[develop] OWTF should start NET plugins when target is an IP #375

Closed
DePierre opened this Issue Dec 9, 2014 · 3 comments

Comments

Projects
None yet
2 participants
@DePierre
Contributor

DePierre commented Dec 9, 2014

By default, OWTF will run its plugins against a target when executing the following command (i.e. running OWTF without any option):

$ python2 owtf.py https://google.nl

 _____ _ _ _ _____ _____
|     | | | |_   _|   __|
|  |  | | | | | | |   __|
|_____|_____| |_| |__|

        @owtfp
    http://owtf.org

[*] OWTF Version: 1.0.1, Release: LionHeart (Beta) 
[-] Loading framework please wait..
[-] The IP address for google.nl is: '64.233.166.94'
[*] 127.0.0.1:8008 <-- HTTP(S) Proxy to which requests can be directed
[*] http://127.0.0.1:8009 <-- Web UI URL
[-] __________ 1 - Target: https://google.nl -> Plugin: Application Discovery (active) __________
[-] 
[-] Executing :

cd owtf_review/targets/https__google.nl/partial/Application_Discovery/active; /usr/bin/dnsrecon --type std,rvl,goo -d google.nl -r 64.233.166.94-64.233.166.94

; Omitted outputs...

I remember that before GSoC 2014, OWTF wasn't running any plugin except when asked for (e.g. running -g web or -o OWTF-PLUGIN-CODE).
OWTF should do as before and not run the plugins when no option is specified.

@7a any thought on that?

@DePierre

This comment has been minimized.

Show comment
Hide comment
@DePierre

DePierre Dec 9, 2014

Contributor

As explained by @7a, OWTF's intended behavior is to:

  • Run all web plugins when passing an URL
  • Run all net plugins when passing an IP

Therefore the behavior I reported is correct.

Contributor

DePierre commented Dec 9, 2014

As explained by @7a, OWTF's intended behavior is to:

  • Run all web plugins when passing an URL
  • Run all net plugins when passing an IP

Therefore the behavior I reported is correct.

@DePierre DePierre closed this Dec 9, 2014

@DePierre

This comment has been minimized.

Show comment
Hide comment
@DePierre

DePierre Dec 16, 2014

Contributor

It appears that running OWTF with an IP address for target does not run the net plugins.

Instead, OWTF automatically prepends 'http' and 'https' to the ip and runs the web plugins, which is not what is expected.

Contributor

DePierre commented Dec 16, 2014

It appears that running OWTF with an IP address for target does not run the net plugins.

Instead, OWTF automatically prepends 'http' and 'https' to the ip and runs the web plugins, which is not what is expected.

@DePierre DePierre reopened this Dec 16, 2014

@DePierre DePierre changed the title from [develop] OWTF shouldn't start running plugins when no option is specified to [develop] OWTF should start NET plugins when target is an IP Jan 26, 2015

@DePierre DePierre closed this Jan 28, 2015

DePierre added a commit to owtf/owtf_testing that referenced this issue Jan 28, 2015

@tunnelshade

This comment has been minimized.

Show comment
Hide comment
@tunnelshade

tunnelshade Feb 17, 2015

Member

This is too complex. This cannot be done as of now. The code gets too complex to support this while keeping our cmd flags working

Member

tunnelshade commented Feb 17, 2015

This is too complex. This cannot be done as of now. The code gets too complex to support this while keeping our cmd flags working

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment