Permalink
Browse files

Merge branch 'master' into develop

Conflicts:
	w3af/core/ui/api/main.py
	w3af_api
  • Loading branch information...
2 parents 453d6cb + a53d59b commit b9c39f90eb6d297cac7a9d1de0eaaadd9b6f1106 @andresriancho committed Jul 21, 2016
View
@@ -4,7 +4,7 @@ in our Github issue tracker:
https://github.com/andresriancho/w3af/milestones
-They are lots of very interesting problems to solve, they range from enhancing
+There are lots of very interesting problems to solve, they range from enhancing
algorithms for detecting vulnerabilities and low level performance improvements
to user interface usability enhancements.
@@ -5,7 +5,7 @@ Scanning a Web application using w3af's REST API requires the developer to
understand this basic workflow:
* Start a new scan using ``POST`` to ``/scans/``
- * Get the scan status using ``GET`` to ``/scans/0``
+ * Get the scan status using ``GET`` to ``/scans/0/status``
* Use :doc:`kb` to get information about the identified vulnerabilities
* Clear all scan results before starting a new scan by sending a ``DELETE`` to ``/scans/0``
@@ -48,6 +48,48 @@ requests in our REST API. The call requires two specially crafted variables:
headers={'content-type': 'application/json'})
+A successful HTTP ``POST`` request ``/scans/`` looks like this:
+
+.. code-block:: http
+
+ POST /scans/ HTTP/1.1
+ Host: 127.0.0.1:5000
+ Content-Length: 2001
+ Accept-Encoding: gzip, deflate
+ Accept: */*
+ User-Agent: python-requests/2.6.1 CPython/2.7.6 Linux/3.13.0-49-generic
+ Connection: keep-alive
+ content-type: application/json
+
+ {
+ "target_urls": ["http://127.0.0.1:8000/audit/sql_injection/"],
+ "scan_profile": "[grep.strange_headers]\n\n[crawl.web_spider]\nonly_forward = False\nfollow_regex = .*\nignore_regex = \n\n"
+ }
+
+
+And the expected answer is a ``201`` status code:
+
+.. code-block:: http
+
+ HTTP/1.0 201 CREATED
+ Content-Type: application/json; charset=UTF-8
+ Content-Length: 61
+ Server: REST API - w3af
+ X-Content-Type-Options: nosniff
+ X-Frame-Options: DENY
+ X-XSS-Protection: 1; mode=block
+ Pragma: no-cache
+ Cache-Control: no-cache
+ Expires: 0
+ Date: Wed, 29 Jul 2015 11:52:55 GMT
+
+ {
+ "href": "/scans/0",
+ "id": 0,
+ "message": "Success"
+ }
+
+
.. note::
Remember to send the ``Content-Type: application/json`` header
View
@@ -0,0 +1,55 @@
+w3af inside docker
+==================
+
+Using ``w3af`` inside docker should be transparent for most use cases, this page
+documents the use cases which are complex to solve when docker is added to the
+mix.
+
+Ports and services
+------------------
+
+Some w3af plugins, such as ``crawl.spider_man`` and ``audit.rfi`` start proxy
+HTTP services. In order to access these services the plugins need to be
+configured to listen on ``0.0.0.0`` and the port needs to be made accessible
+to the host using the ``-p`` parameter in the helper script
+(ie. ``extras/docker/scripts/w3af_console_docker``)
+
+Take a look at `this commit <https://github.com/andresriancho/w3af/commit/a8e2f66e31d8ad4a769cd0e7c12c87559dd026f3>`_
+for more information about exposing ports.
+
+Sharing data with the container
+-------------------------------
+
+When starting w3af using the ``w3af_console_docker`` or ``w3af_gui_docker``
+commands the docker containers are started with two volumes which are mapped to
+your home directory:
+
+ * ``~/.w3af/`` from your host is mapped to ``/root/.w3af/`` in the container.
+ This directory is mostly used by ``w3af`` to store scan profiles and internal
+ data.
+
+ * ``~/w3af-shared`` from your host is mapped to ``/root/w3af-shared`` in the
+ container. Use this directory to save your scan results and provide input files
+ to w3af.
+
+Debugging the container
+-----------------------
+
+The container runs a SSH daemon, which can be used to both run the ``w3af_console``
+and ``w3af_gui``. To connect to a running container use ``root`` as username and
+``w3af`` as password. Usually you don't need to worry about this, since the helper
+scripts will connect to the container for you.
+
+Another way to debug the container is to run the script with the ``-d`` flag:
+
+.. code-block:: console
+
+ $ sudo ./w3af_console_docker -d
+ root@a01aa9631945:~#
+
+
+.. note::
+
+ *WARNING*: Don't bind w3af's docker image to a public IP address unless you
+ really know what you're doing! Anyone will be able to SSH into the docker
+ image using the hard-coded SSH keys!
@@ -65,7 +65,8 @@ Contents
authentication
common-use-cases
advanced-use-cases
-
+ docker
+
exploitation
advanced-exploitation
@@ -87,6 +87,6 @@ RUN apt-get clean
RUN rm -rf /var/lib/apt/lists/*
RUN rm -rf /tmp/pip-build-root
-EXPOSE 22
+EXPOSE 22 44444
CMD ["/usr/sbin/sshd", "-D"]
@@ -12,7 +12,7 @@ cd ../../
if [ $# -eq 1 ]; then
ENV=$1
else
- echo "Environment argument is required"
+ echo "Build environment name argument is required (./docker-build.sh develop)"
exit 1
fi
@@ -9,6 +9,7 @@
' -d'
' -v ~/.w3af:/root/.w3af'
' -v ~/w3af-shared:/root/w3af-shared'
+ ' -p 44444:44444'
' andresriancho/w3af')
@@ -33,14 +33,15 @@ if __name__ == '__main__':
' -v ~/.w3af:/root/.w3af'
' -v ~/w3af-shared:/root/w3af-shared'
' -p 5000:5000'
+ ' -p 44444:44444'
' andresriancho/w3af')
container_id = start_container(args.tag, command=docker_run)
if args.debug:
cmd = '/bin/bash'
elif args.api_config_file:
- cmd = '/home/w3af/w3af/w3af_api 0.0.0.0:5000 -c %s' % api_config_file
+ cmd = '/home/w3af/w3af/w3af_api 0.0.0.0:5000 -c %s' % args.api_config_file
else:
cmd = '/home/w3af/w3af/w3af_api 0.0.0.0:5000'
@@ -66,7 +66,7 @@ def dependency_check(dependency_set=CORE, exit_on_failure=True):
# Check for missing python modules
#
failed_deps = []
- pip_distributions = pip.get_installed_distributions()
+ pip_distributions = pip.get_installed_distributions(local_only=False)
for w3af_req in platform.PIP_PACKAGES[dependency_set]:
for dist in pip_distributions:
@@ -28,8 +28,7 @@
SCRIPT_NAME = 'w3af_dependency_install.sh'
-def generate_helper_script(pkg_manager_cmd, os_packages,
- pip_cmd, failed_deps):
+def generate_helper_script(pkg_manager_cmd, os_packages, pip_cmd, failed_deps):
"""
Generates a helper script to be run by the user to install all the
dependencies.
@@ -29,15 +29,16 @@
from .centos65 import CentOS65
from .fedora import Fedora
from .kali import Kali
+from .kali2 import Kali2
from .mac import MacOSX
from .openbsd import OpenBSD5
from .suse import SuSE
from .elementaryOS02 import ElementaryOS02
from .default import DefaultPlatform
KNOWN_PLATFORMS = [Debian76, Debian78, Debian80, Ubuntu1204, CentOS65, CentOS,
- Fedora, Kali, MacOSX, OpenBSD5, SuSE, Ubuntu1404, Ubuntu1410,
- ElementaryOS02]
+ Fedora, Kali, Kali2, MacOSX, OpenBSD5, SuSE, Ubuntu1404,
+ Ubuntu1410, ElementaryOS02]
def get_current_platform(known_platforms=KNOWN_PLATFORMS):
@@ -23,10 +23,6 @@
from .ubuntu1204 import Ubuntu1204
-#
-# This piece of code will most likely be patched to be ignored when we create
-# the latest deb package for Kali.
-#
KALI_MESSAGE = '''
According to Kali's documentation [0] in order to avoid breaking the packaged\
w3af version you should run the following commands:
@@ -0,0 +1,34 @@
+"""
+kali2.py
+
+Copyright 2015 Andres Riancho
+
+This file is part of w3af, http://w3af.org/ .
+
+w3af is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation version 2 of the License.
+
+w3af is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with w3af; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+"""
+import platform
+
+from .kali import Kali
+
+
+class Kali2(Kali):
+ SYSTEM_NAME = 'Kali 2.0'
+
+ @staticmethod
+ def is_current_platform():
+ return 'Kali' in platform.dist() and '2.0' in platform.dist()
+
+
@@ -79,7 +79,7 @@ def _cmd_start(self, params):
"""
# Check if the console output plugin is enabled or not, and warn.
output_plugins = self._w3af.plugins.get_enabled_plugins('output')
- if 'console' not in output_plugins:
+ if 'console' not in output_plugins and len(output_plugins) == 0:
msg = ("\nWarning: You disabled the console output plugin. If you"
" start a new scan, the discovered vulnerabilities won\'t be"
" printed to the console, we advise you to enable at least"
@@ -70,7 +70,9 @@ class eval(AuditPlugin):
# ASP.NET also uses miliseconds
# http://msdn.microsoft.com/en-us/library/d00bd51t.aspx
# Note: The Sleep in ASP.NET is uppercase
- ExactDelay("Thread.Sleep(%s);", mult=1000)
+ ExactDelay("Thread.Sleep(%s);", mult=1000),
+ # NodeJS eval
+ ExactDelay("var cd;var d=new Date();do{cd=new Date();}while(cd-d<%s)", mult=1000)
)
def __init__(self):
@@ -218,5 +218,5 @@ def get_long_desc(self):
return """
This plugin does a search in archive.org and parses the results. It
then uses the results to find new URLs in the target site. This plugin
- is a time machine !
+ is a time machine!
"""
@@ -68,7 +68,7 @@ def get_options(self):
:return: A list of option objects for this plugin.
"""
ol = OptionList()
- d = 'Fetch the first "result_limit" results from the Google search'
+ d = 'Fetch the first "result_limit" results from the Bing search'
o = opt_factory('result_limit', self._result_limit, d, 'integer')
ol.add(o)
@@ -120,6 +120,7 @@ def set_options(self, option_list):
"""
self._output_file_name = option_list['output_file'].get_value()
self._verbose = option_list['verbose'].get_value()
+ self._template = option_list['template'].get_value()
def get_options(self):
"""
View
@@ -2,12 +2,12 @@
import sys
-# Check if I have all needed dependencies, do this as soon as possible so we
-# fail fast
from w3af.core.controllers.dependency_check.dependency_check import dependency_check
-dependency_check()
-from w3af.core.ui.api.main import main
if __name__ == '__main__':
- sys.exit(main())
+ # Check if I have all needed dependencies
+ dependency_check()
+
+ from w3af.core.ui.api.main import main
+ sys.exit(main())

0 comments on commit b9c39f9

Please sign in to comment.