IGNORECASE)[0][:-10]
if frontpages_version and frontpage_admin and frontpage_author:
i = info.info()
i.setId( response.id )
i.setName( 'FrontPage Configuration Information' )
i.setURL( response.getURL() )
desc = 'The FrontPage Configuration Information file was found at: "'
desc += i.getURL()
desc += '" and the version of FrontPage Server Extensions is: "'
desc += frontpages_version.group(1) + '". '
i.setDesc( desc )
i['version'] = frontpages_version.group(1)
kb.kb.append( self, 'frontpage_version', i )
om.out.information( i.getDesc() )
#Set the self._exec to false
self._exec = False
i = info.info()
i.setId( response.id )
i.setName( 'FrontPage FPAdminScriptUrl' )
i.setURL( response.getURL() )
desc = 'The FPAdminScriptUrl directory is at: '
desc += urlParser.getDomainPath(i.getURL()) + frontpage_admin
i.setDesc( desc )
i['FPAdminScriptUrl'] = frontpage_admin
kb.kb.append( self, 'frontpage_version', i )
om.out.information( i.getDesc() )
i = info.info()
i.setId( response.id )
i.setName( 'FrontPage FPAuthorScriptUrl' )
i.setURL( response.getURL() )
desc = 'The FPAuthorScriptUrl directory is at: '
desc += urlParser.getDomainPath(i.getURL()) + frontpage_author
i.setDesc( desc )
i['FPAuthorScriptUrl'] = frontpage_author
kb.kb.append( self, 'frontpage_version', i )
om.out.information( i.getDesc() )
else:
# This is wierd... we found a _vti_inf file, but there is no frontpage
# information in it... IPS? WAF? honeypot?
i = info.info()
i.setId( response.id )
i.setName( 'Fake FrontPage Configuration Information' )
i.setURL( response.getURL() )
desc = 'A fake FrontPage Configuration Information file was found at: "'
desc += i.getURL()
desc += '". This may be an indication of a honeypot, a WAF or an IPS.'
i.setDesc( desc )
kb.kb.append( self, 'fake_frontpage', i )
om.out.information( i.getDesc() )
return fuzzableRequestsToReturn
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
return ol
def setOptions( self, OptionList ):
'''
This method sets all the options that are configured using the user interface
generated by the framework using the result of getOptions().
@parameter OptionList: A dictionary with the options for the plugin.
@return: No value is returned.
'''
pass
def getPluginDeps( self ):
'''
@return: A list with the names of the plugins that should be runned before the
current one.
'''
return []
def getLongDesc( self ):
'''
@return: A DETAILED description of the plugin functions and features.
'''
return '''
This plugin searches for the FrontPage Server Info file and if it finds it will try to
determine the version of the Frontpage Server Extensions. The file is located inside the
web server webroot. For example:
- http://localhost/_vti_inf.html
'''
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
