Great! Exactly what I needed. Thanks Andres.
VR -pjh On Dec 22, 2010, at 1:51 PM, Andres Riancho wrote: > Philip, > > Please read inline, > > On Tue, Dec 21, 2010 at 5:49 PM, philip hartlieb > <[email protected]> wrote: >> Hello, >> >> I was able to push my discovery results to a file using the export fuzzable >> requests option in misc settings. > > Cool, > >> The file name is a simple "date_name". There is no .txt or .csv extension. > > Ok, > >> I now want to suck the csv file into the next "audit" using the >> importResults plugin. >> >> I've enabled the xss and importResults plugins only. >> >> I've tried placing the csv file in the root w3af directory so all I need to >> script is "set input_csv filename" when configuring importResults. >> >> No luck. >> >> I've also tried placing the file elsewhere on the file system and scripting >> " set input_csv /full/path/to/filename " >> >> Each time I get a "No target specified" error. > > Are you specifying the target? :) I know it might be > counter-intuitive, but even when importing results from a file you > need to specify the target in w3af. > >> I know that I am incorrectly assuming that no target needs to be specified >> when using the importResults option. > > Cool, > >> Can anyone comment on what needs to go in the "set target" directive when >> using the importResults plugin? > > Its a generic check that we perform. In 99% of the cases it makes > sense to have a target, you've found the case in which its not needed > :) > >> Do I need to specify the path here as well? What would be the format? > > In the target you would put "http://target-web-application.com/"; . > If you only enable the importResults plugin, no URLs out from the ones > specified in the file should be crawled / injected. > >> Thank you, >> >> -pjh >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> Forrester recently released a report on the Return on Investment (ROI) of >> Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even >> within 7 months. Over 3 million businesses have gone Google with Google >> Apps: >> an online email calendar, and document program that's accessible from your >> browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af ---- Philip J. Hartlieb (PhD.) GSLC / Security+ Systems Engineer Space and Naval Warfare (SPAWAR) Systems Center - Atlantic "They would take their software out and race it in the black desert of the electronic night." -- Snow Crash ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
