''' error500.py Copyright 2006 Andres Riancho This file is part of w3af, w3af.sourceforge.net . w3af is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License. w3af is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with w3af; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ''' import core.controllers.outputManager as om from core.controllers.basePlugin.baseGrepPlugin import baseGrepPlugin import core.data.kb.knowledgeBase as kb import core.data.kb.vuln as vuln from core.data.getResponseType import * import re class error500(baseGrepPlugin): ''' This plugin greps every page for error 500 pages that havent been catched by other plugins. @author: Andres Riancho ( andres.riancho@gmail.com ) ''' def __init__(self): baseGrepPlugin.__init__(self) self._error500responses = [] def _testResponse(self, request, response): if isTextOrHtml(response.getHeaders()) and response.getCode() in range( 400,500 )\ and response.getCode() != 404: self._error500responses.append( (request,response) ) def getOptionsXML(self): ''' This method returns a XML containing the Options that the plugin has. Using this XML the framework will build a window, a menu, or some other input method to retrieve the info from the user. The XML has to validate against the xml schema file located at : w3af/core/output.xsd ''' return '\ \ \ ' def end(self): ''' This method is called when the plugin wont be used anymore. ''' # The real job of this plugin is done here, where I will try to see if one # of the error500 responses were not identified as a vuln by some of my audit plugins allVulns = kb.kb.getAllVulns() #allInfos = kb.kb.getAllInfos() all = [] all.extend( allVulns ) #all.extend( allInfos ) all = [ (v.getURI(), v.getDc()) for v in all ] for request, error500 in self._error500responses: if ( error500.getURI() , request.getDc() ) not in all: # Found a err 500 that wasnt identified !!! v = vuln.vuln() v.setURI( error500.getURI() ) v.setURL( error500.getURL() ) v.setId( error500.id ) v.setDesc( 'An unidentified error was found at URL ' + v.getURL() +' . Enable all plugins and try again, if this is error still is not identified, please verify mannually.' ) kb.kb.append( self, 'error500', v ) self.printUniq( kb.kb.getData( 'error500', 'error500' ), 'VAR' ) def getPluginDeps( self ): ''' @return: A list with the names of the plugins that should be runned before the current one. ''' return [] def getLongDesc( self ): ''' @return: A DETAILED description of the plugin functions and features. ''' return ''' This plugin greps every page for error 500 pages that havent been catched by other plugins. By enabling this, you are enabling a "safety net" that will catch all bugs that havent been catched by other plugins. '''