Lucene search
K

export_requests

🗓️ 10 Jun 2013 23:02:10Reported by andresrianchoType 
w3af
 w3af
🔗 w3af.org👁 9 Views

This plugin exports HTTP requests to a CSV file for import in another sca

Code
"""
export_requests.py

Copyright 2012 Andres Riancho

This file is part of w3af, http://w3af.org/ .

w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.

w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

"""
import os

import w3af.core.data.kb.knowledge_base as kb
import w3af.core.controllers.output_manager as om

from w3af.core.controllers.plugins.output_plugin import OutputPlugin
from w3af.core.data.options.opt_factory import opt_factory
from w3af.core.data.options.option_types import OUTPUT_FILE
from w3af.core.data.options.option_list import OptionList


class export_requests(OutputPlugin):
    """
    Export the fuzzable requests found during crawl to a file.

    :author: Andres Riancho ([email protected])
    """

    def __init__(self):
        OutputPlugin.__init__(self)
        self.output_file = '~/output-requests.b64'

    def do_nothing(self, *args, **kwds):
        pass

    debug = log_http = vulnerability = do_nothing
    information = error = console = debug = log_enabled_plugins = do_nothing

    def end(self):
        self.flush()

    def flush(self):
        """
        Exports a list of fuzzable requests to the user configured file.
        """
        fuzzable_request_set = kb.kb.get_all_known_fuzzable_requests()
        
        filename = os.path.expanduser(self.output_file)

        try:
            out_file = open(filename, 'w')
        except IOError, ioe:
            msg = 'Failed to open the output file for writing: "%s"'
            om.out.error(msg % ioe)
            return

        try:
            for fr in fuzzable_request_set:
                out_file.write(fr.to_base64() + '\n')

        except Exception, e:
            msg = ('An exception was raised while trying to export fuzzable'
                   ' requests to the output file: "%s".' % e)
            om.out.error(msg)
        finally:
            out_file.close()

    def set_options(self, option_list):
        """
        :return: Save the options for this plugin
        """
        self.output_file = option_list['output_file'].get_value()

    def get_options(self):
        """
        :return: A list of option objects for this plugin.
        """
        ol = OptionList()

        d = 'The name of the output file where the HTTP requests will be saved'
        o = opt_factory('output_file', self.output_file, d, OUTPUT_FILE)
        ol.add(o)

        return ol

    def get_long_desc(self):
        """
        :return: A DETAILED description of the plugin functions and features.
        """
        return """
        This plugin exports all discovered HTTP requests to an output file. The
        output can then be read in another scan by the crawl.import_results to
        avoid performing an expensive crawling phase.

        The file format is simple:

         * HTTP requests are serialized to a string (just how they would be
           sent to the wire)

         * Base64 encoding is used to encode the serialized request

         * Each encoded request is stored in a new line

        One configurable parameter exists:
            - output_file
        """

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Aug 2015 20:04Current
0.1Low risk
Vulners AI Score0.1
9