Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package discovery :: Module urlFuzzer :: Class urlFuzzer
[hide private]

Class urlFuzzer



Try to find backups, and other related files.

Author: Andres Riancho ( andres.riancho@gmail.com )

Instance Methods [hide private]
 
__init__(self)
 
discover(self, fuzzableRequest)
Searches for new Url's using fuzzing.
 
_do_request(self, url, mutant)
Perform a simple GET to see if the result is an error or not, and then run the actual fuzzing.
 
_return_without_eval(self, uri)
This method tries to lower the false positives.
 
_mutate(self, url)
Mutate this URL !
 
_mutate_domain_name(self, url)
If the url is : "http://www.foobar.com/asd.txt" this method returns:
 
_mutate_by_appending(self, url)
Adds something to the end of the url (mutate the file being requested)
 
_mutate_file_type(self, url)
Mutates a URL by changing its filetype, example : url = http://g.ar/foo.php result = http://g.ar/foo.zip , http://g.ar/foo.tgz , etc...
 
_mutate_path(self, url)
Mutate the path instead of the file.
 
_get_backup_extensions(self)
 
_get_file_types(self)
Returns: A list with filetypes commonly used in web apps.
 
_get_to_append(self)
Returns: A list of strings to append to the URL.
 
_verify_head_enabled(self, url)
Verifies if the requested URL permits a HEAD request.
 
_head_enabled(self)
 
getOptions(self)
Returns: A list of option objects for this plugin.
 
setOptions(self, optionsMap)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
 
getPluginDeps(self)
Returns: A list with the names of the plugins that should be runned before the current one.
 
getLongDesc(self)
Returns: A DETAILED description of the plugin functions and features.

Inherited from core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin: discover_wrapper, getType

Inherited from core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin (private): _createFuzzableRequests

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, end, getDesc, getName, printUniq, setUrlOpener

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _analyzeResult, _sendMutant

Method Details [hide private]

__init__(self)
(Constructor)

 
Overrides: core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin.__init__

discover(self, fuzzableRequest)

 
Searches for new Url's using fuzzing.
Parameters:
  • fuzzableRequest - A fuzzableRequest instance that contains (among other things) the URL to test.
Returns:
A list :
  1. New Url's found by plugin, could be empty when method ends.
Overrides: core.controllers.basePlugin.baseDiscoveryPlugin.baseDiscoveryPlugin.discover

_mutate(self, url)

 
Mutate this URL !
Parameters:
  • url - The original url
Returns:
A list of bad looking mutant URL's.

_mutate_domain_name(self, url)

 
If the url is : "http://www.foobar.com/asd.txt" this method returns:
  • http://www.foobar.com/foobar.zip
  • http://www.foobar.com/foobar.rar
  • http://www.foobar.com/www.foobar.zip
  • http://www.foobar.com/www.foobar.rar
  • etc...
Returns:
A list of mutants.

_mutate_by_appending(self, url)

 
Adds something to the end of the url (mutate the file being requested)
Returns:
A list of mutants.

_mutate_file_type(self, url)

 
Mutates a URL by changing its filetype, example : url = http://g.ar/foo.php result = http://g.ar/foo.zip , http://g.ar/foo.tgz , etc...
Returns:
A mutant list.

_mutate_path(self, url)

 
Mutate the path instead of the file.
Returns:
A list of mutants.

_get_file_types(self)

 
Returns:
A list with filetypes commonly used in web apps.

_get_to_append(self)

 
Returns:
A list of strings to append to the URL.

_verify_head_enabled(self, url)

 

Verifies if the requested URL permits a HEAD request. This was saved inside the KB by the plugin allowedMethods

@return : Sets self._head to the correct value, nothing is returned.

getOptions(self)

 

This method returns an optionList containing the options objects that the configurable object has. Using this option list the framework will build a window, a menu, or some other input method to retrieve the info from the user.

This method MUST be implemented on every plugin.
Returns:
A list of option objects for this plugin.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptions

setOptions(self, optionsMap)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
Parameters:
  • OptionList - A dictionary with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

getPluginDeps(self)

 
Returns:
A list with the names of the plugins that should be runned before the current one.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getPluginDeps

getLongDesc(self)

 
Returns:
A DETAILED description of the plugin functions and features.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getLongDesc

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0beta1 on Mon Feb 2 17:35:34 2009 http://epydoc.sourceforge.net