Create new plugins
Clone this wiki locally
Creating new plugins
Let's say you want to create a new plugin for a scanner that does is not supported by OWTF yet, for example, Skipfish.
Step 1) Tell OWTF where skipfish is.
For Kali: Modify
profiles/general/default.cfg adding the following line close to other scanners (i.e. Arachni, etc):
Step 2) Tell OWTF how to run skipfish.
For Kali: Modify
profiles/resources/default.cfg adding the following line close to other scanners (i.e. Arachni, etc)
NOTE: Obviously personal preference applies here, suggestions welcome :)
SkipfishUnauth_Skipfish__touch new_dict.wl ; cd @@@TOOL_SKIPFISH_DIR@@@ ; ./skipfish -t 90 -i 90 -w 90 -f1000 -b f -o ###PLUGIN_OUTPUT_DIR###/skipfish_report -S /pentest/web/skipfish/dictionaries/minimal.wl -W ###PLUGIN_OUTPUT_DIR###/new_dict.wl @@@TARGET_URL@@@
Step 3) Create a Skipfish plugin (this allows more control, i.e.
owtf.py -o Skipfish_Unauthenticated target_url)
Create a new active plugin in
plugins/web/active and call it "Skipfish_Unauthenticated@OWTF-WVS-006.py", make the code as follows:
DESCRIPTION = "Active Vulnerability Scanning without credentials via Skipfish" def run(Core, PluginInfo): #Core.Config.Show() return Core.PluginHelper.DrawCommandDump('Test Command', 'Output', Core.Config.GetResources('Skipfish_Unauth'), PluginInfo, "")`
Step 4) Make OWTF run Skipfish by default
profiles/web_plugin_order/default.cfg so that it also contains the following line:
After doing all this you can do:
owtf.py -o Skipfish_Unauthenticated http://demo.testfire.net
NOTE: If you Control + C, OWTF does not exit cleanly yet, I will try to figure out why this happens but the Skipfish report is saved fine in disk