[W3af-svn-notify] [Task #146171] exploit <plugin> ; exploit * ; exploit * stopOnFirst
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-svn-notify] [Task #146171] exploit <plugin> ; exploit * ; exploit * stopOnFirst
|
From: SourceForge.net <no...@so...> - 2008-04-04 00:15:10
|
Task #146171 has been updated.
Project: w3af
Subproject: gtkUi - Phase 3
Summary: exploit <plugin> ; exploit * ; exploit * stopOnFirst
Complete: 0%
Status: Open
Authority : andresriancho
Assigned to: facundobatista
Description: What is implemented and works perfect:
exploit <pluginName> <vuln-id>
What must be implemented in the near future:
exploit <pluginName>
exploit *
exploit * stopOnFirst
The "exploit <pluginName>" case should be handled like this:
- User right clicks over an attack plugin, and a menu pop-ups. The menu should have: "Exploit all vulnerabilities"
- When clicked, you just call exploitPluginInstance.exploit()
To know how to handle the * cases please see:
core/ui/consoleUi/exploit.py
def _exploitAll( self, stopOnFirst = True ):
If you copy+paste this code without modifications please let me know, so I create a file with it inside the framework so any modifications to that code impact all user interfaces.
The * cases should be handled like this in the GUI:
- In the menu were the "save session" and "resume session" buttons are (THAT SHOULD BE REMOVED BECAUSE THEY HAVE BEEN DEPRECATED) you should add a button that says "Exploit All".
- When the user clicks on it a pop-up window should appear that says: "Are you sure you want to exploit all vulnerabilities using all exploits?". The options for the user are: "Yes/No" and in the window it should also be a checkbox that says: "Stop on first successfully exploited vulnerability" that is On by default.
Follow-Ups:
-------------------------------------------------------
Date: 2008-04-03 21:15
By: facundobatista
Comment:
Some details:
- Name: Multiple Exploit.
- The "stop on first" option should be not selected by default; it should be "First successful", and it should have a tooltip "Stop on first successful exploit".
- Right button should have two options: "Exploit ALL vulns", "Exploit all until first successful"
-------------------------------------------------------
Date: 2008-03-26 16:02
By: facundobatista
Comment:
Relocated in phase 3.
-------------------------------------------------------
Date: 2008-03-21 23:29
By: facundobatista
Comment:
Andres Riancho said:
> I just defined a method in the attack plugins that will be useful
> for the exploit tab. The method is named "getExploitableVulns" and
> returns a list of vulnerability objects that *could* be exploited by
> an attack plugin. Please note that I said *could*; to verify if the
> plugin can really exploit the vulnerability you should use the
> "canExploit" method.
So, with this, we will able to exploit massively some vulns.
The interface will be:
- A button in the toolbar that says "Exploit all", for all-exploits to all-vulns. A pop-up will appear for you to select which exploits to use, and you'll have a "stop on first successfully exploited vuln" button, enabled by default.
- Right button on any exploit will have a new option "Exploit all vulns".
In any case, the selected vulns to test will be the ones that this new filter gives
-------------------------------------------------------
Date: 2008-02-29 08:45
By: facundobatista
Comment:
Changing this to Andres: as we talk, he needs to make a small study to determine which use cases are more common and which are not normally executed, and then we should define the best interface to enable those use cases (then this task will come back to me).
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146171&group_id=170274&group_project_id=55113
|
